meldestelle/docs/API_DOCUMENTATION_GUIDELINES.md

# API Documentation Guidelines

## Overview

This document provides guidelines for documenting APIs in the Meldestelle project. Following these guidelines ensures consistency across all API documentation and makes it easier for developers, testers, and API consumers to understand and use our APIs.

## Table of Contents

1. [Documentation Approach](#documentation-approach)
2. [OpenAPI Specification](#openapi-specification)
3. [Endpoint Documentation Standards](#endpoint-documentation-standards)
4. [Schema Documentation Standards](#schema-documentation-standards)
5. [Examples](#examples)
6. [Documentation Workflow](#documentation-workflow)
7. [Testing Documentation](#testing-documentation)
8. [Tools and Resources](#tools-and-resources)

## Documentation Approach

The Meldestelle project uses a **static OpenAPI YAML file** for API documentation. This means:

- API documentation is maintained in a dedicated YAML file, not generated from code annotations
- Developers must manually update the documentation when adding or modifying endpoints
- The documentation is served via Swagger UI and as static HTML

### Key Files

- **OpenAPI Specification**: `/api-gateway/src/jvmMain/resources/openapi/documentation.yaml`
- **OpenAPI Configuration**: `/api-gateway/src/jvmMain/kotlin/at/mocode/gateway/config/OpenApiConfig.kt`
- **Documentation Routes**: `/api-gateway/src/jvmMain/kotlin/at/mocode/gateway/routing/DocRoutes.kt`
- **Static HTML Documentation**: `/api-gateway/src/jvmMain/resources/static/docs/index.html`

## OpenAPI Specification

We use OpenAPI 3.0.3 for our API documentation. The specification is maintained in a YAML file at:
`/api-gateway/src/jvmMain/resources/openapi/documentation.yaml`

### Structure

The OpenAPI specification file is structured as follows:

```yaml
openapi: 3.0.3
info:
  title: Meldestelle API
  description: |
    Self-Contained Systems API Gateway for Austrian Equestrian Federation.
  version: 1.0.0
  # Additional info fields...

servers:
  # Server configurations...

tags:
  # API tags for grouping endpoints...

paths:
  # API endpoints...

components:
  schemas:
    # Data models...
  securitySchemes:
    # Security definitions...
```

## Endpoint Documentation Standards

When documenting a new API endpoint, include the following information:

### Required Elements

1. **Path and HTTP Method**: Define the endpoint path and HTTP method (GET, POST, PUT, DELETE)
2. **Tags**: Assign at least one tag to categorize the endpoint (e.g., Authentication, Master Data)
3. **Summary**: A brief one-line description of the endpoint
4. **Description**: A more detailed explanation of what the endpoint does
5. **Operation ID**: A unique identifier for the operation (camelCase)
6. **Responses**: Document all possible response status codes and their content
7. **Security**: Specify authentication requirements if applicable

### Optional Elements (Recommended)

1. **Request Body**: For POST/PUT methods, document the expected request body
2. **Parameters**: Document path, query, and header parameters
3. **Examples**: Provide example requests and responses

### Example Endpoint Documentation

```yaml
/auth/login:
  post:
    tags:
      - Authentication
    summary: User Login
    description: Authenticates a user and returns a JWT token
    operationId: login
    requestBody:
      required: true
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/LoginRequest'
          example:
            username: "user@example.com"
            password: "SecurePassword123!"
    responses:
      '200':
        description: Successful login
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/LoginResponse'
            example:
              success: true
              data:
                token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
                userId: "550e8400-e29b-41d4-a716-446655440000"
                personId: "550e8400-e29b-41d4-a716-446655440001"
                username: "user@example.com"
                email: "user@example.com"
              message: "Login successful"
              timestamp: "2024-07-21T13:35:00Z"
      '401':
        description: Invalid credentials
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ErrorResponse'
```

## Schema Documentation Standards

When documenting data models (schemas), include the following information:

### Required Elements

1. **Schema Name**: Use PascalCase for schema names (e.g., `LoginRequest`)
2. **Type**: Specify the type (usually `object` for complex types)
3. **Properties**: List all properties with their types and descriptions
4. **Required Properties**: Specify which properties are required

