2018-11-16 Meeting Notes

Date

Attendees

Goals

  • Updates on continuing development
  • Review, organize and add to work items


Focus points for this meeting

  • General Info
  • Email groups
  • GoGaucho app 
  • Publishing workflow
  • Google Analytics integration
  • API Health check/Monitoring

Discussion items

TimeItemWhoNotes
Welcome
  • Greetings and salutations

General Info

Email GroupsSteven Maglio

GoGaucho
  • Meeting scheduled with campus representatives to discuss the student app development support, scheduled for  
    • Branding
    • Legal documents to sign
    • Who is responsible if something happens - a data breach
    • Can we create a badge that the app is approved by UCSB?
    • API team has the authority to do the security code review, in addition to the technical support representative for the data being requested
    • Adding language to the app to let students know that this is not an official UCSB app?
    • What role the Student Code of Conduct play?
  • Steven Maglio to follow up on resolving the issues that we have identified, including removing the server use from China
  • Add documentation on the website about security reviews, guidance on how to use securely APIs (similar to Oregon State U.), include guidance on where to store the key if they are a student, or don't have a solution in place

Mobile Applications That We Should Reach Out ToSteven Maglio
  • iOS
    • GoGaucho 
    • Gaucho Life
    • UC Santa Barbara Guides
    • UC Santa Barbara Events
    • UCSB - UC Santa Barbara (Involvio LLC)
  • Android
    • UC Santa Barbara Guides
    • UC Santa Barbara Events

Workflow - Access RequestDiana Antova

Workflow - Publish a New APIDiana Antova
  • Dev Portal Documentation - How To Use the Publishing Workflow (APIGEE-119) - Ian Lessing (Unlicensed)
  • Steven Maglio Test the workflow with the Registrar office (APIGEE-161)
  • API publishers - fill in the form for each API, and have them approved by the business owners. 
  • How do we allow logged in users to access the form?

@apibot - Powershell Conversion & HostingKevin Wu
  • Working on Kevin's Computer (node 8.9.X) (APIGEE-105 & APIGEE-101)
  • Apigee Authorization Module (AuthApigee)
  • Replacement Functionality Progress Update
    • apps 
      • apps (no|approved|revoked|pending|all)
      • apps (approve|revoke) email developerApp
      • apps (approve|revoke) email developerApp apiProduct
      • apps search
      • apps users?
    • devs
      • devs created <days=1>
    • targetserver
      • targetserver list <env>
      • targetserver (add|update) <env> <name> <hostname>
      • targetserver delete <env> <name>
    • companies
      • Kevin Wu will implement?
      • Need to build requirements
      • Need to build use cases
      • Need reporting that will display in developer.ucsb.edu
      • Need annual clean up times
  • Get operational on GCP
    • Kevin Wu has determined that GCP is not the right platform for the bot because of the difficulty in setting it up.
    • Kevin Wu tried out Heroku and found it really easy to work with. He wants to know if we can use this?
      • Kevin Wu will write-up a request form and submit it to Matt Hall/Elise Meyer.
  • Heroku for deployment

Action Items From Previous Meeting



API Access Expected UsageSteven Maglio
  • Expected Usage Text and Legal-ize (Terms of Service) - page
  • on App create send the legal text to the developer
  • on API access request - 
    • email on auto-approve for API expected usage, send them the form to fill with a check-box to agree on API usage terms
    • email on requesting that they fill out  the form for any non-auto approval- add same check-box
  • Do we have this documented? Has this been turned into an Apigee Ticket?

API Versioning

Steven Maglio

  • Drop Minor Versions as a requirement
  • Write standard approach for departments that want to use Minor versions; using the approach is also optional.



  • Do we have this documented? Has this been turned into an Apigee Ticket?

Developer Portal Front Page Updates
  • In About Section
    • Diana Antova - Add page about winning the Sautter Award
    • Diana Antova - If Diana thinks its a good idea to add it to the main page, then she will work with Denise to do so

CSF notificationDiana Antova
  • Email csf to notify developers of existing APIs and the roadmap APIGEE-155

API Health check/MonitoringDiana Antova
  • Steven Maglio will compare Pingdom and Uptime Robot
  • Reinard will check out Zabbix
  • Can we ask campus if we can use one of the existing monitoring systems?
  • will use uptime robot
  • Ian Lessing (Unlicensed)Steven Maglio write requirements - use health check end point
  • uptime is separate - checks for an api proxy being there, steven is ready to deploy it to uptime robot

API DictionaryDiana Antova
  • API dictionary and data governance - define field meaning, naming conventions (Bruce Miller)

Improved DocumentationDiana Antova
  • More documentation, need testers that will help us define the optimal set. Can we have a link to a documentation page?
    • dedicate a meeting to documentation once a month

API Selection pageIan Lessing (Unlicensed)
  • API select page - fix layout (Denise)

Accounts for separated employees/student

 Steven Maglio


  • What do we do with separated employees
  • periodic verification (quarterly, yearly)

Google AnalyticsChristian Montecino




Action items

  •