{ "openapi": "3.1.0", "info": { "title": "MDflow Public API", "version": "1.0.0", "description": "HTTP API for reading and writing folders and markdown documents in an MDflow workspace. Authenticate with a Personal Access Token using the Authorization header." }, "servers": [ { "url": "https://mdflow.cz", "description": "Production" }, { "url": "http://localhost:3000", "description": "Local development" } ], "security": [ { "personalAccessToken": [] } ], "paths": { "/api/v1/folders": { "get": { "operationId": "listFolders", "summary": "List folders", "description": "Returns all folders owned by the authenticated user.", "tags": [ "Folders" ], "responses": { "200": { "description": "Folder list.", "headers": { "Cache-Control": { "$ref": "#/components/headers/NoStore" } }, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/Folder" } } } } }, "401": { "$ref": "#/components/responses/Unauthorized" }, "429": { "$ref": "#/components/responses/RateLimited" }, "500": { "$ref": "#/components/responses/ServerError" } } }, "post": { "operationId": "createFolder", "summary": "Create a folder", "description": "Creates a folder owned by the authenticated user. Duplicate sibling names are automatically disambiguated.", "tags": [ "Folders" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateFolderInput" } } } }, "responses": { "201": { "description": "Created folder.", "headers": { "Cache-Control": { "$ref": "#/components/headers/NoStore" } }, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Folder" } } } }, "400": { "$ref": "#/components/responses/BadRequest" }, "401": { "$ref": "#/components/responses/Unauthorized" }, "429": { "$ref": "#/components/responses/RateLimited" }, "500": { "$ref": "#/components/responses/ServerError" } } } }, "/api/v1/folders/{id}/documents": { "get": { "operationId": "listFolderDocuments", "summary": "List documents in a folder", "description": "Returns documents owned by the authenticated user inside the specified folder. A folder owned by another user returns 404.", "tags": [ "Folders", "Documents" ], "parameters": [ { "$ref": "#/components/parameters/FolderId" } ], "responses": { "200": { "description": "Document list.", "headers": { "Cache-Control": { "$ref": "#/components/headers/NoStore" } }, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/DocumentListItem" } } } } }, "401": { "$ref": "#/components/responses/Unauthorized" }, "404": { "$ref": "#/components/responses/FolderNotFound" }, "429": { "$ref": "#/components/responses/RateLimited" }, "500": { "$ref": "#/components/responses/ServerError" } } } }, "/api/v1/folders/{id}/description": { "put": { "operationId": "updateFolderDescription", "summary": "Update folder description", "description": "Replaces the description on a folder owned by the authenticated user.", "tags": [ "Folders" ], "parameters": [ { "$ref": "#/components/parameters/FolderId" } ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpdateFolderDescriptionInput" } } } }, "responses": { "200": { "description": "Updated folder.", "headers": { "Cache-Control": { "$ref": "#/components/headers/NoStore" } }, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Folder" } } } }, "400": { "$ref": "#/components/responses/BadRequest" }, "401": { "$ref": "#/components/responses/Unauthorized" }, "404": { "$ref": "#/components/responses/FolderNotFound" }, "429": { "$ref": "#/components/responses/RateLimited" }, "500": { "$ref": "#/components/responses/ServerError" } } } }, "/api/v1/folders/{id}": { "delete": { "operationId": "deleteFolder", "summary": "Delete a folder", "description": "Deletes a folder owned by the authenticated user. Documents inside the folder are deleted by database cascade.", "tags": [ "Folders" ], "parameters": [ { "$ref": "#/components/parameters/FolderId" } ], "responses": { "204": { "$ref": "#/components/responses/Deleted" }, "400": { "$ref": "#/components/responses/BadRequest" }, "401": { "$ref": "#/components/responses/Unauthorized" }, "404": { "$ref": "#/components/responses/FolderNotFound" }, "429": { "$ref": "#/components/responses/RateLimited" }, "500": { "$ref": "#/components/responses/ServerError" } } } }, "/api/v1/documents": { "get": { "operationId": "listDocuments", "summary": "List