@@ -7,7 +7,7 @@ OpenSPP API
77 !! This file is generated by oca-gen-addon-readme !!
88 !! changes will be overwritten. !!
99 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
10- !! source digest: sha256:b2fcfd7a69f544f8f19fc307b5cd87170138d8fc625affae1b087d26d428644f
10+ !! source digest: sha256:0ea93f9033fbf7741a23baa3a9ea398ff1bd54e97f630c4287ef18bc2a4407a2
1111 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
1212
1313.. |badge1 | image :: https://img.shields.io/badge/maturity-Production%2FStable-green.png
@@ -25,102 +25,140 @@ OpenSPP API
2525OpenSPP API
2626===========
2727
28- Overview
29- --------
30-
31- The `spp_api <spp_api >`__ module provides a comprehensive framework for
32- building and managing a RESTful API for the OpenSPP platform. It builds
33- upon the foundation laid by the `spp_base_api <spp_base_api >`__ module,
34- adding crucial components for API definition, documentation, and
35- security.
28+ The OpenSPP API module provides a robust framework for building and
29+ managing a RESTful API (Application Programming Interface) for the
30+ OpenSPP platform. It enables external systems and applications to
31+ securely interact with OpenSPP data and functionalities, facilitating
32+ seamless integration, data exchange, and automation.
3633
3734Purpose
3835-------
3936
40- This module is designed to:
41-
42- - **Define API Endpoints: ** Create, configure, and manage API endpoints
43- for accessing and manipulating data within the OpenSPP system.
44- - **Generate API Documentation: ** Automatically generate OpenAPI
45- (Swagger) documentation for all defined API endpoints, providing a
46- clear and interactive interface for developers.
47- - **Enforce API Security: ** Integrate with the
48- `spp_oauth <spp_oauth >`__ module to handle authentication and
49- authorization for API requests, ensuring secure access to sensitive
50- data.
51- - **Log API Interactions: ** Record details of all incoming API requests
52- and outgoing responses, facilitating debugging, monitoring, and
53- auditing.
54-
55- Dependencies
56- ------------
57-
58- - `spp_base_api <spp_base_api >`__\ **: ** This module relies on
59- `spp_base_api <spp_base_api >`__ for its core API interaction
60- functions and methods.
61- - **web: ** Leverages Odoo's web framework for routing and handling HTTP
62- requests.
63- - `spp_oauth <spp_oauth >`__\ **: ** Integrates with the
64- `spp_oauth <spp_oauth >`__ module to implement OAuth 2.0-based
65- authentication and authorization for securing API access.
66-
67- Functionality and Integration
68- -----------------------------
69-
70- The `spp_api <spp_api >`__ module introduces key components for building
71- a robust API:
72-
73- **1. API Namespaces and Paths: **
74-
75- - **Namespaces: ** Represent logical groupings of API endpoints, often
76- associated with specific functionalities or versions (e.g., ``v1 ``,
77- ``v2 ``).
78- - **Paths: ** Define individual API endpoints within a namespace,
79- specifying the HTTP method (GET, POST, PUT, DELETE, PATCH), URL path,
80- data model, fields to expose, and any filtering or domain logic.
81-
82- **2. API Documentation: **
83-
84- - **OpenAPI (Swagger) Generation: ** The module automatically generates
85- OpenAPI documentation based on the defined namespaces and paths. This
86- documentation serves as a comprehensive guide for developers,
87- detailing available endpoints, request/response formats, and
88- authentication requirements.
89-
90- **3. API Security: **
91-
92- - **OAuth 2.0 Integration: ** Seamlessly integrates with
93- `spp_oauth <spp_oauth >`__ to enforce authentication and authorization
94- using OAuth 2.0 standards. API requests must include valid access
95- tokens, obtained through the OAuth 2.0 flow.
96-
97- **4. API Logging: **
98-
99- - **Detailed Logs: ** Records comprehensive logs for all API
100- interactions, including the request method, URL, parameters, data,
101- response status code, and response data.
102- - **Configurable Logging Levels: ** Allows administrators to configure
103- the level of detail logged for requests and responses (e.g.,
104- disabled, short, full debug).
105-
106- **5. Integration with Other Modules: **
107-
108- - Any OpenSPP module that wants to expose data or functionalities
109- through an API can leverage the `spp_api <spp_api >`__ module.
110- - Modules define their API endpoints using namespaces and paths,
111- ensuring consistency and automatic documentation generation.
112- - The `spp_api <spp_api >`__ module handles routing, authentication, and
113- logging for these endpoints, simplifying development and ensuring API
114- security.
37+ This module serves as the central hub for OpenSPP's external
38+ communication, offering a structured way to expose and manage platform
39+ capabilities. It accomplishes the following key objectives:
40+
41+ - **Standardized Data Access: ** Establishes a consistent and secure
42+ method for external applications to read, create, update, and delete
43+ OpenSPP data, such as beneficiary records or program details.
44+ - **Customizable API Endpoints: ** Allows users to define specific API
45+ endpoints for various OpenSPP data models and operations, tailoring
46+ the API to the exact needs of integrated systems.
47+ - **Enhanced Security: ** Implements authentication and authorization
48+ mechanisms to ensure that only authorized users and systems can
49+ access and manipulate sensitive program information.
50+ - **Comprehensive Logging and Auditing: ** Provides detailed logging of
51+ all API interactions, offering transparency, aiding in
52+ troubleshooting, and supporting compliance requirements.
53+ - **Flexible Data Mapping: ** Enables the renaming and configuration of
54+ data fields exposed through the API, making integration simpler and
55+ more intuitive for external systems.
56+
57+ Dependencies and Integration
58+ ----------------------------
59+
60+ The ``spp_api `` module is foundational to OpenSPP's external
61+ connectivity, building upon other core modules to deliver its
62+ capabilities:
63+
64+ - It leverages the `OpenSPP Base API <spp_base_api >`__ module, which
65+ provides essential, low-level API functions and methods for
66+ interacting with OpenSPP models. This ensures a consistent foundation
67+ for all API operations.
68+ - Security for API access is handled by the `OpenSPP API:
69+ Oauth <spp_oauth> `__ module, which implements secure authentication
70+ protocols and token management. This module ensures that all API
71+ requests are properly authorized before accessing OpenSPP resources.
72+ - The module integrates with the core ``mail `` module, likely for
73+ sending notifications or alerts related to API activities or issues.
74+ - It utilizes the ``web `` module for exposing API endpoints over the
75+ web, making them accessible to external applications.
76+
77+ Together, these integrations allow ``spp_api `` to provide a secure,
78+ functional, and extensible API layer for the entire OpenSPP platform.
79+
80+ Additional Functionality
81+ ------------------------
82+
83+ The ``spp_api `` module offers a range of features to configure and
84+ manage API interactions effectively.
85+
86+ API Namespace and Endpoint Configuration
87+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
88+
89+ Users can define distinct API namespaces to group related endpoints,
90+ manage versions, and control access. Each namespace acts as a unique
91+ integration point, such as 'Beneficiary_Service_v1' or
92+ 'Financial_Aid_v2'. Within these namespaces, specific API paths
93+ (endpoints) are created for individual OpenSPP data models (e.g.,
94+ "Beneficiary", "Program"). For each path, users configure:
95+
96+ - **Supported Operations: ** Define whether external systems can read
97+ (GET), create (POST), update (PUT), delete (DELETE), or perform
98+ custom (PATCH) actions on the data.
99+ - **Data Filtering and Limits: ** For read operations, specify default
100+ filters (e.g., only active beneficiaries) and set limits on the
101+ number of records returned.
102+ - **Custom Functions: ** Implement custom business logic as API
103+ endpoints, complete with defined input parameters.
104+
105+ Data Field Customization
106+ ~~~~~~~~~~~~~~~~~~~~~~~~
107+
108+ To simplify integration, the module allows granular control over how
109+ data fields appear in the API:
110+
111+ - **Field Selection: ** For read operations, specify exactly which
112+ fields of an OpenSPP model are exposed, preventing unnecessary data
113+ transfer.
114+ - **Required Fields and Default Values: ** For create and update
115+ operations, mark specific fields as mandatory or provide default
116+ values, ensuring data consistency.
117+ - **Field Aliases: ** Rename internal OpenSPP field names to more
118+ intuitive, external-facing names within the API. For instance, an
119+ internal field like ``b_dob `` (beneficiary date of birth) can be
120+ aliased to ``beneficiary_birthdate `` for clarity in the API. These
121+ aliases can be global or specific to an API path.
122+
123+ API Security and Logging
124+ ~~~~~~~~~~~~~~~~~~~~~~~~
125+
126+ The module provides essential tools for securing and monitoring API
127+ usage:
128+
129+ - **User API Tokens: ** OpenSPP users can generate unique API tokens to
130+ authenticate their external applications. These tokens are essential
131+ for secure access to the API.
132+ - **Namespace-based Access Control: ** Assign specific API namespaces to
133+ individual OpenSPP users, granting them access only to the
134+ integrations they need.
135+ - **Detailed API Logs: ** All API requests and responses are logged,
136+ including method, model, and the data exchanged. This provides a
137+ comprehensive audit trail, crucial for debugging, security
138+ monitoring, and compliance. Users can configure logging levels
139+ (disabled, short, full) for both requests and responses.
140+
141+ Advanced API Operations
142+ ~~~~~~~~~~~~~~~~~~~~~~~
143+
144+ Beyond standard CRUD (Create, Read, Update, Delete) operations, the
145+ module supports custom API functions:
146+
147+ - **Custom Function Parameters: ** Define specific parameters (e.g.,
148+ name, type, required status, default value) for custom API functions,
149+ allowing external systems to trigger complex business processes
150+ within OpenSPP.
151+ - **Record-Specific Actions: ** Custom functions can be configured to
152+ apply either globally or on specific records, offering flexibility
153+ for targeted actions.
115154
116155Conclusion
117156----------
118157
119- The `spp_api <spp_api >`__ module is the cornerstone for building and
120- managing a secure and well-documented RESTful API for the OpenSPP
121- platform. It provides a standardized framework for API development,
122- streamlines integration with other modules, and enhances the security of
123- OpenSPP data by leveraging OAuth 2.0 authentication.
158+ The ``spp_api `` module is indispensable for extending OpenSPP's reach,
159+ enabling secure, flexible, and auditable integration with external
160+ systems to streamline social protection program management and data
161+ exchange.
124162
125163**Table of contents **
126164
0 commit comments