Sharing Patron Record Data with Third-party Systems

The Patron API (URL) product enables third-party vendors to access patron record data in your Innovative database. For example, a public computer management system or ebook lender might use Patron API to obtain the data it needs to authenticate users. Third-party systems that access Patron API are only able to read patron data; this product cannot be used to update the source patron data in the Innovative database. The patron data is delivered to the third-party system in HTML format.

For more information, see the following:

• Setting Up Patron API
• How Patron API Works
• Optional Functionality

Setting Up Patron API

To set up Patron API:

1. Contact Innovative to acquire and install the product. If you want to enable any optional functionality, inform Innovative at this time. Innovative staff install and configure Patron API as requested.
2. To protect patron confidentiality, limit access to the Patron API service by editing the HTPATAPI entry (or, if your library uses Patron API SSL, the HTPATAPISSL entry) in the Limit Network Access table. When assigning a login for the service, you can either use an existing login or create a new one specifically for use by Patron API. (Note that login use by Patron API does not affect user license statistics.)
3. Ensure that the port(s) used by Patron API are open in your library's firewall. Standard Patron API uses port 4500. If your library uses Patron API SSL, you must open port 54620.
4. Provide any requested information to the third-party vendor, such as your library's Sierra release, the port(s) used by Patron API, and whether or not your library uses PINs to verify patrons.

How Patron API Works

Patron API works as follows:

1. When prompted, a patron provides their authentication information, such as their barcode and PIN, to the third-party application that interacts with Patron API.

   The Patron self-identification field OPAC option determines which field the patron must enter to authenticate. The Personal ID Num (PIN) in patron record OPAC option determines whether Patron API can use patron PINs during authentication.

2. The third-party application sends a request for patron data or verification to Patron API using the protocol and port you specified during setup.
3. Patron API determines whether the patron's authentication information is complete and valid. If so, it sends the corresponding patron's record data to the third-party application. If not, Patron API returns an error message.
4. The third-party application uses Patron API's response to perform its designed function (for example, to authenticate the user) or to show an error.

For more information about the format of messages received and sent by Patron API, see Patron API Requests, Responses, and Error Messages.

Optional Functionality

Patron API offers the following optional functions and features:

Using SSL with Patron API

If your library has the Patron API SSL feature enabled, you can use Patron API over a secure network. When using Patron API SSL, the external user's session expires only when the Web browser is closed. To enable the Patron API SSL feature, contact Innovative.

Suppressing Variable-length Fields

When a third-party program requests patron data, Patron API returns all fields in the patron record by default. If you want to exclude certain variable-length fields from Patron API's response, contact Innovative and specify which fields to suppress.

Updating the CIRCACTIVE Fixed-length Field

Patron API updates the patron record's CIRCACTIVE field when a third-party application accesses the patron record. This can help you keep track of patrons who do not regularly perform circulation transactions but nevertheless use your library's electronic resources or services. If you do not want Patron API to update the patron's CIRCACTIVE field, contact Innovative.