[Archivesspace_Users_Group] ArchivesSpace RESTful API authentication and access

David P. Steelman dsteelma at umd.edu
Tue Sep 29 11:36:01 EDT 2020


I've been investigating providing access to the ArchivesSpace RESTful API
to an expanded group of users.

Through testing, it appears that many of the RESTful API endpoints (see
below) do not require user authentication (i.e., do not require a "session"
key), and access apparently cannot be controlled through the ArchivesSpace
permission infrastructure.

While the information provided by most of these endpoints might be
considered "public", some (such as information from the "agents" endpoints)
could contain names and contact information that might be considered
sensitive.

Is the inability to control access to these endpoints via the ArchivesSpace
permissions infrastructure intentional? Is there some way to control access
to these endpoints that I'm missing?

A (non-exhaustive) list of the endpoints that will return information to
anything that can reach them:

/agents/corporate_entities - List all corporate entity
/agents/corporate_entities/:id - Get a corporate entity by ID
/agents/families - List all family agents
/agents/families/:id - Get a family by ID
/agents/people - List all person agents
/agents/people/:id - Get a person by ID
/agents/software - List all software agents
/agents/software/:id - Get a software agent by ID
/container_profiles - Get a list of Container Profiles
/container_profiles/:id - Get a Container Profile by ID
/config/enumerations - List all defined enumerations
/config/enumerations/:enum_id - Get an Enumeration
/config/enumerations/names/:enum_name - Get an Enumeration by Name
/config/enumeration_values/:enum_val_id - Get an Enumeration Value
/repositories/:repo_id/archival_contexts/people/:id.xml - Get an EAC-CPF
representation of an Agent
/repositories/:repo_id/archival_contexts/people/:id.:fmt/metadata - Get
metadata for an EAC-CPF export of a person
/repositories/:repo_id/archival_contexts/corporate_entities/:id.xml - Get
an EAC-CPF representation of a Corporate Entity
/repositories/:repo_id/archival_contexts/corporate_entities/:id.:fmt/metadata
- Get metadata for an EAC-CPF export of a corporate entity
/repositories/:repo_id/archival_contexts/families/:id.xml - Get an EAC-CPF
representation of a Family
/repositories/:repo_id/archival_contexts/families/:id.:fmt/metadata - Get
metadata for an EAC-CPF export of a family
/repositories/:repo_id/archival_contexts/softwares/:id.xml - Get an EAC-CPF
representation of a Software agent
/repositories/:repo_id/archival_contexts/softwares/:id.:fmt/metadata - Get
metadata for an EAC-CPF export of a software
/job_types - List all supported job types
/repositories/:repo_id/jobs/import_types - List all supported import job
types
/location_profiles - Get a list of Location Profiles
/location_profiles/:id - Get a Location Profile by ID
/search/location_profile - Search across Location Profile
/locations - Get a list of locations
/locations/:id - Get a Location by ID
/notifications - Get a stream of notifications
/oai_config - Get the OAI Config record
/permissions - Get a list of Permissions
/repositories/:repo_id/preferences/defaults - Get the default set of
Preferences for a Repository and optionally a user
/repositories/:repo_id/rde_templates/:id - Get an RDE template record
/repositories/:repo_id/rde_templates - Get a list of RDE Templates
/reports - List all reports
/repositories/with_agent/:id - Get a Repository by ID, including its agent
representation
/repositories/:id - Get a Repository by ID
/repositories - Get a list of Repositories
/schemas - Get all ArchivesSpace schemas
/schemas/:schema - Get an ArchivesSpace schema
/search/repositories - Search across repositories
/search/subjects - Search across subjects
/space_calculator/buildings - Get a Location by ID
/subjects - Get a list of Subjects
/subjects/:id - Get a Subject by ID
/terms - Get a list of Terms matching a prefix
/users - Get a list of users
/users/complete - Get a list of system users
/version - Get the ArchivesSpace application version
/vocabularies - Get a list of Vocabularies
/vocabularies/:id/terms - Get a list of Terms for a Vocabulary
/vocabularies/:id - Get a Vocabulary by ID

Thanks,

David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lyralists.lyrasis.org/pipermail/archivesspace_users_group/attachments/20200929/f3892c93/attachment.html>


More information about the Archivesspace_Users_Group mailing list