a949c8d3af
hooks in config/services.php/.env.example, and updated wizard steps/controllers to store session payloads, attach packages, and surface localized success/error states. - Retooled payment handling for both Stripe and PayPal, adding richer status management in CheckoutController/ PayPalController, fallback flows in the wizard’s PaymentStep.tsx, and fresh feature tests for intent creation, webhooks, and the wizard CTA. - Introduced a consent-aware Matomo analytics stack: new consent context, cookie-banner UI, useAnalytics/ useCtaExperiment hooks, and MatomoTracker component, then instrumented marketing pages (Home, Packages, Checkout) with localized copy and experiment tracking. - Polished package presentation across marketing UIs by centralizing formatting in PresentsPackages, surfacing localized description tables/placeholders, tuning badges/layouts, and syncing guest/marketing translations. - Expanded docs & reference material (docs/prp/*, TODOs, public gallery overview) and added a Playwright smoke test for the hero CTA while reconciling outstanding checklist items.
41 lines
2.4 KiB
Markdown
41 lines
2.4 KiB
Markdown
# 03 — API Contract
|
|
|
|
- Base URL: `/api/v1`
|
|
- Auth
|
|
- Tenant apps: OAuth2 Authorization Code + PKCE, refresh tokens.
|
|
- Super Admin: session-authenticated Filament (web only).
|
|
- Common
|
|
- Pagination: `page`, `per_page` (max 100).
|
|
- Errors: `{ error: { code, message, trace_id }, details?: {...} }`.
|
|
- Rate limits: per-tenant and per-device for tenant apps; 429 with `x-rate-limit-*` headers.
|
|
|
|
Key Endpoints (abridged)
|
|
- Auth: `/oauth/authorize`, `/oauth/token`, `/oauth/token/refresh`.
|
|
- Tenants (Super Admin only): list/read; no create via API for MVP.
|
|
- Events (tenant): CRUD, publish, archive; unique by `tenant_id + slug`.
|
|
- Photos (tenant): signed upload URL, create, list, moderate, feature.
|
|
- Emotions & Tasks: list, tenant overrides; task library scoping.
|
|
- Purchases & Ledger: create purchase intent, webhook ingest, ledger list.
|
|
- Settings: read/update tenant theme, limits, legal page links.
|
|
|
|
Guest Polling (no WebSockets in v1)
|
|
- GET `/events/{token}/stats` — lightweight counters for Home info bar.
|
|
- Response: `{ online_guests: number, tasks_solved: number, latest_photo_at: ISO8601 }`.
|
|
- Cache: `Cache-Control: no-store`; include `ETag` for conditional requests.
|
|
- GET `/events/{token}/photos?since=<ISO8601|cursor>` — incremental gallery refresh.
|
|
- Response: `{ data: Photo[], next_cursor?: string, latest_photo_at: ISO8601 }`.
|
|
- Use `If-None-Match` or `If-Modified-Since` to return `304 Not Modified` when unchanged.
|
|
- Legacy slug-based guest endpoints have been removed; tokens are mandatory for public access.
|
|
|
|
Webhooks
|
|
- Payment provider events, media pipeline status, and deletion callbacks. All signed with shared secret per provider.
|
|
- RevenueCat webhook: `POST /api/v1/webhooks/revenuecat` signed via `X-Signature` (HMAC SHA1/256). Dispatches `ProcessRevenueCatWebhook` to credit tenants and sync subscription expiry.
|
|
|
|
Public Gallery
|
|
- `GET /gallery/{token}`: returns event snapshot + branding colors; responds with `410` once the package gallery window expires.
|
|
- `GET /gallery/{token}/photos?cursor=&limit=`: cursor-based pagination of approved photos. Response shape `{ data: Photo[], next_cursor: string|null }`.
|
|
- `GET /gallery/{token}/photos/{photo}/download`: streams or redirects to an approved original. Returns `404` if the asset is gone.
|
|
|
|
Tenant Admin Downloads
|
|
- `GET /tenant/events/{event}/photos/archive`: authenticated ZIP export of all approved photos for an event. Returns `404` when none exist.
|