This project is a React + Express + Vite application that lets users paste API documentation and receive structured JSON, powered by Google's Gemini API.
- Frontend: React, Vite, Material-UI
- Backend: Node.js, Express, Docker
- Authentication: Session-based with
cookie-session - UI: MUI Icons
- AI Model: Google Gemini API
- Security: HTTP-only cookies, CSRF protection, secure sessions
git clone https://github.com/KatBen-Make/api-docs-to-json.git
cd api-docs-to-jsonnpm installThis installs dependencies for both client and server via root-level package.json.
Create a .env file in the project root:
# Server Configuration
SESSION_SECRET=your-very-secure-random-string-change-this-in-production
NODE_ENV=development
PORT=8080
# Frontend URL (for CORS in production)
FRONTEND_URL=https://your-frontend-domain.com
# API Keys
API_KEY=your_google_gemini_api_key_here
GEMINI_MODULE=gemini-2.5-flashπ Security Note: Never commit .env files with secrets to version control. Use strong, random values for SESSION_SECRET in production.
npm run dev- Frontend: http://localhost:3000
- Backend: http://localhost:8080
- Users must authenticate with a Make.com email and API token
- Only
@make.comemail addresses are allowed - Sessions are managed securely with HTTP-only cookies
- Automatic session expiration after 24 hours
To build and run the application using Docker:
docker build -t api-docs-to-json .
docker run -p 8080:8080 -it api-docs-to-jsonThe application will be available at http://localhost:8080.
- π Secure Authentication: Session-based auth with Make.com email validation
- π API Documentation Processing: Paste unstructured API docs and get structured JSON
- π€ AI-Powered: Submit prompts to Gemini AI for intelligent processing
- π¬ Conversation History: Add comments and maintain context across requests
- π Copy-to-Clipboard: Quick export functionality with MUI icons
- π Loading States: Comprehensive loading spinners and visual feedback
- π‘οΈ Security Features:
- HTTP-only cookies prevent XSS attacks
- CSRF protection with SameSite cookies
- Secure session management
- Input validation and sanitization
- π± Responsive Design: Works on desktop and mobile devices
- π« Input Protection: Prevents modification during API processing
api-docs-to-json/
βββ .env.example # Environment variables template
βββ .gitignore
βββ Dockerfile # Docker configuration
βββ package.json # Root package.json (concurrent setup)
βββ package-lock.json
βββ README.md # This file
βββ SECURITY.md # Security documentation
βββ
βββ client/ # React frontend (Vite)
β βββ .dockerignore
β βββ .gitignore
β βββ eslint.config.js
β βββ index.html
β βββ package.json
β βββ package-lock.json
β βββ README.md
β βββ vite.config.js
β βββ src/
β βββ App.css # Main application styles
β βββ App.jsx # Main application component
β βββ index.css
β βββ main.jsx
β βββ components/ # Reusable UI components
β β βββ auth/
β β βββ AuthModal.jsx # Login modal component
β β βββ AuthModal.css # Login modal styles
β β βββ UserDropdown.jsx # User menu component
β β βββ UserDropdown.css # User menu styles
β βββ contexts/ # React context providers
β β βββ ApiContext.jsx # API state context
β β βββ ApiProvider.jsx # API state provider
β β βββ AuthContext.jsx # Authentication context
β β βββ AuthProvider.jsx # Authentication provider
β βββ hooks/ # Custom React hooks
β β βββ useApi.js # API interaction hook
β β βββ useAuth.js # Authentication hook
β βββ services/ # API service functions
β βββ authService.js # Authentication API calls
β
βββ server/ # Express backend
βββ .dockerignore
βββ index.js # Main server file
βββ package.json
βββ package-lock.json
βββ data/ # Markdown prompt templates
β βββ examples.md # Example prompts for AI
β βββ generalPrompt.md # Base AI instructions
β βββ internalDocs.md # Internal documentation
βββ src/
βββ routes/ # API route handlers
βββ auth.js # Authentication routes
This application implements enterprise-grade security practices:
- Session-Based Authentication: No sensitive data stored in localStorage
- HTTP-Only Cookies: Prevents XSS attacks by making sessions inaccessible to JavaScript
- CSRF Protection: SameSite cookie policy prevents cross-site request forgery
- Secure Transport: HTTPS-only cookies in production
- Make.com Domain Restriction: Only
@make.comemail addresses allowed - Session Expiration: Automatic 24-hour timeout
- Input Validation: Server-side validation of all inputs
See SECURITY.md for detailed security documentation.
POST /api/auth/login- Authenticate with Make.com tokenPOST /api/auth/logout- Destroy sessionGET /api/auth/me- Check authentication status
POST /api/data- Process API documentation (requires authentication)
client/src/App.jsx- Main application componentclient/src/App.css- Application stylingserver/index.js- Server configuration and main API endpointserver/src/routes/auth.js- Authentication logicserver/data/generalPrompt.md- AI instructionsserver/data/examples.md- Example prompts for AIserver/data/internalDocs.md- Internal documentation context
- React, Vite, Material-UI
- Custom hooks and context providers
- Hot toast notifications
- Express, cookie-session, axios
- CORS, dotenv, node-fetch
- add option to add successful query to examples