Plan the application

[waldoj]

Seems like there's a few basic things that it clearly needs to do:

• Basic niceties of an API—well-structured URLs, versioning.
• A method to return the contact information for a registrar in a given locality.
• A method to validate provided JSON.
• A method to receive and store provided JSON.
• A method to verify that a past application was received and transmitted to a specified registrar.

Also:

• A method to invalid registrar email addresses when they bounce. (And somebody to notify of this fact, so that a new address can be identified.)
• Some way of telling the client that there is not a known registrar email address for the specified locality.

[waldoj]

Thought: Allowing verification of the outcome of past applications is problematic. It requires statefulness (now we need a database), and presents a security exposure. I'm also not sure about its utility for the client, as planned. Seems like this isn't worth it yet.

[waldoj]

Methods:

• /api/registrars/ lists every registrar by place name and GNIS ID
• /api/registrars/[GNIS ID]/ lists the record for a single registrar
• /api/validator/ accepts JSON and validates it against the schema
• /api/submit/ accepts JSON, validates it against the schema, and stores it
• /api/bounce/ receives bounce notifications from the transactional email server

[waldoj]

That bounce notifications bit is tricky. We don't want anybody to be able to invalidate any registrar's email address. The simplest method is probably to have a per-site config file with a single API key to be used by the transactional email server, which can be embedded in the webhook URL.