Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Overview

Components:

  • BridgePF requestUserData API
  • User Data Request Queue
  • Bridge User Data Download Service
  • Email with Download Link

The user (participant) will call the requestUserData API in BridgePF. The user will pass in a start date and end date. BridgePF will write then write the health code, email address, start date, and end date to an entry to the User Data Request Queue and return OK to the user. If necessary, we can put a max delta on the start date and end date. Advantages: BridgePF is still the front-end for all user interaction. Apps can integrate with this API without having to configure an entirely separate endpoint.

The User Data Request Queue is a backed by SQS. Queue entries contain health code, email address, start date, and end date. (NOTE: It's probably a bad idea to have health code and email address live in the same place, even if only temporarily, as this means someone only needs to break into our AWS account to potentially get identified user health data. One alternative is to put just the email address in the SQS queue and have the Bridge User Data Download Service query Stormpath, but that still leaves us with personal identifying info in SQS.)

The Bridge User Data Download Service is a daemon process running in EC2. (TBD What framework? How is this deployed?) This process will poll the User Data Request Queue for user data requests. It then queries the HealthDataRecord and HealthDataAttachment DDB tables and the attachments S3 bucket to pull the raw health data records, bundles them up, and uploads them to S3. The service then sends an email to the user with a link to download their health data.

The Email with Download Link is an email with an S3 pre-signed URL that points to the user's health data. For security, the pre-signed URL will expire after 24 hours. If the user still needs access to the data after 24 hours, there is a renewUserData link in the email which will generate a new S3 pre-signed URL. This link points to the renewUserData API in BridgePF server (TODO fill in these details), which follows a similar data flow as requestUserData. However, because the user data download has already been generated, the Bridge User Data Download Service simply creates a new S3 pre-signed URL and sends a new Email with Download Link. Advantages: Users can download their data on a system other than their phone. We don't need to build a web UI for users to download their data.

Alternative Designs

Bridge User Data Download as a Web Portal

Advantages:

  • fewer moving parts, since everything is encapsulated in a single service
  • security is simpler, since the user must provide their credentials to access Bridge User Data Download

Disadvantages:

  • higher dev cost
  • users need to get credentials from phone to log into web portal, which may or may not be easy
  • No labels