Update deposit-service OpenAPI spec#109
Conversation
greg-rhinestone
left a comment
greg-rhinestone
left a comment
There was a problem hiding this comment.
🤖 Greg · ✅ LGTM
Regenerates the deposit-service spec from rhinestonewtf/deposit-service-processor@690e44e, adding deposits-scope 403 responses across the affected account/deposit endpoints. This matches the upstream key-scope enforcement surface.
Risk: Low — generated spec-only change documenting additive auth errors
Destiner
force-pushed
the
update/deposit-processor
branch
from
019bee9 to
a7cbe81
Compare
Destiner
force-pushed
the
update/deposit-processor
branch
from
a7cbe81 to
410e99f
Compare
greg-rhinestone
left a comment
greg-rhinestone
left a comment
There was a problem hiding this comment.
🤖 Greg · 🔄 Re-review · ✅ LGTM
No effective deposit-service.json change since the last Greg review; the current generated spec still contains the already-reviewed deposits-scope 403 response coverage.
Destiner
force-pushed
the
update/deposit-processor
branch
from
410e99f to
6337692
Compare
greg-rhinestone
left a comment
greg-rhinestone
left a comment
There was a problem hiding this comment.
🤖 Greg · 🔄 Re-review · ✅ LGTM
Generated deposit-service spec now includes the deposits-scope 403 response on the remaining account, deposit, withdrawal, and webhook endpoints from rhinestonewtf/deposit-service-processor@6f83c1a. No new compatibility issue surfaced.
Destiner
force-pushed
the
update/deposit-processor
branch
2 times, most recently
from
a2189ba to
10c746c
Compare
Destiner
force-pushed
the
update/deposit-processor
branch
from
10c746c to
b4ebe5b
Compare
Destiner
force-pushed
the
update/deposit-processor
branch
from
b4ebe5b to
982bb6a
Compare
Destiner
force-pushed
the
update/deposit-processor
branch
from
982bb6a to
7ceb49a
Compare
Destiner
force-pushed
the
update/deposit-processor
branch
from
7ceb49a to
52f2437
Compare
Destiner
force-pushed
the
update/deposit-processor
branch
from
52f2437 to
eb023e0
Compare
Destiner
force-pushed
the
update/deposit-processor
branch
from
eb023e0 to
1d0c02d
Compare
Destiner
force-pushed
the
update/deposit-processor
branch
from
1d0c02d to
890f698
Compare
Destiner
force-pushed
the
update/deposit-processor
branch
from
890f698 to
6e30abc
Compare
Destiner
force-pushed
the
update/deposit-processor
branch
from
6e30abc to
13dbc20
Compare
Destiner
force-pushed
the
update/deposit-processor
branch
2 times, most recently
from
cac1b52 to
56d0829
Compare
![rhinestone-kevin[bot]](https://avatars.githubusercontent.com/u/127950714?s=60&v=4){kind=small}
| "description": "API key for authentication", | ||
| "example": "your-api-key" | ||
| }, | ||
| "required": true, |
There was a problem hiding this comment.
question — /deposits now accepts either Authorization or x-api-key and returns ids specifically for this endpoint, but this new endpoint only documents a required x-api-key. Platform-token callers can list deposits but have no documented way to fetch the quoted candidates, so either the endpoint needs the same auth alternative or the asymmetry needs to be intentional.
Destiner
force-pushed
the
update/deposit-processor
branch
3 times, most recently
from
1370db9 to
79bf612
Compare
| "description": "API key for authentication", | ||
| "example": "your-api-key" | ||
| }, | ||
| "required": true, |
There was a problem hiding this comment.
question — Previously raised but still unresolved: /deposits and /deposits/stats now document Authorization as an alternative to x-api-key, while /deposits/{id}/quotes still requires x-api-key only. Platform-token callers can list deposits and stats but have no documented way to fetch quote candidates for those deposits, so either this endpoint needs the same auth alternative or the asymmetry needs to be explicit.
| "description": "API key for authentication", | ||
| "example": "your-api-key" | ||
| }, | ||
| "required": true, |
There was a problem hiding this comment.
question — Previously raised but still unresolved: /deposits and /deposits/stats now document Authorization as an alternative to x-api-key, while /deposits/{id}/quotes still requires x-api-key only. Platform-token callers can list deposits and stats but have no documented way to fetch quote candidates for those deposits, so either this endpoint needs the same auth alternative or the asymmetry needs to be explicit.
| "description": "API key for authentication", | ||
| "example": "your-api-key" | ||
| }, | ||
| "required": true, |
There was a problem hiding this comment.
question — Previously raised but still unresolved: /deposits and /deposits/stats now document Authorization as an alternative to x-api-key, while /deposits/{id}/quotes still requires x-api-key only. Platform-token callers can list deposits and stats but have no documented way to fetch quote candidates for those deposits, so either this endpoint needs the same auth alternative or the asymmetry needs to be explicit.
Destiner
force-pushed
the
update/deposit-processor
branch
from
79bf612 to
18d5062
Compare
| "description": "API key for authentication", | ||
| "example": "your-api-key" | ||
| }, | ||
| "required": true, |
There was a problem hiding this comment.
question — Previously raised but still unresolved: /deposits and /deposits/stats now document Authorization as an alternative to x-api-key, while /deposits/{id}/quotes still requires x-api-key only. Platform-token callers can list deposits and stats but have no documented way to fetch quote candidates for those deposits, so either this endpoint needs the same auth alternative or the asymmetry needs to be explicit.
Destiner
force-pushed
the
update/deposit-processor
branch
from
18d5062 to
380a3c9
Compare
Destiner
force-pushed
the
update/deposit-processor
branch
from
380a3c9 to
5dc7a29
Compare
| "description": "API key for authentication", | ||
| "example": "your-api-key" | ||
| }, | ||
| "required": true, |
There was a problem hiding this comment.
question — Previously raised and still present: /deposits and /deposits/stats document Authorization as an alternative to x-api-key, while /deposits/{id}/quotes still requires x-api-key only. Platform-token callers can list deposits and stats but have no documented way to fetch quote candidates for those deposits, so either this endpoint needs the same auth alternative or the asymmetry needs to be explicit.
…t-service-processor@b0a2bc4380713657a3240e6f63d9e687396540b0
Destiner
force-pushed
the
update/deposit-processor
branch
from
5dc7a29 to
8fc8cd0
Compare
| "description": "API key for authentication", | ||
| "example": "your-api-key" | ||
| }, | ||
| "required": true, |
There was a problem hiding this comment.
question — Previously raised and still present: /deposits and /deposits/stats document Authorization as an alternative to x-api-key, while /deposits/{id}/quotes still requires x-api-key only. Platform-token callers can list deposits and stats but have no documented way to fetch quote candidates for those deposits, so either this endpoint needs the same auth alternative or the asymmetry needs to be explicit.
2 participants
This PR updates the OpenAPI spec generated from rhinestonewtf/deposit-service-processor@b0a2bc4380713657a3240e6f63d9e687396540b0.