> [!warning] > > This epic is about a non-validated feature. It is for collecting user requests and feedback about the possibility of offering a public API. We already have many requests for a public API. This API would help some "power" users to get application data on other services. This feature requires a user account and an identity provider. # Usage Example * [HomeAssistant](https://www.home-assistant.io/) * Getting current change * Getting stats * More? # Capabilities All :lock: would require authentication & authorization to be used. All :ballot_box_with_check: are for data that can be retrieved with the DiapStash API. The documentation must be completed. ## Read Data * :ballot_box_with_check: Catalog * List all official types * Packages * Variants * List all brands * Find type by barcode * :lock: Get changes * :ballot_box_with_check:All history * Current change * Can get shared history * :lock: Get accidents * :ballot_box_with_check:All accidents history * :lock: Get Stock * :ballot_box_with_check:All stocks of diapers (disposable + reusable) * Get shared stocks ## Insert / Update Data * :lock: Update change information * Update change metadata * State (dry, wet, etc.) * Wetness/messy level * Cause of leak * Description * Tags * Delete change (?) * :lock: Stocks * Add new disposable diapers * Add new reusable diapers * Wash / Change reusable diapers state (dirty -\> clean) * :lock: Accident * Create accident * Edit accident * Delete accident * :lock: Manage sharing/shared access * Revoke shared history / stock # Workflow * Provide an application key+secret dedicated to the third-party service for request authentication to the DiapStash Identity Provider &4. * Users who want to use the third-party service need to have a valid account with a valid cloud-sync. * They should give their consent to share their data with the third-party service. * The third-party service would access user data via an authorization token obtained after the user logs in and gives their consent. # Requirements * Users can create a "DiapStash" account. * Users can link their cloud-sync with their "DiapStash" account. * Users can revoke any API access. # Q&A ## Why not allow starting or ending a change? Starting and ending a change requires many internal actions. All these actions are implemented and performed directly in the app. To allow starting and ending a change from an API would require implementing all actions in both the app and the server. Any changes in the code for these actions would need to be done twice. _This is the same reason why the shared history is read-only._