Help Needed: DHIS2 API Data Control/monitor/ -- /api/dataValueSets from external system

Dear all,

DHIS2 Web API and using cURL to submit data to the /api/dataValueSets endpoint

how to processes or controls the data that comes from such API requests

• any rules on incoming dataValues via cURL?
• are there any logics, configurations, user permissions , (whether the data is accepted or rejected specially for/ from the external request)

Our Problem are : from external API requests and other applications sends unlimited data, generating unnecessary periods, also accept the future period

Hi @rcpoudel !

Let me start with the easy one,

The dataValueSets should follow the same configuration rules as the data set, so if the dataset doesn’t allow a future period then the API shouldn’t be able to bypass that. If this is the case, then this one might be a potential bug which we could create a Jira ticket and triage it after testing.

You can control which external API requests and other apps are allowed the send data by controlling the tokens you give them. Could you please provide more details about the workflow of these applications that you are using?

I think that for this you will need to create a Python script that interacts with the dataValueSets API and the external API requests. It’s not an out of the box feature.

You’re welcome to share more about the use-case and why this is important by creating an idea, see ideas ! If you do create this feature request, please share the link here.

Thank you!

Hi @Gassim
I have entered 0 on “Open future periods for data entry”, but it accepts future datavalues from API.
Its in a Nepali Calender setup, and its a bug.
also i am unable to ticket on jira bug

You can control which external API requests and other apps are allowed the send data by controlling the tokens you give them. Could you please provide more details about the workflow of these applications that you are using?

We provide a username and password which is also login on DHIS2 instance.
the key value mapping on the json format and send data through the cURL or other language request.

We have a problem in api request that we have no control over the system if someone has the username and password

We’re supposed to use only the API secret key for external datavalue send, tracker data send apis?

Yes, thanks! I’ve triaged to the @dhis2-platform team (cc: @JanBernitt) and this is a potential bug that they will be looking into. Here’s the Jira ticket: api/dataValueSets endpoint bypasses ‘0 future period’ configuration (Nepali calendar) would you kindly check the steps to reproduce as well as the DHIS2 version number of the instance you are using please?

You don’t need to provide a username or password for an external service that only uses the API. You could create a user with limited authority and then provide only a secret token.

• Please watch this video explaining the Personal Access Tokens by @austin : https://www.youtube.com/watch?v=Jb6XWIspGto
• User guide explaining the use of PATs: Personal access tokens - DHIS2 Documentation
• Developers technical guide to PATs: Introduction - DHIS2 Documentation

As for how many requests they can make per second, I think this can be controlled from the server side. I will ask @tkipkurgat and the server admin group.

Thanks!

@rcpoudel you cannot control how many requests per second are made to any endpoint with DHIS2. You can however attempt to do this from your reverse proxy.