Info |
---|
The RestAPI backend has to be provided by the CBs system including an authentification process. The provided description is an example on the possible implementations and data exchanges IATF CARA will support. |
IATF CARA is a single user application using progressive web app technology without a central database. At the moment all communication with IATF CARA is done using loading and saving files. CBs have their own systems and database infrastructures. To improve the interaction with those system the concept exists to provide a restful interface to pull and push data from CARA. The base IATF CARA won’t be changed. It will be offline available and only locally active and use the browser cache as comfort feature to give access to all locally saved reports.
...
The idea is to solve the following functionalities. Though not each functionality has to be used and some functionalities might be set on the local instance of IATF CARA while other might be provided by the defined CB which is selected in the report.
Actions and data
Loading and saving of backups an external database (Cancelled due to the fact that reports can belong to different CBs)Automatic saving of active report to REST Api RESTApi backendRequesting pre generated reports from CB
Requesting co auditor reports for merge
Pushing reports to CB
Pulling of nc management reports by an organization
Pushing of nc management reports by an organization
Data formats
xml/json format for complex structures
string for single returns like tokens
Requests
GET for requesting data using a token in url
POST all other requests and updates (PUT?)
...
SSO with session token
redirect to single sign on
redirect back to IATF CARA with session information
Using a session token
Authentication will be send using post
Received token will be available for the active CARA session (not saved in the browser cache)
Received token will be send on each request using
get url/(token}
Header
post
Code Block { token: "required session token" api-key: "optional" }
...
Pull Features
Pulling a report from CB/internal database
Providing a request button the auditor can open a mask choosing the cb and entering his Authentifikation and the report id to pull the prepared report
if the report is found it will be loaded
If the report exists locally user is warned that it will be replaced and has to confirm
return is report as json or xml
if it fails user will be informed
return is am error message or false
Providing a load from data storage button to pull the latest version from data storage
User has to confirm that he wants to overwrite the local report
Accessing a list of
Pulling an nc report for an organization
Providing a request button in IATF NC CARA a mask opens asking for the authentication and the report key (the reportkey contains also the CB-Id at the beginning so CARA will use the correct request)
if the report is found it will be loaded
If the report exists locally user is warned that it will be replaced and has to confirm
return is an nc managamenet report as json or xml
if it fails user will be informed
return is an error message or false
...
Pushing a report to CB/datatstorage
Providing a button to push the report to CB/data storage only if the url is set
When the button is pressed the user is asked for the authentication
Post content url/{id}
Code Block optional token in header or url { token: "session token on seperate authentification"in header or tokenurl, in url userId: as orstring, userreportId: "user"as string, passwordreport: "Hash256",as base64 "content": "report", string }
Pushing a nc management report
Providing a button to return the report to the backend only if the url is set
When the button is pressed the user is asked for the authentication
Post content url/{id}
Code Block optional token in header or url { token: "session token on seperate authentification"in header or tokenurl, in url userId: as orstring, userreportId: "user" as string, passwordreport: "Hash256",as "content": "report",base64 string }
Possibel urls
Authentication / or Authentifikation SSO redirect
Report
push
pull
Nc Management
push
pull
IATF NC CARA Nc Management
push
pull
...