DiSSCo Prepare Deliverable D6.3 - A generalised set of API specifications for interaction with the DiSSCo core architecture

Abstract

Application Programming Interfaces (APIs) form the glue between all the different DiSSCo services. They are the main vehicle for data exchange between machines. Additionally, users may want to request or build their own applications on top of the APIs. It is therefore essential to the success of DiSSCo that it provides stable, simple and well documented APIs. This deliverable describes the strategy through which DiSSCo aims to achieve this goal. DiSSCo will leverage established industry standards as much as possible. Adhering to generic specifications such as the JSON:API specification helps to build predictable and reliable APIs. DiSSCo recognizes that different types of users and software agents might require different types of endpoints. Hence, in addition to simple JSON response, we will also provide the option for users to request JSON-LD. DiSSCo might also implement an asynchronous API for larger datasets, where we will notify the user when their request is ready to be collected. Documentation will leverage the power of OpenAPI v3 in combination with a Swagger endpoint for human readability. FDO Types and openDS term descriptions will provide documentation on the data model both for machines and for users. APIs are entry points into DiSSCo’s system and therefore prime points of attacks. To mitigate these attacks, DiSSCo will implement up-to-date security following the latest guidelines. While the data in DiSSCo will be as open as possible, we will store non-public information. This information will only be accessible for authenticated and authorized users. For the implementation, DiSSCo will follow the guidelines of OAuth2 in combination with OIDC. By building on top of existing standards DiSSCo hopes to provide predictable and stable APIs. These APIs will be the building blocks used to build DiSSCo’s services providing services for our end users.