IATF CARA restful interface for IT personal
The RestAPI backend has to be provided by the CBs system including an authentification process. The provided description is an example on the possible implementations and data exchanges IATF CARA will support.
IATF CARA is a single user application using progressive web app technology without a central database. At the moment all communication with IATF CARA is done using loading and saving files. CBs have their own systems and database infrastructures. To improve the interaction with those system the concept exists to provide a restful interface to pull and push data from CARA. The base IATF CARA won’t be changed. It will be offline available and only locally active and use the browser cache as comfort feature to give access to all locally saved reports.
All added restful interaction will be only possible while IATF CARA is active on the users device and only IATF CARA will be able to pull or push data to other systems. The backend REST-API backend has to be provided by
Concept
The idea is to solve the following functionalities. Though not each functionality has to be used and some functionalities might be set on the local instance of IATF CARA while other might be provided by the defined CB which is selected in the report.
Actions and data
Automatic saving of active report to RESTApi backend
Requesting pre generated reports from CB
Requesting co auditor reports for merge
Pushing reports to CB
Pulling of nc management reports by an organization
Pushing of nc management reports by an organization
Data formats
xml/json format for complex structures
string for single returns like tokens
Requests
GET for requesting data
POST all other requests and updates (PUT?)
Authentication
IATF CARA will support authentication with restful using username and a password. The password can be hashed.
Authentication will be possible by providing authentication data it on each restful request
{
user: "Test"
password "SHA256value"
api-key: "optional"
}
SSO with session token
redirect to single sign on
redirect back to IATF CARA with session information
Using a session token
Authentication will be send using post
Received token will be available for the active CARA session (not saved in the browser cache)
Received token will be send on each request using
get url/(token}
Header
post
{ token: "required session token" api-key: "optional" }
Pull Features
Pulling a report from CB/internal database
Providing a request button the auditor can open a mask choosing the cb and entering his Authentifikation and the report id to pull the prepared report
if the report is found it will be loaded
If the report exists locally user is warned that it will be replaced and has to confirm
return is report as json or xml
if it fails user will be informed
return is am error message or false
Providing a load from data storage button to pull the latest version from data storage
User has to confirm that he wants to overwrite the local report
Accessing a list of
Pulling an nc report for an organization
Providing a request button in IATF NC CARA a mask opens asking for the authentication and the report key (the reportkey contains also the CB-Id at the beginning so CARA will use the correct request)
if the report is found it will be loaded
If the report exists locally user is warned that it will be replaced and has to confirm
return is an nc managamenet report as json or xml
if it fails user will be informed
return is an error message or false
Push
Pushing a report to CB/datatstorage
Providing a button to push the report to CB/data storage only if the url is set
When the button is pressed the user is asked for the authentication
Post content url
optional token in header or url { token: "session token in header or url, userId: as string, reportId: as string, report: as base64 string }
Pushing a nc management report
Providing a button to return the report to the backend only if the url is set
When the button is pressed the user is asked for the authentication
Post content url
optional token in header or url { token: "session token in header or url, userId: as string, reportId: as string, report: as base64 string }
Possibel urls
Authentication / or SSO redirect
Report
push
pull
Nc Management
push
pull
IATF NC CARA Nc Management
push
pull
Â