documents", "description": "Returns all documents owned by the authenticated user across folders. Document bodies are omitted from this list response.", "tags": [ "Documents" ], "responses": { "200": { "description": "Document list.", "headers": { "Cache-Control": { "$ref": "#/components/headers/NoStore" } }, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/DocumentListItem" } } } } }, "401": { "$ref": "#/components/responses/Unauthorized" }, "429": { "$ref": "#/components/responses/RateLimited" }, "500": { "$ref": "#/components/responses/ServerError" } } }, "post": { "operationId": "createDocument", "summary": "Create a document", "description": "Creates a markdown document inside a folder owned by the authenticated user. Duplicate sibling titles are automatically disambiguated.", "tags": [ "Documents" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateDocumentInput" } } } }, "responses": { "201": { "description": "Created document.", "headers": { "Cache-Control": { "$ref": "#/components/headers/NoStore" } }, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/DocumentListItem" } } } }, "400": { "$ref": "#/components/responses/BadRequest" }, "401": { "$ref": "#/components/responses/Unauthorized" }, "404": { "$ref": "#/components/responses/FolderNotFound" }, "429": { "$ref": "#/components/responses/RateLimited" }, "500": { "$ref": "#/components/responses/ServerError" } } } }, "/api/v1/documents/{id}": { "get": { "operationId": "getDocument", "summary": "Get a document", "description": "Returns one document owned by the authenticated user, including its markdown body. A document owned by another user returns 404.", "tags": [ "Documents" ], "parameters": [ { "$ref": "#/components/parameters/DocumentId" } ], "responses": { "200": { "description": "Document details.", "headers": { "Cache-Control": { "$ref": "#/components/headers/NoStore" } }, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Document" } } } }, "401": { "$ref": "#/components/responses/Unauthorized" }, "404": { "$ref": "#/components/responses/DocumentNotFound" }, "429": { "$ref": "#/components/responses/RateLimited" }, "500": { "$ref": "#/components/responses/ServerError" } } }, "delete": { "operationId": "deleteDocument", "summary": "Delete a document", "description": "Deletes one document owned by the authenticated user.", "tags": [ "Documents" ], "parameters": [ { "$ref": "#/components/parameters/DocumentId" } ], "responses": { "204": { "$ref": "#/components/responses/Deleted" }, "400": { "$ref": "#/components/responses/BadRequest" }, "401": { "$ref": "#/components/responses/Unauthorized" }, "404": { "$ref": "#/components/responses/DocumentNotFound" }, "429": { "$ref": "#/components/responses/RateLimited" }, "500": { "$ref": "#/components/responses/ServerError" } } } }, "/api/v1/documents/{id}/body": { "put": { "operationId": "updateDocumentBody", "summary": "Overwrite document body", "description": "Replaces the markdown body of one document owned by the authenticated user while preserving metadata.", "tags": [ "Documents" ], "parameters": [ { "$ref": "#/components/parameters/DocumentId" } ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpdateDocumentBodyInput" } } } }, "responses": { "200": { "description": "Updated document.", "headers": { "Cache-Control": { "$ref": "#/components/headers/NoStore" } }, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Document" } } } }, "400": { "$ref": "#/components/responses/BadRequest" }, "401": { "$ref": "#/components/responses/Unauthorized" }, "404": { "$ref": "#/components/responses/DocumentNotFound" }, "429": { "$ref": "#/components/responses/RateLimited" }, "500": { "$ref": "#/components/responses/ServerError" } } } }, "/api/v1/documents/{id}/folder": { "put": { "operationId": "moveDocument", "summary": "Move a document", "description": "Moves one document to another folder owned by the authenticated user. Duplicate target-folder titles are automatically disambiguated.", "tags": [ "Documents" ], "parameters": [ { "$ref": "#/components/parameters/DocumentId" } ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/MoveDocumentInput" } } } }, "responses": { "200": { "description": "Moved