'public' routes, authenticated or not, are for unprivileged access i.e. the user doesn't need to have any special permission (a.k.a. flags).

Public routes can be disabled (like when you turn off OPAC access) and can be enforced logged users (as in OPACPublic).

Privileged access routes (i.e. non-public) always require login and permissions.

For plugins it all depends on the author's decisions and coding.

Hope it clarifies.
Best regards


El mar., 16 de junio de 2020 01:03, <dcook@prosentient.com.au> escribió:

Hi all,

 

Could I get some clarification on the purpose of the “public” routes for the REST API?

 

In the case of https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24909, it looks like it’s a public API that doesn’t require authentication/authorization.

 

However other “public” routes like /api/v1/public/* all require authentication and appropriate authorization. Are these denoted as “public” as we’re suggesting that only these routes should be used by third-party “public” systems? I don’t get it.

 

Hoping someone can offer some clarification.

 

David Cook

Systems Librarian

Prosentient Systems

72/330 Wattle St

Ultimo, NSW 2007

Australia

 

Office: 02 9212 0899

Online: 02 8005 0595