dvla-api/PROJECT_SUMMARY.md

DVLA API Proxy - Complete ✅

What's Built:

Database Schema:

• tiers - Tier configurations (name, slug, description, allowed_fields JSON)
• websites - Client sites with Sanctum auth + tier_id foreign key + rate limits
• vehicle_records - Cached vehicle data (JSON)
• vehicle_data_sources - Tracks API fetch timestamps per source (DVLA, future wheel API, etc.)
• api_requests - Full audit log (regno, IP, contact data, status)

Features:

• ✅ Sanctum authentication per website
• ✅ Tier-based response filtering (basic/standard/premium) via separate tiers table
• ✅ Dual rate limiting (cache hits + external API calls)
• ✅ DVLA API integration with caching
• ✅ Contact data logging
• ✅ Extensible for future data sources
• ✅ Filament v4 admin panel for managing tiers, websites, and all other tables

Tier System:

Three tiers are seeded with different field access levels:

1. Basic - 7 fields (registrationNumber, make, colour, fuelType, yearOfManufacture, taxStatus, motStatus)
2. Standard - 11 fields (basic + co2Emissions, engineCapacity, euroStatus, markedForExport)
3. Premium - All fields (empty allowed_fields array = no filtering)

Seeded Test Tokens:

• Basic: 1|94SHUnbmPcylqbsvKH834EpcINGfq3MFhxlnXpXpf019e706
• Standard: 2|G156ggWx1KlaFy1QY0oMTsp4AGfsG0mI1DKk3S0sd570a111
• Premium: 3|IiMGvK1ECXxtzdIK5wGQeG25yHpkgJcxTh1zdUaD31aaf8ee
• Dev (bypasses limits): 4|fO9q4YDl8Lu9TonzdmTCAvdEJ1iEBhcClIGiuIBKb58aded7

Admin Panel:

Visit http://dvla-api.test/admin to manage:

• Tiers (create/edit field access levels)
• Websites (assign tiers, configure rate limits)
• Vehicle Records (view cached data)
• API Requests (audit logs)
• Vehicle Data Sources (cache expiry tracking)

Test the API:

curl -X POST http://localhost:8000/api/vehicle-enquiry \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"registration_number": "ABC123", "contact_data": {"name": "John", "email": "john@example.com"}}'

All 9 tests passing! Ready to use.