v1.0.0
Feature
Initial public OpenAPI 3.1 spec covering all 200+ AICT REST endpoints.
- Auto-generated spec at `/wp-json/aict/v1/openapi.json`
- Interactive Swagger UI at `/api/docs/`
- Postman 2.1 collection export at `/wp-json/aict/v1/openapi/postman`
- YAML mirror at `/wp-json/aict/v1/openapi.yaml`
- Code samples in curl, Python (requests), Node.js (fetch), PHP (Guzzle 7), Go (net/http) for every endpoint
- API key management UI at `/account/?action=api-keys` — issue up to 5 keys, scope-limited (read/write/admin)
- Per-key rate limiting via `X-RateLimit-*` headers + `Retry-After` on 429
- Per-endpoint analytics in `wp_aict_api_calls` (key_id, endpoint, status, latency)
- Health surface at `/wp-json/aict/v1/health.api_docs`
v0.9.0
Feature
Pre-release — implicit API surface with no formal spec.
- Public tool runner via `POST /wp-json/aict/v1/tools/run` + `X-AICT-API-Key`
- Multi-key management at `/wp-json/aict/v1/api-keys`
- Webhook subscriptions for Pro+ tier
- MCP server at `/.well-known/mcp-server` (Model Context Protocol 2024-11-05)
vVersioning
Breaking
The AICT API uses semver: The `X-OpenAPI-Version` response header always reflects the current OpenAPI document version.
- **Major** bumps signal **breaking changes** (rare; previous version stays available for 90 days minimum)
- **Minor** bumps add **backwards-compatible features**
- **Patch** bumps are **fixes / docs only**
vDeprecation
Deprecation
When an endpoint is deprecated: 1. The spec sets `deprecated: true` on the operation 2. Responses include `Sunset: <date>` header (RFC 8594) 3. A changelog entry is added 90 days before removal 4. The `aict_api_deprecation_warning` admin notice is shown to keys still using the endpoint