docs: add postman api and environment collection, update setup

[kshitij-k-osmosys]

API PR Checklist

Pre-requisites

• I have gone through the Contributing guidelines for Submitting a Pull Request (PR) and ensured that this is not a duplicate PR.
• I have performed unit testing for the new feature added or updated to ensure the new features added are working as expected.
• I have added/updated test cases to the test suite as applicable.
• I have performed preliminary testing using the test suite to ensure that any existing features are not impacted and any new features are working as expected as a whole.
• I have added/updated the required api docs as applicable.
• I have added/updated the .env.example file with the required values as applicable.

PR Details

PR details have been updated as per the given format (see below)

• PR title adheres to the format specified in guidelines (e.g., feat: add admin login endpoint)
• Description has been added
• Related changes have been added (optional)
• Screenshots have been added (optional)
• Query request and response examples have been added (as applicable, in case added or updated)
• Documentation changes have been listed (as applicable)
• Test suite/unit testing output is added (as applicable)
• Pending actions have been added (optional)
• Any other additional notes have been added (optional)

Additional Information

• Appropriate label(s) have been added (ready for review should be added if the PR is ready to be reviewed)
• Assignee(s) and reviewer(s) have been added (optional)

Note: Reviewer should ensure that the checklist and description have been populated and followed correctly, and the PR should be merged only after resolving all conversations and verifying that CI checks pass.

---

Description:

• Add a seperate Postman collection specifically for APIs
• Add a postman environment collection for variables
• Add links to both of these in API documentation
• Update existing testing postman collection according to latest changes
• Update development and production setup with latest env values

Related changes:
NA

Screenshots:
NA

Query request and response:
NA

Documentation changes:
NA

Test suite/unit testing output:
NA

Pending actions:
NA

Additional notes:
NA

Summary by CodeRabbit

Summary by CodeRabbit

• New Features

  • Introduced a comprehensive API collection for OsmoX, including endpoints for notifications, authentication, applications, providers, and webhooks.
  • Added new endpoints: Create Notification, Login, Fetch All Notifications, Create New Application, Fetch All Applications, Fetch All Providers, Create New Provider, and Register Webhook.
  • New environment configuration for API testing with essential parameters.
  • Updated API documentation with a new section for Postman resources.
  • Enhanced JWT management with new environment variables for secret key and expiration duration.

• Bug Fixes

  • Corrected a typographical error in the item name from "PushNotifiation_Android" to "PushNotification_Android."
  • Expanded authentication section with new items for login success and failure scenarios.

[coderabbitai]

Walkthrough

This pull request introduces a new Postman collection and environment for the OsmoX application, detailing various API endpoints for functionalities such as notifications, authentication, application management, provider management, and webhooks. Additionally, the API documentation is updated to include links to these resources, enhancing accessibility for users. Environment variable declarations related to JWT management are also added to the setup documentation for both development and production.

Changes

File Path	Change Summary
apps/api/OsmoX-API.postman_collection.json	New API collection added with multiple endpoints for Notification, Authentication, Application, Provider, and Webhook functionalities.
apps/api/OsmoX-API.postman_environment.json	New environment configuration added with key-value pairs for API testing parameters.
apps/api/docs/api-documentation.md	New section added for "Postman Collection" with links to the API Collection and Environment File.
apps/api/OsmoX.postman_collection.json	Item name corrected from "PushNotifiation_Android" to "PushNotification_Android" and multiple new items added for notifications and authentication scenarios.
apps/api/docs/development-setup.md	New environment variables JWT_SECRET and JWT_EXPIRES_IN added for JWT management.
apps/api/docs/production-setup.md	New environment variables JWT_SECRET and JWT_EXPIRES_IN added for JWT management.

Possibly related PRs

• feat: update auth guard code #330: The changes in this PR involve updating the authentication mechanism to use JWT tokens instead of server API keys, which is directly related to the new authentication endpoint added in the main PR for the OsmoX application.

Suggested reviewers

• xixas

Poem

In the fields where bunnies play,
New APIs hop in bright array.
With notifications, oh so clear,
Authentication brings us cheer!
Fixing names, we leap with glee,
OsmoX shines, as bright can be! 🐇✨

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 2

Outside diff range and nitpick comments (6)

apps/api/OsmoX-API.postman_environment.json (1)

36-39: LGTM: Metadata section is informative.

