Welcome to Know Me API’s documentation!

Know Me API

https://img.shields.io/travis/knowmetools/km-api.svg https://img.shields.io/codecov/c/github/knowmetools/km-api.svg
API Root
https://toolbox.knowmetools.com
API Endpoint Documentation
https://toolbox.knowmetools.com/docs/
Developer Documentation
http://know-me-api.readthedocs.io/

About

This is the API behind our Know Me app. It is written in Python using Django and Django Rest Framework.

Deployment

Changes to this repository are automatically deployed based on the configuration in our deployment repository.

Development

The API is built with Python using Django and Django Rest Framework.

Dev Environment Overview

Quickstart

Clone the project and install the dependencies:

$ git clone git@github.com:knowmetools/km-api
$ cd km-api
$ pipenv install --dev
Local Dev Server

The development server can be run using the following command:

$ pipenv run km_api/manage.py migrate
$ pipenv run km_api/manage.py runserver
Running Tests

Tests are run with pytest. To run the tests, make sure the requirements are installed and run the tests:

$ pipenv install --dev
$ pipenv run pytest km_api/
Building Docs

We use sphinx for building documentation, and the docs are automatically published using ReadTheDocs. If you want to build the docs locally, install the requirements and run the build command:

$ pipenv install -r requirements/docs.txt
$ cd docs
$ pipenv run make html

Deployment

For an example of how to deploy the application, see knowmetools/km-api-deployment.

Environment Variables

The following environment variables can be used to modify the application’s behavior.

Note

The application will only attempt to use a Postgres database if all of DJANGO_DB_HOST, DJANGO_DB_NAME, DJANGO_DB_PASSWORD, DJANGO_DB_PORT, and DJANGO_DB_USER are set. If any of these settings are not provided, we fall back to a local SQLite database.

DJANGO_ALLOWED_HOSTS

Default: ''

A comma separated list of allowed hosts.

Note

This must be set if DJANGO_DEBUG is set to False.

DJANGO_APPLE_PRODUCT_CODES_KNOW_ME_PREMIUM

Default: ''

A comma separated list of product IDs that should be accepted to mark purchases of Know Me’s premium version. This allows us to have multiple in-app purchases that activate the premium version. For example, we can have one subscription be monthly and another be billed annually.

DJANGO_APPLE_RECEIPT_VALIDATION_ENDPOINT

Default: https://sandbox.itunes.apple.com/verifyReceipt

The endpoint used to verify subscription receipts from Apple. This can take one of two values:

  • https://sandbox.itunes.apple.com/verifyReceipt
  • https://buy.itunes.apple.com/verifyReceipt
DJANGO_APPLE_SHARED_SECRET

Default: ''

The shared secret used to verify receipts with the Apple store.

Note

This must be provided. If it is not, all Apple receipt validations will fail.

DJANGO_AWS_REGION

Default: us-east-1

The AWS region to use for services such as S3 and SES.

DJANGO_DB_HOST

Default: localhost

The hostname of the Postgres database to connect to.

DJANGO_DB_NAME

Default: ''

The name of the Postgres database to connect to.

DJANGO_DB_PASSWORD

Default:: ''

The password of the user that the application connects to the Postgres database as.

DJANGO_DB_PORT

Default: 5432

The port to connect to the Postgres database on.

DJANGO_DB_USER

Default: ''

The name of the user to connect to the Postgres database as.

DJANGO_DEBUG

Default: False

Set to True (case insensitive) to enable Django’s debug mode.

DJANGO_EMAIL_VERIFICATION_URL

Default: https://example.com/verify/{key}'

The template used to construct links for verifying a user’s email address. The {key} portion of the template will be replaced with a unique token.

DJANGO_HTTPS

Default: False

Set to True (case insensitive) if the application is served over HTTPS.

