OpenAPI Migration Progress

This PR tracks the ongoing progress of migrating Rocket.Chat API endpoints to the new OpenAPI pattern with AJV validation and improved documentation. It will be continuously updated to reflect completed and remaining work.

✅ Summary

• Total endpoints: XX
• Migrated so far: 70
• Remaining: XX

👥 Team

• Ahmed Nasser – Contributor    
• Matheus Cardoso – Mentor  
• Guilherme Gazzo – Co-mentor

🚨 Core API Endpoints

These are 500 endpoints critical for core features and should be migrated first:

Let me know if you'd like these grouped, categorized, or documented further.

📝 Secondary API Endpoints

These 2 endpoints are lower priority and can be migrated after core APIs: (calculating...)

📌 Important Notes

When migrating endpoints to the new OpenAPI + AJV pattern, keep these points in mind:

1. No Change in Logic

   • The migration should only update the structure, validation, and documentation.
   • The core business logic, permissions, and side effects must remain exactly the same

2. Error Response Codes

   • 400 (Bad Request) → Should be included for most endpoints with input validation.
   • 401 (Unauthorized) → Add only if the endpoint authRequired: true is included.
   • 403 (Forbidden) → Add only if specific permission checks are performed.

3. Schema Validation

   • Use AJV for request/response validation.
   • Use Typia-generated $ref schemas where available instead of manually defining large object shapes.

4. Centralized Error Validators

   • Use shared helpers like validateBadRequestErrorResponse instead of hard-coding error schemas.
   • This keeps error formats consistent across all endpoints.

5. Route Definition Style

   • Use Route Method Chaining when defining multiple methods (.post(), .get(), etc.).
   • This is possible because ExtractRoutesFromAPI automatically groups routes under the same path in the type definitions.

6. Optional Properties

   • If an endpoint doesn’t need permissionsRequired, omit it.
   • Always explicitly declare query or body in the route options — even if the endpoint has no parameters, set it to query: undefined or body: undefined.
   • Keep configs minimal — only include what’s necessary for that endpoint.

7. No More rest-typings or Manual Typings

   • All request/response schemas are now defined directly inside the route definition file.
   • No schema definitions in rest-typings or other manual typing files — everything for an endpoint lives in one place for easier maintenance.

8. Swagger Documentation

   • Confirm that both request and response schemas appear correctly in Swagger UI.
   • Check that example values are meaningful and match real data structures.

📖 Example: Migrating from Old Pattern to New Pattern

This example shows how to migrate from the legacy addRoute approach (with manual typings and deprecated validation)
to the new typed API definition pattern using:

• API.v1.post() / .get() chaining (so multiple HTTP methods for the same path are merged in typings)
• AJV for request & response validation
• Typia $ref for shared model schemas
• Automatic route typings with ExtractRoutesFromAPI (no more manual duplication)
• Predefined error response validators instead of hard-coded schemas

Before – Old Pattern

// Route definition
API.v1.addRoute(
	'baz.foo',
	{
		authRequired: true,
		validateParams: ajv.compile<{ name: string }>({ // ❌ Deprecated
				type: 'object',
				properties: { name: { type: 'string' } },
				required: ['name'],
				additionalProperties: false,
			}),
		permissionsRequired: ['manage-foo'],
	},
	{
		async post() {
			const result = await updateFoo(this.bodyParams);
			return API.v1.success(result);
		},
	},
);

API.v1.addRoute(
	'baz.bar',
	{
		authRequired: true,
		validateParams: ajv.compile<{ name: string }>({ // ❌ Deprecated
				type: 'object',
				properties: { name: { type: 'string' } },
				required: ['name'],
				additionalProperties: false,
			}),
		permissionsRequired: ['manage-bar'],
	},
	{
		async get() {
			return API.v1.success(await getBar(this.queryParams.name));
		},
	},
);

// Manual typings in rest-typings
export type BazEndpoint = {
	POST: (params: FooParams) => FooResponse;
    GET: (params: BarParams) => BarResponse;
};

Problems with the old approach:

1. No request/response schemas → can't generate Swagger/OpenAPI documentation automatically.
2. validateParams is deprecated → doesn’t integrate with the new pattern.
3. Manual typings in rest-typings → easy to forget or let them get out of sync.
4. Hard-coded error handling → duplicated schemas everywhere.

