API Versioning Audit Report¶

Generated: 2026-01-21 Purpose: Identify API endpoints versioning status and risk factors for future changes Audience: Development team, API consumers, QA/Postman testing

Executive Summary¶

Category	Count	Status
Versioned (v1)	67	✅ Safe - frozen baseline
Unversioned (legacy)	72	⚠️ At Risk - deprecated
Agentic Workflows	23	🔴 Critical - unversioned
Webhooks	5	⚠️ At Risk - no versioning

Key Findings¶

Agentic workflow endpoints are NOT versioned - highest risk for breaking changes
Dry-run session API is unversioned - stateful API with complex contracts
Legacy /api/* routes duplicate v1 - planned for sunset
Partner APIs are properly versioned in /api/v1/partners/*

Risk Assessment Matrix¶

Risk Level	Definition	Action Required
🔴 Critical	Breaking changes will impact consumers immediately	Migrate to v1 before any changes
⚠️ High	Deprecated, changes discouraged	Use v1 equivalents
🟡 Medium	Stable but not versioned	Monitor for breaking changes
✅ Low	Properly versioned	Follow v1 freeze policy

Part 1: Versioned Endpoints (v1) ✅¶

These endpoints are frozen under the v1 policy. Only bug fixes allowed; breaking changes require v2.

1.1 Authentication & User Management¶

Method	Endpoint	Controller	Risk
POST	`/api/v1/auth/register`	AuthController@register	✅ Low
POST	`/api/v1/auth/forgot-password`	AuthController@sendPasswordResetMail	✅ Low
GET	`/api/v1/auth/email/verify`	AuthController@emailConfirmationMail	✅ Low
POST	`/api/v1/auth/email/verify/resend`	AuthController@resend	✅ Low
GET	`/api/v1/auth/social-login`	AuthController@getSupportedLoginMethods	✅ Low
GET	`/api/v1/auth/logo`	AppController@getLogo	✅ Low
POST	`/api/v1/auth/google-login`	SocialLoginController@google	✅ Low
POST	`/api/v1/auth/apple-login`	SocialLoginController@apple	✅ Low
POST	`/api/v1/auth/logout`	AuthController@logout	✅ Low
GET	`/api/v1/auth/profile/`	UserController@index	✅ Low
PATCH	`/api/v1/auth/profile/`	UserController@update	✅ Low
DELETE	`/api/v1/auth/profile/`	UserController@destroy	✅ Low

1.2 Application Settings¶

Method	Endpoint	Controller	Risk
GET	`/api/v1/app/email-confirmation-setting`	AppController@getEmailConfirmationSetting	✅ Low
GET	`/api/v1/app/get-setting`	AppController@getSetting	✅ Low
GET	`/api/v1/app/usage-data`	AppController@getUsageData	✅ Low
GET	`/api/v1/app/currency/{id?}`	AppController@getCurrency	✅ Low

1.3 AI Chat¶

Method	Endpoint	Controller	Risk
POST	`/api/v1/aichat/stream-test`	AIChatController@developerStreamTest	✅ Low
POST	`/api/v1/aichat/change-chat-title`	AIChatController@changeChatTitle	✅ Low
GET	`/api/v1/aichat/chat-templates/{id?}`	ChatTemplatesController@index	✅ Low
PATCH	`/api/v1/aichat/chat-templates/`	ChatTemplatesController@update	✅ Low
DELETE	`/api/v1/aichat/chat-templates/{id}`	ChatTemplatesController@destroy	✅ Low
GET	`/api/v1/aichat/chat/{conver_id}`	AIChatController@conversations	✅ Low
GET	`/api/v1/aichat/chat/{conver_id}/messages`	AIChatController@conversationChats	✅ Low
GET	`/api/v1/aichat/chat/{conver_id}/messages/{id}`	AIChatController@conversationChats	✅ Low
GET/POST	`/api/v1/aichat/chat-send`	AIChatController@chatOutput	✅ Low
POST	`/api/v1/aichat/new-chat`	AIChatController@startNewChat	✅ Low
GET	`/api/v1/aichat/history/{cat_slug}`	AIChatController@openAIChat	✅ Low
DELETE	`/api/v1/aichat/history/`	AIChatController@deleteChat	✅ Low
PATCH	`/api/v1/aichat/history/`	AIChatController@renameChat	✅ Low
POST	`/api/v1/aichat/search-history`	AIChatController@searchChatHistory	✅ Low
GET	`/api/v1/aichat/recent-chats`	AIChatController@recentChats	✅ Low
POST	`/api/v1/aichat/search-recent-chats`	AIChatController@searchRecentChats	✅ Low

1.4 AI Real-time Chat¶

Method	Endpoint	Controller	Risk
POST	`/api/v1/airealtimechat/stream-test`	AIRealTimeChatController@developerStreamTest	✅ Low
POST	`/api/v1/airealtimechat/change-chat-title`	AIRealTimeChatController@changeChatTitle	✅ Low
GET/POST	`/api/v1/airealtimechat/chat-send`	AIRealTimeChatController@chatOutput	✅ Low
POST	`/api/v1/airealtimechat/new-chat`	AIRealTimeChatController@startNewChat	✅ Low
GET	`/api/v1/airealtimechat/websocket-credentials`	AIRealTimeChatController@getWebsocketCredentials	✅ Low
POST	`/api/v1/airealtimechat/save-conversation`	AIRealTimeChatController@saveConversation	✅ Low

1.5 AI Writer¶

Method	Endpoint	Controller	Risk
GET	`/api/v1/aiwriter/generator/{slug}`	AIWriterController@openAIGeneratorApi	✅ Low
GET	`/api/v1/aiwriter/generator/{slug}/workbook`	AIWriterController@openAIGeneratorWorkbookApi	✅ Low
POST	`/api/v1/aiwriter/generate`	AIController@buildOutput	✅ Low
POST	`/api/v1/aiwriter/generate-output`	AIWriterController@streamedTextOutput	✅ Low
GET	`/api/v1/aiwriter/generate/lazyload`	AIWriterController@lazyLoadImage	✅ Low
POST	`/api/v1/aiwriter/generate/save`	AIWriterController@lowGenerateSave	✅ Low
GET	`/api/v1/aiwriter/openai-list`	AIWriterController@getOpenAIWriterList	✅ Low
GET	`/api/v1/aiwriter/favorite-openai-list`	AIWriterController@favoriteOpenaiList	✅ Low
POST	`/api/v1/aiwriter/favorite-openai-list-add`	AIWriterController@addToFavoriteOpenaiList	✅ Low
POST	`/api/v1/aiwriter/favorite-openai-list-remove`	AIWriterController@removeFromFavoriteOpenaiList	✅ Low

1.6 AI Image¶

Method	Endpoint	Controller	Risk
GET	`/api/v1/aiimage/versions`	AIImageController@versions	✅ Low
GET	`/api/v1/aiimage/check-availability`	AIImageController@checkActiveGeneration	✅ Low
POST	`/api/v1/aiimage/generate-image`	AIImageController@generateImage	✅ Low
GET	`/api/v1/aiimage/recent-images`	AIImageController@getRecentImages	✅ Low

1.7 GTM Schedule Engine (v1)¶

Method	Endpoint	Controller	Risk
GET	`/api/v1/gtm-schedule/feed.ics`	V1\GtmScheduleController@feed	✅ Low
GET	`/api/v1/gtm-schedule/events`	V1\GtmScheduleController@index	✅ Low
GET	`/api/v1/gtm-schedule/events/{id}`	V1\GtmScheduleController@show	✅ Low
GET	`/api/v1/gtm-schedule/events/{id}/ics`	V1\GtmScheduleController@downloadEventIcs	✅ Low
GET	`/api/v1/gtm-schedule/export`	V1\GtmScheduleController@export	✅ Low
POST	`/api/v1/gtm-schedule/subscription`	V1\GtmScheduleController@subscription	✅ Low
POST	`/api/v1/gtm-schedule/subscription/regenerate`	V1\GtmScheduleController@regenerateSubscription	✅ Low
GET	`/api/v1/gtm-schedule/filters`	V1\GtmScheduleController@filters	✅ Low

1.8 Partner API (v1) - Properly Versioned¶

Method	Endpoint	Controller	Risk
GET	`/api/v1/partners/profile`	V1\PartnerController@profile	✅ Low
GET	`/api/v1/partners/listings/`	V1\PartnerListingController@index	✅ Low
GET	`/api/v1/partners/listings/{id}`	V1\PartnerListingController@show	✅ Low
PUT	`/api/v1/partners/listings/{id}`	V1\PartnerListingController@update	✅ Low
GET	`/api/v1/partners/listings/{id}/seo`	V1\PartnerListingController@seoScore	✅ Low
GET	`/api/v1/partners/listings/{id}/recommendations`	V1\PartnerListingController@recommendations	✅ Low
GET	`/api/v1/partners/cosell/opportunities`	V1\CoSellController@index	✅ Low
POST	`/api/v1/partners/cosell/opportunities`	V1\CoSellController@store	✅ Low
GET	`/api/v1/partners/cosell/opportunities/{id}`	V1\CoSellController@show	✅ Low
PATCH	`/api/v1/partners/cosell/opportunities/{id}`	V1\CoSellController@update	✅ Low
GET	`/api/v1/partners/cosell/opportunities/{id}/timeline`	V1\CoSellController@timeline	✅ Low
GET	`/api/v1/partners/analytics/summary`	V1\PartnerAnalyticsController@summary	✅ Low
GET	`/api/v1/partners/analytics/reports`	V1\PartnerAnalyticsController@reports	✅ Low
GET	`/api/v1/partners/analytics/reports/{id}`	V1\PartnerAnalyticsController@showReport	✅ Low
GET	`/api/v1/partners/webhooks/`	V1\WebhookController@index	✅ Low
POST	`/api/v1/partners/webhooks/`	V1\WebhookController@store	✅ Low
DELETE	`/api/v1/partners/webhooks/{id}`	V1\WebhookController@destroy	✅ Low
GET	`/api/v1/partners/webhooks/events`	V1\WebhookController@events	✅ Low
POST	`/api/v1/partners/webhooks/test`	V1\WebhookController@test	✅ Low

Part 2: Unversioned Endpoints (Legacy) ⚠️¶

These endpoints exist at /api/* without version prefix. They are deprecated and planned for sunset.

2.1 Legacy Auth & App (Duplicates v1)¶

All endpoints in sections 1.1-1.6 also exist unversioned at /api/auth/*, /api/app/*, etc.

Risk: ⚠️ High - Deprecation warnings should be added Action: Redirect consumers to /api/v1/* equivalents

2.2 Affiliates (Legacy-Only Endpoint)¶

Method	Endpoint	Controller	Risk
POST	`/api/affiliates/update-reference`	AffiliateApiController@updateReference	⚠️ High

Note: This endpoint exists in legacy but NOT in v1. Must be added to v1 before sunset.

Part 3: Agentic Workflow Endpoints 🔴 CRITICAL¶

These endpoints are NOT versioned and represent the highest risk for breaking changes.

3.1 Agent Audit & Migration API¶

Base URL: /api/agents/audit Controller: App\Extensions\ContentManager\System\Http\Controllers\AgentAuditController Risk Level: 🔴 Critical - Complex stateful operations, frequent iteration expected

Dashboard & Overview¶

Method	Endpoint	Action	Risk	Notes
GET	`/api/agents/audit/`	index	🔴 Critical	Dashboard data, likely to change
GET	`/api/agents/audit/company-analytics`	companyAnalytics	🔴 Critical	Analytics schema may evolve
GET	`/api/agents/audit/marketplace-metrics`	marketplaceMetrics	🔴 Critical	Marketplace-specific metrics

Configuration¶

Method	Endpoint	Action	Risk	Notes
POST	`/api/agents/audit/recommend-configuration`	recommendConfiguration	🔴 Critical	AI-driven recommendations
POST	`/api/agents/audit/batch-migrate`	batchMigrate	🔴 Critical	Bulk operations

Capability Testing (Admin Troubleshooting)¶

Method	Endpoint	Action	Risk	Notes
GET	`/api/agents/audit/capabilities/`	listCapabilities	🔴 Critical	Capability registry
POST	`/api/agents/audit/capabilities/estimate-cost`	estimateCapabilityCost	🔴 Critical	Cost estimation logic
POST	`/api/agents/audit/capabilities/model-recommendation`	getModelRecommendation	🔴 Critical	Model selection logic
POST	`/api/agents/audit/capabilities/{capability}/test`	testCapability	🔴 Critical	Capability isolation testing

Per-Agent Operations¶

Method	Endpoint	Action	Risk	Notes
GET	`/api/agents/audit/{agent}/metrics`	agentMetrics	🔴 Critical	Agent-specific metrics
GET	`/api/agents/audit/{agent}/validate`	validateConfiguration	🔴 Critical	Configuration validation
POST	`/api/agents/audit/{agent}/migrate`	migrate	🔴 Critical	Migration trigger
POST	`/api/agents/audit/{agent}/rollback`	rollbackMigration	🔴 Critical	Rollback capability
POST	`/api/agents/audit/{agent}/dry-run`	executeDryRun	🔴 Critical	Dry-run execution
POST	`/api/agents/audit/{agent}/challenge`	challengeWorkflow	🔴 Critical	Workflow challenge testing
GET	`/api/agents/audit/{agent}/marketplace-readiness`	testMarketplaceReadiness	🔴 Critical	AWS Marketplace prep
POST	`/api/agents/audit/{agent}/preview-capability`	previewCapability	🔴 Critical	Capability preview
POST	`/api/agents/audit/{agent}/capability-models`	setAgentCapabilityModels	🔴 Critical	Model configuration
POST	`/api/agents/audit/{agent}/dry-run-session`	createDryRunSession	🔴 Critical	Session creation

