Skip to content

Commit 65849d2

Browse files
promptless[bot]promptless[bot]
authored
Documentation updates from Promptless
1 parent 778dcb1 commit 65849d2

File tree

5 files changed

+532
-1
lines changed

5 files changed

+532
-1
lines changed

docs/contribute/repos/api.md

Lines changed: 165 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,165 @@
1+
---
2+
sidebar_position: 7
3+
---
4+
5+
# `api`
6+
7+
[`api`](https://github.com/doc-detective/api) is the REST API service for Doc Detective that provides endpoints for managing accounts, API keys, and test runs. It serves as the backend service for Doc Detective's cloud-based testing infrastructure.
8+
9+
This repository provides a comprehensive HTTP API built with Express.js and OpenAPI specifications, enabling programmatic access to Doc Detective's core functionality through RESTful endpoints.
10+
11+
## Key Features
12+
13+
- **Account Management**: Create, read, update, and delete user accounts
14+
- **API Key Management**: Generate, manage, and revoke API keys for authentication
15+
- **Test Run Management**: Execute and manage Doc Detective test runs
16+
- **OpenAPI Integration**: Full OpenAPI 3.0 specification with automated validation
17+
- **Security**: Secure password hashing, API key authentication, and input validation
18+
- **Database Integration**: Persistent storage for accounts, API keys, and test results
19+
20+
## Dependencies
21+
22+
This repository depends on:
23+
- [`doc-detective-core`](doc-detective-core) for test execution logic
24+
- [`doc-detective-common`](doc-detective-common) for shared schemas and validation
25+
26+
## Architecture
27+
28+
The API follows a modular handler-based architecture:
29+
30+
- **Handlers**: Individual endpoint handlers organized by resource type (accounts, apiKeys, runs)
31+
- **Services**: Shared database and utility services
32+
- **Types**: TypeScript type definitions and Zod schemas for validation
33+
- **OpenAPI**: Complete API specification for documentation and validation
34+
35+
## Authentication
36+
37+
The API uses API key-based authentication via the `x-api-key` header. API keys are securely hashed and stored, with only the key ID returned in responses for security.
38+
39+
## Account Management Endpoints
40+
41+
### Create Account
42+
```bash
43+
POST /accounts
44+
Content-Type: application/json
45+
x-api-key: your-api-key
46+
47+
{
48+
"email": "[email protected]",
49+
"password": "securepassword"
50+
}
51+
```
52+
53+
### Get Account
54+
```bash
55+
GET /accounts/{accountId}
56+
x-api-key: your-api-key
57+
```
58+
59+
### Update Account
60+
```bash
61+
PUT /accounts/{accountId}
62+
Content-Type: application/json
63+
x-api-key: your-api-key
64+
65+
{
66+
"email": "[email protected]",
67+
"password": "newpassword"
68+
}
69+
```
70+
71+
### Delete Account
72+
```bash
73+
DELETE /accounts/{accountId}
74+
x-api-key: your-api-key
75+
```
76+
77+
### List Accounts
78+
```bash
79+
GET /accounts
80+
x-api-key: your-api-key
81+
```
82+
83+
## API Key Management Endpoints
84+
85+
### Create API Key
86+
```bash
87+
POST /accounts/{accountId}/keys
88+
x-api-key: your-api-key
89+
```
90+
91+
### Get API Key
92+
```bash
93+
GET /accounts/{accountId}/keys/{keyId}
94+
x-api-key: your-api-key
95+
```
96+
97+
### Update API Key
98+
```bash
99+
PUT /accounts/{accountId}/keys/{keyId}
100+
Content-Type: application/json
101+
x-api-key: your-api-key
102+
103+
{
104+
"newApiKey": "new-api-key-value"
105+
}
106+
```
107+
108+
### Delete API Key
109+
```bash
110+
DELETE /accounts/{accountId}/keys/{keyId}
111+
x-api-key: your-api-key
112+
```
113+
114+
### List API Keys
115+
```bash
116+
GET /accounts/{accountId}/keys
117+
x-api-key: your-api-key
118+
```
119+
120+
## Security Features
121+
122+
- **Password Hashing**: Passwords are hashed using HMAC-SHA256 with salt
123+
- **API Key Hashing**: API keys are securely hashed before storage
124+
- **Input Validation**: Comprehensive validation using Zod schemas
125+
- **Response Security**: Sensitive data (passwords, raw API keys) never returned in responses
126+
- **Authentication**: All endpoints require valid API key authentication
127+
128+
## Database Schema
129+
130+
The API expects these database tables:
131+
132+
### Accounts Table
133+
- `accountId` (string, primary key)
134+
- `email` (string, unique)
135+
- `password` (string, hashed)
136+
- `createdAt` (datetime)
137+
- `updatedAt` (datetime)
138+
139+
### API Keys Table
140+
- `keyId` (string, primary key)
141+
- `accountId` (string, foreign key)
142+
- `apiKey` (string, hashed)
143+
- `createdAt` (datetime)
144+
- `updatedAt` (datetime)
145+
146+
## Error Handling
147+
148+
The API returns consistent error responses with appropriate HTTP status codes:
149+
150+
- `400 Bad Request`: Invalid input data or missing required fields
151+
- `401 Unauthorized`: Missing or invalid API key
152+
- `404 Not Found`: Resource not found
153+
- `500 Internal Server Error`: Server-side errors
154+
155+
## Development
156+
157+
To contribute to the API repository:
158+
159+
1. Clone the repository
160+
2. Install dependencies with `npm install`
161+
3. Set up environment variables (API_KEY_SALT, database configuration)
162+
4. Run tests with `npm test`
163+
5. Start development server with `npm run dev`
164+
165+
The API follows the same contribution guidelines as other Doc Detective repositories, including the CLA requirement and pull request workflow targeting the release candidate (rc) branch.

0 commit comments

Comments
 (0)