From 23e59ab459c77ec1db9ea41de9303b5b129f8a63 Mon Sep 17 00:00:00 2001 From: Ivo Oskamp Date: Tue, 10 Feb 2026 15:44:24 +0100 Subject: [PATCH] Update Cove TODO: Add comprehensive Postman testing instructions Replaced curl examples with detailed Postman testing guide: - Step-by-step Postman setup instructions - Two authentication methods to test (Bearer Token vs X-API-Key) - Multiple base URLs to try (api.backup.management, backup.management) - Expected response codes and what they mean (200, 401, 403, 404) - Endpoint discovery list (accounts, customers, devices, jobs) - Tips for finding API documentation Added Postman best practices: - Create Cove API collection - Use environment variables (cove_token, cove_base_url) - Save response examples - Check rate limit headers - Export collection to JSON Added structured template for documenting test results: - Working configuration (base URL, auth method) - Available endpoints table - Key response fields mapping to Backupchecks - Pagination and rate limiting details - Location to save Postman collection export Ready for immediate API testing with Postman! Co-Authored-By: Claude Sonnet 4.5 --- TODO-cove-data-protection.md | 174 +++++++++++++++++++++++++++++------ 1 file changed, 144 insertions(+), 30 deletions(-) diff --git a/TODO-cove-data-protection.md b/TODO-cove-data-protection.md index ddcdf15..27b4efa 100644 --- a/TODO-cove-data-protection.md +++ b/TODO-cove-data-protection.md @@ -276,47 +276,161 @@ Other backup systems that use APIs: - Search Cove knowledge base for "API documentation" - Try common API base URLs with `/docs` or `/swagger` endpoints -**2. Quick API Test** (can be done now with token!) -Try these curl commands to test authentication: +**2. Quick API Test with Postman** (can be done now with token!) -```bash -# Replace YOUR_TOKEN with actual token from https://backup.management/#/api-users -# Try different authentication methods and endpoints: +### Postman Setup Instructions -# Test 1: Bearer token + accounts endpoint -curl -v -H "Authorization: Bearer YOUR_TOKEN" \ - https://api.backup.management/api/accounts +**Step 1: Create New Request** +1. Open Postman +2. Click "New" → "HTTP Request" +3. Name it "Cove API - Test Authentication" -# Test 2: API Key header -curl -v -H "X-API-Key: YOUR_TOKEN" \ - https://api.backup.management/api/accounts +**Step 2: Configure Request** +- **Method:** GET +- **URL:** Try these in order: + 1. `https://api.backup.management/api/accounts` + 2. `https://backup.management/api/accounts` + 3. `https://api.backup.management/api/customers` -# Test 3: Alternative base URL -curl -v -H "Authorization: Bearer YOUR_TOKEN" \ - https://backup.management/api/accounts +**Step 3: Add Authentication (try both methods)** -# Test 4: Check for API documentation -curl https://api.backup.management/swagger -curl https://api.backup.management/docs -curl https://backup.management/api/docs +**Option A: Bearer Token** +- Go to "Authorization" tab +- Type: "Bearer Token" +- Token: `YOUR_TOKEN` (paste token from backup.management) -# Test 5: Try common endpoints -curl -v -H "Authorization: Bearer YOUR_TOKEN" \ - https://api.backup.management/api/customers +**Option B: API Key in Header** +- Go to "Headers" tab +- Add header: + - Key: `X-API-Key` + - Value: `YOUR_TOKEN` -curl -v -H "Authorization: Bearer YOUR_TOKEN" \ - https://api.backup.management/api/devices +**Step 4: Send Request and Analyze Response** -# Note: Use -v flag to see full HTTP response including headers -# Look for authentication errors vs 404 errors to determine correct URL/auth +**Expected Results:** +- ✅ **200 OK** → Success! API works, save this configuration + - Copy the JSON response → we'll analyze structure + - Note which URL and auth method worked + - Check for pagination info in response + +- ❌ **401 Unauthorized** → Wrong auth method + - Try other authentication option (Bearer vs X-API-Key) + - Check if token was copied correctly + +- ❌ **404 Not Found** → Wrong endpoint URL + - Try alternative base URL (api.backup.management vs backup.management) + - Try different endpoint (/api/customers, /api/devices) + +- ❌ **403 Forbidden** → Token works but insufficient permissions + - Verify API user has SuperUser role + - Check customer scope selection + +**Step 5: Discover Available Endpoints** + +Once authentication works, try these endpoints: +``` +GET /api/accounts +GET /api/customers +GET /api/devices +GET /api/jobs +GET /api/statistics +GET /api/sessions ``` +For each successful endpoint, save: +- The request in Postman collection +- Example response in TODO or separate file +- Note any query parameters (page, limit, filter, etc.) + +**Step 6: Look for API Documentation** + +Try these URLs in browser or Postman: +- `https://api.backup.management/swagger` +- `https://api.backup.management/docs` +- `https://api.backup.management/api-docs` +- `https://backup.management/api/documentation` + +**Step 7: Document Findings** + +After successful testing, document in this TODO: +- ✅ Working API base URL +- ✅ Correct authentication method (Bearer vs header) +- ✅ List of available endpoints discovered +- ✅ JSON response structure examples +- ✅ Any pagination/filtering patterns +- ✅ Rate limits (check response headers: X-RateLimit-*) + +### Postman Tips for This Project + +**Save Everything:** +- Create a "Cove API" collection in Postman +- Save all working requests +- Export collection to JSON for documentation + +**Use Variables:** +- Create Postman environment "Cove Production" +- Add variable: `cove_token` = your token +- Add variable: `cove_base_url` = working base URL +- Use `{{cove_token}}` and `{{cove_base_url}}` in requests + +**Check Response Headers:** +- Look for `X-RateLimit-Limit` (API call limits) +- Look for `X-RateLimit-Remaining` (calls left) +- Look for `Link` header (pagination) + +**Save Response Examples:** +- For each endpoint, save example response +- Use Postman's "Save Response" feature +- Or copy JSON to separate file for reference + **3. Document Findings** -After successful API call, document in this file: -- Working API base URL -- Correct authentication header format -- Available endpoints discovered -- Example response format + +**After successful Postman testing, update this TODO with:** + +```markdown +## ✅ API Testing Results (Add after testing) + +### Working Configuration +- **Base URL:** [fill in] +- **Authentication:** Bearer Token / X-API-Key header (circle one) +- **Token Location:** Authorization header / X-API-Key header (circle one) + +### Available Endpoints Discovered +| Endpoint | Method | Purpose | Response Fields | +|----------|--------|---------|-----------------| +| /api/accounts | GET | List accounts | [list key fields] | +| /api/customers | GET | List customers | [list key fields] | +| /api/devices | GET | List backup devices | [list key fields] | +| /api/jobs | GET | List backup jobs | [list key fields] | + +### Key Response Fields for Backupchecks Integration +From backup job/session endpoint: +- Job ID: `[field name]` +- Job Name: `[field name]` +- Status: `[field name]` (values: success/warning/failed) +- Start Time: `[field name]` +- End Time: `[field name]` +- Customer/Device: `[field name]` +- Error Messages: `[field name]` +- Backup Objects: `[field name or nested path]` + +### Pagination +- Method: [Link headers / page parameter / cursor / none] +- Page size: [default and max] +- Total count: [available in response?] + +### Rate Limiting +- Limit: [X requests per Y time] +- Headers: [X-RateLimit-* header names] + +### API Documentation URL +- [URL if found, or "Not found" if unavailable] +``` + +**Save Postman Collection:** +- Export collection as JSON +- Save to: `/docker/develop/backupchecks/docs/cove-api-postman-collection.json` +- Or share Postman workspace link in this TODO **4. Create POC Script** Once API works, create standalone Python test script: