From 10be9b470a68254308bb6067fa74aef886d81609 Mon Sep 17 00:00:00 2001 From: Randy Levensalor Date: Wed, 9 Oct 2024 10:35:35 -0600 Subject: [PATCH 1/7] Updating the notes for the retrieve POST calls Fixes issues Add explanation on why there is a "POST /retrieve-sessions" instead of GET #359 --- code/API_definitions/qod-provisioning.yaml | 3 +++ code/API_definitions/qos-profiles.yaml | 2 ++ code/API_definitions/quality-on-demand.yaml | 3 +++ 3 files changed, 8 insertions(+) diff --git a/code/API_definitions/qod-provisioning.yaml b/code/API_definitions/qod-provisioning.yaml index aae70a90d..e87c526ff 100644 --- a/code/API_definitions/qod-provisioning.yaml +++ b/code/API_definitions/qod-provisioning.yaml @@ -304,6 +304,9 @@ paths: - If a 2-legged access token is used, the device parameter must be provided and identify a device. - The QoD provisioning must have been created by the same API client given in the access token. - If no provisioning is found for the device, an error response 404 is returned with code "NOT_FOUND". + - This call uses the POST method instead of GET to comply with the CAMARA Commonalities guidelines for sending sensitive or complex data in API calls. Since the device field may contain personally identifiable information, it should not be sent via GET. Additionally, this call may include complex data structures. + [CAMARA API Design Guidelines](https://github.com/camaraproject/Commonalities/blob/main/documentation/API-design-guidelines.md#post-or-get-for-transferring-sensitive-or-complex-data) + operationId: retrieveProvisioningByDevice parameters: - $ref: "#/components/parameters/x-correlator" diff --git a/code/API_definitions/qos-profiles.yaml b/code/API_definitions/qos-profiles.yaml index aa90000e1..6fcc80f84 100644 --- a/code/API_definitions/qos-profiles.yaml +++ b/code/API_definitions/qos-profiles.yaml @@ -85,6 +85,8 @@ paths: **NOTES:** - The access token may be either a 2-legged or 3-legged access token. - If the access token is 3-legged, all returned QoS Profiles will be available to all end users associated with the access token. + - This call uses the POST method instead of GET to comply with the CAMARA Commonalities guidelines for sending sensitive or complex data in API calls. Since the device field may contain personally identifiable information, it should not be sent via GET. Additionally, this call may include complex data structures. + [CAMARA API Design Guidelines](https://github.com/camaraproject/Commonalities/blob/main/documentation/API-design-guidelines.md#post-or-get-for-transferring-sensitive-or-complex-data) security: - openId: diff --git a/code/API_definitions/quality-on-demand.yaml b/code/API_definitions/quality-on-demand.yaml index d42f23998..ea6bc68d4 100644 --- a/code/API_definitions/quality-on-demand.yaml +++ b/code/API_definitions/quality-on-demand.yaml @@ -408,6 +408,9 @@ paths: - If a 2-legged access token is used, the device parameter must be provided and identify a device. - The session must have been created by the same API client given in the access token - If no QoS session is found for the requested device, an empty array is returned. + - This call uses the POST method instead of GET to comply with the CAMARA Commonalities guidelines for sending sensitive or complex data in API calls. Since the device field may contain personally identifiable information, it should not be sent via GET. Additionally, this call may include complex data structures. + [CAMARA API Design Guidelines](https://github.com/camaraproject/Commonalities/blob/main/documentation/API-design-guidelines.md#post-or-get-for-transferring-sensitive-or-complex-data) + operationId: retrieveSessionsByDevice parameters: - $ref: "#/components/parameters/x-correlator" From 2aae560dab241f6e2f408596c777b3c823d6e136 Mon Sep 17 00:00:00 2001 From: Randy Levensalor Date: Wed, 9 Oct 2024 10:38:32 -0600 Subject: [PATCH 2/7] Updating text --- code/API_definitions/qod-provisioning.yaml | 2 +- code/API_definitions/quality-on-demand.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/code/API_definitions/qod-provisioning.yaml b/code/API_definitions/qod-provisioning.yaml index e87c526ff..39988f77c 100644 --- a/code/API_definitions/qod-provisioning.yaml +++ b/code/API_definitions/qod-provisioning.yaml @@ -304,7 +304,7 @@ paths: - If a 2-legged access token is used, the device parameter must be provided and identify a device. - The QoD provisioning must have been created by the same API client given in the access token. - If no provisioning is found for the device, an error response 404 is returned with code "NOT_FOUND". - - This call uses the POST method instead of GET to comply with the CAMARA Commonalities guidelines for sending sensitive or complex data in API calls. Since