📊 Personal Analytics APIs
Self-service analytics for end users
📋 API Status Overview
Personal Analytics APIs are fully implemented and available for end users. These endpoints are scoped to the authenticated user only, ensuring privacy and data isolation.
✓ Existing
⚠ Planned
💡 Recommended
✅ Existing Personal Analytics APIs
GET
/api/analytics/user/{id}
Get personal analytics summary. Users can only access their own data (enforced by JWT).
Existing Self-only
Response: {
"totalSessions": 150,
"totalWorkTime": "120:30:00",
"aiUsageTime": "45:15:00",
"aiUsagePercent": 37.5,
"productivityScore": 85,
"favoriteTools": ["ChatGPT", "GitHub Copilot"],
"trends": { "daily": [...], "weekly": [...] }
}
GET
/api/analytics/user/{id}/trends
Personal usage trends over time (daily, weekly, monthly).
Existing Self-only
GET
/api/analytics/user/{id}/ai-tools
Breakdown of AI tools used with time spent per tool.
Existing Self-only
GET
/api/timeaggregation/daily?userId={id}
Daily aggregated time data for the user.
Existing Self-only
🔒 Privacy & Data Isolation
User Data Access Enforcement
═══════════════════════════════════════════════════════════════════════════════
User Request: GET /api/analytics/user/usr-123
┌─────────────────────────────────────────────────────────────────────────────┐
│ Authorization Check │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ JWT Claims: │
│ { │
│ "sub": "usr-123", ← Requesting user's ID │
│ "org": "org-456", │
│ "role": "User" │
│ } │
│ │
│ Request URL: /api/analytics/user/usr-123 │
│ │
│ │ │
│ ▼ │
│ ┌─────────────────────────────────────────────────────────────────────┐ │
│ │ Controller Authorization │ │
│ │ │ │
│ │ // Extract route parameter │ │
│ │ var requestedUserId = routeValues["id"]; // "usr-123" │ │
│ │ │ │
│ │ // Extract current user from JWT │ │
│ │ var currentUserId = User.FindFirst("sub")?.Value; // "usr-123" │ │
│ │ var currentRole = User.FindFirst("role")?.Value; // "User" │ │
│ │ │ │
│ │ // Authorization logic │ │
│ │ if (currentRole != "SuperAdmin" && │ │
│ │ requestedUserId != currentUserId) │ │
│ │ { │ │
│ │ return Forbid(); // 403 Forbidden │ │
│ │ } │ │
│ │ │ │
│ │ // Continue if self or SuperAdmin │ │
│ └─────────────────────────────────────────────────────────────────────┘ │
│ │
│ Scenarios: │
│ • User A requests /api/analytics/user/usr-a ✓ Allowed (self) │
│ • User A requests /api/analytics/user/usr-b ✗ Forbidden (different user) │
│ • SuperAdmin requests /api/analytics/user/usr-b ✓ Allowed (override) │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Data Privacy Principles
| Principle | Implementation | Status |
|---|---|---|
| Self-only access | API validates JWT sub claim matches requested user ID | ✓ Enforced |
| No cross-user visibility | Queries filtered by UserId from JWT, not from request params | ✓ Enforced |
| GDPR data export | /api/exports/my-data endpoint for complete data export | ✓ Implemented |
| Data retention limits | Old sessions purged per organization retention policy | ✓ Automated |
⚠️ Planned Personal Analytics APIs
GET
/api/user/daily-summary
Daily digest of personal productivity and AI usage (for notifications).
Planned Q3 2026
GET
/api/user/achievements
Gamification: productivity badges, milestones, streaks.
Planned Q4 2026
💡 Recommended Personal Analytics APIs
GET
/api/user/productivity-insights
AI-generated productivity tips based on usage patterns.
Recommended
GET
/api/user/ai-recommendations
Suggested AI tools based on work patterns.
Recommended
GET
/api/user/work-patterns
Analysis of peak productivity hours, break patterns.
Recommended
🗄️ Database Query Pattern
Personal Analytics Query Flow
═══════════════════════════════════════════════════════════════════════════════
User: john@acme.com (usr-123)
Request: GET /api/analytics/user/usr-123
SQL Query Generated:
───────────────────────────────────────────────────────────────────────────────
-- 1. User validation (implicit in auth middleware)
SELECT Id FROM Users
WHERE Id = 'usr-123'
AND OrganizationId = 'org-456';
-- 2. Session summary statistics
SELECT
COUNT(*) as TotalSessions,
SUM(DATEDIFF(SECOND, StartTime, EndTime)) as TotalWorkSeconds,
SUM(AIUsageTime) as TotalAIUsageSeconds,
AVG(ProductivityScore) as AvgProductivity
FROM Sessions
WHERE UserId = 'usr-123' -- ← Critical: filters to self only
AND OrganizationId = 'org-456'
AND StartTime >= '2026-01-01';
-- 3. AI tool breakdown
SELECT
AIToolName,
COUNT(*) as UsageCount,
SUM(AIUsageTime) as TotalTime
FROM Sessions
WHERE UserId = 'usr-123'
AND AIToolName IS NOT NULL
GROUP BY AIToolName
ORDER BY TotalTime DESC;
-- 4. Daily trends (last 30 days)
SELECT
CAST(StartTime as DATE) as Date,
COUNT(*) as SessionCount,
SUM(AIUsageTime) as AITime
FROM Sessions
WHERE UserId = 'usr-123'
AND StartTime >= DATEADD(day, -30, GETDATE())
GROUP BY CAST(StartTime as DATE)
ORDER BY Date;
Index Usage:
• IX_Sessions_UserId → Fast user lookup
• IX_Sessions_UserId_StartTime → Fast date-range queries