...
All added restful interaction will be only possible while IATF CARA is active on the users device and only IATF CARA will be able to pull or push data to other systems. The backend REST-API backend has to be provided by
Concept
The idea is to solve the following functionalities. Though not each functionality has to be used and some functionalities might be set on the local instance of IATF CARA while other might be provided by the defined CB which is selected in the report.
Actions and data
Automatic saving of active report to RESTApi backend
Requesting pre generated reports from CB
Requesting co auditor reports for merge
Pushing reports to CB
Pulling of nc management reports by an organization
Pushing of nc management reports by an organization
Data formats
xml/json format for complex structures
string for single returns like tokens
Requests
GET for requesting data
POST all other requests and updates (PUT?)
Authentication
IATF CARA will support authentication with restful using username and a password. The password can be hashed.
...
SSO with session token
redirect to single sign on
redirect back to IATF CARA with session information
Using a session token
Authentication will be send using post
Received token will be available for the active CARA session (not saved in the browser cache)
Received token will be send on each request using
get url/(token}
Header
post
Code Block { token: "required session token" api-key: "optional" }
...
Pull Features
Pulling a report from CB/internal database
Providing a request button the auditor can open a mask choosing the cb and entering his Authentifikation and the report id to pull the prepared report
if the report is found it will be loaded
If the report exists locally user is warned that it will be replaced and has to confirm
return is report as json or xml
if it fails user will be informed
return is am error message or false
Providing a load from data storage button to pull the latest version from data storage
User has to confirm that he wants to overwrite the local report
Accessing a list of
Pulling an nc report for an organization
Providing a request button in IATF NC CARA a mask opens asking for the authentication and the report key (the reportkey contains also the CB-Id at the beginning so CARA will use the correct request)
if the report is found it will be loaded
If the report exists locally user is warned that it will be replaced and has to confirm
return is an nc managamenet report as json or xml
if it fails user will be informed
return is an error message or false
Push
Pushing a report to CB/datatstorage
Providing a button to push the report to CB/data storage only if the url is set
When the button is pressed the user is asked for the authentication
Post content url
Code Block optional token in header or url { token: "session token in header or url, userId: as string, reportId: as string, report: as base64 string }
Pushing a nc management report
Providing a button to return the report to the backend only if the url is set
When the button is pressed the user is asked for the authentication
Post content url
Code Block optional token in header or url { token: "session token in header or url, userId: as string, reportId: as string, report: as base64 string }
Possibel urls
Authentication / or SSO redirect
Report
push
pull
Nc Management
push
pull
IATF NC CARA Nc Management
push
pull
...