Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Purpose:  Define responsibilities and restrictions for creating FOLIO integration users

Scope:  A Folio “integration” refers to an external program that gets, updates or deletes data from FOLIO through a connection to the API but is not part of the FOLIO release.  This does not cover the scope of integrations that are registered as edge modules with FOLIO or direct database connections.

Description: FOLIO consists of a series of semi-independent programs that share a unified user interface (UI) style. It is possible for users or other programs to circumvent the limits of the UI by communicating directly with the underlying APIs the UI uses.  

If a program is to interact with the underlying APIs, there are policies that must be followed.

Requirements:

  • A request for an integration must be submitted to the FCLSC

    • It must include

      • The purpose of the integration

      • The data that will be accessed

      • The volume of data that will be accessed

      • Will it have create, read, update or delete capabilities?

      • Who will use the program?

      • How long will the integration last?

      • Who will be responsible for maintaining the program?

      • Will the program store data?

  • Every FOLIO integration requires a user account.  

    • This user account will be a member of the FOLIO Integration group

    • The user account must be created by the FCLSC

  • The user account will be assigned individual permissions that provide it with the minimal functionality to perform its purpose

    • If the program has access to patron data, it may require additional approvals from institutions 

Additional policies

  • Any development work on an integration must be performed in the sandbox environment

  • A production integration should never use a staff user account.  Any suspicious activity performed by a user will result in that account being locked. 

  • High volume calls cannot be performed during peak hours

  • Any program that performs create or update activities must use business logic end points

  • Deletes are highly discouraged

  • An external integration should not be used to replicate available functionality

    • Example: The Bulk Edit module can assign or clear a temporary location from an item.  Users seeking to make batch changes to temporary item locations should use Bulk Edit rather than use an external integration to make batch changes to item temporary locations

    • Exceptions will be made if the API is more reliable or more stable

  • Any program that causes stability issues, data integrity issues, performance issues, or performs a function not included in the initial request will be disabled without notice.  

  • Users may not use the program’s username / password to access the FOLIO UI

Non-API integrations

FOLIO also includes:

  • OAI-PMH edge api

  • Z39.50 Server

  • RTAC edge api

RTAC and Z39.50 can be used without restriction.

 Any OAI-PMH harvest of significant duration or that occurs on a scheduled basis must be approved by the Five Colleges Discovery Committee and the FCLSC to avoid affecting the EDS record harvest or FOLIO performance.  

  • No labels