Skip to content

Home

Jump to bottom Edit New page
Pedro Guimarães edited this page Dec 4, 2015 · 6 revisions

Welcome to the SiBBr API wiki!

Here you will find informations about approach, logic, architecture, requirements, configuration, instantiation and implementation details about this project.

The purpose of this tool is to provide a simplified public access to the data that feeds the SiBBr Biodiversity Explorer, from a PostgreSQL database. The database schema is provided by the liger-data-access tool. The occurrence data that is persisted on the explorer database is collected and indexed by the lontra-harvester tool.

Dependencies

  • PostgreSQL (v9.3+)
  • Spring Boot (v1.2.5)
  • Jackson (v0.9.5)
  • Java (v1.7)
  • Maven (v3.0.5)

Overview

The API - Application Program Interface - has a basic authentication and authorization system that depends on a user/password login. Once properly identified, each user has access to a dashboard that always displays a valid token for the user to access data.

The tokens expire after 7 days from creation. After that, the next time the user logs in to its dashboard, a new valid token will be available for the next 7 days, and so on.

Therefore, in order to access data the users MUST provide their valid token as a parameter for the queries.

There is a registration page, where anyone can register for an account in the system. After registration, your account will be created without permission to access data. This permission must be manually granted by the system administer.

There is a simple administrative procedure that provides a default admin user with administrative permissions. This user should have his account updated with a new password to replace the default one and avoid obvious security issues. This user is basically responsible for evaluating the new users.

The admin account can list all users, authorized and unauthorized. Given a user id, the admin can grant access to a user. The idea is to insert a human factor in the process that can evaluate and manage the users requesting access to the API.

After authorization is granted to the user, the system will provide the user with a valid token every time the user logs in.

Note: the token expiring rules apply to both regular and admin users.

Please refer to the Setup page for further information on how to start setting up an API instance!

Add a custom footer
Add a custom sidebar
Clone this wiki locally