Historical Score Endpoint Introduction

[erichfi]

User Story:

As a developer, I want to only allow partners with explicit permission to access the historical score endpoint, So that I can ensure secure and controlled usage of this feature.

Acceptance Criteria

GIVEN a request for historical scores, WHEN the request is made by an allowlisted API key, THEN access should be granted to the endpoint.

Product & Design Links:

N/A

Tech Details:

• Officially introduce the historical endpoint for allowlisted API keys.
• Remove the skip_refresh parameter from all endpoints.

Open Questions:

• [ ] What specific criteria will be used to allowlist partners?

Notes/Assumptions:

• There may be bugs that need fixing before the public launch.
• This endpoint should return a user's score at a specific point in time.

[nutrina]

Some tech details / hints:

• use the Events model from registry app, scores are stored here in the SCORE_UPDATE action
• the API will need to return a paginated request
  • clarify pagination algorithm: we should use token based pagination
• see current implementation ar: https://github.com/passportxyz/passport-scorer/blob/79de0197c5e6a47c277d0087e30179d338c65296/api/registry/api/common.py#L25

@lebraat FYI on the pagination

[lebraat]

My vote -- we stay consistent with the following: https://docs.passport.xyz/building-with-passport/passport-api/api-reference#pagination