Challenge Overview

The Open Financial Exchange (OFX) data standard provides a secure way for banks and other financial institutions to exchange financial information.

The goal of this challenge is to develop a Ruby API to parse an incoming OFX request, use the data provided to authenticate with the app and respond in OFX format with the requested data.

Challenge Requirements

You are building a Ruby on Rails application with Postgres as the database.

The application is expected to expose a single API endpoint with following logic :

• Accept OFX formatted post request body (formatted XML)

• Parse the OFX request body.

• Use username and password information in OFX request to authenticate user

• Retrieve relevant data from database

• Format and return the OFX formatted response.

Following are more details.

Ruby Module/Class

Write an OFX class that handles the api endpoint call, parses the request, authenticates the user, and generate the response

API Endpoint

You are building a single endpoint api, here is the requirement for this endpoint :

• Path : POST /ofx

• Body :

  • An OFX formatted post request (formatted XML)

    • Note that date format is YYYYMMDDHHMMSS.XXX [gmt offset[:tz name]]. Other acceptable formats are on page 88 of the OFX document.

  • The content type will be application/x-ofx

  • Refer to sample ofx-request.xml file (attached in challenge forums).

Parsing OFX Request

• The parsing logic can be taken from ofx ruby gem :

  • The gem is useful for parsing incoming requests.

  • You should not reference the gem here, instead reuse the code and modify it to suit the needs for parsing in this challenge.

• You are encouraged to search for other gems, write from scratch, or improve the above gem's code.

• Refer to sample ofx-request.xml file (attached in challenge forums).

User Authentication

All requests should be authenticated using Omniauth authentication, note the following :

• Use Omniauth identity provider for authentication

• Identity model fields :

  • ID (reference User model)

  • Email (corresponds to USERID in ofx request)

  • Password (corresponds to USERPASS in ofx request)

• The user credentials will be extracted from OFX request (Refer to Parsing section above).

  • SIGNONMSGSRQV1 child elements (USERID, USERPASS) represents the (user email, password), respectively.

• Successful authentication will set “user_id” in session to be passed to next steps in the logic/flow.

Data Table and Retrieval

• You will use Postgres database

• Data table fields :

  • id

  • user_id

  • date

  • provider

  • provider_account

  • value

  • memo

• The Postgres connection information should be configured in the application.

• Sample data is provided in challenge forums (data-table.pdf).

• Retrieve data from database :

  • user_id retrieved from authentication will be used here to retrieve data related to user.

  • In parsed OFX request, we will take DTSTART and DTEND parameters to filter the data. These two are optional :

    • The filtering will be against ‘date’ column.

    • DTSTART : If absent it means requesting all history (up to DTEND, if present).

    • DTEND : if absent it means requesting all history (starting from DTSTART, if present)

 

Generating OFX Response

• In the OFX class, add functionality to generate response.

• The OFX file generation can be taken from ofx_for_ruby gem :

  • The gem should not be referenced/used by the application because it is no longer maintained and the gem does not incorporate the latest OFX specification 2.1.1, but this gem is useful to generate OFX files, so we will reuse the code and modify it in our application to support latest OFX specification

  • The following files are useful to this challenge :

    • Top level routines to read OFX files (from_http_response_body) and create OFX files (to_http_post_body): lib/ofx/1.0.2/serializer.rb

    • Parse and create file header: lib/ofx/1.0.2/header.rb

      • Note:  see https://github.com/annacruz/ofx/blob/master/lib/ofx/parser.rb for parsing header with ofx 211 format

    • Create OFX xml wrapper: lib/ofx/1.0.2/document.rb

      • Uses lib/ofx/1.0.2/message_set.rb

    • Create wrapper for bank transactions: lib/ofx/1.0.2/banking_message_set.rb

      • Individual transaction statements: lib/ofx/1.0.2/statements.rb

    • Status codes: lib/1.0.2/status.rb

• You are encouraged to search for other gems, write from scratch, or improve the above gem's code.

• Return OFX response to client.

• Refer to forums for sample ofx-response.xml file (attached in challenge forums).

• Please note the following transaction attributes in the response:

  • All transactions should have type

    • <ACCTTYPE>CHECKING

  • Echo back the <FI> tag if it is provided in the request message

  • Echo back <TRNUID> tag if it is provided in the request message

OFX Version and Request/Response Format

• We are using OFX version 2.1.1

• The request/response will be in XML format.

• Download this document for OFX specs for more details about OFX, request and response models details, schemas .. etc.

Sample OFX Request and Response, and Table Data

���Provided in challenge forums: a document containing sample OFX request and response. and Sample table data.

Note that the OFX samples are in SGML format but the supported format in your solution should be XML not SGML.

Unit Tests

• All of your code should be test covered (RSpec preferred). You must cover at least +90% of the code.

• For failed authentication you need to verify the app returns the following signon error codes. See page 623 of OFX documentation for complete list of status codes, but only worry about generating codes for the following types of errors:

  • 2001 (Invalid account),

  • 15500 (Signon invalid),

  • 2027 (Invalid date range)

• Test cases that must be addressed :

  • Use data in Appendix A to send request Case 1, pass authentication – test for return status code 0

  • Use data in Appendix A to send request Case 1, respond with all data (7 transactions)

  • Use data in Appendix A to send request Case 2, respond with data for selected dates (5 transactions)

Documentation Provided

• Official OFX 2.1.1 standard documentation: http://www.ofx.net/DownloadPage/Downloads.aspx

• Rails omniauth authentication : https://github.com/intridea/omniauth

• Oauth 2.0 authorization framework: http://oauth.net/ gem "rack-oauth2"

Documentation

Because other programmers will be working with your code, and incorporating it into their projects, all functions must be documented in detail in the code (TomDoc preferred - In order to generate HTML properly you will need to use Yard TomDoc).

Coding Standard

Follows coding standards listed here: https://github.com/copycopter/style-guide

Readme

Provide a detailed readme file using Markdown language with following information :    

• Overview

• Setup Prerequisites

• How to install

• Usage Example

• Reference to API Documentation

• Reference to the Ruby Gem Documentation    

• Any details about any limitations of your solution.

Please note, we're judging this competition not just on the code, but also on the quality of the documentation, test coverage, and ease of use

Final Submission Guidelines

Deliverable

1. All source code files and scripts that address the challenge requirement.

2. Detailed readme file as clarified above.