fix(api_key): fix api key list and update endpoints for v2 (#5980)

2025-10-29 00:49:42 +08:00 · 2024-09-25 16:22:09 +05:30
parent dec0a57f76
commit cda690bf39
12 changed files with 214 additions and 47 deletions
--- a/api-reference-v2/api-reference/api-key/api-key--list.mdx
+++ b/api-reference-v2/api-reference/api-key/api-key--list.mdx
@ -0,0 +1,3 @@
+---
+openapi: get /v2/api_keys/list
+---
--- a/api-reference-v2/mint.json
+++ b/api-reference-v2/mint.json
@ -86,7 +86,8 @@
        "api-reference/api-key/api-key--create",
        "api-reference/api-key/api-key--retrieve",
        "api-reference/api-key/api-key--update",
-        "api-reference/api-key/api-key--revoke"
+        "api-reference/api-key/api-key--revoke",
+        "api-reference/api-key/api-key--list"
      ]
    },
    {
--- a/api-reference-v2/openapi_spec.json
+++ b/api-reference-v2/openapi_spec.json
@ -1433,6 +1433,60 @@
        ]
      }
    },
+    "/v2/api_keys/list": {
+      "get": {
+        "tags": [
+          "API Key"
+        ],
+        "summary": "API Key - List",
+        "description": "List all the API Keys associated to a merchant account.",
+        "operationId": "List all API Keys associated with a merchant account",
+        "parameters": [
+          {
+            "name": "limit",
+            "in": "query",
+            "description": "The maximum number of API Keys to include in the response",
+            "required": false,
+            "schema": {
+              "type": "integer",
+              "format": "int64",
+              "nullable": true
+            }
+          },
+          {
+            "name": "skip",
+            "in": "query",
+            "description": "The number of API Keys to skip when retrieving the list of API keys.",
+            "required": false,
+            "schema": {
+              "type": "integer",
+              "format": "int64",
+              "nullable": true
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "List of API Keys retrieved successfully",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "type": "array",
+                  "items": {
+                    "$ref": "#/components/schemas/RetrieveApiKeyResponse"
+                  }
+                }
+              }
+            }
+          }
+        },
+        "security": [
+          {
+            "admin_api_key": []
+          }
+        ]
+      }
+    },
    "/v2/customers": {
      "post": {
        "tags": [
--- a/api-reference/api-reference/api-key/api-key--list.mdx
+++ b/api-reference/api-reference/api-key/api-key--list.mdx
@ -0,0 +1,3 @@
+---
+openapi: get /api_keys/{merchant_id}/list
+---
--- a/api-reference/mint.json
+++ b/api-reference/mint.json
@ -137,7 +137,8 @@
        "api-reference/api-key/api-key--create",
        "api-reference/api-key/api-key--retrieve",
        "api-reference/api-key/api-key--update",
-        "api-reference/api-key/api-key--revoke"
+        "api-reference/api-key/api-key--revoke",
+        "api-reference/api-key/api-key--list"
      ]
    },
    {
--- a/api-reference/openapi_spec.json
+++ b/api-reference/openapi_spec.json
@ -4841,6 +4841,69 @@
        ]
      }
    },
+    "/api_keys/{merchant_id}/list": {
+      "get": {
+        "tags": [
+          "API Key"
+        ],
+        "summary": "API Key - List",
+        "description": "List all the API Keys associated to a merchant account.",
+        "operationId": "List all API Keys associated with a merchant account",
+        "parameters": [
+          {
+            "name": "merchant_id",
+            "in": "path",
+            "description": "The unique identifier for the merchant account",
+            "required": true,
+            "schema": {
+              "type": "string"
+            }
+          },
+          {
+            "name": "limit",
+            "in": "query",
+            "description": "The maximum number of API Keys to include in the response",
+            "required": false,
+            "schema": {
+              "type": "integer",
+              "format": "int64",
+              "nullable": true
+            }
+          },
+          {
+            "name": "skip",
+            "in": "query",
+            "description": "The number of API Keys to skip when retrieving the list of API keys.",
+            "required": false,
+            "schema": {
+              "type": "integer",
+              "format": "int64",
+              "nullable": true
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "List of API Keys retrieved successfully",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "type": "array",
+                  "items": {
+                    "$ref": "#/components/schemas/RetrieveApiKeyResponse"
+                  }
+                }
+              }
+            }
+          }
+        },
+        "security": [
+          {
+            "admin_api_key": []
+          }
+        ]
+      }
+    },
    "/events/{merchant_id}": {
      "get": {
        "tags": [
--- a/crates/api_models/src/api_keys.rs
+++ b/crates/api_models/src/api_keys.rs
@ -154,7 +154,7 @@ pub struct RevokeApiKeyResponse {
 }

