Playbook: Onboard a Project
Set up a complete project with environments, targets, and initial tests — all via API.
AI Prompt
"Using the Proofarc API at https://app.proofarc.ai, onboard a new project called 'My Service'. The API runs at http://my-service:8080 with Swagger at /v3/api-docs. Set up dev and staging environments with the target in both. Create a basic CRUD test scenario and run it."
Steps
1. Authenticate
TOKEN=$(curl -s $BASE_URL/api/auth/login -X POST \
-H "Content-Type: application/json" \
-d '{"username":"admin","password":"your-password"}' | \
python3 -c "import sys,json;print(json.load(sys.stdin)['token'])")
2. Create the project
PROJECT=$(curl -s -X POST -H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
$BASE_URL/api/projects \
-d '{"name":"My Service","description":"User management API"}')
PROJECT_ID=$(echo $PROJECT | python3 -c "import sys,json;print(json.load(sys.stdin)['id'])")
3. Add targets to environments
# Development environment (id=1)
curl -s -X POST -H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
$BASE_URL/api/environments/1/targets \
-d '{
"name":"My Service API",
"targetType":"REST_SERVICE",
"baseUrl":"http://my-service:8080",
"swaggerPath":"/v3/api-docs",
"healthcheckPath":"/actuator/health",
"appTag":"my-service"
}'
# Staging environment (id=2)
curl -s -X POST -H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
$BASE_URL/api/environments/2/targets \
-d '{
"name":"My Service API",
"targetType":"REST_SERVICE",
"baseUrl":"http://my-service-staging:8080",
"swaggerPath":"/v3/api-docs",
"appTag":"my-service"
}'
4. Link project to environments
# Link to dev and staging
curl -s -X POST -H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
$BASE_URL/api/projects/$PROJECT_ID/environments \
-d '{"environmentId":1}'
curl -s -X POST -H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
$BASE_URL/api/projects/$PROJECT_ID/environments \
-d '{"environmentId":2}'
5. Create API test scenario
curl -s -X POST -H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
$BASE_URL/api/scenarios \
-d '{
"name":"My Service Smoke Test",
"projectId":'$PROJECT_ID',
"environmentId":1,
"baseUrl":"http://my-service:8080",
"appTag":"my-service",
"steps":[
{
"stepOrder":1,
"name":"Health check",
"httpMethod":"GET",
"endpointPath":"/actuator/health",
"expectedStatusCodes":[200]
},
{
"stepOrder":2,
"name":"Swagger available",
"httpMethod":"GET",
"endpointPath":"/v3/api-docs",
"expectedStatusCodes":[200]
}
]
}'
5b. Wire auth (only if the app requires authentication)
If the application is marked AUTHENTICATED, execution is refused with a clear HTTP 400 until a usable auth source exists. Pick one:
-
Public-only first run (e.g. the health check above): add
"allowUnauthenticated":trueto the execute body in step 6. -
Protected endpoints: seed a credential and, for username/password, the login endpoint:
# Seed the credentialcurl -s -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \$BASE_URL/api/environments/1/auth-config/credentials \-d '{"tag":"admin","username":"admin","password":"admin123","isDefault":true}'# Tell the environment how to log in (skip if the credential is a static token / API key)curl -s -X PUT -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \$BASE_URL/api/environments/1/auth-config/auth-endpoint \-d '{"type":"BEARER","loginEndpoint":"/auth/login","tokenJsonPath":"$.accessToken"}'Then pass
"credentialTag":"admin"in the execute body. See API Authentication for the full matrix.
6. Execute and check results
# Execute
curl -s -X POST -H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
$BASE_URL/api/scenarios/1/execute \
-d '{"tags":["onboarding"]}'
# Wait 10 seconds, then check
sleep 10
curl -s -H "Authorization: Bearer $TOKEN" \
$BASE_URL/api/scenarios/1/executions
Result
You now have:
- A project with dev + staging environments
- API target configured with Swagger and health check paths
- A smoke test scenario that validates the API is reachable
- First execution results