Skip to content

Latest commit

 

History

History
566 lines (449 loc) · 13.6 KB

APIDOCS.md

File metadata and controls

566 lines (449 loc) · 13.6 KB

StorySquadAPI

Base URL for Deployed API

https://story-squad-dev.herokuapp.com/api

Endpoints that require Okta token

URL Request Description
/account/login GET Retrieves account and user info for logged-in account.
/account/login POST Creates db entry for logged-in account.
/account/login PATCH Updates info for logged-in user
/prompt/:prompt_id GET Retrieves prompt.
/reading/:reading_id GET Returns URL and S3 key for reading with ID in parameter.
/reading/:reading_id/prompts GET Retrieves prompts for specified reading.
/story POST Adds new story to db.
/story/:story_id GET Retrieves story with specified ID.
/story/:story_id PATCH Updates story with specified ID.
/stripe/card-wallet GET Returns client_secret to update saved cards.
/stripe/payment POST Processes payment through Stripe
/stripe/subscribe POST Sets up new subscription
/student POST Creates new student for logged-in account
/student/:student_id GET Retrieves student info
/student/:student_id PATCH Updates student info
/student/pin-check/:student_id Post validates student pin

Endpoints requiring DS secret

URL Request Description
/admin_account/:id GET Retrieves account info.
/admin_account/email GET Retrieves account info.
/ds_story/:story_id GET Retrieves story info.
/ds_story/:story_id PATCH Updates story info.

Webhook endpoints for Stripe

URL Request Description
/stripe/webhook POST Accepts payment notification and updates paid_until

Requests and Returns:

GET /api/account/login

Request body:

{
  "headers": {
    "Authorization": "token(string)"
  }
}

Returns:

{
  "account_id": "uuid",
  "username": "string",
  "student_ids": "array of uuids",
  "settings": "json object"
}
HTTP Response Code Reason
200 Success
401 PIN token/DB mismatch
404 User logged in to Okta but not in DB

POST /api/account/login

Request body:

{
  "email": "string",
  "username": "string",
  "pin": "integer",
  "headers": {
    "Authorization": "token(string)"
  },
  "settings": "JSON object",
  "stripe_token": "token/string"
}

Returns:

{
  "account_id": "uuid",
  "username": "string",
  "student_ids": "array of uuids",
  "settings": "json object"
}
HTTP Response Code Reason
201 Success
409 User already in db
500 Failed to add user

POST /api/account/login

Request body:

{
  "email": "string",
  "username": "string",
  "pin": "integer",
  "headers": {
    "Authorization": "token(string)"
  },
  "settings": "JSON object",
  "stripe_token": "token/string"
}

Returns:

{
  "account_id": "uuid",
  "username": "string",
  "student_ids": "array of uuids",
  "settings": "json object"
}
HTTP Response Code Reason
200 Success
401 PIN mismatch
404 User not in db
500 Failed to update user

GET /api/admin_account/:id

Request body:

{
  "headers": {
    "Authorization": "secret (string)"
  }
}

Returns:

{
  "account_id": "uuid",
  "username": "string",
  "student_ids": "array of uuids",
  "settings": "json object"
}
HTTP Response Code Reason
200 Success
401 Mismatch in ds_secret middleware
500 error in Account.findById call

GET /api/admin_account/:email

Request body:

{
  "headers": {
    "Authorization": "secret (string)"
  },
  "email": "email (string)"
}

Returns:

{
  "account_id": "uuid",
  "username": "string",
  "student_ids": "array of uuids",
  "settings": "json object"
}
HTTP Response Code Reason
200 Success
401 Mismatch in ds_secret middleware
500 error in Account.findById call

GET /api/ds_story/:story_id

Request body:

{
  "headers": {
    "Authorization": "secret (string)"
  }
}

Returns:

{
  "story_id": "uuid",
  "student_id": "uuid",
  "prompt_id": "uuid",
  "s3_url": "string",
  "s3_key": "string",
  "about": "JSON object"
}

PATCH /api/ds_story/:story_id

Request body:

{
  "headers": {
    "Authorization": "secret (string)"
  },
  "s3_url": "string (optional)",
  "s3_key": "string (optional)",
  "about": "JSON object (optional)"
}

