Terms of Reference (TOR)
For the development of API Framework, API and Portal for Vital Statistics Report Publication
1. Background
Department of National ID and Civil Registration (DoNIDCR), and National Statistics Office (NSO) has signed a MOU to publish Vital Statistics reports based on civil registration data including global indicators. Thus, in order to publish the report, it is mandatory for NSO to receive Civil Registration data from DoNIDCR through electronic means regularly and securely. As per the agreement, NSO will get civil registration data using Restful API from DoNIDCR.
This assignment has been given to develop an API Framework for the purpose of Consuming API and downloading details for NSO to get data as per Global Indicators. The major activity of this assignment is to develop an API framework, develop API’s and developing a mechanism for consuming data as per the data analysis structure of NSO.
2. Objective of the Consulting Service
- To develop a data exchange platform to NSO from DoNIDCR
- To develop API Gateway for data exchange based on global indicators
- To develop portal for managing data received from DoNIDCR
3. Scope of Services
The scope of this assignment is to design, develop and deploy a data exchange platform and API’s, which will be used for exchanging data with other systems.
The firm has to provide services of all indicated objectives in the definite time:
Output 1: Design and development of API platform:
Synopsis: API platform is a complete solution, which acts as the base foundation for developing API. Developed platform will have a gateway, an identity server application with manageable API’s.
Major Features:
The firm has to develop an API platform, which has to be based on micro service architecture as shown below:
Fig: Required API platform
A micro services based API platform contains API gateway, Identity sever, and API’s for data exchange securely.
The firm has to develop all the features of API platform as below:
- API Gateway:
API gateway is the entry point for all the API calls. Client call the API gateway instead of the services and the gateway forwards the call to the respective service on the back end. So API Gateway manages all the services at the back end, protects API from overuse and abuse, and use authentication service, rate limiting.
Requirement:
An API gateway has to be developed using gateways like ocelot or other open-source API Gateway in asp.net core. It should have the features for:
- Routing
- Authentication
- Authorization
- Rate limiting
- Caching
- Quality of Service
- Tracing
- Logging
- Load balancing
Service discovery provider:
Firm should developed service discovery is in API gateway. It should manages the entire API services by allowing it to be registered in central registry, which lets services automatically discover each other without requiring a human operator to modify application code. Should protect API services against network failure, provides network security using access control, check health of services and manages it automatically for high availability. An open source service discovery provider (like consul) must be used.
- Identity Server application:
Identity Server is an authentication server that implements OpenID Connect (OIDC) and OAuth 2.0 standards for ASP.NET Core. It’s designed to provide a common way to authenticate requests to all applications, whether they’re web, native, mobile, or API endpoints. The identity server application should Issue access tokens for APIs for various types of clients.
Requirement:
The consulting firm has to develop a solution in asp.net core where each client (agencies systems) has to be registered in this application. After registration these clients has to be provided username and password for the purpose of authentication. After successful authentication client, application’s has to be provided with a JWT access token for request authentication and verification.
It should have functionality as below:
- Create database for user management of each client agencies.
- Generate authentication token for request authentication and verification.
Output 2: Design, develop and deploy API’s:
Synopsis: APIs to exchange vital events data of VERSP-MIS with NSO needs to be developed, tested and deployed in close coordination with DoNIDCR.
Major Features:
The consulting firm has to develop Restful API’s in asp.net core for exchanging vital event data with client application. These API’s has to implement the micro services architecture. These services has to be register in API gateway and should authenticate the client using identity server.
These API’s has to be developed, configured and deployed:
- API’s for Birth data
- API’s for Death data
- API’s for divorce data
- API’s for marriage data
- API’s for migration data
- API’s Coverage data
Output: Development of Portal
Synopsis: The portal is an online system in which civil registration data received from DONIDCR via API will be stored. There will be an arrangement to download civil registration details according to different indicators from this portal in CSV or Excel format.
Major Features:
- User login module
- Listing of data according to the date, civil registration types and indicators
- Interactive dashboard
Output 3: Writing API documentation
Synopsis:
Text-based detailed and step-by-step API document to operate system.
Major Features:
How-to section to guide through the process to pull data to NSO.
Output 4: Knowledge Transfer and Orientation for NSO and DoNIDCR staff
Synopsis:
Training and orientation
Major Features:
Physical and/or Virtual Training regarding the system use
4. Other Technical Requirements:
Programming Language
The system should be developed in C# .NET ASP.net core.
- Privacy and security
The solution should in-cooperate proper security mechanism for data security and should maintain privacy. Security is an essential requirement in software development. The solution should have following security features
- Authentication and JSON Web Tokens
- Authorizations and scopes
- Error Handling:
Solution should have a proper error handling mechanism using standard HTTP error codes.
