Skip to content

feat(guidelines): add new rule for sending user agent header #76

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

feat(guidelines): add new rule for sending user agent header #76

wants to merge 1 commit into from

Conversation

BirgitBader
Copy link
Contributor

Changelog:

New

  • MUST send User-Agent header R000074

jensfischer1515
jensfischer1515 reviewed Jul 17, 2024
View reviewed changes
api-guidelines/rest/http/headers/rules/must-send-user-agent-header.md
# MUST send `User-Agent` header

API providers must be able to easily identify which client is calling their API.
The `User-Agent` header saves the API provider manual work, e.g. retrieving this information from the token or reading the access log.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

access log reading is still needed, but the User-Agent value is directly visible in the access log, which is not the case for e.g. client_id JWT claim as part of the OAuth2 Bearer Token.

@maxedenharter0507
Copy link
Contributor

I'm struggling a bit with the fact that we cleaned up the guidelines from consumer-facing rules and now introducing a new one. Would it be an option to extend the "About the API" section with such things?

Otherwise, I think it's an important rule 👍

@fabianschmidt0666
Copy link

as provider of the product data api - we have given our users the recommendation to set the user-agent (i think we have a coverage of ~90 percentage) for technical identification purpose. The feedback was every time good. If anybody is interested in visualizing user based traffic we have build a dataflow overview. Out of my perspective it could be "SHOULD" as a best practice

@cgebken
Copy link
Contributor

cgebken commented Jul 19, 2024

I'm struggling a bit with the fact that we cleaned up the guidelines from consumer-facing rules and now introducing a new one. Would it be an option to extend the "About the API" section with such things?

Otherwise, I think it's an important rule 👍

I absolutely agree with this. Consumers should get the information in the "About the API" section. If this rule is desired, I'd vote for renaming it to "Must design APIs that allow identification of user agents" or alike.

@BirgitBader
Copy link
Contributor Author

Closing this PR, as this is a consumer-facing topic, it will be taken care of in the Consumer API Portal.

@BirgitBader BirgitBader deleted the 75_send-user-agent branch July 31, 2024 13:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jensfischer1515 jensfischer1515 jensfischer1515 left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@BirgitBader @maxedenharter0507 @fabianschmidt0666 @cgebken @jensfischer1515