Improve setup documentation, sample artifacts, and Redis/TLS configuration#596
Improve setup documentation, sample artifacts, and Redis/TLS configuration#596Shamly-Shanawaz wants to merge 5 commits intowso2:mainfrom
Conversation
Merge remote-tracking branch 'upstream/main'
WalkthroughThe pull request consolidates setup documentation, enhances database seeding workflows for APIs and organizations with metadata and labeling, introduces a new theme asset ingestion script, updates database schema cleanup operations, refactors Redis service to support optional enable/disable states, and adjusts configuration defaults to disable Redis and enable HTTP advanced features. Changes
Sequence Diagram(s)sequenceDiagram
participant Admin as Admin/User
participant Script as theme_data.sh
participant FS as File System
participant DB as PostgreSQL
Admin->>Script: Execute with config.json
Script->>Script: Parse DB connection & fetch VIEW_ID
rect rgb(240, 248, 255)
Note over Script,DB: Process Base Theme Directory
Script->>FS: Read base content files
Script->>Script: Classify by type (style, layout, etc.)
Script->>DB: Create LO objects & upsert DP_ORGANIZATION_ASSETS
end
rect rgb(240, 248, 255)
Note over Script,FS: Process Optional Org Overlay (if exists)
Script->>FS: Read org-specific overrides
Script->>DB: Upsert overlaid assets
end
rect rgb(240, 248, 255)
Note over Script,FS: Process Optional Theme ZIP (if exists)
Script->>Script: Extract ZIP via Python
Script->>FS: Write to temp directory
Script->>FS: Read temp theme files
Script->>DB: Create LO objects & upsert assets
end
Script->>Admin: Return completion status
Estimated code review effort🎯 4 (Complex) | ⏱️ ~75 minutes Poem
Pre-merge checks and finishing touches❌ Failed checks (2 warnings)
✅ Passed checks (1 passed)
✨ Finishing touches
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Merge remote-tracking branch 'upstream/main'
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 4
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (2)
src/services/redisConnectionHelper.js (1)
23-23: Fix config loading pattern inconsistency to use.jsonextension.The config is loaded using
require(process.cwd() + '/config')without the.jsonextension, while most other files in the codebase userequire(process.cwd() + '/config.json'). This inconsistency affects not only this file but alsosrc/services/redisService.js,src/services/sdkJobService.js,src/controllers/devportalController.js, andsrc/controllers/applicationsContentController.js. In Node.js, these patterns resolve differently—require('./config')may loadconfig.jsbeforeconfig.json—potentially causing unexpected behavior if both files exist. Standardize all config loading to use the.jsonextension for consistency.src/services/redisService.js (1)
23-23: Standardize config loading pattern to use/config.jsonextension.This file uses
require(process.cwd() + '/config')without the.jsonextension, but the majority of the codebase usesrequire(process.cwd() + '/config.json'). Files affected by this inconsistency:
- src/services/redisService.js
- src/services/redisConnectionHelper.js
- src/services/sdkJobService.js
- src/controllers/devportalController.js
- src/controllers/applicationsContentController.js
Align these files with the standard
.jsonextension pattern used across the rest of the codebase.
🤖 Fix all issues with AI Agents
In @artifacts/api_data.sh:
- Around line 133-149: The INSERT_QUERY construction interpolates FILE_NAME
directly into the SQL, risking injection; before building INSERT_QUERY sanitize
FILE_NAME by escaping single quotes (replace ' with ''), assign that to a new
variable (e.g., ESCAPED_FILE_NAME) and use that variable in the VALUES clause
instead of FILE_NAME; ensure any other interpolated values used in SQL (e.g.,
TARGET_TYPE, API_ID) are similarly validated/escaped or passed as
parameters/psql variables to protect DP_API_CONTENT inserts referencing
lo_get($OID).
In @artifacts/org_data.sh:
- Line 141: The INSERT_QUERY builds SQL by interpolating unescaped FILE_NAME
(and potentially FILE_TYPE/FILE_PATH) which allows SQL injection; add a
sanitizer like the existing sql_escape function (or implement one that doubles
single quotes) and use it when constructing INSERT_QUERY (e.g.,
escaped_FILE_NAME = sql_escape "$FILE_NAME") and replace direct variables with
their escaped counterparts in the INSERT_QUERY string, ensuring any other
file-derived variables (FILE_TYPE, FILE_PATH) are similarly escaped or
parameterized.