3.2 Dry Run Sessions API (Stateful)¶

Base URL: /api/dry-run/sessions Controller: App\Http\Controllers\DryRun\DryRunSessionController Risk Level: 🔴 Critical - Stateful conversation management

Method	Endpoint	Action	Risk	Notes
GET	`/api/dry-run/sessions/`	index	🔴 Critical	List all sessions
POST	`/api/dry-run/sessions/start`	start	🔴 Critical	Start new session
GET	`/api/dry-run/sessions/{token}`	show	🔴 Critical	Get session by token
POST	`/api/dry-run/sessions/{token}/message`	sendMessage	🔴 Critical	Send message to session
PUT	`/api/dry-run/sessions/{token}/persona`	switchPersona	🔴 Critical	Multi-persona testing
POST	`/api/dry-run/sessions/{token}/reset`	reset	🔴 Critical	Reset session state
POST	`/api/dry-run/sessions/{token}/end`	end	🔴 Critical	End session

Part 4: Webhooks (Unversioned) ⚠️¶

Base URL: /webhooks/* or /webhook/* Risk Level: ⚠️ High - Payment gateway callbacks, signature verification

Method	Endpoint	Controller	Risk
GET/POST	`/webhooks/{gateway}`	PaymentProcessController@handleWebhook	⚠️ High
ANY	`/webhooks/stripe/{subscription}/success`	PaymentProcessController@stripeSuccess	⚠️ High
ANY	`/webhooks/stripe/{subscription}/cancel`	PaymentProcessController@stripeCancel	⚠️ High
ANY	`/webhooks/stripe/{plan}/{user}/success/prepaid`	PaymentProcessController@prepaidStripeSuccess	⚠️ High
ANY	`/webhooks/stripe/cancel/prepaid`	PaymentProcessController@stripeCancel	⚠️ High
GET/POST	`/webhook/{gateway}`	PaymentProcessController@handleWebhook	⚠️ High

Note: Webhook URLs are often configured in third-party systems and difficult to change.

Part 5: Postman Collection - Agentic Workflows¶

For Postman testing of agentic workflows, use the following collection structure:

Environment Variables¶

{
  "base_url": "{{your_api_base_url}}",
  "api_token": "{{your_bearer_token}}",
  "agent_id": "{{agent_identifier}}",
  "session_token": "{{dry_run_session_token}}"
}

Collection: Agent Audit API¶

Folder: Dashboard¶

GET {{base_url}}/api/agents/audit/
Authorization: Bearer {{api_token}}

GET {{base_url}}/api/agents/audit/company-analytics
Authorization: Bearer {{api_token}}

GET {{base_url}}/api/agents/audit/marketplace-metrics
Authorization: Bearer {{api_token}}

Folder: Capabilities¶

GET {{base_url}}/api/agents/audit/capabilities/
Authorization: Bearer {{api_token}}

POST {{base_url}}/api/agents/audit/capabilities/estimate-cost
Authorization: Bearer {{api_token}}
Content-Type: application/json
Body: {
  "capability": "content_generation",
  "input_tokens": 1000,
  "output_tokens": 2000
}

POST {{base_url}}/api/agents/audit/capabilities/model-recommendation
Authorization: Bearer {{api_token}}
Content-Type: application/json
Body: {
  "capability": "content_generation",
  "quality": "high",
  "latency_priority": "low"
}

POST {{base_url}}/api/agents/audit/capabilities/{{capability}}/test
Authorization: Bearer {{api_token}}
Content-Type: application/json
Body: {
  "test_input": "Sample input for capability testing",
  "parameters": {}
}

Folder: Agent Operations¶

GET {{base_url}}/api/agents/audit/{{agent_id}}/metrics
Authorization: Bearer {{api_token}}

GET {{base_url}}/api/agents/audit/{{agent_id}}/validate
Authorization: Bearer {{api_token}}

POST {{base_url}}/api/agents/audit/{{agent_id}}/migrate
Authorization: Bearer {{api_token}}
Content-Type: application/json
Body: {
  "target_layer": "bedrock",
  "dry_run": true
}

POST {{base_url}}/api/agents/audit/{{agent_id}}/rollback
Authorization: Bearer {{api_token}}

