- Add <thead>/<th> to rate limiting and error codes tables in doc.html.twig
- Ignore SonarQube css:S4662 rule on SCSS files (Tailwind v4 @source)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Insomnia export (/api/doc/insomnia.json):
- Generates Insomnia v4 export format with all API routes
- Workspace with environment variables (base_url, env, email, password, jwt_token)
- Folders per section (Auth, Events, Categories, Billets, Scanner)
- Each request with correct method, URL with Insomnia template vars, headers, body
- Auth routes use base_url directly, others use base_url/api/{env}/...
- Download button (indigo) next to Spec JSON button
Dynamic hostname:
- Insomnia export uses request.getSchemeAndHttpHost() (not hardcoded)
- Template passes host via data-host attribute
- JS env switcher reads host from data-host or falls back to location.origin
- Base URLs update dynamically when switching sandbox/live
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Remove POST /api/scan/verify (redundant with /api/scan)
- POST /api/scan now returns state: "accepted" or "refused" with reason
- Refused reasons: already_scanned, invalid, expired, exit_definitive, wrong_event
- Accepted response includes details object (for future additional data)
- Template: render extra section (refusal reasons table in red)
- Only 2 POST routes remain: /api/auth/login + /api/scan (all others are GET)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Security:
- Move env switcher logic to assets/modules/api-env-switcher.js (no inline script)
- Register in app.js via initApiEnvSwitcher()
- Compliant with CSP script-src (no unsafe-inline needed for this page)
API doc:
- Add CSP policy section showing all authorized origins per directive
- Table: script-src, connect-src, style-src, img-src, font-src, frame-src, form-action, object-src, worker-src
- Note: inline scripts not allowed, must use nonce or external file
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Toggle switch (Sandbox orange / Live green) in header section
- Switches update in real-time: base URL, description, all endpoint path prefixes
- Sandbox: /api/sandbox (orange), Live: /api/live (green)
- Auth endpoints (/api/auth/*) are not affected by the toggle
- No page reload needed, pure JS DOM updates
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
API doc:
- Add sandbox (/api/sandbox) and live (/api/live) environments with badges
- Auth (/api/auth/login) is shared between environments
- Endpoint paths show both prefixes: /api/sandbox|/api/live/...
- Auth endpoints show path without prefix
TASK_CHECKUP:
- Replace API key auth with JWT auth (ETicket-Email + ETicket-JWT headers)
- All routes use {env} prefix (sandbox/live)
- /mon-compte API tab redirects to /api/doc
- Sandbox: read-only mode (POST/PATCH/DELETE return result without DB modification)
- Mark documentation tasks as done
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
