Objective
To provide a campus wide API solution to securely provide data through standardize interfaces for all campus members and associated entities. To create a centralized access point where API providers can list data services they provide and find data services they larger community can consume. To ensure data security through clearly documented, standardized, accessible and actionable policies and best practices. To cultivate a forum where data can be used to service and extend the many aspects of research, development, and business needs of the campus.
API Roadmap
API | Description | Status | Start | Estimated Completion |
---|---|---|---|---|
Graduate Division Applicants Status | Authenticate and query for graduate student applicant data. Useful for housing process for new grad students | IN PROGRESS | ||
Parking Structure Free Spaces Information | Retrieve the number of free spaces in a parking structure | PROPOSED | ||
Identity Provisioning/Deprovisioning Records | Retrieve list of identities which have had a lifecycle event status change. Provisioning Events: Record creation, addition of an affiliation. Deprovisioning Events: Record "soft" deletion, removal of an affiliation. | PROPOSED | ||
Housing Properties | List of places where students, faculty, staff can live | PROPOSED | ||
Campus Buildings | All the campus buildings. Source has been identified as https://ucsb.metabim.com/ | PROPOSED | ||
Employee | Employee name and appointment type information | PROPOSED | ||
Housing Current List of Residents | Do they live here? And, where do they live? There is a need to feed student residence into the SIS Gaucho Blue. There is also need to verify student residency one student at a time for some of the Housing needs. | PROPOSED | ||
Employee Photos | Return the Access Card photos for employees by the UCPath employee ID. It will include the photo hash as well. On hold due to HR concerns. | ON HOLD |
Roadmap
Project | Summary | Status | Start | Estimated Completion |
---|---|---|---|---|
Drupal 8 | Upgrade the Drupal Portal to version 8. This will use the Drupal 8 Apigee plugin (which is still in prerelease). | IN PROGRESS | ||
Usage Reports | Develop API usage reports and make them available to stakeholders and developers who do not have access to the Gateway. | IN PROGRESS | ||
Apigee Teams Feature | Apigee's "Companies" (ie. Teams) feature is a plugin for the Drupal portal with tie-ins to the API Gateway backend. It will allow developers to create Teams, and associate the applications they create with their Teams, rather than themselves. | RESEARCHING | ||
Account Cleanup Project | On an annual basis we would like to review the accounts we have in the system in order to remove accounts that should no longer be active and reduce our security risk profile. To do this we will want to check what accounts are not in active use or their owners are no longer affiliated with the University. | RESEARCHING | ||
Campus API Security Improvements | Better integrate the API security model with the Campus IdM Team's security model. Look at creating service accounts at the campus level and managing their access through the gateway within https://developer.ucsb.edu. | RESEARCHING | ||
Automated Tasks - Access Request Monitor | An automated task which will monitor access requests from users to auto-approve particular APIs and send Access Request information about restricted APIs. | RESEARCHING | ||
@apibot - Reporting | Generate reports on API Usage, Access Violations, and Errors. | RESEARCHING | ||
Statuspage.io Integration | Have a Statuspage to show the availability and history of the APIs and overall system. Similar to SA's statuspage. | WISH LIST | ||
Client Library Reference Architecture | Build a client library that demonstrates how to use the API Key and UCSB Net ID/password combination to retrieve data. This project should be hosted in Github and if possible, a build should be hosted on a public repository (nuget). | WISH LIST | ||
Drupal - Account Creation Review (Approve/Deny) | An extension to drupal which will look at an new account creation. Given a simple set of rules some account requests should be able to be auto-denied. Maybe some can also be auto approved. | RESEARCHING | ||
Account review process | Develop a process to review API access permissions on a regular basis and terminate access as needed. | WISH LIST |
Completed
Project | Summary | Status | Start | Completion |
---|---|---|---|---|
Library Employee List (Private) | Employee name and appointment type information to be used in the Library Alma system to validate current employment status. | COMPLETED | ||
Academic Curriculum (Registrar) | Curriculums service for Campus API (Box) | COMPLETED | ||
Recreation Patron Photos (Private) | Return the student or employee Access card photos by perm or UCPath employee ID (the Fusion padded ID). | COMPLETED | ||
Housing Contract Admissions Status | What status the students housing contract is in | COMPLETED | ||
@apibot - Javascript Conversion | Take the existing functionality of @apibot and convert it from Powershell to Javascript. Move hosting of the bot on the Google Cloud Platform. Develop a workflow that multiple people can develop scripts for it at the same time. Create a CI/CD deployment chain to ensure successful updates. | COMPLETED | ||
Students Rosters (Registrar) | Rosters service for Campus API (Box) | COMPLETED | ||
Meal Plan Information | Meal plans and rates | COMPLETED | ||
Workflow - Access Request | Create a new workflow to improve requesting access to an API. The workflow should capture information about the application and the approveral which can be referenced later on for auditing purposes. | COMPLETED |
| |
Workflow - Publish a New API | Install a workflow system into the Drupal portal and developer a "Publish a New API (for Data/API Providers)" workflow. | COMPLETED | ||
API - Registrar Courses & Student Schedule Public Service | Courses service for Campus API (Box) | COMPLETED | ||
API - Registrar Students Public Service | Students service for Campus API (Box) | COMPLETED | ||
API - Dining Commons General Information | Names, Locations, etc. | COMPLETED | ||
Status Monitoring and Healthchecks | Use a monitoring system to make sure we are notified when an API is unavailable. | COMPLETED | ||
Slack Integration - @apibot | Create a slack integrtion hubot which will handle: search for newly created developer accounts, api product approval, and target server gateway configuration | COMPLETED | ||
Initial Rollout | Create First APIs, Developer Portal, Introductory Documentation, and Communicate with Campus the availability of the System | COMPLETED |
Principles
(We don't always achieve these, but this is what we're shooting for)
- Easy to Find APIs
Provide an easy and quick to use Developer Portal for finding APIs and the data they provide. In order for APIs to be useful, people need to use them and the first step to do that is make them easily found through search engines and clear documentation.
- Efficient and Secure Access Management to APIs
Ensure data security through multiple layers of data security mechanisms while still providing efficient processes for granting access and using services. Data security mechanisms include secure communication, client & user authentication, data protection filtering, and authorization.
- Standardized and Consistent Data Interfaces
Create a consistent understanding of data and it's usage through standardized interfaces, naming conventions, documentation, and functionality. Ensure consistent usage of data by providing API services with common and reusable logic that can be maintained by campus subject matter authorities and can be used by all campus members.
- Governed and Managed API Change Processes
Enable API change management to occur through structured and well known channels that ensure data stability and consistency. Preserve community access to improvements and changes through an open and accessible governance process.