d-bis/smoa
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
smoa/docs/api/README.md
defiQUG 97f75e144f Initial commit
2025-12-26 10:48:33 -08:00

5.2 KiB
Raw Permalink Blame History

SMOA API Documentation

Version: 1.0
Last Updated: 2024-12-20
Status: In Progress

Overview

This directory contains API documentation for the Secure Mobile Operations Application (SMOA). The API documentation includes OpenAPI specifications, generated documentation, and API reference guides.

API Specification

OpenAPI Specification

Generated Documentation

  • Location: generated/
  • Format: HTML (generated from OpenAPI spec)
  • Status: To be generated

API Endpoints

Authentication APIs

  • POST /auth/login - Authenticate user
  • POST /auth/logout - Logout user
  • POST /auth/refresh - Refresh authentication token

Credential APIs

  • GET /credentials - List credentials
  • POST /credentials - Create credential
  • GET /credentials/{id} - Get credential by ID
  • PUT /credentials/{id} - Update credential
  • DELETE /credentials/{id} - Delete credential

Order APIs

  • GET /orders - List orders
  • POST /orders - Create order
  • GET /orders/{id} - Get order by ID
  • PUT /orders/{id} - Update order
  • DELETE /orders/{id} - Delete order

Evidence APIs

  • GET /evidence - List evidence items
  • POST /evidence - Create evidence item
  • GET /evidence/{id} - Get evidence by ID
  • POST /evidence/{id}/transfer - Transfer custody

Report APIs

  • POST /reports - Generate report
  • GET /reports/templates - List report templates
  • GET /reports/{id} - Get report by ID

Communication APIs

  • GET /communications/channels - List communication channels
  • POST /communications/message - Send message
  • GET /communications/messages - List messages

Directory APIs

  • GET /directory/contacts - List contacts
  • GET /directory/search - Search directory
  • GET /directory/{id} - Get contact by ID

Authentication

Authentication Methods

  • Bearer Token: JWT token in Authorization header
  • API Key: API key in X-API-Key header

Authentication Flow

  1. User authenticates with PIN + Biometric
  2. System returns JWT token
  3. Client includes token in Authorization header
  4. Token expires after configured time
  5. Client refreshes token as needed

Data Models

See api-specification.yaml for complete data model definitions.

Common Models

  • User: User information
  • ErrorResponse: Error response format
  • Pagination: Pagination parameters and response

Domain Models

  • Credential: Digital credential
  • Order: Order/authorization
  • Evidence: Evidence item
  • Report: Generated report
  • Message: Communication message
  • Contact: Directory contact

Error Handling

Error Response Format

{
  "error": "Error code",
  "message": "Human-readable error message",
  "code": "ERROR_CODE",
  "timestamp": "2024-12-20T12:00:00Z"
}

HTTP Status Codes

  • 200 OK: Request successful
  • 201 Created: Resource created
  • 400 Bad Request: Invalid request
  • 401 Unauthorized: Authentication required
  • 403 Forbidden: Access denied
  • 404 Not Found: Resource not found
  • 429 Too Many Requests: Rate limit exceeded
  • 500 Internal Server Error: Server error

Rate Limiting

Rate Limits

  • Authentication: 5 requests per minute
  • General APIs: 100 requests per minute
  • Report Generation: 10 requests per minute

Rate Limit Headers

  • X-RateLimit-Limit: Maximum requests
  • X-RateLimit-Remaining: Remaining requests
  • X-RateLimit-Reset: Reset time (Unix timestamp)

API Versioning

Versioning Strategy

  • URL-based versioning: /v1/, /v2/, etc.
  • Current version: v1
  • Backward compatibility maintained for at least 2 versions

SDK Documentation

Android SDK

  • Status: To be created
  • Location: TBD
  • Documentation: TBD

Examples

Authentication Example

// Login request
val loginRequest = LoginRequest(
    pin = "123456",
    biometricToken = "biometric_token_here"
)

val response = apiService.login(loginRequest)
val token = response.token

Get Credentials Example

// Get credentials
val credentials = apiService.getCredentials()

Create Order Example

// Create order
val orderRequest = OrderCreate(
    type = "search_warrant",
    title = "Search Warrant #12345",
    content = "Order content here"
)

val order = apiService.createOrder(orderRequest)

Testing

Test Environment

API Testing Tools

  • Postman collection (to be created)
  • cURL examples (to be created)
  • Integration tests (to be created)

Changelog

Version 1.0.0 (2024-12-20)

  • Initial API specification
  • Authentication endpoints
  • Credential endpoints
  • Order endpoints
  • Evidence endpoints
  • Report endpoints

References

Document Owner: API Lead
Last Updated: 2024-12-20
Status: In Progress
Next Review: 2024-12-27

Reference in New Issue View Git Blame Copy Permalink