feat(#758): add third-party course provider integration API#958
Open
jerrymusaga wants to merge 1 commit into
Open
feat(#758): add third-party course provider integration API#958jerrymusaga wants to merge 1 commit into
jerrymusaga wants to merge 1 commit into
Conversation
Implements the full V3 provider integration surface: - Migration 021: provider_api_keys, provider_completions, provider_webhooks, provider_webhook_deliveries tables; adds provider_key_id + external_url columns to courses - API key management (admin-only): POST/GET/PATCH/DELETE /api/admin/provider-keys — SHA-256-hashed keys with per-key scopes and configurable rate limits - Provider REST API under /api/provider/: - POST /provider/courses — submit a course (draft) - GET /provider/courses — list own courses - POST /provider/completions — report learner completion - GET /provider/completions — list completions - GET /provider/lrn-balances/:addr — read LRN balance - POST /provider/webhooks — register webhook endpoint - GET /provider/webhooks — list webhooks - DELETE /provider/webhooks/:id — remove webhook - GET /provider/webhooks/:id/deliveries — delivery history - Webhook delivery service: async fire-and-forget HTTP POST with HMAC-SHA256 payload signing, 10s timeout, failure tracking - Separate provider rate limiter (300 req/min blanket, keyed on X-Provider-API-Key header) independent of user traffic - @learnvault/provider-sdk npm package (packages/): zero-dependency TypeScript SDK with LearnVaultProviderClient class and verifyWebhookSignature helper; CJS + ESM + .d.ts outputs - docs/api/provider-integration.md: full developer portal documentation covering auth, scopes, all endpoints, webhook event shapes, signature verification, SDK quick-start, admin key management, and error reference
|
@jerrymusaga Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes #758.
Implements the full V3 third-party course provider integration API across all six checklist items:
POST/GET /api/provider/courses,POST/GET /api/provider/completions,GET /api/provider/lrn-balances/:addressPOST/GET/PATCH/DELETE /api/admin/provider-keys; keys areSHA-256-hashed at rest, scoped, and carry per-key rate limitsPOST/GET/DELETE /api/provider/webhooks, delivery log atGET /api/provider/webhooks/:id/deliveries; async fire-and-forget HTTP POST with HMAC-SHA256 payload signing and 10 s timeoutproviderRateLimiter(300 req/min blanket) keyed onX-Provider-API-Key, fully independent of the user-facingglobalLimiterpackages/learnvault-provider-sdk(@learnvault/provider-sdk): zero-dependency TypeScript client with CJS + ESM +.d.tsoutputs and averifyWebhookSignaturehelperdocs/api/provider-integration.md: developer portal covering auth, scopes, all endpoints, webhook event shapes, signature verification recipe, SDK quick-start, and admin key managementNew files
server/src/db/migrations/021_provider_api.sqlprovider_api_keys,provider_completions,provider_webhooks,provider_webhook_deliveries; columns oncoursesserver/src/services/provider-keys.service.tsserver/src/middleware/provider-auth.middleware.tsrequireProviderAuth,requireProviderScope,providerRateLimiterserver/src/controllers/provider.controller.tsserver/src/controllers/provider-webhooks.controller.tsserver/src/services/webhook-delivery.service.tsserver/src/controllers/admin-provider-keys.controller.tsserver/src/routes/provider.routes.ts/api/provider/*route definitionsserver/src/routes/admin-provider-keys.routes.ts/api/admin/provider-keysroute definitionspackages/learnvault-provider-sdk/@learnvault/provider-sdknpm packagedocs/api/provider-integration.mdTest plan
npm run migrate— migration 021 should apply cleanlyPOST /api/admin/provider-keys(admin JWT required) and verify the response includes theapi_keyfield exactly oncePOST /api/provider/courses— confirm401without key,403withoutcourses:writescope,201with correct scope409201; report the same again and verify409GET /api/provider/lrn-balances/:addresswith a wallet that has indexed events — verify balance mathhttps://webhook.site), trigger a completion, and confirm delivery inGET /api/provider/webhooks/:id/deliveriesX-LearnVault-Signatureheader can be validated withverifyWebhookSignaturefrom the SDK401X-RateLimit-*headers appear on provider endpoint responses