Doorgaan naar hoofdcontent
OCLC Wise Support NL

Appendix

  1. Laatst bijgewerkt op
  2. Als PDF opslaan

User permissions

An API user (staff) must be assigned the appropriate rights to grant access to patrons that the API user needs access to. To achieve the opposite: no access to patrons that the API user is not allowed to request and edit. To accomplish this, the API-user must be configured in Wise as a normal user including the appropiate role and permissions.

For example: a API user who needs access to all patrons of a library organization including the collaboration network (neighboring organizations). This user must be configured as a user of the library organization, assign Read permissions on ACTOREN and the organizations must be configured in the VSX-network (Edit Actor/Patron)

 

Detailed permissions list per endpoint:

Action Endpoint Permission
(Un)Block a patron /patronmanagement/patron/{patronSystemId}/library/{libraryId}/property/blocking ACTOREN - Library - Read

Calculating the Wise-key

Java

String apiKeyId = "<API-ID>";

String apiKey = "<API-KEY>";

String applicationName = "< ApplicationName>";

String epochDay = String.valueOf(LocalDate.now(ZoneOffset.UTC).toEpochDay());

String data = epochDay + applicationName;

String signature = HmacUtils.hmacSha256Hex(apiKey, data);

String wiseKey = apiKeyId + ":"   + signature;

Python

#!/usr/bin/env python3

import   datetime

import   hmac

import   hashlib

 

def generate_key():

    api_key_id = '<API-ID>'

    api_key = '<API-KEY>'

    application_name = '<applicationName>'

    epoch_day = (datetime.datetime.utcnow() - datetime.datetime(1970,1,1)).days

 

    signature = hmac.new(

        bytes(api_key, 'latin-1'),

        msg=bytes(''   + str(epoch_day) + application_name, 'latin-1'),

        digestmod=hashlib.sha256

    ).hexdigest()

 

    return   api_key_id + ':'   + signature

 

def main():

    print(generate_key())

 

IP-Whitelisting

To improve security, Wise API-keys can be bound to a IP-number (max. 5). Only requests with this API-key and matching IP-numbers will be given access to Wise. If no IP-number is configured, all IP-numbers are allowed. This functionality can be configured bij OCLC.

 

Uploading orders to vendors

In de Wise manager kan bij elke leverancier ingesteld worden of het aangemaakte bestand met bestellingen direct naar de betreffende leverancier verstuurd moet worden middels een Rest-API-koppeling

Om dit te activeren is het noodzakelijk om de connectie-instellingen van de leverancier op te nemen in de manager.

Wise kent op dit moment twee authenticatie methoden in de API-koppeling: Basic authentication en HMac-authentication

clipboard_ec2bebb111fd5729afd57f0a46fc3f942.png

API client – technische beschrijving

Een orderbestand wordt als volgt verstuurd naar de leverancier:

Request:
HTTP(S) POST

Headers:
Accept: “application/json”
Content-type: “application/x-www-form-urlencoded;charset=UTF-8”

In geval van Basic authentication:
Authorization: “Basic username:password”

De authorization string is Base64 encoded

In geval van HMac authentication:
Authorization: “hmacauth <apikey>:<Base64signature>:<nonce>:<timestamp>”

Apikey = API key van de leverancier
Base64signature = Base64 encoded (HmcaSha256 encoded string van API key i.c.m. message string*) 

* message = API-id + “POST” + encodedUrl + timeStamp + nonce + contentBase64String;

Body:
De body/payload van het request is een formulier en bevat het XML bestand. Het bestand is in het wise-order format.

 

  1. Terug naar boven
  • Was dit artikel nuttig?

Aanbevolen artikelen

  1. Soort artikel
    Onderwerp
  2. Labels
    Deze pagina heeft geen labels.