Project

General

Profile

Actions
Copy link

SQA #4290

open

[SQA] API Documentation Review – “Compress PDF”

Added by Aman Bhuiyan about 1 month ago. Updated about 1 month ago.

Status:
Complete
Priority:
High
Assignee:
Aman Bhuiyan
Category:
api
Target version:
Sprint 06
Start date:
02/26/2026
Due date:
% Done:

100%

Estimated time:
Spent time:
19:00 h

Description

Summary of Review

  • Reviewed API endpoints, request/response structure, authentication, and error handling.
  • Tested endpoints using Postman.
  • Documentation provides basic flow but lacks detailed schema and validation rules.
  • Error handling and file size limits are not fully documented.

Action Items

  • Confirm max file size and supported PDF types
  • Request detailed error code list
  • Clarify compression options and timeout behavior
  • Request updated API schema (OpenAPI/Swagger)
  • Prepare diverse test PDF datasets
Actions
Copy link
 #1

Updated by Aman Bhuiyan about 1 month ago

  • Tracker changed from CompressPdf to SQA
Actions
Copy link
 #2

Updated by Aman Bhuiyan about 1 month ago

  • Category set to api
  • Status changed from To Do to In Progress
  • % Done changed from 10 to 20

Summary

Overall review of the Compress PDF API documentation and initial endpoint validation performed via Postman.

The review focused on:

  • API endpoint structure and workflow
  • Request/response format consistency
  • Authentication mechanism
  • Error handling standards
  • Status code usage
  • File upload handling and size constraints
  • Compression configuration options
Actions
Copy link
 #3

Updated by Aman Bhuiyan about 1 month ago

Summary

1. /api/output/v1.0.0/rename-title

  • Issue: Returns 500 Internal Server Error for invalid/non-existent fieldId
  • Risk: Error response exposes internal route paths
  • Expected: Proper validation with 4xx response (e.g., 400/404)
  • Action: Logged as validation + security issue
  • Ref: PATCH request "output/v1.0.0/rename-title" (2026-03-03_09-29.png)

2. /api/shared/{id}

  • Issue: Returns correct 404 for non-existent fieldId
  • Risk: Error message exposes internal route details
    • Example: “Cannot POST /api/shared/{id}”
  • Expected: Generic error message without internal path exposure
  • Action: Logged as security hardening issue
  • Ref: POST request "New Request" (2026-03-03_09-36.png)

3. /api/output/v1.0.0/download-zip

  • Issue: Returns 200 OK when fieldIds array is empty
  • Expected: 400 Bad Request for invalid input
  • Impact: Improper input validation & misleading success response
  • Action: Logged as functional validation defect
  • Ref: POST request "download-zip" (2026-03-03_14-38.png)

Deliverable

Issue Sheet

Actions
Copy link
 #4

Updated by Aman Bhuiyan about 1 month ago

  • Status changed from In Progress to Complete
  • % Done changed from 20 to 100
Actions
Copy link

Also available in: Atom PDF