Open
Description
What?
There has been discussion with other institutions that they may want to use pass-core API with a different client. Currently, the pass-core API is only used by the PASS UI, so this means that several things are needed before we can say the pass-core API is ready for direct use.
Things that need to be confirmed/completed:
- API documentation is complete and thorough. The API documentation should be descriptive enough with each path available, query params, request payload, responses. The API documentation should also describe how to authenticate.
- Elide generates some of this, but we need docs for our other APIs too.
- The existing documentation is in the pass-core repo markdown. It should be made consistent and updated to be a complement to any auto-generated API documentation like swagger.
- We need to figure out how API requests will be authenticated
- We need to confirm that the API docs are available for devs to read. We need to figure out if these docs should be open to anyone or secure.
- We need to confirm that all APIs are doing input validation
- We need to review the current API tests to confirm testing is done for input validation where appropriate (confirm elide is doing this) and security is covered.
- We should review the paths of the non-elide paths to ensure they follow JSON.API/REST best practices.
- There are also various endpoints used for integration with shib. We should review those two and think about consolidating them.
- We should review the possible response codes of each API to ensure they are consistent.
- We will need to figure out a versioning strategy. Are we going to have a version in the path or support backward compatible API changes.
Why?
These are all standard things that are done when exposing a web API.
How?
Each point above needs to be done with a report on each item
Acceptance Criteria
All the points above have been addressed
Related Issues
Metadata
Metadata
Assignees
Type
Projects
Status
Backlog