In order to access data you need an API key. To get an API key, you need to register an application or app. Only OSU developers with an ONID account can register an application / app. The steps below, walk you through how to register an app:
Go to the "My Apps" page. The link can be found on the navigation menu at the top of the pages or by going directly to: apps
Click on "Add a new App"
Enter the information requested
Select API product that you need
What is an API key?
What is an API key? Why do I need one?
Application Programming Interface Key (API Key) is a code (alpha-numeric) provided by applications when they are making an API call to identify the calling program. API keys are often referred by many names, such as: app keys, app credentials, or consumer keys. These names are synonymous. API keys help prevent unauthorized access to APIs. The API keys help define access and limits on the use of APIs. When a developer register their application in the developer portal, they are given a consumer key and secret. The consumer key and secret are used to get a token that can be used to perform an API call.
What if the data I need is not in an API?
I have a great idea for a new API. The current API provide doesn't include all the data that I need. How do I submit ideas or feedback about APIs?
If the data that you need is not included in the API or if you have ideas for new APIs or improvement, please contact us and we will review your request and get back to you.
Who can access the APIs?
Who can access the APIs? Can people not affiliated to OSU access the APIs?
The APIs are available to OSU developers (staff, student and faculty) who have an ONID account. At this point, the APIs are not open to developers outside of OSU. Some APIs have more restrictions or require approvals, which limit the access to them. These restrictions can be found within the documentation of each API.
How do I test an API in the developer portal?
How can I view what data is returned by an API? How can I test an API using my web browser?
In order to view the data provided by an API or test it using this developer portal, follow the steps below.
Get the Consumer Key and Secret
Browse the documentation of the available APIs to help you select one
Enter the client id (consumer key) and client key (consumer secret) from your registered application
Click on the "Send this request" button
View the response and save the "access_token" value
Use the access token to make API calls
Select the API corresponding to the product that you registered for.
Select a method to test
Enter "Bearer XXXX" under the Authorization header, where XXX is the access token
Enter any required query parameters or url parameters
Click on the "Send this request" button
Best Practices for Storing / Protecting API Keys
What are some best practices and recommendations on how to store and protect API keys?
Store API keys / secrets safely
Do not embed API keys / secrets directly in code.
Do not store API keys / secrets in files inside your application, including the application’s source tree
If you do accidentally commit an API key / secrets to version control, revoke it immediately and generate a new one.
Ensure API keys / secrets do not appear in URLs or anywhere that can be captured in web server logs.
Review your code carefully and ensure it doesn’t contain API keys / secrets or any other private information before publicly releasing it.
Put the configuration file containing the API keys / secrets in the revision control ignore (ex. .gitignore). This prevents committing them by mistake in the future.
Limit the usage of API keys / secrets
Restrict your API keys / secrets to be used by only the IP addresses, referrer URLs, and mobile apps that need them.
Don't share your API keys / secrets with different applications. If more than one application uses the same API, register each application to get a new set of API keys / secrets.
Update API keys / secrets
Delete unneeded API keys / secrets.
Update (Regenerate) your API keys / secrets periodically.
If you get an error of `requests.exceptions.SSLError: hostname 'api.oregonstate.edu' doesn't match either of '*.apigee.net' and 'apigee.net'`, it's most likely because the version of Python, Java, Curl, etc you are using doesn't have SNI support. With SNI, an extension of TLS/SSL, multiple HTTPS targets can be served off the same IP address and port without requiring all those targets to use the same certificate. However, not all clients support SNI, specifically for Python, it's supported in 2.x from 2.7.9rc1 and 3.x from 3.2alpha4 (in ssl, urllib[2] and httplib modules).