veza/veza-backend-api/API_CONTRACT_FINAL.md

# Veza API Contract (Finalized)

## 1. Overview
This document defines the finalized API contract for the Veza backend. All endpoints adhere to strict JSON standards, snake_case naming conventions, and a unified response envelope.

## 2. Global Standards
- **Protocol**: HTTP/1.1
- **Content-Type**: `application/json`
- **Charset**: `utf-8`
- **Date Format**: ISO 8601 (`YYYY-MM-DDThh:mm:ssZ`)
- **Naming Convention**: `snake_case` for all JSON keys.

## 3. Response Envelope
Every API response (Success or Error) is wrapped in a unified envelope.

### 3.1. Success Response
HTTP Status: `200 OK`, `201 Created`
```json
{
  "success": true,
  "data": {
    // Resource or Object
    "id": "123",
    "name": "example"
  },
  "error": null
}
```

### 3.2. Error Response
HTTP Status: `4xx`, `5xx`
```json
{
  "success": false,
  "data": null,
  "error": {
    "code": 400,
    "message": "Validation failed",
    "details": [
      {
        "field": "email",
        "message": "Invalid email format"
      }
    ],
    "request_id": "req_123xyz"
  }
}
```

## 4. Error Handling
Frontend clients should check the `success` boolean.
- If `success` is `false`, read the `error` object.
- `error.code` maps to standard HTTP status codes but provides application-level context.
- `error.details` is an optional array of field-specific errors (useful for form validation).

## 5. Authentication
- **Header**: `Authorization: Bearer <token>`
- **Token Type**: JWT (Access Token)
- **Refresh**: Use `/api/v1/auth/refresh` to rotate tokens.

## 6. Pagination
Endpoints returning lists support cursor-based or offset-based pagination.
Helper structure in `data`:
```json
{
  "list": [...],
  "pagination": {
    "page": 1,
    "limit": 20,
    "total": 100,
    "has_next": true
  }
}
```

## 7. Versioning
- Current Version: `v1`
- Base Path: `/api/v1`

## 8. Key Changes (Remediation Phase)
- **Unified Handlers**: All handlers now use `RespondSuccess` and `RespondWithAppError`.
- **Snake Case**: All DTOs enforce `snake_case`.
- **Validation**: Strict validation on all request bodies using `go-playground/validator`.
STABILISATION: phase 3–5 – API contract, tests & chat-server hardening 2025-12-06 16:21:59 +00:00			`# Veza API Contract (Finalized)`

			`## 1. Overview`
			`This document defines the finalized API contract for the Veza backend. All endpoints adhere to strict JSON standards, snake_case naming conventions, and a unified response envelope.`

			`## 2. Global Standards`
			`- Protocol: HTTP/1.1`
			- Content-Type: `application/json`
			- Charset: `utf-8`
			- Date Format: ISO 8601 (`YYYY-MM-DDThh:mm:ssZ`)
			- Naming Convention: `snake_case` for all JSON keys.

			`## 3. Response Envelope`
			`Every API response (Success or Error) is wrapped in a unified envelope.`

			`### 3.1. Success Response`
			HTTP Status: `200 OK`, `201 Created`
			```json
			`{`
			`"success": true,`
			`"data": {`
			`// Resource or Object`
			`"id": "123",`
			`"name": "example"`
			`},`
			`"error": null`
			`}`
			```

			`### 3.2. Error Response`
			HTTP Status: `4xx`, `5xx`
			```json
			`{`
			`"success": false,`
			`"data": null,`
			`"error": {`
			`"code": 400,`
			`"message": "Validation failed",`
			`"details": [`
			`{`
			`"field": "email",`
			`"message": "Invalid email format"`
			`}`
			`],`
			`"request_id": "req_123xyz"`
			`}`
			`}`
			```

			`## 4. Error Handling`
			Frontend clients should check the `success` boolean.
			- If `success` is `false`, read the `error` object.
			- `error.code` maps to standard HTTP status codes but provides application-level context.
			- `error.details` is an optional array of field-specific errors (useful for form validation).

			`## 5. Authentication`
			- Header: `Authorization: Bearer <token>`
			`- Token Type: JWT (Access Token)`
			- Refresh: Use `/api/v1/auth/refresh` to rotate tokens.

			`## 6. Pagination`
			`Endpoints returning lists support cursor-based or offset-based pagination.`
			Helper structure in `data`:
			```json
			`{`
			`"list": [...],`
			`"pagination": {`
			`"page": 1,`
			`"limit": 20,`
			`"total": 100,`
			`"has_next": true`
			`}`
			`}`
			```

			`## 7. Versioning`
			- Current Version: `v1`
			- Base Path: `/api/v1`

			`## 8. Key Changes (Remediation Phase)`
			- Unified Handlers: All handlers now use `RespondSuccess` and `RespondWithAppError`.
			- Snake Case: All DTOs enforce `snake_case`.
			- Validation: Strict validation on all request bodies using `go-playground/validator`.