Add list and revoke gateway token endpoints

[malinthaprasan]

Purpose

Gateway token lifecycle management is incomplete — there is no way to list active tokens or revoke a specific token. Tokens are also auto-generated on gateway registration, giving no control over when tokens are created.

Resolves #1080

Goals

• Add endpoint to list all active tokens for a gateway
• Add endpoint to revoke a specific gateway token
• Remove auto token creation on gateway registration so tokens are only created explicitly via rotate

Approach

• Added GET /gateways/{gatewayId}/tokens handler and service method to list active tokens
• Added DELETE /gateways/{gatewayId}/tokens/{tokenId} handler and service method to revoke a token
• Removed automatic token generation from the gateway registration flow

Automation tests

• Manual verification via test script covering: generate token, list, revoke, verify removal, generate again, list, revoke again

Summary by CodeRabbit

• New Features

  • Added endpoints to list a gateway's active tokens and to revoke individual tokens
  • Organization registration payload now includes id and region
  • Gateway creation payload now accepts vhost and functionalityType
  • Gateway registration no longer auto-creates tokens (token management is handled separately)

• Documentation

  • Enhanced API docs with examples for gateway token listing and revocation

[coderabbitai]

Walkthrough

Adds gateway token management: new ListTokens and RevokeToken endpoints and service methods; removes automatic token creation from gateway registration; updates README and OpenAPI to document listing tokens and expanded payload fields.

Changes

Cohort / File(s)	Summary
API docs & README platform-api/README.md	Added List Gateway Tokens examples and sample response; updated organization registration payload (id, region) and gateway creation payload (vhost, functionalityType).
HTTP Handler platform-api/src/internal/handler/gateway.go	Added ListTokens and RevokeToken handlers, parameter and org validation, error mapping (401/400/404/500), and routes: GET /api/v1/gateways/:gatewayId/tokens, DELETE /api/v1/gateways/:gatewayId/tokens/:tokenId.
Service layer platform-api/src/internal/service/gateway.go	Added ListTokens(gatewayId, orgId) and RevokeToken(gatewayId, tokenId, orgId) methods; removed auto token creation from RegisterGateway, decoupling token lifecycle from registration; adjusted token-related control flow.
API spec platform-api/src/resources/openapi.yaml	Added GET /gateways/{gatewayId}/tokens operation (operationId: listGatewayTokens) with 200 response referencing TokenInfoResponse and error mappings for 401/404/500; uses GatewayID path parameter.
Tests platform-api/src/internal/service/gateway_properties_test.go	Removed assertion requiring token creation during gateway registration; test no longer enforces CreateToken invocation.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant API as API Handler
    participant Svc as Gateway Service
    participant Repo as Gateway Repository/DB

    Client->>API: GET /api/v1/gateways/:gatewayId/tokens (with JWT/org)
    API->>Svc: ListTokens(gatewayId, orgId)
    Svc->>Repo: Query active tokens for gatewayId
    Repo-->>Svc: Token list
    Svc-->>API: TokenInfoResponse[]
    API-->>Client: 200 OK + tokens

    Client->>API: DELETE /api/v1/gateways/:gatewayId/tokens/:tokenId
    API->>Svc: RevokeToken(gatewayId, tokenId, orgId)
    Svc->>Repo: Validate ownership & revoke token
    Repo-->>Svc: success / not found
    Svc-->>API: success / error
    API-->>Client: 200 OK / 404 / 500

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰
I hopped through docs and opened gates,
Listed tokens, cleared old fates,
No more surprise keys at birth,
Now tokens live with rightful worth,
Hooray — a tidy, joyful patch! 🥕

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: adding list and revoke endpoints for gateway tokens.
Description check	✅ Passed	Description covers Purpose, Goals, and Approach sections. Automation tests section is present but incomplete (lacks unit/integration test details and coverage). Security checks and other template sections are missing.
Linked Issues check	✅ Passed	All three coding requirements from issue #1080 are fully addressed: list tokens endpoint added, revoke token endpoint added, and auto-generation removed from gateway registration.
Out of Scope Changes check	✅ Passed	All changes are directly aligned with issue #1080 requirements. README updates document the new endpoints, test assertions updated to reflect removed auto-generation, and no extraneous modifications detected.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

No actionable comments were generated in the recent review. 🎉

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}