2. Clique para editar o estilo do título mestre
APIAPI
ManagerManager
TransactionTransaction
ManagerManager
SteroidsSteroids
+ + =
Securing Cloud-Based Transactions
7. ...Allow
INPUT PARAMETERS
Parameter #1
Parameter #2
Parameter #3
...
Parameter #n
RETURN VALUE
Operation Handle or Error Code
...Commit
INPUT PARAMETERS
Operation Handle
RETURN VALUE
Operation Handle or Error Code
Front-End
VersaCloud
time flow1 2
Transactions Lifetime
2018-10-29T18:04:22.727ZC3DFC09236761B277CF73150
On Timeout:
Automatic
Rollback
On Timeout:
Automatic
Rollback
Single Parameter
for every
...Commit
Error Codes
detailed later on
Maximum Time allowed for
transaction processing
always known at this point
8. ...Allow
INPUT PARAMETERS
Parameter #1
Parameter #2
Parameter #3
...
Parameter #n
RETURN VALUE
Operation Handle
...Commit
INPUT PARAMETERS
Operation Handle
RETURN VALUE
Operation Handle or Error Code
Front-End
VersaCloud
Successful Transactions
...Commit call
received before
TimeToDie
time flow1 2 3
TimeToDie
equals start time plus
maximum duration
9. Failed Transactions
...Allow
INPUT PARAMETERS
Parameter #1
Parameter #2
Parameter #3
...
Parameter #n
RETURN VALUE
Operation Handle
...Commit
INPUT PARAMETERS
Operation Handle
RETURN VALUE
Error Code
Front-End
VersaCloud
...Commit calls return error after TimeToDie
time flow1 2 3
Rollback started
automatically
by VersaCloud
Let's examine specific Transactions
(and ignore error conditions for now)
TimeToDie
exceeded
10. UserAddAllow
INPUT PARAMETERS
User's E-mail
Full Name
Birth Date
Country
Preferential user language
Solution Token
RETURN VALUE
Operation Handle
UserAddCommit
INPUT PARAMETERS
UserAddAllow Operation Handle
RETURN VALUE
Operation Handle
Front-End
VersaCloud
time flow1 2
User Registration
UserAdd Transaction
11. UserPassword-
SetAllow
INPUT PARAMETERS
Email
UserToken
Password
RETURN VALUE
Operation Handle
UserPassword-
SetCommit
INPUT PARAMETERS
Operation Handle
RETURN VALUE
Operation Handle
Front-End
VersaCloud
time flow1 2
Password Setup
UserTokenGet
INPUT PARAMETERS
SolutionToken
User's E-mail
RETURN VALUE
User Token
Only available
while password
not created
3
12. UserLoginAllow
INPUT PARAMETERS
User's e-mail
User's password
Login Maximum Duration
RETURN VALUE
Operation Handle
UserLoginCommit
INPUT PARAMETERS
UserLoginAllow Operation Handle
RETURN VALUE
Operation Handle
Front-End
VersaCloud
time flow1 2
Time-Limited User Login
During UserLogin
Transaction's execution
All other user
requests
13. Specific Rights are required
for certain operations; e.g.
