Challenge Overview
Challenge Overview
Welcome to the second challenge of the series of Poseidon’s developer portal. In this challenge, we are creating architecture for changes required for developer portal backend APIs.
Project Overview
This subproject of Poseidon’s series we are building a developer portal to share information about our platform to the developer who wants to integrate Poseidon’s API/sdk in their app.
What is Poseidon’s API?
Poseidon’s API mentioned throughout the project means the main service that we will be selling to our customer(Enterprise). They will integrate those API using SDK we provide. These API are built as multi-tenant microservices architecture and will be hosted on Kubernetes.
What is Developer Portal API?
This is a tool that will be used to register and manage the Enterprise accounts, Developers, and will provide guidance for using Poseidon’s API.
In this challenge we will be designing the Architecture for adding more backend API and update the existing API as needed for Developer Portal. After this we will build the developer portal API and then integrate with the angular app.
Authentication Flow
There should be a default admin user set when the database is initialized.
She will then create an enterprise account and invite a lead developer and other developers. The user registration will be through invite only. Once the user receives the invitation email, she will get a registration URL in the email. Clicking that link should verify that the token is valid, if token is valid then we will redirect to registration page where she will enter the name, email and password. If not valid show invalid token page. Once registration she can login to the system.
In short:
Super Admin invites Lead Developer using enterprise email -> Lead Developer receive email with unique URL (possible login url+hash of temporary password), which is valid for 24 hours -> By clicking to URL he gets redirected to page where he should set his password -> Lead Developer receive confirmation email that an account has been created … The same logic applies to invitations from Lead Developer, however Lead Developer only should be allowed to send invite to Developers enterprise email.
There is no need to verify email here as it is invite only.
Enterprise Account
The enterprise account is the enterprise who purchases the Poseidon’s API. It will be created by Admin users only. Note, there is no UI for creation of enterprise in the current design but it will be added soon so you can check the current enterprise detail screen to prepare the API.
Also, note if there is anything needed for API authorization please create the api accordingly, for this please check the poc shared on forum.
User Roles
- Super Admin
- Lead Developer
- Developer
User Permissions
So new flow will be as below:
1) Super Admin will be Poseidon’s team member who will manage the developer portal. She will create Enterprise and add a lead developer for that enterprise. She can also invite the regular developer to the system. See the screen for Admin https://marvelapp.com/6hcg41b/screen/66159830
- Can do whatever lead and regular developer can do
- Can manage enterprise accounts (This screen will have 2 more columns enterprise id and stage)
https://marvelapp.com/6hcg41b/screen/66159575, https://marvelapp.com/6hcg41b/screen/66159576, https://marvelapp.com/6hcg41b/screen/66159577, https://marvelapp.com/6hcg41b/screen/66159578 - Beside the columns shown in above screens we will have two more column
Id: this should be fixed value that will be easy to identify the audit of enterprise.
Status: the status of enterprise, “InReview”,”Active” and “InActive”. If InReview and InActive then any keys from that enterprise should be voided. Only active status enterprises should be able to consume the API. The status should only be updated by admin.
-
Update enterprise details and resources https://marvelapp.com/6hcg41b/screen/66159899, https://marvelapp.com/6hcg41b/screen/66159900, https://marvelapp.com/6hcg41b/screen/66159901, https://marvelapp.com/6hcg41b/screen/66159902,
https://marvelapp.com/6hcg41b/screen/66324817, https://marvelapp.com/6hcg41b/screen/66324818,
-
Can manage API permission for the enterprise https://marvelapp.com/6hcg41b/screen/66324820,
https://marvelapp.com/6hcg41b/screen/66324821, https://marvelapp.com/6hcg41b/screen/66324816
2) Lead developer will manage its own enterprise and can invite the regular developer in her enterprise account. Screens for her role https://marvelapp.com/6hcg41b/screen/66159831
- Can do whatever regular developer can do
- Can manage the developer https://marvelapp.com/6hcg41b/screen/66159584, https://marvelapp.com/6hcg41b/screen/66159585, https://marvelapp.com/6hcg41b/screen/66159586, https://marvelapp.com/6hcg41b/screen/66159587
- Can manage his and view enterprise key https://marvelapp.com/6hcg41b/screen/66324822
- Can manage his profile detail
3) Regular developers can only manage her account and her key. Screens for her role https://marvelapp.com/6hcg41b/screen/66170385
- Can accept her invitation
- Can update her account
- Can manage her API key
API Permission & Authorization
We have run the PoC challenge for the authorization of Poseidon’s API. The winning submission is shared on the forum. Based on that PoC, you need to create the architecture to give the permission and authorize for the API permissions.All the users under the Enterprise will inherit the same authorisation access to the Poseidon’s API.
Screens: https://marvelapp.com/6hcg41b/screen/66324820 and https://marvelapp.com/6hcg41b/screen/66324821
There will be categories of API such Loyalty, payment etc which will be separate microservices deployed on kubernetes. And each category/microservices will have different set of endpoints, we need to control the access of endpoints on endpoint level.
Note: The authorization will be Ingress level, we shouldn’t depend on Poseidon API to be updated.
Infrastructure to Use
- Any static resource such as profile pictures should be stored on AWS S3
- Any config should be stored on AWS Parameter Store and/or Secret Manager. For encrypted values KMS keys should be used.
- Authentication and Authorization should be done with AWS Cognito
- Enterprise and developer detail should be stored on database
- API will be deployed on AWS, so please suggest other best practices if needed.
- Database will be DynamoDB instead of PostgreSQL.
Technology Stack
Node.js, PostgreSQL, DynamoDB, Typescript, Nest JS, AWS
Assets
These items will be shared on forum.
- Current swagger file for developer portal backend
- Current developer portal backend codebase
- Authorization PoC on how authorization of Poseidon’s API should be authorized
- Marvel app for the design https://marvelapp.com/6hcg41b/screen/66159830
- Check the current Prototype challenge for more detail on screen requirement. https://www.topcoder.com/challenges/30115891/?type=develop
Individual Requirement
- Update the existing Swagger definition for the provided screens and changes needed.
- Provide an implementation document that needs to done on authorization of API based on shared Auth PoC and Poseidon’s API(if needed)
- Provide a implementation document on
- how each endpoints should be implemented for the development challenge
- What changes needs to done on existing codebase for the development challenge
- Provide a API and UI mapping document for the integration challenge
Out of Scope
“My Subscriptions” widget on https://marvelapp.com/6hcg41b/screen/66170386 and https://marvelapp.com/6hcg41b/screen/66324822Final Submission Guidelines
Please submit the zip file containing the following:
- Updated swagger
- ER Diagram
- Implementation guide for Auth PoC and Poseidon’s API(if needed)
- Implementation guide for developer portal backend development document in docx format
- API mapping document in docx format