Hosted Service Onboarding

The COMS API is available as a hosted service for BC Government client applications.

Some important aspects of the hosted service to consider:

Requests to COMS API requests must be authorized using a User ID token (OAuth JWT) issued in the Pathfinder SSO 'Standard' realm. Typically a user would sign-in to your app (website) and your app would call COMS with that user's JWT.
Basic Auth or authentication using a service-account (eg: client credentials) is currently not available on the Hosted COMS service. This is a feature if you are self-hosting.

Object Storage buckets must be obtained by the client. Any S3 compatible bucket will work (for example: AWS S3 and Minio). OCIO provide a low-cost object Storage service. NRM clients can request a bucket through the Optimization Team.
Once provisioned, you can add your bucket to COMS using the createBucket endpoint. See: Managing Buckets.
Bucket credentials (Access Key ID and Secret Access Key) are stored in the database as encrypted strings. Encryption is done by NodeJS's internal crypto library. The key for encryption is assigned to a SERVER_PASSPHRASE environment variable, and is only available inside the scope of the COMS app container.

The stricter Privacy Controls setting is enabled in the Hosted service (requires READ permission on bucket or object to discover or access the file and related data). This removes the abiility to search for objects that you don't have permissions for.

BCBox Integration: Using the Hosted COMS service has the added benefit of being able to integrate your application with BCBox - a hosted Dropbox-style interface for sharing files.
A Synchronization feature is coming soon that will allow COMS to manage objects that were in the bucket or are handled outside of the COMS API.

Note: Please also review the Hosting Considerations page, and reasons to self-host

Return Home

Provide feedback