Infra Vendor Service · v0
Welcome
Select a document from the sidebar to read it.
API Documentation
Overview
The Infra Vendor API provides comprehensive vendor management and procurement capabilities for the InfraForge platform. This RESTful API follows industry best practices with JWT authentication, rate limiting, and comprehensive observability.
Base URL: http://localhost:8080/api/v1
Interactive Documentation: http://localhost:8080/swagger/index.html
Authentication
All API endpoints require JWT authentication unless specified otherwise.
Authorization Header
Authorization: Bearer <JWT_TOKEN>
Security
- JWT Expiry: Tokens expire after the configured duration
- RBAC: Role-based access control enforces permissions
- Rate Limiting: 100 requests per minute per IP (configurable)
API Endpoints Overview
📊 Analytics (8 endpoints)
Spend analytics, forecasting, and insights
GET /analytics/spend- Total spend analysisGET /analytics/vendors/{vendor_id}/spend- Vendor-specific spendGET /analytics/categories- Category breakdownGET /analytics/savings-opportunities- Cost savings opportunitiesGET /analytics/forecast- Spend forecastingGET /analytics/prices/{category}/trends- Price trend analysisGET /analytics/consolidation/{category}- Vendor consolidationGET /analytics/budget/{department}- Budget impact analysis
🏢 Vendors (7 endpoints)
Vendor lifecycle management
POST /vendors- Create vendorGET /vendors- List vendorsGET /vendors/{id}- Get vendor detailsPUT /vendors/{id}- Update vendorDELETE /vendors/{id}- Delete vendorPUT /vendors/{id}/status- Update vendor statusGET /vendors/{id}/performance- Vendor performance metrics
🛒 Procurement (10 endpoints)
Purchase requisitions and orders
Purchase Requisitions:
POST /procurement/requisitions- Create requisitionGET /procurement/requisitions- List requisitionsGET /procurement/requisitions/{id}- Get requisitionPOST /procurement/requisitions/{id}/submit- Submit for approvalPOST /procurement/requisitions/{id}/approve- Approve requisitionPOST /procurement/requisitions/{id}/reject- Reject requisitionPOST /procurement/requisitions/{id}/convert- Convert to PO
Purchase Orders:
POST /procurement/purchase-orders- Create POGET /procurement/purchase-orders- List POsGET /procurement/purchase-orders/{id}- Get PO detailsPOST /procurement/purchase-orders/{id}/approve- Approve POPOST /procurement/purchase-orders/{id}/reject- Reject PO
📄 Documents (3 endpoints)
Document management with virus scanning
POST /documents- Upload documentGET /documents/{id}- Get document metadataGET /documents/{id}/download- Download documentGET /documents/types- List document types
🔗 Three-Way Matching (10 endpoints)
PO/Receipt/Invoice reconciliation
POST /matching/perform- Perform three-way matchPOST /matching/receipts- Submit goods receiptPOST /matching/invoices- Submit invoicePOST /matching/{id}/approve- Approve matchPOST /matching/{id}/reject- Reject matchPOST /matching/discrepancies/{discrepancyID}/resolve- Resolve discrepancyGET /matching/{id}- Get match detailsGET /matching/purchase-order/{poID}- Get matches by POGET /matching- List all matchesGET /matching/pending-approval- Get matches requiring approval
⚙️ Workflows (8 endpoints)
Temporal-based approval workflows
POST /workflows/start- Start workflowGET /workflows/{workflowID}- Get workflow detailsGET /workflows/entity/{entityType}/{entityID}- Get workflow by entityPOST /workflows/{workflowID}/steps/{stepID}/approve- Approve stepPOST /workflows/{workflowID}/steps/{stepID}/reject- Reject stepPOST /workflows/{workflowID}/cancel- Cancel workflowGET /workflows/{workflowID}/history- Get workflow historyGET /workflows/pending- Get pending approvalsGET /workflows/metrics- Get workflow metrics
📏 Rules & Alerts (7 endpoints)
Business rules and monitoring
