Skip to main content
OCLC Wise Support EN

Appendix

  1. Last updated
  2. Save as PDF
Find additional information about the Wise Rest-API, including working with user permissions, safe listing IP addresses, uploading orders to vendors, and more.

User permissions

An API staff user must be assigned the appropriate permissions to grant access to patrons that the API user needs access to (or to block access to patrons that the API user is not allowed to request and edit). To accomplish this, the API user must be configured in Wise as a normal user, including the appropriate roles and permissions.

Example: An API user needs access to all patrons of a library organization, including the collaboration network (neighboring organizations). This user must be configured as a user of the library organization, assigned Read permissions on ACTOREN, and the organization must be configured in the VSX branch group (Edit Actor/Patron)
 

Detailed permissions list per endpoint:

Action Endpoint Permission
(Un)Block a patron /patronmanagement/patron/{patronSystemId}/library/{libraryId}/property/blocking ACTOREN - Library - Read

Calculating the Wise-key

Java

String apiKeyId = "<API-ID>";

String apiKey = "<API-KEY>";

String applicationName = "< ApplicationName>";

String epochDay = String.valueOf(LocalDate.now(ZoneOffset.UTC).toEpochDay());

String data = epochDay + applicationName;

String signature = HmacUtils.hmacSha256Hex(apiKey, data);

String wiseKey = apiKeyId + ":"   + signature;

Python

#!/usr/bin/env python3

import   datetime

import   hmac

import   hashlib

 

def generate_key():

    api_key_id = '<API-ID>'

    api_key = '<API-KEY>'

    application_name = '<applicationName>'

    epoch_day = (datetime.datetime.utcnow() - datetime.datetime(1970,1,1)).days

 

    signature = hmac.new(

        bytes(api_key, 'latin-1'),

        msg=bytes(''   + str(epoch_day) + application_name, 'latin-1'),

        digestmod=hashlib.sha256

    ).hexdigest()

 

    return   api_key_id + ':'   + signature

 

def main():

    print(generate_key())

 

IP safe listing

To improve security, Wise API-keys can be bound to an IP address (max. 5). Only requests with this API-key and matching IP addresses will be given access to Wise. If no IP address is configured, all IP addresses are allowed. This functionality can be configured by OCLC. For assistance, contact OCLC Support.

Uploading orders to vendors

Vendors can be configured in the Wise Manager to allow (or prevent) the file with orders to be sent directly to the relevant vendor via a Rest API link. To activate this, you need to include the supplier's connection settings in the Manager.

Wise currently has two authentication methods in the API link: Basic authentication and HMac authentication.

API client – technical description

An order file is sent to the supplier as follows:

Request:
HTTP(S) POST

Headers:
Accept: “application/json”
Content-type: “application/x-www-form-urlencoded;charset=UTF-8”


When Basic authentication is used:

Authorization: “Basic username:password”

The authorization string is Base64 encoded
 

When HMac authentication is used:

Authorization: “hmacauth <apikey>:<Base64signature>:<nonce>:<timestamp>”

Apikey = API key from the supplier
Base64signature = Base64 encoded (HmcaSha256 encoded string of API key combined with message string*) 

* message = API-id + “POST” + encodedUrl + timeStamp + nonce + contentBase64String;

Body:
The body  of the request is a form and contains the XML file. The file is in the wise-order format.

 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
    Content type
    Product documentation
  2. Tags
    This page has no tags.