#design #dev #branding

API

KBVE API - Central API for KBVE Projects.

by Anon
3 min read

Information

  • Official documentation will be provided for the API, we are currently going to base the API off of Strapi / Appwrite.

  • This documentation will hold all the general reference points for the multi-tenet API, however we would need to expand upon the reference material and try to make it easier to onboard new developers.

Authentication

Imagine an exclusive movie premiere where only the A-listers get the golden ticket. In our digital eco-system, APIs host such premieres, and authentication is that golden ticket, a secret handshake ensuring only the worthy gain access. By presenting the right credentials, software parts whisper to each other in trusted tones, creating a blockbuster performance behind the scenes.

Auth

  • Auth Journal

    • For the core of the API, we will use JWT as the key in between the $User and $API.

  • React JSX

    • The first mod will be the core auth system between the client $User and server $API, which includes the register and login. While we build it out, we will include generic defensive components into the foundation, then re-visit and apply external security, such as limits and firewalls (some may operate outside of the API).
      • Cookie Storage (of the JWT)
        • Cookie - token - will store the client $User JWT.
        • Cookie - user - will store the client $User data.
        • Library: react-cookie will be used to help maintain the cookies.

  • For the Appwrite JWT, we will be holding it inside of a session store from Nanostores, at least as of right now.

API Keys

API keys serve as unique identifiers, allowing our application to communicate seamlessly with our servers. Rather than asking for a user’s password— which can pose security risks— these keys authenticate requests by proving that the application making the request is authorized. Think of them as special passwords generated specifically for the software, ensuring secure data exchange while keeping user credentials confidential. By utilizing API keys, we prioritize both the user’s privacy and the integrity of our platform.

v0

The current method of storage has a couple risks that we need to migrate, including the way the data is being encrypted within the storage of the database.

API Install

APIs are the connectors of the digital realm, enabling diverse applications to converse seamlessly. Though pivotal, their installation can often seem daunting to many, thus in this guide we'll demystify the process, ensuring you can integrate an API with confidence.

API Install Introduction

In the dynamic world of software, where even a moment’s downtime can make or break user trust, managing the API installation process is paramount. P resently, our journey starts at Proxmox, winds through qEMU, and culminates in Docker Swarm. From there, Portainer takes the baton to deploy the image. While most of our front-end instances proudly wear the labels of applications or static pages, there are those intriguing outliers - the edge cases where we might stumble upon SSR or hybrid applications. Let’s dive deeper into this fascinating setup.

The current API installation process needs to be migrated but it currently sits as this:

  • Proxmox -> qEMU -> Docker Swarm
  • Portainer -> Deploy Image

With all front-end instances being either applications or static pages. There might be a couple edge cases where we have SSR or hybrids applications.

v1

For v1, we would like you to look into the Appwrite documentation

v0

The following information below is for installing the older API, which was just a MariaDB cluster with Strapi.

  • To help scale the API backend, we are also currently developing the backend cluster of both the API and the database that stores the information (MariaDB).
    • Current Docker Compose for ve2
      This is the current docker compose for a ve2 that runs our API.

Locker

Client-side storage allows web applications to store data directly in a user's browser, offering speed and offline accessibility. However, to ensure data integrity and security, locking mechanisms can be implemented, restricting unwanted or concurrent modifications. Think of it as a personal vault in your browser, where the combination is known only to trusted sources

Locker Information

The locker will serve as a client-side storage for variables and data points that we do not need to hit the main server for!

The current locker that we are using as of August 12th, 2023 is below, but if we need to extend it out further, we shall.

Locker Modal


export type kbveLocker = {
	username: string,
	phone: string,
	last: string,
	uuid: string,
	avatar: string,
	github: string,
	instagram: string,
	email: string,
	theme: "dark" | "light" | "auto",

};

Locker Storage

For the management of the locker storage on the client-side, we will be using nanostores!. There is an option to extend AES encryption ontop of the stored values but that will be something that we can implement in the start of the next year.

Uptime

Uptime is the heartbeat of any API, indicating its reliability and performance in real-time. Ensuring consistent availability is crucial, as even minor downtimes can impact user experience and trust. Diving deep into the world of API uptime, this documentation equips you with the tools to vigilantly monitor and enhance your service's responsiveness.

Uptime Notes

  • API Uptime Badge

The current uptime badge is handled by ChecklyHQ, however we could build out our own uptime management software down the line. This would be an interesting test case for the NodePy, having it automatically do test cases every hour. I will make an issue ticket when I feel like it would be time to set this up.

Goal

In the vast cosmos of software, APIs are the Jedi Masters, bridging the divide between different software galaxies. Like the Force in Star Wars, they bind and intertwine disparate systems, ensuring harmony in the digital universe. By sculpting robust and intuitive APIs, we're not just coding; we're forging lightsabers for the next generation of developers, ensuring the saga continues seamlessly.

The API is an unique construct that extends outside of the normal universe, the net that holds the sky.

REF

API documentation stands as a beacon, guiding lost sailors through the vast digital sea. References and footnotes are the unsung heroes of this narrative, adding depth, clarity, and precision to the story. They not only ensure the accuracy of information but weave a tapestry of interconnected knowledge, allowing readers to delve deeper with a mere click. Dive in, and let these footnotes light your path through the labyrinthine world of APIs.

References

We are currently manually referencing the project’s via an ID system. I am not looking to spend too much time automating the ID system for the projects, as I want to keep some level of control on how we handle them.