Backend API · Spring Boot

XCoreTasks API

A secure, production-style RESTful backend for task management. JWT authentication, role-based access control, and structured CRUD operations — all backed by PostgreSQL.

Live demo View on GitHub

What it does

A production-ready task management API

XCore is a RESTful backend that handles user registration, login, and per-user task management. Every request is authenticated via JWT, and resources are scoped so users only see their own data — unless they're an admin.

JWT authentication

Stateless auth with HS256-signed tokens. Register, login, and receive a 24-hour bearer token — no sessions, no cookies.

Role-based access

USER and ADMIN roles enforced at the API level. Users manage their own tasks. Admins can access any user's resources.

Structured task CRUD

Create, read, update, and delete tasks with status tracking (TODO, IN_PROGRESS, DONE) and input validation on every request.

API reference

Clean, RESTful endpoints

POST/auth/registerRegister a new user account

POST/auth/loginAuthenticate and receive a JWT

GET/api/tasksList tasks for the authenticated user (paginated)

POST/api/tasksCreate a new task

PUT/api/tasks/{id}Update an existing task

DELETE/api/tasks/{id}Delete a task

Built with

Modern, production-grade stack

Spring Boot 4

Latest Spring Boot framework with auto-configuration, dependency injection, and production-ready defaults.

PostgreSQL

Relational database with Hibernate ORM, automatic schema management, and UUID primary keys.

Spring Security

JWT-based stateless authentication with BCrypt password hashing and role-based authorization filters.

Spring Data JPA

Repository abstractions with custom queries, lazy loading, and automatic timestamp auditing on entities.

JWT (jjwt)

HS256-signed tokens carrying email and role claims with configurable expiration. Stateless and scalable.

Bean Validation

Input validation on every request using @Valid annotations — email format, password length, title constraints.

Architecture

Clean, layered design

XCore follows a strict layered architecture — controllers handle HTTP, services contain business logic, and repositories manage data access. Entities and DTOs are kept separate to protect the API contract from internal schema changes.

Controllers

REST endpoints for auth and task operations

Services

Business logic, validation, and authorization checks

Repositories

Spring Data JPA interfaces with custom queries

Entities & DTOs

JPA models separated from request/response objects

Security

JWT filter chain with BCrypt password encoding

XCore

Tasks API

Try the live demo

XCore is live and ready to test. Hit the API, create tasks, and see it in action.

Open live demo View source