# a11yhood Backend API Examples

This notebook demonstrates practical examples of making requests to the a11yhood API and interpreting responses.

**Prerequisites**: 
- Backend running at `https://localhost:8000/api`
- Python with `requests` library
- Valid authentication token (or TEST_MODE enabled)

## 1. Repository Overview

**a11yhood** is a REST API backend for an inclusive, community-driven platform that helps users discover, review, and discuss assistive technology and accessibility products.

### Key Features
- **Multi-source scraping**: Automatically fetch products from GitHub, Ravelry, Thingiverse, Abledata, and more
- **Community ratings & reviews**: Detailed product ratings and user reviews
- **Collections**: Users can organize products into personal collections
- **Discussions**: Threaded community discussions about products
- **OAuth authentication**: GitHub and other OAuth-based sign-in
- **WCAG AA compliant**: Accessibility-first design

### Technology Stack
- **Framework**: FastAPI (Python)
- **Database**: PostgreSQL (Supabase) + SQLite (tests/dev)
- **Authentication**: OAuth 2.0 + JWT
- **Rate Limiting**: slowapi
- **Web Server**: Uvicorn

## 2. Project Structure

```
a11yhood-backend/
├── main.py                      # FastAPI app entry point
├── config.py                    # Configuration/environment settings
├── database_adapter.py          # Dual DB support (Supabase + SQLite)
├── requirements.txt             # Dependencies
│
├── models/                      # Data models (Pydantic + SQLAlchemy)
│   ├── users.py
│   ├── products.py
│   ├── ratings.py
│   ├── reviews.py
│   ├── collections.py
│   ├── discussions.py
│   ├── sources.py
│   └── ...
│
├── routers/                     # API route handlers
│   ├── users.py                 # GET /api/users, PUT /api/users/:id
│   ├── products.py              # GET /api/products, POST /api/products
│   ├── ratings.py               # Product ratings
│   ├── reviews.py               # Product reviews
│   ├── collections.py           # User collections
│   ├── discussions.py           # Product discussions
│   ├── sources.py               # Source platforms
│   ├── scrapers.py              # Scraper management
│   └── ...
│
├── services/                    # Business logic
│   ├── auth.py                  # Authentication
│   ├── database.py              # DB connections
│   ├── scrapers.py              # Scraping logic
│   ├── scheduled_scrapers.py    # Scheduled jobs
│   └── ...
│
├── scrapers/                    # Platform-specific scrapers
│   ├── github.py
│   ├── ravelry.py
│   ├── thingiverse.py
│   ├── abledata.py
│   └── ...
│
├── migrations/                  # Database migrations
├── seed_scripts/                # Database seeding
├── tests/                       # Test suite
└── documentation/               # Comprehensive docs
```

## 3. Installation & Setup

### Quick Start

```bash
# 1. Clone the repository
git clone https://github.com/a11yhood/a11yhood-backend.git
cd a11yhood-backend

# 2. Create virtual environment
python3 -m venv .venv
source .venv/bin/activate  # On Windows: .venv\Scripts\activate

# 3. Install dependencies
pip install -r requirements.txt

# 4. Configure environment
cp .env.example .env
# Edit .env with your settings

# 5. Start the development server
python main.py
# Or: uvicorn main:app --reload --ssl-keyfile=localhost+2-key.pem --ssl-certfile=localhost+2.pem
```

The API will be available at: **https://localhost:8000/api**

### Docker

```bash
docker-compose up
```

## 4. Environment Configuration

Key environment variables in `.env`:

```env
# Server
ENVIRONMENT=development
HOST=localhost
PORT=8000
TEST_MODE=true  # Enable for testing (disables auth)

# Database
DATABASE_URL=postgresql://user:pass@localhost/db  # Production
TEST_DATABASE_URL=sqlite:///./test.db              # Testing

# OAuth
GITHUB_CLIENT_ID=your_client_id
GITHUB_CLIENT_SECRET=your_client_secret

# CORS
ALLOWED_ORIGINS=http://localhost:4173,https://localhost:4173
PRODUCTION_URL=https://a11yhood.example.com

# API & Services
SUPABASE_URL=https://your-project.supabase.co
SUPABASE_KEY=your_api_key
GITHUB_TOKEN=your_github_token  # For GitHub scraper
```

## 5. API Endpoints Overview

| Resource | Endpoint | Methods | Purpose |
|----------|----------|---------|----------|
| **Users** | `/api/users` | GET, PUT, PATCH, DELETE | User profiles & authentication |
| **Products** | `/api/products` | GET, POST, PATCH, DELETE | Product listings & search |
| **Ratings** | `/api/ratings` | GET, POST, PATCH, DELETE | Product ratings |
| **Reviews** | `/api/reviews` | GET, POST, PATCH, DELETE | Product reviews |
| **Collections** | `/api/collections` | GET, POST, PATCH, DELETE | User product collections |
| **Discussions** | `/api/discussions` | GET, POST, PATCH, DELETE | Threaded discussions |
| **Sources** | `/api/sources` | GET | Product source platforms |
| **Scrapers** | `/api/scrapers` | GET, POST | Scraper management |
| **Blog Posts** | `/api/blog_posts` | GET, POST | Community content |
| **Activities** | `/api/activities` | GET | User activity feed |

