# Credit Card Registration System

*reference*: [link](https://interviewing.io/guides/hiring-process/microsof) <br>
*answer generated with the assistant of ChatGPT*

> Imagine you're in a team and we're building a credit card registration system. And it's used by different firms. <br>
How would you proceed? and how do you build the interface?

## Defining Requirements

- Identification, Authentication and Authorization of user firms.
- Data security: in transit and at rest
- Friednly user experience

## Architecture

### backend

#### API Design

Create <span style='color: #32cd32;'>RESTful APIs</span> or <span style='color: #32cd32;'>GraphQL</span> endpoints to handle registration requests and submitting credit card information, validating input, and storing data securely.

#### Database Schema

The database schema should supports storing credit card information securely via encryption for sensitive data.
 
sub problem: how to store passwords in memory

#### Integration Points

Design interfaces for integrating with different firms' systems (e.g., for validation or reporting purposes).


### Frontend

#### Forms

Create user-friendly forms for entering credit card details. Implement client-side validation to improve user experience. <br>
Use responsive design principles to ensure the form works well on various devices.

## Building the API

- **Endpoints**:
    - <small>`POST /register`</small>: To submit credit card details.
    - <small>`GET /status`</small>: To check the status of a registration request.
- **Validation**: Implement both server-side and client-side validation to ensure data integrity and security.
- **Security**: Use HTTPS, and consider implementing <span style='color: #32cd32;'>OAuth</span> or <span style='color: #32cd32;'>JWT</span> for authentication and authorization.


Here’s a simple implementation of the <small>`POST /register`</small>: and <small>`GET /status`</small> endpoints: (<small>`app.py`</small>)

``` python
from flask import Flask, request, jsonify
import uuid

# In-memory storage for registration statuses (for demonstration purposes only)
registrations = {}

# Endpoint to submit credit card details
@app.route('/register', methods=['POST'])
def register():
    data = request.get_json()

    # Validate input
    if not all(key in data for key in ('card_number', 'expiry_date', 'cvv', 'cardholder_name')):
        return jsonify({'error': 'Missing required fields'}), 400

    # Generate a unique ID for this registration
    registration_id = str(uuid.uuid4())
    
    # Store the registration details (for demonstration purposes only)
    registrations[registration_id] = {
        'card_number': data['card_number'],
        'expiry_date': data['expiry_date'],
        'cvv': data['cvv'],
        'cardholder_name': data['cardholder_name'],
        'status': 'pending'
    }

    return jsonify({'registration_id': registration_id, 'status': 'pending'}), 201

# Endpoint to check the status of a registration request
@app.route('/status/<registration_id>', methods=['GET'])
def status(registration_id):
    registration = registrations.get(registration_id)

    if registration is None:
        return jsonify({'error': 'Registration not found'}), 404

    return jsonify({'registration_id': registration_id, 'status': registration['status']}), 200

if __name__ == '__main__':
    app.run(debug=True)
```

ℹ️ This implementation uses in-memory storage for simplicity. For a production system, you should use a persistent storage solution (e.g., a database) and implement additional security measures to protect sensitive data.

<style>
/* CSS to change font size of code blocks */
pre {
    font-size: 12px; /* Adjust the font size as needed */
}
</style>

## Build the User Interface

- **Form Elements**: Include fields for credit card number, expiration date, CVV, and any other required information.
- **Validation**: Implement real-time validation for card number format, expiration date, and CVV.
- **Feedback**: Provide clear error messages and success notifications.
- **Accessibility**: Ensure the form is accessible to all users, including those with disabilities.

## Testing

- **Unit Testing**: Test individual components and API endpoints.
- **Integration Testing**: Test the system as a whole to ensure all components work together.
- **User Testing**: Conduct usability testing with real users to identify any issues or areas for improvement.

Example of testing the API:
``` bash
curl -X POST http://127.0.0.1:5000/register -H "Content-Type: application/json" -d '{"card_number": "1234567812345678", "expiry_date": "12/24", "cvv": "123", "cardholder_name": "John Doe"}'
```
Check Registration Status:
``` bash
curl http://127.0.0.1:5000/status/{registration_id}
```


<style>
/* CSS to change font size of code blocks */
pre {
    font-size: 12px; /* Adjust the font size as needed */
}
</style>

## Security

- **Encryption**: Encrypt sensitive data both in transit and at rest.
- **Tokenization**: Use tokenization to replace credit card details with a secure token.
- **Compliance**: Ensure the system complies with PCI DSS and other relevant regulations.

## Deployment and Monitoring

- **Deployment**: Deploy the system to a secure and scalable environment.
- **Monitoring**: Implement monitoring to track system performance and detect any issues.

## Documentation

- **API Documentation**: Provide clear documentation for your APIs, including how to use them and examples.
- **User Documentation**: Create guides for users and firms to help them understand how to use the system.