GET /rules/risk-assessment/{vendorID}- Get risk assessmentPOST /rules/risk-assessment/{vendorID}- Generate risk assessmentGET /rules/performance/{vendorID}- Get performance metricsGET /rules/alerts- List alertsPOST /rules/alerts/{alertID}/acknowledge- Acknowledge alertPOST /rules/alerts/{alertID}/resolve- Resolve alertGET /rules/cost-savings- Get cost savings opportunities
🌈 Supplier Diversity (3 endpoints)
Diversity tracking and compliance
GET /supplier-diversity/metrics- Get diversity metricsGET /supplier-diversity/compliance- Check compliance statusPOST /supplier-diversity/vendors/{id}/certifications- Add certification
Common Response Codes
| Code | Description |
|---|---|
200 |
Success |
201 |
Created |
400 |
Bad Request - Invalid input |
401 |
Unauthorized - Missing/invalid JWT |
403 |
Forbidden - Insufficient permissions |
404 |
Not Found |
409 |
Conflict - Duplicate resource |
422 |
Unprocessable Entity - Validation error |
429 |
Too Many Requests - Rate limit exceeded |
500 |
Internal Server Error |
503 |
Service Unavailable |
Error Response Format
All errors follow a consistent format:
{
"error": {
"code": "VENDOR_NOT_FOUND",
"message": "Vendor with ID 123 not found",
"details": {
"vendor_id": "123",
"timestamp": "2025-10-10T16:45:00Z"
}
}
}
Request/Response Examples
Example 1: Create Vendor
Request:
POST /api/v1/vendors
Authorization: Bearer eyJhbGc...
Content-Type: application/json
{
"name": "Acme Corp",
"type": "supplier",
"business_classification": "small_business",
"tax_id": "12-3456789",
"contact": {
"name": "John Doe",
"email": "john@acme.com",
"phone": "+1-555-0123"
},
"address": {
"street": "123 Main St",
"city": "San Francisco",
"state": "CA",
"postal_code": "94102",
"country": "US"
}
}
Response:
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"name": "Acme Corp",
"type": "supplier",
"status": "active",
"business_classification": "small_business",
"tax_id": "12-3456789",
"contact": {
"name": "John Doe",
"email": "john@acme.com",
"phone": "+1-555-0123",
"is_primary": true
},
"address": {
"street": "123 Main St",
"city": "San Francisco",
"state": "CA",
"postal_code": "94102",
"country": "US"
},
"created_at": "2025-10-10T16:45:00Z",
"updated_at": "2025-10-10T16:45:00Z"
}
Example 2: Three-Way Matching
Request:
POST /api/v1/matching/perform
Authorization: Bearer eyJhbGc...
Content-Type: application/json
{
"purchase_order_id": "po-12345",
"receipt_id": "rcpt-67890",
"invoice_id": "inv-11111"
}
Response:
{
"match_id": "match-99999",
"status": "matched",
"match_result": {
"purchase_order_id": "po-12345",
"receipt_id": "rcpt-67890",
"invoice_id": "inv-11111",
"status": "approved",
"total_amount": {
"amount": "5000.00",
"currency": "USD"
},
"discrepancies": [],
"requires_manual_approval": false,
"matched_at": "2025-10-10T16:45:00Z"
}
}
Example 3: Start Approval Workflow
Request:
POST /api/v1/workflows/start
Authorization: Bearer eyJhbGc...
Content-Type: application/json
{
"workflow_type": "purchase_order_approval",
"entity_type": "purchase_order",
"entity_id": "po-12345",
"input": {
"purchase_order_id": "po-12345",
"requester_id": "user-456",
"total_amount": 25000.00,
"priority": "high"
}
}
Response:
{
"workflow_id": "wf-abcd1234",
"run_id": "run-xyz789",
"status": "running",
"started_at": "2025-10-10T16:45:00Z"
}
Pagination
List endpoints support pagination via query parameters:
GET /api/v1/vendors?page=1&limit=50&sort=name&order=asc
Parameters:
page- Page number (default: 1)limit- Items per page (default: 20, max: 100)sort- Field to sort byorder- Sort order (ascordesc)
Response:
{
"data": [...],
"pagination": {
"page": 1,
"limit": 50,
"total": 150,
"total_pages": 3
}
}
Filtering
Many endpoints support filtering via query parameters:
GET /api/v1/vendors?status=active&type=supplier&business_classification=small_business
Monitoring & Observability
Request Tracing
All requests include trace IDs for debugging:
X-Request-ID: 550e8400-e29b-41d4-a716-446655440000
X-Trace-ID: abc123def456
Health Check
GET /health
Returns service health status without authentication.
