Merge pull request #372 from cablelabs/feat/retrieve-post-note

Updating the notes for the retrieve POST calls
camaraproject · Nov 19, 2024 · dad201a · dad201a
2 parents 40eceef + cc1e8b3
commit dad201a
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 0 deletions.
diff --git a/code/API_definitions/qod-provisioning.yaml b/code/API_definitions/qod-provisioning.yaml
@@ -304,6 +304,8 @@ paths:
           - If a 2-legged access token is used, the device parameter must be provided and identify a device.
         - The QoD provisioning must have been created by the same API client given in the access token.
         - If no provisioning is found for the device, an error response 404 is returned with code "NOT_FOUND".
+        - This call uses the POST method instead of GET to comply with the [CAMARA Commonalities guidelines](https://github.com/camaraproject/Commonalities/blob/r0.4.0/documentation/API-design-guidelines.md#post-or-get-for-transferring-sensitive-or-complex-data) for sending sensitive or complex data in API calls. Since the device field may contain personally identifiable information, it should not be sent via GET.
+
       operationId: retrieveProvisioningByDevice
       parameters:
         - $ref: "#/components/parameters/x-correlator"

diff --git a/code/API_definitions/qos-profiles.yaml b/code/API_definitions/qos-profiles.yaml
@@ -85,6 +85,8 @@ paths:
         **NOTES:**
         - The access token may be either a 2-legged or 3-legged access token.
         - If the access token is 3-legged, all returned QoS Profiles will be available to all end users associated with the access token.
+        - This call uses the POST method instead of GET to comply with the CAMARA Commonalities guidelines for sending sensitive or complex data in API calls. Since the device field may contain personally identifiable information, it should not be sent via GET. Additionally, this call may include complex data structures.
+          [CAMARA API Design Guidelines](https://github.com/camaraproject/Commonalities/blob/r0.4.0/documentation/API-design-guidelines.md#post-or-get-for-transferring-sensitive-or-complex-data)
 
       security:
         - openId:

diff --git a/code/API_definitions/quality-on-demand.yaml b/code/API_definitions/quality-on-demand.yaml
@@ -408,6 +408,9 @@ paths:
           - If a 2-legged access token is used, the device parameter must be provided and identify a device.
         - The session must have been created by the same API client given in the access token
         - If no QoS session is found for the requested device, an empty array is returned.
+        - This call uses the POST method instead of GET to comply with the CAMARA Commonalities guidelines for sending sensitive or complex data in API calls. Since the device field may contain personally identifiable information, it should not be sent via GET.
+          [CAMARA API Design Guidelines](https://github.com/camaraproject/Commonalities/blob/r0.4.0/documentation/API-design-guidelines.md#post-or-get-for-transferring-sensitive-or-complex-data)
+
       operationId: retrieveSessionsByDevice
       parameters:
         - $ref: "#/components/parameters/x-correlator"