add composer-unused, comprehensive docs, and project restructure
- Add icanhazstring/composer-unused as dev dependency for dependency hygiene checks
- Add German documentation (docs/) covering architecture, conventions, workflows, and developer checklists
- Add API layer (ApiAuth, ApiBootstrap, ApiResponse), audit, scheduler, custom fields, and SSO services
- Add Microsoft OIDC SSO, API token management, and user lifecycle features
- Add swagger-ui vendor integration and OpenAPI spec
- Add production Docker setup and bin/ scripts
- Update composer dependencies, config, templates, and frontend assets throughout
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-22 15:27:35 +01:00
|
|
|
# REST-API (v1)
|
|
|
|
|
|
2026-03-04 15:56:58 +01:00
|
|
|
Letzte Aktualisierung: 2026-02-25
|
add composer-unused, comprehensive docs, and project restructure
- Add icanhazstring/composer-unused as dev dependency for dependency hygiene checks
- Add German documentation (docs/) covering architecture, conventions, workflows, and developer checklists
- Add API layer (ApiAuth, ApiBootstrap, ApiResponse), audit, scheduler, custom fields, and SSO services
- Add Microsoft OIDC SSO, API token management, and user lifecycle features
- Add swagger-ui vendor integration and OpenAPI spec
- Add production Docker setup and bin/ scripts
- Update composer dependencies, config, templates, and frontend assets throughout
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-22 15:27:35 +01:00
|
|
|
|
|
|
|
|
## Single Source of Truth
|
|
|
|
|
|
|
|
|
|
Die API-Spezifikation wird zentral gepflegt in:
|
|
|
|
|
|
|
|
|
|
- `/docs/openapi.yaml`
|
|
|
|
|
|
|
|
|
|
Diese Datei ist die verbindliche technische Referenz für:
|
|
|
|
|
|
|
|
|
|
- Endpunkte
|
|
|
|
|
- Request-/Response-Schemas
|
|
|
|
|
- Statuscodes
|
|
|
|
|
- Auth-Header
|
|
|
|
|
|
2026-03-04 15:56:58 +01:00
|
|
|
## Fehlerhülle (API-Standard)
|
|
|
|
|
|
|
|
|
|
Fehlerantworten nutzen ein einheitliches Schema:
|
|
|
|
|
|
|
|
|
|
- `ok: false`
|
|
|
|
|
- `request_id: <uuid>`
|
|
|
|
|
- `error_code: <stable_machine_code>`
|
|
|
|
|
- `details: { ... }`
|
|
|
|
|
- kein Legacy-Feld `error` oder `errors`
|
|
|
|
|
|
|
|
|
|
`request_id` wird zusaetzlich als Header `X-Request-Id` geliefert.
|
|
|
|
|
Die `request_id` kommt zentral aus `RequestContext` und korreliert API-Fehler mit Audit-Einträgen.
|
|
|
|
|
|
add composer-unused, comprehensive docs, and project restructure
- Add icanhazstring/composer-unused as dev dependency for dependency hygiene checks
- Add German documentation (docs/) covering architecture, conventions, workflows, and developer checklists
- Add API layer (ApiAuth, ApiBootstrap, ApiResponse), audit, scheduler, custom fields, and SSO services
- Add Microsoft OIDC SSO, API token management, and user lifecycle features
- Add swagger-ui vendor integration and OpenAPI spec
- Add production Docker setup and bin/ scripts
- Update composer dependencies, config, templates, and frontend assets throughout
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-22 15:27:35 +01:00
|
|
|
## API-Doku im Admin
|
|
|
|
|
|
|
|
|
|
- UI: `/admin/api-docs`
|
|
|
|
|
- Zugriff: Permission `api_docs.view`
|
|
|
|
|
- Quelle der UI: `/docs/openapi.yaml`
|
|
|
|
|
- Swagger UI ist read-only (kein `Try it out`).
|
|
|
|
|
|
|
|
|
|
## Warum diese Seite kurz ist
|
|
|
|
|
|
|
|
|
|
Diese Seite bleibt bewusst knapp, damit keine doppelte Pflege entsteht.
|
|
|
|
|
|
|
|
|
|
Alle fachlichen und technischen API-Details stehen nur in `/docs/openapi.yaml`.
|
|
|
|
|
|
|
|
|
|
## Änderungsprozess (verbindlich)
|
|
|
|
|
|
|
|
|
|
1. API-Änderung immer zuerst in `/docs/openapi.yaml` pflegen.
|
|
|
|
|
2. `/admin/api-docs` öffnen und Rendering kurz prüfen.
|
|
|
|
|
3. API-Request per Client testen (z. B. Yaak/Postman/cURL).
|
|
|
|
|
4. Nur falls nötig hier in `api.md` organisatorische Hinweise ergänzen (keine Endpoint-Details).
|
|
|
|
|
|
|
|
|
|
## Verwandte Dokumente
|
|
|
|
|
|
|
|
|
|
- Rate Limiting: `/docs/anfragelimits.md`
|
|
|
|
|
- Sicherheit/Permissions: `/docs/sicherheitsmodell.md`
|
|
|
|
|
- Troubleshooting: `/docs/fehlerbehebung.md`
|