| Time | Item | Who | Notes |
|---|
| Welcome | | - Greetings and salutations
|
| General Info |
| - Oregon state university use of Apigee, IMS Global EDU-API standards conversation
|
| Drupal/Apigee Students Role | Steven Maglio | - Should we create a group/role called 'Students'
|
| Email Groups | Steven Maglio | |
| GoGaucho |
| - Potential Plan
- Seth Northrop will reach out to Jennifer Lofthus - Seth is waiting until we do our review
- Hengyu Liu request for API access - also a developer of the same app
- For the Campus Web API Group
- We will need to do a code review of the application
- We will need to come up with language that says you will use the student credentials securely that they will need to sign
- The language will also need to state terms of notifications for potential problems (will this make it an official endorsement which will then create legal liabilities )
- Most likely we should use the Standard DS (Data Security) agreement
- We will need to do periodic reviews of the application to ensure the application keeps the security standards in place
- Our View Point on this Scenario
- Student developed apps should be given just as much opportunity as staff developed apps
- Their needs to be a security review of any app that is using an API which requires approval before it's approved through the Campus Web API Gateway
- Reviews of the application will be with team that developed the application and the API Gateway Team
- A previous review with a development team can be used to approved any future applications that they create
- Student developed apps will need to sign extra agreements (like Security DS)
- Staff developed apps will not need this because the agreement is already part of working on the campus
- App review update
- Request for events APIs
- Diana Antova Will request a discussion with Associated students, Sam Horowitz, Registrar and Jennifer Lofthus.
- Planning on how to support the students, and provide continuity, either thru hire, or some other method.
|
| Workflow - Access Request | Diana Antova | - Diana Antova - Develop Access Request Workflow Requirements (APIGEE-146)
- Use Scheduled Task to send Email asking for more information on new Access Requests
- Need to include asking for Form to be filled out
- Need to include list of API Products being asked for
- Should include a line asking if a face to face meeting would be better
- Vince Nievares - Document User Access Request Workflow for End Users (APIGEE-120)
- Diana Antova - Create Access Request Workflow for End Users (APIGEE-87)
- Review API publishing and access request approval process with Registrar - Diana Antova
- Meeting scheduled for Oct 5
- How do we allow logged in users to access the form?
|
| Workflow - Publish a New API | Diana Antova | - Dev Portal Documentation - How To Use the Publishing Workflow (APIGEE-119) - Ian Lessing (Unlicensed)
- Steven Maglio Test the workflow with the Registrar office (APIGEE-161)
- API publishers - fill in the form for each API, and have them approved by the business owners.
- How do we allow logged in users to access the form?
- Update: Text of Business Functional Email
- Original: Departmental email that can be included in the communication with the business user.
- Updated: In case we get ... Diana Antova will figure it out
- Add example in description for Security Information
- Move Protection Level above Security Information
- Split Security Implementation
- API Provider Security Implementation
- Add Firewall/IP Restriction
- Options:
- API Gateway Security Implementation
- Availability Level description may need to word smithing
|
| @apibot - Powershell Conversion & Hosting | Kevin Wu | - Working on Kevin's Computer (node 8.9.X) (APIGEE-105 & APIGEE-101)
- Apigee Authorization Module (AuthApigee)
- Replacement Functionality Progress Update
- apps
- apps (no|approved|revoked|pending|all)
- apps (approve|revoke) email developerApp
- apps (approve|revoke) email developerApp apiProduct
- apps search
- apps users?
- devs
- targetserver
- targetserver list <env>
- targetserver (add|update) <env> <name> <hostname>
- targetserver delete <env> <name>
- companies
- Kevin Wu will implement?
- Need to build requirements
- Need to build use cases
- Need reporting that will display in developer.ucsb.edu
- Need annual clean up times
- Get operational on GCP
- Kevin Wu has determined that GCP is not the right platform for the bot because of the difficulty in setting it up.
- Kevin Wu tried out Heroku and found it really easy to work with. He wants to know if we can use this?
- Kevin Wu will write-up a request form and submit it to Matt Hall/Elise Meyer.
- Heroku for deployment
|
| Google Analytics | Christian Montecino | - Talk about the full details of what we want to have google analytics track
- Initial list
- URL
- Method (GET, POST, etc)
- Category (Students, Academic, Dining, etc)
- Response Time
- HTTP Status Code (200, 401, etc)
Research - Apigee will not support exporting data to an external system
- Christian and Steven created a policy that exports the call info to google analytics.
|
| Action Items From Previous Meeting |
| |
| API Access Expected Usage | Steven Maglio | - Expected Usage Text and Legal-ize (Terms of Service) - page
- on App create send the legal text to the developer
- on API access request -
- email on auto-approve for API expected usage, send them the form to fill with a check-box to agree on API usage terms
- email on requesting that they fill out the form for any non-auto approval- add same check-box
- Do we have this documented? Has this been turned into an Apigee Ticket?
|
| API Versioning | Steven Maglio | - Drop Minor Versions as a requirement
- Write standard approach for departments that want to use Minor versions; using the approach is also optional.
- Do we have this documented? Has this been turned into an Apigee Ticket?
|
| Developer Portal Front Page Updates |
| - In About Section
- Diana Antova - Add page about winning the Sautter Award
- Diana Antova - If Diana thinks its a good idea to add it to the main page, then she will work with Denise to do so
|
| CSF notification | Diana Antova | - Email csf to notify developers of existing APIs and the roadmap APIGEE-155
|
| API Health check/Monitoring | | - Steven Maglio will compare Pingdom and Uptime Robot
- Reinard will check out Zabbix
- Can we ask campus if we can use one of the existing monitoring systems?
- will use uptime robot
- Ian Lessing (Unlicensed), Steven Maglio write requirements - use health check end point
- uptime is separate - checks for an api proxy being there, Steven is ready to deploy it to uptime robot
|
| API Dictionary | Diana Antova | - API dictionary and data governance - define field meaning, naming conventions (Bruce Miller)
|
| Improved Documentation | Diana Antova | - More documentation, need testers that will help us define the optimal set. Can we have a link to a documentation page?
- dedicate a meeting to documentation once a month
|
| API Selection page | Ian Lessing (Unlicensed) | - API select page - fix layout (Denise)
|
| Accounts for separated employees/student | Steven Maglio
| - What do we do with separated employees
- periodic verification (quarterly, yearly)
|
