Authentication overview

Authentication for British National Bibliography (BNB) data differs from typical self-service API models. The British Library, which owns and manages BNB, primarily grants access through formal data licensing agreements rather than offering direct, publicly accessible API keys or tokens for immediate developer use. This approach is rooted in the nature of bibliographic data distribution and its use within libraries, academic institutions, and the publishing industry.

Access to BNB's core products, such as BNB MARC records and BNB Linked Open Data, is facilitated by direct engagement with the British Library's bibliographic services team. This team determines the appropriate access mechanisms and credentials based on the specific licensing terms agreed upon with each user or organization. The focus is on secure and controlled distribution of comprehensive bibliographic datasets rather than transactional API calls typical of many commercial platforms.

While a direct, self-service developer API portal is not explicitly advertised, the British Library emphasizes secure data delivery methods that align with their licensing framework. This typically involves methods like SFTP transfers for MARC records or specific endpoints for Linked Open Data that might require pre-authorized access. Understanding the British Library's overall approach to British National Bibliography services is key to navigating the authentication process.

Supported authentication methods

Given the licensing-centric model of British National Bibliography data access, conventional API authentication methods like OAuth 2.0 or API keys are not typically offered as a self-service option. Instead, the authentication and authorization mechanisms are configured by the British Library in conjunction with the licensee. These methods are designed to ensure data integrity and compliance with licensing terms.

Common access paradigms and associated security levels:

Access Method Type When to Use Security Level
Secure File Transfer Protocol (SFTP) For bulk delivery of MARC records and other large datasets. Requires specific IP whitelisting and SSH key authentication. High: Encrypted transfers, strong access controls.
Direct Data Feed/Endpoint Access For programmatic access to Linked Open Data or specific subsets, often with IP-based restrictions and potentially client certificates or shared secrets. High: Network-level security, potentially mutual TLS.
Web-based Portal (Limited) For specific search or browsing functionalities, typically requiring username/password with multi-factor authentication (MFA). Moderate to High: Standard web security practices.
Physical Media Delivery For very large, infrequent data dumps, often as a backup or initial load method. Physical security dependent; less relevant for programmatic access.

The specific method employed is negotiated during the licensing process. For programmatic access to Linked Open Data, for example, the British Library might provide specific URLs and require client-side authentication using methods like HTTP Basic Authentication with credentials or client certificates, restricted by source IP address. This ensures that only authorized systems can access the data streams.

Getting your credentials

Obtaining credentials for British National Bibliography data access is a multi-step process that begins with establishing a data licensing agreement with the British Library.

  1. Initial Inquiry: Contact the British Library's bibliographic services team. This can typically be done via their official British National Bibliography homepage under the 'Contact Us' or 'Licensing' sections.
  2. Licensing Agreement: Engage in discussions to define your data requirements, usage scope, and technical specifications. A formal licensing agreement will be drafted and executed. This agreement will detail the specific datasets you are authorized to access, the modalities of access, and any associated costs.
  3. Technical Setup and Credential Provision: Once the agreement is in place, the British Library's technical team will work with you to configure the access method. This might involve:
    • SFTP: You may be asked to provide SSH public keys for secure file transfer, and an SFTP username will be assigned. IP addresses from which you will connect will likely need to be whitelisted.
    • Direct Data Feeds: For Linked Open Data or other programmatic access, you might receive specific URLs, usernames, passwords, or instructions for generating/using client certificates. Again, IP whitelisting is a common security measure.
    • Web Portals: If applicable, secure login credentials (username and password) will be provided, often with instructions for setting up multi-factor authentication.
  4. Testing: It is crucial to test the provided credentials and access methods thoroughly to ensure successful data retrieval and integration into your systems.

It is important to note that credentials are not self-service and are provided directly by the British Library after a formal agreement. The process emphasizes security and controlled distribution, aligning with the Library's mission to preserve and provide access to national bibliographic heritage.

Authenticated request example

Due to the bespoke nature of British National Bibliography data access, a universal, copy-pasteable API request example is not feasible. However, we can illustrate the general principles based on common access methods. For specific code examples, you would refer to the documentation provided by the British Library after your licensing agreement is finalized.

Example: Retrieving MARC records via SFTP

If your agreement specifies SFTP for bulk MARC record delivery, your process would typically involve an SFTP client (either command-line or programmatic) using an SSH key for authentication to a British Library SFTP server.

# Assuming you have your private SSH key at ~/.ssh/id_rsa_bnb
sftp -i ~/.ssh/id_rsa_bnb [email protected]

# Once connected, you might navigate to a specific directory to download files
# sftp> cd /outgoing/marc_records
# sftp> get latest_bnb_marc_update.mrc
# sftp> bye

In this scenario, your_bnb_username is provided by the British Library, and sftp.bl.uk would be the designated SFTP server address. The SSH key serves as your primary authentication credential, ensuring a secure, encrypted connection for data transfer.

Example: Accessing Linked Open Data (Conceptual)

For Linked Open Data, access might involve HTTP requests to specific SPARQL endpoints or Linked Data fragments. Authentication could be via HTTP Basic Authentication or client certificates.

# Conceptual example using curl for a SPARQL endpoint with HTTP Basic Auth
# Replace with actual endpoint, username, and password provided by BL
curl -u "bnb_lod_user:your_secure_password" \
  "https://lod.bl.uk/sparql?query=SELECT%20*%20WHERE%20%7B%3Fs%20%3Fp%20%3Fo%7D%20LIMIT%2010"

If client certificates are used, the curl command would include --cert and --key flags pointing to your certificate and private key files. The exact query syntax would depend on the SPARQL endpoint and your data requirements. For detailed information on SPARQL queries and Linked Open Data access patterns, consult resources like the W3C SPARQL 1.1 Query Language specification.

Security best practices

When working with British National Bibliography data and its associated authentication mechanisms, adhering to robust security practices is essential. These practices safeguard your access credentials and protect the integrity of the valuable bibliographic data.

  1. Protect Credentials: Treat all provided credentials (SFTP usernames, SSH keys, passwords, client certificates) as highly sensitive information. Store them securely, preferably in encrypted vaults or secrets management systems. Avoid hardcoding credentials directly into application source code.
  2. Use Strong, Unique Passwords/Keys: If passwords are part of your access method, ensure they are complex, unique, and changed regularly. For SSH keys, use strong passphrases and protect the private key file with appropriate file permissions.
  3. IP Whitelisting: If the British Library implements IP whitelisting, ensure that only the necessary, static IP addresses of your servers or network gateways are provided. Regularly review and update this list as your infrastructure changes to minimize potential attack surface.
  4. Principle of Least Privilege: Configure your systems and applications to use only the minimum necessary permissions required to access the BNB data. Do not grant broader access than what is essential for your specific use case.
  5. Secure Communication Channels: Always use secure protocols like SFTP or HTTPS (for Linked Open Data endpoints) to transmit and receive data. Ensure that TLS/SSL certificates are valid and up-to-date to prevent man-in-the-middle attacks.
  6. Regular Auditing and Monitoring: Implement logging and monitoring for all access attempts to the BNB data. Regularly review these logs for any suspicious activity or unauthorized access attempts. Alert systems should be in place to notify administrators of anomalies.
  7. Data Handling and Storage: Once BNB data is received, store it securely in your own systems, especially if it contains any sensitive or licensed information. Adhere to all terms of your licensing agreement regarding data storage, usage, and retention. Implement data encryption at rest and in transit within your infrastructure.
  8. Compliance: Ensure your data handling practices comply with relevant data protection regulations, such as GDPR, especially if you are integrating BNB data with other datasets that may contain personal information.
  9. Keep Software Updated: Maintain all operating systems, libraries, and applications involved in accessing and processing BNB data with the latest security patches to mitigate known vulnerabilities.

By following these best practices, you can ensure a secure and compliant interaction with British National Bibliography data, protecting both your systems and the valuable information provided by the British Library.