Versions Compared

Old Version 18

changes.mady.by.user James Pasta

Saved on

compared with

New Version 19

changes.mady.by.user Walter Moar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

High Level Purpose: Have CHEFS store enpoint endpoint urls/tokens in a postgres table. CHEFS can then have event driven api restful callout endpoints. The initial subsribed subscribed event will be for the form_submission. CHEFS will use these endpoints to make restful call outs to approved systems. The ability to create subscriptions will be restricted to government systems.

...

Thoughts and concerns (Please add concerns here)
The main concern in building callouts may be around allowing communication external to the Openshift environment. The Grants system will also be hosted in the Openshift environment so communication on the backend api rest calls should be possible but should also maybe consider locking down routes.

Mitigating the enpoint endpoint editing to IDIR users only so only users that have created or been given access to the forms.

...

It looks like the ability to schedule events only is available after the initial form is saved. Add a checkbox to subscribe to events. Have a block on the frontend to allow a drop list of events and the ability to enter the endpoint token and endpoint URL for the event. Right now we only have defined 3 events so maybe just one line per each? Or might need to click add for the drop list for seperate separate row?

...

Only published forms will be able to edit the event subscription

...

  • Form Submission

  • Form Submission Status Change - Assigned / Revise - NOT MVP

  • Form Assignement Assignment - NOT MVP

Stored Data

Tablename: form_subscription

...

Passing sensitive data through a web restful request may not be necisarry necessary if we just send the notification event soley solely with the id of the form submission. That way the endpoint would be notified only that an event occurred and then call back to the CHEFS API to retrieve the data.

I am open to discussing this further or creating STRA modifications on the GRANT system if we needed it for the entire form submission data to be passed. Each program area would most likely have it’s own sensitivity needs for what personal information is being passed.

...