Skip to content
Idea Exchange
← ILS - Sierra

How can we improve Sierra?

ILS - Sierra: System Administration (incl APIs)

Categories

JUMP TO ANOTHER FORUM

(thinking…)

Recently Activity

Vega Discover Updated

Econtent should be filtered out of search results when a location filter is applied.

UNDER REVIEW

ILS - Polaris Updated

Limit the shelf location drop-down menu in the item bulk change workform to the library

Cataloging & Metadata Management UNDER REVIEW

Vega Program Updated

Choose a few events and booking them using the “shopping cart” model

UNDER REVIEW

Vega Program Updated

Create a brochure from the events and room bookings a patron has registered for.

UNDER REVIEW

Vega Program Updated

Filter/sort the stats page by program type

UNDER REVIEW

Vega Program Updated

Export comments based on category

UNDER REVIEW

Vega Program Updated

When cancelling/updating a series to do it for the current event and going forward.

UNDER REVIEW

Don't see your product?

Visit the ExLibris Idea Exchange

Including Alma, Primo, Summon and more

Visit the ProQuest Idea Exchange

Including Ebook Central, PQ Dissertations and Theses and more

Require authentication to view Sierra API documentation

Enhance cybersecurity by not revealing the api methods through the swagger interface to unauthenticated users. For example, a potential hacker can view the swagger interface which shows all methods and explains how to use them. This is an issue on all api endpoints including the iii sandbox. My idea is to only reveal the swagger methods to authenticated users.

https://sandbox.iii.com/iii/sierra-api/swagger/index.html#!/patrons

6 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Chris Jones shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Greg Smith commented  ·   ·  Report

    I have to agree. Even though it's slightly inconvenient and despite the fact that "security through obscurity" isn't a valid security control in and of itself, keeping the Sierra API documentation public could still make it easier to exploit any vulnerabilities that affect it.