Skip to content

Configuration API

Overview

The Configuration API manages application settings and tenant-specific configurations within the Gustaffo Reservations system.

Base Path

All configuration endpoints are prefixed with /configuration

Authentication

All configuration endpoints require admin authentication (ROLE_admin).

Configuration Process

The configuration management process follows these steps:

  1. Configuration Request: Admin requests configuration settings
  2. Authentication: System validates admin credentials and tenant association
  3. Authorization: System verifies admin has permission to access/modify configurations
  4. Configuration Retrieval/Update: System processes the configuration operation
  5. Validation: For updates, system validates configuration values
  6. Persistence: Configuration changes are saved to database
  7. Audit: Configuration changes are logged for audit purposes
  8. Notification: System components are notified of configuration changes

Endpoints

Get Configurations

Retrieves configuration settings for a specific type.

Endpoint: GET /configuration/{type}

Parameters: - type (path) - The configuration type

Authorization: - Requires ROLE_admin role - User must be associated with a tenant

Response: Returns configuration settings for the specified type and tenant.

Status Codes: - 200 OK - Configuration retrieved successfully - 401 Unauthorized - Authentication required or invalid tenant - 403 Forbidden - Insufficient permissions

Update Configurations

Creates or updates configuration settings.

Endpoint: POST /configuration/upsert

Request Body: List of configuration objects to create or update.

Authorization: - Requires ROLE_admin role - User must be associated with a tenant

Response: Returns success/failure status of the operation.

Status Codes: - 200 OK - Configuration updated successfully - 400 Bad Request - Invalid configuration data - 401 Unauthorized - Authentication required or invalid tenant - 403 Forbidden - Insufficient permissions

Configuration Types

The system supports various configuration types:

General Settings

Application-wide settings that affect system behavior.

Tenant Settings

Tenant-specific configurations including: - Branding preferences - Feature toggles - Integration settings - Notification preferences

Hotel Settings

Property-specific configurations: - Room type settings - Pricing configurations - Policy settings - Integration parameters

Business Rules

Configuration Management

  • Only tenant owners can modify configurations
  • Configuration changes are logged for audit purposes
  • Some configurations require system restart to take effect
  • Invalid configurations are rejected with detailed error messages

Tenant Isolation

  • Each tenant can only access their own configurations
  • Configuration changes are isolated per tenant
  • Cross-tenant configuration access is prevented

Security Considerations

Access Control

  • All endpoints require admin authentication
  • Tenant association is verified for all operations
  • Configuration changes are logged and audited

Data Validation

  • Configuration values are validated before saving
  • Type-specific validation rules apply
  • Malformed configuration data is rejected
Back to top