Zum Hauptinhalt springen

EY FrontEnd Platform - Backend Overview

EY FrontEnd Platform itself consisist of variety of backend services and backend SDK in order to either support or enrich the platform and the user experience.

Backend is split into three different areas: Frontend Common (incl. FE-Common API), Workflow Engine and Backend SDK.

An additional part of the Backend Service Environment is the Auth Service of the EY FE Platform. Auth Service defers a user's authentication and authorization as well as the validation of provided authentication tokens and respective scopes to a service that can be configured by the EY FrontEnd Platform Owner(s).

Frontend Common

Frontend Common is a group of backend services that serve the following purposes:

  • Product Configuration: FE-Common API serves all product configuration to clients. It supports sending only parts of the documentation (depending on Client's authentication status) and also E-Tag checking to prevent downloading information a client has already cached
  • Static Asset Delivery: Part of FE-Common services is the delivery of static assets that might be part of the configured Applications of EY FE Platform Users
  • Web Application Delivery: FE-Common also serves configured and built Web-based applicaiton to end-users of the EY FE Portal

Product Configuration Delivery

Product Configuration Delivery is a service that enables authenticated and un-authenticated frontend applications to receive a specific product configuration.

This mechanism is especially useful for mobile frontend applications that can update the product configuration they were shipped with and thus enable, disable or even add new features.

For security reasons, product configuration delivery is split into multiple parts and authentication levels.

A more technical description can be found in OpenAPI Format [here].

Receive Basic Product Configuration

Applications created using EY FrontEnd Platform ship with a product configuration as part of their program code. This allows to start (mobile) apps without relying on an available internet connection.

However, product configurations are subject to change. Thus, Product Configuration Delivery Service allows to request the basic product configuration for a given productId to refresh local values. Additionally, the caller can send an E-Tag along with the HTTP request to only receive data in case updates are available.

Applications authenticate against backend using a simple API-Key. This helps reducing the attack surface for trivial denial of service attacks but also allows for a certain degree of configurability even for unauthorized clients.

Receive Configured Plugins, Menu Configuration, Localization

In general, applications based on EY FE Platform are expected to perform user authentication at some point. Once an authenticated user is available in the application (hence requests to the backend can be augmented with an access token), Applications can request less general and more detailed infomration about the product configuration.

The following classes of information can be received:

  • Configured Plugins: A list of enabled and configured plugins for a given productId can be received. This returns a list of JSON objects where each object holds configuration for one configured plugin.
  • Menu Configuration: A list of JSON objects defining entries for the dashboard and other menu like system of an application
  • Localization: Product Configuration Service allows to recieve a list of language codes a localization option for a given productId is available. Also, it allows to receive that localization configuration as a JSON file.

In order to receive the aforementioned types of data users of the requesting application needs to authenticated and an entitled access token has to be sent to the backend along with the request. Again, OpenAPI specification holds all required information.

Static Asset Delivery

As Applications designed using the EY FE Platform can contain a variety of data, a special service that serves static content is part of the backend service environment.

Static content might be available to unauthenticated users but can also require authentication. As static content is uniquely identified across an instance of the EY FE Platform, Static Asset Delivery service provides only one API endpoint to GET a ressource with a given ressourceId.

Web Application Delivery

Applicaitons for EY FE Platform can also enable a web-based component and thus can be accessed using a web browser. Application content like compiled JavaScript Code is served via the Web Application Delivery Service.

The distinction between Static Content Delivery and Web App is made in order to allow more fine grained access control on product creation side as well as on execution side.

Workflow Engine

...

Letztes Update am von Tim Braun