matthias/dashboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix URLs

Browse Source
This commit is contained in:
Matthias Hochmeister
2026-02-27 14:02:03 +01:00
parent 04d4f89834
commit 1c6c59c199
10 changed files with 76 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
API_DOCUMENTATION.md
View File

@@ -23,7 +23,7 @@ http://localhost:3000
### Production
```
https://api.yourdomain.com
https://start.feuerwehr-rems.at
```
## Authentication
@@ -155,7 +155,7 @@ Check if the API is running and healthy.
**Request**:
```http
GET /health HTTP/1.1
Host: api.yourdomain.com
Host: start.feuerwehr-rems.at
```
**Response**:
@@ -197,7 +197,7 @@ Handle OAuth callback and exchange authorization code for tokens.
**Request Example**:
```http
POST /api/auth/callback HTTP/1.1
Host: api.yourdomain.com
Host: start.feuerwehr-rems.at
Content-Type: application/json
```
@@ -295,7 +295,7 @@ Refresh an expired access token using a refresh token.
Host: start.feuerwehr-rems.at
Content-Type: application/json
```
```
**Success Response**:
```http
@@ -370,7 +370,7 @@ Authorization: Bearer <access-token>
**Success Response**:
```http
HTTP/1.1 200 OK
HTTP/1.1 200 OK
Content-Type: application/json
```
@@ -407,7 +407,7 @@ Authorization: Bearer <access-token>
**Success Response**:
```http
HTTP/1.1 200 OK
HTTP/1.1 200 OK
Content-Type: application/json
```
@@ -479,10 +479,10 @@ HTTP/1.1 404 Not Found
redirect_uri: 'https://start.feuerwehr-rems.at/auth/callback',
response_type: 'code',
scope: 'openid profile email'
});
});
window.location.href = `${authentikAuthUrl}?${params}`;
```
```
#### Step 2: Authentik Redirects Back
@@ -494,13 +494,13 @@ window.location.href = `${authentikAuthUrl}?${params}`;
#### Step 3: Exchange Code for Tokens
```bash
curl -X POST https://api.yourdomain.com/api/auth/callback \
curl -X POST https://start.feuerwehr-rems.at/api/auth/callback \
-H "Content-Type: application/json" \
-d '{
"code": "abc123def456"
}'
```
Response:
```json
{
@@ -532,14 +532,14 @@ Response:
#### Step 5: Refresh Token When Expired
```bash
```bash
curl -X POST https://start.feuerwehr-rems.at/api/auth/refresh \
-H "Content-Type: application/json" \
-d '{
"refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}'
```
### JavaScript/TypeScript Examples
#### Using Axios
@@ -553,7 +553,7 @@ curl -X POST https://api.yourdomain.com/api/auth/refresh \
const api = axios.create({
baseURL: API_URL,
headers: {
'Content-Type': 'application/json',
'Content-Type': 'application/json',
},
});
@@ -612,32 +612,32 @@ export const logout = async () => {
#### Login Callback
```bash
curl -X POST https://start.feuerwehr-rems.at/api/auth/callback \
-H "Content-Type: application/json" \
-H "Content-Type: application/json" \
-d '{"code":"your_auth_code"}'
```
#### Get Current User
```bash
```bash
curl -X GET https://start.feuerwehr-rems.at/api/user/me \
-H "Authorization: Bearer your_access_token"
```
#### Refresh Token
```bash
curl -X POST https://api.yourdomain.com/api/auth/refresh \
curl -X POST https://start.feuerwehr-rems.at/api/auth/refresh \
-H "Content-Type: application/json" \
-d '{"refreshToken":"your_refresh_token"}'
```
#### Logout
```bash
```bash
curl -X POST https://start.feuerwehr-rems.at/api/auth/logout \
-H "Authorization: Bearer your_access_token"
```
## Security Considerations
### HTTPS Required in Production
### HTTPS Required in Production
Always use HTTPS for API requests in production to protect tokens and sensitive data.
@@ -660,7 +660,7 @@ The API is configured to only accept requests from allowed origins:
```
Ensure `CORS_ORIGIN` environment variable matches your frontend URL exactly.
### Rate Limiting
Respect rate limits to avoid being temporarily blocked. Implement exponential backoff for failed requests.