Website changes docs playground #10413
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@oliverqx could you please check if I didn't forget anything when creating the patch? Thanks! |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
PR Summary
This PR removes the API playground components from the documentation website and introduces new API & webhooks documentation, indicating a shift to hosting the playground within the Twenty application's settings.
- Removed all playground-related components (
rest-api-wrapper.tsx,graphql-playground.tsx,token-form.tsx) and their associated styles from/packages/twenty-website/src/app/_components/playground/ - Added comprehensive webhooks documentation in
/packages/twenty-website/src/content/developers/api-and-webhooks/webhooks.mdxcovering setup, events, and security practices - Added new API documentation in
/packages/twenty-website/src/content/developers/api-and-webhooks/api.mdxexplaining the move of the playground to app settings - Restructured documentation by moving API content from 'Extending' to 'Getting Started' section in
DocsIndex.ts - Removed separate REST and GraphQL API documentation files, consolidating content into the new API documentation
16 file(s) reviewed, 4 comment(s)
Edit PR Review Bot Settings | Greptile
| ## Security and Best Practices | ||
| When using webhooks, you should secure your endpoint since it will be accepting incoming requests: | ||
|
|
||
| * **Validate Source:** Since the requests come from Twenty’s servers, you may want to verify the request truly originated from Twenty. Currently, Twenty’s webhook requests do not include a built-in signature or secret (no shared secret token was set during creation in the current version). A common practice is to use a secret token in the URL itself or as a header that only you and the Twenty system know, to validate the call. For example, when setting the webhook URL in settings, you might include a query param like `?token=YOUR_SECRET`. Your endpoint can then check that token on each request. |
There was a problem hiding this comment.
logic: Recommending to include tokens in URLs is not a secure practice as URLs can be logged. Consider recommending custom HTTP headers or signed payloads instead.
Suggested change
| * **Validate Source:** Since the requests come from Twenty’s servers, you may want to verify the request truly originated from Twenty. Currently, Twenty’s webhook requests do not include a built-in signature or secret (no shared secret token was set during creation in the current version). A common practice is to use a secret token in the URL itself or as a header that only you and the Twenty system know, to validate the call. For example, when setting the webhook URL in settings, you might include a query param like `?token=YOUR_SECRET`. Your endpoint can then check that token on each request. | |
| * **Validate Source:** Since the requests come from Twenty's servers, you may want to verify the request truly originated from Twenty. Currently, Twenty's webhook requests do not include a built-in signature or secret (no shared secret token was set during creation in the current version). A common practice is to use a custom HTTP header (e.g. `X-Twenty-Token`) that only you and the Twenty system know, to validate the call. Your endpoint can then check that header value on each request. |
| "firstName": "Alice", | ||
| "lastName": "Doe", | ||
| "email": "[email protected]", | ||
| "createdAt": "2025-02-10T15:30:45Z", |
There was a problem hiding this comment.
style: Example uses a future date (2025). Should use a past or present date for the example.
| ## Overview | ||
| The Twenty API allows developers to interact programmatically with the Twenty CRM platform. Using the API, you can integrate Twenty with other systems, automate data synchronization, and build custom solutions around your customer data. The API provides endpoints to **create, read, update, and delete** core CRM objects (such as people and companies) as well as access metadata configuration. | ||
|
|
||
| **API Playground:** The interactive API Playground has been removed from this documentation site. You can now access the API Playground within your Twenty application’s settings. To try out API calls in real-time, log in to your Twenty app and navigate to **Settings > API & Webhooks** (under **Developers**). This will open the in-app API Playground and settings for API keys. _(If you don’t see the API & Webhooks section in Settings, enable “Advanced mode” in your app settings to reveal developer options.)_ **➡️ [[Go to API Settings](https://app.twenty.com/settings)](https://app.twenty.com/settings)** |
There was a problem hiding this comment.
syntax: Double link wrapping: [[Go to API Settings](https://app.twenty.com/settings)](https://app.twenty.com/settings) creates invalid markdown. Remove one set of brackets.
There was a problem hiding this comment.
style: Removing this file may break existing documentation links and references. Ensure all internal links are updated accordingly.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
From #10376 (extracting website related changes)