API key validation requirements

[scarroll32]

Transferred from Slack

There are three calls needed for the grader.

GET - /api/external_graders/dev_api_key - individual developer auth: organizer API key OR crowdAI API key params: dev_api_key returns: participant_id + 200

GET - /api/external_graders/dev_api_key - team member auth: organizer API key OR crowdAI API key params: team_api_key returns: team leader participant_id + 200

POST - /api/external_graders/ auth: organizer API key params:

• dev_api_key
• challenge_client_id
• score
• score_secondary (optional)
• comment (markdown - optional - made by participant)
• grading_status ('graded' | 'failed')
• grading_message (required for grading_status = failed)

returns:

• submission_id
• submissions_remaining (today)
• submission_reset_dttm (UTC - when the submission count starts again)
• Admins sent an email

PATCH - /api/external_graders/ auth: organizer API key

• submission_id (required)
• media_large
• media_thumbnail
• media_content_type
• grading_status ('graded' | 'failed')
• grading_message (required for grading_status = failed)

When a submission is regraded the original created_at date is considered. https://github.com/crowdAI/crowdai/issues/332

(media fields: they are all populated or none are populated - otherwise there will be an error)

returns:

• submission_id
• submissions_remaining (today)
• submission_reset_dttm (UTC - when the submission count starts again)

Error messages

Aside from the HTTP status, there will be a message if there is an error:

"HTTP Token: Access denied." "The API key did not match any participant record." "The Challenge Client Name string did not match any challenge." "Grading status must be one of (graded|failed)" "Submission ID is invalid." "The participant has no submission slots remaining for today." "Grading message must be provided if grading = failed"

[scarroll32]

@spMohanty please confirm or correct when you have time.

[spMohanty]

yeah the challenge_config would be beneficial.

Also, in the GET - /api/external_graders/dev_api_key call, I think you will also have to think how you can respond back in case of teams, etc. But that can be dealt with, in terms of implementation, later.

For now the rest of the stuff looks great, and we can go ahead with it. 👍

[scarroll32]

Regarding teams: https://github.com/crowdAI/crowdai/issues/325

As a team has it's own API key, then the user can either submit as an individual using their own key or under the team key. A team key is treated as a participant key, and in effect, the results are stored against the team leader's account.

[scarroll32]

Linked issue https://github.com/crowdAI/crowdai/issues/272

[scarroll32]

TODO - need to discuss the passing of the S3 key / url @spMohanty let's discuss next week.

[scarroll32]

https://github.com/crowdAI/crowdai/issues/325

[scarroll32]

Ready

[scarroll32]

Implemented.