**Base URL**: `https://localhost:8000/api` (development)

**Authentication**: Include JWT token in header:
```
Authorization: Bearer <your_token>
```

In [None]:
# Setup for making API requests
import requests
import json
from typing import Dict, Any
import urllib3

# Suppress SSL warnings for localhost
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

# Configuration
BASE_URL = "https://localhost:8000/api"
HEADERS = {
    "Content-Type": "application/json",
    # If TEST_MODE=false, add: "Authorization": "Bearer <your_token>"
}

def print_request_response(method: str, endpoint: str, data: Dict[str, Any] = None, params: Dict = None):
    """Helper to print API request and response."""
    url = f"{BASE_URL}{endpoint}"
    
    print(f"\n{'='*60}")
    print(f"{method.upper()} {endpoint}")
    print(f"{'='*60}")
    
    if data:
        print(f"\nRequest Body:\n{json.dumps(data, indent=2)}")
    
    if params:
        print(f"\nQuery Parameters: {params}")
    
    try:
        if method.upper() == "GET":
            response = requests.get(url, headers=HEADERS, params=params, verify=False)
        elif method.upper() == "POST":
            response = requests.post(url, headers=HEADERS, json=data, params=params, verify=False)
        elif method.upper() == "PUT":
            response = requests.put(url, headers=HEADERS, json=data, params=params, verify=False)
        elif method.upper() == "PATCH":
            response = requests.patch(url, headers=HEADERS, json=data, params=params, verify=False)
        elif method.upper() == "DELETE":
            response = requests.delete(url, headers=HEADERS, params=params, verify=False)
        
        print(f"\nStatus Code: {response.status_code}")
        print(f"\nResponse:\n{json.dumps(response.json(), indent=2)}")
        return response
    except Exception as e:
        print(f"\nError: {str(e)}")
        print("Make sure the backend is running at https://localhost:8000")
        return None

print("✓ API request helper functions loaded")
print(f"✓ Base URL: {BASE_URL}")

## 6. Example API Requests & Responses

### Users Endpoints

#### Get All Users
```http
GET /api/users
```

In [None]:
# Get all users
print_request_response("GET", "/users")

#### Get Single User
```http
GET /api/users/{githubId}
```

In [None]:
# Get a specific user by GitHub ID
print_request_response("GET", "/users/12345")

### Products Endpoints

#### Search Products with Filters
```http
GET /api/products?q=accessible&source=github&limit=10
```

In [None]:
# Search products with filters
params = {
    "q": "screen reader",  # Search query
    "source": "github",     # Filter by source
    "limit": 10,            # Number of results
    "offset": 0             # Pagination
}
print_request_response("GET", "/products", params=params)

#### Get Product Details
```http
GET /api/products/{productId}
```

In [None]:
# Get a specific product
print_request_response("GET", "/products/550e8400-e29b-41d4-a716-446655440000")

#### Submit a New Product
```http
POST /api/products
```

In [None]:
# Submit a new product
new_product = {
    "name": "JAWS Screen Reader",
    "description": "Industry-leading screen reader for Windows",
    "url": "https://www.freedomscientific.com/products/software/jaws/",
    "sourceId": "github",
    "tags": ["screen reader", "accessibility", "assistive technology"],
    "category": "assistive-technology"
}
print_request_response("POST", "/products", data=new_product)

### Ratings Endpoints

#### Get Product Ratings
```http
GET /api/ratings?productId={id}
```

In [None]:
# Get ratings for a product
params = {
    "productId": "550e8400-e29b-41d4-a716-446655440000"
}
print_request_response("GET", "/ratings", params=params)

#### Submit a Product Rating
```http
POST /api/ratings
```

In [None]:
# Submit a rating for a product
rating_data = {
    "productId": "550e8400-e29b-41d4-a716-446655440000",
    "rating": 4,  # 1-5 stars
    "sourceCredibility": "high",  # Source credibility level
    "comment": "Great accessibility features"
}
print_request_response("POST", "/ratings", data=rating_data)

### Reviews Endpoints

#### Get Product Reviews
```http
GET /api/reviews?productId={id}
```

In [None]:
# Get reviews for a product
params = {
    "productId": "550e8400-e29b-41d4-a716-446655440000",
    "limit": 5
}
print_request_response("GET", "/reviews", params=params)