 /// The constraints that are applicable when listing API Keys associated with a merchant account.
-#[derive(Clone, Debug, Deserialize)]
+#[derive(Clone, Debug, Deserialize, Serialize)]
 #[serde(deny_unknown_fields)]
 pub struct ListApiKeyConstraints {
    /// The maximum number of API Keys to include in the response.
--- a/crates/api_models/src/events.rs
+++ b/crates/api_models/src/events.rs
@ -90,6 +90,7 @@ impl_api_event_type!(
        CardInfoResponse,
        CreateApiKeyResponse,
        CreateApiKeyRequest,
+        ListApiKeyConstraints,
        MerchantConnectorDeleteResponse,
        MerchantConnectorUpdate,
        MerchantConnectorCreate,
--- a/crates/openapi/src/openapi.rs
+++ b/crates/openapi/src/openapi.rs
@ -183,6 +183,7 @@ Never share your secret api keys. Keep them guarded and secure.
        routes::api_keys::api_key_retrieve,
        routes::api_keys::api_key_update,
        routes::api_keys::api_key_revoke,
+        routes::api_keys::api_key_list,

        // Routes for events
        routes::webhook_events::list_initial_webhook_delivery_attempts,
--- a/crates/openapi/src/openapi_v2.rs
+++ b/crates/openapi/src/openapi_v2.rs
@ -109,6 +109,7 @@ Never share your secret api keys. Keep them guarded and secure.
        routes::api_keys::api_key_retrieve,
        routes::api_keys::api_key_update,
        routes::api_keys::api_key_revoke,
+        routes::api_keys::api_key_list,

        //Routes for customers
        routes::customers::customers_create,
--- a/crates/openapi/src/routes/api_keys.rs
+++ b/crates/openapi/src/routes/api_keys.rs
@ -163,3 +163,44 @@ pub async fn api_key_revoke() {}
    security(("admin_api_key" = []))
 )]
 pub async fn api_key_revoke() {}
+
+#[cfg(feature = "v1")]
+/// API Key - List
+///
+/// List all the API Keys associated to a merchant account.
+#[utoipa::path(
+    get,
+    path = "/api_keys/{merchant_id}/list",
+    params(
+        ("merchant_id" = String, Path, description = "The unique identifier for the merchant account"),
+        ("limit" = Option<i64>, Query, description = "The maximum number of API Keys to include in the response"),
+        ("skip" = Option<i64>, Query, description = "The number of API Keys to skip when retrieving the list of API keys."),
+    ),
+    responses(
+        (status = 200, description = "List of API Keys retrieved successfully", body = Vec<RetrieveApiKeyResponse>),
+    ),
+    tag = "API Key",
+    operation_id = "List all API Keys associated with a merchant account",
+    security(("admin_api_key" = []))
+)]
+pub async fn api_key_list() {}
+
+#[cfg(feature = "v2")]
+/// API Key - List
+///
+/// List all the API Keys associated to a merchant account.
+#[utoipa::path(
+    get,
+    path = "/v2/api_keys/list",
+    params(
+        ("limit" = Option<i64>, Query, description = "The maximum number of API Keys to include in the response"),
+        ("skip" = Option<i64>, Query, description = "The number of API Keys to skip when retrieving the list of API keys."),
+    ),
+    responses(
+        (status = 200, description = "List of API Keys retrieved successfully", body = Vec<RetrieveApiKeyResponse>),
+    ),
+    tag = "API Key",
+    operation_id = "List all API Keys associated with a merchant account",
+    security(("admin_api_key" = []))
+)]
+pub async fn api_key_list() {}
--- a/crates/router/src/routes/api_keys.rs
+++ b/crates/router/src/routes/api_keys.rs
@ -9,10 +9,6 @@ use crate::{
    types::api as api_types,
 };

-/// API Key - Create
-///
-/// Create a new API Key for accessing our APIs from your servers. The plaintext API Key will be
-/// displayed only once on creation, so ensure you store it securely.
 #[cfg(feature = "v1")]
 #[instrument(skip_all, fields(flow = ?Flow::ApiKeyCreate))]
 pub async fn api_key_create(
@ -78,9 +74,6 @@ pub async fn api_key_create(
    .await
 }

-/// API Key - Retrieve
-///
-/// Retrieve information about the specified API Key.
 #[cfg(feature = "v2")]
 #[instrument(skip_all, fields(flow = ?Flow::ApiKeyRetrieve))]
 pub async fn api_key_retrieve(
@ -117,9 +110,6 @@ pub async fn api_key_retrieve(
 }

