Skip to content

TES-27473: document new User Access Key endpoints#31

Open
liorama wants to merge 1 commit into
mainfrom
TES-27473-user-rest-api
Open

TES-27473: document new User Access Key endpoints#31
liorama wants to merge 1 commit into
mainfrom
TES-27473-user-rest-api

Conversation

@liorama

@liorama liorama commented Jun 24, 2026

Copy link
Copy Markdown
Collaborator

Summary

Documents the five User Access Key (UAK) endpoints added by testimio/testimio#11903, matching the Engineering Design: user REST API spec.

  • GET /projects/{projectId}/users returns { projectUsers, metaData }.
  • GET /projects/{projectId}/users/activity returns { activity: { [email]: { name, current, previous } }, metaData } with optional previousPeriodDays query (1-365, default 30) and ISO YYYY-MM-DD dates.
  • POST /projects/{projectId}/users/invite returns { success, metaData }; rejects empty/invalid email arrays with 400 ClientError.
  • DELETE /projects/{projectId}/users/remove returns { success, metaData }; silently skips emails that don't match a user in the project; still enforces self/owner/company-owner guards.
  • POST /companies/{companyId}/projects returns 201 { success: true, id, metaData }.

Adds the userAccessKeyAuth security scheme (x-user-access-key header, UAK-<base64(userId)>-<base64(secret)> format), the Forbidden 403 response component, and uakMetaData (includes companyId; currentRequestCount / monthlyRequestLimit only when both are populated).

Test plan

  • npx js-yaml api.yaml parses cleanly.
  • Diff against the design doc: paths, params, response shapes, error codes match.
  • Render docs and eyeball the new sections.

Add OpenAPI definitions for the five UAK-authenticated endpoints introduced in
Tricentis-testimio/testimio#11903:

- GET    /projects/{projectId}/users
- GET    /projects/{projectId}/users/activity
- POST   /projects/{projectId}/users/invite
- DELETE /projects/{projectId}/users/remove
- POST   /companies/{companyId}/projects

Adds the userAccessKeyAuth security scheme, response shapes (projectUsers,
activity with current/previous ISO date windows, create-project 201 with id),
the Forbidden 403 component, and uakMetaData (companyId, conditional monthly
counters).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant