CarsPoint

Secure user authentication with JWT tokens, OTP verification, and comprehensive session management.

• Phone number + password login
• User registration with OTP verification
• JWT access & refresh tokens
• Automatic token refresh mechanism
• Secure logout (single device)
• Rate limiting protection (5 attempts/15min)

Complete user lifecycle management with profile operations and administrative controls.

• Initial admin setup (first-time only)
• Create users (admin operation)
• View & update user profile
• Deactivate users (soft delete)
• Secure password change
• List users with pagination & filters

CASL-based authorization with hierarchical role system and granular permission control.

• 5 built-in roles (Super Admin, Dealer Admin, Staff, Auditor, Customer)
• 28 granular permissions
• Role hierarchy enforcement
• Create & manage custom roles
• Dynamic permission assignment
• Company-scoped access isolation

Full car inventory management with rich metadata, images, and status tracking.

• Create comprehensive car listings
• Update car details & specifications
• Delete cars (soft delete with audit)
• View car details with images
• Upload car images (up to 8)
• Status management (Available, Sold, Featured)
• Main image selection

Advanced search capabilities for comprehensive car discovery and filtering.

• Filter by brand & model
• Filter by price range (min/max)
• Filter by year & mileage
• Filter by body type (SUV, Sedan, Hatchback, etc.)
• Filter by fuel type & transmission
• Filter by status & location
• Pagination & sorting

Pre-populated brand catalog with automatic seeding for standardized listings.

• Auto-seeded brand database (50+ brands)
• List all brands with logos
• Brand-based car filtering
• Popularity tracking & sorting
• Brand logo URLs

Multi-tenant dealer management with tiered membership levels and social integration.

• Create dealer companies
• Update company details
• Search companies (name, phone, location)
• Tiered levels (Bronze, Silver, Gold, Platinum)
• Social media handles integration
• Company logo upload
• Years of experience tracking

Geographic location support for dealers and location-based car searches.

• Create & manage locations
• Update location details
• List all locations
• City-based organization
• Company-location association
• Location-based car filtering

Image and file management with multiple storage backends and automatic processing.

• Single file upload (multipart)
• Batch file upload (up to 10)
• Base64 image upload
• Image processing: resize, compress, convert (Sharp)
• Local filesystem storage
• AWS S3 storage support
• Main/featured image selection

System health endpoints for Kubernetes deployment and load balancer integration.

• GET /health - Basic health check
• GET /health/ready - Readiness probe
• GET /health/live - Liveness probe
• Database connectivity check
• Uptime tracking

Public statistics endpoint for platform showcase and marketing pages.

• Total cars count
• Total dealers count
• Total cities/locations count
• Formatted number display (1K, 1M)
• Cached responses for performance

Enhanced security with OTP-based second factor authentication via SMS or Email.

• Enable/disable 2FA per user
• OTP sent on login if enabled
• 2FA verification endpoint
• Resend OTP functionality
• Rate limiting protection
• Temporary session tokens
• SMS & Email OTP delivery

Multi-device session control with detailed device tracking and remote logout.

• View all active sessions
• Logout from all devices
• Revoke specific sessions
• Device info tracking (browser, OS)
• IP address logging
• Last active timestamps
• Session expiry management

Efficient batch operations for large-scale inventory management.

• Bulk status update (up to 100 cars)
• Bulk delete (up to 100 cars)
• Bulk import from JSON (up to 50 cars)
• Success/failure reporting per item
• Detailed error messages
• Transaction rollback on failure

Personalized experience for registered and anonymous customers.

• Save cars to favorites
• Remove from favorites
• View saved cars list
• Activity history tracking
• Activity statistics dashboard
• Anonymous activity tracking
• Activity type categorization

Customer callback request management with status workflow.

• Submit call request (no auth required)
• Preferred contact time selection
• Status workflow (Pending → Contacted → Completed)
• Admin notes capability
• Filter by status/dealer
• Request count endpoint
• Missed request tracking

Partner onboarding workflow for new dealer applications.

• Submit dealer application
• Full address & contact collection
• Status workflow (Pending → Under Review → Approved/Rejected)
• Admin review interface
• Application notes & comments
• Email notifications on status change

Car financing inquiry management with comprehensive loan details.

