Best Practices for Application Development

Ensure that WSKeys and authentication tokens are not exposed by

  • refraining from using them in client side code (Javascript)
  • placing them in an application configuration file outside the web server directory

Include Error Logging and Debugging features in your application

  • Log error messages your application receives from OCLC web services
  • Display clear, human readable error messages to help users diagnosis if a configuration issue is occurring with their installation of the application or an issue with the application in general

Create adequate documentation for your application and its interaction with OCLC web services

  • Include documentation about which OCLC web services the application interacts with
  • Create flow diagram for the application which shows which services interacted with and the types of requests made of the service

Identify your application in calls to OCLC web services

  • Utilize User Agent to send your application's information to any OCLC web service it utilizes

Do not collect or share personably identifing information without the consent of users and confirming users are over the age of 13.

Ensure your application does not perform write operations which conflict with other applications by

  • Using ETags when performing updates on resources

    • If-Match Header
    • gd:etag attribute