First draft of our decisions

docs/README.md

@@ -4,20 +4,24 @@ https://github.com/papers-we-love/papers-we-love/tree/main/api_design
 
 ## Inspiration
 
-# General
+# Naming & Best practices
 
-https://swagger.io/resources/articles/best-practices-in-api-design/
+https://cloud.google.com/apis/design/naming_convention?hl=de
 https://restfulapi.net/resource-naming/
-https://www.akamai.com/blog/security/rest-api-security-best-practices
+https://discuss.jsonapi.org/t/how-to-organize-an-api-using-url-prefixes-or-not-to/1036
+https://swagger.io/resources/articles/best-practices-in-api-design/
 https://cloud.google.com/blog/products/api-management/restful-web-api-design-best-practices?hl=en
-https://stackoverflow.blog/2021/10/06/best-practices-for-authentication-and-authorization-for-rest-apis/
-https://www.citusdata.com/blog/2016/03/30/five-ways-to-paginate/
 https://learn.microsoft.com/en-us/azure/architecture/best-practices/api-design
+https://www.astera.com/de/type/blog/api-design-best-practices
+
+# Tech
+
+https://www.citusdata.com/blog/2016/03/30/five-ways-to-paginate/
+https://stackoverflow.blog/2021/10/06/best-practices-for-authentication-and-authorization-for-rest-apis/
+https://www.akamai.com/blog/security/rest-api-security-best-practices
 
 # Examples
 
 https://docs.hetzner.cloud/
 https://opensource.zalando.com/restful-api-guidelines
-
+https://kubernetes.io/docs/reference/using-api/api-concepts
-# Our decisions
-

src/v2/README.md

@@ -1 +1,63 @@
 *Currently under heavy development*
+
+## Overview
+
+Our API follows the REST-API-Principles.
+
+# URI structure / Products
+
+We will have a bunch of use cases. Some API consumers want to develop
+- an appointment making service
+- a shop integration with prices, stocks and more
+- create and update orders
+- update vehicle information
+- many more cases...
+
+Because of the variety of requirements, we offer different API products. The naming results to "/api/<product>/...". This allows us to provide different views of the same resource depending on your use case and permissions.
+
+# Domain
+
+We as [PRM Software AG](https://prm-ag.de) offer you this API for our customers and act in that case as a service provider. For requesting the data of a trader, it is neccessary to get the permissions of each trader.
+
+Each trader has it's own domain or a generated one by us. The base-URI could be:
+- https://example-store.de/
+- https://onlineservices.prod.rz2.prm-ag.de/asd8s76df9/
+
+# Methods
+
+With each call you'll interact with ressources. The verb you do will be the HTTP method.
+- GET /api/core/users -> Retrieve all customers
+- GET /api/core/users/1 -> Retrieve data of customer 1
+- GET /api/core/users/1/permissions -> Retrieve all permissions of customer 1
+- DELETE /api/core/users/1 -> Delete customer 1
+- BAN /api/core/users/1 -> Ban customer 1
+- NOTIFY-GTC-VIOLANCE /api/core/users/1 -> Notifies customer 1 for a violation of the terms and conditions
+
+# Authentication
+
+# Errors
+
+# Rate Limiting
+
+# Pagination
+
+# Sorting
+
+# Response Resolution
+
+# Caching
+
+
+
+
+
+## TODO
+
+GET /api/shop/vehicles
+GET /api/tyrepro/vehicles
+GET /api/tiretask/vehicles
+GET /api/openitem/vehicles
+GET /api/rdks/vehicles
+
+GET /api/vehicles/shopview
+GET /api/vehicles/tyreproview