[DevPortal] Implement API Keys page#2729
Conversation
|
Warning Review limit reached
Next review available in: 32 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (18)
📝 WalkthroughWalkthroughAdds a global API-key listing endpoint and Developer Portal overview page, removes internal ChangesAPI key contracts and portal experience
Estimated code review effort: 4 (Complex) | ~45 minutes Possibly related PRs
Suggested reviewers: 🚥 Pre-merge checks | ✅ 3 | ❌ 2❌ Failed checks (2 warnings)
✅ Passed checks (3 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (3)
portals/developer-portal/src/controllers/apiContentController.js (1)
581-582: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueRemove the redundant API definition fetch.
The
resolveShowApiKeysNavhelper internally encapsulates the exact same logic to lazily fetch the API definition if thepreloadedDefinitionargument is omitted. You can simplify this controller method by removing the manualapiDefinitionForNavfetch block above this line and allowing the helper to handle it natively. This also resolves a minor discrepancy whereSOAPAPIs were not excluded from the manual fetch attempt.♻️ Proposed refactor
- let apiDefinitionForNav = null; - if (apiType !== constants.API_TYPE.GRAPHQL && apiType !== constants.API_TYPE.MCP) { - try { - apiDefinitionForNav = await getApiDefinitionFileContent(orgId, apiId); - } catch (definitionErr) { - logger.debug('Could not load API definition for API keys nav check', { - orgId, - apiId, - error: definitionErr.message - }); - } - } - const templateContent = { baseUrl: '/' + orgName + '/views/' + viewName + "/api/" + apiHandle, baseDocUrl: '/' + orgName + '/views/' + viewName + "/api/" + apiHandle, docTypes: docNames, apiType: apiType, apiName: apiMetadata[0].dataValues.name || '', profile: req.isAuthenticated() ? profile : null, devportalMode: devportalMode, - showApiKeysNav: await resolveShowApiKeysNav(orgId, apiId, apiType, metaForNav, apiDefinitionForNav), + showApiKeysNav: await resolveShowApiKeysNav(orgId, apiId, apiType, metaForNav), };🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@portals/developer-portal/src/controllers/apiContentController.js` around lines 581 - 582, Remove the manual apiDefinitionForNav fetch block from the controller method and call resolveShowApiKeysNav without passing that preloaded definition, allowing the helper to perform its native lazy fetch and preserve SOAP API handling.portals/developer-portal/src/controllers/apiKeysOverviewController.js (1)
42-44: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueRemove redundant
req.usercheck.The
ensureAuthenticatedmiddleware already validates the session and handles the redirect to the login page for unauthenticated users. Based on learnings, directreq.userchecks and redirects are redundant in controllers protected by this middleware.♻️ Proposed refactor
- if (!req.user) { - return res.redirect(`/${orgName}${constants.ROUTE.VIEWS_PATH}${viewName}/login`); - } const devportalMode = orgDetails.configuration?.devportalMode || constants.DEVPORTAL_MODE.DEFAULT;🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@portals/developer-portal/src/controllers/apiKeysOverviewController.js` around lines 42 - 44, Remove the redundant req.user conditional and redirect from the controller, relying on the ensureAuthenticated middleware to handle unauthenticated requests while leaving the authenticated controller flow unchanged.Source: Learnings
portals/developer-portal/src/controllers/apiKeyController.js (1)
230-238: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueUse
util.sendErrorfor consistent error responses.Instead of manually constructing the JSON error payload and hardcoding
code: 'INTERNAL_SERVER_ERROR', useutil.sendErrorto ensure the error response is formatted consistently with the rest of the controller and automatically uses the appropriate error code.♻️ Proposed refactor
} catch (err) { logger.error('Failed to list all API keys', { error: err.message, orgId }); - return res.status(errorStatus(err)).json({ - status: 'error', - code: 'INTERNAL_SERVER_ERROR', - message: 'Failed to list API keys', - errors: [], - }); + return util.sendError(res, errorStatus(err), 'Failed to list API keys'); } }🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@portals/developer-portal/src/controllers/apiKeyController.js` around lines 230 - 238, Update the catch block in the API-key listing controller to call util.sendError with the response, error, and existing failure context instead of manually constructing the status and JSON payload. Preserve the current logging and ensure util.sendError determines the appropriate status and error code.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@portals/developer-portal/src/pages/api-keys-overview/page.hbs`:
- Around line 65-68: Update the apiType conditional in the API link within the
overview template to apply the lowercase helper before comparing against “mcp”,
ensuring MCP values in any casing generate the /mcp/ path while other types
continue using /api/.
---
Nitpick comments:
In `@portals/developer-portal/src/controllers/apiContentController.js`:
- Around line 581-582: Remove the manual apiDefinitionForNav fetch block from
the controller method and call resolveShowApiKeysNav without passing that
preloaded definition, allowing the helper to perform its native lazy fetch and
preserve SOAP API handling.
In `@portals/developer-portal/src/controllers/apiKeyController.js`:
- Around line 230-238: Update the catch block in the API-key listing controller
to call util.sendError with the response, error, and existing failure context
instead of manually constructing the status and JSON payload. Preserve the
current logging and ensure util.sendError determines the appropriate status and
error code.
