# HTTP Client ## Core Responsiblities > Legend > :green_heart: MVP feature > :yellow_heart: Future feature ### Service Registry Features; * :green_heart: Seperate host reqistration * :yellow_heart: Autoremedetion * :yellow_heart: Data caching * :yellow_heart: Healtcheck control * :yellow_heart: Schema validation ### Service Security Features; * :green_heart: JWT token management (access, refresh etc.) * :green_heart: 1FA and 2FA support * :green_heart: Token exchange (between clients) * :green_heart: Request signing (JWS) ### Other Concerns Features; * :green_heart: Header management * :yellow_heart: APM integration starting from client ::: danger How will we send main management commands to applications? Should this class be responsible or should we add another class? For example, was the user logged out from the server? ::: ## Request Headers | Header | Sample Value | When | Source | | ------------- | ------------------------------------- | ------ | ------ | | X-Application | burgan-mobile-app | Full | SDK | | X-Deployment | IOS | Full | SDK | | X-Device-Id | 9A4D301-53F5-11CB-8CA0-9CA39A9E1F01 | Full | SDK | | X-Token-Id | ED280816-E404-444A-A2D9-FFD2D171F928 | Full | SDK | | X-Request-Id | 7E375B07-6EBC-46C2-8973-9EF2770FF1C4 | Always | SDK | | X-Action-URN | urn:transaction:fx:buy | Always | SDK | | X-Action-ID | 8E375B07-6EBC-46C2-8973-9EF2770FF114 | Always | SDK | | X-Device-Info | Mozilla/5.0 (X11; Ubuntu;... | Full | SDK | | X-Geolocation* | 40.77628153345869, 29.978285693965574 | Always | SDK | | X-IPLocation | xxx.xx.xx.xx | Always | SDK | * **When**: If in the service configuration includes **header** property with **full** value service request is includes all header attributes. Otherwise it contaings just **always** attributes. * **Source**: Identifies the source of the property value. ### X-Application The name of the client application that launches the SDK. ### X-Deployment Information on which platform and mode it runs on Options; * IOS * Android * Huawei * Web ### X-Device-Id > https://pub.dev/packages/platform_device_id Unique device ID for each device ### X-Token-Id > https://pub.dev/packages/uuid Unique ID per installation. This ID is created during the first run of the application and remains unchanged until the application is uninstalled. ### X-Request-Id > https://pub.dev/packages/uuid Unique ID per http request. It specifically targets APM integrations. ### X-Device-Info > https://pub.dev/packages/device_info_plus :::warning Need to decide on device information schema ::: ### X-Geolocation > https://pub.dev/packages/location It contains the Latitude and Longitude of the call, if available. :::warning Consider adding accuracy and isMock properties as well ::: ## First Login Process Login Grant flow should include both tasks described below. ### 1 - Device Registration Users device must be registered to user with token id and device id. :::warning Choose your side! *Hint: One app for corporate and retail. User can act as corporate representative and also retail customer.* Do we need a separate ID (such as Instance ID) dedicated to activated users on the device? Device ID = The unique ID of the physical device. Token ID = The unique ID of the application install. **Instance ID = The unique ID of every logged user.** ::: ### 2 - Asymmetric Key Generation > https://pub.dev/documentation/pointycastle/latest/ > https://en.wikipedia.org/wiki/JSON_Web_Signature In the first login of customer application creates asymetric keys per user. The Private Key is stored in a secure storage area along with the corresponding user ID. And it is used to sign necessary service requests with JWS protocol. :::warning Consider ! Do we need to store public keys on server side? The JWT token contains public keys and is self-verifying. ::: #### When are request signed? 1. All transactions methods are signed with JWS. 2. If a service entry contains a property called signature whose value is true, requests are signed with the JWS. ## Service Configuration Sample ```json= { "hosts": [ { "key": "api", "oauth-client": "bbt-mobile", "oauth-server": "sso.burgan.com.tr", "active-hosts": [ { "host": "api.burgan.com.tr", "healthcheck": "/admin/healtcheck", "order": 1, "retry-count": 3 }, { "host": "api-drc1.burgan.com.tr", "healthcheck": "/admin/healtcheck", "order": 2, "retry-count": 2 } ] }, { "key": "api-1fa", "oauth-client": "bbt-mobile-push-approve", "oauth-server": "sso.burgan.com.tr", "active-hosts": [ { "host": "api.burgan.com.tr", "healthcheck": "/admin/healtcheck", "order": 1, "retry-count": 3 }, { "host": "api-drc1.burgan.com.tr", "healthcheck": "/admin/healtcheck", "order": 2, "retry-count": 2 } ] }, { "key": "interactive-broker", "oauth-server": "oauth2.interactivebrokers.com", "active-hosts": [ { "key": "master", "host": "api.interactivebrokers.com", "healthcheck": "/monitoring/healtcheck", "retry-count": 3 } ] } ], "services": [ { "key": "get-account-list", "method": "GET", "host": "api", "name": "/account/get-account-list/{citizenship-number}", "cache": { "enabled": "true", "ttl": "300", "invalidatator-services": [ "create-account-approve", "close-account-approve" ] } }, { "key": "get-account-detail", "method": "GET", "host": "api", "name": "/{citizenship-number}/account/{iban}", "cache": { "enabled": "true", "ttl": "300", "invalidatator-services": [ "create-account-approve", "close-account-approve" ] } }, { "key": "get-push-approvals", "method": "GET", "host": "api-1fa", "header": "full", "name": "/{citizenship-number}/approval" }, { "key": "get-portfolio", "method": "GET", "host": "interactive-broker", "header": "full", "signature": true, "name": "/api/v2/portfolio/{account-number}" }, { "key": "approve-push", "method": "TRANSACTION", "host": "api-1fa", "name": "create-account" }, { "key": "create-account-order", "method": "TRANSACTION", "host": "api", "name": "create-account" }, { "key": "create-account-approve", "method": "TRANSACTION", "host": "api", "name": "create-account-approve" }, { "key": "close-account-order", "method": "TRANSACTION", "host": "api", "name": "close-account" }, { "key": "close-account-approve", "method": "TRANSACTION", "host": "api", "name": "close-account-approve" } ] } ```