Attention This email originates from outside the concordia.ca domain. // Ce courriel provient de l'extérieur du domaine de concordia.ca

Hi Tomasz,

Read-only access is available to the REST API for public users. On the path /rest/.  E.g. https://tryme.demo.eprints-hosting.org/rest/

lib/cfg.d/user_roles.pl defines that a public user can have GET (read-only) access to all subject data objects and all eprint records in the live archive.  The configuration looks as follows:

$c->{public_roles} = [qw{
    +eprint/archive/rest/get
    +subject/rest/get
}];

/rest/ also lists the user dataset but you need to authenticated to access the metadata for user data objects, albeit you can see what autoincrement user IDs exist.

The REST API allows you to get all the (XML) metadata for a eprint or subject data object or get the metadata for an individual field as either XML or plain text.  Similarly, you can get metadata for the sub-data objects of an eprint, such as the document or file metadata.

I am not aware of crawlers or harvesters hitting this API (/rest/...) that much.

Beyond the API under /rest/ there is also a RESTful API that can be used through content negotiation using the URIs for data objects (e.g. https://tryme.demo.eprints-hosting.org/id/eprint/6 with and "Accept: application/vnd.eprints.data+xml".  E.g.

curl --header "Accept: application/vnd.eprints.data+xml" https://tryme.demo.eprints-hosting.org/id/eprint/7

Similarly, although crawlers might request the above URL they are usually requesting text/html.  Harvesters (such as OAI-PMH) uses this RESTful content-negotiation API to rpovide metadata and it can also be called by third-party applications to push data.  E.g. the following can create an EPrint record using the XML stored in the local file at /home/eprints/eprint.xml:

curl -X POST -u USERNAME:PASSWORD --data-binary "@/home/eprints/eprint.xml" -H "Content-Type: application/vnd.eprints.data+xml" https://example.eprints-hosting.org/id/contents

Regards

David Newman

CAUTION: This e-mail originated outside the University of Southampton.

CAUTION: This e-mail originated outside the University of Southampton.

Good morning from a snowy and cold Montreal 🙂

I was wondering about the permissions for the EPrints REST API.

Is the REST API used by legitimate crawlers or harvesters?

What's the typical use case for the Rest API in EPrints?

Do we need to have any Rest API related permissions enabled for the public user?

Tomasz

________________________________________________

Tomasz Neugebauer
Senior Librarian | Bibliothécaire titulaire
Digital Projects & Systems Development Librarian / Bibliothécaire des Projets Numériques & Développement de Systèmes
Concordia University / Université Concordia

Tel. / Tél. 514-848-2424 ext. / poste 7738
Email / courriel: tomasz.neugebauer@concordia.ca

Mailing address / adresse postale: 1455 De Maisonneuve Blvd. W., LB-540-03, Montreal, Quebec H3G 1M8
Street address / adresse municipale: 1400 De Maisonneuve Blvd. W., LB-540-03, Montreal, Quebec H3G 1M8

library.concordia.ca

*** Options: https://wiki.eprints.org/w/Eprints-tech_Mailing_List
*** Archive: https://www.eprints.org/tech.php/
*** EPrints community wiki: https://wiki.eprints.org/