#### Write a Product Review
```http
POST /api/reviews
```

In [None]:
# Write a detailed review for a product
review_data = {
    "productId": "550e8400-e29b-41d4-a716-446655440000",
    "title": "Excellent accessibility support",
    "content": "This product has outstanding keyboard navigation and screen reader support. Highly recommended!",
    "rating": 5,  # Overall rating for this review
    "tags": ["keyboard-friendly", "screen-reader-compatible"]
}
print_request_response("POST", "/reviews", data=review_data)

### Collections Endpoints

#### Get User Collections
```http
GET /api/collections?userId={userId}
```

In [None]:
# Get collections for a user
params = {
    "userId": "12345"
}
print_request_response("GET", "/collections", params=params)

#### Create a Collection
```http
POST /api/collections
```

In [None]:
# Create a new collection
collection_data = {
    "name": "Screen Readers for Windows",
    "description": "Essential screen reader software for Windows accessibility",
    "isPublic": True,
    "tags": ["screen-readers", "windows"]
}
print_request_response("POST", "/collections", data=collection_data)

#### Add Product to Collection
```http
POST /api/collections/{collectionId}/products
```

In [None]:
# Add a product to a collection
product_data = {
    "productId": "550e8400-e29b-41d4-a716-446655440000"
}
print_request_response("POST", "/collections/collection-uuid/products", data=product_data)

### Discussions Endpoints

#### Get Product Discussions
```http
GET /api/discussions?productId={id}
```

In [None]:
# Get discussions about a product
params = {
    "productId": "550e8400-e29b-41d4-a716-446655440000",
    "limit": 10
}
print_request_response("GET", "/discussions", params=params)

#### Start a Discussion
```http
POST /api/discussions
```

In [None]:
# Start a new discussion about a product
discussion_data = {
    "productId": "550e8400-e29b-41d4-a716-446655440000",
    "title": "Accessibility improvements in latest version?",
    "content": "Has anyone noticed improvements in keyboard navigation in the latest release?",
    "tags": ["accessibility", "keyboard-navigation"]
}
print_request_response("POST", "/discussions", data=discussion_data)

#### Reply to Discussion
```http
POST /api/discussions/{discussionId}/comments
```

In [None]:
# Reply to a discussion
comment_data = {
    "content": "Yes! The Tab key navigation feels much smoother now."
}
print_request_response("POST", "/discussions/discussion-uuid/comments", data=comment_data)

### Sources Endpoints

#### Get Available Sources
```http
GET /api/sources
```

In [None]:
# Get list of product sources
print_request_response("GET", "/sources")

## 7. Response Format & Examples

### Success Response Format

```json
{
  "data": {
    "id": "uuid",
    "name": "Product name",
    "description": "...",
    "createdAt": 1704067200000,
    "updatedAt": 1704153600000
  }
}
```

### List Response Format

```json
{
  "data": [
    { "id": "...", "name": "Product 1", ... },
    { "id": "...", "name": "Product 2", ... }
  ],
  "total": 100,
  "limit": 10,
  "offset": 0
}
```

### Error Response Format

```json
{
  "message": "Detailed error description",
  "status": 400,
  "data": {
    "field": "Invalid value"
  }
}
```

### HTTP Status Codes

| Status | Meaning | Example |
|--------|---------|----------|
| **200** | OK - Request succeeded | GET, PATCH successful |
| **201** | Created - Resource created | POST successful |
| **400** | Bad Request - Invalid parameters | Missing required field |
| **401** | Unauthorized - Auth required | Missing/invalid token |
| **403** | Forbidden - Insufficient permissions | Can't modify other user's data |
| **404** | Not Found - Resource doesn't exist | Product ID not found |
| **409** | Conflict - Resource already exists | Duplicate entry |
| **429** | Too Many Requests - Rate limited | Too many API calls |
| **500** | Server Error | Unexpected server issue |

## 8. Database Schema Overview

### Core Tables

```
users
├── id (UUID, PK)
├── github_id
├── login
├── email
├── display_name
├── role (user, moderator, admin)
└── joined_at

products
├── id (UUID, PK)
├── name
├── description
├── url
├── source_id (FK)
├── category
├── rating_avg
├── review_count
└── created_at

ratings
├── id (UUID, PK)
├── product_id (FK)
├── user_id (FK)
├── rating (1-5)
├── source_credibility
└── created_at

reviews
├── id (UUID, PK)
├── product_id (FK)
├── user_id (FK)
├── title
├── content
├── rating
└── created_at

collections
├── id (UUID, PK)
├── user_id (FK)
├── name
├── description
├── is_public
└── created_at

collection_products
├── collection_id (FK)
├── product_id (FK)
└── added_at

discussions
├── id (UUID, PK)
├── product_id (FK)
├── user_id (FK)
├── title
├── content
├── comment_count
└── created_at

discussion_comments
├── id (UUID, PK)
├── discussion_id (FK)
├── user_id (FK)
├── content
└── created_at

sources
├── id (UUID, PK)
├── name (github, ravelry, etc.)
├── description
├── base_url
└── product_count
```

