{"openapi": "3.0.3", "info": {"title": "Mallport Food chain pilot API", "version": "1.0.0", "description": "Pilot trace lots and ledger timelines for sellers who choose to use them — Mallport is a **peer-to-peer** marketplace (farms, businesses, home producers). This module is **not** statutory traceability or EUDR. Seller JSON/CSV exports use **session authentication** (browser cookie). Public verify uses a **signed time-limited** query token. Partner CSV uses session for portal users. Outbound **webhooks**: server POSTs to **seller-configured** HTTPS URLs."}, "servers": [{"url": "https://mallport.co.uk/food-chain/"}], "paths": {"api/v1/spec.json": {"get": {"operationId": "foodchainSpec", "summary": "Short discovery JSON", "security": [], "responses": {"200": {"description": "Endpoint map and schema notes"}}}}, "api/v1/openapi.json": {"get": {"operationId": "foodchainOpenapi", "summary": "This document", "security": [], "responses": {"200": {"description": "OpenAPI 3.0 JSON"}}}}, "verify/": {"get": {"operationId": "foodchainPublicVerify", "summary": "Read-only lot timeline (signed token)", "description": "Query parameter **t** is a TimestampSigner token (see Django signing). Rate-limited per client IP / forwarded-for. Returns HTML.", "security": [], "parameters": [{"name": "t", "in": "query", "required": true, "schema": {"type": "string"}}], "responses": {"200": {"description": "HTML read-only view"}, "410": {"description": "Invalid or expired token"}, "429": {"description": "Too many requests"}}}}, "export/portfolio.json": {"get": {"operationId": "foodchainPortfolioExport", "summary": "All lots JSON (schema_version 3)", "description": "Requires logged-in seller session (cookie).", "security": [{"FarmerSession": []}], "responses": {"200": {"description": "JSON attachment"}, "401": {"description": "Not authenticated"}, "429": {"description": "Export rate limited"}}}}, "export/ledger.csv": {"get": {"operationId": "foodchainLedgerCsvExport", "summary": "Ledger rows CSV (capped)", "description": "Requires logged-in seller session (cookie).", "security": [{"FarmerSession": []}], "responses": {"200": {"description": "CSV attachment"}, "401": {"description": "Not authenticated"}, "429": {"description": "Export rate limited"}}}}, "partner/timeline/export.csv": {"get": {"operationId": "foodchainPartnerTimelineCsv", "summary": "Partner-scoped ledger CSV", "description": "Session user must be linked as portal user on partner org(s).", "security": [{"PartnerSession": []}], "responses": {"200": {"description": "CSV attachment"}, "401": {"description": "Not authenticated"}, "429": {"description": "Rate limited"}}}}, "lots/{lotId}/export.json": {"get": {"operationId": "foodchainLotExport", "summary": "Single lot JSON (schema_version 2)", "description": "Requires logged-in seller session (cookie).", "security": [{"FarmerSession": []}], "parameters": [{"name": "lotId", "in": "path", "required": true, "schema": {"type": "integer"}}], "responses": {"200": {"description": "JSON attachment"}, "401": {"description": "Not authenticated"}}}}}, "components": {"securitySchemes": {"FarmerSession": {"type": "apiKey", "in": "cookie", "name": "sessionid", "description": "Standard Django session after login (same-origin). Endpoints are scoped to the signed-in seller with a producer (Farmer) profile."}, "PartnerSession": {"type": "apiKey", "in": "cookie", "name": "sessionid", "description": "Django session for partner portal user."}}}, "x-mallport": {"lot_export_schema_version": 2, "portfolio_export_schema_version": 3, "public_verify_url_template": "https://mallport.co.uk/food-chain/verify/?t=<token>", "webhook_payload": "HTTPS POST JSON on new ledger entry; optional HMAC X-Foodchain-Signature", "spec_url": "https://mallport.co.uk/food-chain/api/v1/spec.json", "openapi_self_url": "https://mallport.co.uk/food-chain/api/v1/openapi.json"}}