Skip to content
This repository has been archived by the owner on Sep 15, 2023. It is now read-only.

Home

Jump to bottom
Fabien Cerf edited this page May 18, 2020 · 11 revisions

Welcome to the CovidCode-Service wiki!

CovidCode API

Technical Description

Introduction

This documentation describes the CovidCode-Service API and its purpose.

The CovidCode-Service is part of the backend system of the proximity tracing app. The PT-app has a main data backend and an authorization code generation backend (this service) with an associated user interface.
Physicians can use the UI to generate a 12-digit authorization code for their infected patients. A patient can enter the code in his app to notify other app users, who were close enough for a possible transmission of the virus in the past few days since the first symptoms of the infection occurred.
The 12-digit authorization code serves as security to ensure no other person than the infected patient can notify other app users.

Installation

Clone the repository with the provided github-url or download zip-File and make an import into your favorite IDE. Set up Maven project. Download all dependencies by running Maven lifecycle goals ‘clean install’. Make sure in advance that all required plugins are available i.e. Lombok, Docker, etc.

Running the Application

To start the service you can either configure a run configuration in your IDE or use the command line:

mvn spring-boot:run -Dspring-boot.run.profiles=local

The service connects to a Postgres database on startup. It is possible to run a Postgres database service on a docker container. To do so the project source provides a docker-compose.yml file with a basic setup. In addition, CovidCode-Service uses Keycloak as identity and access management service. Keycloak can also be configured and run on a docker container or even be mocked for testing.

API

The CovidCode-Service provides two REST API-Endpoints:

  • /v1/authcode
  • /v1/onset

/v1/authcode generates a 12-digit authorization code with the symptom date as input. To notify other affected users, the PT-app user has to enter the code in the app. Then the system verifies the code and on success immediately sends notification messages.

/v1/onset verifies the authorization code. It queries the database and checks for existence. For security reasons it is only possible to use the verification request for a specific code once. Therefore, on subsequent requests the same code will be invalid.

Example Requests

Authorization code generation:
POST /v1/authcode HTTP/1.1
Host: localhost:8113
Content-Type: application/json
Authorization: Bearer jwt-token

Body:
{ "onsetDate": "2020-01-01" }
Authorization code verification:
POST /v1/onset HTTP/1.1
Host: localhost:8113
Content-Type: application/json

Body:
{ "authorizationCode":"123456545654" }
  • Note: jwt-token is a placeholder for a valid jwt format.

Technical Systems View

pts-app2

Links:

Clone this wiki locally