Developer
To Define
Solutions and Methods
User
To Instantiate
Methods as Transactions
Translator
To Document
Solutions and Methods
User Rights
14. SolutionAdd-
Commit
INPUT PARAMETERS
Operation Handle
RETURN VALUE
Operation Handle
Solution-
TokenGet
INPUT PARAMETERS
Login Operation Handle
Solution's Name
Solution Token Type
RETURN VALUE
Solution Token (512 bits)
Front-End
VersaCloud
time flow1 2
Solution Creation
SolutionAdd-
Allow
INPUT PARAMETERS
Login Operation Handle
Solution's Name
RETURN VALUE
Operation Handle
Always available
for user with the
correct rights
3
15. SolutionToken-
CloneAllow
INPUT PARAMETERS
Login Operation Handle
Existing Solution Token
New Solution Token Type
RETURN VALUE
Operation Handle
SolutionToken-
CloneCommit
INPUT PARAMETERS
Operation Handle
RETURN VALUE
New Solution Token
Front-End
VersaCloud
time flow1 2
Cloning Solution Tokens
16. Need for different types of Solution Tokens
• Master Solution Token
sign creation of and changes to Solutions
(solution ownership)
• Clone Solution Token
sign a Solution's transactions execution
(solution access)
• Solution Translator Token
sign changes to documentation
(solution translation)
• Query Translator Token
sign access to a Solution's audit data
(solution auditing)
88B9B4D7F8A20BC7F403835EBFD14E1564090EAB337550AF53487D0B6D6AEE3F
A39CE22AB1156740728F5A01FC2D61126E101F5BB7A9BE35E40FCBC6A54DFB01
128 hexadecimal digits
18. Callback-
ParameterAddAllow
INPUT PARAMETERS
CallBackAdd Operation Handle
Method Parameter ID #1
Method Parameter ID #2
Method Parameter ID #3
...
RETURN VALUE
Operation Handle
CallbackAddCommit
INPUT PARAMETERS
CallbackAdd Operation Handle
RETURN VALUE
Operation Handle
Front-End
VersaCloud
time flow1 2
Adding a Callback to a Method
CallbackAddAllow
INPUT PARAMETERS
Login Operation Handle
Solution Token, Method Name
Callback ID, Callback Name
Return Type, Protocol
Protocol Specific Parameters
RETURN VALUE
Operation Handle
Single call identifies
at once the whole subset
of method's parameters
to be sent to callback
3
19. MethodRight-
AddAllow
INPUT PARAMETERS
Login Operation Handle
Existing Solution Token
Method Name
Right
RETURN VALUE
Operation Handle
Requiring Rights for Methods
MethodRight-
AddCommit
INPUT PARAMETERS
MethodRightAdd Operation Handle
RETURN VALUE
Operation Handle
Front-End
VersaCloud
time flow1 2
Set of Rights
owned by
logged in user
Set of Rights
required to
call the
method
Once a method requires
specific rights, this
intersection cannot be empty
20. SolutionLoginAllow
INPUT PARAMETERS
Login Operation Handle
Solution Token
Login Maximum Duration
RETURN VALUE
Operation Handle
SolutionLoginCommit
INPUT PARAMETERS
SolutionLoginAllow Operation Handle
RETURN VALUE
Operation Handle
Front-End
VersaCloud
time flow1 2
Solution Login
During user's
login into Solution
All other
user
requests
21. MethodInvoke-
Allow
INPUT PARAMETERS
Solution Login Operation Handle
Method Name
RETURN VALUE
Operation Handle
MethodInvoke-
ParameterAdd
INPUT PARAMETERS
Method Invoke Operation Handle
Value for Parameter #1
Value for Parameter #2
Value for Parameter #3
...
