Skip to content

Commit

Permalink
Make limits configurable
Browse files Browse the repository at this point in the history
This change is related to the conclusion of this topic:
erasmus-without-paper/ewp-specs-api-echo#3
  • Loading branch information
wrygiel committed Jul 11, 2016
1 parent 3a4c1d5 commit 5f909ac
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 16 deletions.
39 changes: 23 additions & 16 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,21 +27,26 @@ Request method
Request parameters
------------------

Parameters MUST be provided either in a query string (for GET requests), or in
the `application/x-www-form-urlencoded` format (for POST requests).
Parameters MUST be provided in the regular `application/x-www-form-urlencoded`
format.


### `hei_id` (repeatable, required)

A list of institution identifiers.
A list of institution identifiers (no more than `<max-hei-ids>` items) - IDs of
HEIs the clients wants to retrieve information on.

Clients may retrieve proper identifiers from the [Registry Service]
This parameter is *repeatable*, so the request MAY contain multiple occurrences
of it. The server is REQUIRED to process all of them.

Server implementers provide their own chosen value of `<max-hei-ids>` via their
manifest entry (see [manifest-entry.xsd](manifest-entry.xsd)). Clients SHOULD
parse this value (or assume its equal to `1`).

Clients may retrieve proper HEI identifiers from the [Registry Service]
[registry-spec]. Servers MUST be able to accept all HEI IDs declared in their
[manifest files][discovery-api].

*Repeatable* means that the URL may contain multiple occurrences of this
parameter, e.g. `hei_id=uw.edu.pl&hei_id=uj.edu.pl`.


### `include_iro_sections`

Expand All @@ -55,24 +60,26 @@ client wants them.
Permissions
-----------

* All requests from the EWP Network MUST be allowed access to this API.
* All requests from the EWP Network MUST be allowed to access this API.

* Additionally, it is RECOMMENDED to allow this API to be accessed by
**anonymous** external clients too (without the need of using a client
certificate). It is also RECOMMENDED that servers should include an
`Access-Control-Allow-Origin: *` header in their responses (so that
JavaScript applications will be able to use it without a proxy).
* Additionally, implementers MAY allow this API to be accessed by
**anonymous** external clients too (without the need of using any client
certificate).


Handling of invalid parameters
------------------------------

* General [error handling rules][error-handling] apply.

* Invalid (uncovered) `hei_id` values MUST be ignored. Servers MUST return
* Invalid (uncovered) `hei_id` values MUST be **ignored**. Servers MUST return
a valid (HTTP 200) XML response in such cases, but the response will simply
not contain the information on the unknown `hei_id` values. (If all values
are unknown, servers will respond with an empty envelope.)
not contain the information on the unknown `hei_id` values. If all values
are unknown, servers MUST respond with an empty `<response>` element.
This requirement is true even when `<max-hei-ids>` is `1`.

* If the length of `hei_id` list is greater than `<max-hei-ids>`, servers
MUST respond with HTTP 400.


Response
Expand Down
8 changes: 8 additions & 0 deletions manifest-entry.xsd
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,14 @@
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="max-hei-ids" type="xs:positiveInteger">
<xs:annotation>
<xs:documentation>
The maximum number of `hei_id` parameters the server is willing to accept
in one request.
</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:extension>
</xs:complexContent>
Expand Down

0 comments on commit 5f909ac

Please sign in to comment.