Zenodo Integration

Overview

This section provides an overview of the Zenodo integration functionality, detailing how to implement and manage the upload of artifacts to Zenodo, along with the associated metadata and manifest.rdmc file.

Workflow Overview

Authorization: Users are redirected to Zenodo for OAuth2 authentication. To create new OAuth Application go to New OAuth Application.
Token Retrieval: After successful login, an access token is retrieved and stored in the session.
File Preparation: Files and folders are processed, zipped if necessary, and prepared for upload. The manifest.rdmc file is included if available.
Upload: Files are uploaded to Zenodo using the Zenodo API, and metadata is associated with the deposition.

Zenodo API Service

The Zenodo integration communicates with a dedicated microservice that handles all interactions with the Zenodo platform. The source code and full API reference are available here:

Zenodo API Service (GitLab) — source code of the Zenodo API microservice
api.nfdixcs.org/zenodo/docs — interactive API reference

The base URL for all API calls is:

https://api.nfdixcs.org/zenodo

API Endpoints

The following endpoints are used during the Zenodo upload workflow:

Method	Endpoint	Description
`POST`	`/oauth/authorize`	Initiates the OAuth2 authorization flow and returns the Zenodo login URL.
`POST`	`/oauth/callback`	Completes the OAuth2 flow and exchanges the authorization code for an access token.
`POST`	`/oauth/refresh`	Refreshes an expired access token using the stored refresh token.
`GET`	`/depositions/{id}/verify`	Checks whether the current access token is still valid for a given deposition.
`POST`	`/depositions/{id}/files`	Uploads artifact zip files and the manifest file to a Zenodo deposition.
`POST`	`/depositions/{id}/metadata`	Sends container metadata (title, description, contributors, keywords, etc.) to Zenodo.
`DELETE`	`/depositions/{id}`	Deletes a draft deposition from Zenodo.

How to Call the API

Below are examples of how to call each key endpoint using Python requests.

Step 1 — Authorize & get the Zenodo login URL:

response = requests.post(
    "https://api.nfdixcs.org/zenodo/oauth/authorize",
    json={
        "container_id": "<container_id>",
        "django_callback_url": "<callback_url>",
    },
    timeout=(10, 120),
)
zenodo_oauth_url = response.json()["zenodo_oauth_url"]

Step 2 — Exchange authorization code for access token:

response = requests.post(
    "https://api.nfdixcs.org/zenodo/oauth/callback",
    json={
        "code": "<auth_code>",
        "state": "<returned_state>",
        "django_callback_url": "<callback_url>",
    },
    timeout=(10, 120),
)
access_token = response.json()["access_token"]

Step 3 — Upload files to a deposition:

response = requests.post(
    "https://api.nfdixcs.org/zenodo/depositions/<deposition_id>/files",
    data={"access_token": "<access_token>"},
    files=multipart_files,
    timeout=300,
)

Step 4 — Upload metadata to a deposition:

response = requests.post(
    "https://api.nfdixcs.org/zenodo/depositions/<deposition_id>/metadata",
    json=payload,
    timeout=60,
)

Error Handling

If the access token is not received, an error message is displayed, and the upload process is halted.
The Zenodo API responds with errors if the files cannot be uploaded or if there are authentication issues.
If a token has expired, the system automatically attempts to refresh it before re-trying the upload.
If the refresh also fails, the user is redirected to re-authorize with Zenodo.

Zenodo API Call Flow — **Figure: Zenodo API service call flow during the upload process**