- Software Interface Language
The solution shall have both Nepali and English Languages, words and characters.
The solution should be highly configurable; there should be minimal hard coded options. The developed application should be parameter driven. It is highly encouraged to use data from database to populate to options and choices.
Use caching to provide fast results for repeated GET requests. Use pagination and filtering capabilities to reduce the amount of data being transferred. Data transfer objects should not include unnecessary fields.
- Documentation
API documents should include description, request parameters, response, and error scenarios. It should include request/response samples to provide the full picture.
The system should be highly interoperable so that different systems can exchange and reuse the data.
- Open Standard
The developed system should be open standard where possible. It should not be vendor specific and depend on some vendor specific technology. There should not be implementation of any vendor specific component, software, middleware, firmware to avoid the vendor locking situation. The proposed architecture, database, programming language and any technology used to develop and implement system should use ‘Open Standard’ whenever such standards are available and applicable to meet the specification.
The Government of Nepal (GoN) has recently published set of standards for development and implementation of ICT systems as well as websites. The bidder should adopt, comply and adhere with the recommended standards for data, design, architecture, security architecture etc. The main system, subsystem, component, design, document and any part that is implemented and used for this task should comply with following guideline documents where applicable.
- Government Enterprise Architecture (GEA) framework.
- The main system, subsystem, component, design, document and any part that is implemented and used should comply with Nepal Government Interoperability Framework (NeGIF).
The consultant should list and provide valid logic and justification if such compliance could not be ascertained.
5. Experience of firm:
- Firm should have 3 years of working experience in developing API’s or web based applications.
6. Team Composition:
The following key personnel with below mentioned qualification and experience are required during the project period:
SN | Expertise | Qualification | Minimum Experience |
1 | Team Leader | Master’s degree in IT or related subject | The Team Leader shall have minimum 5 years of general experience in management of IT projects. |
2 | System Analyst | Master’s degree in IT or related subject | The System Analyst shall have at least 5 years’ experience in System Analysis, Design and Development. |
3 | API Programmer | Bachelor’s degree in IT or equivalent | The Programmer shall have minimum 2 years Web based System Development |
4 | Web Developer | Bachelor’s degree in IT or equivalent | The Web developer shall have minimum 2 years’ experience in web development |
5 | Database developer | Bachelor’s degree in IT or equivalent | The Database developer shall have minimum 2 years of general experience in RDBMS. |
6 | Quality Assurance(QA) | Bachelor’s degree in IT or equivalent | The Quality Assurance shall have minimum 2 years’ experience in web development |
7
|
Documentation/ Technical Writer | Bachelor’s degree in any field | The Documentation/Technical Writer shall have minimum 2 years of general experience in Technical Writing. |
The input of the consultant’s key personnel has been envisaged to be as follows.
SN | Expertise | Jobs to be Done | Total man-month |
1 | Team Leader | Supervise the project team to ensure quality and prompt services to the project. Plan, execute and finalize the project. | 1 |
2 | System Analyst | Requirement gathering, Preparation of SRS and SDS as part of system analysis and design. Deployment of API and system configuration | 1 |
3 | API Developer | Coding, Debugging, API design, development and pre/post System Testing as part of system implementation. | 2 |
4 | Web Developer | Coding, Debugging, web application development and pre/post System Testing as part of system implementation. | 2 |
5 | Database Designer | Design of relational database. | 2 |
6 | Quality Assurance | Test the quality of each developed modules | 1 |
6 | Documentation / Technical Writer | Manuals for system administrator, end-user and training manuscripts. | 1 |
7. Deliverables:
- Inception report,
- Final tested product of portal, API Gateway and Framework,
- Fully functioning API’s, test report and technical documentation,
- Work completion report
8. Ownership:
NSO will have the ownership of all the source code, documents. Full working source code including all developed libraries should be handed over to NSO.
9. Deployment:
Consulting firm should deploy the data sharing portal, API’s and complete solution in DoNIDCR server.
10.Maintenance and Support
Consultant must provide at least 1-year minor enhancement, upgradation and support after deployment.
11. Implementation Timeline
The overall implementation timeline will be estimated 2 (two) month from the date of contract award. The software must be delivered within 1 months from date of contract.
12. Input
The consultant shall work under the close and constant supervision of NSO and DoNIDCR.
13. Software Ownership
NSO will have the full and sole authority to distribute, license, copyright, modify, and re-engineer the system without binding obligation to any other institution. The consulting firm should hand over full working source code including all developed libraries to NSO.