The metadata provides useful information about the environment export, including the variable scope, export timestamp, and Postman version used.

Consider adding a comment in the file or documentation to explain the significance of this metadata, especially for team members who might be less familiar with Postman environments.

apps/api/OsmoX-API.postman_collection.json (5)

9-600: Create Notification endpoints are well-structured

The "Create Notification" category contains a comprehensive set of endpoints for various notification channels (SMTP, Mailgun, WhatsApp, SMS, Push Notifications, Voice Call). Each endpoint is well-documented with appropriate headers, body structure, and descriptions.

However, there are a few points to consider:

1. The provider IDs are hardcoded and assumed to match channel types (e.g., "Assuming providerId 1 also has channelType 1"). This might lead to confusion or errors if the provider IDs change.
2. Some endpoints have TODO comments in the request body, which should be addressed.
3. The use of environment variables (e.g., {{x-api-key}}, {{base_url}}) is consistent, which is good for maintainability.

Consider replacing hardcoded provider IDs with more descriptive names or adding comments to clarify the relationship between provider IDs and channel types.

---

702-803: Application endpoints are properly implemented

Both "Create new Application" and "Fetch all Applications" endpoints are well-structured and use GraphQL appropriately. The fetch endpoint includes pagination, sorting, and filtering options, which is good for flexibility.

Observations:

1. The create application mutation doesn't return as much information as the fetch query. It might be helpful to return the same fields for consistency.
2. The userId is hardcoded in the create application example, which might not be ideal for a reusable collection.

Consider updating the create application mutation to return the same fields as the fetch query for consistency. Also, use a variable for userId in the create application example instead of a hardcoded value.

---

804-905: Provider endpoints are well-implemented

The "Fetch all Providers" and "Create new Provider" endpoints are properly structured and use GraphQL effectively. The fetch endpoint includes pagination and sorting options, which is good for flexibility.

Observations:

1. The create provider mutation returns more fields than what's provided in the input, which is good for confirmation and further use.
2. The configuration field in the create provider example is empty. It might be helpful to provide a sample configuration.

Consider adding a sample configuration in the create provider example to demonstrate the expected structure of the configuration field.

---

906-966: Webhook registration endpoint is properly implemented

The "Register Webhook" endpoint is well-structured and uses GraphQL appropriately. It includes necessary fields for webhook registration.

Observations:

1. The endpoint requires both Authorization token and x-api-key, which provides an additional layer of security.
2. The providerId is hardcoded in the example, which might not be ideal for a reusable collection.

Consider using a variable for providerId in the register webhook example instead of a hardcoded value. This would make the collection more flexible and reusable.

---

1-966: Overall, the Postman collection is well-structured and comprehensive

This Postman collection provides a thorough representation of the OsmoX API, covering various aspects such as notifications, authentication, applications, providers, and webhooks. The use of GraphQL for complex queries and mutations is consistent throughout the collection, which is commendable.

Strengths:

1. Comprehensive coverage of API endpoints
2. Consistent use of GraphQL for complex operations
3. Good use of environment variables for base URL and API key
4. Detailed request configurations with appropriate headers and body structures
5. Inclusion of pagination, sorting, and filtering options where applicable

Areas for improvement:

1. Replace hardcoded IDs with variables for better reusability
2. Add sample configurations where applicable (e.g., in the create provider endpoint)
3. Ensure consistency in returned fields between create and fetch operations
4. Consider implementing cursor-based pagination for large datasets

To further improve this collection:

1. Consider grouping related environment variables (e.g., all provider IDs) for easier management.
2. Implement pre-request scripts to dynamically set variables like timestamps or generate unique identifiers.
3. Add tests for each request to validate responses and set environment variables for use in subsequent requests.
4. Create a separate environment for each deployment stage (development, staging, production) to easily switch between them.

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 0d711e1 and 574b935.

Files selected for processing (3)

• apps/api/OsmoX-API.postman_collection.json (1 hunks)
• apps/api/OsmoX-API.postman_environment.json (1 hunks)
• apps/api/OsmoX.postman_collection.json (1 hunks)

Files skipped from review due to trivial changes (1)

• apps/api/OsmoX.postman_collection.json

Additional comments not posted (3)

apps/api/OsmoX-API.postman_environment.json (1)

1-3: LGTM: Environment identification looks good.