In @artifacts/script.sql:
- Around line 12-13: The DROP order is incorrect: DP_APP_KEY_MAPPING and
DP_SDK_JOB are dropped after DP_ORGANIZATION is dropped with CASCADE, making
those explicit DROP statements redundant and confusing; move the DROP TABLE IF
EXISTS "DP_APP_KEY_MAPPING" and DROP TABLE IF EXISTS "DP_SDK_JOB" so they
execute before the DROP TABLE ... "DP_ORGANIZATION" ... CASCADE statement to
enforce an explicit child-before-parent drop ordering and avoid relying on
CASCADE to remove child tables.
In @README.md:
- Around line 157-180: The section "Add a third-party API (Admin APIs)" uses
level-4 headings (####) for its subsections which breaks the document hierarchy;
change the headings "1) Configure a provider (control plane)", "2) Create an API
(metadata + API definition upload)" and the "Upload API landing page content
(templates/assets)" heading from #### to ### so the subsections are proper h3
headings and apply the same change to the other instances noted in the comment.
🧹 Nitpick comments (3)
artifacts/script.sql (1)
219-231: Consider adding indexes for the new tables.The new
DP_APP_KEY_MAPPINGandDP_SDK_JOBtables may benefit from indexes on frequently queried columns, particularly foreign key columns and status fields that are likely used in WHERE clauses.🔎 Suggested indexes for query performance
Add these indexes after line 265:
-- Indexes for DP_APP_KEY_MAPPING CREATE INDEX idx_app_key_mapping_app_id ON "DP_APP_KEY_MAPPING"("APP_ID"); CREATE INDEX idx_app_key_mapping_org_id ON "DP_APP_KEY_MAPPING"("ORG_ID"); -- Indexes for DP_SDK_JOB CREATE INDEX idx_sdk_job_app_id ON "DP_SDK_JOB"("APP_ID"); CREATE INDEX idx_sdk_job_org_id ON "DP_SDK_JOB"("ORG_ID"); CREATE INDEX idx_sdk_job_status ON "DP_SDK_JOB"("JOB_STATUS"); CREATE INDEX idx_sdk_job_created_at ON "DP_SDK_JOB"("CREATED_AT");The
JOB_STATUSandCREATED_ATindexes are particularly useful for querying pending/in-progress jobs and job history queries.Also applies to: 234-247
sample_config.json (1)
9-9: Document HTTP setting implications.Changing
advanced.httptotrueenables HTTP mode. Since this is a sample configuration file, ensure that documentation clearly warns users that this setting should befalsein production environments to enforce HTTPS.artifacts/theme_data.sh (1)
174-181: Minor: folder naming inconsistency betweenstyles/*and file extension check.The case statement filters for
styles/*butfile_type_forchecks for*.cssextension. This works correctly, but note that non-CSS files instyles/would be classified as "image" by the fallback. If that's intentional, consider adding a comment.
📜 Review details
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (11)
README.mdartifacts/api_data.shartifacts/default/apiContent/CountriesAPI/content/apiDefinition.jsonartifacts/default/apiContent/LeisureActivitiesAPI/content/apiDefinition.jsonartifacts/org_data.shartifacts/script.sqlartifacts/theme_data.shdocs/InstallationGuide.mdsample_config.jsonsrc/services/redisConnectionHelper.jssrc/services/redisService.js
💤 Files with no reviewable changes (1)
- docs/InstallationGuide.md
🧰 Additional context used
🧬 Code graph analysis (2)
src/services/redisService.js (2)
src/services/redisConnectionHelper.js (1)
config(23-23)src/services/sdkJobService.js (1)
config(28-28)
src/services/redisConnectionHelper.js (2)
src/controllers/apiContentController.js (1)
config(20-20)src/services/sdkJobService.js (1)
config(28-28)
🪛 Checkov (3.2.334)
artifacts/default/apiContent/LeisureActivitiesAPI/content/apiDefinition.json
[high] 1-40: Ensure that the global security field has rules defined
(CKV_OPENAPI_4)
[high] 1-40: Ensure that security operations is not empty.
