Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs(api): update api description #13429

Closed
wants to merge 7 commits into from
Closed

docs(api): update api description #13429

Changes from 3 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
23ed331
docs(api): update api description
walpox Jan 4, 2025
6d5d6ee
docs(api): compute urls with get_doc_url in api description
walpox Jan 5, 2025
2455f76
docs(api): update api description
walpox Jan 5, 2025
afdec53
docs: add copyright info
walpox Jan 7, 2025
69262c9
docs: update copyright contact address
walpox Jan 8, 2025
6b5e45b
docs(api): move rate-limit header info
walpox Jan 13, 2025
a6de29c
[pre-commit.ci] auto fixes from pre-commit.com hooks
pre-commit-ci[bot] Jan 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
82 changes: 77 additions & 5 deletions weblate/api/spectacular.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@

from django.utils.translation import gettext_lazy

from weblate.utils.docs import get_doc_url


def get_spectacular_settings(
installed_apps: list[str], site_url: str, site_title: str
Expand Down Expand Up @@ -44,11 +46,7 @@ def get_spectacular_settings(
"name": "GNU General Public License v3 or later",
"url": "https://docs.weblate.org/en/latest/contributing/license.html",
},
"DESCRIPTION": """
The API is accessible on the ``/api/`` URL and it is based on [Django REST framework](https://www.django-rest-framework.org/).

The OpenAPI specification is available as feature preview, feedback welcome!
""",
"DESCRIPTION": api_description,
"EXTENSIONS_INFO": {
"x-logo": {
"url": "/static/weblate.svg",
Expand All @@ -69,3 +67,77 @@ def get_spectacular_settings(
settings["TOS"] = "/legal/terms/"

return settings


api_description = f"""
This OpenAPI specification is offered as a feature preview, your feedback is welcome!

---

Weblate's REST API is based on [Django REST framework](https://www.django-rest-framework.org).
You can interact with it on the `/api/` URL path by using the [Weblate Client]({get_doc_url(page='wlc')}) or any third-party REST client of your choice.

## Authentication
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is already covered in OpenAPI, it could be definitely improved, but better to have it in standard location than in text:

image

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The OpenAPI spec allows to specify descriptions for the Security Scheme Object, so it should be possible to move information from the Authentication section in api_description to this other area of code.

I thought of moving this info in a separate PR. Do you prefer to do it in this one?


**Added in version 4.10:**
Project-scoped tokens to access the API.

Authentication works with tokens placed in the `Authorization` HTTP request header:

- Each user has a personal access token which they can get from their respective user profile. These tokens have the `wlu_` prefix.
- It is possible to create project tokens whose access to the API is limited to operations to their associated project. These tokens have the `wlp_` prefix.

Although some of the API operations are available without authentication,
it is still recommended to authenticate your requests:

- Operations such as `GET /api/users/` return an incomplete representation of the
requested resources if the request has not been authenticated and authorized.
- Anonymous requests are heavily rate limited, by default, to 100
requests per day. On the other hand, authenticated requests are rate limited
to 5000 requests per hour by default.

## API rate limiting
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is already partly documented in response headers via add_middleware_headers:

image

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good remark. I have moved their description to the respective Python module.


Rate limiting can be adjusted in the `settings.py` file; see [Throttling in Django REST framework documentation](https://www.django-rest-framework.org/api-guide/throttling/)
for more details on how to configure it.

In the Docker container, this can be configured with the [WEBLATE_API_RATELIMIT_ANON]({get_doc_url(page='admin/install/docker', anchor='envvar-WEBLATE_API_RATELIMIT_ANON')}) and the [WEBLATE_API_RATELIMIT_USER]({get_doc_url(page='admin/install/docker', anchor='envvar-WEBLATE_API_RATELIMIT_USER')}) environment variables.
walpox marked this conversation as resolved.
Show resolved Hide resolved

**Added in version 4.1:**
HTTP response headers indicating status of rate-limiting.

Those HTTP headers are:

<table>
<thead>
<tr>
<td>Header name</td>
<td>Description</td>
</tr>
</thead>
<tbody>
<tr>
<td>X-RateLimit-Limit</td>
<td>The maximum number of client requests allowed for a certain period of time, depending on whether the request is anonymous or authenticated.</td>
</tr>
<tr>
<td>X-RateLimit-Remaining</td>
<td>The remaining number of client requests allowed for the current timeframe.</td>
</tr>
<tr>
<td>X-RateLimit-Reset</td>
<td>The number of seconds until the rate limit is reset by the server.</td>
</tr
</tbody>
</table>

## Components and categories

To access a component which is nested inside a [Category]({get_doc_url(page='admin/projects', anchor='category')}),
you need to URL encode the category name into a component name separated with a slash.

For example, `usage` placed in a `docs` category needs to be used as `docs%252Fusage`.
In this case, the full URL could be:

`https://weblate.example.com/api/components/hello/docs%252Fusage/repository/`
"""