API Endpoints

Vue d'ensemble de tous les endpoints API exposes par Place API, organises par module et domaine fonctionnel.

API Endpoints

Place API expose ses endpoints via des Minimal APIs ASP.NET Core. Tous les endpoints suivent le pattern de route :

/api/v{version}/{module}/{resource}

Le prefixe de base est defini dans EndpointConfig.BaseApiPath (typiquement /api/v1).

Documentation interactive

L'API est documentee et testable via deux interfaces :

Swagger UI : /swagger
Scalar : /scalar/v1

En mode developpement, un endpoint de debug est egalement disponible :

Debug endpoints : GET /debug/endpoints -- liste toutes les routes enregistrees

Vue d'ensemble des endpoints

Module Identity -- Authentication

Methode	Route	Nom	Auth requise
POST	`/api/v1/identity/auth/login`	Login	Non
POST	`/api/v1/identity/auth/register`	Register	Non
POST	`/api/v1/identity/auth/refresh`	RefreshToken	Non
POST	`/api/v1/identity/auth/logout`	Logout	Oui
POST	`/api/v1/identity/auth/confirm-email`	ConfirmEmail	Non
POST	`/api/v1/identity/auth/resend-confirmation`	ResendConfirmation	Non
POST	`/api/v1/identity/auth/social`	SocialLogin	Non
POST	`/api/v1/identity/auth/change-password`	ChangePassword	Oui

Module Identity -- Password Recovery

Methode	Route	Nom	Auth requise
POST	`/api/v1/identity/auth/forgot-password`	ForgotPassword	Non
POST	`/api/v1/identity/auth/otp/verify`	VerifyOtp	Non
POST	`/api/v1/identity/auth/otp/resend`	ResendOtp	Non
POST	`/api/v1/identity/auth/reset-password`	ResetPassword	Non

Module Identity -- Two-Factor Authentication

Methode	Route	Nom	Auth requise
POST	`/api/v1/identity/auth/login/2fa`	Login2FaCommand	Non
POST	`/api/v1/identity/auth/2fa/totp/setup`	TotpSetupCommand	Oui
POST	`/api/v1/identity/auth/2fa/totp/verify`	TotpVerifyCommand	Oui
POST	`/api/v1/identity/auth/2fa/totp/disable`	TotpDisableCommand	Oui
POST	`/api/v1/identity/auth/2fa/recovery-codes/regenerate`	RegenerateRecoveryCodesCommand	Oui

Module Identity -- Sessions

Methode	Route	Nom	Auth requise
GET	`/api/v1/identity/auth/sessions`	GetMySessions	Oui
DELETE	`/api/v1/identity/auth/sessions/{sessionId}`	RevokeSession	Oui
DELETE	`/api/v1/identity/auth/sessions`	RevokeAllOtherSessions	Oui

Module Identity -- Push Tokens

Methode	Route	Nom	Auth requise
POST	`/api/v1/identity/users/me/push-tokens`	RegisterPushTokenCommand	Oui
DELETE	`/api/v1/identity/users/me/push-tokens`	UnregisterPushTokenCommand	Oui

Module Identity -- Linked Accounts

Methode	Route	Nom	Auth requise
GET	`/api/v1/identity/users/me/linked-accounts`	GetLinkedAccounts	Oui
POST	`/api/v1/identity/users/me/linked-accounts`	LinkAccount	Oui
DELETE	`/api/v1/identity/users/me/linked-accounts/{provider}`	UnlinkAccount	Oui

Module Identity -- Security Settings

Methode	Route	Nom	Auth requise
GET	`/api/v1/identity/users/me/security`	GetSecuritySettingsQuery	Oui
PATCH	`/api/v1/identity/users/me/security`	UpdateSecuritySettingsCommand	Oui

Module Identity -- JWKS

Methode	Route	Nom	Auth requise
GET	`/.well-known/jwks.json`	GetJwks	Non

Module Identity -- Admin (Users)

Methode	Route	Nom	Permission requise
POST	`/api/v1/identity/admin/users/{userId}/activate`	ActivateUser	`users.activate`
POST	`/api/v1/identity/admin/users/{userId}/deactivate`	DeactivateUser	`users.deactivate`

Module Identity -- Admin (Sessions)

Methode	Route	Nom	Permission requise
GET	`/api/v1/identity/admin/users/{userId}/sessions`	AdminGetUserSessions	`sessions.view_any`
DELETE	`/api/v1/identity/admin/sessions/{sessionId}`	AdminRevokeSession	`sessions.revoke_any`
DELETE	`/api/v1/identity/admin/users/{userId}/sessions`	AdminRevokeAllUserSessions	`sessions.revoke_any`

Module Audit -- Admin

Methode	Route	Nom	Auth requise
GET	`/api/v1/audit/admin/logs`	GetAuditLogs	Role Admin
GET	`/api/v1/audit/admin/logs/{id}`	GetAuditLogById	Role Admin
GET	`/api/v1/audit/admin/logs/summary`	GetAuditSummary	Role Admin
GET	`/api/v1/audit/admin/logs/correlation/{correlationId}`	GetAuditLogsByCorrelation	Role Admin
GET	`/api/v1/audit/admin/logs/trace/{traceId}`	GetAuditLogsByTrace	Role Admin
GET	`/api/v1/audit/admin/logs/exceptions`	GetExceptionAuditLogs	Role Admin
GET	`/api/v1/audit/admin/logs/security`	GetSecurityAuditLogs	Role Admin

SignalR Hubs

Hub	Route	Auth requise	Description
`AuditHub`	`/hubs/audit`	Oui (Admin)	Notifications temps reel des logs audit

Rate Limiting

Chaque groupe d'endpoints est soumis a des politiques de rate limiting configurables via appsettings.json :

Politique	Limite	Fenetre	Endpoints concernes
Registration	5/min	60s	Register
Auth	10/min	60s	Login, Refresh, ForgotPassword, etc.
SessionsRead	30/min	60s	GetMySessions
SessionsRevoke	10/min	60s	RevokeSession, RevokeAllOtherSessions
AdminSessions	50/min	60s	Admin session endpoints
TwoFactor	5/5min	300s	2FA endpoints
Global	100/min	60s	Tous les endpoints

Versioning

L'API utilise Asp.Versioning avec des version sets par module. La version actuelle est 1.0. Les endpoints du module Audit utilisent un ApiVersionSet nomme "Audit".