After – New Pattern

const bazEndpoints = API.v1
	// POST /v1/baz.foo
	.post(
		'baz.foo',
		{
			authRequired: true,
			body: ajv.compile<{ name: string }>({
				type: 'object',
				properties: { name: { type: 'string' } },
				required: ['name'],
				additionalProperties: false,
			}),
			permissionsRequired: ['manage-foo'],
			response: {
				400: validateBadRequestErrorResponse, // Common for validation errors
				// 401: validateUnauthorizedErrorResponse, // Optional: if endpoint used with auth
				// 403: validateForbiddenErrorResponse,   // Optional: if specific permission checks exist
				200: ajv.compile<{ foo: IBaz }>({
					type: 'object',
					properties: {
						foo: { $ref: '#/components/schemas/IBaz' }, // ✅ Typia model reuse
						success: { type: 'boolean', enum: [true] },
					},
					required: ['foo', 'success'],
					additionalProperties: false,
				}),
			},
		},
		async function action() {
			const result = await updateFoo(this.bodyParams);
			return API.v1.success(result);
		},
	)
	// GET /v1/baz.bar
	.get(
		'baz.bar',
		{
			authRequired: true,
			query: ajv.compile<{ name: string }>({
				type: 'object',
				properties: { name: { type: 'string' } },
				required: ['name'],
				additionalProperties: false,
			}),
			permissionsRequired: ['manage-bar'],
			response: {
				400: validateBadRequestErrorResponse,
				// 401: validateUnauthorizedErrorResponse, // Optional
				// 403: validateForbiddenErrorResponse,   // Optional
				200: ajv.compile<{ foo: IBaz }>({
					type: 'object',
					properties: {
						bar: { $ref: '#/components/schemas/IBaz' },
						success: { type: 'boolean', enum: [true] },
					},
					required: ['bar', 'success'],
					additionalProperties: false,
				}),
			},
		},
		async function action() {
			return API.v1.success(await getBar(this.queryParams.name));
		},
	);

// ✅ Automatically generate typings for both GET and POST without duplication
export type BazEndpoints = ExtractRoutesFromAPI<typeof bazEndpoints>;

declare module '@rocket.chat/rest-typings' {
    // eslint-disable-next-line @typescript-eslint/naming-convention, @typescript-eslint/no-empty-interface
	interface Endpoints extends BazEndpoints {}
}

Key Improvements in the New Pattern

1. Single source of truth for typings
   ExtractRoutesFromAPI pulls types directly from your post() / get() definitions — no more manual edits in rest-typings.

2. Strong request validation with AJV
   Both body (POST) and query (GET) are validated against JSON schemas.

3. Strong response validation
   Ensures the API always returns objects that match the documented shape.

4. Reusable schemas with Typia
   $ref: '#/components/schemas/IBaz' links to a single IBaz schema used across APIs.

5. Predefined error validators
   validateBadRequestErrorResponse, validateUnauthorizedErrorResponse, validateForbiddenErrorResponse replace repetitive error schemas.

6. Chaining multiple methods on the same path
   Calling .post().get() on the same fooEndpoints ensures both methods are merged into one entry in the generated Endpoints interface.

🧪 Testing Plan

• Ensure all migrated endpoints validate request and response schemas using AJV.
• Confirm accurate documentation in Swagger UI for each endpoint.
• Run integration tests to avoid regressions.

💡 Notes

• This PR is for tracking and visibility; implementation PRs will be linked progressively.
• Please feel free to suggest changes to prioritization.