(CKV_OPENAPI_5)
artifacts/default/apiContent/CountriesAPI/content/apiDefinition.json
[high] 1-45: Ensure that the global security field has rules defined
(CKV_OPENAPI_4)
[high] 1-45: Ensure that security operations is not empty.
(CKV_OPENAPI_5)
🪛 LanguageTool
README.md
[style] ~186-~186: To form a complete sentence, be sure to include a subject.
Context: ...+ definition file) Notes: - apiType can be REST, AsyncAPI, GraphQL, or `S...
(MISSING_IT_THERE)
🪛 markdownlint-cli2 (0.18.1)
README.md
170-170: Heading levels should only increment by one level at a time
Expected: h3; Actual: h4
(MD001, heading-increment)
🔇 Additional comments (21)
src/services/redisConnectionHelper.js (4)
30-33: LGTM! Early exit for disabled Redis.The early guard correctly prevents connection attempts when Redis is disabled, entering offline mode immediately. This aligns with the feature toggle design.
49-52: LGTM! TLS configuration correctly applied.The TLS options are conditionally constructed and spread into the Redis config only when
tlsEnabledis true. TherejectUnauthorizeddefaults totrue(secure by default) unless explicitly set tofalsein config, which is good security practice.Also applies to: 67-67
302-304: LGTM! Consistent disabled check.The early guard in
performFileOnlyConnectionmatches the pattern inperformConnection, returningfalsewhen Redis is disabled.
314-317: LGTM! TLS configuration duplicated correctly.The TLS configuration logic is identical to the main connection path (lines 49-52, 67), ensuring consistent behavior for file-only reconnections.
Also applies to: 332-332
sample_config.json (2)
73-73: LGTM! Appropriate placeholder for sample config.Using
<CLIENT_ID>as a placeholder clearly indicates that users need to replace this value with their actual client ID.
133-133: LGTM! Redis disabled by default.Setting
redis.enabledtofalsein the sample config is appropriate, as it allows the application to run without Redis dependencies during initial setup and development.src/services/redisService.js (5)
42-45: LGTM! Robust enabled flag initialization.The enabled flag correctly prioritizes the environment variable (
REDIS_ENABLED) over the config file, with sensible parsing of truthy values ('true'or'1'). The default when neither is set treats Redis as enabled unless explicitly disabled in config.
52-59: LGTM! Conditional Redis initialization.The conditional initialization prevents unnecessary connection attempts when Redis is disabled, improving startup performance and reducing error logs.
62-67: LGTM! Consistent early exit pattern.The init() method correctly returns a resolved promise when disabled, maintaining the async interface without attempting connection.
147-149: LGTM! Consistent disabled guards across methods.All methods consistently return
falseornullwhen Redis is disabled, providing predictable behavior without throwing errors. This allows the application to gracefully degrade functionality when Redis is unavailable.Also applies to: 218-220, 357-359, 401-403, 439-441, 471-473, 495-497
258-260: This inconsistency is not problematic in practice.While
storeFile()throws an error when disabled andstoreFileWithRetry()returnsfalse, the only direct call tostoreFile()(line 225) is internal tostoreFileWithRetry(), which guards against the disabled state with its own check at lines 218-219. The exception is properly caught and handled in the try-catch block. No external direct callers ofstoreFile()exist in the codebase, so the different error-handling approaches do not create inconsistency for callers.artifacts/default/apiContent/CountriesAPI/content/apiDefinition.json (1)
1-45: Sample OpenAPI spec looks good; security field is optional for seed data.The static analysis flags the missing global
securityfield (CKV_OPENAPI_4/5). Since this is sample seed data for local development demonstration, this is acceptable. If these specs are ever used in production or as templates for real APIs, consider adding a security scheme.Example security addition (optional)
"paths": { "/graphql": { ... } - } + }, + "components": { + "securitySchemes": { + "bearerAuth": { + "type": "http", + "scheme": "bearer" + } + } + }, + "security": [ + { "bearerAuth": [] } + ] }artifacts/default/apiContent/LeisureActivitiesAPI/content/apiDefinition.json (1)
1-40: LGTM - consistent with CountriesAPI sample spec.Same security field consideration applies as noted for CountriesAPI. Acceptable for sample seed data.
