Skip to content

Commit 1bd9d6e

Browse files
jwm4jwm4
authored
Merge pull request #89 from jwm4/docs/tutorial-api-auth
docs: add API authentication guidance to bugfix tutorial
2 parents 2b9d35b + ac57e28 commit 1bd9d6e

1 file changed

Lines changed: 27 additions & 1 deletion

File tree

docs/bugfix-tutorial.md

Lines changed: 27 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -272,14 +272,37 @@ UI. The Ambient Code Platform also supports triggering sessions
272272
programmatically, so you can incorporate bug fixing into CI/CD pipelines,
273273
scheduled jobs, or custom tooling.
274274

275-
### How it works
275+
### Using the REST API
276276

277277
Under the hood, creating a session is a single HTTP POST to the platform's
278278
backend API. The request body includes the prompt, the repositories to clone,
279279
and an `activeWorkflow` object that tells the platform which workflow to load.
280280
Anything that can make an authenticated HTTP request can create a bug fix
281281
session.
282282

283+
#### Prerequisites
284+
285+
You need three values:
286+
287+
- **`ACP_API_URL`** — the backend API URL. For the UAT environment, use
288+
`https://backend-route-ambient-code.apps.rosa.vteam-uat.0ksl.p3.openshiftapps.com/api`.
289+
For other environments, take your platform's browser URL (e.g.,
290+
`https://ambient-code.apps.my-cluster.example.com`) and replace
291+
`ambient-code` with `backend-route-ambient-code`, then append `/api`.
292+
- **`ACP_PROJECT`** — your project name on the platform.
293+
- **`ACP_TOKEN`** — a bearer token. Create an Access Key through the platform
294+
UI (by clicking on "Access Keys" in the left menu), or use any valid Kubernetes ServiceAccount token
295+
with the appropriate RBAC permissions.
296+
297+
> **Important:** Do not use the browser UI URL (the one you log into) as your
298+
> `ACP_API_URL`. The UI sits behind an OAuth proxy that handles browser-based
299+
> login but does not forward bearer tokens to the backend. API calls made
300+
> against the UI URL will fail with `401 User token required` even if the
301+
> token is valid. The backend route bypasses the OAuth proxy entirely, so
302+
> bearer tokens reach the API directly.
303+
304+
#### Creating a session
305+
283306
Here is the equivalent `curl` call:
284307

285308
```bash
@@ -323,6 +346,9 @@ Action wraps this API call for use in GitHub workflows. You can use it to
323346
automatically kick off a bug fix session when a new issue is opened, when a
324347
label is applied, or on any other GitHub event.
325348

349+
Store your backend route URL as `ACP_URL` and your token as `ACP_TOKEN` in
350+
your repository's GitHub Actions secrets.
351+
326352
The action supports two modes:
327353

328354
- **Fire-and-forget.** Create the session and let the GitHub workflow continue.

0 commit comments

Comments
 (0)