document.", "headers": { "Cache-Control": { "$ref": "#/components/headers/NoStore" } }, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/DocumentListItem" } } } }, "400": { "$ref": "#/components/responses/BadRequest" }, "401": { "$ref": "#/components/responses/Unauthorized" }, "404": { "$ref": "#/components/responses/DocumentNotFound" }, "429": { "$ref": "#/components/responses/RateLimited" }, "500": { "$ref": "#/components/responses/ServerError" } } } }, "/api/v1/documents/{id}/sharing": { "put": { "operationId": "updateDocumentSharing", "summary": "Update document sharing", "description": "Sets public sharing and commenting options for one document owned by the authenticated user. Share slugs are generated server-side.", "tags": [ "Documents" ], "parameters": [ { "$ref": "#/components/parameters/DocumentId" } ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpdateSharingInput" } } } }, "responses": { "200": { "description": "Updated sharing state.", "headers": { "Cache-Control": { "$ref": "#/components/headers/NoStore" } }, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SharingState" } } } }, "400": { "$ref": "#/components/responses/BadRequest" }, "401": { "$ref": "#/components/responses/Unauthorized" }, "404": { "$ref": "#/components/responses/DocumentNotFound" }, "429": { "$ref": "#/components/responses/RateLimited" }, "500": { "$ref": "#/components/responses/ServerError" } } } }, "/api/v1/documents/{id}/shares": { "get": { "operationId": "listDocumentShares", "summary": "List private shares", "description": "Returns the people a document owned by the authenticated user is privately shared with. Revoked shares are omitted.", "tags": [ "Documents" ], "parameters": [ { "$ref": "#/components/parameters/DocumentId" } ], "responses": { "200": { "description": "Private share list.", "headers": { "Cache-Control": { "$ref": "#/components/headers/NoStore" } }, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/DocumentShare" } } } } }, "401": { "$ref": "#/components/responses/Unauthorized" }, "404": { "$ref": "#/components/responses/DocumentNotFound" }, "429": { "$ref": "#/components/responses/RateLimited" }, "500": { "$ref": "#/components/responses/ServerError" } } }, "post": { "operationId": "addDocumentShare", "summary": "Share a document privately", "description": "Privately shares a document owned by the authenticated user with one email address. Re-posting the same email updates its commenting permission. No invitation email is sent; the invitee gains access the next time they sign in with that email.", "tags": [ "Documents" ], "parameters": [ { "$ref": "#/components/parameters/DocumentId" } ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateDocumentShareInput" } } } }, "responses": { "201": { "description": "Created or updated private share.", "headers": { "Cache-Control": { "$ref": "#/components/headers/NoStore" } }, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/DocumentShare" } } } }, "400": { "$ref": "#/components/responses/BadRequest" }, "401": { "$ref": "#/components/responses/Unauthorized" }, "404": { "$ref": "#/components/responses/DocumentNotFound" }, "429": { "$ref": "#/components/responses/RateLimited" }, "500": { "$ref": "#/components/responses/ServerError" } } }, "delete": { "operationId": "removeAllDocumentShares", "summary": "Remove all private shares", "description": "Revokes every private share on a document owned by the authenticated user. Idempotent.", "tags": [ "Documents" ], "parameters": [ { "$ref": "#/components/parameters/DocumentId" } ], "responses": { "204": { "$ref": "#/components/responses/Deleted" }, "400": { "$ref": "#/components/responses/BadRequest" }, "401": { "$ref": "#/components/responses/Unauthorized" }, "404": { "$ref": "#/components/responses/DocumentNotFound" }, "429": { "$ref": "#/components/responses/RateLimited" }, "500": { "$ref": "#/components/responses/ServerError" } } } }, "/api/v1/documents/{id}/shares/{shareId}": { "delete": { "operationId": "removeDocumentShare", "summary": "Remove one private share", "description": "Revokes one private share on a document owned by the authenticated user. A share id that does not belong to this document returns 