[ * 'include' => 'api', * 'exclude' => ['api/internal'], * ], * * Without *, patterns match path segments (api matches api and api/users, not apiary). * With *, Str::is is used (e.g. api/v*). * * One static include → default server is /{include} and paths are stripped (/users). * Multiple includes or wildcards → server defaults to / and paths stay full (/api/users). * Override with `servers`, or use Scramble::registerApi() for separate bases. */ 'api_path' => 'api/v1', /* * Your API domain. By default, app domain is used. This is also a part of the default API routes * matcher, so when implementing your own, make sure you use this config if needed. */ 'api_domain' => null, /* * The path where your OpenAPI specification will be exported (relative to the * project root). Committed to the repo by CI so the api-docs.invoiceshelf.com * build can fetch it; also servable directly from this instance at /openapi.json. */ 'export_path' => 'public/openapi.json', /* * Cache configuration for the generated OpenAPI document. * * Use `scramble:cache` to warm the cache and `scramble:clear` to invalidate it. */ 'cache' => [ 'key' => 'scramble.openapi', 'store' => 'file', ], 'info' => [ /* * API version. Defaults to the value in the repo's version.md so the * generated spec self-labels (e.g. 3.0.0-alpha.1 on v3.0, 2.x on master). */ 'version' => env('API_VERSION', is_file(base_path('version.md')) ? trim((string) file_get_contents(base_path('version.md'))) : '0.0.1'), /* * Description rendered on the home page of the API documentation (`/docs/api`). */ 'description' => 'REST API for InvoiceShelf — open-source invoicing & expense tracking. ' .'Authenticate with a Sanctum personal access token (Authorization: Bearer ). ' .'Company-scoped endpoints additionally require a `company` header carrying the company ID.', ], 'ui' => [ 'title' => 'InvoiceShelf API', ], 'renderer' => 'elements', 'renderers' => [ /* * Stoplight Elements config options: https://docs.stoplight.io/docs/elements/b074dc47b2826-elements-configuration-options */ 'elements' => [ 'view' => 'scramble::docs', 'theme' => 'light', 'hideTryIt' => false, 'hideSchemas' => false, 'logo' => '', 'tryItCredentialsPolicy' => 'include', 'layout' => 'responsive', 'router' => 'hash', ], /* * Scalar API reference config options: https://scalar.com/products/api-references/configuration */ 'scalar' => [ 'view' => 'scramble::scalar', 'cdn' => 'https://cdn.jsdelivr.net/npm/@scalar/api-reference', 'theme' => 'laravel', 'proxyUrl' => 'https://proxy.scalar.com', 'darkMode' => false, 'showDeveloperTools' => 'never', 'agent' => ['disabled' => true], 'credentials' => 'include', ], ], /* * The list of servers of the API. By default, when `null`, server URL will be created from * `scramble.api_path` and `scramble.api_domain` config variables. When providing an array, you * will need to specify the local server URL manually (if needed). * * Example of non-default config (final URLs are generated using Laravel `url` helper): * * ```php * 'servers' => [ * 'Live' => 'api', * 'Prod' => 'https://scramble.dedoc.co/api', * ], * ``` */ 'servers' => [ // InvoiceShelf is self-hosted: every instance has its own host. A clean // placeholder is documented here instead of baking in the build-time // APP_URL (which would leak a dev/CI hostname into the public spec). // Readers replace it with their own instance URL. 'Your InvoiceShelf instance' => 'https://your-instance.example.com/api/v1', ], /** * Determines how Scramble stores the descriptions of enum cases. * Available options: * - 'description' – Case descriptions are stored as the enum schema's description using table formatting. * - 'extension' – Case descriptions are stored in the `x-enumDescriptions` enum schema extension. * * @see https://redocly.com/docs-legacy/api-reference-docs/specification-extensions/x-enum-descriptions * - false - Case descriptions are ignored. */ 'enum_cases_description_strategy' => 'description', /** * Determines how Scramble stores the names of enum cases. * Available options: * - 'names' – Case names are stored in the `x-enumNames` enum schema extension. * - 'varnames' - Case names are stored in the `x-enum-varnames` enum schema extension. * - false - Case names are not stored. */ 'enum_cases_names_strategy' => false, /** * When Scramble encounters deep objects in query parameters, it flattens the parameters so the generated * OpenAPI document correctly describes the API. Flattening deep query parameters is relevant until * OpenAPI 3.2 is released and query string structure can be described properly. * * For example, this nested validation rule describes the object with `bar` property: * `['foo.bar' => ['required', 'int']]`. * * When `flatten_deep_query_parameters` is `true`, Scramble will document the parameter like so: * `{"name":"foo[bar]", "schema":{"type":"int"}, "required":true}`. * * When `flatten_deep_query_parameters` is `false`, Scramble will document the parameter like so: * `{"name":"foo", "schema": {"type":"object", "properties":{"bar":{"type": "int"}}, "required": ["bar"]}, "required":true}`. */ 'flatten_deep_query_parameters' => true, 'middleware' => [ 'web', RestrictedDocsAccess::class, ], 'extensions' => [], /* * Automatically document API security (OpenAPI `security` / `securitySchemes`) based on route * middleware. * * Disabled by default. Uncomment the line below to enable `MiddlewareAuthSecurityStrategy`. * When at least one documented route uses middleware matching the configured patterns (by default * `auth` and `auth:*`), bearer auth is applied globally. Routes without matching middleware are * marked as public (`security: []`). * * Set to `null` explicitly to disable. If you already configure security manually via * `afterOpenApiGenerated` / `extendOpenApi`, keep this disabled to avoid duplicate schemes. * * Customize with a class-string or [class, options]: * * 'security_strategy' => [ * \Dedoc\Scramble\SecurityDocumentation\MiddlewareAuthSecurityStrategy::class, * [ * 'middleware' => ['auth', 'auth:*'], * 'scheme' => \Dedoc\Scramble\Support\Generator\SecurityScheme::http('bearer'), * ], * ], */ // 'security_strategy' => \Dedoc\Scramble\SecurityDocumentation\MiddlewareAuthSecurityStrategy::class, 'security_strategy' => null, ];