Bug Report: Outdated API Documentation for User Authentication

Summary

The API documentation for user authentication endpoints is outdated and does not reflect recent changes in the authentication process.

Our API documentation, last updated on 2023-09-15, does not accurately describe the current user authentication process. Specifically:

The documented endpoint for user login (/api/v1/login) has been changed to (/api/v2/auth/login).
The required parameters for the login request have changed, but this is not reflected in the documentation.
The response structure for successful authentication has been modified to include additional user information.
New endpoints for multi-factor authentication are not documented at all.

Developer Experience: Third-party developers and internal teams are unable to correctly implement or use our authentication system.
Support Load: Increased number of support tickets related to authentication issues.
Integration Failures: Partners attempting to integrate with our system are experiencing failures due to incorrect endpoint usage.

The current login endpoint is: POST /api/v2/auth/login
Required parameters now include:
- username (string)
- password (string)
- device_id (string)
Successful response now includes:
- token (string)
- refresh_token (string)
- user_id (integer)
- roles (array of strings)
New MFA endpoints:
- POST /api/v2/auth/mfa/initiate
- POST /api/v2/auth/mfa/verify

Consider adding deprecation notices for the old endpoints, including a timeline for when they will be fully decommissioned.
A notification should be sent to all registered API users about these documentation updates.

High - Incorrect documentation is directly impacting the ability of developers to integrate with our system.

Emily Chang (Technical Writer)

P1 - Critical documentation issue affecting core API functionality

Reporter: Michael Wong Date Reported: 2024-03-22

_{[original: CATcher-testbed/alpha10-interim#140] [original labels: type.DocumentationBug severity.High]}