Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 16 Next »

Date

Attendees

Goals

  • Updates on continuing development
  • Review, organize and add to work items


Focus points for this meeting

  • General Info
  • Email groups
  • GoGaucho app review, events API request
  • Google Analytics integration
  • API Health check/Monitoring

Discussion items

TimeItemWhoNotes
Welcome
  • Greetings and salutations

General Info
  • Oregon state university use of Apigee, IMS Global EDU-API standards conversation

Drupal/Apigee Students RoleSteven Maglio
  • Should we create a group/role called 'Students' (question)

Email GroupsSteven Maglio

GoGaucho
  • Potential Plan
    • Seth Northrop will reach out to Jennifer Lofthus - Seth is waiting until we do our review
    • Hengyu Liu request for API access - also a developer of the same app
    • For the Campus Web API Group 
      • We will need to do a code review of the application
      • We will need to come up with language that says you will use the student credentials securely that they will need to sign
        • The language will also need to state terms of notifications for potential problems (will this make it an official endorsement which will then create legal liabilities (question))
        • Most likely we should use the Standard DS (Data Security) agreement
      • We will need to do periodic reviews of the application to ensure the application keeps the security standards in place
    • Our View Point on this Scenario
      • Student developed apps should be given just as much opportunity as staff developed apps
      • Their needs to be a security review of any app that is using an API which requires approval before it's approved through the Campus Web API Gateway
      • Reviews of the application will be with team that developed the application and the API Gateway Team
        • A previous review with a development team can be used to approved any future applications that they create
      • Student developed apps will need to sign extra agreements (like Security DS)
        • Staff developed apps will not need this because the agreement is already part of working on the campus
  • App review update
  • Request for events APIs
  • Diana Antova Will request a discussion with Associated students, Sam Horowitz, Registrar and Jennifer Lofthus. 
  • Planning on how to support the students, and provide continuity, either thru hire, or some other method. 

Workflow - Access RequestDiana Antova

Workflow - Publish a New APIDiana Antova
  • Dev Portal Documentation - How To Use the Publishing Workflow (APIGEE-119) - Ian Lessing (Unlicensed)
  • Steven Maglio Test the workflow with the Registrar office (APIGEE-161)
  • API publishers - fill in the form for each API, and have them approved by the business owners. 
  • How do we allow logged in users to access the form?


  •  Update: Text of Business Functional Email
    • Original: Departmental email that can be included in the communication with the business user. 
    • Updated: In case we get ... Diana Antova will figure it out
  • Add example in description for Security Information
  • Move Protection Level above Security Information
  • Split Security Implementation
    • API Provider Security Implementation
      • Add Firewall/IP Restriction
      • Options:
        • Remove OpenID
    • API Gateway Security Implementation
      • Options:
        • API Key
        • OAuth
  • Availability Level description may need to word smithing

@apibot - Powershell Conversion & HostingKevin Wu
  • Working on Kevin's Computer (node 8.9.X) (APIGEE-105 & APIGEE-101)
  • Apigee Authorization Module (AuthApigee)
  • Replacement Functionality Progress Update
    • apps 
      • apps (no|approved|revoked|pending|all)
      • apps (approve|revoke) email developerApp
      • apps (approve|revoke) email developerApp apiProduct
      • apps search
      • apps users?
    • devs
      • devs created <days=1>
    • targetserver
      • targetserver list <env>
      • targetserver (add|update) <env> <name> <hostname>
      • targetserver delete <env> <name>
    • companies
      • Kevin Wu will implement?
      • Need to build requirements
      • Need to build use cases
      • Need reporting that will display in developer.ucsb.edu
      • Need annual clean up times
  • Get operational on GCP
    • Kevin Wu has determined that GCP is not the right platform for the bot because of the difficulty in setting it up.
    • Kevin Wu tried out Heroku and found it really easy to work with. He wants to know if we can use this?
      • Kevin Wu will write-up a request form and submit it to Matt Hall/Elise Meyer.
  • Heroku for deployment

Google AnalyticsChristian Montecino
  • Talk about the full details of what we want to have google analytics track
    • Initial list 
      • URL
      • Method (GET, POST, etc)
      • Category (Students, Academic, Dining, etc)
      • Response Time
      • HTTP Status Code (200, 401, etc) 
  • Research

  • Apigee will not support exporting data to an external system
  • Christian and Steven created a policy that exports the call info to google analytics.

Action Items From Previous Meeting



API Access Expected UsageSteven Maglio
  • Expected Usage Text and Legal-ize (Terms of Service) - page
  • on App create send the legal text to the developer
  • on API access request - 
    • email on auto-approve for API expected usage, send them the form to fill with a check-box to agree on API usage terms
    • email on requesting that they fill out  the form for any non-auto approval- add same check-box
  • Do we have this documented? Has this been turned into an Apigee Ticket?

API Versioning

Steven Maglio

  • Drop Minor Versions as a requirement
  • Write standard approach for departments that want to use Minor versions; using the approach is also optional.



  • Do we have this documented? Has this been turned into an Apigee Ticket?

Developer Portal Front Page Updates
  • In About Section
    • Diana Antova - Add page about winning the Sautter Award
    • Diana Antova - If Diana thinks its a good idea to add it to the main page, then she will work with Denise to do so

CSF notificationDiana Antova
  • Email csf to notify developers of existing APIs and the roadmap APIGEE-155

API Health check/Monitoring
  • Steven Maglio will compare Pingdom and Uptime Robot
  • Reinard will check out Zabbix
  • Can we ask campus if we can use one of the existing monitoring systems?
  • will use uptime robot
  • Ian Lessing (Unlicensed)Steven Maglio write requirements - use health check end point
  • uptime is separate - checks for an api proxy being there, Steven is ready to deploy it to uptime robot

API DictionaryDiana Antova
  • API dictionary and data governance - define field meaning, naming conventions (Bruce Miller)

Improved DocumentationDiana Antova
  • More documentation, need testers that will help us define the optimal set. Can we have a link to a documentation page?
    • dedicate a meeting to documentation once a month

API Selection pageIan Lessing (Unlicensed)
  • API select page - fix layout (Denise)

Accounts for separated employees/student

 Steven Maglio


  • What do we do with separated employees
  • periodic verification (quarterly, yearly)

Action items

  •  







  • No labels