openbankproject / api-manager Goto Github PK

To access the KPI Dashboard of the API Manager, the roles CanGetConsumers and CanGetAnyUser are required. Error handling does not work for this: If these roles are not given, "Internal Server Error (500)" is displayed and Gunicorn will throw an error in the logs.

it should accept a username in a field

API Manager currently uses a database to check if the user is logged and for general session management. Maybe this can be accomplished completely by cookies and no database is required at all?

to_date takes the time at which the server was started and does not update the time when the KPI Dashboard date is loaded.

We need to check the user has create role and delete entitlmement request before doing the action.

Else we end up in inconsistant state.

Is this due to recent change in consumers json?

(filter by UserId seems to work ok)

Know your developers

• Location of developers
• Category of developers (Individual, Startup/SME, Consulting/Solution Provider, Corporate, Other)
• Time to first API call (from moment developer sign up to making first API call)
• Avg number of app per developers
• Monthly (or weekly) developer sign up
• Monthly (or weekly) developer activation (who made their first API Call)
• Monthly (or weekly) active developers (who made at least one API call)

Know your APIs

• Total number of API endpoints actually used by developers (vs the available 130 APIs or so)
• 10 most used partial function-
• 10 least used partial function
• Avg Number of API calls per day
• Avg response time per API call

•  List of all existing partial function + count (how many time they have been called)
  

Know Your Consumers

• 10 most used Apps (apps consuming most API calls)
• 10 most used NON-TEST Apps (apps consuming most API calls where app maturity is not TEST)
• App Use case (for instance PFM, could it be derived from app description)
• App Maturity (Test, Prototype, Production. If description contains "test", then maturity=test, else maturity=prototype)
• Distribution for each platform: web, mobile, other
• Monthly (or weekly) active apps (who made at least one API call)

Distribution of

• Developer registration per day
• Active Developers per day (who made at least one API call that day)
• Consumer registration per day
• Active Apps/Consumer per day(who made at least one API call)
• API calls per day

Monthly (or weekly) Growth rate

• Developer registration
• Activation (number of developer who made their first API call that month)
• Active Developer (number of developer who made at least one API call that month)
• Consumer registration
• Active Apps
• API calls / Usage

This tab will allow a user to see details about him/her self

Will allow a super admin to easily give them selves other roles.

Should be based on the Users tab.

It might be advantageous to use Django's model layer to handle the data retrieved from the API. Using that, common packages like django-filters could be used.

The filters and the table are not really responsive.

@simonredfern requested: The API has a call to get connector metrics (https://apiexplorer.openbankproject.com/#2_2_0-getConnectorMetrics). Add this to the API Manager, make the current navigation item 'Metrics' a menu with two items: 'API Metrics' (current functionality) and 'Connector Metrics' (new functionality, but might share query possibilities with API Metrics).

Similar to API Tester, API Manager should also support DirectLogin and GatewayLogin

listing all users is too slow.

Also should be able to search by username as well as email

Currently the app uses the API's Get Users by Email Address to implement the user detail view. From the returned list, it just takes the first item. This is obiously not ideal.

@simonredfern Is there a call to get an individual user?
If not, i'd like to suggest a new call Get User by User ID using /user/USER_ID .

There is a problem on legacy systems, though: apisandbox has quite a few users where /users returns an empty user_id. How could we get those?

When an entitlement request has been accepted or declined an email should be sent to the requesting user.

Subject:

OBP Entitlement Request for the Role <Accepted/Declined>

Text should read:

The Entitlement Request for the Role has been <Accepted/Declined>.

cheers,

See OpenBankProject/OBP-API#770. The accessed key users in the view may need changing to value .

Port authentication and API usage from API Tester to API Manager.

Show first 80 chars

First item under "Resources" menu item is Customer

From an old example the names client key and client secret have been taken over. Replace these by consumer key and consumer secret to avoid confusion with other implementations, as those seem to be the proper names. See https://tools.ietf.org/html/rfc5849

OBP-API enhancement #815 Limit for getUsers implies response is limited to 50 users by default.
We need to enhance the form in order to support pagination.

Branches page should be under the new "Resources" menu item.

List Branches
Add Branch
Delete Branch
Update Branch.

Use OBP Branches APIs

Search for Users button doesn't seem to work (Firefox Mac)
Have to hit enter key for search to work.
Also buttton should be to the right (not left) of search box
Also field text button says we have to enter email address - but username works as well.