DJANGO_HTTPS_LOAD_BALANCER

Default: False

Set to True (case insensitive) if the application is served over HTTPS but is located behind a load balancer that terminates SSL. If this is enabled, requests with the header HTTP_X_FORWARDED_PROTO set to https will be treated as if they came in over HTTPS.

Note

This has no effect unless DJANGO_HTTPS is set to True.

DJANGO_IN_MEMORY_FILES

Default: False

Set to True (case insensitive) to store static files in memory. This is mainly used for testing.

DJANGO_KNOW_ME_PREMIUM_ENABLED

Default: False

Set to True (case insensitive) to require a premium subscription to perform various Know Me operations such as storing profile data or viewing followers.

DJANGO_MEDIA_ROOT

Default: ''

The location on the server’s filesystem to store user uploaded files at. This setting has no effect when DJANGO_S3_STORAGE is True.

DJANGO_PASSWORD_RESET_URL

Default: https://example.com/reset/{key}

The template used to construct password reset links. The {key} portion of the template will be replaced with a unique token.

DJANGO_RUNNING_ON_ECS

Default: False

A boolean indicating if the application is running as an ECS task. If it is, the application automatically adds the private IP of the ECS task to the list of allowed hosts.

DJANGO_S3_AWS_REGION

Default: $DJANGO_AWS_REGION

The AWS region that the S3 bucket used to store files is located in. Only takes effect when DJANGO_S3_STORAGE is True.

DJANGO_S3_BUCKET

Default: ''

The name of the S3 bucket to store files in. Only takes effect when DJANGO_S3_STORAGE is True.

DJANGO_S3_STORAGE

Default: False

Set to True (case insensitive) to enable storage of static and user uploaded files in an S3 bucket. Requires the following settings to be provided:

  • DJANGO_S3_BUCKET
DJANGO_SECRET_KEY

Default: secret

Warning

The default value is only used if DJANGO_DEBUG is set to True. This is to avoid exposing a known secret key in a production environment.

The secret key that Django uses for a few security operations.

DJANGO_SENTRY_DSN

Default: ''

The Data Source Name for the application’s Sentry project. If provided logging of warnings and errors to Sentry is enabled.

DJANGO_SENTRY_ENVIRONMENT

Default: default

The name of the environment that should be provided as context when logging to Sentry. Only takes effect when DJANGO_SENTRY_DSN is provided.

DJANGO_SENTRY_RELEASE

Default: unknown

An identifier sent with all events to Sentry that lets us identify which version of the application caused the issue.

DJANGO_SES_AWS_REGION

Default: $DJANGO_AWS_REGION

The AWS region to send SES emails from. Only takes effect when DJANGO_SES_ENABLED is True.

DJANGO_SES_ENABLED

Default: False

Set to True (case insensitive) to enable sending of emails using AWS SES.

DJANGO_STATIC_ROOT

Default: ''

The location on the server’s filesystem to store static files at. This setting has no effect when DJANGO_S3_STORAGE is True.

Changelog

Warning

This changelog is no longer updated since we adopted continuous integration and deployment practices. It exists purely for historical reasons.

In Development

Features
  • #382: Verify Apple receipts using the Apple store’s receipt validation service.
  • #397: Ensure Apple receipts are unique (i.e. multiple people can’t use the same receipt).
  • #399: Add is_premium_user property to Know Me user response.

v1.5.0

Features
  • #379: Add endpoint to retrieve/update a user’s Know Me subscription through Apple.
  • #393: Allow users to verify their email address without their password.
Miscellaneous
  • Completely changed the way that settings are provided. Rather than being specified in a separate python file that is then imported, behavior is now set through environment variables.
  • #383: Remove MailChimp integration.
  • #384: Remove CloudWatch integration.
  • #386: Remove deployment configuration. Deployment is now handled by knowmetools/km-api-deployment.

v1.4.1

Bug Fixes
  • #371: Restore journal owner’s ability to delete user comments.

v1.4.0

Features
  • #349: Customize email templates for account related actions.
  • #364: Add admin view for listing users.
Bug Fixes
  • #368: Fix incorrect app store link in invitation notification email.

v1.3.0

Features
  • #236: Add email notifications when a user is invited to view another user’s profiles.

v1.2.2

Fix issue where users could upgrade their own accounts to have staff permissions.

v1.2.1

Bug Fixes
  • #357: Add user account image to Know Me user list response data.
  • #358: Fix users not being able to delete accessors granting them access to another user’s informtion.

v1.2.0

Features
  • #354: Add Know Me user information to accessor response.
Bug Fixes
  • #352: Remove duplicate entry from user list.
Miscellaneous
  • #355: Bump package versions

v1.1.0

Features
#346: Add endpoint to list previously accepted accessors. #347: Allow users granted access by an accessor to delete that accessor.

v1.0.2

Bug Fixes
#341: Fix issue with list entries not being orderable. #343: Fix bug with duplicate rows when selecting Know Me users. #345: Fix issue with sharing errors not being caught and rendered.

v1.0.1

#337: Fix issue with API documentation crashing.

v1.0.0

Breaking Changes
  • #296: Add separate endpoint to accept an accessor.
  • #316: Paginate journal entries. The entries are now nested under the results key, and there is additional information returned such as the total number of entries and the URLs for the next and previous pages. Entries are listed in reverse chronological order.
  • #332: Remove ability to manually create a Know Me user. As per #263, a Know Me user is automatically created for each registered user.
Features
  • #233: Add config endpoint for Know Me app. It contains information such as the lowest useable iOS app version.
  • #259: Add optional profile image for users.
  • #263, #277: Automatically create a Know Me user for each user. The Know Me user’s image defaults to the user’s profile image.
  • #278: Include information about the user granted access through an accessor.
  • #299: Add additional information to media resources. The resources can have a link instead of a file, and they have an integer to hint how they should be styled.
  • #306: Add tracking of legacy users. The list of legacy users can be viewed/updated by staff.
  • #313: Expose if a user is a staff member through the profile endpoint.
  • #321: Allow media resources to be detached from profile items.
  • #326: The Know Me user owned by the requesting user is guaranteed to be the first element in the list returned from /know-me/users/. Each user in the list also has a new is_owned_by_current_user boolean attribute.
  • #328: Increase maximum upload size to 100MB.

v0.9.3

Bug Fixes
  • #324: Fix handling of duplicate accessors.
  • #325: Fix crash when listing Know Me user accessors as an unauthenticated user.
  • #327: Return journal entry permissions at the list level, rather than only from the detail endpoint.
  • #329: Add missing attribute indicating if a profile is private or not.

v0.9.2

#317: Fix error when attaching a media resource to a profile item.

v0.9.1

#276: Add missing journal entries URL to Know Me user information.

v0.9.0

Features
  • #191, #193, #303: Allow profiles and their components to be manually ordered.
  • #235: Add timestamps to remaining models.
  • #300: Send the correct URLs in account emails.
Bug Fixes
  • #271: Fix deployment failing with newly provisioned servers.
  • #295: Fix MailChimp integration.

v0.8.0

Breaking Changes
  • #253, #282: Massive rewrite of profile features. This is a backwards incompatible change that modifies endpoints and the data returned from profile endpoints in addition to requiring a complete database wipe.
  • #258: Require multiple calls to return full profile.
  • #267: Refactor accessor permission fields. The permissions are now encompassed in a single is_admin field.
Features
  • #246, #247, #251: Add endpoints for managing journal entries.
  • #248, #249, #252: Add endpoints for managing comments on journal entries.
  • #250: Add searching for journal entries.
  • #267: All models related to the Know Me app have creation and last-updated timestamps.
  • #276: Return URLs in Know Me user list rather than only from the detail endpoint.
Bug Fixes
  • #254: Fix Ansible creating duplicate crontab entries.
  • #261: Fix permissions on KMUser instances not respecting sharing.
  • #262: Fix access to private profiles being too open.
  • #265: Fix inability to tear down Terraform-provisioned infrastructure.
Miscellaneous
  • #211: Remove old “emergency” models.
  • #273: Document release process.

v0.7.1

Bug Fixes
  • #244: Fix issue with registration serializer.

v0.7.0

Developed “Bookshelf” as a rework of the old “Gallery”.

