| Time | Item | Who | Notes |
|---|
| Welcome | | - Greetings and salutations
|
| General Info |
| chandler organization has expanded to 20 students they have thought about going for funding for Heroku service, As senate - each Wednesday evening, can attend and ask that AS sponsors them. can get funding it has to be available to everybody. As is building food recovery app
|
| Events API 11:00 - 11:30 AM | Alex Parraga & Matt Perko | - Alex P and Matt P from Public Affairs & Communications will join us to talk about an API
- localist - event management software
- feeds from AS events
- displays on ucsb.edu
- feed from AS to localist
- csv file exported every night and loaded into localist
- localist - cloud hosted solution, calendar engine is embedded, once you click on it you are on localist
- tool that can be utilized across campus
- there is the localist widget that allow sto be embedded in any
- localist does not do a lot of student specific
- localist has a good API
- trying to avoid
- As calendar has a lot more fields, related to tickets. Localist has more limited functionality
- localist - the public facing events. Localist has added some new groups.
- As - for student centric events, but they have all events. no student events, only limited number of orgsync, the ones that ask them for money. they do all ticketing except the A&L.
- As and public affairs need to define their relationship better.
- They have license for all users and all events in localist.
- Steven can create a meeting once a month to check on the progress of combining all events in localist
|
| Email Groups | Steven Maglio | |
| GoGaucho |
| - Potential Plan
- Seth Northrop will reach out to Jennifer Lofthus - Seth is waiting until we do our review
- Hengyu Liu request for API access - also a developer of the same app
- For the Campus Web API Group
- We will need to do a code review of the application
- We will need to come up with language that says you will use the student credentials securely that they will need to sign
- The language will also need to state terms of notifications for potential problems (will this make it an official endorsement which will then create legal liabilities
 ) - Most likely we should use the Standard DS (Data Security) agreement
- We will need to do periodic reviews of the application to ensure the application keeps the security standards in place
- Our View Point on this Scenario
- Student developed apps should be given just as much opportunity as staff developed apps
- Their needs to be a security review of any app that is using an API which requires approval before it's approved through the Campus Web API Gateway
- Reviews of the application will be with team that developed the application and the API Gateway Team
- A previous review with a development team can be used to approved any future applications that they create
- Student developed apps will need to sign extra agreements (like Security DS)
- Staff developed apps will not need this because the agreement is already part of working on the campus
|
| Mobile Applications That We Should Reach Out To | Steven Maglio | - iOS
- GoGaucho
- Gaucho Life
- UC Santa Barbara Guides
- UC Santa Barbara Events
- UCSB - UC Santa Barbara (Involvio LLC)
- Android
- UC Santa Barbara Guides
- UC Santa Barbara Events
|
| Workflow - Access Request | Diana Antova | - Diana Antova - Develop Access Request Workflow Requirements (APIGEE-146)
- Use Scheduled Task to send Email asking for more information on new Access Requests
- Need to include asking for Form to be filled out
- Need to include list of API Products being asked for
- Should include a line asking if a face to face meeting would be better
- Vince Nievares - Document User Access Request Workflow for End Users (APIGEE-120)
- Diana Antova - Create Access Request Workflow for End Users (APIGEE-87)
- Review API publishing and access request approval process with Registrar - Diana Antova
- Meeting scheduled for Oct 5 (today)
- How do we allow logged in users to access the form?
|
| Workflow - Publish a New API | Diana Antova | - Dev Portal Documentation - How To Use the Publishing Workflow (APIGEE-119) - Ian Lessing (Unlicensed)
- Steven Maglio Test the workflow with the Registrar office (APIGEE-161)
- API publishers - fill in the form for each API, and have them approved by the business owners.
- How do we allow logged in users to access the form?
- Update: Text of Business Functional Email
- Original: Departmental email that can be included in the communication with the business user.
- Updated: In case we get ... Diana Antova will figure it out
- Add example in description for Security Information
- Move Protection Level above Security Information
- Split Security Implementation
- API Provider Security Implementation
- Add Firewall/IP Restriction
- Options:
- API Gateway Security Implementation
- Availability Level description may need to word smithing
|
| @apibot - Powershell Conversion & Hosting | Kevin Wu | - Working on Kevin's Computer (node 8.9.X) (APIGEE-105 & APIGEE-101)
- Apigee Authorization Module (AuthApigee)
- Replacement Functionality Progress Update
- apps
- apps (no|approved|revoked|pending|all)
- apps (approve|revoke) email developerApp
- apps (approve|revoke) email developerApp apiProduct
- apps search
- apps users?
- devs
- targetserver
- targetserver list <env>
- targetserver (add|update) <env> <name> <hostname>
- targetserver delete <env> <name>
- companies
- Kevin Wu will implement?
- Need to build requirements
- Need to build use cases
- Need reporting that will display in developer.ucsb.edu
- Need annual clean up times
- Get operational on GCP
- Kevin Wu has determined that GCP is not the right platform for the bot because of the difficulty in setting it up.
- Kevin Wu tried out Heroku and found it really easy to work with. He wants to know if we can use this?
- Kevin Wu will write-up a request form and submit it to Matt Hall/Elise Meyer.
- Heroku for deployment
|
| Google Analytics | Christian Montecino | - Talk about the full details of what we want to have google analytics track
- Initial list
- URL
- Method (GET, POST, etc)
- Category (Students, Academic, Dining, etc)
- Response Time
- HTTP Status Code (200, 401, etc)
Research - Apigee will not support exporting data to an external system
- Christian and Steven created a policy that exports the call info to google analytics.
|
| Action Items From Previous Meeting |
| |
| API Access Expected Usage | Steven Maglio | - Expected Usage Text and Legal-ize (Terms of Service) - page
- on App create send the legal text to the developer
- on API access request -
- email on auto-approve for API expected usage, send them the form to fill with a check-box to agree on API usage terms
- email on requesting that they fill out the form for any non-auto approval- add same check-box
- Do we have this documented? Has this been turned into an Apigee Ticket?
|
| API Versioning | Steven Maglio | - Drop Minor Versions as a requirement
- Write standard approach for departments that want to use Minor versions; using the approach is also optional.
- Do we have this documented? Has this been turned into an Apigee Ticket?
|
| Developer Portal Front Page Updates |
| - In About Section
- Diana Antova - Add page about winning the Sautter Award
- Diana Antova - If Diana thinks its a good idea to add it to the main page, then she will work with Denise to do so
|
| CSF notification | Diana Antova | - Email csf to notify developers of existing APIs and the roadmap APIGEE-155
|
| API Health check/Monitoring | Diana Antova | - Steven Maglio will compare Pingdom and Uptime Robot
- Reinard will check out Zabbix
- Can we ask campus if we can use one of the existing monitoring systems?
- will use uptime robot
- Ian Lessing (Unlicensed), Steven Maglio write requirements - use health check end point
- uptime is separate - checks for an api proxy being there, steven is ready to deploy it to uptime robot
|
| API Dictionary | Diana Antova | - API dictionary and data governance - define field meaning, naming conventions (Bruce Miller)
|
| Improved Documentation | Diana Antova | - More documentation, need testers that will help us define the optimal set. Can we have a link to a documentation page?
- dedicate a meeting to documentation once a month
|
| API Selection page | Ian Lessing (Unlicensed) | - API select page - fix layout (Denise)
|
| Accounts for separated employees/student | Steven Maglio
| - What do we do with separated employees
- periodic verification (quarterly, yearly)
|
