Platform API weeknotes, 23 July 2020

While I’ve been enjoying myself in Germany (a COVID-compliant experience worth of its own post) the team has been busy. 

I’ve been spending the morning catching up with what’s been going on, and really the best way of doing this would be to watch the most recent show & tell on our YouTube channel. 

But if you prefer to read, here’s a quick recap:

  • The Tenancy Information API is almost finished – the last part is the VIEW endpoint, which will be completed this sprint. This did require some tweaking to how tenancy references are handled by the API but that work has paid off. We should be able to put this into production quickly. 
  • The Cautionary Alerts API is done!
  • All existing APIs have been tested and deployed to production. We’ve added additional indexes to the databases, improving response time from 30+ seconds to 1-2 seconds.
  • We’re working with the Security team on a mini-project to obfuscate data. Our test databases use real data, which is less than ideal, so we are using a tool within AWS to (consistently) modify data as it’s migrated from the production database to the staging database. 

All that would be good for most teams. But not this team!

  • The first version of the LIST endpoint of the high-level Resident Information Platform API has been done. This returns data from the Mosaic, Universal Housing, and Academy APIs – three of the biggest data sources in the council. It can be queried by first name, last name, or address. We will of course update it as we complete more APIs. 
  • We’ve done a simple integration with Single View! That service is now using the Academy Platform API to retrieve resident information, and we hope to add the Housing Platform API soon. 
  • We’ve had interest from three other significant projects in reusing our work, which should speed up their development – which is an intended benefit of all this work.

Lastly, we’ve been working on the authorisation model for how services can use these APIs. 

We are working on an Authorisation API to handle requests, based on the above output from a workshop. Rather than using API keys as now, users will receive a service-based token without an expiry data, and the service (rather than a user) will be authorised to use the API. But Mirela explains it much better in our last show & tell. Do watch it. 

+ posts

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.