artifacts/org_data.sh (1)
69-99: View and label creation logic is sound.The idempotent approach (check-then-insert) and the
ON CONFLICT DO NOTHINGfor the view-label link are appropriate patterns for seed scripts.README.md (1)
1-156: Documentation improvements are clear and comprehensive.The restructured README provides actionable setup instructions covering prerequisites, database configuration, seeding, and identity provider setup. The Docker example and
PGPASSWORDhints are helpful additions.artifacts/theme_data.sh (3)
1-35: Good use ofset -euo pipefailand proper error handling.The script correctly validates prerequisites (base directory, view existence) and provides actionable error messages. The dependency on
org_data.shrunning first is clearly documented.
67-71: SQL escaping is correctly implemented.The
sql_escapefunction properly escapes single quotes for SQL string literals. This is the pattern that should be applied to other scripts in this PR.
145-160: Good practice: cleaning up large objects after use.The
lo_unlinkcall after reading the LO content prevents PostgreSQL large object bloat. The|| trueis appropriate for cleanup operations.artifacts/api_data.sh (3)
46-55: API-label linking implementation is correct.The subquery approach to fetch the label ID and the
ON CONFLICT DO NOTHINGclause ensure idempotent execution. This correctly integrates with the view-based listing system.
68-109: Idempotent inserts withON CONFLICTare a good improvement.The added
ON CONFLICT DO NOTHINGclauses across image data, subscription policies, and API subscription policies enable safe re-runs of the seed script.
179-179: WS is a supported API type — no action needed.The NavigationAPI's use of
API_TYPE="WS"is valid. The system explicitly supports WS (WebSocket) as one of five documented API types: REST, WS, GRAPHQL, SOAP, and WEBSUB. This is confirmed in the ENUM definition and implemented throughout the codebase with dedicated WebSocket handling in controllers and viewers.
| TARGET_TYPE="$CONTENT_TYPE" | ||
| if [[ "$FILE_NAME" == "apiDefinition.json" ]]; then | ||
| TARGET_TYPE="API_DEFINITION" | ||
| elif [[ "$FILE_NAME" == "apiDefinition.xml" ]]; then | ||
| TARGET_TYPE="API_DEFINITION" | ||
| elif [[ "$FILE_NAME" == "apiDefinition.graphql" ]]; then | ||
| TARGET_TYPE="API_DEFINITION" | ||
| elif [[ "$FILE_NAME" == "schemaDefinition.json" ]]; then | ||
| TARGET_TYPE="SCHEMA_DEFINITION" | ||
| fi | ||
|
|
||
| INSERT_QUERY=$(cat <<EOF | ||
| INSERT INTO "DP_API_CONTENT" ("API_FILE", "FILE_NAME", "TYPE", "API_ID") | ||
| VALUES (lo_get($OID), '$FILE_NAME', '$TARGET_TYPE', '$API_ID') | ||
| ON CONFLICT ("API_ID", "FILE_NAME", "TYPE") DO NOTHING; | ||
| EOF | ||
| ) |
There was a problem hiding this comment.
SQL injection risk: FILE_NAME is interpolated without escaping.
Similar to org_data.sh, file names are interpolated directly into SQL. A maliciously named file could break or exploit the query.
Suggested fix
Add escaping for FILE_NAME:
+sql_escape() {
+ echo "$1" | sed "s/'/''/g"
+}
+
process_files() {
...
FILE_NAME=$(basename "$file")
+ FILE_NAME_SQL=$(sql_escape "$FILE_NAME")
...
INSERT_QUERY=$(cat <<EOF
INSERT INTO "DP_API_CONTENT" ("API_FILE", "FILE_NAME", "TYPE", "API_ID")
-VALUES (lo_get($OID), '$FILE_NAME', '$TARGET_TYPE', '$API_ID')
+VALUES (lo_get($OID), '$FILE_NAME_SQL', '$TARGET_TYPE', '$API_ID')
ON CONFLICT ("API_ID", "FILE_NAME", "TYPE") DO NOTHING;
EOF
)Committable suggestion skipped: line range outside the PR's diff.
