The Banking API will manage the bank accounts of its users. It will be managed by the Bank's employees and admins. Employees and Admins count as Standard users with additional abilities.
- Employees can view all customer information, but not modify in any way.
- Admins can both view all user information, as well as directly modify it.
- Standard users should be able to register and login to see their account information.They can have either Checking or Savings accounts.
- All users must be able to update their personal information, such as username, password, first and last names, as well as email.
- Accounts owned by users must support withdrawal, deposit, and transfer.
- Transfer of funds should be allowed between accounts owned by the same user, as well as between accounts owned by different users.
The below models are an outline that supports the required features. They can be expanded or modified as needed.
The User model keeps track of users information.
public class User {
private int userId; // primary key
private String username; // not null, unique
private String password; // not null
private String firstName; // not null
private String lastName; // not null
private String email; // not null
private Role role;
}
You may optionally consider to include a List<Account>
field in the User model. Some tasks will be easier, and others harder. In particular, this complicates every request that would need an entire User object, such as Register
and Update User
, since they would need to include the accounts as well. It would be up to you to resolve this.
The Role model keeps track of user permissions. Can be expanded for more features later. Could be Admin
, Employee
, Standard
, or Premium
public class Role {
private int roleId; // primary key
private String role; // not null, unique
}
The Account model is used to represent a single account for a user
public class Account {
private int accountId; // primary key
private double balance; // not null
private AccountStatus status;
private AccountType type;
}
The AccountStatus model is used to track the status of accounts. Status possibilities are Pending
, Open
, or Closed
, or Denied
public class AccountStatus {
private int statusId; // primary key
private String status; // not null, unique
}
The AccountType model is used to track what kind of account is being created. Type possibilities are Checking
or Savings
public class AccountType {
private int typeId; // primary key
private String type; // not null, unique
}
The below endpoints generally follow a RESTful pattern. Where the URI describes the relevant resource and the HTTP Method describes the action to perform. Path variables (e.g. /:userId
) are used to identify specific resources as part of the URI. These are placeholders, such as for a userId. If not otherwise specified, the response status code should be 200 OK
.
Security should be handled through session storage. If a user does not have permission to access a particular endpoint it should return the following:
- Status Code:
401 UNAUTHORIZED
Content:Occurs if they do not have the appropriate permissions.{ "message": "The requested action is not permitted" }
These endpoints are not RESTful, but are included to more conveniently simulate user actions
-
URL:
/login
-
Method:
POST
-
Request:
{ "username": String, "password": String }
-
Response:
User
-
Error Response:
- Status Code:
400 BAD REQUEST
{ "message": "Invalid Credentials" }
- Status Code:
-
URL:
/logout
-
Method:
POST
-
Response:
{ "message": "You have successfully logged out {username}" }
-
Error Response:
- Status Code:
400 BAD REQUEST
{ "message": "There was no user logged into the session" }
- Status Code:
-
URL:
/register
-
Method:
POST
-
Allowed Roles:
Admin
-
Request: Note: All fields must be included and the userId should be zero
User
-
Response: Note: The userId should be updated
- Status Code:
201 CREATED
User
- Status Code:
-
Error Response: Note: In case username or email is already used
- Status Code:
400 BAD REQUEST
{ "message": "Invalid fields" }
- Status Code:
-
URL:
/accounts/withdraw
-
Method:
POST
-
Allowed Roles:
Admin
or if the account belongs to the current user -
Request:
{ "accountId": int, "amount": double }
-
Response:
{ "message": "${amount} has been withdrawn from Account #{accountId}" }
-
URL:
/accounts/deposit
-
Method:
POST
-
Allowed Roles:
Admin
or if the account belongs to the current user -
Request:
{ "accountId": int, "amount": double }
-
Response:
{ "message": "${amount} has been deposited to Account #{accountId}" }
-
URL:
/accounts/transfer
-
Method:
POST
-
Allowed Roles:
Admin
or if the source account belongs to the current user -
Request:
{ "sourceAccountId": int, "targetAccountId": int, "amount": double }
-
Response:
{ "message": "${amount} has been transferred from Account #{sourceAccountId} to Account #{targetAccountId}" }
These endpoints are RESTful, and generally provide basic CRUD operations for Employees/Admins
-
URL:
/users
-
Method:
GET
-
Allowed Roles:
Employee
orAdmin
-
Response:
[ User ]
-
URL:
/users/:id
-
Method:
GET
-
Allowed Roles:
Employee
orAdmin
or if the id provided matches the id of the current user -
Response:
User
-
URL:
/users
-
Method:
PUT
-
Allowed Roles:
Admin
or if the id provided matches the id of the current user -
Request: Note: All fields must be included
User
-
Response:
User
-
URL:
/accounts
-
Method:
GET
-
Allowed Roles:
Employee
orAdmin
-
Response:
[ Account ]
-
URL:
/accounts/:id
-
Method:
GET
-
Allowed Roles:
Employee
orAdmin
or if the account belongs to the current user -
Response:
Account
-
URL:
/accounts/status/:statusId
-
Method:
GET
-
Allowed Roles:
Employee
orAdmin
-
Response:
[ Account ]
-
URL:
/accounts/owner/:userId
For a challenge you could do this instead:/accounts/owner/:userId?accountType=type
-
Method:
GET
-
Allowed Roles:
Employee
orAdmin
or if the id provided matches the id of the current user -
Response:
[ Account ]
-
URL:
/accounts
-
Method:
POST
-
Allowed Roles:
Employee
orAdmin
or if the account belongs to the current user -
Request: The accountId should be 0
Account
-
Response:
- Status Code:
201 CREATED
Account
- Status Code:
-
URL:
/accounts
-
Method:
PUT
-
Allowed Roles:
Admin
-
Request: Note: All fields must be included
Account
-
Response:
Account
These are not part of the core requirements but are things that could be worked on once the core requirements are done.
