Summary
As a developer, I want a comprehensive REST API, so that I can integrate external systems with the platform
Blocked by: story-001-multi-organization-support, story-005-event-creation-and-management, story-010-ticket-purchase-and-cart
Acceptance Criteria
1. API Coverage
- Full Entity Access: API covers all major entities: organizations, events, sub-events, items, orders, vouchers, check-in, customers, gift cards, and invoices.
- Authentication: API supports authentication via API tokens and OAuth tokens.
2. API Features
- Query Capabilities: API supports pagination, filtering, and ordering on list endpoints.
- Rate Limiting: Rate limiting is applied to prevent abuse, with clear error responses when limits are exceeded.
- Backward Compatibility: The API maintains backward compatibility within major versions.
Test Plan
Tier 1 — Acceptance Tests
- AC1: Access all major entities via API with CRUD operations
- AC2: Authenticate with both API tokens and OAuth tokens
- AC3: Paginate, filter, and order list results
- AC4: Rate limiting returns 429 with retry information
- AC5: New fields added without breaking existing responses
Tier 2 — Edge Cases
- Unauthenticated request returns 401
- Token with insufficient scope returns 403
- Rate limit exceeded returns 429 with Retry-After header
- Paginate beyond last page returns empty results
- Filter with invalid parameters returns 400
📄 Full spec: spec/elixir-phoenix-migration/10-product/stories/story-033-rest-api.md
Summary
As a developer, I want a comprehensive REST API, so that I can integrate external systems with the platform
Blocked by: story-001-multi-organization-support, story-005-event-creation-and-management, story-010-ticket-purchase-and-cart
Acceptance Criteria
1. API Coverage
2. API Features
Test Plan
Tier 1 — Acceptance Tests
Tier 2 — Edge Cases
📄 Full spec:
spec/elixir-phoenix-migration/10-product/stories/story-033-rest-api.md