MonarcAppFO icon indicating copy to clipboard operation
MonarcAppFO copied to clipboard
verified publisher icon monarc-project

Add Swagger UI renderer and comprehensive API documentation

Open Copilot opened this issue 4 months ago • 0 comments

Overview

This PR implements comprehensive Swagger/OpenAPI documentation for the MONARC API, making it easier for developers to integrate with MONARC programmatically. The implementation addresses the need to properly display the swagger file and document all API endpoints with their authorization requirements.

Changes

1. Swagger UI Renderer (public/swagger-ui.html)

Created a user-friendly web interface for viewing the API documentation. The page provides:

  • Clean, accessible layout with instructions
  • Download button for the OpenAPI specification
  • Direct link to Swagger Editor for online viewing
  • Authentication flow documentation
  • Support for multiple usage scenarios (local viewing, API clients, code generation)

Swagger UI Page

2. Expanded OpenAPI Specification (public/swagger.yaml)

Significantly expanded the API documentation from 440 to 2,636 lines:

Coverage Statistics:

  • 73 API endpoint paths
  • 132 total API operations (GET, POST, PUT, PATCH, DELETE)
  • 33 organized categories/tags
  • Complete request/response schemas

Documented Endpoints Include:

  • Authentication - Login/logout with token-based auth
  • User Management - User CRUD, roles, password management, 2FA
  • Risk Analysis (ANR) - Complete lifecycle management with child routes:
    • Assets, Threats, Vulnerabilities, Measures
    • Information and Operational Risks
    • Recommendations and Treatment Plans
    • Statement of Applicability (SOA)
    • GDPR Records management
    • Instances and Objects
    • Scales and Impact types
    • Snapshots and restore functionality
    • Export/Import operations
    • Dashboards and cartography
  • Configuration - System settings and client management
  • Statistics - Analysis statistics and settings
  • Models, Guides, Deliveries - Template management
  • Referentials - Reference data management

All endpoints are based on the router configurations from zm-client/config/module.config.php and zm-core/config/module.config.php.

3. Security/Authorization Documentation

Implemented comprehensive security documentation:

  • Defined TokenAuth security scheme using API key in header
  • Documented complete authentication flow: 
    1. POST /api/auth with credentials
2. Receive authentication token
3. Include token in subsequent requests via Token header
  • Documented role-based access control (superadmin, userfo, ceo)
  • Applied security requirements to all protected endpoints

4. API Documentation Guide (public/API_DOCUMENTATION.md)

Created a comprehensive guide covering:

  • Multiple methods to access and view the API documentation
  • Step-by-step authentication instructions with examples
  • Overview of API endpoint categories
  • Base URL configuration
  • Contributing guidelines for adding new endpoints

5. Updated Main README

Added a new "API Documentation" section to the main README with:

  • Quick links to swagger-ui.html and swagger.yaml
  • Overview of API capabilities
  • Authentication method description
  • Instructions for accessing the documentation

How to Use

For Developers/Integrators:

  1. Navigate to /swagger-ui.html in your MONARC installation
  2. Click "View in Swagger Editor" to use online Swagger tools
  3. Download swagger.yaml and import into Postman, Insomnia, or other API clients

For API Consumers:

  1. Use the OpenAPI specification for automatic code generation
  2. Import into API testing and development tools
  3. Reference for integration development and troubleshooting

Technical Details

  • OpenAPI Version: 3.0.0 (industry standard)
  • API Version: 2.13.3 (matches current MONARC version)
  • Format: YAML (validated syntax)
  • Security Scheme: Token-based API key authentication

Testing

  • Validated YAML syntax using Python's yaml parser
  • Verified OpenAPI 3.0.0 compliance
  • Tested Swagger UI page rendering and functionality
  • Confirmed all endpoint paths and operations are properly documented

Benefits

Easier Integration - Clear API documentation facilitates third-party integrations
Self-Service - Developers can understand and test the API without constant support
Code Generation - OpenAPI spec enables automatic client library generation
API Testing - Import into Postman/Insomnia for quick testing
Standardization - Follows OpenAPI 3.0 industry standards
Maintainability - Clear structure for documenting future API changes

Closes #XXX

Original prompt

This section details on the original issue you should resolve

<issue_title>Add the swagger files renderer and describe all the API endpoints</issue_title> <issue_description>Properly displaying the swagger file public/swagger.yaml can facilitate integrations. All the endpoints have to be described based on the routers endpoints: https://github.com/monarc-project/zm-client/blob/master/config/module.config.php https://github.com/monarc-project/zm-core/blob/master/config/module.config.php The authorisation steps are also required to be defined in the swagger.</issue_description>

Comments on the Issue (you are @copilot in this section)

Fixes monarc-project/MonarcAppFO#570

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

Copilot avatar Oct 17 '25 07:10 Copilot