Initially requested by @simonredfern

We need to support add,remove and get entitlements.

https://apiexplorersandbox.openbankproject.com/?ignoredefcat=true&tags=#2_0_0-addEntitlement

https://apiexplorersandbox.openbankproject.com/?ignoredefcat=true&tags=#2_0_0-deleteEntitlement

https://apiexplorersandbox.openbankproject.com/?ignoredefcat=true&tags=#2_0_0-getEntitlements

This would be part of the Users tab

Add per second call limits to

https://demo-manager.openbankproject.com/consumers/

@ichaib experienced this issue on 2017-03-31, shortly before 5pm. At this time, the API had Akka future timeouts and the API Manager (nginx) threw a 502 after a while. The API Manager should resolve the situation more gently, although the author of this issue has the suspicion that on these occasions the whole machine becomes unresponsive and there is nothing the API Manager can do about, except for being installed on a different machine than the API. Needs more investigation.

APIError 500: Something unexpected happened while serving the page at /obp/v3.0.0/users/6c34413c-0148-44be-9113-9e8c56789eef/entitlements

This might be related to an error on OBP-API with CanGetConnectorMetrics ??

If the API does not accept a (previously used?) token, requests_oauthlib throws a TokenRequestDenied. This should not result in a 500 by API Manager. It should probably just forward the error message to the user.

API Manager shows "User None" for some users without any providerId. For example on the labanquepostale sandbox https://labanquepostale-manager.openbankproject.com/users/all/user_id/0810918b-d4a7-4c5f-8cd3-e3defc8d8f6a#

... clicking on the name of partial function should take the user back to the list view and only show the calls to that partial function (with other search criteria still there).

This would allow us to see the details related to that call e.g. response codes etc.

Now that the API has added a user object to the consumer, the user's email address should be shown next to the developer email address on the consumer detail page.

The developer email address can be removed from consumer list page (proably replaced by description not needing its own row anymore)

Add page to list Entitlement Requests.

Each row will contain

Username (includes link to User), Email, Role Requested. Accept Button, Reject Button.

When Accept Button is pressed:

1. Role Entitlment is created.
2. Entitlment Request status is set to GRANTED.

When Reject button is pressed

1. 2. Entitlment Request status is set to REJECTED.

The list views consumers,users and metrics could be made sortable by using a tablesorter plugin for jQuery, e.g. http://tablesorter.com

https://apimanagersandbox.openbankproject.com/entitlementrequests/?time=year

seems not to show most recent entitlement requests

Somehow a user accessed /oauth/authorize without oauth credentials in session data.

KeyError at /oauth/authorize
'oauth_token'

...

File "/var/www/apimanager/API-Manager/apimanager/oauth/views.py" in get_redirect_url
  79.             resource_owner_key=self.request.session['oauth_token'],

self.request.session.get('oauth_token', '') should be more defensive.

When accessing the API, sometimes requests end up in a 500 response from it, e.g. when accessing /, /metrics or /users. The view should catch the APIError exception and propably show it to the user.

The listing of entitlements should show bank_id (or not if it is empty)

Instead of using multiple functions to call the API, put it all into a class at base/api.py .

Also move more error handling into that class.

Instead of the extra dependency of supervisor, gunicorn's lifecycle could also be handled by systemd which is running on all modern systems anyway. So please add a unit file, see https://raw.githubusercontent.com/OpenBankProject/OBP-Kafka-Python/master/obp-kafka-python.service for an example.

Note to admin: Needs to be configured on sandboxes after addition. Sandbox image needs to updated as well.

A manager should be able to create a customer for a user using call createCustomer. user_id could be a select which shows user_id and username. API docs says This call may require additional permissions/role in the future. For now the authenticated user can create at most one linked customer. tho, maybe the API needs to be extended.

Listing of customers seems to be only possible for the logged in user, so not applicable here.
Deleting or editing also currently seems impossible.

Keeping @simonredfern in the loop.

As requested by @simonredfern , the metrics should get a view to show some sort of summary in addition to text-centric list view. It should start with a bar chart with implemented by partial function on y- and count on x-axis. The filter form should be available in both views.

D3.js could be used for that. Or Chart.js

verify should come from settings and default to true e.g.

response = session.request(method, url, json=payload, verify=False)