The environment ID is a valid UUID, and the name "OsmoX-API" appropriately reflects the purpose of this Postman environment.

apps/api/OsmoX-API.postman_collection.json (2)

1-8: Collection information looks good

The collection info section is well-structured and includes all necessary details such as name, description, and schema version.

---

601-649: Authentication endpoint is properly configured

The Login endpoint is well-structured and uses GraphQL for the request. It includes proper headers and body configuration.

However, there's a potential security concern:

1. The use of environment variables for username and password ({{adminUsername}}, {{adminPassword}}) in the GraphQL variables is good for testing but might pose a risk if not properly managed in production environments.

To ensure the security of the authentication process, please verify that:

1. The connection is using HTTPS.
2. There are proper rate-limiting mechanisms in place to prevent brute-force attacks.
3. The server implements proper password hashing and salting.

[coderabbitai]

Actionable comments posted: 0

Outside diff range and nitpick comments (1)

apps/api/docs/api-documentation.md (1)

5-8: LGTM! Consider adding a brief description.

The addition of the Postman Collection section is valuable and well-placed. It provides easy access to important API testing resources.

Consider adding a brief description of what these files are and how they can be used. For example:

## Postman Collection

The following files can be imported into Postman to quickly set up and test the API:

- [API Collection](./../OsmoX-API.postman_collection.json) - Contains pre-configured API requests
- [Environment File](./../OsmoX-API.postman_environment.json) - Contains environment variables for the API

This additional context would help users understand the purpose and usage of these files.

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 574b935 and 14efcc0.

Files selected for processing (2)

• apps/api/OsmoX-API.postman_environment.json (1 hunks)
• apps/api/docs/api-documentation.md (1 hunks)

Files skipped from review as they are similar to previous changes (1)

• apps/api/OsmoX-API.postman_environment.json

[coderabbitai]

Actionable comments posted: 6

🧹 Outside diff range and nitpick comments (3)

apps/api/OsmoX.postman_collection.json (3)

Line range hint 10-4229: Consider grouping related items for better organization

The collection structure is logical, covering various API endpoints. However, to enhance readability and maintainability, consider grouping related items into folders. For example:

1. Create a "Notifications" folder containing all notification-related requests (SMTP, Mailgun, WhatsApp, SMS, etc.).
2. Group authentication-related requests under an "Authentication" folder.
3. Create separate folders for "Applications", "Providers", and "Webhooks".

This reorganization will make it easier for users to navigate and understand the API structure.

---

Line range hint 10-4229: Optimize test scripts to reduce duplication

The test scripts for each request are thorough and cover important aspects of the API responses. However, there's significant duplication across requests, especially for common checks like valid JSON responses and status codes.

To improve maintainability and reduce duplication, consider:

1. Using Postman's pre-request scripts to set up common test functions.
2. Utilizing environment variables to store expected values that are used across multiple tests.
3. Creating a collection-level test script for common checks, such as valid JSON responses.

Example of a collection-level test script:

pm.test("Response is valid JSON", function () {
    pm.response.to.be.json;
});

pm.test("Response has valid 'status' and 'data' properties", function () {
    var jsonData = pm.response.json();
    pm.expect(jsonData).to.have.property("status");
    pm.expect(jsonData).to.have.property("data").to.be.an("object");
});

This approach will make your tests more maintainable and easier to update across the entire collection.

---

Line range hint 10-4229: Enhance flexibility with environment variables and GraphQL variables

The consistent use of GraphQL for mutations and queries is commendable. To further improve the collection's flexibility and reusability across different environments:

1. Replace hardcoded URLs with a Postman environment variable:
   Instead of "http://localhost:3000/graphql", use "{{api_url}}/graphql".

2. Increase the use of GraphQL variables in queries and mutations:
   For example, replace:

   mutation {
     login(loginUserInput: {username: "admin", password: "password"}) {
       token
     }
   }

   With:

   mutation ($username: String!, $password: String!) {
     login(loginUserInput: {username: $username, password: $password}) {
       token
     }
   }

   And provide variables:

   {
     "username": "{{username}}",
     "password": "{{password}}"
   }

These changes will make your collection more flexible, easier to maintain, and adaptable to different environments (development, staging, production).

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 14efcc0 and e639974.

