APIs¶
Status¶
Status: Limited peer review
TDA Precedence¶
| TDA Submission | Relationship |
|---|---|
| 67 Digital Admissions | Influenced by |
| 75 Activate Account | Used in answers and approved (version 0.1.0) |
NFRs¶
| NFRs | Relationship |
|---|---|
| NFR.019 | Potentially Answers |
| NFR.020 | Potentially Answers |
| NFR.052 | Partially Answers |
| NFR.053 | Partially Answers |
| NFR.057 | Partially Answer |
| NFR.058 | Potentially Answers |
Means to achieve¶
1 - Boilerplate Web Application¶
API schemas are generated and stored in the services repo via third party libraries.
The API uses:
- JSON
- Is RESTful and supports HTTPS for clients
- ISO 8601 standard used for time and date
- Unicode encoding in UTF-8 is to be used for textual representations of data
- Endpoints can be used for mass data retrievable with suitable permissions
- All API requests will use OAuth2 or GCP based Bearer machine-to-machine authentication when possible
- 2 non-production environments will be provisioned
No log of requests for personal data will be made but wider formal subject access request practices will be followed.
Logging¶
All API requests will be logged to a log aggregator and retained for 1 month.
No one is specifically tasked with "watching" the API but any observed unusual activity will be reported. Unauthorised requests are logged to the log aggregator.
Compliance Requirements¶
- Use the Django based Boilerplate Web Application
- For HTTP use, Cloud Run Terraform Module
- Publish via the API gateway for wider interfacing
- Project is provisioned using the Google Cloud Product Factory
- For HTTP APIs use Cloud Run Terraform Module
- For asynchronous tasks use the ucam-faas library, docker base image and terraform module