# AdPlatform Management API

.NET 8 API for platform administration: onboarding, user/client management, and monitoring.

## Project Structure

```
Management/
├── Controllers/
│   ├── Admin/
│   │   ├── AdminControllerBase.cs    # Shared base class
│   │   ├── AdminClientsController.cs # /api/admin/clients
│   │   ├── AdminUsersController.cs   # /api/admin/users
│   │   └── AdminSessionsController.cs# /api/admin/sessions
│   ├── OnboardingController.cs       # /api/onboarding
│   ├── MonitoringController.cs       # /api/monitoring
│   └── TestController.cs             # /api/test
├── Data/
│   └── SqlService.cs                 # Database access
├── Security/
│   ├── ClientContext.cs              # Request auth context
│   └── ClientAuthMiddleware.cs       # Auth middleware
├── SQL/
│   ├── spAdminClients.sql
│   ├── spAdminUsers.sql
│   ├── spAdminSessions.sql
│   ├── spOnboarding.sql
│   └── spMonitoring.sql
└── Program.cs
```

## API Endpoints

### Onboarding (JWT auth)
| Method | Endpoint | Description |
|--------|----------|-------------|
| GET | /api/onboarding/status | Check registration status |
| POST | /api/onboarding/register | Register new organization |

### Admin - Clients (Session + Admin role)
| Method | Endpoint | Description |
|--------|----------|-------------|
| GET | /api/admin/clients | List clients |
| GET | /api/admin/clients/{id} | Get client |
| POST | /api/admin/clients | Create client |
| PUT | /api/admin/clients/{id} | Update client |
| DELETE | /api/admin/clients/{id} | Deactivate client |

### Admin - Users (Session + Admin role)
| Method | Endpoint | Description |
|--------|----------|-------------|
| GET | /api/admin/users | List users |
| GET | /api/admin/users/{id} | Get user |
| POST | /api/admin/users | Create user |
| PUT | /api/admin/users/{id} | Update user |
| DELETE | /api/admin/users/{id} | Deactivate user |
| POST | /api/admin/users/{id}/clients | Link user to client |
| DELETE | /api/admin/users/{id}/clients/{cid} | Unlink user |

### Admin - Sessions (Session + Admin role)
| Method | Endpoint | Description |
|--------|----------|-------------|
| GET | /api/admin/sessions | List sessions |
| POST | /api/admin/sessions/{id}/revoke | Revoke session |
| POST | /api/admin/users/{id}/revoke-sessions | Revoke all user sessions |
| POST | /api/admin/sessions/cleanup | Cleanup expired |

### Monitoring (Session + Admin role)
| Method | Endpoint | Description |
|--------|----------|-------------|
| GET | /api/monitoring/health | System health |
| GET | /api/monitoring/stats | Detailed stats |

## Setup

1. Run SQL scripts in `SQL/` folder against dbAdPlatform
2. Deploy to Azure Container Apps
3. Set environment variables:
   - `ConnectionStrings__Sql`
   - `Auth__EntraId__TenantId`
   - `Auth__EntraId__ClientId`

## Local Development

```bash
dotnet run
# Open http://localhost:5100/swagger
```

Dev bypass: Add `X-Dev-ClientId: test` header (Development environment only)