• Quote types: Cash, Finance, Lease, Trade-In
• Loan amount & down payment capture
• Loan term selection (12-84 months)
• Credit score tracking
• Status workflow (Pending → Quoted → Closed)
• Car association & context
• Dealer response tracking

Multi-channel notification delivery with pluggable driver architecture.

• SMS: Twilio, Brevo, Africa's Talking, Termii
• Email: SMTP, Brevo API
• Console driver for development
• OTP generation & delivery
• Priority levels (Low, Normal, High, Urgent)
• Delivery status tracking
• Notification history & retry logic

Comprehensive activity tracking for compliance and security monitoring.

• Login/logout event tracking
• User CRUD operations logging
• Car CRUD operations logging
• Company operations logging
• Permission changes tracking
• Access denied attempts
• IP & user agent capture
• Query API endpoint (internal only)

Redis-based caching for high-performance data retrieval.

• Thumbnail caching (10 min TTL)
• Entity uploads caching (5 min TTL)
• Batch thumbnail retrieval
• Automatic cache invalidation
• Cache warming service
• Scheduled cache warming (every 5 min)
• Cache hit/miss metrics

Automated maintenance and cleanup tasks for system hygiene.

• Expired token cleanup (hourly)
• Revoked token cleanup (daily)
• OTP cleanup (every 30 min)
• Anonymous activity cleanup (weekly)
• Registered activity cleanup (monthly)
• Audit log retention management
• Orphaned uploads cleanup

Administrative password management with role-based restrictions.

• Super Admin can reset any user
• Dealer Admin resets company users only
• New password sent via SMS
• New password sent via Email
• Rate limiting protection
• Audit log entry on reset

Business intelligence and reporting for data-driven decisions.

• Sales analytics & trends
• Inventory reports & aging
• Customer engagement metrics
• Lead conversion tracking
• Revenue analytics
• Export capabilities (PDF, CSV, Excel)

WebSocket-based instant updates and live communication.

• New inquiry alerts
• Price drop notifications
• Car status change alerts
• Live chat messaging
• Push notifications (FCM/APNs)
• Real-time inventory updates

Online payment processing for subscriptions and premium features.

• Subscription billing (Stripe)
• Featured listing payments
• Multiple payment gateways
• Invoice generation
• Payment history & receipts
• M-Pesa integration (Kenya)

Elasticsearch-powered search capabilities for enhanced discovery.

• Full-text search
• Fuzzy matching & typo tolerance
• Search suggestions & autocomplete
• Faceted search & filters
• Saved searches & alerts
• Search analytics & insights

Multi-language and multi-currency support for regional expansion.

• Swahili language support
• English language support
• Multi-currency pricing (KES, USD, EUR)
• Real-time currency conversion
• Localized content management
• Regional date/number formats

Email-based verification and passwordless authentication options.

• Email verification links
• Password reset via email
• Magic link login
• Email change verification
• Verification status tracking
• Branded email templates

Third-party vehicle history integration for buyer confidence.

• Accident history reports
• Service records integration
• Ownership history
• Mileage verification
• Insurance claims history
• Vehicle inspection reports

Side-by-side vehicle comparison for informed decisions.

• Compare up to 4 cars
• Specification comparison table
• Price comparison chart
• Save comparisons
• Share comparison links
• Recommendation engine

Enhanced APIs and features for mobile applications.

• Offline data sync
• Push notification tokens
• Optimized image delivery (WebP)
• Deep linking support
• Biometric authentication
• Mobile-specific endpoints

Enhanced dealer management and automation capabilities.

• Inventory import from DMS
• VIN decoder integration
• AI-powered price suggestions
• Lead scoring algorithm
• CRM integration (Salesforce, HubSpot)
• Automated inventory refresh

Customer feedback and rating system for trust building.

• Dealer reviews & ratings
• Car reviews
• Star ratings (1-5)
• Photo reviews
• Review moderation workflow
• Verified purchase badges

Test drive and viewing appointment management system.

• Online booking interface
• Calendar integration (Google, Outlook)
• Automated reminder notifications
• Reschedule & cancel functionality
• Dealer availability management
• No-show tracking

Third-party integrations and public API ecosystem.

• Public API documentation (Swagger)
• API key management
• Rate limiting tiers
• Webhook support
• Partner integrations
• API usage analytics