Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Purpose

Define responsibilities and restrictions for creating FOLIO integration usersvia a user account

Scope

A Folio “integration” refers to an external program that gets, updates or deletes data from FOLIO through a connection to the API but is not part of the FOLIO release.  This does not cover the scope of integrations that are registered as edge modules with FOLIO or direct database connections.

Description:

FOLIO consists of a series of semi-independent programs that share a unified user interface (UI) style. It is possible for users or other programs to circumvent the limits of the UI by communicating directly with the underlying APIs the UI uses.  

If a program is to interact with the underlying APIs, there are policies that must be followed.

Integration User Requirements:

  • A request for an integration must be submitted to the Five Colleges Library System Coordinator (FCLSC)

    • It must include

      1. The purpose of the integration

      2. The FOLIO data that will be accessed

      3. The volume of data that will be accessed

      4. Data that will be created, updated or deleted

      5. Staff, patron or third party application that will use the data

      6. The duration of the integration

      7. The person responsible for maintaining the program

      8. Any Data stored by the application

  • Every FOLIO integration requires a user account.  

    • This user account will be a member of the FOLIO Integration group

    • The user account must be created by the FCLSC

  • The user account will be assigned individual permissions that provide it with the minimal functionality to perform its purpose

    • If the program has access to patron data, it may require additional approvals from institutions 

Additional policies

  • Any development work on an integration must be performed in the sandbox environment

  • A production integration should never use a staff user account.  Any suspicious activity performed by a user will result in that account being locked. 

  • High volume calls cannot be performed during peak hours

  • Any program that performs create or update activities must use business logic end points

  • Deletes are highly discouraged

  • An external integration should not be used to replicate available functionality

    • Example: The Bulk Edit module can assign or clear a temporary location from an item.  Users seeking to make batch changes to temporary item locations should use Bulk Edit rather than use an external integration to make batch changes to item temporary locations

    • Exceptions will be made if the API is more reliable or more stable

  • Any program that causes stability issues, data integrity issues, performance issues, or performs a function not included in the initial request will be disabled without notice.  

  • Users may not use the program’s username / password to access the FOLIO UI

Non-API integrations

There three sets of endpoints designed for a more secure access to certain types of data. These have lower impact on performance and pose a lower security risk, but may have additional complications.

FOLIO also includes:

  • OAI-PMH Edge API

  • Z39.50 Server

  • RTAC Edge API

...