-
Notifications
You must be signed in to change notification settings - Fork 490
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Search API: Support search without an API Token #3900
Comments
related: #1299 |
Also related: #1838 |
Implemented, ready for QA. |
@michbarsinai what about code review? |
To me this goes all the way back to #1809 (comment) and reverses a policy decision made by @mercecrosas for the out-of-the-box behavior of Dataverse. Also, it seems like all the logic surrounding In short, there are a lot of policy changes in pull request #3908, a lot of implications to unpack. I am very supportive of work toward "Consider options for opening APIs without tokens" in #1838 but I feel that we need to make sure whatever changes happen are what we want as a project. |
In standup I suggested that @djbrooke could ping @mercecrosas about the policy considerations. Also, I forgot to mention something I said to @michbarsinai which is that if we open up a lot of APIs (#1838) we should consider rate limiting the API (#1339) like GitHub and others. Otherwise, you're down at a low level blocking individual abusive IP addresses with iptables or whatever. |
Talked with @mercecrosas and @scolapasta about this yesterday. We should go ahead with this change. If so many people are using our Search API that we have load issues or need to IP ban a few bad apples, we'll revisit or determine some other strategy to handle this. |
@djbrooke that's fantastic news! In IQSS/dataverse-android#1 I've been talking about the need to add authentication to my Dataverse Android app but once the Search API is open, the Android app should "just work" again! |
I'm planning on doing some code review of pull request #3908. |
I gave @sekmiller a brain dump of what's changing and what's staying the same. Staying the same: the Search API still only returns published data. #1299 is about also returning unpublished data. Changing: Dataverse 4.6.2 and lower will bark at you if you try to use the Search API without a token saying "Please provide a key query parameter (?key=XXX) or via the HTTP header X-Dataverse-key". As of pull request #3940 the new out of the box behavior is that you don't have to supply a token. If you want the old 4.6.2 behavior, you can set |
Search should be as if used by
:guest
.The text was updated successfully, but these errors were encountered: