Skip to content

feat: session writes — add_session / delete_session (KasApi.php) #60

Description

@chmmou

Scope

Carve out the session-write endpoints from #11 so that issue can stay pure-reads.

Endpoints (KasApi.php — not KasAuth.php):

  • `add_session`
  • `delete_session`

Fixtures already in place:

  • `testdata/session/add_session_request.xml` + `add_session_response_success.xml` + `add_session_response_failed_otp_pin_incorrect.xml`
  • `testdata/session/delete_session_request.xml` + `delete_session_response_success.xml` + `delete_session_response_failed_unknown_session.xml`

Background (lifted from #11)

Clarification: `add_session` / `delete_session` vs. KasAuth

  • KasAuth.php (already implemented in KasAuth client (plain / session / 2FA) #5 as `internal/auth`): returns the 40-char credential token used by `kas_auth_type=session` requests. Triggered transparently by `auth.SessionTokenSource` on first KasApi call and on `no_auth` / `unknown_session` faults. No CLI surface needed; it is internal plumbing.
  • KasApi.php `add_session` / `delete_session`: documented as separate operations on the KasApi endpoint. Per the KAS docs these manage administrative customer-side sessions (e.g. delegated logins) rather than the credential token KasAuth issues.

Status (2026-05-03)

Open questions

  1. Is the KasApi.php `add_session` actually distinct from the KasAuth flow already covered by `internal/auth`, or is the fixture just the same operation surfaced through the second endpoint? Confirm against https://kasapi.kasserver.com/dokumentation/phpdoc/ before deciding on a CLI surface.
  2. CLI shape — likely `kasapi-cli sessions add|delete` if both are in scope here, or just `sessions delete` if KasAuth covers `add`.

Acceptance

  • One module per endpoint that is genuinely distinct from `internal/auth`, with mapping tests against the existing success and failure fixtures.
  • CLI subcommand wiring under `kasapi-cli sessions …`.
  • ROADMAP item "Standalone `add_session` / `delete_session` subcommands" flipped to checked.

Carved out of #11.

Metadata

Metadata

Assignees

Labels

area/apiKAS-API endpoint wrappers (domain modules)area/transportSOAP/HTTP transport, codec, auth flowphase/writeWrite/destructive API endpoints

Projects

Status
Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions