Skip to content

Implementing an Application Programming Interface for internal use and more flexible future interfaces.

CSDUMMI requested to merge New_API_Implementation_and_Specification into master

This is proposal, that though it can provide long term benefits, won't change much for you as a user. It only provides us with a means to read and modify the data on the server more easily. This proposal doesn't risk your security, although it allows unauthenticated people to read your posts and personal information, which you have provided and published on the network.

With an Application Programming Interface, it is possible write a more flexible, modern and intuitive Interface.

Technical Description

This Proposal implements a Blueprint mapped to the /api/v0 routes and uses the flask_restful Module to implement a REST API. All responses are JSON.

There are three main resources and some minor utility routes:

  • User Route /user to get the name, first name and last name of a user as unauthenticated, change this data (the first name, last name and password) and register a new user, although this is only possible for ADMIN_USERS.
  • Message Route /message/<messsage_id> or /message to get a single message, change the title and content of that message and to search all the messages. Changing a post is only possible as the author.
  • Vote /vote, /vote/<election_id> and /votes to fetch the data of the current election, propose for the current election and vote in the current election. To fetch the data of an election by it's ID, even if the election is passed. To fetch the data of all elections, to be filtered by data.

All these routes are implemented and documented in Server/API.py.

And there is central way of handling error in the context of the API. There is a route /errors, which returns a mapping from error message to numeric value, which are actually sent if an error occurs. This has the advantage of saving bandwidth, as anyone who already has /errors downloaded, doesn't receive bytes of Unicode text as error messages and programs can actually handle these better, when assuming that only those errors listed in /errors can actually occur.

All those features and implementations listed above are extensively tested and all tests are executed on every push. You can find the tests here: tests/test_API.py. This is essentially novel to this project as only the election counting has a proper test.

Merge request reports