Feature #8143

Add API key for OAI-PMH authentication

Added by Dan Gillean about 7 years ago. Updated about 7 years ago.

Status:VerifiedStart date:11/04/2014
Priority:MediumDue date:12/01/2014
Assignee:Mike Cantelon% Done:


Category:OAI-PMHEstimated time:32.00 hours
Target version:Release 2.2.0
Google Code Legacy ID: Tested version:2.2
Sponsored:Yes Requires documentation:


Restrict access to OAI-PMH to requests which pass a valid API key in the HTTP header. Requests that do not pass a valid API key will return a 403 Forbidden HTTP status response.

For this feature, a new setting to enable the requirement of the API key has been added to the OAI settings in *Admin > Settings > OAI repository. User keys can be generated, re-generated, or deleted by navigating to a user's profile page, entering edit mode, and using the drop-down menu available.

You can then copy the API key on the resulting user detail page to make OAI-PMH queries from the command-line, such as:

curl -v -H "X-OAI-API-Key: b1c6d122d5569c27" ";oai?verb=ListIdentifiers&metadataPrefix=oai_dc" 

The credentials must be in the header of the request, so without some kind of browser extension, this cannot be enabled simply by manually entering a URL.

The intent of the feature is to a) allow for automation of metadata exposure and subsequent harvesting by another system, and b) to allow an AtoM instance to enable the OAI module but restrict access to URL-based OAI requests to pre-authorized users.


#2 Updated by Dan Gillean about 7 years ago

  • File deleted (atom_millstest-2014Nov08.sql.gz)

#3 Updated by Dan Gillean about 7 years ago

  • Sponsored changed from No to Yes

Also available in: Atom PDF