...
Instead, a REST interface is built on top of the services/models via Django REST Framework., with the JSON Api extension
The Django REST Framework
- support various formats (JSON, XML,...)
- provides, on top of the actual REST API, a (browsable) documentation.
The JSON Api extension of the Django REST Framework, is dedicated to provide an interface compliant with the {json:api} standard
Under consideration: the implementation of a GraphQL, using Graphene.
...
Security
The backend security is based on django (django REST framework) default mechanisms, that have been configured/customized in 3 main areas:
- ensure (backward/concurrent) compatibility with current openIMIS implementation (way to define users, grant access to features,...)
- prepare the integration with openHIE ecosystem (integration with a SSO platform)
- provide fine-grained (object level) RBAC security model.
Note: the backend must be run behind a gateway.
The security models and concepts describe the core elements of the backend security.
Special notices highlight the important aspects related to the various (security-related) actors of an openIMIS concrete implementation:
- for deployers (implementers) the Backend security - Implementers highlights presents the backend securization, along its interactions with other components
- for administrator, the Backend security - Administrators highlights is given on how to manage the various openIMIS backend accesses
- for developers, the Backend security - Developers guidelines are provided to ensure the endpoints opened along the various modules are secured.
Documentation and Tutorials
...