IATF CARA is a single user application using progressive web app technology without a central database. At the moment all communication with IATF CARA is done using loading and saving files. CBs have their own systems and database infrastructures. To improve the interaction with those system the concept exists to provide a restful interface to pull and push data from CARA. The base IATF CARA won’t be changed. It will be offline available and only locally active and use the browser cache as comfort feature to give access to all locally saved reports.
All added restful interaction will be only possible while IATF CARA is active on the users device and only IATF CARA will be able to pull or push data to other systems. The backend REST-API backend has to be provided by
Concept
The idea is to solve the following functionalities. Though not each functionality has to be used and some functionalities might be set on the local instance of IATF CARA while other might be provided by the defined CB which is selected in the report.
Actions and data
Loading and saving of backups an external database (Cancelled due to the fact that reports can belong to different CBs)Automatic saving of active report to REST Api backendRequesting pre generated reports from CB
Requesting co auditor reports for merge
Pushing reports to CB
Pulling of nc management reports by an organization
Pushing of nc management reports by an organization
Data formats
xml/json format for complex structures
string for single returns like tokens
Requests
GET for requesting data using a token in url
POST all other requests and updates (PUT?)
Authentication
IATF CARA will support authentication with restful using username and a password. The password can be hashed.
Authentication will be possible by providing authentication data it on each restful request
{
user: "Test"
password "SHA256value"
api-key: "optional"
}
Using a session token
Authentication will be send using post
Received token will be available for the active CARA session (not saved in the browser cache)
Received token will be send on each request using
get url/(token}
Header
post
{ token: "required session token" api-key: "optional" }
Pull Features
Pulling a report from CB/internal database
Providing a request button the auditor can open a mask choosing the cb and entering his Authentifikation and the report id to pull the prepared report
if the report is found it will be loaded
If the report exists locally user is warned that it will be replaced and has to confirm
return is report as json or xml
if it fails user will be informed
return is am error message or false
Providing a load from data storage button to pull the latest version from data storage
User has to confirm that he wants to overwrite the local report
Accessing a list of
Pulling an nc report for an organization
Providing a request button in IATF NC CARA a mask opens asking for the authentication and the report key (the reportkey contains also the CB-Id at the beginning so CARA will use the correct request)
if the report is found it will be loaded
If the report exists locally user is warned that it will be replaced and has to confirm
return is an nc managamenet report as json or xml
if it fails user will be informed
return is an error message or false
Push
Pushing a report to CB/datatstorage
Providing a button to push the report to CB/data storage only if the url is set
When the button is pressed the user is asked for the authentication
Post content url/{id}
{ token: "session token on seperate authentification" or token in url or user: "user" password: "Hash256", "content": "report", }
Pushing a nc management report
Providing a button to return the report to the backend only if the url is set
When the button is pressed the user is asked for the authentication
Post content url/{id}
{ token: "session token on seperate authentification" or token in url or user: "user" password: "Hash256", "content": "report", }
Possibel urls
Authentication / or Authentifikation redirect
Report
push
pull
Nc Management
push
pull
IATF NC CARA Nc Management
push
pull