diff --git a/code/API_definitions/qod-provisioning.yaml b/code/API_definitions/qod-provisioning.yaml index aae70a90d..7b1a4bcb7 100644 --- a/code/API_definitions/qod-provisioning.yaml +++ b/code/API_definitions/qod-provisioning.yaml @@ -304,6 +304,8 @@ paths: - If a 2-legged access token is used, the device parameter must be provided and identify a device. - The QoD provisioning must have been created by the same API client given in the access token. - If no provisioning is found for the device, an error response 404 is returned with code "NOT_FOUND". + - This call uses the POST method instead of GET to comply with the [CAMARA Commonalities guidelines](https://github.com/camaraproject/Commonalities/blob/r0.4.0/documentation/API-design-guidelines.md#post-or-get-for-transferring-sensitive-or-complex-data) for sending sensitive or complex data in API calls. Since the device field may contain personally identifiable information, it should not be sent via GET. + operationId: retrieveProvisioningByDevice parameters: - $ref: "#/components/parameters/x-correlator" diff --git a/code/API_definitions/qos-profiles.yaml b/code/API_definitions/qos-profiles.yaml index aa90000e1..68ddde1a6 100644 --- a/code/API_definitions/qos-profiles.yaml +++ b/code/API_definitions/qos-profiles.yaml @@ -85,6 +85,8 @@ paths: **NOTES:** - The access token may be either a 2-legged or 3-legged access token. - If the access token is 3-legged, all returned QoS Profiles will be available to all end users associated with the access token. + - This call uses the POST method instead of GET to comply with the CAMARA Commonalities guidelines for sending sensitive or complex data in API calls. Since the device field may contain personally identifiable information, it should not be sent via GET. Additionally, this call may include complex data structures. + [CAMARA API Design Guidelines](https://github.com/camaraproject/Commonalities/blob/r0.4.0/documentation/API-design-guidelines.md#post-or-get-for-transferring-sensitive-or-complex-data) security: - openId: diff --git a/code/API_definitions/quality-on-demand.yaml b/code/API_definitions/quality-on-demand.yaml index d42f23998..f02a13db0 100644 --- a/code/API_definitions/quality-on-demand.yaml +++ b/code/API_definitions/quality-on-demand.yaml @@ -408,6 +408,9 @@ paths: - If a 2-legged access token is used, the device parameter must be provided and identify a device. - The session must have been created by the same API client given in the access token - If no QoS session is found for the requested device, an empty array is returned. + - This call uses the POST method instead of GET to comply with the CAMARA Commonalities guidelines for sending sensitive or complex data in API calls. Since the device field may contain personally identifiable information, it should not be sent via GET. + [CAMARA API Design Guidelines](https://github.com/camaraproject/Commonalities/blob/r0.4.0/documentation/API-design-guidelines.md#post-or-get-for-transferring-sensitive-or-complex-data) + operationId: retrieveSessionsByDevice parameters: - $ref: "#/components/parameters/x-correlator"