Simon Willison’s Weblog

APIs for importing locations

Originally posted to my internal blog at VaccinateCA

An important aspect of the new backend is the ability to import new locations.

These can come from a bunch of different sources. I’ve previously written Django management command scripts for this, but these are fiddly to run from a permissions perspective and don’t necessarily play well with Cloud Run.

So I decided to build an /api/importLocations API. This can take a single or multiple locations, and can either create new locations or update existing locations based on a provided unique import reference (import_ref) value.

The API is documented in full here: https://github.com/CAVaccineInventory/django.vaccinate/blob/f78afbd1e5bbba4ddc4722c9a592dfd004cb143e/docs/api.md#post-apiimportlocations

You can see how it developed in issue 98

API keys

As part of building this API I needed a simple authentication mechanism. I’ve added a Django admin page for creating API keys, with a required description field. This can be used to create an API key for use with the new API.

This mechanism differs from the JWT tokens used by the caller app API, mainly because API tokens used for import scripts need to not expire—and also don’t need to be tied to specific users.

A few more APIs

Some of the fields that can be passed to the import location API need to accept values from a specific list: county, location_type and provider_type all have this requirement.

I added APIs that return valid values for these:

• https://vaccinateca-preview.herokuapp.com/api/counties/CA—try other state codes too
• https://vaccinateca-preview.herokuapp.com/api/locationTypes
• https://vaccinateca-preview.herokuapp.com/api/providerTypes