### Relationships

- **users** 1:N **ratings** - A user can give many ratings
- **users** 1:N **reviews** - A user can write many reviews
- **users** 1:N **collections** - A user can have many collections
- **users** 1:N **discussions** - A user can start many discussions
- **products** 1:N **ratings** - A product has many ratings
- **products** 1:N **reviews** - A product has many reviews
- **products** 1:N **discussions** - A product has many discussions
- **collections** N:N **products** (via collection_products)
- **sources** 1:N **products** - A source provides many products

## 9. Running Tests

### Run Test Suite

```bash
# Run all tests
pytest

# Run with verbose output
pytest -v

# Run specific test file
pytest tests/test_products.py

# Run specific test function
pytest tests/test_products.py::test_get_products

# Run with coverage report
pytest --cov=. --cov-report=html

# Run in watch mode (requires pytest-watch)
ptw
```

### Test Structure

```
tests/
├── test_users.py
├── test_products.py
├── test_ratings.py
├── test_reviews.py
├── test_collections.py
├── test_discussions.py
├── test_scrapers.py
└── conftest.py              # Shared test fixtures
```

### Example Test Output

```
tests/test_products.py::test_get_products PASSED              [ 5%]
tests/test_products.py::test_search_products PASSED           [10%]
tests/test_products.py::test_create_product PASSED            [15%]
tests/test_products.py::test_update_product PASSED            [20%]
tests/test_products.py::test_delete_product PASSED            [25%]
tests/test_ratings.py::test_get_ratings PASSED                [30%]
tests/test_ratings.py::test_create_rating PASSED              [35%]
...

========================= 45 passed in 2.34s =========================
```

In [None]:
# Example: Running tests programmatically
import subprocess

# Run a quick test to check API connectivity
result = subprocess.run(
    ["pytest", "tests/test_products.py::test_get_products", "-v", "--tb=short"],
    capture_output=True,
    text=True,
    cwd="/Users/jmankoff/Research/a11yhood/a11yhood-backend"
)

print("STDOUT:")
print(result.stdout)
if result.stderr:
    print("\nSTDERR:")
    print(result.stderr)
print(f"\nReturn code: {result.returncode}")

## 10. Tips & Best Practices

### Authentication

- For development, set `TEST_MODE=true` in `.env` to disable auth
- For production, use OAuth tokens or JWT
- Include token in header: `Authorization: Bearer <token>`

### API Requests

- Always include `Content-Type: application/json` header
- Use URL parameters for GET requests
- Use JSON body for POST/PATCH requests
- Paginate large result sets with `limit` and `offset`
- Handle rate limiting (429 status) gracefully

### Response Handling

- Check status code before processing response
- Access data via `response.json()["data"]`
- Error details are in `response.json()["message"]`
- Timestamps are in milliseconds since epoch

### Error Handling

```python
try:
    response = requests.get(url, headers=HEADERS, verify=False)
    response.raise_for_status()  # Raise exception on HTTP errors
    data = response.json()["data"]
except requests.exceptions.RequestException as e:
    print(f"Request failed: {e}")
```

### Rate Limiting

- API enforces rate limiting to prevent abuse
- Respect 429 (Too Many Requests) responses
- Implement exponential backoff for retries
- Use appropriate `limit` parameters to minimize calls

### Testing

- Use test database (SQLite) for local testing
- Run tests before pushing code
- Test both success and error cases
- Use fixtures for common test data setup

## 11. Additional Resources

- **[README.md](README.md)** - Main project README
- **[documentation/API_REFERENCE.md](documentation/API_REFERENCE.md)** - Complete API endpoint reference
- **[documentation/LOCAL_TESTING.md](documentation/LOCAL_TESTING.md)** - Local development guide
- **[documentation/DEPLOYMENT_CURRENT.md](documentation/DEPLOYMENT_CURRENT.md)** - Production deployment
- **[documentation/CODE_STANDARDS.md](documentation/CODE_STANDARDS.md)** - Coding standards
- **[documentation/ARCHITECTURE.md](documentation/ARCHITECTURE.md)** - System architecture
- **[documentation/SECURITY_BEST_PRACTICES.md](documentation/SECURITY_BEST_PRACTICES.md)** - Security guidelines
- **GitHub**: https://github.com/a11yhood/a11yhood-backend

### Quick Links

- **API Base URL** (dev): `https://localhost:8000/api`
- **Interactive API Docs**: `https://localhost:8000/docs` (Swagger UI)
- **Alternative Docs**: `https://localhost:8000/redoc` (ReDoc)