Despite adopting a contract-first, standardized API best practice approach, Salvia Development, a software publisher in the real estate sector, encountered difficulties in maintaining synchronous, point-to-point interoperability with its 1,200 customers. The increasing complexity, lack of reactivity and agility, hindered its ability to meet its customers’ evolving needs and to target new markets. In response, an asynchronous interoperability architectural style based on events was envisaged, leveraging an Event-Driven Architecture (EDA) implemented with webhooks. However, existing interoperability standards or software solutions such as OpenID Connect, JSON Web Token, MOM, ETL or OpenAPI, are not adapted for asynchronous interoperability needs in event description standardization and secure exchanges. This paper presents the initial findings from a collaborative effort with Nantes Université to address these issues. The first result is the establishment of interoperability between Salvia’s software, called SPO, and several CRM editors, by standardizing event and payload descriptions. The second result is the authentication and authorization of webhook callbacks by proposing a novel way of establishing authorization for callbacks without the need for a user account or even identification.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Asynchronous Interoperability Description and Authentication:

  • Jean-Philippe Gouigoux,
  • Dalila Tamzalit,
  • Khaoula Jbari

摘要

Despite adopting a contract-first, standardized API best practice approach, Salvia Development, a software publisher in the real estate sector, encountered difficulties in maintaining synchronous, point-to-point interoperability with its 1,200 customers. The increasing complexity, lack of reactivity and agility, hindered its ability to meet its customers’ evolving needs and to target new markets. In response, an asynchronous interoperability architectural style based on events was envisaged, leveraging an Event-Driven Architecture (EDA) implemented with webhooks. However, existing interoperability standards or software solutions such as OpenID Connect, JSON Web Token, MOM, ETL or OpenAPI, are not adapted for asynchronous interoperability needs in event description standardization and secure exchanges. This paper presents the initial findings from a collaborative effort with Nantes Université to address these issues. The first result is the establishment of interoperability between Salvia’s software, called SPO, and several CRM editors, by standardizing event and payload descriptions. The second result is the authentication and authorization of webhook callbacks by proposing a novel way of establishing authorization for callbacks without the need for a user account or even identification.