Skip to content

docs(sessions): enhance authentication details in session API descrip…#207

Closed
ahmednahima0-beep wants to merge 1 commit into
mainfrom
docs/sessions-id-chats
Closed

docs(sessions): enhance authentication details in session API descrip…#207
ahmednahima0-beep wants to merge 1 commit into
mainfrom
docs/sessions-id-chats

Conversation

@ahmednahima0-beep
Copy link
Copy Markdown
Collaborator

@ahmednahima0-beep ahmednahima0-beep commented May 12, 2026
edited by coderabbitai Bot
Loading

…tions

Updated the descriptions for GET and POST endpoints related to sessions to clarify authentication requirements. Added explicit instructions on using either x-api-key or Authorization: Bearer <privy-access-token>, and detailed the consequences of sending both or neither. Enhanced error descriptions for unauthorized access to provide clearer guidance on potential issues. This improves the overall clarity and usability of the API documentation.

Summary by cubic

Clarified auth in session API docs: send exactly one of x-api-key or Authorization: Bearer <privy-access-token>—sending both or neither returns 401; added clear 403/404 notes. Also added descriptions to ApiKeyAuth and BearerAuth and standardized the 401 error body on GET/POST under /api/sessions/{sessionId} and /api/sessions/{sessionId}/chats.

Written for commit 7042ebf. Summary will update on new commits.

Summary by CodeRabbit

  • Documentation
    • Clarified authentication requirements for session and chat endpoints
    • Specified that clients must send exactly one authentication method to avoid 401 errors
    • Enhanced chat endpoint descriptions with ownership expectations and error response documentation
    • Expanded security scheme details for improved token format and client type guidance

Review Change Stack

@ahmednahima0-beep
docs(sessions): enhance authentication details in session API descrip…
7042ebf 
…tions

Updated the descriptions for GET and POST endpoints related to sessions to clarify authentication requirements. Added explicit instructions on using either `x-api-key` or `Authorization: Bearer <privy-access-token>`, and detailed the consequences of sending both or neither. Enhanced error descriptions for unauthorized access to provide clearer guidance on potential issues. This improves the overall clarity and usability of the API documentation.
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented May 12, 2026
edited
Loading

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 4ccb6baf-f089-422a-857d-ea8c6358d6ca

📥 Commits

Reviewing files that changed from the base of the PR and between f049736 and 7042ebf.

📒 Files selected for processing (1)
  • api-reference/openapi/sessions.json
📝 Walkthrough

Walkthrough

OpenAPI specifications in sessions.json are updated to clarify authentication behavior across session and chat endpoints: clients must send exactly one of x-api-key or Authorization: Bearer token; both or neither return 401 with detailed error response format. Operation descriptions now document error expectations (403/404 for permissions, 409 for idempotency conflicts) and endpoint-specific behavior.

Changes

Sessions API Authentication and Error Documentation

Layer / File(s) Summary
Security scheme documentation
api-reference/openapi/sessions.json		 ApiKeyAuth (x-api-key) and BearerAuth security scheme descriptions specify intended client usage and token/header format.
Session GET endpoint authentication and errors
api-reference/openapi/sessions.json		 GET /api/sessions/{sessionId} operation description and 401 response clarify the "exactly one credential" authentication rule and error response body format.
Chat listing endpoint authentication, errors, and ownership
api-reference/openapi/sessions.json		 GET /api/sessions/{sessionId}/chats operation description and 401 response document authentication exclusivity, 403/404 ownership and permission expectations, and list sorting behavior.
Chat creation endpoint authentication, errors, and idempotency
api-reference/openapi/sessions.json		 POST /api/sessions/{sessionId}/chats operation description and 401 response clarify authentication rules, ownership expectations, and deterministic chat-id idempotency (409 on cross-session conflicts within the session).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

  • recoupable/docs#204: Adds the GET/POST /api/sessions/{sessionId}/chats endpoints and schemas that this PR documents and clarifies.
  • recoupable/docs#185: Earlier update to the same OpenAPI file and session endpoints security scheme descriptions.
  • recoupable/docs#186: Modifies the same OpenAPI sessions spec including authentication securitySchemes that this PR refines.

Suggested reviewers

  • sweetmantech

Poem

🐰 Hopping through the auth domain so fine,
Your docs now shine with rules so clear—
Exactly one credential at a time,
No mixed-up tokens need we fear,
The chats are idempotent, don't you see? ✨

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch docs/sessions-id-chats

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@ahmednahima0-beep ahmednahima0-beep deleted the docs/sessions-id-chats branch May 12, 2026 22:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sweetmantech sweetmantech Awaiting requested review from sweetmantech sweetmantech is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ahmednahima0-beep