API Documentation

Overview

This API is built using Laravel with JSON:API specification. It provides a comprehensive set of endpoints for managing content, users, and various resources in a multi-tenant application.

API Versioning

The API is versioned using URL prefix /v1/. All endpoints are prefixed with this version number.

Authentication

The API uses Laravel Sanctum for authentication. Most endpoints require authentication using a Bearer token.

Authentication Endpoints

• POST /v1/login - User login
• POST /v1/register - User registration
• POST /v1/logout - User logout (requires authentication)
• POST /v1/password-forgot - Request password reset
• POST /v1/password-reset - Reset password

Main Resources

The API provides the following main resources:

Content Management

• titles - Content titles with relationships to channels, series, and content types
• categories - Content categories
• series - Series of content
• channels - Content channels
• content-types - Types of content
• authors - Content authors
• casts - Cast members
• tags - Content tags

User Management

• users - User accounts
• roles - User roles
• permissions - Role permissions
• user-activity - User activity tracking
• user-purchases - User purchase history

App Management

• apps - Multi-tenant applications
• app-settings - Application settings
• app-templates - Application templates
• sliders - Content sliders
• pages - Custom pages
• page-templates - Page templates with configurable parameters and fields
• menus - Navigation menus

Media & Uploads

• media - Media files
• uploads - File upload endpoints
• tus-uploads - TUS protocol uploads

Monetization

• subscription-plans - Subscription plans
• transactions - Transaction records
• ad-providers - Ad provider configurations
• ad-trackers - Ad tracking
• title-pricing - Content pricing

Webhooks

• Stripe payment processing
• Apple IAP handling
• Google Play IAP handling

JSON:API Implementation

The API follows the JSON:API specification for:

• Resource relationships
• Filtering
• Sorting
• Pagination
• Sparse fieldsets
• Includes

For detailed information about each resource schema, including available fields, relationships, and filtering capabilities, see the API Schemas Documentation.

Page Templates Configuration

Page templates now support a structured configuration system with parameters and form fields. This allows for dynamic customization of templates through a standardized interface.

Key endpoints:

• GET /v1/page-templates/{id}/config - Get template configuration fields and default parameters
• POST /v1/page-templates/{id}/preview - Preview a template with custom parameter values

For detailed information about the page template configuration system, see the Page Template Configuration Documentation.

Development Tools

• PHPUnit for testing
• PHPStan for static analysis
• PHPCS for code style checking
• SonarQube for code quality
• Codecov for test coverage

Error Handling

The API uses standard HTTP status codes and JSON:API error format for error responses.

Rate Limiting

Rate limiting is implemented for certain endpoints to prevent abuse.

Caching

Response caching is implemented where appropriate, with the ability to bypass cache using the cache.ignore middleware.

Security

• CSRF protection
• Input validation
• SQL injection prevention
• XSS protection
• Secure password hashing

Best Practices

1. Always use HTTPS
2. Include proper authentication headers
3. Handle rate limits appropriately
4. Implement proper error handling
5. Use appropriate HTTP methods
6. Follow JSON:API specification for requests and responses

Testing

The API includes comprehensive test coverage with:

• Unit tests
• Feature tests
• Integration tests
• API tests

Deployment

The API can be deployed using:

• Docker containers
• Traditional server deployment
• CI/CD pipelines (Bitbucket Pipelines)

Monitoring

• Error tracking
• Performance monitoring
• Usage analytics
• Log aggregation