92 lines
4.7 KiB
Markdown
92 lines
4.7 KiB
Markdown
# API Endpoints
|
|
|
|
This document lists the public page routes and JSON API endpoints exposed by MiauInv. API endpoints that modify account or inventory state require authentication unless explicitly marked as public.
|
|
|
|
## Page Routes
|
|
|
|
| Route | Authentication | Purpose |
|
|
| --- | --- | --- |
|
|
| `/` | No | Landing page. |
|
|
| `/login` | No | Login page with password and passkey login. |
|
|
| `/register` | Optional | Registration page when registration is enabled. |
|
|
| `/dashboard` | Yes | Dashboard overview. |
|
|
| `/inventory` | Yes | Inventory item management. |
|
|
| `/items` | Yes | Item list view. |
|
|
| `/locations` | Yes | Location management. |
|
|
| `/projects` | Yes | Project allocation management. |
|
|
| `/profile/settings` | Yes | Account, 2FA, and passkey settings. |
|
|
| `/profile/activity` | Yes | User activity log. |
|
|
|
|
## Authentication and Account API
|
|
|
|
| Endpoint | Method | Authentication | Purpose |
|
|
| --- | --- | --- | --- |
|
|
| `/api/register` | `POST` | No | Create a user when registration is enabled. |
|
|
| `/api/login` | `POST` | No | Password login. Returns a 2FA challenge if required. |
|
|
| `/api/login/2fa` | `POST` | No | Complete TOTP or recovery-code login. |
|
|
| `/api/passkeys/login/options` | `POST` | No | Start discoverable passkey login. |
|
|
| `/api/passkeys/login/finish` | `POST` | No | Complete passkey login. |
|
|
| `/api/refresh` | `POST` | No | Rotate a refresh token and issue a new session. |
|
|
| `/api/logout` | `POST` | Yes | Revoke refresh sessions and clear auth cookies. |
|
|
| `/api/userinfo` | `GET` | Yes | Return current user metadata and security status. |
|
|
| `/api/profile` | `GET` | Yes | Alias for current user metadata. |
|
|
| `/api/account/username` | `POST` | Yes | Change username with password confirmation. |
|
|
| `/api/account/password` | `POST` | Yes | Change password and refresh the current session. |
|
|
|
|
## Two-Factor Authentication API
|
|
|
|
| Endpoint | Method | Authentication | Purpose |
|
|
| --- | --- | --- | --- |
|
|
| `/api/2fa/setup` | `POST` | Yes | Create a short-lived setup challenge, QR code, and manual setup secret. |
|
|
| `/api/2fa/enable` | `POST` | Yes | Confirm the setup challenge, enable 2FA, and generate recovery codes. |
|
|
| `/api/2fa/disable` | `POST` | Yes | Disable 2FA with password and TOTP confirmation. |
|
|
| `/api/2fa/recovery-codes/regenerate` | `POST` | Yes | Replace recovery codes with password and TOTP confirmation. |
|
|
|
|
## Passkey Management API
|
|
|
|
| Endpoint | Method | Authentication | Purpose |
|
|
| --- | --- | --- | --- |
|
|
| `/api/passkeys` | `GET` | Yes | List registered passkeys. |
|
|
| `/api/passkeys` | `DELETE` | Yes | Remove a passkey with password confirmation. |
|
|
| `/api/passkeys/register/options` | `POST` | Yes | Start passkey registration. |
|
|
| `/api/passkeys/register/finish` | `POST` | Yes | Finish passkey registration and store the credential. |
|
|
| `/api/passkeys/disable` | `POST` | Yes | Remove all passkeys with password confirmation. |
|
|
|
|
## Activity API
|
|
|
|
| Endpoint | Method | Authentication | Purpose |
|
|
| --- | --- | --- | --- |
|
|
| `/api/activity` | `GET` | Yes | Return recent activity entries for the current user. Admin users may request `?all=true`. |
|
|
|
|
Query parameters:
|
|
|
|
| Parameter | Default | Max | Purpose |
|
|
| --- | --- | --- | --- |
|
|
| `limit` | `50` | `100` | Number of entries to return. |
|
|
| `offset` | `0` | `100000` | Offset for pagination. |
|
|
| `all` | `false` | n/a | Admin-only flag for reading all users' activity. |
|
|
|
|
## Inventory API
|
|
|
|
| Endpoint | Method | Authentication | Purpose |
|
|
| --- | --- | --- | --- |
|
|
| `/api/item` | `GET` | Yes | List items or read an item by `id`. |
|
|
| `/api/item` | `POST` | Yes | Create an item. |
|
|
| `/api/item` | `PUT` | Yes | Update an item by `id`. |
|
|
| `/api/item` | `DELETE` | Yes | Delete an item by `id`. |
|
|
| `/api/location` | `GET` | Yes | List locations, read a location by `id`, or read location contents with `content=true`. |
|
|
| `/api/location` | `POST` | Yes | Create a location. |
|
|
| `/api/location` | `PUT` | Yes | Update a location by `id`. |
|
|
| `/api/location` | `DELETE` | Yes | Delete a location by `id`. |
|
|
| `/api/project` | `GET` | Yes | List projects, read a project by `id`, or read project allocation details with `details=true`. |
|
|
| `/api/project` | `POST` | Yes | Create a project. |
|
|
| `/api/project` | `PUT` | Yes | Update a project by `id`. |
|
|
| `/api/project` | `DELETE` | Yes | Delete a project by `id`. |
|
|
| `/api/stock` | `GET` | Yes | List stock rows, optionally filtered by `item_id`. |
|
|
| `/api/stock` | `POST` | Yes | Add stock to a location. |
|
|
| `/api/stock` | `DELETE` | Yes | Delete a stock row by `id`. |
|
|
| `/api/association` | `GET` | Yes | List project-item allocations, optionally filtered by `project_id`. |
|
|
| `/api/association` | `POST` | Yes | Allocate item quantity to a project. |
|
|
| `/api/association` | `PUT` | Yes | Update an allocation by `id`. |
|
|
| `/api/association` | `DELETE` | Yes | Delete an allocation by `id`. |
|