explorigin/loapi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
loapi/docs/architecture.md
Timothy Farrell 0e196c5d26 write POST payoff to oracle and test it - WIP
2025-12-31 12:13:43 -06:00

3.2 KiB
Raw Blame History

  • FastAPI    - because:        - more flexible deployment environments        - less magic to the code        - higher throughput       
  • logging to Datadog
  • tracing with Sentry
  • lint python code with pylint, autopep8
  • check python types with mypy
  • code should be well type-hinted
  • specify a stub unittest using the pytest library
  • Oracle DB access with the "oracledb" python module
  • a health-check endpoint

  • rate limiting

  • an inital POST /api/v1/resource - stub this for now

  • ORM (need to pick one)    - sqlalchemy   

  • audit log of all DB changes (POST/PUT/PATCH/DELETE), use middleware    - do we need to log access (GET requests)?    - Where to store audit records?        - oracle        - dynamo?            - Pro:                - fast, won't block or load oracle                - cheap            - Cons:                - limited indexing                - not blessed by SBA (yet)                - have to work with Allocore

  • LIST endpoints    - support limited filtering        - based on:            - user            - indexed columns    - pagination

  • Authentication    - actors are:        - API server (fastapi server)        - client (app server)        - user (browser)    - request process        - User connect to client to perform action (browser call)        - Client requests changes to API server (s2s call)       - "Browser call" authentication        - client authenticates user via ULP/Okta        - browser holds session cookie    - "s2s" call        - client holds PSK (api-key) for that specific service (prepay, LX, Origination, etc.)        - client passes JWT which contains:            - PSK            - OIDC token                - until Okta exists, just trust the client properly verifies with ULP                - or forward session id and check with ULP            - request_context (defined by the endpoint):                - user_id?                - location_id?   

non-architecture matters:

  • package management with uv
  • dockerize
  • ci/cd github actions + codebuild
  • pre-commit    - lint    - unittest    - mypy?
  • only skilled devs work on API server
  • PR should cross-teams (2 reviewers)

Resources that we need in the near-term:

  • POST Payoff
  • GET Location    - list locations user can access
  • GET Users    - lookup by id    - search by location: /api/v1/user/?location-id=
  • GET countries
  • GET holidays
  • GET franchises
  • GET naics-code

     

Open questions:

  • query param OR convention (python-filterparams?) GraphQL? - 
  • Unified models for reads and writes
  • API endpoint must match the structure of the models

Current issues:

  • Dev environment
    • add static checking
      • autopep8
      • isort
      • mypy
  • Deploy environment
  • add datadog logging
  • add sentry error tracking
  • authentication core
  • add unittest infrastructure