2018-11-09 Meeting Notes

Date

Attendees

Goals

  • Updates on continuing development
  • Review, organize and add to work items


Focus points for this meeting

  • General Info
  • Email groups
  • GoGaucho app review
  • Google Analytics integration
  • API Health check/Monitoring

Discussion items

TimeItemWhoNotes
Welcome
  • Greetings and salutations

General Info

chandler

organization has expanded to 20 students

they have thought about going for funding for Heroku service, 

As senate - each Wednesday evening, can attend and ask that AS sponsors them. can get funding it has to be available to everybody.

As is building food recovery app



Events API

11:00 - 11:30 AM

Alex Parraga & Matt Perko
  • Alex P and Matt P from Public Affairs & Communications will join us to talk about an API
  • localist - event management software 
  • feeds from AS events
  • displays on ucsb.edu
  • feed from AS to localist
  • csv file exported every night and loaded into localist
  • localist - cloud hosted solution, calendar engine is embedded, once you click on it you are on localist
  • tool that can be utilized across campus
  • there is the localist widget that allow sto be embedded in any 
  • localist does not do a lot of student specific 
  • localist has a good API
  • trying to avoid 
  • As calendar has a lot more fields, related to tickets. Localist has more limited functionality
  • localist - the public facing events. Localist has added some new groups.
  • As - for student centric events, but they have all events. no student events, only limited number of orgsync, the ones that ask them for money. they do all ticketing except the A&L.
  • As and public affairs need to define their relationship better.
  • They have license for all users and all events in localist.
  • Steven can create a meeting once a month to check on the progress of combining all events in localist

Email GroupsSteven Maglio

GoGaucho
  • Potential Plan
    • Seth Northrop will reach out to Jennifer Lofthus - Seth is waiting until we do our review
    • Hengyu Liu request for API access - also a developer of the same app
    • For the Campus Web API Group 
      • We will need to do a code review of the application
      • We will need to come up with language that says you will use the student credentials securely that they will need to sign
        • The language will also need to state terms of notifications for potential problems (will this make it an official endorsement which will then create legal liabilities (question))
        • Most likely we should use the Standard DS (Data Security) agreement
      • We will need to do periodic reviews of the application to ensure the application keeps the security standards in place
    • Our View Point on this Scenario
      • Student developed apps should be given just as much opportunity as staff developed apps
      • Their needs to be a security review of any app that is using an API which requires approval before it's approved through the Campus Web API Gateway
      • Reviews of the application will be with team that developed the application and the API Gateway Team
        • A previous review with a development team can be used to approved any future applications that they create
      • Student developed apps will need to sign extra agreements (like Security DS)
        • Staff developed apps will not need this because the agreement is already part of working on the campus

Mobile Applications That We Should Reach Out ToSteven Maglio
  • iOS
    • GoGaucho 
    • Gaucho Life
    • UC Santa Barbara Guides
    • UC Santa Barbara Events
    • UCSB - UC Santa Barbara (Involvio LLC)
  • Android
    • UC Santa Barbara Guides
    • UC Santa Barbara Events

Workflow - Access RequestDiana Antova

Workflow - Publish a New APIDiana Antova
  • Dev Portal Documentation - How To Use the Publishing Workflow (APIGEE-119) - Ian Lessing (Unlicensed)
  • Steven Maglio Test the workflow with the Registrar office (APIGEE-161)
  • API publishers - fill in the form for each API, and have them approved by the business owners. 
  • How do we allow logged in users to access the form?


  • Update: Text of Business Functional Email
    • Original: Departmental email that can be included in the communication with the business user. 
    • Updated: In case we get ... Diana Antova will figure it out
  • Add example in description for Security Information
  • Move Protection Level above Security Information
  • Split Security Implementation
    • API Provider Security Implementation
      • Add Firewall/IP Restriction
      • Options:
        • Remove OpenID
    • API Gateway Security Implementation
      • Options:
        • API Key
        • OAuth
  • Availability Level description may need to word smithing

@apibot - Powershell Conversion & HostingKevin Wu
  • Working on Kevin's Computer (node 8.9.X) (APIGEE-105 & APIGEE-101)
  • Apigee Authorization Module (AuthApigee)
  • Replacement Functionality Progress Update
    • apps 
      • apps (no|approved|revoked|pending|all)
      • apps (approve|revoke) email developerApp
      • apps (approve|revoke) email developerApp apiProduct
      • apps search
      • apps users?
    • devs
      • devs created <days=1>
    • targetserver
      • targetserver list <env>
      • targetserver (add|update) <env> <name> <hostname>
      • targetserver delete <env> <name>
    • companies
      • Kevin Wu will implement?
      • Need to build requirements
      • Need to build use cases
      • Need reporting that will display in developer.ucsb.edu
      • Need annual clean up times
  • Get operational on GCP
    • Kevin Wu has determined that GCP is not the right platform for the bot because of the difficulty in setting it up.
    • Kevin Wu tried out Heroku and found it really easy to work with. He wants to know if we can use this?
      • Kevin Wu will write-up a request form and submit it to Matt Hall/Elise Meyer.
  • Heroku for deployment

Google AnalyticsChristian Montecino
  • Talk about the full details of what we want to have google analytics track
    • Initial list 
      • URL
      • Method (GET, POST, etc)
      • Category (Students, Academic, Dining, etc)
      • Response Time
      • HTTP Status Code (200, 401, etc) 
  • Research

  • Apigee will not support exporting data to an external system
  • Christian and Steven created a policy that exports the call info to google analytics.

Action Items From Previous Meeting



API Access Expected UsageSteven Maglio
  • Expected Usage Text and Legal-ize (Terms of Service) - page
  • on App create send the legal text to the developer
  • on API access request - 
    • email on auto-approve for API expected usage, send them the form to fill with a check-box to agree on API usage terms
    • email on requesting that they fill out  the form for any non-auto approval- add same check-box
  • Do we have this documented? Has this been turned into an Apigee Ticket?

API Versioning

Steven Maglio

  • Drop Minor Versions as a requirement
  • Write standard approach for departments that want to use Minor versions; using the approach is also optional.



  • Do we have this documented? Has this been turned into an Apigee Ticket?

Developer Portal Front Page Updates
  • In About Section
    • Diana Antova - Add page about winning the Sautter Award
    • Diana Antova - If Diana thinks its a good idea to add it to the main page, then she will work with Denise to do so

CSF notificationDiana Antova
  • Email csf to notify developers of existing APIs and the roadmap APIGEE-155

API Health check/MonitoringDiana Antova
  • Steven Maglio will compare Pingdom and Uptime Robot
  • Reinard will check out Zabbix
  • Can we ask campus if we can use one of the existing monitoring systems?
  • will use uptime robot
  • Ian Lessing (Unlicensed)Steven Maglio write requirements - use health check end point
  • uptime is separate - checks for an api proxy being there, steven is ready to deploy it to uptime robot

API DictionaryDiana Antova
  • API dictionary and data governance - define field meaning, naming conventions (Bruce Miller)

Improved DocumentationDiana Antova
  • More documentation, need testers that will help us define the optimal set. Can we have a link to a documentation page?
    • dedicate a meeting to documentation once a month

API Selection pageIan Lessing (Unlicensed)
  • API select page - fix layout (Denise)

Accounts for separated employees/student

 Steven Maglio


  • What do we do with separated employees
  • periodic verification (quarterly, yearly)

Action items

  •