Issue 18727

Don't require authentication/ADMIN for occurrence/download API

Reporter: peterdesmet
Type: Feedback
Summary: Don't require authentication/ADMIN for occurrence/download API
Status: Open
Created: 2016-09-09 12:34:56.21
Updated: 2016-09-09 12:49:55.139
Description: The {{occurrence/download}} API is [described|] as:

bq. Lists all the downloads. This operation can be executed by the role ADMIN only.

I don't understand why that is. I understand that starting a download ({{request}}) requires authentication, because it triggers a lot of processing. But listing all downloads should be possible without authentication:

* It doesn't trigger huge processing
* It's interesting to analyse: number of downloads over time, what queries are people running, etc.
* It's actually already possible to do this in a backwards way. Even though it it is indicated as requiring authentication in the documentation, {{/occurrence/download/dataset/datasetKey}} is openly accessible. So, you could run that for every dataset key, than combine all the results together and remove all duplicates to get the same result as you would get with {{occurrence/download}}

My advice: open it and update the documentation. :-)

Created: 2016-09-09 12:47:11.346
Updated: 2016-09-09 12:49:55.134
It is protected as we tried to protect the privacy of users, not revealing their email addresses.

Listing the email adress of users in public is still not covered in the latest GBIF terms of usage that you have to accept when registering:

But we only list the users accounts name these days, so I think we can really open that up: