-
Notifications
You must be signed in to change notification settings - Fork 7
Geolocation API for GDPR compliance
Bryan Eli edited this page Oct 14, 2020
·
2 revisions
In order to comply with GDPR, we use an IP Geolocation API, ip-api.com. Every time an application like openstax.org (aka. "osweb") uses our /user API endpoint, as part of the logged in user's information is included whether or not he/she is inside or outside a country where GDPR is applies.
How we use the API is very straightforward. We simply make a JSON GET request to uri = URI("https://pro.ip-api.com/json/") with the user's IP address as a parameter and our unique key, ie.
https://pro.ip-api.com/json/#{ip}?key=#{Rails.application.secrets.ip_api_key})
The User model has an attribute is_not_gdpr_location where we store that info.
The relevant pieces of code are:
- The user API action Api::V1::UsersController#show
- The service object SetGdprData and here is where the actual API request is made.