Breaking Changes
  • Switched to third party account management package. This modified the endpoints used for email management, password resets, and registration. Also, the transition removed a lot of our account related models and modified their migrations. This means the existing database must be wiped and recreated.
  • #209: Removed “emergency” related content.
  • #214: Removed is_default field from profiles.
  • #239: Removed Layer integration. This means Layer authentication tokens can no longer be obtained from the API.
Features
  • #212, #217: Added categories for media resources.
  • #213: Add endpoint for listing media resources.
Bug Fixes
  • #224: Fix issue with incorrect filtering of list views.
Miscellaneous
  • #208: Switched to autogenerated documentation.

v0.6.1

Bug Fixes:
  • #225: Fix production deployments being deployed to the staging environment.

v0.6.0

Implement sharing of profiles.

Features:
  • #154: Allow profiles to be marked as private. Private profiles are not accessible by shared users unless they are explicitly granted access.
Bug Fixes:
  • #142: Add missing migrations.
  • #139, #197: Add ability to share profiles with other users.
  • #177: Fix issue with trying to register with an email address that is already being used.

v0.5.3

Update dependency versions.

v0.5.2

Bug Fixes
  • #195: Fix issue with some endpoints only accepting a single-digit ID.

v0.5.1

Bug Fixes
  • #143: Fix missing field on emergency contact admin page.

v0.5.0

This release was focused on renaming the components of a Know Me user’s profile. As a result of this renaming, this release will break all existing data related to Know Me. This change also caused several endpoints to be renamed. The most relevant issue here is #65.

  • /know-me/gallery-items/* to /know-me/media-resources/*
  • /know-me/profiles/* to /know-me/users/*
  • /know-me/rows/* to /know-me/topics/*
Breaking Changes
  • #66: Remove grouped and paged row types.
  • #85: Separated content for different types of profile items into different models. This means the data (other than name) from existing profile items is lost.
Features
  • #67: Add emergency contacts for Know Me users.
  • #68, #100, #112: Add list-type profile items.
  • #79, #91, #96: Add ability for users to manage their emergency items.
Bug Fixes
  • #70: Fixed regression in the error returned when attempting to log in with an unverified email address.
  • #75: Fix parsing of JSON requests.

v0.4.0

Breaking Changes
  • #27: Move user profile view from /auth/profile/ to /account/profile.
  • #36, #54: Emails must be verified before being able to log in.
  • #42: The user model was moved to the account app. This requires dropping any existing databases.
Features
  • #28: Users can change their password.
  • #34: Users can now request a password reset by email.
  • #47: Allow users to manage their email addresses. They can now add/remove addresses and switch which one is the primary.
  • #50: Users receive a notification when an email is added to their account.
Miscellaneous
  • #41: Users can be authenticated by passing an email rather than a username to Django’s authenticate function.
  • #46: An admin user is created when the project is deployed.
  • #52: Developers are no longer required to have a local settings file.

v0.3.0

Features
  • #29, #30, #31: Automatically sync user info to a MailChimp list.
Miscellaneous
  • #32: Ignore reports about disallowed hosts.

v0.2.0

Breaking Changes
  • #18: Flattened URL structure.
  • #21: Moved Layer authentication to the /auth/layer/ endpoint.
Features
  • #12: Add logging in production.
  • #14: Refactor permissions implementation using dry-rest-permissions package.
  • #19, #20: Add documentation.
Bug Fixes
  • #9: Ensure passwords are validated.

Indices and tables