REST API for accessing questionnaires

[geoo89]

Investigate if this is easy to do (e.g. a switch in wagtail). If not, bump to v2.1

Context: Would like to use dashboards to visualize questionnaire response data without explicitly downloading csv, e.g. in PowerBI.

Other data to possibly make accessible via API in the future: users, reading progress

[ehmadzubair]

This is not a difficult task but since it is the first API integration, we will have to lay some groundwork for this.

For example, stuff like:

• Boilerplate
• Authentication
• Documentation
• Format

I also recommend that we should add another layer of security/audit. For example, the superadmin should be intimated whenever this API is accessed since this data is going to be very sensitive.

[ChrisMarsh82]

The ability to link IoGT’s user and survey/poll/quiz site data into any external dashboard via API, with by-item permissions structure

[cbunicef]

Per our discussion, here are some additional user stories:

• As an ADMIN I need to not worry that the API access will have a negative impact on website responsiveness, especially through user error, eg too many requests too fast. I don't mind if the API data is cached, 30 mins or potentially even longer is fine

• As an ADMIN I need users to be able to authenticate programmatically, eg by authentication token, rather than needing to login

• As an ADMIN I need to be able to use the Groups function to give/revoke access of individual users to individual data sets, eg Pages

• As an ADMIN I need to be able to provide public API access to specific datasets. Maybe this is as simple as creating a new user and publishing that user's authentication token for a dataset publicly

• As an ADMIN I need the API to be read only, at least for now

• As a USER I need to be able to access the design of the form (metadata) as well as the data

• As a USER I need to be able to list the forms I have access to

• As a USER I would like the API to be non-paginated, this will be much easier to use

• As a USER I would like to be able to access all form data - that I have permissions for - for a particular user