RETURN VALUE
Operation Handle
MethodInvoke-
Commit
INPUT PARAMETERS
Method Invoke Operation Handle
RETURN VALUE
OperationHandle
Front-End
VersaCloud
time flow1 2
Invoking a Method
Each method invoked
is instantiated
as a transaction
Associated callbacks
aren't even mentioned
in front-end's source code
3
22. Error Codes
• Special values returned to signal errors
• Defined as the 'errorcode' type
• Extensible: for back-end servers
to signal specific error conditions
Error Code Syntax Problem Area
:@Err#Apiddddddd API Call
:@Err#Balddddddd User Balance
:@Err#Cbkddddddd Callbacks
:@Err#Docddddddd Documentation
:@Err#Errddddddd Errors
:@Err#Grpddddddd User Groups
:@Err#Lngddddddd Languages
:@Err#Metddddddd Methods
:@Err#Prmddddddd Parameters
:@Err#Qryddddddd Queries
:@Err#Rgtddddddd Rights
:@Err#Solddddddd Solutions
:@Err#Timddddddd Time
:@Err#Typddddddd Type
:@Err#Usrddddddd Users
:@Err#Vldddddddd Valid Values
ErrorDocumentationGet
INPUT PARAMETERS
Language
Error Code
RETURN VALUE
String (3-256)
:@Err#Usr0000024
Prefix
Problem Area
Numeric ID
LANGUAGE DOCUMENTATION
English (USA)
Specified user does not have the needed right
to invoke this API
Español
(moderno)
Usuario informado no tiene los derechos
necesarios para llamar esta API
Português
(Brasil)
Usuário especificado não possui os direitos
necessários para chamar esta API
Always initiated in :@Err#
• To distinguish from normal return
values
• Next three positions used to define
'problem area'
• Seven digits to number specific errors
Documented in various human languages
23. Call Log
Every call to VersaCloud is logged
• Including parameters and return value
• Auditing based on filtered views of log
24. VersaCloud's Internal Engine Overview
PROCEDURE ApiCall(
Solution, Method,
Parameter01, Parameter02, Parameter03, … Parameter14, ReturnValue
) BEGIN
END
Step #4 - Log and Finalize
Step #1 - Accept and timestamp
Step #2 - Validate
Step #3 - Execute
Run on as many
simultaneous
threads as needed
25. VersaCloud's Internal Engine Step #1
Step #1 - Accept and timestamp
Register start time
Generate unique operation handle
PROCEDURE ApiCall(
Solution, Method,
Parameter01, Parameter02, Parameter03, … Parameter14, ReturnValue
) BEGIN
END
Step #4 - Log and Finalize
Step #1 - Accept and timestamp
Step #2 - Validate
Step #3 - Execute
26. VersaCloud's Internal Engine Step #2
PROCEDURE ApiCall(
Solution, Method,
Parameter01, Parameter02, Parameter03, … Parameter14, ReturnValue
) BEGIN
END
Step #4 - Log and Finalize
Step #1 - Accept and timestamp
Step #2 - Validate
Step #3 - Execute Step #2 - Validate
Validate Solution and Method name
Verify Method's usage allowed at time of call
Verify Method's recalling restrictions
Verify Parameters
If First Parameter is a Login Handle, verify transaction still alive
If anything went wrong, continue at Step #4
If Method has associated cost, verify available balance and charge
If anything goes wrong,
back-end server will NOT be called
27. VersaCloud's Internal Engine Step #3
PROCEDURE ApiCall(
Solution, Method,
Parameter01, Parameter02, Parameter03, … Parameter14, ReturnValue
) BEGIN
END
Step #4 - Log and Finalize
Step #1 - Accept and timestamp
Step #2 - Validate
Step #3 - Execute
Step #3 - Execute
Call Method's Implementation
Validate Method's return value
If Method is a ...Commit, remove transaction from pending queue
If Method is an ...Allow call, insert transaction into pending queue
28. VersaCloud's Internal Engine Step #4
PROCEDURE ApiCall(
Solution, Method,
Parameter01, Parameter02, Parameter03, … Parameter14, ReturnValue
) BEGIN
END
Step #4 - Log and Finalize
Step #1 - Accept and timestamp
Step #2 - Validate
Step #3 - Execute
Step #4 - Log and Finalize
Register processing end time
Save execution data to log: start, end, balance, parameters, return value
If result is errorcode and Method had cost, reimburse amount charged
If result is errorcode, randomly wait a little bit
Prepare return value
Send return value to caller
Algorithmic
DDOS protection
30. Join us NOW!
Complete documentation,
tutorials and case studies
available at
www.versacloud.technology
Get in touch!
mailto:mac@matza.group
whatsapp: +55 11 98281-2442
mailto:rocmayer@mbi.com.br
whatsapp: +55 11 99216 9776
callto:+55 11 3230 6850