Is your feature request related to a problem? Please describe.
We would like to allow survey responses to be anonymously reviewed for analytics purposes.
Describe the solution you'd like
We should build a new /analytics/survey-responses endpoint that uses a static token for authentication (be sure to use constant time string comparison to avoid timing attacks https://github.com/rokwire/core-building-block/issues/317).
This API should take in a survey type, start time and end time, or time offset (eg. 6 hours would set end time to now and start time to now - 6 hours) and return all survey responses received during that period. It is important that we ONLY return the survey sub-object within the survey response (ie. do not include wrapper data with user ID, date created... etc.) to ensure that anonymity is preserved.
Describe alternatives you've considered
We considered pushing this data to our analytics tools periodically, but decided that creating an API like this would give the analytics team more flexibility to meet future requests without requiring additional development work.
Is your feature request related to a problem? Please describe. We would like to allow survey responses to be anonymously reviewed for analytics purposes.
Describe the solution you'd like We should build a new
/analytics/survey-responsesendpoint that uses a static token for authentication (be sure to use constant time string comparison to avoid timing attacks https://github.com/rokwire/core-building-block/issues/317).This API should take in a survey type, start time and end time, or time offset (eg. 6 hours would set end time to now and start time to now - 6 hours) and return all survey responses received during that period. It is important that we ONLY return the
surveysub-object within the survey response (ie. do not include wrapper data with user ID, date created... etc.) to ensure that anonymity is preserved.Describe alternatives you've considered We considered pushing this data to our analytics tools periodically, but decided that creating an API like this would give the analytics team more flexibility to meet future requests without requiring additional development work.