Challenge Overview
MAM stands for "Manulife Asset Management". The president of MAM has responsibility for global implementations of strategic initiatives. These initiatives start out as ideas or problems from across MAM, up to 20 per month. This new application will help with intake, triage, and tracking resolutation and status of incoming requests in a consistent manner, and will increase the efficiency in which requests are processed.
This first challenge will build out the JSON REST API services necessary for the application.
Technology
For this challenge, we are targeting the latest version of Node for the initial service implementation.
The database implementation will be Azure SQL. We can target SQL Server Express for local development for this challenge.
ERD
An ERD and lookup values will be provided in the forum. NOTE: Anything marked "VARCHAR(1024)" should be a TEXT field in the final output, and anything marked TINYINT should be a BOOLEAN field.
Requirements
This challenge will implement basic CRUD (create, remove, update, delete) services that will be consumed by the web app at some point.
These two tables need full CRUD services associated with them:
* intake
* intake_tracking
In addition, we need search endpoints to search both the intake and intake_tracking tables by:
* Lookup ID
* Text in the TEXT fields.
The lookup tables just need the ability to retrieve one or all records via a service, used in filling in the UI at some point in the future.
Pagination
On retrieval, all endpoints should support pagination.
HTTP actions
Best practices should be followed for using HTTP actions in the endpoints, namely GET, POST, PUT, and DELETE.
Client code
In addition to the Node services, please provide Node classes we can use in the front end to consume the services easily. The client UI will be implemented in Node / ReactJS.
Security
Security will be added to the services, so please make it easy to secure the endpoints at some point in the future. If you provide a way to do that now, that would be considered useful additional functionality.
CSRF
Cross-Site Request Forgery protection must be provided on all endpoints and validation details must be provided in your README.md.
SQL Injection
Your code must be secure against SQL injection attacks.
Strict transport security
The Strict-Transport-Security header must be applied and properly used on all endpoints.
Swagger
Please provide a Swagger YAML file we can use to validate the final, deployed services.
Submission
Your submission must include:
* Service implementation
* Client implementation that can be used to consume the services
* Deployment details for the SQL database
* Deployment details for the service codebase
* Validation information
No video is required for this challenge.