Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Project TitleAccess Request Workflow
Target Release
Epic
Document Status
DRAFT
Document Owner

Diana Antova

Document Sign-Off
Subject Matter Expert(s)
Technical Expert(s)

Background & Business Value

We need a workflow to allow developers on campus to request access for APIs that require approval before usage. This is a common use case.

Goals

  • Store information about user applications - contact information and other general information. Have a record of the approval to use APIs for a specific application. 

Assumptions

  • The approval of APIs will be done by business users in most cases, such as the Registrar office. 
  • Other approvals might be done by technical managers at ETS, ARIT, etc.

Out of Scope

Requirements

Ticket(s)TitleUser StoryPriorityNotes

Requests API access.As a Developer, I need a way to request access to APIs for my Apps.MUST HAVE
  • This functionality is provided by the developer portal. After a user creates an application, they can request access to API(s) by selecting the API link initially, or by selecting Edit <API name> to add more APIs.

Notify developers on API approval

 As a developer I would like to receive notification on API approval for automatic and for manual approvals. 


MUST HAVE
  • Public APIs are approved automatically.
  • Other APIs are approved at a later time and the user is not notified by the system.
  • Requesting access to APIs that require approval put the application in Pending mode. 

Notify developer on the process to get accessThe system should notify the developer in an email after they submit a request to APis that require access of the process to follow.MUST HAVE
  • The monitoring service send an email that an application has requested access to an API (that isn't auto-approved)
  • Add a notification to the developer as well wit a link on how to request access

Submit access approval documentationAs a developer I need to submit required documentation to have my API access approved.MUST HAVE

System display a link to documentation on how to submit access request formThe system should display a link to documentation on how to submit an access request form.NICE TO HAVE
  • In addition to an email, the website should have a link to the steps to follow to submit access request.

User Interaction, Design & Architecture

  • The workflow we want
    • Developer (End User)
      1. Create an Account on https://developer.ucsb.edu
      2. Create an App on https://developer.ucsb.edu
        • When creating an app, click on the APIs I would like to use
        • TODO: We should update the API Request Page (My Apps) in Drupal to include text (between the App Name/CallBack Url and the API Product list) with text that states for any API that has "Access Approval Required" next to it will need to have an API Access Request Workflow filled out. There should be a link to the documentation on how to fill the workflow out.
          • Make a Jira ticket out of this
    • Gateway Admin
      • 3. The monitoring service sends an email that an application has requested access to an API (that isn't auto-approved)
        • The monitoring service should also send an email to the requesting developer to inform them that they will need to fill out the API Access Request Workflow with a link to the documentation on how to fill the workflow out.
    • Developer (End User)
    • Gateway Admin
      • 5. 

Examples and References

  • Current Workflow (as of )
    • Developer (End User)
      1. Create an Account on https://developer.ucsb.edu
      2. Create an App on https://developer.ucsb.edu
        • When creating an app, click on the APIs I would like to use
    • Gateway Admin
      • 3. The monitoring service send an email that an application has requested access to an API (that isn't auto-approved)
      • 4. The Gateway Admin then emails the Developer with an Access Request Form and explain what information they need to have. Documentation on the document and what we need from the developer should be implemented with APIGEE-120.
        • The Gateway Admin includes who (the business approvers) should be emailed by the Developer; which a note to CC the Gateway Admins for awareness.
    • Developer (End User)
      • 5. Works with their department staff to fill in the form and get signatures required.
      • 6. Send the Request Form and any additional information to the Business Approvers (with Gateway Admins CC'ed) through email
        • The Gateway Admin will save the initial request document in the box storage area.
    • Business Approvers
      • 5. Receives the Request Form, do their internal review, and complete a feedback loop with the Developer (End Users).
      • 6. Upon Approval or Denial, they send and email to the Developers (End Users) and the Gateway Admins.
    • Gateway Admin
      • 7. Upon Approval
        • The Gateway Admin then Grants access to the App for the API
        • The Gateway Admin will save the finalized document in the box storage area with "- APPROVED" appended to the filename.
      • 7a. Upon Denial
        • The Gateway Admin then Denies access to the App for the API
        • The Gateway Admin will save the finalized document in the box storage area with "- DENIED" appended to the filename.

Questions

Below is a list of questions to be addressed as a result of this requirements document:

QuestionOutcomeDecision Date
  • No labels