Unclear documentation on REST API

Question

Unclear documentation on REST API

Opened this issue 6 years ago · 3 comments

In the API documentation it is said that "Most requests to the ArchivesSpace backend requires a user to be authenticated." (http://archivesspace.github.io/archivesspace/api/#authentication & https://github.com/archivesspace/tech-docs/blob/master/architecture/api.md)

However I can find no reference to those requests which do not require authentication each and every curl example in https://archivesspace.github.io/archivesspace/api/#archivesspace-rest-api starts with curl -H "X-ArchivesSpace-Session: $SESSION" .

Answer 1 · 2018-07-05T15:29:00.000Z

Access to server info with "GET /" ~~is probably the only one that~~ doesn't require some authentication.

Also the OAI endpoints: /oai?verb= and /oai_sample do not require authentication

.permissions([]) # No permissions because the endpoint is effectively public
oai.rb

Answer 2 · 2019-12-17T16:18:54.000Z

@lmcglohon - are the 2 cases above the only ones that don't require authentication? I can edit the docs to add this info.

Answer 3 · 2019-12-17T17:09:03.000Z

@trevorthornton I think there are a bunch more. I moved this here so we can talk about it at the next tech_docs meeting. Not sure we want to maintain a list of APIs that don't need authentication but wanted feedback from the group.