Every GET API should support pagination to ensure that only the required data is fetched and sent to the client. Data fetching can be controlled using the JDBC API to manage the volume of data retrieved. APIs should avoid overloading the client with excessive data to prevent performance issues.
Other Important Guidelines
No one should use generic database queries such as SELECT * FROM , especially since the database will contain millions or billions of records. Micro-services should implement strict controls over the data being queried to ensure efficient data management and reduce strain on the system.
We may need a lambda function that is invoked at every successful login event that collects user’s device information and also location information and stores these details in our database. This information will be used for our fraud detection.
AWS API Gateway
We will be using the REST API type Gateway - SAAYAM-REST-API and required resources(paths) will be added in this.
Create appropriate methods (GET, POST, ...) for each resource as required.
Enable CORS for
Gateway responses: Default 4XX, Default 5XX
Access-Control-Allow-Methods: For all methods that needs client access
Access-Control-Allow-Headers: Add any custom header if required
Access-Control-Allow-Origin: * (for development) but we need to include only specific origins in production
Verified Permissions uses Cedar as the policy language to express your permission requirements. Cedar supports both role-based access control (RBAC) and attribute-based access control (ABAC) authorization models.
