Add API key for OAI-PMH authentication
|Assignee:||Mike Cantelon||% Done:|
|Category:||OAI-PMH||Estimated time:||32.00 hours|
|Target version:||Release 2.2.0|
|Google Code Legacy ID:||Tested version:||2.2|
Restrict access to OAI-PMH to requests which pass a valid API key in the HTTP header. Requests that do not pass a valid API key will return a 403 Forbidden HTTP status response.
For this feature, a new setting to enable the requirement of the API key has been added to the OAI settings in *Admin > Settings > OAI repository. User keys can be generated, re-generated, or deleted by navigating to a user's profile page, entering edit mode, and using the drop-down menu available.
You can then copy the API key on the resulting user detail page to make OAI-PMH queries from the command-line, such as:
curl -v -H "X-OAI-API-Key: b1c6d122d5569c27" "http://127.0.0.1/index.php/;oai?verb=ListIdentifiers&metadataPrefix=oai_dc"
The credentials must be in the header of the request, so without some kind of browser extension, this cannot be enabled simply by manually entering a URL.
The intent of the feature is to a) allow for automation of metadata exposure and subsequent harvesting by another system, and b) to allow an AtoM instance to enable the OAI module but restrict access to URL-based OAI requests to pre-authorized users.
#4 Updated by Dan Gillean about 7 years ago
- Requires documentation deleted (