APIv3: proxy these URLs to be served from El Proxito /_/api/v3/

[humitos]

• Related: API: consider using APIv3 standard endpoints addons#356
• Related: API: use APIv3 endpoint for resources addons#468

[ericholscher]

I know Santos had some worried about handling modifications here. This seems like a pretty large change?

Santos mentioned:

We can cache content over docs domains (assuming we only expose read-only resources, and on .org only).

And this doesn't seem to restrict any of those things? In particular, we need to remove auth from these API endpoints (

readthedocs.org/readthedocs/core/mixins.py

Lines 25 to 27 in bb2aca3

	# DRF has BasicAuthentication and SessionAuthentication as default classes.
	# We don't support neither in the community site.
	authentication_classes = []

), which this isn't doing?

[humitos]

Yes. I haven't jumped into read-only endpoints / auth / cache yet because I wanted to be sure I'm moving in the right direction here before implementing those. If this POC is 👍🏼 -- we can start exploring how to achieve those goals as well.

[humitos]

By the way, I understand we want auth here because .com will require authentication requests to return the correct data for those private projects.

[ericholscher]

By the way, I understand we want auth here because .com will require authentication requests to return the correct data for those private projects.

Yea, looks like we're setting SessionAuthentication explicitly on the Corporate side for the proxied APIs.

[ericholscher]

I worry a little bit about deleting this on deploy, since it will lead to a timing issue between the client & server. I'd probably just add the new fields to the existing API response, so we can test that appraoch without breaking old API clients during deploy?

[humitos]

Yeah, it makes sense to deploy everything needed in the backend first without removing the old pattern 👍🏼