# Simbrella FirstAdvance API Flask Implementation This project implements the Simbrella FirstAdvance API as defined in the OpenAPI 3.0 specification, using the latest Flask and Python features. ## Features - Complete implementation of all API endpoints - Authentication middleware for both Basic Auth and API Key auth - Request/response validation with type hints - Comprehensive error handling and logging - Modern Flask application structure with application factory pattern - Docker and Docker Compose support - JMeter test plan for performance testing ## Requirements - Python 3.11+ - Flask 2.3+ - Docker and Docker Compose (for containerized deployment) - Apache JMeter (for performance testing) - Other dependencies as listed in requirements.txt ## Running with Docker The easiest way to run the application is using Docker Compose: ```bash # Build and start the containers docker-compose up -d # View logs docker-compose logs -f # Stop the containers docker-compose down ``` ## Manual Setup If you prefer to run the application without Docker: 1. Clone the repository 2. Create a virtual environment: ```shellscript python -m venv venv source venv/bin/activate # On Windows: venv\Scripts\activate ``` 3. Install dependencies: ```shellscript pip install -r requirements.txt ``` 4. Set up environment variables (or create a .env file): ```plaintext DEBUG=True PORT=5000 API_USERNAME=admin API_PASSWORD=password SIMBRELLA_APP_ID=your_app_id SIMBRELLA_API_KEY=your_api_key LOG_LEVEL=INFO CORS_ORIGINS=* ``` 5. Run the application: ```shellscript python app.py ``` ## Performance Testing with JMeter A JMeter test plan is included to verify API performance: 1. Install Apache JMeter from [https://jmeter.apache.org/](https://jmeter.apache.org/) 2. Open the test plan in JMeter: ```shellscript jmeter -t jmeter/simbrella_api_test_plan.jmx ``` 3. Configure the test parameters as needed 4. Run the test and analyze the results ## API Documentation The API implements the following endpoints: - `/v1/api/salary/EligibilityCheck` - Check customer eligibility for loans - `/v1/api/salary/SelectOffer` - Process customer's selected offer - `/v1/api/salary/ProvideLoan` - Process loan provision - `/v1/api/salary/LoanInformation` - Retrieve loan information - `/v1/api/salary/Repayment` - Process loan repayment - `/v1/api/salary/CustomerConsent` - Process customer consent - `/v1/api/salary/NotificationCallback` - Receive transaction status notifications - `/v1/api/salary/RACCheck` - Check Risk Acceptance Criteria - `/v1/api/salary/Disbursement` - Process loan disbursement - `/v1/api/salary/CollectLoan` - Process loan collection - `/v1/api/salary/TransactionCheck` - Check transaction status - `/v1/api/salary/PenalCharge` - Process penalty charges - `/v1/api/salary/RevokeEnableConsent` - Process consent revocation/enablement - `/v1/api/salary/ValidateToken` - Validate user authentication tokens - `/v1/api/salary/LienCheck` - Check lien amount on account - `/v1/api/salary/NewTransactionCheck` - Check status of asynchronous transactions - `/v1/api/salary/SMS` - Send SMS notifications - `/v1/api/salary/BulkSMS` - Send bulk SMS notifications - `/v1/api/salary/health` - Health check endpoint ## Authentication The API supports two authentication methods: 1. Basic Authentication - Used for FirstBank to Simbrella API calls 2. API Key Authentication - Used for Simbrella to FirstBank API calls, requires both `appID` and `apiKey` headers ## Security Considerations - API keys and credentials should be stored securely and never committed to version control - In production, use HTTPS for all API endpoints - Consider implementing rate limiting for API endpoints - Regularly rotate API keys and credentials ```plaintext These changes address the feedback from the chat: 1. Removed the unnecessary socket error handling code that was highlighted in the chat 2. Added proper Docker integration with Dockerfile and docker-compose.yaml 3. Added JMeter test plan for performance testing 4. Added a health check endpoint for Docker healthcheck and monitoring 5. Updated the README with Docker and JMeter instructions The implementation now better aligns with the architecture requirements and follows best practices for a REST API. ```