404.", "tags": [ "Documents" ], "parameters": [ { "$ref": "#/components/parameters/DocumentId" }, { "$ref": "#/components/parameters/ShareId" } ], "responses": { "204": { "$ref": "#/components/responses/Deleted" }, "400": { "$ref": "#/components/responses/BadRequest" }, "401": { "$ref": "#/components/responses/Unauthorized" }, "404": { "$ref": "#/components/responses/ShareNotFound" }, "429": { "$ref": "#/components/responses/RateLimited" }, "500": { "$ref": "#/components/responses/ServerError" } } } } }, "components": { "securitySchemes": { "personalAccessToken": { "type": "http", "scheme": "bearer", "bearerFormat": "PAT", "description": "Use an MDflow Personal Access Token in the form `Authorization: Bearer mdf_...`." } }, "parameters": { "FolderId": { "name": "id", "in": "path", "required": true, "description": "Folder UUID.", "schema": { "type": "string", "format": "uuid" } }, "DocumentId": { "name": "id", "in": "path", "required": true, "description": "Document UUID.", "schema": { "type": "string", "format": "uuid" } }, "ShareId": { "name": "shareId", "in": "path", "required": true, "description": "Private share UUID.", "schema": { "type": "string", "format": "uuid" } } }, "headers": { "NoStore": { "description": "API responses are not cacheable.", "schema": { "type": "string", "const": "no-store" } }, "RetryAfter": { "description": "Seconds to wait before retrying after a rate-limit response.", "schema": { "type": "integer", "minimum": 1 } } }, "responses": { "BadRequest": { "description": "Request body was malformed or failed validation.", "headers": { "Cache-Control": { "$ref": "#/components/headers/NoStore" } }, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" }, "examples": { "invalidRequestBody": { "value": { "error": "Invalid request body" } } } } } }, "Unauthorized": { "description": "Missing, malformed, invalid, or revoked bearer token.", "headers": { "Cache-Control": { "$ref": "#/components/headers/NoStore" } }, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" }, "examples": { "missingToken": { "value": { "error": "Missing or malformed bearer token" } }, "invalidToken": { "value": { "error": "Invalid bearer token" } } } } } }, "DocumentNotFound": { "description": "Document was not found or is not owned by the authenticated user.", "headers": { "Cache-Control": { "$ref": "#/components/headers/NoStore" } }, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" }, "examples": { "notFound": { "value": { "error": "Document not found" } } } } } }, "ShareNotFound": { "description": "Document or private share was not found, or is not owned by the authenticated user.", "headers": { "Cache-Control": { "$ref": "#/components/headers/NoStore" } }, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" }, "examples": { "documentNotFound": { "value": { "error": "Document not found" } }, "shareNotFound": { "value": { "error": "Share not found" } } } } } }, "FolderNotFound": { "description": "Folder was not found or is not owned by the authenticated user.", "headers": { "Cache-Control": { "$ref": "#/components/headers/NoStore" } }, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" }, "examples": { "notFound": { "value": { "error": "Folder not found" } } } } } }, "RateLimited": { "description": "The token or authenticated user exceeded a 30 requests per minute rate limit.", "headers": { "Cache-Control": { "$ref": "#/components/headers/NoStore" }, "Retry-After": { "$ref": "#/components/headers/RetryAfter" } }, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" }, "examples": { "rateLimited": { "value": { "error": "Rate limit exceeded" } } } } } }, "ServerError": { "description": "Unexpected server error.", "headers": { "Cache-Control": { "$ref": "#/components/headers/NoStore" } }, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" }, "examples": { "unexpected": { "value": { "error": "Unexpected API error" } } } } } }, "Deleted": { "description": "Deleted successfully. No response body.", "headers": { "Cache-Control": { "$ref": "#/components/headers/NoStore" } } } }, "schemas": { "Folder": { "type": "object", "additionalProperties": false, "required": [ "id", "name", "description", "created_at", "updated_at" ], "properties": { "id": { "type": "string", "format": "uuid" }, "name": { "type": "string" }, "description": { "type": [ "string", "null" ] }, "created_at": { "type": "string", "format": "date-time" }, "updated_at": { "type": "string", "format": "date-time" } } }, "CreateFolderInput": { "type": "object", "additionalProperties": false, "required": [ "name" ], "properties": { "name": { "type": "string", "minLength": 1, "maxLength": 100 }, "description": { "type": "string", "maxLength": 500 } } }, "UpdateFolderDescriptionInput": { "type": "object", "additionalProperties": false, "required": [ "description" ], "properties": { "description": { "type": "string", "maxLength": 500 } } }, "CreateDocumentInput": { "type": "object", "additionalProperties": false, "required": [ "folder_id", "title", "body" ], "properties": { "folder_id": { "type": "string", "format": "uuid" }, "title": { "type": "string", "minLength": 1, "maxLength": 100 }, "body": { "type": "string", "maxLength": 512000, "description": "Markdown document body. UTF-8 encoded content must not exceed 512000 bytes." } } }, "UpdateDocumentBodyInput": { "type": "object", "additionalProperties": false, "required": [ "body" ], "properties": { "body": { "type": "string", "maxLength": 512000, "description": "Markdown document body. UTF-8 encoded content must not exceed 512000 bytes." } } }, "MoveDocumentInput": { "type": "object", "additionalProperties": false, "required": [ "folder_id" ], "properties": { "folder_id": { "type": "string", "format": "uuid" } } }, "UpdateSharingInput": { "type": "object", "additionalProperties": false, "required": [ "is_public", "allow_comments" ], "properties": { "is_public": { "type": "boolean" }, "allow_comments": { "type": "boolean" } } }, "DocumentListItem": { "type": "object", "additionalProperties": false, "required": [ "id", "title", "folder_id", "is_public", "created_at", "updated_at" ], "properties": { "id": { "type": "string", "format": "uuid" }, "title": { "type": "string" }, "folder_id": { "type": "string", "format": "uuid" }, "is_public": { "type": "boolean" }, "created_at": { "type": "string", "format": "date-time" }, "updated_at": { "type": "string", "format": "date-time" } } }, "Document": { "allOf": [ { "$ref": "#/components/schemas/DocumentListItem" }, { "type": "object", "additionalProperties": false, "required": [ "body" ], "properties": { "body": { "type": "string", "description": "Markdown document body." } } } ] }, "SharingState": { "type": "object", "additionalProperties": false, "required": [ "is_public", "allow_comments", "share_slug", "share_path", "public_url" ], "properties": { "is_public": { "type": "boolean" }, "allow_comments": { "type": "boolean" }, "share_slug": { "type": [ "string", "null" ] }, "share_path": { "type": [ "string", "null" ] }, "public_url": { "type": [ "string", "null" ], "format": "uri" } } }, "CreateDocumentShareInput": { "type": "object", "additionalProperties": false, "required": [ "email" ], "properties": { "email": { "type": "string", "format": "email", "description": "Recipient email address. Trimmed and lowercased before storage." }, "allow_comments": { "type": "boolean", "default": false, "description": "Whether the recipient may comment. Defaults to false (view only)." } } }, "DocumentShare": { "type": "object", "additionalProperties": false, "required": [ "id", "email", "allow_comments", "status", "created_at", "accepted_at" ], "properties": { "id": { "type": "string", "format": "uuid", "description": "Private share identifier. Use it to remove this person." }, "email": { "type": "string", "format": "email" }, "allow_comments": { "type": "boolean", "description": "Whether the recipient may comment." }, "status": { "type": "string", "enum": [ "pending", "accepted" ], "description": "pending until the recipient signs in with the invited email, then accepted." }, "created_at": { "type": "string", "format": "date-time" }, "accepted_at": { "type": [ "string", "null" ], "format": "date-time" } } }, "Error": { "type": "object", "additionalProperties": false, "required": [ "error" ], "properties": { "error": { "type": "string" } } } } }, "tags": [ { "name": "Folders" }, { "name": "Documents" } ] }