### Optional Elements (Recommended)

1. **Examples**: Provide example values for properties
2. **Format**: Specify formats for string types (e.g., `email`, `uuid`, `date-time`)
3. **Enums**: For properties with a fixed set of values, specify the allowed values

### Example Schema Documentation

```yaml
LoginRequest:
  type: object
  properties:
    username:
      type: string
      description: The user's email address or username
      format: email
      example: "user@example.com"
    password:
      type: string
      description: The user's password
      format: password
      example: "SecurePassword123!"
  required:
    - username
    - password
```

## Examples

For a complete example of how to apply these guidelines to a new endpoint, see [API_DOCUMENTATION_EXAMPLE.md](API_DOCUMENTATION_EXAMPLE.md).

### Well-Documented Endpoint Example

Here's an example of a well-documented endpoint:

```yaml
/api/horses/{id}:
  get:
    tags:
      - Horse Registry
    summary: Get Horse by ID
    description: |
      Retrieves detailed information about a specific horse by its unique identifier.
      Requires authentication and appropriate permissions.
    operationId: getHorseById
    parameters:
      - name: id
        in: path
        description: Unique identifier of the horse
        required: true
        schema:
          type: string
          format: uuid
    security:
      - bearerAuth: []
    responses:
      '200':
        description: Successful operation
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/HorseResponse'
            example:
              success: true
              data:
                id: "550e8400-e29b-41d4-a716-446655440000"
                name: "Maestoso Mara"
                birthYear: 2015
                breed: "Lipizzaner"
                color: "Grey"
                gender: "STALLION"
                feiRegistered: true
                ownerId: "550e8400-e29b-41d4-a716-446655440001"
                active: true
              message: "Horse retrieved successfully"
              timestamp: "2024-07-21T13:35:00Z"
      '401':
        description: Unauthorized - Authentication required
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ErrorResponse'
      '403':
        description: Forbidden - Insufficient permissions
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ErrorResponse'
      '404':
        description: Horse not found
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ErrorResponse'
```

## Documentation Workflow

Follow these steps when adding or modifying API endpoints:

1. **Implement the API endpoint** in the appropriate controller/route file
2. **Update the OpenAPI specification** in `documentation.yaml`
3. **Generate the documentation** using the Gradle task:
   ```bash
   ./gradlew :api-gateway:generateApiDocs
   ```
4. **Validate the documentation** using the Gradle task:
   ```bash
   ./gradlew :api-gateway:validateOpenApi
   ```
5. **Test the documentation** by accessing the Swagger UI at `http://localhost:8080/swagger`

### CI/CD Pipeline

The project includes a CI/CD pipeline that automatically:
- Validates the OpenAPI specification
- Generates updated documentation
- Deploys the documentation to GitHub Pages

The workflow is defined in `.github/workflows/api-docs.yml` and is triggered:
- On changes to OpenAPI-related files
- On a weekly schedule
- Manually via GitHub Actions UI

## Testing Documentation

Always test your API documentation to ensure it accurately represents the API:

1. **Start the API Gateway**:
   ```bash
   ./gradlew :api-gateway:run
   ```

2. **Access Swagger UI**:
   Open your browser and navigate to `http://localhost:8080/swagger`

3. **Test the documented endpoints**:
   - Verify that all parameters are correctly documented
   - Test example requests
   - Verify that responses match the documentation

4. **Check static HTML documentation**:
   Open your browser and navigate to `http://localhost:8080/docs`

## Tools and Resources

### Recommended Tools

- **Swagger Editor**: [https://editor.swagger.io/](https://editor.swagger.io/) - Online editor for OpenAPI specifications
- **OpenAPI Validator**: Built into our Gradle tasks (`validateOpenApi`)
- **Postman**: For testing APIs and generating collections

### Learning Resources

- [OpenAPI 3.0 Specification](https://spec.openapis.org/oas/v3.0.3)
- [Swagger UI Documentation](https://swagger.io/docs/open-source-tools/swagger-ui/usage/configuration/)
- [OpenAPI Best Practices](https://oai.github.io/Documentation/best-practices.html)

## Conclusion

Following these guidelines ensures that our API documentation is consistent, comprehensive, and useful for all stakeholders. Good API documentation is a critical part of our development process and helps ensure the usability and maintainability of our APIs.

If you have questions or suggestions for improving these guidelines, please contact the API team.