Skip to content

Add Swagger UI renderer and comprehensive API documentation#571

Merged
ruslanbaidan merged 5 commits intomasterfrom
copilot/add-swagger-files-renderer
Feb 13, 2026
Merged

Add Swagger UI renderer and comprehensive API documentation#571
ruslanbaidan merged 5 commits intomasterfrom
copilot/add-swagger-files-renderer

Conversation

Copy link
Contributor

Copilot AI commented Oct 17, 2025
edited
Loading

Overview

This PR implements comprehensive Swagger/OpenAPI documentation for the MONARC API, making it easier for developers to integrate with MONARC programmatically. The implementation addresses the need to properly display the swagger file and document all API endpoints with their authorization requirements.

Changes

1. Swagger UI Renderer (public/swagger-ui.html)

Created a user-friendly web interface for viewing the API documentation. The page provides:

  • Clean, accessible layout with instructions
  • Download button for the OpenAPI specification
  • Direct link to Swagger Editor for online viewing
  • Authentication flow documentation
  • Support for multiple usage scenarios (local viewing, API clients, code generation)

Swagger UI Page

2. Expanded OpenAPI Specification (public/swagger.yaml)

Significantly expanded the API documentation from 440 to 2,636 lines:

Coverage Statistics:

  • 73 API endpoint paths
  • 132 total API operations (GET, POST, PUT, PATCH, DELETE)
  • 33 organized categories/tags
  • Complete request/response schemas

Documented Endpoints Include:

  • Authentication - Login/logout with token-based auth
  • User Management - User CRUD, roles, password management, 2FA
  • Risk Analysis (ANR) - Complete lifecycle management with child routes:
    • Assets, Threats, Vulnerabilities, Measures
    • Information and Operational Risks
    • Recommendations and Treatment Plans
    • Statement of Applicability (SOA)
    • GDPR Records management
    • Instances and Objects
    • Scales and Impact types
    • Snapshots and restore functionality
    • Export/Import operations
    • Dashboards and cartography
  • Configuration - System settings and client management
  • Statistics - Analysis statistics and settings
  • Models, Guides, Deliveries - Template management
  • Referentials - Reference data management

All endpoints are based on the router configurations from zm-client/config/module.config.php and zm-core/config/module.config.php.

3. Security/Authorization Documentation

Implemented comprehensive security documentation:

  • Defined TokenAuth security scheme using API key in header
  • Documented complete authentication flow: 
    1. POST /api/auth with credentials
2. Receive authentication token
3. Include token in subsequent requests via Token header
  • Documented role-based access control (superadmin, userfo, ceo)
  • Applied security requirements to all protected endpoints

4. API Documentation Guide (public/API_DOCUMENTATION.md)

Created a comprehensive guide covering:

  • Multiple methods to access and view the API documentation
  • Step-by-step authentication instructions with examples
  • Overview of API endpoint categories
  • Base URL configuration
  • Contributing guidelines for adding new endpoints

5. Updated Main README

Added a new "API Documentation" section to the main README with:

  • Quick links to swagger-ui.html and swagger.yaml
  • Overview of API capabilities
  • Authentication method description
  • Instructions for accessing the documentation

How to Use

For Developers/Integrators:

  1. Navigate to /swagger-ui.html in your MONARC installation
  2. Click "View in Swagger Editor" to use online Swagger tools
  3. Download swagger.yaml and import into Postman, Insomnia, or other API clients

For API Consumers:

  1. Use the OpenAPI specification for automatic code generation
  2. Import into API testing and development tools
  3. Reference for integration development and troubleshooting

Technical Details

  • OpenAPI Version: 3.0.0 (industry standard)
  • API Version: 2.13.3 (matches current MONARC version)
  • Format: YAML (validated syntax)
  • Security Scheme: Token-based API key authentication

Testing

  • Validated YAML syntax using Python's yaml parser
  • Verified OpenAPI 3.0.0 compliance
  • Tested Swagger UI page rendering and functionality
  • Confirmed all endpoint paths and operations are properly documented

Benefits

Easier Integration - Clear API documentation facilitates third-party integrations
Self-Service - Developers can understand and test the API without constant support
Code Generation - OpenAPI spec enables automatic client library generation
API Testing - Import into Postman/Insomnia for quick testing
Standardization - Follows OpenAPI 3.0 industry standards
Maintainability - Clear structure for documenting future API changes

Closes #XXX

Original prompt

This section details on the original issue you should resolve

<issue_title>Add the swagger files renderer and describe all the API endpoints</issue_title>
<issue_description>Properly displaying the swagger file public/swagger.yaml can facilitate integrations.
All the endpoints have to be described based on the routers endpoints:
https://github.com/monarc-project/zm-client/blob/master/config/module.config.php
https://github.com/monarc-project/zm-core/blob/master/config/module.config.php
The authorisation steps are also required to be defined in the swagger.</issue_description>

Comments on the Issue (you are @copilot in this section)

Fixes #570

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

Copilot AI and others added 2 commits October 17, 2025 07:40
@ruslanbaidan
Add Swagger API documentation with UI renderer
deea371 
Co-authored-by: ruslanbaidan <3246171+ruslanbaidan@users.noreply.github.com>
@ruslanbaidan
Update README with API documentation section
455757b 
Co-authored-by: ruslanbaidan <3246171+ruslanbaidan@users.noreply.github.com>
Copilot AI changed the title [WIP] Add swagger files renderer and describe API endpoints Add Swagger UI renderer and comprehensive API documentation Oct 17, 2025
Copilot AI requested a review from ruslanbaidan October 17, 2025 07:44
Ruslan Baidan added 2 commits February 12, 2026 17:18
Merge remote-tracking branch 'origin/master' into copilot/add-swagger…
0ce94fd 
…-files-renderer

* origin/master:
  Removed the platform ignore option frome the composer packages update as it is not needed anymore.
  Fixed the stats-service and postgrtes containers launch.
  Fixed the docker run and made it possible to use the BackOffice common DB.
  Address code review feedback - fix Poetry flag, quoting, and unused file
  Update main README and add Docker installation guide
  Add helper script and improve documentation
  Fix Docker configuration and improve setup
  Add Docker development environment setup files
  Initial plan
  Fixed the issue of the analysis creation based on a model with context fields.
  Update the frontoffice dependency with the fix of the global assets import with evals.
Added to the swagger details about the 2FA use.
e71f10d
@ruslanbaidan ruslanbaidan marked this pull request as ready for review February 13, 2026 08:32
@ruslanbaidan ruslanbaidan merged commit 6d1de2a into master Feb 13, 2026
3 checks passed
@ruslanbaidan ruslanbaidan deleted the copilot/add-swagger-files-renderer branch February 13, 2026 08:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ruslanbaidan ruslanbaidan Awaiting requested review from ruslanbaidan

Assignees

@ruslanbaidan ruslanbaidan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add the swagger files renderer and describe all the API endpoints

2 participants

@ruslanbaidan