'public' routes, authenticated or not, are for unprivileged access i.e. the user doesn't need to have any special permission (a.k.a. flags). Public routes can be disabled (like when you turn off OPAC access) and can be enforced logged users (as in OPACPublic). Privileged access routes (i.e. non-public) always require login and permissions. For plugins it all depends on the author's decisions and coding. Hope it clarifies. Best regards El mar., 16 de junio de 2020 01:03, <dcook@prosentient.com.au> escribió:
Hi all,
Could I get some clarification on the purpose of the “public” routes for the REST API?
In the case of https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24909, it looks like it’s a public API that doesn’t require authentication/authorization.
However other “public” routes like /api/v1/public/* all require authentication and appropriate authorization. Are these denoted as “public” as we’re suggesting that only these routes should be used by third-party “public” systems? I don’t get it.
Hoping someone can offer some clarification.
David Cook
Systems Librarian
Prosentient Systems
72/330 Wattle St
Ultimo, NSW 2007
Australia
Office: 02 9212 0899
Online: 02 8005 0595