Closed wadhwamatic closed 1 year ago
Hello @ericboucher @wadhwamatic If I understand correctly we need to change a public ressource ( which is at the moment something like : https://api.earthobservation.vam.wfp.org/stats/admin/fetch... ) with the new protected ressource directly in the frontend app. It also means that the token will be exposed in the app and hence compromised ? Or am I missing something ?
@JulienPathtech - @reed1 will be working on this. But most likely we will do a simple re-routing through the backend API to authenticate the call, as we do for KOBO and ACLED
@JulienPathtech @ericboucher Thanks for pointing that out. I can modify the chart API as such, but the problem is I'm exposing the token. I put it in branch hdc-chart-request.
Deployed here: https://prism.wfp.or.id/demo/hdc-chart-request/
I can take that out if required because it will show token used in Network tab. I couldn't find a way of hiding that without proxifying the request. But if you want to re-route though backend API then I think I can remove the hdc-chart-request branch. It's just changing all chart_data url and renaming admin_id to id_code, the rest are the same. I tried to compare values from api.earthobservation.vam.wfp.org and api.wfp.org/hdc. So far they seem to be identical
@reed1 - as @ericboucher mentioned, you can look at how ACLED and Kobo tokens were managed. We can have a quick call if you need more info
@wadhwamatic @ericboucher I updated hdc-chart-request with GET "/hdc" in API. Let me know if that's correct
@ericboucher - can you advise on this?
@reed1 can you open a PR? Your approach looks good overall. Were you able to make it work properly?
@ericboucher sure, it's #860. It works on my local api deployment
Provide a clear and concise description of what the problem is.
WFP's HDC API is now available via an organizational API Gateway. We have to modify our requests to make use of this new access method. In addition, the request parameters have changed slightly.
Provide a clear and concise description of what you want to happen.
Instructions for the HDC API:
Example request: curl -X GET "https://api.wfp.org/hdc/1.0.0/stats/admin?id_code=44&level=0&coverage=full&vam=rfh&env=prod" -H "accept: application/json" -H "Authorization: Bearer insert-token"
Is there anything else you can add about the proposal? You might want to link to related issues here, if you haven't already.
No response