In `@portals/developer-portal/src/controllers/apiKeysOverviewController.js`:
- Around line 42-44: Remove the redundant req.user conditional and redirect from
the controller, relying on the ensureAuthenticated middleware to handle
unauthenticated requests while leaving the authenticated controller flow
unchanged.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 430f5590-1206-4751-8f76-b1ed7c3145c2
📒 Files selected for processing (33)
docs/rest-apis/devportal/README.mddocs/rest-apis/devportal/api-keys.mddocs/rest-apis/devportal/labels.mddocs/rest-apis/devportal/mcp-server-keys.mddocs/rest-apis/devportal/schemas.mdportals/developer-portal/configs/config-platform-api.toml.exampleportals/developer-portal/docs/devportal-openapi-spec-v0.9.yamlportals/developer-portal/it/Makefileportals/developer-portal/it/configs/config-platform-api-it.tomlportals/developer-portal/it/docker-compose.test.postgres.yamlportals/developer-portal/it/docker-compose.test.yamlportals/developer-portal/it/rest-api/api-content/api-content.spec.jsportals/developer-portal/it/rest-api/api-keys/api-keys.spec.jsportals/developer-portal/it/rest-api/apis/artifact-zip-apis.spec.jsportals/developer-portal/it/rest-api/apis/rest-apis.spec.jsportals/developer-portal/it/rest-api/jest.config.jsportals/developer-portal/it/rest-api/subscriptions/webhook-events.spec.jsportals/developer-portal/it/rest-api/support/autoCleanup.jsportals/developer-portal/it/rest-api/support/cleanup.jsportals/developer-portal/it/rest-api/support/client.jsportals/developer-portal/it/rest-api/support/fixtures.jsportals/developer-portal/src/app.jsportals/developer-portal/src/controllers/apiContentController.jsportals/developer-portal/src/controllers/apiKeyController.jsportals/developer-portal/src/controllers/apiKeysOverviewController.jsportals/developer-portal/src/dao/apiDao.jsportals/developer-portal/src/defaultContent/partials/sidebar.hbsportals/developer-portal/src/pages/api-keys-overview/page.hbsportals/developer-portal/src/routes/api/handlers/apiKeysHandler.jsportals/developer-portal/src/routes/pages/apiKeysOverviewRoute.jsportals/developer-portal/src/scripts/api-keys-overview.jsportals/developer-portal/src/scripts/common.jsportals/developer-portal/src/services/apiMetadataService.js
💤 Files with no reviewable changes (2)
- docs/rest-apis/devportal/mcp-server-keys.md
- portals/developer-portal/src/dao/apiDao.js
The merge-base changed after approval.
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@portals/developer-portal/src/scripts/api-keys-overview.js`:
- Around line 154-166: Update loadApps so failed /applications requests return
an empty array without assigning [] to _apps; preserve caching only for
successfully parsed application data, allowing later modal opens to retry
transient failures.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: fefd03c1-87a0-41a8-b41a-c7f8e98bbcfd
📒 Files selected for processing (18)
docs/rest-apis/devportal/README.mddocs/rest-apis/devportal/api-keys.mddocs/rest-apis/devportal/mcp-server-keys.mddocs/rest-apis/devportal/schemas.mdportals/developer-portal/docs/devportal-openapi-spec-v0.9.yamlportals/developer-portal/it/rest-api/api-keys/api-keys.spec.jsportals/developer-portal/it/rest-api/api-keys/webhook-events.spec.jsportals/developer-portal/it/rest-api/mcp-servers/mcp-servers.spec.jsportals/developer-portal/src/app.jsportals/developer-portal/src/controllers/apiContentController.jsportals/developer-portal/src/controllers/apiKeyController.jsportals/developer-portal/src/controllers/apiKeysOverviewController.jsportals/developer-portal/src/defaultContent/partials/sidebar.hbsportals/developer-portal/src/pages/api-keys-overview/page.hbsportals/developer-portal/src/routes/api/handlers/apiKeysHandler.jsportals/developer-portal/src/routes/pages/apiKeysOverviewRoute.jsportals/developer-portal/src/scripts/api-keys-overview.jsportals/developer-portal/src/scripts/common.js
💤 Files with no reviewable changes (1)
- docs/rest-apis/devportal/mcp-server-keys.md
🚧 Files skipped from review as they are similar to previous changes (12)
- portals/developer-portal/src/routes/pages/apiKeysOverviewRoute.js
- portals/developer-portal/src/routes/api/handlers/apiKeysHandler.js
- portals/developer-portal/src/defaultContent/partials/sidebar.hbs
- docs/rest-apis/devportal/README.md
- portals/developer-portal/src/controllers/apiKeysOverviewController.js
- portals/developer-portal/src/app.js
- portals/developer-portal/it/rest-api/api-keys/api-keys.spec.js
- portals/developer-portal/it/rest-api/mcp-servers/mcp-servers.spec.js
- portals/developer-portal/src/controllers/apiKeyController.js
- portals/developer-portal/it/rest-api/api-keys/webhook-events.spec.js
- portals/developer-portal/src/pages/api-keys-overview/page.hbs
- portals/developer-portal/src/controllers/apiContentController.js
Purpose
Implementing a page to display the user's api keys
Approach
Implemented the page with the same design as in the api's api-keys page
Automation tests
Samples