🤖 Prompt for AI Agents
In @artifacts/api_data.sh around lines 133 - 149, The INSERT_QUERY construction
interpolates FILE_NAME directly into the SQL, risking injection; before building
INSERT_QUERY sanitize FILE_NAME by escaping single quotes (replace ' with ''),
assign that to a new variable (e.g., ESCAPED_FILE_NAME) and use that variable in
the VALUES clause instead of FILE_NAME; ensure any other interpolated values
used in SQL (e.g., TARGET_TYPE, API_ID) are similarly validated/escaped or
passed as parameters/psql variables to protect DP_API_CONTENT inserts
referencing lo_get($OID).
| echo "OID: $OID" | ||
|
|
||
| INSERT_QUERY="INSERT INTO \"DP_ORGANIZATION_ASSETS\" (\"ASSET_ID\", \"FILE_CONTENT\", \"FILE_NAME\", \"FILE_TYPE\", \"FILE_PATH\", \"ORG_ID\") VALUES ( gen_random_uuid(), lo_get($OID), '$FILE_NAME', '$FILE_TYPE', '$FILE_PATH', '$ORG_ID');" | ||
| INSERT_QUERY="INSERT INTO \"DP_ORGANIZATION_ASSETS\" (\"ASSET_ID\", \"FILE_CONTENT\", \"FILE_NAME\", \"FILE_TYPE\", \"FILE_PATH\", \"ORG_ID\", \"VIEW_ID\") VALUES ( gen_random_uuid(), lo_get($OID), '$FILE_NAME', '$FILE_TYPE', '$FILE_PATH', '$ORG_ID', '$VIEW_ID');" |
There was a problem hiding this comment.
SQL injection risk: FILE_NAME is interpolated without escaping.
FILE_NAME is derived from user-controlled file names. A file named foo'; DROP TABLE "DP_ORGANIZATION_ASSETS"; -- would break the query. Consider adding SQL escaping similar to the sql_escape function in theme_data.sh.
Suggested fix
Add an escape function and use it:
+sql_escape() {
+ echo "$1" | sed "s/'/''/g"
+}
+
process_directory() {
...
+ FILE_NAME_SQL=$(sql_escape "$FILE_NAME")
+ FILE_PATH_SQL=$(sql_escape "$FILE_PATH")
- INSERT_QUERY="INSERT INTO \"DP_ORGANIZATION_ASSETS\" (\"ASSET_ID\", \"FILE_CONTENT\", \"FILE_NAME\", \"FILE_TYPE\", \"FILE_PATH\", \"ORG_ID\", \"VIEW_ID\") VALUES ( gen_random_uuid(), lo_get($OID), '$FILE_NAME', '$FILE_TYPE', '$FILE_PATH', '$ORG_ID', '$VIEW_ID');"
+ INSERT_QUERY="INSERT INTO \"DP_ORGANIZATION_ASSETS\" (\"ASSET_ID\", \"FILE_CONTENT\", \"FILE_NAME\", \"FILE_TYPE\", \"FILE_PATH\", \"ORG_ID\", \"VIEW_ID\") VALUES ( gen_random_uuid(), lo_get($OID), '$FILE_NAME_SQL', '$FILE_TYPE', '$FILE_PATH_SQL', '$ORG_ID', '$VIEW_ID');"Committable suggestion skipped: line range outside the PR's diff.
🤖 Prompt for AI Agents
In @artifacts/org_data.sh at line 141, The INSERT_QUERY builds SQL by
interpolating unescaped FILE_NAME (and potentially FILE_TYPE/FILE_PATH) which
allows SQL injection; add a sanitizer like the existing sql_escape function (or
implement one that doubles single quotes) and use it when constructing
INSERT_QUERY (e.g., escaped_FILE_NAME = sql_escape "$FILE_NAME") and replace
direct variables with their escaped counterparts in the INSERT_QUERY string,
ensuring any other file-derived variables (FILE_TYPE, FILE_PATH) are similarly
escaped or parameterized.
| DROP TABLE IF EXISTS "DP_APP_KEY_MAPPING"; | ||
| DROP TABLE IF EXISTS "DP_SDK_JOB"; |
There was a problem hiding this comment.
Incorrect DROP order: child tables dropped after parent CASCADE.
Lines 12-13 drop DP_APP_KEY_MAPPING and DP_SDK_JOB after DP_ORGANIZATION is dropped with CASCADE at line 10. Since both tables have foreign key constraints to DP_ORGANIZATION (lines 229 and 245), the CASCADE at line 10 will automatically drop them first, making these explicit DROP statements redundant and potentially confusing.
