Purpose:
Define responsibilities and restrictions for creating FOLIO integration usersvia a user account
Scope:
A Folio “integration” refers to an external program that gets, updates or deletes data from FOLIO through a connection to the API but is not part of the FOLIO release. This does not cover the scope of integrations that are registered as edge modules with FOLIO or direct database connections.
Description:
FOLIO consists of a series of semi-independent programs that share a unified user interface (UI) style. It is possible for users or other programs to circumvent the limits of the UI by communicating directly with the underlying APIs the UI uses.
If a program is to interact with the underlying APIs, there are policies that must be followed.
Integration User Requirements:
A request for an integration must be submitted to the Five Colleges Library System Coordinator (FCLSC)
It must include
The purpose of the integration
The FOLIO data that will be accessed
The volume of data that will be accessed
Data that will be created, updated or deleted
Staff, patron or third party application that will use the data
The duration of the integration
The person responsible for maintaining the program
Any Data stored by the application
Every FOLIO integration requires a user account.
This user account will be a member of the FOLIO Integration group
The user account must be created by the FCLSC
The user account will be assigned individual permissions that provide it with the minimal functionality to perform its purpose
If the program has access to patron data, it may require additional approvals from institutions
Additional policies:
Any development work on an integration must be performed in the sandbox environment
A production integration should never use a staff user account. Any suspicious activity performed by a user will result in that account being locked.
High volume calls cannot be performed during peak hours
Any program that performs create or update activities must use business logic end points
Deletes are highly discouraged
An external integration should not be used to replicate available functionality
Example: The Bulk Edit module can assign or clear a temporary location from an item. Users seeking to make batch changes to temporary item locations should use Bulk Edit rather than use an external integration to make batch changes to item temporary locations
Exceptions will be made if the API is more reliable or more stable
Any program that causes stability issues, data integrity issues, performance issues, or performs a function not included in the initial request will be disabled without notice.
Users may not use the program’s username / password to access the FOLIO UI
Non-API integrations
There three sets of endpoints designed for a more secure access to certain types of data. These have lower impact on performance and pose a lower security risk, but may have additional complications.
FOLIO also includes:
OAI-PMH Edge API
Z39.50 Server
RTAC Edge API
...