tech-docs icon indicating copy to clipboard operation
tech-docs copied to clipboard
verified publisher icon archivesspace

Unclear documentation on REST API

Open J4bbi opened this issue 7 years ago • 3 comments

In the API documentation it is said that "Most requests to the ArchivesSpace backend requires a user to be authenticated." (http://archivesspace.github.io/archivesspace/api/#authentication & https://github.com/archivesspace/tech-docs/blob/master/architecture/api.md)

However I can find no reference to those requests which do not require authentication each and every curl example in https://archivesspace.github.io/archivesspace/api/#archivesspace-rest-api starts with curl -H "X-ArchivesSpace-Session: $SESSION" .

J4bbi avatar Jul 05 '18 10:07 J4bbi

Access to server info with "GET /" ~~is probably the only one that~~ doesn't require some authentication.

Also the OAI endpoints: /oai?verb= and /oai_sample do not require authentication

.permissions([]) # No permissions because the endpoint is effectively public oai.rb

sdm7g avatar Jul 05 '18 15:07 sdm7g

@lmcglohon - are the 2 cases above the only ones that don't require authentication? I can edit the docs to add this info.

trevorthornton avatar Dec 17 '19 16:12 trevorthornton

@trevorthornton I think there are a bunch more. I moved this here so we can talk about it at the next tech_docs meeting. Not sure we want to maintain a list of APIs that don't need authentication but wanted feedback from the group.

lmcglohon avatar Dec 17 '19 17:12 lmcglohon