Background & Business Value
We need a workflow to allow developers on campus to request access for APIs that require approval before usage. This is a common use case.
Goals
Assumptions
Out of Scope
Requirements
| Ticket(s) | Title | User Story | Priority | Notes |
|---|---|---|---|---|
| As a Developer, I need a way to request access to APIs for my Apps. | ||||
User Interaction, Design & Architecture
- The workflow we want
- Developer (End User)
- Create an Account on https://developer.ucsb.edu
- Create an App on https://developer.ucsb.edu
- When creating an app, click on the APIs I would like to use
- TODO: We should update the API Request Page (My Apps) in Drupal to include text (between the App Name/CallBack Url and the API Product list) with text that states for any API that has "Access Approval Required" next to it will need to have an API Access Request Workflow filled out. There should be a link to the documentation on how to fill the workflow out.
- Make a Jira ticket out of this
- Gateway Admin
- 3. The monitoring service sends an email that an application has requested access to an API (that isn't auto-approved)
- The monitoring service should also send an email to the requesting developer to inform them that they will need to fill out the API Access Request Workflow with a link to the documentation on how to fill the workflow out.
- 3. The monitoring service sends an email that an application has requested access to an API (that isn't auto-approved)
- Developer (End User)
- 4. Fills out the API Access Request Workflow Form on https://developer.ucsb.edu and submits it
- Submission should email support@sa.ucsb.edu that a new API Access Request Workflow was filled out
- 4. Fills out the API Access Request Workflow Form on https://developer.ucsb.edu and submits it
- Gateway Admin
- 5.
- Developer (End User)
Examples and References
- Current Workflow (as of )
- Developer (End User)
- Create an Account on https://developer.ucsb.edu
- Create an App on https://developer.ucsb.edu
- When creating an app, click on the APIs I would like to use
- Gateway Admin
- 3. The monitoring service send an email that an application has requested access to an API (that isn't auto-approved)
- 4. The Gateway Admin then emails the Developer with an Access Request Form and explain what information they need to have. Documentation on the document and what we need from the developer should be implemented with APIGEE-120.
- The Gateway Admin includes who (the business approvers) should be emailed by the Developer; which a note to CC the Gateway Admins for awareness.
- Developer (End User)
- 5. Works with their department staff to fill in the form and get signatures required.
- 6. Send the Request Form and any additional information to the Business Approvers (with Gateway Admins CC'ed) through email
- The Gateway Admin will save the initial request document in the box storage area.
- Business Approvers
- 5. Receives the Request Form, do their internal review, and complete a feedback loop with the Developer (End Users).
- 6. Upon Approval or Denial, they send and email to the Developers (End Users) and the Gateway Admins.
- Gateway Admin
- 7. Upon Approval
- The Gateway Admin then Grants access to the App for the API
- The Gateway Admin will save the finalized document in the box storage area with "- APPROVED" appended to the filename.
- 7a. Upon Denial
- The Gateway Admin then Denies access to the App for the API
- The Gateway Admin will save the finalized document in the box storage area with "- DENIED" appended to the filename.
- 7. Upon Approval
- Developer (End User)
Questions
Below is a list of questions to be addressed as a result of this requirements document:
| Question | Outcome | Decision Date |
|---|---|---|