Need better and secure concept to connect to different partner systems

$25-50 USD / hour

Terminado

Publicado

hace más de 4 años

$25-50 USD / hour

Hello, I am working on a online market platform which connects to different partner systems to manage my partners users. I am not that experienced so that why I need some advice AND/OR a better concept for my system. Problem: My system is connecting with simple web-services to multiple different partner systems (number is increasing) which allows me to create and deactivate users in the partner systems backend. Right now I am forcing every partner to implement the same REST-API web services (CREATE, DEACTIVATE, DELETE users) on their side so that I can connect to them and manage their users with simple AJAX calls from my frontend (see attached screenshot). Question 1: -> Every partner has a different system and I would like to make the partner’s effort and integration easier. Is there a better way to standardize the integration of all partner’s to my system since they are all implementing the same web services? If yes, is there a better way to secure the web-services without a lot of effort? I did some research and come up with some other ideas: 1. Keeping those web-services and secure them with JWT, OAuth or other keyValue pair. This could be a bigger implementation for the customer? 2. Use just one single web-service with different parameters to keep it simple 3. Using webhooks instead of web-services? -> Do you have a better concept? Advantages or disadvantages of those? Question 2: The REST-API web-services which the partners are implementing are just secured with HTTPS and don’t have any other security features. Some new customers could not be just concerned about the implementation effort they could even be concern about the security as well. -> If I keep the concept of forcing partner to implement the mentioned web services, is there a better and easy way to secure the web-services without a lot of effort for them? I appreciate every suggestion Important: Please provide a short description of your concept with your proposal. Thanks

AJAX

Software Architecture

Web Development

Software Development

Web Services

ID del proyecto: 20807499

Información sobre el proyecto

14 propuestas

Proyecto remoto

Activo hace 5 años

¿Buscas ganar dinero?

Dirección de email

Beneficios de presentar ofertas en Freelancer

Fija tu plazo y presupuesto

Cobra por tu trabajo

Describe tu propuesta

Es gratis registrarse y presentar ofertas en los trabajos

Adjudicado a:

@uyCoding

Hi, I think the easier solution is keeping the schema of posting user updates to your partner's endpoints, but with the following considerations: - The API implemented by your partners should be REST JSON/Based (avoid heavy protocols like WS/SOAP) - Keep API objects as simple as posible, and use just the HTTP status code as the service response (they should return just a HTTP 200 OK to indicate a successful operation, do not ask them to build a JSON response) - Implement a retry mechanism to handle partners downtime, with an exponential backoff on the retry frequency, and depending on how critical is the reception of the update, you can discard non accepted updates, or pause the partner and send a formal notification (email) - JWT is not the best solution, because it requires an initial login to get the token, has expiration date, etc - I recommend working with REST over HTTPS, but including a signature in every request you send. So your partners can sign the relevant section of the request, and compare with the signature using a pre-shared, per-client token. So they can validate that the request comes from your app - This security mechanism is quite standard and used by a lot of payment gateways, so it's secure - If you want to simplify even more the integration, you could provide some libraries, so they can use it to validate the signature without knowing about encryption, etc Let me know if you have additional doubts. Regards, Santiago - [login to view URL]

$45 USD en 40 días

5,0

(2 comentarios)

6,6

14 freelancers están ofertando un promedio de $38 USD /hora por este trabajo

@dreamci

Hi there We are top quality full-stack developers and we are ready to work on this project, we use Version Control Systems, Staging Servers, Team Slack Channel and Task Management Tool Can you send me a message? Then we can discuss the details Thanks

$40 USD en 40 días

5,0

(93 comentarios)

8,5

@cr8tivewebexpert

Hi, 1. oAuth should not be bigger for them and that would be better as well. 2. Yes, single web service can be built as well 3. Webhooks are also good but it depends on how they/you want it. I think best way to give them JS based SDKs so they can use it quickly. Lets review your WS and discuss further. I have 11 years Software Architect experience. Thank you, Shyam

$50 USD en 40 días

5,0

(189 comentarios)

8,4

@BigCityInstitute

Dear client! Coding is Fun! I have read your requirement carefully and very interesting in your project. I have some of my own ideas to discuss with you. I think that you need to develop plugins and just give them. or if customers don't want to use it, then they must provide APIs which we will ask. I’m a Full Stack Developer. (Senior Web and Mobile Developer) I am confident that you will be completely satisfied with the quality, timeliness, and professionalism of my work. My skills include NodeJS, ReactJS, Angular. ReactNative... Javascript, Jquery, HTML, CSS, C/C++,Python/Django, PHP/Laravel, Codeignitor, Symphony,... - Masters degree in Computer Science - more than 15 years experience in Development on IT jobs. - Flexible working time (possible on weekend, night, day) - like to work on the team. Experiences: - Developed a lot of Applications(web and mobile, desktop) - Server Administrator Hope to hear messages from you! Thanks! Best Regards!

$25 USD en 40 días

4,8

(75 comentarios)

7,1

@keshavkalra90

Hi there, I have read initial brief but really need a more detailed document or a small quick conversation. Current bid amount is a random quote, the final amount to be discussed after our quick productive conversations Let's connect over chat for more details Thanks

$37 USD en 40 días

5,0

(112 comentarios)

6,9

@adicoman

Hi, I am very interested to work on your project. I have 17+ years experience in Web Development using a large variety of programming languages, frameworks, database architecture, APIs, CRMs, ERPs, mobile development, web design, development tools. There are more then 1000 projects(small/medium/high complexity) successfully implemented and few of them related with yours can be seen on my freelancer.com portfolio. * * Note that my bid is relative and will be adjusted after detailed estimation of implementation effort/coast ** Let's start our collaboration by sending me all details in a written document which will be used as reference during project implementation Thank you! AdiC

$45 USD en 40 días

5,0

(44 comentarios)

5,7

@DaniilSpasov

Hello. How are you today? I've read your job post carefully. This job really attracts me and also your required skills are completely matched with my major skills. I have good knowledge and rich experience with it. I built many websites by using this so it will be an easier and suitable job for me, I think. Mainly I want a long term relationship with you after this job. As you can see on my profile, I have been working as a full-stack developer of over 7 years and is specialized in WordPress, PHP, JS frameworks and libraries and so on. I received good reputations from clients with their successful jobs. So once you hire me, I can start working immediately and can finish as you want. Please ping me asap when you need me. Thanks.

$50 USD en 40 días

5,0

(8 comentarios)

5,3

@amilabanuka

the best way would be to secure the API connection using either JWT or message digest based security. JWT has a lot of libraries and therefore would be easy to implement by partners. I can help you to implement the JWT or digest auth client on your side.

$37 USD en 40 días