Returns:

{
  "story_id": "uuid",
  "student_id": "uuid",
  "prompt_id": "uuid",
  "s3_url": "string",
  "s3_key": "string",
  "about": "JSON object"
}

GET /api/prompt/:prompt_id

Request body:

{
  "headers": {
    "Authorization": "token(string)"
  }
}

Returns:

{
  "prompt_id": "uuid",
  "reading_id": "uuid",
  "prompt_info": "json"
}

GET /api/reading/:reading_id

Request body:

{
  "headers": {
    "Authorization": "token(string)"
  }
}

Returns:

{
  "s3_url": "string",
  "s3_key": "string"
}
HTTP Response Code Reason
200 Success
404 No reading found with provided ID
500 Failed to retrieve reading

GET /api/reading/:reading_id/prompts

Request body:

{
  "headers": {
    "Authorization": "token(string)"
  }
}

Returns:

    {
        "prompts"
    }
HTTP Response Code Reason
200 Success
404 No prompts for specified reading

POST /api/story

Request body:

{
  "headers": {
    "Authorization": "token(string)"
  },
  "student_id": "uuid",
  "prompt_id": "uuid",
  "s3_url": "string",
  "s3_key": "string",
  "about": "JSON object"
}
HTTP Response Code Reason
200 Success
400 Student ID not received.
500 Server error.

GET /api/story/:story_id

Request body:

{
  "headers": {
    "Authorization": "token(string)"
  }
}
HTTP Response Code Reason
200 Success
404 Story not found.
500 Server error.

PATCH /api/story/:story_id

Request body:

{
  "headers": {
    "Authorization": "token(string)"
  },
  "student_id": "uuid (optional)",
  "prompt_id": "uuid (optional)",
  "s3_url": "string (optional)",
  "s3_key": "string (optional)",
  "about": "JSON object (optional)"
}
HTTP Response Code Reason
200 Success
403 Story not associated with logged-in account.
404 Story not found.
410 Authoring student no longer active.
500 Server error.

GET /api/stripe/card-wallet

Request body:

{
  "headers": {
    "Authorization": "token(string)"
  },
  "customer_id": "Stripe customer ID"
}

Response:

{
  "client_secret": "client secret for Stripe wallet/intent"
}

POST /api/stripe/payment

Request body:

{
  "headers": {
    "Authorization": "token(string)"
  },
  "success_url": "redirect URL on success",
  "cancel_url": "redirect URL on cancel"
}

Response:

{
  "id": "session ID for payment"
}

POST /api/stripe/subscribe

Request body:

{
  "headers": {
    "Authorization": "token(string)"
  },
  "success_url": "redirect URL on success",
  "cancel_url": "redirect URL on cancel"
}

Response:

{
  "id": "session ID for payment"
}

POST /api/stripe/webhook

Request body:

{
  "headers": {
    "stripe-signature": "string"
  },
  "body": "other Stripe-defined contents"
}

Response:

{
  "status": 200
}

Side effects:

account.paid_until updated

POST /api/student

Request body:

{
  "headers": {
    "Authorization": "token"
  },
  "account_id": "uuid for account",
  "username": "new student username"
}
HTTP Response Code Reason
200 Success
409 Username unavailable
500 Failed to retrieve reading

GET /api/student/:student_id

Request body:

{
  "headers": {
    "Authorization": "token"
  }
}
HTTP Response Code Reason
200 Success
401 Student not associated with logged-in account
404 Student with provided id not found

PATCH /api/student/:student_id

Request body:

{
  "headers": {
    "Authorization": "token"
  },
  "username": "optional",
  "settings": "optional -- whole JSON object",
  "records": "optional -- whole JSON object",
  "pin": "integer"
}
HTTP Response Code Reason
200 Success
401 PIN mismatch or account mismatch
404 Student with provided id not found

Post /api/student/pin/check/:student_id

Request body:

{
  "headers": {
    "Authorization": "token"
  },
  "pin": "integer"
}
HTTP Response Code Reason
200 Success
500 Error retrieving student info for ID param.
404 Pin does not match the pen we have on file for you ${student.username}.