Process REST requests from registration, reporting and compliance components. Route requests for the desired HTTP Verb (GET, PUT, POST, DELETE) to appropriate endpoint. Check authorization for endpoint and return 401 (not authorized) code if authorization fails. Authorization may be based on BCeID identity, or user profiles created in the system.
Acceptance Criteria:
Given I am a developer
When I want to implement new API endpoints
Then the gateway and routing strategies are documented
And I can follow the recommended patterns easily
Given
REST Request to API
When
API Authorization passes
Then
Appropriate operation is performed and appropriate result is returned
Development Checklist:
[ ] API Routing
[ ] API Authorization
[ ] Meets the DOD
Definition of Ready (Note: If any of these points are not applicable, mark N/A)
[x] User story is included
[x] User role and type are identified
[x] Acceptance criteria are included
[N/A ] Wireframes are included (if required)
[x] Design / Solution is accepted by Product Owner
[N/A] Dependencies are identified (technical, business, regulatory/policy)
[x] Story has been estimated (under 13 pts)
·Definition of Done (Note: If any of these points are not applicable, mark N/A)
[x] Acceptance criteria are tested by the CI pipeline
[N/A] UI meets accessibility requirements
[x] Configuration changes are documented, documentation and designs are updated
[x] Passes code peer-review
[x] Passes QA of Acceptance Criteria with verification in Dev and Test
[x] Ticket is ready to be merged to main branch
[x] Can be demoed in Sprint Review
[x] Bugs or future work cards are identified and created
Description:
Process REST requests from registration, reporting and compliance components. Route requests for the desired HTTP Verb (GET, PUT, POST, DELETE) to appropriate endpoint. Check authorization for endpoint and return 401 (not authorized) code if authorization fails. Authorization may be based on BCeID identity, or user profiles created in the system.
Acceptance Criteria:
Given I am a developer When I want to implement new API endpoints Then the gateway and routing strategies are documented And I can follow the recommended patterns easily
Given REST Request to API When API Authorization passes Then Appropriate operation is performed and appropriate result is returned
Development Checklist:
Definition of Ready (Note: If any of these points are not applicable, mark N/A)
·Definition of Done (Note: If any of these points are not applicable, mark N/A)
Notes:
Dependencies
Blocked by
User roles need to be defined
Blocking
API endpoint testing