Skip to end of metadata
Go to start of metadata
You are viewing an old version of this page. View the current version .
Compare with Current
View Page History
« Previous
Version 17
Next »
Date 02 Nov 2018
Attendees Goals Updates on continuing development Review, organize and add to work items
Focus points for this meeting General Info Email groups GoGaucho app review, events API request Google Analytics integration API Health check/Monitoring Discussion items Time Item Who Notes Welcome Greetings and salutations General Info Oregon state university use of Apigee, IMS Global EDU-API standards conversation Drupal/Apigee Students Role Steven Maglio Should we create a group/role called 'Students' Email Groups Steven Maglio GoGaucho Potential PlanSeth Northrop will reach out to Jennifer Lofthus - Seth is waiting until we do our reviewHengyu Liu request for API access - also a developer of the same app For the Campus Web API Group We will need to do a code review of the application We will need to come up with language that says you will use the student credentials securely that they will need to signThe language will also need to state terms of notifications for potential problems (will this make it an official endorsement which will then create legal liabilities ) Most likely we should use the Standard DS (Data Security) agreement We will need to do periodic reviews of the application to ensure the application keeps the security standards in place Our View Point on this ScenarioStudent developed apps should be given just as much opportunity as staff developed apps Their needs to be a security review of any app that is using an API which requires approval before it's approved through the Campus Web API Gateway Reviews of the application will be with team that developed the application and the API Gateway TeamA previous review with a development team can be used to approved any future applications that they create Student developed apps will need to sign extra agreements (like Security DS)Staff developed apps will not need this because the agreement is already part of working on the campus App review update Request for events APIs Diana Antova Will request a discussion with Associated students, Sam Horowitz, Registrar and Jennifer Lofthus. Planning on how to support the students, and provide continuity, either thru hire, or some other method. Workflow - Access Request Diana Antova Diana Antova - Develop Access Request Workflow Requirements (APIGEE-146 ) Use Scheduled Task to send Email asking for more information on new Access Requests Need to include asking for Form to be filled out Need to include list of API Products being asked for Should include a line asking if a face to face meeting would be better Vince Nievares - Document User Access Request Workflow for End Users (APIGEE-120 )Diana Antova - Create Access Request Workflow for End Users (APIGEE-87 )Review API publishing and access request approval process with Registrar - Diana Antova Meeting scheduled for Oct 5 How do we allow logged in users to access the form? Workflow - Publish a New API Diana Antova Dev Portal Documentation - How To Use the Publishing Workflow (APIGEE-119 ) - Ian Lessing (Unlicensed) Steven Maglio Test the workflow with the Registrar office (APIGEE-161 )API publishers - fill in the form for each API, and have them approved by the business owners. How do we allow logged in users to access the form?
Update: Text of Business Functional Email Original: Departmental email that can be included in the communication with the business user. Updated: In case we get ... Diana Antova will figure it out Add example in description for Security Information Move Protection Level above Security Information Split Security Implementation API Provider Security Implementation Add Firewall/IP Restriction Options: API Gateway Security Implementation Availability Level description may need to word smithing @apibot - Powershell Conversion & Hosting Kevin Wu Working on Kevin's Computer (node 8.9.X) (APIGEE-105 & APIGEE-101 ) Apigee Authorization Module (AuthApigee) Replacement Functionality Progress Updateapps apps (no|approved|revoked|pending|all) apps (approve|revoke) email developerApp apps (approve|revoke) email developerApp apiProduct apps search apps users? devs targetservertargetserver list <env> targetserver (add|update) <env> <name> <hostname> targetserver delete <env> <name> companiesKevin Wu will implement?Need to build requirements Need to build use cases Need reporting that will display in developer.ucsb.edu Need annual clean up times Get operational on GCPKevin Wu has determined that GCP is not the right platform for the bot because of the difficulty in setting it up.Kevin Wu tried out Heroku and found it really easy to work with. He wants to know if we can use this?Kevin Wu will write-up a request form and submit it to Matt Hall/Elise Meyer. Heroku for deployment Google Analytics Christian Montecino Talk about the full details of what we want to have google analytics trackInitial list URL Method (GET, POST, etc) Category (Students, Academic, Dining, etc) Response Time HTTP Status Code (200, 401, etc) Research
Apigee will not support exporting data to an external system Christian and Steven created a policy that exports the call info to google analytics. Action Items From Previous Meeting API Access Expected Usage Steven Maglio Expected Usage Text and Legal-ize (Terms of Service) - page on App create send the legal text to the developer on API access request - email on auto-approve for API expected usage, send them the form to fill with a check-box to agree on API usage terms email on requesting that they fill out the form for any non-auto approval- add same check-box Do we have this documented? Has this been turned into an Apigee Ticket? API Versioning Steven Maglio
Drop Minor Versions as a requirement Write standard approach for departments that want to use Minor versions; using the approach is also optional.
Do we have this documented? Has this been turned into an Apigee Ticket? Developer Portal Front Page Updates In About SectionDiana Antova - Add page about winning the Sautter AwardDiana Antova - If Diana thinks its a good idea to add it to the main page, then she will work with Denise to do so CSF notification Diana Antova Email csf to notify developers of existing APIs and the roadmap APIGEE-155 API Health check/Monitoring Steven Maglio will compare Pingdom and Uptime RobotReinard will check out Zabbix Can we ask campus if we can use one of the existing monitoring systems? will use uptime robot Ian Lessing (Unlicensed) , Steven Maglio write requirements - use health check end pointuptime is separate - checks for an api proxy being there, Steven is ready to deploy it to uptime robot API Dictionary Diana Antova API dictionary and data governance - define field meaning, naming conventions (Bruce Miller) Improved Documentation Diana Antova More documentation, need testers that will help us define the optimal set. Can we have a link to a documentation page?dedicate a meeting to documentation once a month API Selection page Ian Lessing (Unlicensed) API select page - fix layout (Denise) Accounts for separated employees/student Steven Maglio
What do we do with separated employees periodic verification (quarterly, yearly)
Action items