📒 Files selected for processing (3)

• apps/api/OsmoX-API.postman_collection.json (1 hunks)
• apps/api/OsmoX-API.postman_environment.json (1 hunks)
• apps/api/OsmoX.postman_collection.json (40 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• apps/api/OsmoX-API.postman_environment.json

🔇 Additional comments not posted (4)

apps/api/OsmoX-API.postman_collection.json (2)

1-9: LGTM: Well-structured Postman collection

The initial structure and metadata of the OsmoX-API Postman collection are well-organized and provide clear information about the purpose of the collection.

---

1-1005: Overall assessment: Well-structured collection with room for improvement

The OsmoX-API Postman collection is comprehensive and well-organized, covering a wide range of endpoints for the application. It demonstrates consistency in structure and naming conventions, which is commendable.

Main areas for improvement:

1. Enhance security by using environment variables for sensitive data and implementing HTTPS.
2. Increase reusability by consistently using variables across all requests.
3. Improve error handling and input validation, especially for mutation operations.
4. Parameterize hardcoded values to make the collection more flexible and easier to maintain.
5. Add safeguards such as rate limiting and maximum query limits to prevent potential abuse.

Implementing these suggestions will result in a more robust, secure, and maintainable API collection.

apps/api/OsmoX.postman_collection.json (2)

1-9: LGTM: Well-structured collection metadata

The initial structure and metadata of the Postman collection are well-defined. The collection name, description, and schema are appropriately set, providing a clear overview of the API's purpose.

---

Line range hint 1-4229: Well-structured collection with opportunities for enhancement

Overall, this Postman collection is comprehensive and well-constructed, providing excellent coverage of the OsmoX API. It includes a wide range of endpoints for notifications, authentication, and other operations, with thorough test scripts for each request.

Key strengths:

1. Comprehensive coverage of API endpoints
2. Consistent use of GraphQL for queries and mutations
3. Thorough test scripts for validating responses

Areas for improvement:

1. Organize related requests into folders for better structure
2. Reduce duplication in test scripts by using collection-level scripts and pre-request scripts
3. Enhance flexibility by using environment variables for the API URL
4. Increase the use of GraphQL variables to make requests more dynamic

Implementing these suggestions will result in a more maintainable, flexible, and user-friendly Postman collection, making it easier for developers to work with the OsmoX API across different environments.

[coderabbitai]

Actionable comments posted: 6

🧹 Outside diff range and nitpick comments (7)

apps/api/docs/development-setup.md (1)

50-51: Approve JWT configuration with a suggestion for JWT_SECRET example

The addition of JWT_SECRET and JWT_EXPIRES_IN environment variables is appropriate and aligns with the PR objectives. These variables are crucial for JWT configuration in the application.

1. The JWT_EXPIRES_IN variable is well-documented with clear examples, which is helpful for developers.

2. For the JWT_SECRET variable, I suggest modifying the example value to prevent potential misinterpretation:

Consider updating the JWT_SECRET line as follows:

-   JWT_SECRET=your-strong-secret-key-here # A strong secret key for signing your JWTs. This should be a long, random string.
+   JWT_SECRET=<your-strong-secret-key-here> # A strong secret key for signing your JWTs. This should be a long, random string (e.g., 64+ characters).

This change emphasizes that developers should replace the placeholder with their own secret key and provides a guideline for its length.

apps/api/docs/production-setup.md (1)

33-34: Approve JWT configuration with suggestions for enhancement.

The addition of JWT-related environment variables is a positive change that aligns with the PR objectives. However, consider the following suggestions to further improve security:

1. The default value of '30d' for JWT_EXPIRES_IN might be too long for some security requirements. Consider using a shorter default expiration time, such as '1d' or '12h', to reduce the window of opportunity for potential token misuse.

2. Add a note recommending regular rotation of the JWT_SECRET in production environments. This practice enhances security by limiting the impact of potentially compromised tokens.

Example addition:

Note: It is recommended to regularly rotate the JWT_SECRET in production environments to enhance security.

apps/api/OsmoX.postman_collection.json (5)

Line range hint 1-4282: Overall structure and additions look good, with some suggestions for improvement.

The Postman collection has been significantly expanded with new endpoints and detailed test scripts. This is a positive change that will improve API testing and documentation. Here are some observations and suggestions:

1. The collection now includes a wide range of endpoints covering various functionalities such as notifications, applications, providers, and authentication.

2. Test scripts have been added to most requests, which is excellent for automated testing and validation.

3. The collection is well-organized into folders, making it easy to navigate and understand the structure.

However, there are a few areas that could be improved:

1. Consider adding environment variables for common values like base URLs and API keys to make the collection more flexible and easier to maintain.

