feat: implement REST API for programmatic access #12
Description
Description
Design and implement a comprehensive REST API that enables programmatic access to all tracker functionality. This API serves both the frontend dashboard and external integrations, with proper authentication, documentation, and rate limiting.
Tasks
- Define API versioning strategy (URL prefix
/api/v1/) - Implement CRUD endpoints:
GET/POST /api/v1/organizationsGET/POST /api/v1/repositoriesGET/POST /api/v1/endpointsGET/POST /api/v1/findingsGET/POST /api/v1/scans
- Implement aggregation endpoints for dashboard:
GET /api/v1/dashboard/readiness-scoreGET /api/v1/dashboard/trendsGET /api/v1/dashboard/top-vulnerableGET /api/v1/dashboard/algorithm-breakdown
- Add webhook support for scan completion events (configurable callback URLs)
- Implement API key authentication:
- Key generation and management endpoints
- Key scoping (read-only, read-write, admin)
- Key rotation support
- Auto-generate OpenAPI/Swagger documentation
- Implement rate limiting (configurable per API key tier)
- Add request/response validation with Pydantic models
- Implement pagination, filtering, and sorting on list endpoints
- Write API integration tests
- Add API changelog