API

The OWASP Nest API is divided into two primary interfaces: GraphQL and REST.

GraphQL API

The GraphQL API (internal) is the primary interface used by the OWASP Nest frontend application.

• Framework: Built using Strawberry GraphQL.
• Endpoint: /graphql/
• Playground: An interactive GraphiQL interface is automatically available at /graphql/ when running the backend in development mode (DJANGO_CONFIGURATION=Local).

REST API (v0)

The REST API (external) is used primarily for programmatic access, integrations, and generating client SDKs.

• Framework: Built using Django Ninja.
• Base Route: /api/v0/
• Schema: Auto-generated OpenAPI (Swagger) specification is available at /api/v0/openapi.json.

Client SDKs

The OpenAPI specification is used to generate official SDKs in various languages:

• Go SDK
• Python SDK
• TypeScript SDK

Important Constraints

When contributing to the REST API, follow these rules to avoid breaking SDK generation:

1. Unique operationId

Each API endpoint must have a unique operationId in the OpenAPI spec. Duplicate operationIds will cause method conflicts in generated SDKs.

2. Stable Authentication Class Name

The authentication class in backend/apps/api/rest/auth/api_key.py must be named ApiKey.

• The client's api_key parameter is automatically derived from this class name.
• Do not rename this class.