the device field may contain personally identifiable information, it should not be sent via GET. Additionally, this call may include complex data structures. + - This call uses the POST method instead of GET to comply with the CAMARA Commonalities guidelines for sending sensitive or complex data in API calls. Since the device field may contain personally identifiable information, it should not be sent via GET. [CAMARA API Design Guidelines](https://github.com/camaraproject/Commonalities/blob/main/documentation/API-design-guidelines.md#post-or-get-for-transferring-sensitive-or-complex-data) operationId: retrieveProvisioningByDevice diff --git a/code/API_definitions/quality-on-demand.yaml b/code/API_definitions/quality-on-demand.yaml index ea6bc68d4..f54aeda1c 100644 --- a/code/API_definitions/quality-on-demand.yaml +++ b/code/API_definitions/quality-on-demand.yaml @@ -408,7 +408,7 @@ paths: - If a 2-legged access token is used, the device parameter must be provided and identify a device. - The session must have been created by the same API client given in the access token - If no QoS session is found for the requested device, an empty array is returned. - - This call uses the POST method instead of GET to comply with the CAMARA Commonalities guidelines for sending sensitive or complex data in API calls. Since the device field may contain personally identifiable information, it should not be sent via GET. Additionally, this call may include complex data structures. + - This call uses the POST method instead of GET to comply with the CAMARA Commonalities guidelines for sending sensitive or complex data in API calls. Since the device field may contain personally identifiable information, it should not be sent via GET. [CAMARA API Design Guidelines](https://github.com/camaraproject/Commonalities/blob/main/documentation/API-design-guidelines.md#post-or-get-for-transferring-sensitive-or-complex-data) operationId: retrieveSessionsByDevice From b5bc186d17804ea6f66342e3ff61ddecb2bd2492 Mon Sep 17 00:00:00 2001 From: Randy Levensalor Date: Tue, 15 Oct 2024 09:46:34 -0600 Subject: [PATCH 3/7] Updating link to use tag in comment Co-authored-by: Herbert Damker --- code/API_definitions/qod-provisioning.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code/API_definitions/qod-provisioning.yaml b/code/API_definitions/qod-provisioning.yaml index 39988f77c..9a53856d8 100644 --- a/code/API_definitions/qod-provisioning.yaml +++ b/code/API_definitions/qod-provisioning.yaml @@ -305,7 +305,7 @@ paths: - The QoD provisioning must have been created by the same API client given in the access token. - If no provisioning is found for the device, an error response 404 is returned with code "NOT_FOUND". - This call uses the POST method instead of GET to comply with the CAMARA Commonalities guidelines for sending sensitive or complex data in API calls. Since the device field may contain personally identifiable information, it should not be sent via GET. - [CAMARA API Design Guidelines](https://github.com/camaraproject/Commonalities/blob/main/documentation/API-design-guidelines.md#post-or-get-for-transferring-sensitive-or-complex-data) + [CAMARA API Design Guidelines](https://github.com/camaraproject/Commonalities/blob/r0.4.0/documentation/API-design-guidelines.md#post-or-get-for-transferring-sensitive-or-complex-data) operationId: retrieveProvisioningByDevice parameters: From ca9a14337200a674983f1044ebffe91f591359d7 Mon Sep 17 00:00:00 2001 From: Randy Levensalor Date: Tue, 15 Oct 2024 09:46:42 -0600 Subject: [PATCH 4/7] Updating link to use tag in comment Co-authored-by: Herbert Damker --- code/API_definitions/quality-on-demand.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code/API_definitions/quality-on-demand.yaml b/code/API_definitions/quality-on-demand.yaml index f54aeda1c..f02a13db0 100644 --- a/code/API_definitions/quality-on-demand.yaml +++ b/code/API_definitions/quality-on-demand.yaml @@ -409,7 +409,7 @@ paths: - The session must have been created by the same API client given in the access token - If no QoS session is found for the requested device, an empty array is returned. - This call uses the POST method instead of GET to comply with the CAMARA Commonalities guidelines for sending sensitive or complex data in API calls. Since the device field may contain personally identifiable information, it should not be sent via GET. - [CAMARA API Design Guidelines](https://github.com/camaraproject/Commonalities/blob/main/documentation/API-design-guidelines.md#post-or-get-for-transferring-sensitive-or-complex-data) + [CAMARA API Design Guidelines](https://github.com/camaraproject/Commonalities/blob/r0.4.0/documentation/API-design-guidelines.md#post-or-get-for-transferring-sensitive-or-complex-data) operationId: retrieveSessionsByDevice parameters: From b31d5dee2c70ae75cfe52ca675e221d74fc6f2cc Mon Sep 17 00:00:00 2001 From: Randy Levensalor Date: Tue, 15 Oct 2024 09:46:50 -0600 Subject: [PATCH 5/7] Updating link to use tag in comment Co-authored-by: Herbert Damker --- code/API_definitions/qos-profiles.