- Password Hashing
- Paging and Sorting endpoints: Reference For How
- Using JSON Web Tokens (JWTs) instead of Session Storage
- Standard Users should be able to upgrade to Premium (the cost of such an upgrade may be freely determined)
- With this premium status, Users should now also be able to open new joint accounts (accounts with multiple owners), as well as be able to add users to pre-existing accounts
- Supporting DELETE requests for Users and Accounts
- Savings accounts will have interest rates, that can be determined as you see fit.
This endpoint is designed to simulate the passing of time for Savings Accounts to accrue interest
-
URL:
/passTime
-
Method:
POST
-
Allowed Roles:
Admin
-
Request:
{ "numOfMonths": int }
-
Response:
{ "message": "{numOfMonths} months of interest has been accrued for all Savings Accounts" }
The project will be evaluated out of 100 points split between two main catagories: 70 points for the functionality and design of your project and 30 points for the presentation of your project during the project showcase. The evaluation will be further subdivided as follows:
Project Score(70 pts):
- 15 pts: Ability to persist meaningful data in the database and then retrieve it with HTTP requests.
- 15 pts: Ability to make withdrawals from, deposits to, and transfers between accounts via HTTP requests.
- 10 pts: Proper database schema achieving 3rd normal form. (E.g. Accounts have a proper relationship to their owning user.)
- 10 pts: Login, register, update and logout functionality.
- 5 pts: Properly layered architectural design. (I.e Controller/Service/DAO)
- 5 pts: Different user roles with different levels of access implemented correctly.
- 10 pts: Implementation of 3 stretch goals. (These points will only be counted if all other functionality is present. Additional stretch goals beyond 3 will provide bonus points.)
Presentation Score(30 pts):
- 15 pts: Clear, concise and professional communication during the project presentation.
- 10 pts: Ability to communicate clear answers to fully address questions asked about the project.
- 5 pts: Logical flow to the project presentation.
-
When is the project due?
A: The project will be showcased on the final Thursday of the batch. The version of the project you last pushed to github before the presentations begin will be the version that is evaluated.
-
Can I have an extension?
A: No. While you are encouraged to continue to work on your projects past the date of the project showcase for your own learning benefit, extensions can not be accommodated as they are already on the final day of actual training.
-
Is there a code freeze?
A: It is recommended that you institute your own code freeze at least a day before the project showcase. However, this is a recommendation only; it will not be enforced.
-
What happens if I break my project that was mostly working right before the showcase?
A: As you should have been regularly pushing code to your repository you should be able to roll back to previously working version. If you have not regularly pushed your code and do not have a working commit to return to you will need to present the state of your application in its current form.
-
Who will be evaluating the project showcase?
A: Your trainer will be the one providing the full evaluation of your projects. However, the QC team will also be present to ask questions about your project and consult with your trainer.
-
Are we allowed to collaborate with others on our projects?
A: Collaboration is encouraged. Hopefully you will work together to solve the problems presented in this project.However, you should still be ultimately designing the project yourself. Straight copy/pasting of another person's code is considered plagiarism. NOTE: Code provided in demos by your trainer is not subject to plagiarism concerns. Feel free to copy/paste and edit such code as necessary to suit your projects.
-
What is a passing score?
A: 75% is the base expected passing score.
-
If I pass the project am I certain to get invited to the next phase of ROCP?
A: The project is a major component of the determination process for invitations to continue you on the next ROCP phase. However, it is not the only metric used and the final determination will be based on your total performance throughout this phase of ROCP.
-
Are there really no extensions?
A: There are not.