Develop Controlled Access Database with REST API (Zoho)
Оплачивается при доставке
I am looking for a developer to create a controlled access database using Zoho with REST API. The database will be used to store customer information with advanced user access control using custom permissions.
- General idea for the format of the database
Ideal Skills and Experience:
- Experience with Zoho development and REST API
- Strong understanding of database design and implementation
- Experience with advanced user access control and custom permissions
The scope is to build a database that provides our clients with controlled and filtered access via REST API to information related to their use of our products and services, specifically including subscription and invoice information. Clients need to be able to extract their tiered data via the API for use with their business systems.
Source information is located in Zoho Subscriptions or Invoice and will need to be securely extracted to this external database using Zoho's REST API. These REST API’s follow standard REST, HTTP messaging and utilize the JSON format as well as each resource as an exposed URL. Familiarity and experience with the Zoho API’s is preferable. More information on the Zoho API is attached.
The external database must be populated on a regularly scheduled basis, at least every 12 hours as a cron job. A ‘health check’ script showing if the cron job has run on time, whether hourly, every 6/12 or 24 hours shall run with a confirmation that the job has run and all messages received. The job will be required to send a confirmation message or alert in the event of failure.
The developer(s) will use API Postman or an equivalent tool that has automated documentation and integrated testing. Documentation must be updated throughout the project and will be a key deliverable. The developer will deliver both forward and reverse proxies. Coordination for proxies will be assisted by the company with the API developer.
You will enable common protocols to include OIDC for authentication and OAuth2 for authorization or equivalents. Design the API to provide basic rules to block malicious character sets commonly used in injection attacks, and with capability that includes restricting incoming API requests based on API schema definitions or manual configuration. Restrictions can be placed on parameter lengths, parameter values, array sizes, etc. Development should take into account the OWASP Top 10 API advisory [login to view URL] and develop the API in accordance with the published 2019 recommendations as well as the forthcoming 2023 draft.
Our customer structure has 4 tiers, specified as Parent/Child/End Customer/Location. Not all tiers are used with any individual subscription or service invoice. Clients will need to pull filtered data from this external database via the created REST API based on any level of their eligible customer information and apply filters to date ranges as well. More detail attached.
The API will have the ability to add additional tiers to be used at a later date to expand the fields to Parent:Child:Grand-Child:Great Grand-Child:End Customer:Customer Location N+ (to allow for multiple locations).
Administration - The system needs to:
• have an administrative panel to assign user login credentials to our clients and set the filters for the data they are allowed to access.
• allow for multiple users with access to the same subset of data.
• have a high level of security to ensure that the API is not misused or attacked.
• The ability to edit OAuth, tokens, authentication needs to be accessible from the admin panel
• have logs that provide visibility to data ingest from Zoho to this external database, as well as client data use.
Schedule and Payment
The system must be specified by June 14th, prototyped by June 28th and have completed test by July 3rd, 2023. Payments will be based on agreed project milestones.
ID проекта: #36722840
52 фрилансеров(-а) готовы выполнить эту работу в среднем за $2687
Robust knowledge of Zoho api integration and Database design and rest api generation. I have been working as backend engineer for 10 years and very proficient in database management. Could you please ping me?