At the time of writing, we have roughly setup JSON-HAL API endpoints accessible (when logged in) for singular and collection drawing endpoints. E.g. {host}/{API version}/drawings.hal (collection) or {host}/{API version}/drawings/1.hal (singular).
1. Ensure API is in sync with our API spec
We want to update the API so it shows the most up-to-date drawings data and matches the documentation at http://docs.drawmylife.apiary.io/. (NB: The apiary documentation has a separate task to be confirmed and cleaned up in #36. Ensure that is closed first before starting on this ticket. Feel free to pick it up if unassigned!) Most importantly, we want to ensure we only display image URLs for images that have the consent field marked as true. If consent is not given, we are allowed to share the data, just not the image.
2. Update how we access the API
We want to move the API implementation, so it's not accessible via the root path, and instead can be accessed by calling the version subdirectory {host}/api/drawings. We also want to default to returning a HAL-representation, rather than specifying it explicitly like {host}/api/drawings as we do currently.
3. Versioning
🌵 UPDATE: Let's park this for now, can version later
We want to enable API versioning. Due to reasons posted in articles like this one we want our clients to request versions via request headers, rather than adding a new subpath like api/v1/drawings.hal to the URI.
Note, we can also use headers to request different content types if we want, but not necessary for this ticket.
4. Secure the API
(Optional) Finally, once the API is cleaned up and correctly toggling on consent, we need to secure the API with simple token authentication.
How
[x] Finalize #36 (documentation) if not already done
[x] Ensure API is in sync with our API spec (NB: there is an open ticket to refactor the image implementation in #163. Check on its status as this may affect what image URLs we output in the response).
[x] Update how we access the API
[x] Implement consent logic, ensuring we only display image URLs for drawings where consent is given
Blocked by: #36
What
At the time of writing, we have roughly setup JSON-HAL API endpoints accessible (when logged in) for singular and collection drawing endpoints. E.g. {host}/{API version}/drawings.hal (collection) or {host}/{API version}/drawings/1.hal (singular).
1. Ensure API is in sync with our API spec
We want to update the API so it shows the most up-to-date drawings data and matches the documentation at http://docs.drawmylife.apiary.io/. (NB: The apiary documentation has a separate task to be confirmed and cleaned up in #36. Ensure that is closed first before starting on this ticket. Feel free to pick it up if unassigned!) Most importantly, we want to ensure we only display image URLs for images that have the consent field marked as true. If consent is not given, we are allowed to share the data, just not the image.
2. Update how we access the API
We want to move the API implementation, so it's not accessible via the root path, and instead can be accessed by calling the version subdirectory {host}/api/drawings. We also want to default to returning a HAL-representation, rather than specifying it explicitly like {host}/api/drawings as we do currently.
3. Versioning
🌵 UPDATE: Let's park this for now, can version later
We want to enable API versioning. Due to reasons posted in articles like this one we want our clients to request versions via request headers, rather than adding a new subpath like api/v1/drawings.hal to the URI.
I.e. To request the first version:
Note, we can also use headers to request different content types if we want, but not necessary for this ticket.
4. Secure the API
(Optional) Finally, once the API is cleaned up and correctly toggling on consent, we need to secure the API with simple token authentication.
How