IATF CARA restful interface for IT personal

The RestAPI backend has to be provided by the CBs system including an authentification process. The provided description is an example on the possible implementations and data exchanges IATF CARA will support.

IATF CARA is a single user application using progressive web app technology without a central database. At the moment all communication with IATF CARA is done using loading and saving files. CBs have their own systems and database infrastructures. To improve the interaction with those system the concept exists to provide a restful interface to pull and push data from CARA. The base IATF CARA won’t be changed. It will be offline available and only locally active and use the browser cache as comfort feature to give access to all locally saved reports.

All added restful interaction will be only possible while IATF CARA is active on the users device and only IATF CARA will be able to pull or push data to other systems. The backend REST-API backend has to be provided by

Concept

The idea is to solve the following functionalities. Though not each functionality has to be used and some functionalities might be set on the local instance of IATF CARA while other might be provided by the defined CB which is selected in the report.

  • Actions and data

    • Automatic saving of active report to RESTApi backend

    • Requesting pre generated reports from CB

    • Requesting co auditor reports for merge

    • Pushing reports to CB

    • Pulling of nc management reports by an organization

    • Pushing of nc management reports by an organization

  • Data formats

    • xml/json format for complex structures

    • string for single returns like tokens

  • Requests

    • GET for requesting data

    • POST all other requests and updates (PUT?)

Authentication

IATF CARA will support authentication with restful using username and a password. The password can be hashed.

  • Authentication will be possible by providing authentication data it on each restful request

1 2 3 4 5 { user: "Test" password "SHA256value" api-key: "optional" }
  • SSO with session token

    • redirect to single sign on

    • redirect back to IATF CARA with session information

  • Using a session token

    • Authentication will be send using post

    • Received token will be available for the active CARA session (not saved in the browser cache)

    • Received token will be send on each request using

      • get url/(token}

      • Header

      • post

        1 2 3 4 { token: "required session token" api-key: "optional" }

Pull Features

  • Pulling a report from CB/internal database

    • Providing a request button the auditor can open a mask choosing the cb and entering his Authentifikation and the report id to pull the prepared report

      • if the report is found it will be loaded

        • If the report exists locally user is warned that it will be replaced and has to confirm

      • return is report as json or xml

      • if it fails user will be informed

      • return is am error message or false

    • Providing a load from data storage button to pull the latest version from data storage

      • User has to confirm that he wants to overwrite the local report

    • Accessing a list of

  • Pulling an nc report for an organization

    • Providing a request button in IATF NC CARA a mask opens asking for the authentication and the report key (the reportkey contains also the CB-Id at the beginning so CARA will use the correct request)

      • if the report is found it will be loaded

        • If the report exists locally user is warned that it will be replaced and has to confirm

      • return is an nc managamenet report as json or xml

      • if it fails user will be informed

      • return is an error message or false

Push

  • Pushing a report to CB/datatstorage

    • Providing a button to push the report to CB/data storage only if the url is set

      • When the button is pressed the user is asked for the authentication

      • Post content url

        1 2 3 4 5 6 7 optional token in header or url { token: "session token in header or url, userId: as string, reportId: as string, report: as base64 string }
  • Pushing a nc management report

    • Providing a button to return the report to the backend only if the url is set

      • When the button is pressed the user is asked for the authentication

      • Post content url

        1 2 3 4 5 6 7 optional token in header or url { token: "session token in header or url, userId: as string, reportId: as string, report: as base64 string }

Possibel urls

  • Authentication / or SSO redirect

  • Report

    • push

    • pull

  • Nc Management

    • push

    • pull

  • IATF NC CARA Nc Management

    • push

    • pull