CORS Headers • Proxy Via NGINX • Proxy Using the Website Server • JSON Vs

Calling Alma APIs using JavaScript

MELI – 11.7.2018

Ori Miller, 2018

• AJAX • Using JavaScript Library: e.g. jQuery • Demo: Google Chart with Alma Analytics APIs • Same Origin Policy • CORS headers • Proxy via NGINX • Proxy using the website server • JSON vs. XML • Demos: • Updating item record (JSON) • Updating bib record (XML)

• Each Browser might behave differently • Long commands • Different selectors than in CSS • Sometimes different commands than in CSS • OnClick etc. inside the HTML • Hard to figure out if it is accessible

• AJILE • Dojo • GWT • JQuery • Microsoft AJAX Library • Mochikit • MooTools • Prototype • qooxdoo • Rialto Toolkit • Rico • Script.aculo.us • Spry • Yahoo! UI Library See: • http://en.wikipedia.org/wiki/JavaScript_library • http://en.wikipedia.org/wiki/List_of_JavaScript_libraries • http://en.wikipedia.org/wiki/Comparison_of_JavaScript_frameworks

$("p#id1").css("margin-bottom","3cm");

https://developers.exlibrisgroup.com/blog/Alma-Analytics-Data-in-a-Google-Chart

http://en.wikipedia.org/wiki/Same-origin_policy

• Calling the same server the JS is from, and it will call the API • Calling a proxy server which returns CORS headers • The API to return CORS headers • Alma returns CORS headers only for the Analytics APIs • Why? For the other APIs we don’t want the API-key exposed by mistake.

### proxy to Gateway, adding CORS server { listen 5555; server_name proxy_to_gw; location / { if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'Origin,Accept,Content-Type'; add_header 'Access-Control-Max-Age' 1728000; add_header 'Content-Type' 'text/plain charset=UTF-8'; add_header 'Content-Length' 0; return 204; } if ($request_method = 'GET') { add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'Origin,Accept,Content-Type'; } proxy_pass https://api-na.hosted.exlibrisgroup.com; proxy_set_header Host $host; proxy_set_header Authorization "apikey l7xx08b23ba160004847a2e95b79ca5d0cf2"; proxy_set_header Accept "application/json"; proxy_set_header X-Real-IP $remote_addr; } }

Alma’s default is XML.

To get JSON use: • Using header: Accept: application/json • Using query-parameter: https://api- na.hosted.exlibrisgroup.com/almaws/v1/conf/general?apikey=l7xx39575714b b6e4d4d911874693dcafb1f&format=json

{ "user": [ { "primary_id": "11234", "first_name": "Dina", "last_name": "Cohen", "gender": { "value": "FEMALE", 11234 "desc": "Female" Dina }, Cohen "status": { FEMALE "value": "ACTIVE", "desc": "Active" ACTIVE } }, { "primary_id": "44123", "first_name": "John", 44123 "last_name": "Smith", John "gender": { Smith "value": "MALE", "desc": "Male" MALE }, ACTIVE "status": { "value": "ACTIVE", "desc": "Active" } } ], "total_record_count": 2 }

JSON pros: • Simple to parse • Now much more popular than XML

Alma APIs which work only in XML: • Bib/Holdings (MARC-XML) • Analytics report

• https://developers.exlibrisgroup.com/blog/Self- Check-Web-Based-Application • Node.js