POST {{base_url}}/api/agents/audit/{{agent_id}}/dry-run
Authorization: Bearer {{api_token}}
Content-Type: application/json
Body: {
  "scenario": "customer_inquiry",
  "input": "Tell me about your enterprise pricing",
  "persona": "enterprise_buyer"
}

POST {{base_url}}/api/agents/audit/{{agent_id}}/challenge
Authorization: Bearer {{api_token}}
Content-Type: application/json
Body: {
  "challenge_type": "edge_case",
  "input": "What if I need to cancel mid-contract?"
}

GET {{base_url}}/api/agents/audit/{{agent_id}}/marketplace-readiness
Authorization: Bearer {{api_token}}

POST {{base_url}}/api/agents/audit/{{agent_id}}/preview-capability
Authorization: Bearer {{api_token}}
Content-Type: application/json
Body: {
  "capability": "brand_voice_enrichment",
  "sample_input": "Our product helps..."
}

POST {{base_url}}/api/agents/audit/{{agent_id}}/capability-models
Authorization: Bearer {{api_token}}
Content-Type: application/json
Body: {
  "capabilities": {
    "content_generation": "claude-3-sonnet",
    "analysis": "claude-3-haiku"
  }
}

Collection: Dry Run Sessions¶

GET {{base_url}}/api/dry-run/sessions/
Authorization: Bearer {{api_token}}

POST {{base_url}}/api/dry-run/sessions/start
Authorization: Bearer {{api_token}}
Content-Type: application/json
Body: {
  "agent_id": "{{agent_id}}",
  "persona": "enterprise_buyer",
  "quality": "standard",
  "enable_memory": true
}

GET {{base_url}}/api/dry-run/sessions/{{session_token}}
Authorization: Bearer {{api_token}}

POST {{base_url}}/api/dry-run/sessions/{{session_token}}/message
Authorization: Bearer {{api_token}}
Content-Type: application/json
Body: {
  "content": "I'm interested in your enterprise tier",
  "metadata": {
    "intent": "pricing_inquiry"
  }
}

PUT {{base_url}}/api/dry-run/sessions/{{session_token}}/persona
Authorization: Bearer {{api_token}}
Content-Type: application/json
Body: {
  "persona": "technical_evaluator"
}

POST {{base_url}}/api/dry-run/sessions/{{session_token}}/reset
Authorization: Bearer {{api_token}}

POST {{base_url}}/api/dry-run/sessions/{{session_token}}/end
Authorization: Bearer {{api_token}}

Part 6: Recommendations¶

Immediate Actions¶

Version the Agentic APIs
Move /api/agents/audit/* to /api/v1/agents/audit/*
Move /api/dry-run/sessions/* to /api/v1/dry-run/sessions/*
Add deprecation headers to current unversioned routes
Add Missing v1 Endpoint
POST /api/v1/affiliates/update-reference (currently only in legacy)
Document Breaking Change Policy
Agentic APIs are evolving rapidly
Consider v1 "beta" designation for 3-6 months

Medium-Term Actions¶

Add API Gateway
Rate limiting per consumer
Request/response logging
Usage analytics
OpenAPI Documentation
Generate OpenAPI 3.0 spec
Include request/response schemas
Version-specific documentation
Webhook Versioning
Consider /webhooks/v1/{gateway} pattern
Document callback URL migration plan

Long-Term Actions¶

v2 Planning
Identify breaking changes needed
Schema evolution strategy
Deprecation timeline for v1

Part 7: Testing Checklist¶

Pre-Release Checklist for Agentic APIs¶

All endpoints return consistent error format
Rate limiting configured appropriately
Authentication required on all endpoints
Request validation in place
Response schemas documented
Postman collection updated
Breaking changes noted in changelog

Postman Test Scenarios¶

Happy Path - Standard workflow execution
Error Handling - Invalid inputs, missing auth
Edge Cases - Large payloads, special characters
State Management - Session lifecycle
Concurrent Access - Multiple sessions
Performance - Response time benchmarks

Appendix A: Endpoint Count Summary¶

Route File	Versioned	Unversioned	Total
`api_v1.php`	67	0	67
`api.php`	0	72	72
`webhooks.php`	0	5	5
Total	67	77	144

Appendix B: Controller Mapping¶

Controller Namespace	Versioning Status
`App\Http\Controllers\Api\V1\*`	✅ Versioned
`App\Http\Controllers\Api\*`	⚠️ Legacy
`App\Http\Controllers\DryRun\*`	🔴 Unversioned
`App\Extensions\ContentManager\System\Http\Controllers\*`	🔴 Unversioned
`App\Http\Controllers\Finance\*`	⚠️ Unversioned

Document Version: 1.0 Last Updated: 2026-01-21