Public API Report
Public API Report
Section titled “Public API Report”New endpoints
Section titled “New endpoints”GET /api/v1/keysPOST /api/v1/keysPOST /api/v1/keys/{api_key_id}/revokeDELETE /api/v1/keys/{api_key_id}
Existing endpoints extended for key-aware public API behavior:
GET /api/v1/audit?key_id=...&action=...GET /api/v1/audit/export?key_id=...&action=...GET /docsGET /redocGET /openapi.json
Curl flow
Section titled “Curl flow”Create a key:
curl -X POST http://127.0.0.1:8008/api/v1/keys \ -H "Authorization: Bearer YOUR_AB_ADMIN_TOKEN" \ -H "Content-Type: application/json" \ -d '{"name":"Partner read key","scope":"read","rate_limit_requests":60,"rate_limit_window_seconds":60}'Use the returned plaintext key on a protected endpoint:
curl http://127.0.0.1:8008/api/v1/projects \ -H "X-API-Key: abk_your_plaintext_key"Inspect usage events for that key:
curl "http://127.0.0.1:8008/api/v1/audit?key_id=KEY_ID&action=api_key_used" \ -H "Authorization: Bearer YOUR_WRITE_TOKEN"Revoke the key:
curl -X POST http://127.0.0.1:8008/api/v1/keys/KEY_ID/revoke \ -H "Authorization: Bearer YOUR_AB_ADMIN_TOKEN"Docs screenshots
Section titled “Docs screenshots”- Swagger UI:
archive/public-api-docs-20260421/swagger-docs.png - Redoc:
archive/public-api-docs-20260421/redoc-docs.png
Verification
Section titled “Verification”python scripts/generate_frontend_api_types.py --check->0python scripts/generate_api_docs.py --check->0python -m pytest app/backend/tests/test_api_keys.py app/backend/tests/test_repository.py app/backend/tests/test_api_routes.py -q->73 passednpm --prefix app/frontend run test:unit -- ApiKeyManager.test.tsx a11y-api-keys.test.tsx->4 passed- OpenAPI info confirmed from app metadata:
- title:
AB Test Research Designer API - version:
1.0.0
- title:
curl -I http://127.0.0.1:8010/docs->200 OKcurl -I http://127.0.0.1:8010/redoc->200 OK
Bundle budget
Section titled “Bundle budget”npm --prefix app/frontend run buildemitted a separate lazy chunk for API keys:dist/assets/ApiKeyManager-CktwvpCw.js->6.46 kB, gzip2.08 kB
- Main bundle is still above the requested budget:
dist/assets/index-DBhDI9YG.js-> gzip142.76 kB
- Result:
- lazy-loading requirement for
ApiKeyManageris satisfied < 140 kBmain-bundle budget is currently not met
- lazy-loading requirement for
Remaining blockers
Section titled “Remaining blockers”cmd /c scripts\verify_all.cmd --with-e2estill fails in frontend typecheck outside this task’s file set:app/frontend/src/components/PosteriorPlot.test.tsxapp/frontend/src/components/SequentialBoundaryChart.test.tsxapp/frontend/src/i18n/index.tsapp/frontend/src/stores/projectStore.ts
- These errors were present in the broader dirty worktree and block the acceptance target
verify_all.cmd --with-e2e = 0.