Skip to content

Commit 41e1219

Browse files
ardelatoclaude
andcommitted
docs: add public events API documentation
Document endpoints, authentication, query parameters, visibility rules, CORS behavior, and artisan commands for client management. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1 parent ac9ae72 commit 41e1219

2 files changed

Lines changed: 49 additions & 0 deletions

File tree

app/Http/Controllers/API/PublicEventController.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -145,4 +145,5 @@ private function applyDateFilters(Builder $query, array $validated): void
145145
$query->where('events.updated_at', '<=', $updatedEnd);
146146
}
147147
}
148+
148149
}

docs/public-events-api.md

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
# Public Events API
2+
3+
The public events API is available under `/api/public/v2` and is intended for third-party event ingestion/display.
4+
5+
## Feature flag
6+
7+
Enable with:
8+
9+
`FEATURE__PUBLIC_EVENTS_API=true`
10+
11+
## Authentication
12+
13+
All `GET` endpoints require:
14+
15+
`Authorization: Bearer <integration_token>`
16+
17+
Tokens are managed via artisan commands:
18+
19+
- `php artisan api-clients:create --name="Partner Name"`
20+
- `php artisan api-clients:revoke <id>`
21+
- `php artisan api-clients:rotate <id>`
22+
23+
## Endpoints
24+
25+
- `GET /api/public/v2/events`
26+
- `GET /api/public/v2/events/{id}`
27+
- `GET /api/public/v2/groups/{id}/events`
28+
29+
## Query params (`GET /events`)
30+
31+
- `start` (ISO8601)
32+
- `end` (ISO8601)
33+
- `updated_start` (ISO8601)
34+
- `updated_end` (ISO8601)
35+
- `page` (default `1`)
36+
- `per_page` (default `50`, max `100`)
37+
38+
## Defaults and visibility rules
39+
40+
- Defaults to upcoming events (`event_end_utc >= now`).
41+
- Returns only approved events from approved groups.
42+
- Excludes soft-deleted events/groups.
43+
- Public payload intentionally omits `stats`, `network_data`, and `group.networks`.
44+
45+
## CORS/origin behavior
46+
47+
- CORS headers are returned for public API routes.
48+
- If an API client has `allowed_origins` configured, requests with a non-matching `Origin` are rejected with `403`.

0 commit comments

Comments
 (0)