Installation and Configuration

Installation

Both REST APIs are available on the standard install media

The Citizen REST API is designed for customer facing applications and requires no authentication. It contains features such as:

• Creating new requests
• Viewing Existing Requests
• Attaching or uploading documents to a request
• Blocking view of Personally Identifiable Information (PII). It will not serve up any data that has been assigned as PII data. By default this includes things like requestors name, requestors address, requestors email.
• Only serves data that has been marked publically accessible. Every request in Lucity has a flag that identifies whether it should be available for public query. By default all requests that were submitted through the Lucity Citizen Portal REST API have this flag turned on.
• Can auto re-project coordinates to and from your agency’s operational spatial reference (useful when getting data submitted from 311 systems which use Bing or Google or other maps)

More information about installing the Citizen REST API

The REST API is designed for internal use applications (GIS, financial integrations, etc.). It requires authentication and used Basic authentication to provide the credentials to the server. For this reason we recommend SSL with this application.

• Supports viewing data from many different Lucity modules
• Supports creating data in many different Lucity modules
• Supports updating data from many different Lucity modules
• Supports deleting data from many different Lucity modules
• Adheres to the user’s security profile. If a user is not allowed to delete a work order in Lucity, then they cannot delete the work order in the REST API either.
• Supports a wide range of meta data and extra endpoints that may be useful beyond simple Lucity modules such as :
  • Filters
  • Field Meta Data
  • GIS Configuration Data

More information about installing the REST API

Configuration

Several Configuration options are available through System Settings

Allow RequestNumber and Email queries to the Citizen Portal REST API without providing both parameters

The Citizen Portal REST API supports special query parameters RequestNumber and Email which allow searching for existing public requests based on the RequestNumber and requestor email address. By default, the API requires both parameters are provided because this protects against fishing for data. If this system setting is turned on, someone can query a request based on request number or email if designed.

Default Public REST WKID, Use an alternate coord system as the Default Coordinate System for Public REST calls

The Default Public REST WKID allows you to specify that all requests coming in through the Citizen Portal REST API should be assumed to be in a certain coordinate system (for example, Mercator). ESRI documentation provides a full list of available WKID values. This system setting goes hand in hand with the "Use an alternate coord system as the Default Coordinate System for Public Requests" setting. Alternately, if some clients are inserting data using Mercator and some clients are using an alternate coordinate system, the client can include criteria in each call that tells the REST API what the coordinate system is. To do this, include a query param COORDSYS= MERCATOR or COORDSYS=LOCAL or COORDSYS=LATLONG.

Block SQL for the Lucity Citizen Portal REST API

This provides additional SQL Injection protection to the Citizen Portal REST API. By default this is true. It prevents a consuming client application from using the Filter query parameter (which allows SQL to be passed directly).

Disable DOS protection

By default, the REST APIs provide rudimentary denial of service (DOS) protection. If a single IP address makes more than 1000 requests in 10 minutes, the system will not accept requests from that IP address. The number of requests and the number of minutes is also customizable but must be done in the appSettings.config file on the server. The names of the app settings that are applicable are DOSREQUESTS and DOSPERIOD. The latter value is in minutes. To disable the DOS protection for the REST API, change the Disable DOS protection setting to TRUE in the Lucity System Settings.

Maximum records to return

This setting limits the total number of records that may be returned on any one REST call. By default, 10 records are returned, but the client can request more records. This system setting sets a cap on how many total records can be returned in one call.

• Use extension-less URLs allow prettier URLs if that is something you care about. By default URLs will be like this:

  http://restapi.lucity.net/gbaMS/Work/WorkOrders.svc/55555/TaskList/

• With this option set to TRUE the URL will look like this:

  http://restapi.lucity.net/gbaMS/Work/WorkOrders/55555/TaskList