dwindown/dewemoji
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
88218c77988e60bbd18c8b222ca2d2fb065f4b79
dewemoji/api-how-it-works.md
Dwindi Ramadhana 88218c7798 Consolidate docs and finalize APK companion updates
2026-03-16 01:06:41 +07:00

257 lines
4.8 KiB
Markdown
Raw Blame History

# Dewemoji API — Reference and Smoke Test
This is the single API documentation source for the current Laravel rebuild.
## Base URLs
- Local: `http://127.0.0.1:8000/v1`
- Staging: `https://dewemoji.backoffice.biz.id/v1`
Convenience:
```bash
BASE=http://127.0.0.1:8000/v1
# BASE=https://dewemoji.backoffice.biz.id/v1
```
## Auth and request headers
License-style auth (legacy-compatible):
- `Authorization: Bearer YOUR_LICENSE_KEY` (preferred)
- `X-License-Key: YOUR_LICENSE_KEY` (supported)
Optional headers:
- `X-Account-Id`
- `X-Dewemoji-Frontend`
Common response headers:
- `X-Dewemoji-Tier`: `free` or `pro`
- `X-Dewemoji-Plan`: `free` or `pro`
- `ETag`
- `Cache-Control`
- Rate-limit headers on free tier page 1 requests:
- `X-RateLimit-Limit`
- `X-RateLimit-Remaining`
- `X-RateLimit-Reset`
## Endpoint map
Public/search:
- `GET /emojis`
- `GET /emoji/{slug}` or `GET /emoji?slug=...`
- `GET /categories`
- `GET /health`
License and access lifecycle:
- `POST /license/verify`
- `POST /license/activate`
- `POST /license/deactivate`
Extension verification:
- `POST /extension/verify`
- `GET /extension/search`
Metrics/internal:
- `GET /metrics-lite`
- `GET /metrics`
Admin token endpoints (`X-Admin-Token` required):
- `GET /admin/settings`
- `POST /admin/settings`
- `GET /admin/subscriptions`
- `POST /admin/subscription/grant`
- `POST /admin/subscription/revoke`
- `GET /admin/webhooks`
- `GET /admin/webhooks/{id}`
- `POST /admin/webhooks/{id}/replay`
- `GET /admin/analytics`
## Endpoint details
### `GET /emojis`
Query params:
- `q` or `query`
- `category`
- `subcategory`
- `page` (default `1`)
- `limit` (free max `20`, pro max `50`)
Example:
```bash
curl -s "$BASE/emojis?q=love&limit=5" | jq .
```
### `GET /emoji/{slug}` or `GET /emoji?slug=...`
Example:
```bash
curl -s "$BASE/emoji/grinning-face" | jq .
```
Errors:
- `400` `missing_slug`
- `404` `not_found`
### `GET /categories`
Returns `category -> subcategories[]` mapping.
```bash
curl -s "$BASE/categories" | jq .
```
### `POST /license/verify`
```bash
KEY=YOUR_LICENSE_KEY
curl -s -X POST "$BASE/license/verify" \
-H "Authorization: Bearer $KEY" | jq .
```
Success shape (example):
```json
{
"ok": true,
"tier": "pro",
"source": "gumroad|mayar|sandbox|...",
"plan": "pro",
"product_id": "...",
"expires_at": null,
"error": null
}
```
### `POST /license/activate`
```bash
KEY=YOUR_LICENSE_KEY
curl -s -X POST "$BASE/license/activate" \
-H "Authorization: Bearer $KEY" \
-H "Content-Type: application/json" \
-d '{"email":"you@example.com","product":"extension","device_id":"local-dev"}' | jq .
```
Notes:
- `product=site` can omit `device_id`.
### `POST /license/deactivate`
```bash
KEY=YOUR_LICENSE_KEY
curl -s -X POST "$BASE/license/deactivate" \
-H "Authorization: Bearer $KEY" \
-H "Content-Type: application/json" \
-d '{"product":"extension","device_id":"local-dev"}' | jq .
```
### `GET /health`
```bash
curl -s "$BASE/health" | jq .
```
## Public access guard
Public endpoints use whitelist + throttle behavior:
- If request is whitelisted: pass.
- If not whitelisted and `DEWEMOJI_PUBLIC_ENFORCE=true`: `403 public_access_denied`.
- Otherwise: soft throttle with `DEWEMOJI_PUBLIC_HOURLY_LIMIT` and `429 public_rate_limited`.
Key env:
```env
DEWEMOJI_PUBLIC_ENFORCE=true|false
DEWEMOJI_PUBLIC_ORIGINS=https://dewemoji.com,https://www.dewemoji.com
DEWEMOJI_PUBLIC_HOURLY_LIMIT=5000
DEWEMOJI_EXTENSION_IDS=chrome-extension://...
```
Security note:
- `Origin`/`Referer` are not strong security controls. Use edge/WAF/API keys for stronger protection.
## Caching behavior
ETag is supported. `If-None-Match` can return `304 Not Modified`.
```bash
ETAG=$(curl -i "$BASE/emojis?q=love&limit=5" | awk -F': ' '/^ETag:/ {print $2}' | tr -d '\r')
curl -i -H "If-None-Match: $ETAG" "$BASE/emojis?q=love&limit=5" | head -n 1
```
## Smoke test checklist
### Health
```bash
curl -s "$BASE/health" | jq .
```
Expected: `{ "ok": true, ... }`
### Categories
```bash
curl -s "$BASE/categories" | jq 'keys | length'
```
Expected: count > 0.
### Search
```bash
curl -s "$BASE/emojis?q=love&limit=5" | jq '.items | length'
```
Expected: count > 0.
### Detail
```bash
curl -s "$BASE/emoji/grinning-face" | jq '.slug,.name'
```
### Free-tier rate-limit headers
```bash
curl -i "$BASE/emojis?limit=1&page=1" | grep -E "HTTP|X-RateLimit"
```
### Verify / activate / deactivate
Use the commands in endpoint details above.
### Error response check
```bash
curl -s "$BASE/emoji/this-does-not-exist" | jq .
```
Expected `error: not_found`.
## Legacy compatibility notes
Kept for extension/backward compatibility:
- accepts both `q` and `query`
- supports `Authorization` and `X-License-Key`
- includes `X-Dewemoji-Tier`
Legacy contract references (`/api/*` in old stack) were consolidated here. No separate legacy API spec file is needed now.
Reference in New Issue View Git Blame Copy Permalink