2 isolated APIs in 1 OTP app (optional read: full requirements)
- no
noob trapumbrella - both APIs major versioned
Degree of isolation | ||||
---|---|---|---|---|
Shared | OTP app (this repo) | Supervisor | Ecto layer (Contexts = CRUD bags) |
|
Separate between APIs | Endpoints (= Bandit servers) | Ports | Routers (PrivateAPI / PublicAPI) | Telemetry |
Separate between API versions | Controllers (usage) | Views | Templates (if need be) | "ActionParams" (definition) |
- the test suite at a glance (
ExUnit
,Mimic
mocks)- hand-rolled factories to see what they'd have to look like (next time:
ExMachina
) - 3 scrapers involved: tested with
ExVCR
using a custom CassetteCase
- hand-rolled factories to see what they'd have to look like (next time:
- de facto 100% test coverage, as controller tests double as integration -//-
.secret_code
fields not stored in the DB: SHA256 hash & salt stored instead (spec)PublicAPI
exposed to the public - bearer token authentication (plug, spec).id
s are of type:uuid
(foils enumeration attacks)
PrivateAPI
internal to the company - no authentication, instead whitelist IPs/SSH keys with your cloud provider