Don't Include Visible=FALSE Observations In API

by ADMIN 48 views

Introduction

When it comes to API design, it's essential to consider the type of data that should be exposed to users. In the context of the /observations/ endpoint, we need to determine whether non-visible observations should be included in the API response. In this article, we'll explore the implications of including or excluding non-visible observations and propose a solution that prioritizes data security and user experience.

The Issue with Non-Visible Observations

Non-visible observations, denoted by visible=FALSE, are currently accessible in the /observations/ endpoint, even for non-public users. This raises concerns about data security and the potential for unauthorized access to sensitive information. As Steve Gerrits pointed out, this issue is particularly relevant in the context of the Vespa DB project (see issue #329).

Why Exclude Non-Visible Observations?

There are several reasons why we should exclude non-visible observations from the API response:

  • Data Security: Non-visible observations contain sensitive information that should not be exposed to unauthorized users. By excluding these observations, we can help prevent data breaches and protect user privacy.
  • User Experience: Including non-visible observations in the API response can lead to confusion and frustration for users who are not authorized to access this information. By only showing visible observations, we can provide a more streamlined and user-friendly experience.
  • Admin Access: While admins may need to access non-visible observations for administrative purposes, this can be achieved through a separate endpoint or interface that is specifically designed for admin access.

Proposed Solution

To address the issue of non-visible observations in the API, we propose the following solution:

  1. Frontend Only Shows Visible=TRUE: The frontend should only display observations with visible=TRUE. This ensures that users are only presented with information that they are authorized to access.
  2. Logged-in Admin Changes Visible=FALSE: When a logged-in admin changes the visibility of a nest to visible=FALSE, the change should be pushed to the database.
  3. API No Longer Returns That Nest: After the change is pushed to the database, the API should no longer return the nest with visible=FALSE. This ensures that the API response is consistent with the frontend display and prevents unauthorized access to sensitive information.

Benefits of the Proposed Solution

The proposed solution offers several benefits, including:

  • Improved Data Security: By excluding non-visible observations from the API response, we can help prevent data breaches and protect user privacy.
  • Enhanced User Experience: The solution provides a more streamlined and user-friendly experience for users who are not authorized to access non-visible observations.
  • Simplified Admin Access: The solution allows admins to access non-visible observations through a separate endpoint or interface, while preventing unauthorized access to sensitive information.

Conclusion

Q&A: Excluding Non-Visible Observations from API

Q: Why is it a problem to include non-visible observations in the API response?

A: Including non-visible observations in the API response can lead to data breaches and unauthorized access to sensitive information. This is because non-visible observations contain sensitive information that should only be accessible to authorized users.

Q: What are the implications of including non-visible observations in the API response?

A: Including non-visible observations in the API response can have several implications, including:

  • Data Security Risks: Non-visible observations contain sensitive information that can be accessed by unauthorized users, leading to data breaches and security risks.
  • User Experience Issues: Including non-visible observations in the API response can lead to confusion and frustration for users who are not authorized to access this information.
  • Admin Access Compromised: Admins may need to access non-visible observations for administrative purposes, but this can be achieved through a separate endpoint or interface that is specifically designed for admin access.

Q: How can we exclude non-visible observations from the API response?

A: To exclude non-visible observations from the API response, we can implement the following solution:

  1. Frontend Only Shows Visible=TRUE: The frontend should only display observations with visible=TRUE. This ensures that users are only presented with information that they are authorized to access.
  2. Logged-in Admin Changes Visible=FALSE: When a logged-in admin changes the visibility of a nest to visible=FALSE, the change should be pushed to the database.
  3. API No Longer Returns That Nest: After the change is pushed to the database, the API should no longer return the nest with visible=FALSE. This ensures that the API response is consistent with the frontend display and prevents unauthorized access to sensitive information.

Q: What are the benefits of excluding non-visible observations from the API response?

A: Excluding non-visible observations from the API response offers several benefits, including:

  • Improved Data Security: By excluding non-visible observations from the API response, we can help prevent data breaches and protect user privacy.
  • Enhanced User Experience: The solution provides a more streamlined and user-friendly experience for users who are not authorized to access non-visible observations.
  • Simplified Admin Access: The solution allows admins to access non-visible observations through a separate endpoint or interface, while preventing unauthorized access to sensitive information.

Q: How can we ensure that admins have access to non-visible observations for administrative purposes?

A: To ensure that admins have access to non-visible observations for administrative purposes, we can implement a separate endpoint or interface that is specifically designed for admin access. This can include:

  • Admin-only Endpoint: Create a separate endpoint that is only accessible by admins, which allows them to access non-visible observations.
  • Admin Interface: Provide an admin interface that allows admins to access non-visible observations, while preventing unauthorized access to sensitive information.

Q: What are the next steps in implementing the solution to exclude non-visible observations from the API response?

A: The next steps in implementing the solution to exclude non-visible observations from the API response include:

  • Designing the API Endpoint: Design the API endpoint that will be used to exclude non-visible observations from the API response.
  • Implementing the Solution: Implement the solution, including the frontend and API changes, to exclude non-visible observations from the API response.
  • Testing the Solution: Test the solution to ensure that it is working as expected and that non-visible observations are no longer being returned in the API response.