Recommended approach: Move lines 12-13 to execute before line 10 to establish explicit, predictable drop ordering.
🔎 Proposed fix to reorder DROP statements
Move the new DROP statements before the parent table drops:
DROP TABLE IF EXISTS "DP_API_METADATA" CASCADE;
+DROP TABLE IF EXISTS "DP_APP_KEY_MAPPING";
+DROP TABLE IF EXISTS "DP_SDK_JOB";
DROP TABLE IF EXISTS "DP_ORGANIZATION" CASCADE;
DROP TABLE IF EXISTS "DP_PROVIDER";
-DROP TABLE IF EXISTS "DP_APP_KEY_MAPPING";
-DROP TABLE IF EXISTS "DP_SDK_JOB";
DROP TABLE IF EXISTS "DP_VIEWS" CASCADE;📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| DROP TABLE IF EXISTS "DP_APP_KEY_MAPPING"; | |
| DROP TABLE IF EXISTS "DP_SDK_JOB"; | |
| DROP TABLE IF EXISTS "DP_API_METADATA" CASCADE; | |
| DROP TABLE IF EXISTS "DP_APP_KEY_MAPPING"; | |
| DROP TABLE IF EXISTS "DP_SDK_JOB"; | |
| DROP TABLE IF EXISTS "DP_ORGANIZATION" CASCADE; | |
| DROP TABLE IF EXISTS "DP_PROVIDER"; | |
| DROP TABLE IF EXISTS "DP_VIEWS" CASCADE; |
🤖 Prompt for AI Agents
In @artifacts/script.sql around lines 12 - 13, The DROP order is incorrect:
DP_APP_KEY_MAPPING and DP_SDK_JOB are dropped after DP_ORGANIZATION is dropped
with CASCADE, making those explicit DROP statements redundant and confusing;
move the DROP TABLE IF EXISTS "DP_APP_KEY_MAPPING" and DROP TABLE IF EXISTS
"DP_SDK_JOB" so they execute before the DROP TABLE ... "DP_ORGANIZATION" ...
CASCADE statement to enforce an explicit child-before-parent drop ordering and
avoid relying on CASCADE to remove child tables.
| ## Add a third-party API (Admin APIs) | ||
|
|
||
| If you want to add real APIs (instead of the sample seed scripts), you can use the Devportal Admin APIs to: | ||
|
|
||
| - Configure a **provider** (control plane) | ||
| - Create an **API** (metadata + API definition upload) | ||
| - Upload **API landing page content** (templates/assets) | ||
|
|
||
| These requests typically require: | ||
|
|
||
| - `orgId` / `organizationID` / `apiID` (depending on the endpoint) | ||
| - `Authorization: Bearer <access_token>` | ||
|
|
||
| #### 1) Configure a provider (control plane) | ||
|
|
||
| ```bash | ||
| curl --location 'http://localhost:3000/devportal/organizations/{orgId}/provider' \ | ||
| --header 'Content-Type: application/json' \ | ||
| --header 'Authorization: Bearer <access_token>' \ | ||
| --data '{ | ||
| "name": "MuleSoft", | ||
| "providerURL": "https://anypoint.mulesoft.com/login/signin?apintent=generic" | ||
| }' | ||
| ``` | ||
|
|
||
|
|
||
| - Create an API in the developer portal: | ||
|
|
||
| The apiType values include REST, AsyncAPI, GraphQL or SOAP | ||
|
|
||
| The provider value should be the name of the control plane configured in the developer portal. | ||
|
|
||
| visibility - PUBLIC/PRIVATE | ||
|
|
||
| This is a multi part request containing a json with metadata related to the API and a file attachement of the api schema definition file. | ||
| ``` bash | ||
| curl --location 'http://localhost:devportal/organizations/{organizationID}/apis' | ||
|
|
||
| --form 'api-metadata="{ | ||
| "apiInfo": { | ||
| "referenceID": "<UUID for the API created in WSO2 publisher>", | ||
| "apiName": "NavigationAPI", | ||
| "provider": "MuleSoft", | ||
| "orgName": "ACME", | ||
| "apiCategory": "Travel", | ||
| "apiDescription": "API for retrieving information about hotels and managing reservations", | ||
| "visibility" : "PUBLIC", | ||
| "visibleGroups": \["HR"\], | ||
| "owners" : { | ||
| "technicalOwner": "john", | ||
| "technicalOwnerEmail": "john@gmail.com", | ||
| "businessOwner" : "sam", | ||
| "businessOwnerEmail":"sam@gmail.com" | ||