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code/API_definitions/qos-profiles.yaml b/code/API_definitions/qos-profiles.yaml index 6fcc80f84..68ddde1a6 100644 --- a/code/API_definitions/qos-profiles.yaml +++ b/code/API_definitions/qos-profiles.yaml @@ -86,7 +86,7 @@ paths: - The access token may be either a 2-legged or 3-legged access token. - If the access token is 3-legged, all returned QoS Profiles will be available to all end users associated with the access token. - This call uses the POST method instead of GET to comply with the CAMARA Commonalities guidelines for sending sensitive or complex data in API calls. Since the device field may contain personally identifiable information, it should not be sent via GET. Additionally, this call may include complex data structures. - [CAMARA API Design Guidelines](https://github.com/camaraproject/Commonalities/blob/main/documentation/API-design-guidelines.md#post-or-get-for-transferring-sensitive-or-complex-data) + [CAMARA API Design Guidelines](https://github.com/camaraproject/Commonalities/blob/r0.4.0/documentation/API-design-guidelines.md#post-or-get-for-transferring-sensitive-or-complex-data) security: - openId: From 7ea0672f6a09ac9822aa799a42a7f9b9e5220ff9 Mon Sep 17 00:00:00 2001 From: Randy Levensalor Date: Fri, 15 Nov 2024 05:58:39 -0700 Subject: [PATCH 6/7] Update code/API_definitions/qod-provisioning.yaml Adding link into flow of text Co-authored-by: Jose Luis Urien --- code/API_definitions/qod-provisioning.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code/API_definitions/qod-provisioning.yaml b/code/API_definitions/qod-provisioning.yaml index 9a53856d8..5f0cd7333 100644 --- a/code/API_definitions/qod-provisioning.yaml +++ b/code/API_definitions/qod-provisioning.yaml @@ -304,7 +304,7 @@ paths: - If a 2-legged access token is used, the device parameter must be provided and identify a device. - The QoD provisioning must have been created by the same API client given in the access token. - If no provisioning is found for the device, an error response 404 is returned with code "NOT_FOUND". - - This call uses the POST method instead of GET to comply with the CAMARA Commonalities guidelines for sending sensitive or complex data in API calls. Since the device field may contain personally identifiable information, it should not be sent via GET. + - This call uses the POST method instead of GET to comply with the [CAMARA Commonalities guidelines](https://github.com/camaraproject/Commonalities/blob/r0.4.0/documentation/API-design-guidelines.md#post-or-get-for-transferring-sensitive-or-complex-data) for sending sensitive or complex data in API calls. Since the device field may contain personally identifiable information, it should not be sent via GET. [CAMARA API Design Guidelines](https://github.com/camaraproject/Commonalities/blob/r0.4.0/documentation/API-design-guidelines.md#post-or-get-for-transferring-sensitive-or-complex-data) operationId: retrieveProvisioningByDevice From cc1e8b36eb6865525430d92ca2d0b282a6a6cd05 Mon Sep 17 00:00:00 2001 From: Randy Levensalor Date: Fri, 15 Nov 2024 05:58:58 -0700 Subject: [PATCH 7/7] Update code/API_definitions/qod-provisioning.yaml Moved link, no longer needed here. Co-authored-by: Jose Luis Urien --- code/API_definitions/qod-provisioning.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/code/API_definitions/qod-provisioning.yaml b/code/API_definitions/qod-provisioning.yaml index 5f0cd7333..7b1a4bcb7 100644 --- a/code/API_definitions/qod-provisioning.yaml +++ b/code/API_definitions/qod-provisioning.yaml @@ -305,7 +305,6 @@ paths: - The QoD provisioning must have been created by the same API client given in the access token. - If no provisioning is found for the device, an error response 404 is returned with code "NOT_FOUND". - This call uses the POST method instead of GET to comply with the [CAMARA Commonalities guidelines](https://github.com/camaraproject/Commonalities/blob/r0.4.0/documentation/API-design-guidelines.md#post-or-get-for-transferring-sensitive-or-complex-data) for sending sensitive or complex data in API calls. Since the device field may contain personally identifiable information, it should not be sent via GET. - [CAMARA API Design Guidelines](https://github.com/camaraproject/Commonalities/blob/r0.4.0/documentation/API-design-guidelines.md#post-or-get-for-transferring-sensitive-or-complex-data) operationId: retrieveProvisioningByDevice parameters: