Meeting - 1
Consumption Repo
Search API
There will be two sets of search and Read API on the consumption repo:
Public Search API (Existing) to provide public content only.
Private Search API (new) to provide Private as well as public content
Public Search API - (Existing, Changes needed)
At present, if a specific request is made for the private content through API. the private data is also returned. This behavior needs to be updated.
Going forward only Public content should be returned In the current behavior, it also returns private content, if specifically asked for it.
(Change) - Not allow private content to be returned. Only public content should be returned.
Private Search API (New)
(New) New API to be created
An exact replica of the public Search API
One relaxation from the public search API - This should return both Public & private content
Will work only on API Token-based authentication
The API token will be linked to a tenant - Only content of that tenant is returned
Restricting access
Private content access
Only share content via Private Search API
API must be called with a token
Tenant level restriction - only content related to the tenant is shared
The API token is linked to a tenant
User (if registered on Diksha) sends User Token as well as the API token - Tenant is recognized based on 1st user token, 2nd API token, then the access is given to private content
In absence of tenant details, API token the access is marked as unauthorized acees
(Similar implementation - tenant linked to API token, is already done for Data Exhaust)
Read API
Exactly the same as the search APIs, there will be two sets of API on the consumption repo:
Public Read API (Existing) to provide public content only.
Private Read API (new) to provide Private as well as public content
Public Read API - (Existing, Changes needed)
(Change) Restrict returning of any private content, even when specifically asked in API call. At present, private content is also returned. (Same change as public search API)
Private Read API
(New) New API to be created
Replica of public read API
(Change) This API is allowed to return private as well as public content
The API token is a must while calling this API
API token - linked to a tenant - Only content of that tenant should be returned
Restricting access
Private content access
Only share content via private read API
API must be called with a token
Tenant level restriction
The API token is linked to a tenant
Only content related to that tenant is allowed
Sourcing repo
4.2 Development
Search and Read API will provide both private and public content to the contributor
(Change) need to check the current behaviour of API and allow all (private, public) content
Through Frontend flows - Access will be restricted to only contributors and reviewers
If a specific API call is made it would return both the private and the public assets
APIs will be accessed based on API token
In 4.3 or beyond
We need solve for the situation where external restriction can be made to access private and public content based via APIs as well.
0 Comments