| }, | ||
| "apiVersion" : "3.0.2", | ||
| "apiType" : "REST" | ||
| }, | ||
| "subscriptionPolicies": [ | ||
| { | ||
| "policyName": "gold" | ||
| }, | ||
| { | ||
| "policyName": "platinum" | ||
| } | ||
| ], | ||
| "endPoints": { | ||
| "sandboxURL": "http://taxi-navigation.mnm.abc.com", | ||
| "productionURL": "https://taxi-navigation.mnm.abc.com" | ||
| } | ||
| }"; type=application/json' | ||
| --form 'apiDefinition=@"{apiDefinition.json}"' | ||
| ``` | ||
| - Upload the api landing page content. | ||
|
|
||
| To upload the content to be displayed on the api-landing page, create a zip file with the folder structure as follows: | ||
| ``` bash | ||
| {API NAME} | ||
| └───content | ||
| │ api-content.hbs | ||
| │ apiContent.md | ||
| └───images | ||
| │ icon.svg | ||
| │ product.png | ||
| ``` | ||
| This is a multi part request, containing the metadata about the images in the api landing page. | ||
| This should be sent as a json key value map, with the key referring to the name in the hbs where the image is referenced and the name of the image file as the value. | ||
| For example, the key should be sent as api-icon to display the relevant image in the following img tag. | ||
| ``` bash | ||
| <img src={{apiInfo.apiImageMetadata.api-icon}} class="api-card-img" alt="..." /> | ||
|
|
||
| ``` | ||
| Run the following command to upload the content. | ||
| ``` bash | ||
| curl --location --request POST 'http://localhost:3000/devportal/organizations/{organizationID}/apis/{apiID}/template' | ||
| --form 'apiContent=@"{path-to-zip-file}"' \\ | ||
| --form 'imageMetadata="{ | ||
| \\"api-icon\\" : \\"navigation.jpeg\\", | ||
| \\"api-hero\\": \\"api.svg\\" | ||
| }" | ||
| ``` | ||
|
|
||
| Use this (https://devportal-4432.postman.co/workspace/Devportal-Workspace~9221a728-2c4b-46ec-acc3-095b9debacbc/collection/5029047-61d763dc-d7b9-4436-9a2e-94585c806943?action=share&creator=5029047) POSTMAN collection to test the API requests. | ||
| }' | ||
| ``` |
There was a problem hiding this comment.
Heading levels skip from h2 to h4.
The #### headings under "Add a third-party API" should be ### to maintain proper heading hierarchy (MD001). This affects accessibility and document outline navigation.
Suggested fix
-#### 1) Configure a provider (control plane)
+### 1) Configure a provider (control plane)Apply the same change to headings at lines 182, 207, and 233.
🧰 Tools
🪛 markdownlint-cli2 (0.18.1)
170-170: Heading levels should only increment by one level at a time
Expected: h3; Actual: h4
(MD001, heading-increment)
🤖 Prompt for AI Agents
In @README.md around lines 157 - 180, The section "Add a third-party API (Admin
APIs)" uses level-4 headings (####) for its subsections which breaks the
document hierarchy; change the headings "1) Configure a provider (control
plane)", "2) Create an API (metadata + API definition upload)" and the "Upload
API landing page content (templates/assets)" heading from #### to ### so the
subsections are proper h3 headings and apply the same change to the other
instances noted in the comment.
1 participant
Purpose
This PR introduces the following changes:
README.mdto provide clearer prerequisites, config file setup, DB creation steps, and notes on handling TLS / self-signed certificate errors.sample_config.jsonto better reflect current Redis/TLS configuration options.docs/InstallationGuide.mdnow that the main README covers installation and local setup.Summary by CodeRabbit
New Features
Documentation
Configuration
✏️ Tip: You can customize this high-level summary in your review settings.