Make API publicly accessible for reading non-user data #1069
Labels
Comments
This was referenced Jan 26, 2023
Mr0grog
added a commit
that referenced
this issue
Jan 26, 2023
This starts the path toward #1069 by adding an environment variable `ALLOW_PUBLIC_VIEW` that determines whether you need to be logged in to have `view` permissions on API routes. For now, it defaults to false, but once we are comfortable that it's safe, we'll switch the default to true.
Mr0grog
added a commit
that referenced
this issue
Jan 26, 2023
This starts the path toward #1069 by adding an environment variable `ALLOW_PUBLIC_VIEW` that determines whether you need to be logged in to have `view` permissions on API routes. For now, it defaults to false, but once we are comfortable that it's safe, we'll switch the default to true.
|
This is now done and deployed (both staging and production)! The UI also has public access in staging (edgi-govdata-archiving/web-monitoring-ui#1037) but not yet in production. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We’ve wanted to make the API publicly accessible in some form for a while (in contrast to how we started out; explicitly not wanting that because people were publishing problematic quick-trigger stories and tweets about transient changes or server bugs in the sites we monitor as if they were malicious). As part of my stepping away from the project and putting active maintenance to rest, I’d like to follow through on open API access.
The real barrier here for the past couple years has been the amount of data we’ve accumulated and the free-form nature of the API — it’s easy to issue queries that the DB has to chew on for a long time, and we can’t afford that with open access. Non-essential parameters that take things off the optimal path need to be removed and essential ones need to have restricted, non-public access.
The text was updated successfully, but these errors were encountered: