Skip to content

Add test coverage for the API-key lifecycle and webhook CRUD endpoints #43

Description

@mikewheeleer

Test the API-key lifecycle and webhook CRUD endpoints

Description

The API-key endpoints (POST/GET/DELETE /api/v1/api-keys) and webhook endpoints (POST/GET/PATCH/DELETE /api/v1/webhooks, plus /:id/test) in src/index.ts have zero tests in src/health.test.ts. These manage credentials and event subscriptions, so untested behaviour is risky. This issue adds full coverage.

Requirements and context

  • Repository scope: Agentpay-Org/Agentpay-backend only.
  • Cover api-key create (201 with apk_ prefix), list (prefix-only, never the secret), and revoke-by-prefix (204 and 404).
  • Cover webhook register (url + events validation, 201), list, patch (partial url/events updates), delete (204/404), and /:id/test (404 for unknown, simulated delivery for known).
  • Assert validation failures return 400 invalid_request with a requestId, including the http(s) URL regex and 2048-char limit.
  • Assert the api-key list response never contains the full key.

Suggested execution

  • Fork the repo and create a branch
  • git checkout -b test/testing-13-apikeys-webhooks
  • Implement changes
    • Write comprehensive tests in: new src/apikeys-webhooks.test.ts using supertest.
    • Write code in: no production change expected unless a real bug surfaces.
    • Add documentation: none beyond test descriptions.
    • Add clear test titles.
    • Validate security assumptions: confirm secret is never echoed in list responses or logs.
  • Test and commit

Test and commit

  • Run npm run build, npm test, and npm run lint.
  • Cover edge cases: revoke non-existent prefix, webhook bad URL, empty events array, patch with neither field.
  • Include the full npm test output in the PR description.

Example commit message

test: cover api-key lifecycle and webhook crud endpoints

Guidelines

  • Minimum 95 percent test coverage for impacted modules.
  • Clear, reviewer-focused documentation.
  • Timeframe: 96 hours.

Community & contribution rewards

  • 💬 Join the AgentPay community on Discord for questions, reviews, and faster merges: https://discord.gg/eXvRKkgcv
  • ⭐ This is a GrantFox OSS / Official Campaign task and may be rewarded. When your PR is merged you'll be prompted to rate the project — if this issue and the maintainers helped you ship, we'd be grateful for a 5-star rating. Clear questions in Discord and tidy, well-tested PRs are the fastest path to a merge and a reward.

Metadata

Metadata

Assignees

No one assigned

    Fields

    No fields configured for Feature.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions