Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 9 Next »

  1. Security. Your security considerations should include, but are not limited to the following:

    • Authenticity - Access to the service functionality of the API must be protected using an appropriate series of authentication and authorisation mechanisms;

    • Accountability - all activity on the API (calls to endpoints) should be tracked and kept in a log.

    • The infrastructure on which the service is deployed needs to be secure (physically and electronically, as much as possible).

    • Document any relevant content inside a confluence page called Security.

USER SECURITY

As a recipient, I want to be aware of who and when recipients access the data

  • Each user is required to register an account

  • Invoice calls are logged → sent and received email

As a recipient, I do want my data to be stored in a safe location, for which only I can access

  • Registering an account

  • Hashing the password, to ensure others cannot have access

  • Recipient has to be logged in to access any information (sendInvoice)

SECRET SECURITY

As a developer, I want the system store the data in secure location, to protect the privacy of sensitive information

  • Stored locally

  • Github - secrets folder

  • Store in encrypted part of Github

As a developer, I want specific (private) information to not be accessible, by fellow developers ensuring the privacy of our recipient’s information

  • User specific information is NEVER published in the GitHub repo

    • Email server logins

    • JWT tokens keep private through secrets.

  • Developers added to deployment environment on hero to access during deployment

As a developer, I want to ensure the upmost level of security for a user recipient

  • Two step verification system

  • Randomly generated Key (in Heruko)

  1. Performance. The API endpoints should take a minimal amount of time to complete. In most cases this will be relatively straightforward. In some, where computations are more complex, you will need to spend time designing your algorithm with pseudocode to determine the algorithmic complexity and reduce it as much as possible. Document any relevant content inside a confluence page called Performance.

As a business, I want the system to prevent other people from using it (who shouldn’t be able to access the invoices), to protect the privacy of all related parties.

  • Token

As a developer, I want all API calls to be logged so that I can check what has happened.

  • Database holding API call information

  • Info about: who sent API call, time, …

As a recipient, I do not want outside parties to be able to view details about my invoice.

  • Tokens

  • Possibly database encrypting?

As a business, I want the system to be able to send and operate quickly, so that I am not wasting my time waiting on sending.

  • Optimising sending

Functional Requirements - things it must or must not do.

Non-Functional Requirements - performance standards/quality, eg. security, scalability, usability, speed.

USER STORIES

As a business, I want to be able to send invoices, so that my invoices can reach outside of my local system.

  • Sending invoice to address (possibly email)

  • Files sent in correct format (UBL XML)

 

As a business, I want to know if my invoice was sent successfully so that I can make sure the invoice was sent or take further action.

  • Communication report with error or success

  • Report includes the type of error/s (eg. email address invalid, connection not etablished etc.)

  • Report also includes address, client, time/date

  • Readable communication report for humans to understand

 

As a business, I want to send intact invoices successfully so that my invoices are sent and not lost.

  • Corruption check

  • Files sent in correct format (UBL XML)

 

As a business, I want to be able to deliver invoices in different ways, so that I have flexibility and choice in reaching my clients.

  • Sending via SMS

  • Sending via Email

 

As a business, I want to be able to send to multiple recipients at once, so I don’t have to send it to them individually.

 

USE CASE

  1. After requesting an invoice and it being created, I click send invoice

  2. I pick the delivery method (Email/SMS/SFTP) and input the details

  3. I click ‘send invoice’ and the system send the invoice to the addressee

  4. If the invoice is sent successfully, I receive a Communication Report with success and details

  5. If the invoice is sent unsuccessfully, I receive a Communication Report with related errors and details, and am taken back to the sending page.

 

Requirements

  • Ability to send XML via email, MMS and SFTP (MAYBE)

    • Ability to receive details of the user to send invoice

      • Ability to send to multiple users at once

    • Ability to recieve XML data

  • Ability to report back on success/failure of function

    • Ability to provide informative error description

  • The API needs to have a health check endpoint.

  • No labels