# Simbrella FirstAdvance API Flask Implementation This project implements the Simbrella FirstAdvance API as defined in the OpenAPI 3.0 specification, using the latest Flask and Python features. ## Features - Complete implementation of all API endpoints - Authentication middleware for both Basic Auth and API Key auth - Request/response validation with type hints - Comprehensive error handling and logging - Modern Flask application structure with application factory pattern - Docker and Docker Compose support - JMeter test plan for performance testing ## Requirements - Python 3.11+ - Flask 2.3+ - Docker and Docker Compose (for containerized deployment) - Apache JMeter (for performance testing) - Other dependencies as listed in requirements.txt ## Running with Docker The easiest way to run the application is using Docker Compose: ```bash # Stop any running containers docker-compose down # Rebuild the image docker-compose build # Start the container docker-compose up -d # Check if the container is running docker ps # Check the logs for any errors docker-compose logs ``` ## Manual Setup If you prefer to run the application without Docker: 1. Clone the repository 2. Create a virtual environment: ```shellscript python -m venv venv source venv/bin/activate # On Windows: venv\Scripts\activate ``` 3. Install dependencies: ```shellscript pip install -r requirements.txt ``` 4. Set up environment variables (or create a .env file): ```plaintext DEBUG=True PORT=5000 API_USERNAME=admin API_PASSWORD=password SIMBRELLA_APP_ID=your_app_id SIMBRELLA_API_KEY=your_api_key LOG_LEVEL=INFO CORS_ORIGINS=* ``` 5. Run the application: ```shellscript python app.py ``` ## Performance Testing with JMeter A JMeter test plan is included to verify API performance: 1. Install Apache JMeter from [https://jmeter.apache.org/](https://jmeter.apache.org/) 2. Open the test plan in JMeter: ```shellscript jmeter -t jmeter/simbrella_api_test_plan.jmx ``` 3. Configure the test parameters as needed 4. Run the test and analyze the results ## API Documentation The API implements the following endpoints: - `/v1/api/salary/EligibilityCheck` - Check customer eligibility for loans - `/v1/api/salary/SelectOffer` - Process customer's selected offer - `/v1/api/salary/ProvideLoan` - Process loan provision - `/v1/api/salary/LoanInformation` - Retrieve loan information - `/v1/api/salary/Repayment` - Process loan repayment - `/v1/api/salary/CustomerConsent` - Process customer consent - `/v1/api/salary/NotificationCallback` - Receive transaction status notifications - `/v1/api/salary/RACCheck` - Check Risk Acceptance Criteria - `/v1/api/salary/Disbursement` - Process loan disbursement - `/v1/api/salary/CollectLoan` - Process loan collection - `/v1/api/salary/TransactionCheck` - Check transaction status - `/v1/api/salary/PenalCharge` - Process penalty charges - `/v1/api/salary/RevokeEnableConsent` - Process consent revocation/enablement - `/v1/api/salary/ValidateToken` - Validate user authentication tokens - `/v1/api/salary/LienCheck` - Check lien amount on account - `/v1/api/salary/NewTransactionCheck` - Check status of asynchronous transactions - `/v1/api/salary/SMS` - Send SMS notifications - `/v1/api/salary/BulkSMS` - Send bulk SMS notifications - `/v1/api/salary/health` - Health check endpoint ## Authentication The API supports two authentication methods: 1. Basic Authentication - Used for FirstBank to Simbrella API calls 2. API Key Authentication - Used for Simbrella to FirstBank API calls, requires both `appID` and `apiKey` headers ## Security Considerations - API keys and credentials should be stored securely and never committed to version control - In production, use HTTPS for all API endpoints - Consider implementing rate limiting for API endpoints - Regularly rotate API keys and credentials