...

OAuth2 is used for authentication. With (almost) each request to an endPoint a an OAuth token needs  needs to be provided. The token is retrievable from Archie - see OAuth 2.0 authorization in Archie. The API queries Archie for permissions using the token.

...

OPTIONS is available on all endPoints. It is mainly implemented for the purpose of CORS (Cross-origin resource sharing). When sending an OPTIONS to any andPoint a 200 (OK) will be returned with the following headers: 

• Access-Control-Allow-Origin - returns a list of sources that can access the API. Currently accessable by all ("*" is returned)
• Access-Control-Allow-Headers - returns a list of headers allowed. Currently returning: Authorization, Content-Type, Accept, If-None-Match, If-Modified-Since
• Access-Control-Allow-Methods - returns a list of REST methods allowed for the specific endPoint. This is a comma separated list, eg: OPTIONS,GET,POST,PUT,PATCH,DELETE. Depending on the endPoint, 1-6 methods will be listed
• Access-Control-Max-Age - returns number of seconds the response should cache values (current default value is 3600)
• Access-Control-Expose-Headers - returns a list of exposed headers. Currently returning: Content-Type, Cache-Control, Link, Total-Count, ETag

...

If multiple Accept-headers are in the response – the API will prioritize the Accept-header closest to the top of the above list.

...

Entry Points

All endPoints are documented in Swagger on the following url:

https://test-api.cochrane.org/api-docs 

All endPoints are camelCased. For all endPoints integrity checks are made to ensure valid data.