digifi-flaskA001/README.md

# Simbrella FirstAdvance API Flask Implementation

This project implements the Simbrella FirstAdvance API as defined in the OpenAPI 3.0 specification, using the latest Flask and Python features.

## Features

- Complete implementation of all API endpoints
- Authentication middleware for both Basic Auth and API Key auth
- Request/response validation with type hints
- Comprehensive error handling and logging
- Modern Flask application structure with application factory pattern
- Docker and Docker Compose support
- JMeter test plan for performance testing

## Requirements

- Python 3.11+
- Flask 2.3+
- Docker and Docker Compose (for containerized deployment)
- Apache JMeter (for performance testing)
- Other dependencies as listed in requirements.txt

## Running with Docker

The easiest way to run the application is using Docker Compose:

```bash
# Stop any running containers
docker-compose down

# Rebuild the image
docker-compose build

# Start the container
docker-compose up -d

# Check if the container is running
docker ps

# Check the logs for any errors
docker-compose logs
```

## Manual Setup

If you prefer to run the application without Docker:

1. Clone the repository
2. Create a virtual environment:

```shellscript
python -m venv venv
source venv/bin/activate  # On Windows: venv\Scripts\activate
```


3. Install dependencies:

```shellscript
pip install -r requirements.txt
```


4. Set up environment variables (or create a .env file):

```plaintext
DEBUG=True
PORT=5000
API_USERNAME=admin
API_PASSWORD=password
SIMBRELLA_APP_ID=your_app_id
SIMBRELLA_API_KEY=your_api_key
LOG_LEVEL=INFO
CORS_ORIGINS=*
```


5. Run the application:

```shellscript
python app.py
```




## Performance Testing with JMeter

A JMeter test plan is included to verify API performance:

1. Install Apache JMeter from [https://jmeter.apache.org/](https://jmeter.apache.org/)
2. Open the test plan in JMeter:

```shellscript
jmeter -t jmeter/simbrella_api_test_plan.jmx
```


3. Configure the test parameters as needed
4. Run the test and analyze the results


## API Documentation

The API implements the following endpoints:

- `/v1/api/salary/EligibilityCheck` - Check customer eligibility for loans
- `/v1/api/salary/SelectOffer` - Process customer's selected offer
- `/v1/api/salary/ProvideLoan` - Process loan provision
- `/v1/api/salary/LoanInformation` - Retrieve loan information
- `/v1/api/salary/Repayment` - Process loan repayment
- `/v1/api/salary/CustomerConsent` - Process customer consent
- `/v1/api/salary/NotificationCallback` - Receive transaction status notifications
- `/v1/api/salary/RACCheck` - Check Risk Acceptance Criteria
- `/v1/api/salary/Disbursement` - Process loan disbursement
- `/v1/api/salary/CollectLoan` - Process loan collection
- `/v1/api/salary/TransactionCheck` - Check transaction status
- `/v1/api/salary/PenalCharge` - Process penalty charges
- `/v1/api/salary/RevokeEnableConsent` - Process consent revocation/enablement
- `/v1/api/salary/ValidateToken` - Validate user authentication tokens
- `/v1/api/salary/LienCheck` - Check lien amount on account
- `/v1/api/salary/NewTransactionCheck` - Check status of asynchronous transactions
- `/v1/api/salary/SMS` - Send SMS notifications
- `/v1/api/salary/BulkSMS` - Send bulk SMS notifications
- `/v1/api/salary/health` - Health check endpoint


## Authentication

The API supports two authentication methods:

1. Basic Authentication - Used for FirstBank to Simbrella API calls
2. API Key Authentication - Used for Simbrella to FirstBank API calls, requires both `appID` and `apiKey` headers


## Security Considerations

- API keys and credentials should be stored securely and never committed to version control
- In production, use HTTPS for all API endpoints
- Consider implementing rate limiting for API endpoints
- Regularly rotate API keys and credentials