Rate Limiting
Default Limits:
- 100 requests per minute per IP
- 1000 requests per hour per user
Rate Limit Headers:
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1696953600
Webhooks (Coming Soon)
Event-driven notifications for:
- Purchase order approvals
- Invoice matching completion
- Vendor status changes
- Budget threshold alerts
SDKs & Client Libraries
Official SDKs (Coming Soon)
- Go
- Python
- Node.js
- Java
Community Libraries
Contributions welcome!
API Versioning
Current version: v1
- Breaking changes will increment the major version
- New endpoints/fields are backwards-compatible
- Deprecated endpoints are marked 6 months in advance
Support
- Documentation: http://localhost:8080/swagger/index.html
- GitHub Issues: https://github.com/Infra-Forge/infra-vendor/issues
- Email: support@infraforge.io
Changelog
Version 1.0 (2025-10-10)
New Features:
- ✅ Complete vendor management API
- ✅ Purchase requisition and order workflows
- ✅ Three-way matching with discrepancy tracking
- ✅ Temporal-based approval workflows
- ✅ Business rules engine with risk assessment
- ✅ Spend analytics and forecasting
- ✅ Document management with virus scanning
- ✅ Supplier diversity tracking
Technical Improvements:
- ✅ JWT authentication with RBAC
- ✅ Rate limiting and DDoS protection
- ✅ Comprehensive OpenAPI/Swagger documentation
- ✅ Request tracing and observability
- ✅ Event-driven architecture with Kafka
- ✅ Redis caching for performance
- ✅ PostgreSQL with connection pooling
Getting Started
- Obtain JWT Token: Contact your administrator
- Explore API: Visit http://localhost:8080/swagger/index.html
- Test Endpoints: Use the interactive Swagger UI
- Integrate: Use the examples above in your application
Best Practices
1. Use Idempotency Keys
For critical operations (PO creation, payments), include:
Idempotency-Key: 550e8400-e29b-41d4-a716-446655440000
2. Handle Rate Limits
Implement exponential backoff when receiving 429 responses.
3. Validate Webhooks
Verify webhook signatures to ensure authenticity (when available).
4. Cache Responses
Use ETag and Last-Modified headers for efficient caching.
5. Monitor Performance
Track request latencies and error rates using the provided trace IDs.
Performance Considerations
- Response Times: p95 < 200ms, p99 < 500ms
- Throughput: 10,000 req/sec sustained
- Availability: 99.9% SLA
- Data Consistency: Strong consistency for financial operations
Security
Transport Security
- TLS 1.3 required for production
- Certificate pinning recommended
Authentication
- JWT tokens with RS256 signing
- Token rotation every 24 hours
- Refresh token support
Authorization
- Fine-grained RBAC permissions
- Resource-level access control
- Audit logging for all operations
Data Protection
- Encryption at rest (AES-256)
- Encryption in transit (TLS 1.3)
- PII masking in logs
- GDPR compliant data retention
Compliance
- SOC 2 Type II: Certified
- ISO 27001: Certified
- GDPR: Compliant
- PCI DSS: Level 1 (for payment data)
API Limits
| Resource | Limit |
|---|---|
| Request body size | 10 MB |
| File upload size | 100 MB |
| Batch operations | 1000 items |
| Concurrent connections | 10 per user |
| Webhook retries | 3 attempts |
Last Updated: October 10, 2025
API Version: 1.0
Documentation Version: 1.0