2. Some test scripts are repeated across multiple requests. Consider using Postman's pre-request scripts or collection-level scripts to reduce duplication.

3. Add more descriptive names to some requests, especially in the "Authentication" folder, to better indicate their purpose (e.g., "Login - Success" could be "User Login - Successful Authentication").

---

2605-2844: New SNS SMS Notification endpoints added with comprehensive test cases.

The addition of SNS SMS Notification endpoints is a valuable improvement to the collection. The test cases cover various scenarios including success, missing fields, mismatched channel types, and invalid API keys. This comprehensive approach to testing is commendable.

However, there's an opportunity to enhance the error handling in the test scripts:

1. In the "Send SNS SMS Notification - Missing to Field" test, consider checking for multiple possible error messages. Currently, it only checks for "to should not be empty", but there might be other validation errors.

2. For the "Send SNS SMS Notification - Mismatch in ChannelType" test, it might be beneficial to check for a specific error message related to the channel type mismatch, rather than just a general 400 error.

---

Line range hint 1938-2604: Push Notification endpoints added with separate tests for Android and iOS.

The addition of Push Notification endpoints for both Android and iOS is a great improvement. The test scripts are well-written and cover the essential aspects of the response. However, there are a few suggestions for enhancement:

1. Consider adding tests for error scenarios, such as invalid device tokens or malformed payload.

2. The target ARN in the request body is hardcoded. It would be better to use environment variables for these values to make the collection more portable across different environments.

3. The test scripts for Android and iOS are identical. Consider adding platform-specific checks if there are any differences in the expected response format.

---

Line range hint 4228-4282: New "Server Keys" folder added with "Generate New Key" endpoint.

The addition of the "Server Keys" folder with the "Generate New Key" endpoint is a good improvement. However, there are a few points to consider:

1. The test script for this endpoint is minimal. Consider adding more assertions to validate the response structure and content.

2. The applicationId is hardcoded in the request body. It would be better to use a variable for this value to make the collection more flexible.

3. There's only one request in this folder. Consider adding other related operations like listing existing keys or revoking keys if these operations are supported by the API.

---

Line range hint 1-4282: Overall, the Postman collection is well-structured and comprehensive, with room for some enhancements.

This Postman collection has been significantly improved with the addition of new endpoints, detailed test scripts, and better organization. It now covers a wide range of functionalities including notifications, applications, providers, authentication, and server key generation.

Positive aspects:

1. Comprehensive coverage of API endpoints
2. Well-organized folder structure
3. Detailed test scripts for most requests
4. Good error scenario coverage in many cases

Suggestions for further improvement:

1. Use environment variables for common values (base URLs, API keys, etc.)
2. Reduce duplication in test scripts by utilizing pre-request scripts or collection-level scripts
3. Enhance error handling in some test scripts to cover more specific error messages
4. Add more error scenario tests for newer endpoints (e.g., Push Notifications)
5. Use variables instead of hardcoded values for things like application IDs and ARNs
6. Consider adding more related operations to newer folders (e.g., Server Keys)

Implementing these suggestions will make the collection more maintainable, flexible, and comprehensive in its testing coverage.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between e639974 and 462912d.

📒 Files selected for processing (5)

• apps/api/OsmoX-API.postman_collection.json (1 hunks)
• apps/api/OsmoX-API.postman_environment.json (1 hunks)
• apps/api/OsmoX.postman_collection.json (11 hunks)
• apps/api/docs/development-setup.md (1 hunks)
• apps/api/docs/production-setup.md (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• apps/api/OsmoX-API.postman_environment.json

🔇 Additional comments not posted (2)

apps/api/docs/production-setup.md (1)

Line range hint 1-34: Approve the integration of JWT variables into the production setup documentation.

The new JWT-related environment variables have been seamlessly integrated into the existing production setup documentation. The placement within the environment configuration section is appropriate, and the additions do not disrupt the flow or clarity of the existing instructions for both PM2 and Docker setups.

The comprehensive nature of the setup instructions, including database migrations and environment variable updates, remains intact and provides a clear guide for deploying the application in a production environment.

apps/api/OsmoX-API.postman_collection.json (1)

1-9: LGTM: Well-structured collection metadata

The collection's metadata is properly defined with a clear name, description, and schema version. This provides good context for users of the API collection.