Documenting API Endpoints with the OpenAPI Specification

During some of the last weekly syncs during the DMP program, we discussed migrating the existing API documentation to use the OpenAPI Specification (OAS).

As a starting point, I’ve documented one of the create person APIs following the OAS.

Repo
Demo

Some of the primary concerns we discussed seem to be addressable:

1. We can split the .yml files and bundle them together later as a part of the build process, to avoid maintaining a giant .yml file like Zulip, which came up during our discussions. I’ve tried to demonstrate this by keeping a minimal openapi.yml which uses $ref directive to include the content from person.yml that documents the /api/v1/person endpoint, other methods like GET can be appended in the same person.yml or whatever way we wis.h to structure it. Another pattern is reusing common components, as done here.
   TL;DR: It’s easy to componentize the .yml spec files.

2. It’s quite easy to switch themes, once you have the bundled openapi.yml down. Integration with the current Hextra theme and Hugo is still something that I haven’t explored thoroughly, but it should be doable. The current UI uses ReDoc to render the documentation, we can easily use something like swagger-ui if that seems better.

The only pain point I’ve found so far, is supporting custom fields in these documentation rendering tools; they usually skip over those and making those fields render requires us to patch the rendering scripts with custom plugins.

For instance, the permissions an acting user needs isn’t something that is part of the requestBody or other recognized OAS fields, so I had to manually add an extension (as they call it) called x-permissions and describe how it should be rendered with ReDoc. I had a similar experience while trying to make it work with swagger-ui.

The plugin/hack implementation to render x-permissions in the demo project can be found here.

I don’t think it would be super common for us to write plugins for such custom extensions as the OAS tree does cover most of what we would require, and there is always the cheaper alternative of including such information in the description of the endpoint.

For comparison, this is how the create person endpoint documentation looks like with the current way of doing things.
Link

The endpoint documentation changes I introduced while working on the cht-datasource can be found here.

I think this migration would be a nice improvement towards making the API documentation consistent with most of the other tool documentations on the internet, while also helping with the maintainability and standardization side of things.

Happy to hear your thoughts!

cc @sugat, @jkuester

I don’t think it would be super common for us to write plugins for such custom extensions as the OAS tree does cover most of what we would require, and there is always the cheaper alternative of including such information in the description of the endpoint.

For comparison, this is how the create person endpoint documentation looks like with the current way of doing things.

I agree with this one. We could include the permissions that a requesting user needs in the description. It might even be clearer than X-permissions fields. For instance for a first time API user, the X-permissions field could translate to a field that is required during the request but since CHT uses basic auth, it’s not something that is passed during request but rather stored somewhere.

Excellent work here!

Few question that I have for discussion for everyone is, where will the API spec files live? Will they be generated from the routes in cht-core/api/src/routing.js or manually written? If the spec files will live in cht-core, how will they be used in cht-docs?

Thank you for starting this discussion @apoorvapendse and @sugat!

Pitching in to share a use case of an org that uses both Hextra and Swagger-based API documentation: CleverCloud. We can have a look at their code changes that enabled the API documentation to be encompassed by the documentation site and see if there is anything that can be applied to the CHT use case. Disclaimer: I haven’t tried their approach, but I am happy to if you feel this could be a good way forward.