 #[cfg(feature = "v1")]
-/// API Key - Retrieve
-///
-/// Retrieve information about the specified API Key.
 #[instrument(skip_all, fields(flow = ?Flow::ApiKeyRetrieve))]
 pub async fn api_key_retrieve(
    state: web::Data<AppState>,
@ -150,9 +140,6 @@ pub async fn api_key_retrieve(
 }

 #[cfg(feature = "v1")]
-/// API Key - Update
-///
-/// Update information for the specified API Key.
 #[instrument(skip_all, fields(flow = ?Flow::ApiKeyUpdate))]
 pub async fn api_key_update(
    state: web::Data<AppState>,
@ -190,26 +177,27 @@ pub async fn api_key_update(
 pub async fn api_key_update(
    state: web::Data<AppState>,
    req: HttpRequest,
-    path: web::Path<(common_utils::id_type::MerchantId, String)>,
+    key_id: web::Path<String>,
    json_payload: web::Json<api_types::UpdateApiKeyRequest>,
 ) -> impl Responder {
    let flow = Flow::ApiKeyUpdate;
-    let (merchant_id, key_id) = path.into_inner();
+    let api_key_id = key_id.into_inner();
    let mut payload = json_payload.into_inner();
-    payload.key_id = key_id;
-    payload.merchant_id.clone_from(&merchant_id);
+    payload.key_id = api_key_id;

    api::server_wrap(
        flow,
        state,
        &req,
        payload,
-        |state, _, payload, _| api_keys::update_api_key(state, payload),
+        |state, authentication_data, mut payload, _| {
+            payload.merchant_id = authentication_data.merchant_account.get_id().to_owned();
+            api_keys::update_api_key(state, payload)
+        },
        auth::auth_type(
-            &auth::AdminApiAuth,
-            &auth::JWTAuthMerchantFromRoute {
-                merchant_id,
-                required_permission: Permission::ApiKeyWrite,
+            &auth::AdminApiAuthWithMerchantIdFromHeader,
+            &auth::JWTAuthMerchantFromHeader {
+                required_permission: Permission::ApiKeyRead,
                minimum_entity_level: EntityType::Merchant,
            },
            req.headers(),
@ -220,10 +208,6 @@ pub async fn api_key_update(
 }

 #[cfg(feature = "v1")]
-/// API Key - Revoke
-///
-/// Revoke the specified API Key. Once revoked, the API Key can no longer be used for
-/// authenticating with our APIs.
 #[instrument(skip_all, fields(flow = ?Flow::ApiKeyRevoke))]
 pub async fn api_key_revoke(
    state: web::Data<AppState>,
@ -283,24 +267,7 @@ pub async fn api_key_revoke(
    .await
 }

-/// API Key - List
-///
-/// List all API Keys associated with your merchant account.
-#[utoipa::path(
-    get,
-    path = "/api_keys/{merchant_id}/list",
-    params(
-        ("merchant_id" = String, Path, description = "The unique identifier for the merchant account"),
-        ("limit" = Option<i64>, Query, description = "The maximum number of API Keys to include in the response"),
-        ("skip" = Option<i64>, Query, description = "The number of API Keys to skip when retrieving the list of API keys."),
-    ),
-    responses(
-        (status = 200, description = "List of API Keys retrieved successfully", body = Vec<RetrieveApiKeyResponse>),
-    ),
-    tag = "API Key",
-    operation_id = "List all API Keys associated with a merchant account",
-    security(("admin_api_key" = []))
-)]
+#[cfg(feature = "v1")]
 #[instrument(skip_all, fields(flow = ?Flow::ApiKeyList))]
 pub async fn api_key_list(
    state: web::Data<AppState>,
@ -335,3 +302,34 @@ pub async fn api_key_list(
    )
    .await
 }
+#[cfg(feature = "v2")]
+#[instrument(skip_all, fields(flow = ?Flow::ApiKeyList))]
+pub async fn api_key_list(
+    state: web::Data<AppState>,
+    req: HttpRequest,
+    query: web::Query<api_types::ListApiKeyConstraints>,
+) -> impl Responder {
+    let flow = Flow::ApiKeyList;
+    let payload = query.into_inner();
+
+    api::server_wrap(
+        flow,
+        state,
+        &req,
+        payload,
+        |state, authentication_data, payload, _| async move {
+            let merchant_id = authentication_data.merchant_account.get_id().to_owned();
+            api_keys::list_api_keys(state, merchant_id, payload.limit, payload.skip).await
+        },
+        auth::auth_type(
+            &auth::AdminApiAuthWithMerchantIdFromHeader,
+            &auth::JWTAuthMerchantFromHeader {
+                required_permission: Permission::ApiKeyRead,
+                minimum_entity_level: EntityType::Merchant,
+            },
+            req.headers(),
+        ),
+        api_locking::LockAction::NotApplicable,
+    )
+    .await
+}