Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

implement results API #33

Open
10 tasks
jadudm opened this issue Nov 23, 2024 · 2 comments
Open
10 tasks

implement results API #33

jadudm opened this issue Nov 23, 2024 · 2 comments
Assignees
Labels

Comments

@jadudm
Copy link
Contributor

jadudm commented Nov 23, 2024

Problem

Change management in government is hard. If, in transitioning between systems, we were to invent a new API, it would represent a huge disruption for many of our partners.

For that reason, we want to minimize, or even eliminate, the change costs for our partners. We'll do that by re-implementing the existing API.

How did we discover this problem?

This problem is inherent in the switch between systems. Users expect our API to exist at a given endpoint, take a certain set of parameters, and produce results in a given shape. We cannot/should not violate that.

Job Story(s)

A consumer of our API (e.g. nasa.gov) should see zero interruption to search services when we switch over to Jemison.

What are we planning to do about it?

The goal of the API reimplementation is to faithfully reimplement the Results API.

The goal of this step is to introduce an API service into the stack that would be adequate to the task of being ready for LATO assessment.

That's it.

What are we not planning to do about it?

There is a "clicks" and "typeahead" API; those see low/no use, and we're not making that part of this initial work.

How will we measure success?

we'll be ready for lato assessment when...

Preview Give feedback
  1. 1 of 8
    IsabelLaurenceau
  2. IsabelLaurenceau
  3. IsabelLaurenceau

we'll be ready for initial testing with partners when...

Preview Give feedback

Security Considerations

Required per CM-4.

This is a read-only API, and is no more or less dangerous than any other HTTP server. (Which is to say...)

We're using standard libraries, and it talks to read-only database files (not a live server). Therefore, we have some confidence that this is a good/secure implementation pathway for API implementation.

Things to consider/address for purposes of security:

Consider/address

Preview Give feedback

Billion laughs: https://en.wikipedia.org/wiki/Billion_laughs_attack
OWASP Top 10 API risks: https://owasp.org/API-Security/editions/2023/en/0x11-t10/

Various validation libraries

Not intended to be exhaustive

Inspirational articles:

references/resources

Because Fuego is still pre-v1, and because this seems like a nice to have rather than a must have, we recommend using gin as the implementation framework, because it is 1) stable, and 2) very well documented. What we must have is a stable, working API that can be versioned. (Gin's groups are good for this.) What we could have at a later point are docs that are auto-generated. Given that we already have the docs (we're reimplementing an API), I recommend using a battle-tested framework as a starting point.

@jadudm jadudm added this to jemison Nov 23, 2024
@github-project-automation github-project-automation bot moved this to triage in jemison Nov 23, 2024
@jadudm jadudm moved this from triage to backlog in jemison Nov 23, 2024
@jadudm jadudm added this to the deploy to prototyping org in cloud.gov milestone Nov 23, 2024
@jadudm
Copy link
Contributor Author

jadudm commented Nov 24, 2024

Related to #38.

@jadudm jadudm moved this from backlog to underway in jemison Dec 18, 2024
@jadudm jadudm moved this from underway to backlog in jemison Dec 18, 2024
@jadudm jadudm moved this from backlog to triage in jemison Dec 27, 2024
@jadudm jadudm removed this from the repeatable deploys to prod milestone Dec 30, 2024
@jadudm jadudm moved this from triage to underway in jemison Dec 30, 2024
@jadudm jadudm changed the title 🔌 re-implement existing API implement results API Dec 30, 2024
@jadudm jadudm added the story label Dec 30, 2024
@jadudm jadudm moved this from underway to backlog in jemison Dec 30, 2024
@jadudm jadudm moved this from backlog to ready in jemison Dec 30, 2024
@jadudm jadudm moved this from ready to backlog in jemison Dec 30, 2024
@jadudm
Copy link
Contributor Author

jadudm commented Jan 4, 2025

More related to #69, which is about the typeahead API.

@jadudm jadudm added this to the ready for lato assessment milestone Jan 14, 2025
@jadudm jadudm moved this from backlog to underway in jemison Jan 14, 2025
@luisgmetzger luisgmetzger self-assigned this Jan 15, 2025
This was referenced Jan 23, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
Status: underway
Development

No branches or pull requests

3 participants