Higher Nationals

Internal verification of assessment decisions – BTEC (RQF)

INTERNAL VERIFICATION – ASSESSMENT DECISIONS

Programme title Higher National Diploma in Computing

Assessor Miss Menisha Silva Internal Verifier Miss Menisha Silva

Unit 29 – Application Program Interfaces
Unit(s)

Assignment title online shopping system for OZQ company

Student’s name Jeyabalan Praveen

Pass Merit Distinction

INTERNAL VERIFIER CHECKLIST

Do the assessment criteria awarded match

those shown in the assignment brief? Y/N

Is the Pass/Merit/Distinction grade awarded

justified by the assessor’s comments on the Y/N
student work?
Has the work been assessed
Y/N
accurately?
Is the feedback to the student:
Give details:
• Constructive? Y/N
• Linked to relevant assessment criteria? Y/N
• Identifying opportunities for Y/N
improved performance?
• Agreeing actions? Y/N
Does the assessment decision need
Y/N
amending?

Assessor signature Date

Internal Verifier signature Date

Programme Leader signature (if required)
Date

Jeyabalan Praveen API pg. 1

 Confirm action completed
Remedial action taken
Give details:

Assessor signature Date

Internal Verifier
Date
signature
Programme Leader
Date
signature (if required)

Jeyabalan Praveen API pg. 2

Higher Nationals - Summative Assignment Feedback Form

Student Name/ID Jeyabalan Praveen / 00030464

Unit Title Unit 29 – Application Program Interfaces

Assignment Number 1 Assessor Miss Menisha Silva

Date Received
Submission Date
1st submission
Date Received 2nd
Re-submission Date
submission
Assessor Feedback:

LO1 Examine what an API is, the need for APIs and types of APIs
Pass, Merit & Distinction P1 M1 D1
Descripts

LO2 Apply the knowledge of API research to design an application that incorporates relevant APIs for
a given scenario or a substantial student chosen application
Pass, Merit & Distinction P2 M2 D2
Descripts

LO3 Implement an application in a suitable development environment

Pass, Merit & Distinction P3 M3 D3
Descripts

LO4 Document the testing of the application, review and reflect on the APIs used

Grade: Assessor Signature: Date:

Resubmission Feedback:

Grade: Assessor Signature: Date:

Internal Verifier’s Comments:

Signature & Date:

* Please note that grade decisions are provisional. They are only confirmed once internal and external moderation has taken place and grades
decisions have been agreed at the assessment board.

Jeyabalan Praveen API pg. 3

Assignment Feedback
Formative Feedback: Assessor to Student

Action Plan

Summative feedback

Feedback: Student to Assessor

Jeyabalan Praveen API pg. 4

 Assessor signature Date

Student signature Date

Jeyabalan Praveen API pg. 5

Pearson Higher Nationals in
Computing
Unit 29 – Application Program Interfaces

Jeyabalan Praveen API pg. 6

General Guidelines

1. A Cover page or title page – You should always attach a title page to your assignment. Use previous
page as your cover sheet and make sure all the details are accurately filled.
2. Attach this brief as the first section of your assignment.
3. All the assignments should be prepared using a word processing software.
4. All the assignments should be printed on A4 sized papers. Use single side printing.
5. Allow 1” for top, bottom , right margins and 1.25” for the left margin of each page.

Word Processing Rules

1. The font size should be 12 point, and should be in the style of Times New Roman.
2. Use 1.5 line spacing. Left justify all paragraphs.
3. Ensure that all the headings are consistent in terms of the font size and font style.
4. Use footer function in the word processor to insert Your Name, Subject, Assignment No, and Page
Number on each page. This is useful if individual sheets become detached for any reason.
5. Use word processing application spell check and grammar check function to help editing your
assignment.

Important Points:

1. It is strictly prohibited to use textboxes to add texts in the assignments, except for the compulsory
information. eg: Figures, tables of comparison etc. Adding text boxes in the body except for the before
mentioned compulsory information will result in rejection of your work.
2. Carefully check the hand in date and the instructions given in the assignment. Late submissions will
not be accepted.
3. Ensure that you give yourself enough time to complete the assignment by the due date.
4. Excuses of any nature will not be accepted for failure to hand in the work on time.
5. You must take responsibility for managing your own time effectively.
6. If you are unable to hand in your assignment on time and have valid reasons such as illness, you may
apply (in writing) for an extension.
7. Failure to achieve at least PASS criteria will result in a REFERRAL grade .
8. Non-submission of work without valid reasons will lead to an automatic RE FERRAL. You will then be
asked to complete an alternative assignment.
9. If you use other people’s work or ideas in your assignment, reference them properly using HARVARD
referencing system to avoid plagiarism. You have to provide both in-text citation and a reference list.
10. If you are proven to be guilty of plagiarism or any academic misconduct, your grade could be
reduced to A REFERRAL or at worst you could be expelled from the course

Jeyabalan Praveen API pg. 7

Student Declaration

I hereby, declare that I know what plagiarism entails, namely to use another’s work and to present it as my
own without attributing the sources in the correct form. I further understand what it means to copy another’s
work.

1. I know that plagiarism is a punishable offence because it constitutes theft.

2. I understand the plagiarism and copying policy of Edexcel UK.
3. I know what the consequences will be if I plagiarise or copy another’s work in any of the assignments
for this program.
4. I declare therefore that all work presented by me for every aspect of my program, will be my own, and
where I have made use of another’s work, I will attribute the source in the correct way.
5. I acknowledge that the attachment of this document signed or not, constitutes a binding agreement
between myself and Pearson, UK.
6. I understand that my assignment will not be considered as submitted if this document is not attached
to the assignment.

Student’s Signature: Date:

(Provide E-mail ID) (Provide Submission Date)

[email protected]

Jeyabalan Praveen API pg. 8

Higher National Diploma in Business

Assignment Brief

Student Name /ID Number Jeyabalan Praveen / 00030464

Unit Number and Title Unit 29- Application Program Interfaces

Academic Year 2021/2022

Unit Tutor Miss Menisha Silva

Assignment Title

Issue Date

Submission Date

IV Name & Date

Submission format

Part 1 – Report: The submission should be in the form of an individual written report. This should
be written in a concise, formal business style using single spacing and font size 12. You are required
to make use of headings, paragraphs and subsections as appropriate, and all work must be
supported with research. You must provide in-text citations and the reference list using Harvard
referencing system.

Part 2: Fully functional web solution.

The recommended word count for the report is 4,000–4,500 words excluding annexures. Note
that word counts are indicative only and you would not be penalised for exceeding the word.
Minimum word count – 4,000
Maximum word count – 5,500

Jeyabalan Praveen API pg. 9

 Scenario
“ELEKS “ is a Top 100 Global Outsourcing company. You work as an apprentice web developer for
ELEKS . As part of your role, you have been asked to create an online shopping system for OZQ
company.
Online shopping has grown its popularity over the years, mainly because people find it convenient
and easy to shop from the comfort of their own home or office. This is one of the most enticing
factors about online shopping Because of these reasons OZQ company has decided to develope an
online shopping system.
OZQ-cart has facilitates business-to-consumer sales through its website. OZQ-cart system helps to
buy any type of item online by choosing the listed products from the website. Following are the
functional requirements of the system.

 Registration – Customers can view the store but only the members can buy items. To
become a member of the website, the customer need to register for the membership.
 Login page - The Login page is peripheral of the secure area of the system and allows the
user to log onto the web application. The user can view the store and add their order to
the shopping cart.
 Shopping cart – Member can add their searched items to the cart.
 User Profile - The User Profile page is an area that allows the users to maintain their own
information. The user can browse and search the items and add to the shopping cart.
 Item Search and Select - Each customer must be able to view the status of the placed
order.
 Feedbacks – user can provide opinions/ feedback to the site.

Following are the non-functional requirements of the system.

 Performance
 Usability
 Reliability and availability
 Security

Develop a web based solution for the above scenario.

Activity 1 - Examine what an API is, the need for APIs and types of APIs.
Examin What is an API (Application Program Interface) ,types and the benefits of APIs and
evaluate the potential security issues surrounding APIs with reference .
1.1 Examin the differences between API and SDK and Assess a range of APIs that covers a
range of users of the proposed solution.

Jeyabalan Praveen API pg. 10

 Activity 2 - Apply the knowledge of API research to design an application that incorporates
relevant APIs for a given scenario or a substantial student chosen application
2.1 Apply the knowledge of API research and Analyse the alternative solutions similar to the
proposed system that could be enhanced by a suitable API. Design an application that will
utilize a range of APIs for the proposed solution and justify the design choices used.

Activity 3 - Implement an application in a suitable development environment

3.1 Develop an application with suitable android and web-site wireframes for the proposed
system design in task 2. Provide all the interfaces of the system and the appropriate
codes of it.

Activity 4 - Document the testing of the application, review and reflect on the APIs used
4.1 Design and complete a ‘black box’ and ‘white box’ testing methods for the developed
system and update the system according to the results. Critically evaluate the APIs used
within your application and results of your Test Plan. Include a review of the overall
success of your multipage website and provide a data security report of the application
you developed for the above sceanrio.

Jeyabalan Praveen API pg. 11

 Observation Sheet

Activit Activity Learning Feedback

y Outcom (Pass/ Redo)
No e
1 Examine what an API is, the need for APIs and LO1
types of APIs.

2 Apply the knowledge of API research to design an LO2

application that incorporates relevant APIs for a
given scenario or a substantial student
Chosen application.
3 Implement an application in a suitable development LO3
environment.
4 Document the testing of the application, review and LO4
reflect on the APIs used.

Comments:

Assessor Name :…………………………………………….

Date :…………………………………………….

Assessor Signature :…………………………………………………………………………

Jeyabalan Praveen API pg. 12

 Grading Rubric

Grading Criteria Achieved Feedback

LO1 Examine what an API is, the need for APIs and types
of APIs

P1 Examine the relationship between an API and a Pg. 8

software development kit (SDK).
M1 Asses a range of APIs for a particular platform that
covers a range of uses.
D1 Evaluate potential security issues surrounding APIs

LO2 Apply the knowledge of API research to design an

application that incorporates relevant APIs for a given
scenario or a substantial student chosen application
P2 Analyse an existing application that could be Pg.10-13
extended with a suitable API.

M2 Design an application that will utilise an API for a

given purpose.

D2 Create a design for a chosen substantial application

that will utilise a range of APIs, justifying choices..

LO3 Implement an application in a suitable development

environment
P3 Build on an existing application framework to Pg.15-20
implement an API.

M3 Develop an application that utilises an API.

D3 Construct an application utilising multiple APIs,

following the designs in LO2

LO4 Investigate scenarios with respect to design

PatternsLO4 Document the testing of the application,
review and reflect on the APIs used

Jeyabalan Praveen API pg. 13

 P4 Design and complete a ‘white box’ test of the Pg.22-23
application, recording the results.

M4 Conduct ‘black box’ tests of your application,

recording the results.
M5 Update the application accordingly with the results.

D4 Critically evaluate the APIs used within your

application. Provide a data security report of your
application.

Jeyabalan Praveen API pg. 14

Table of Content
Table of Figures .................................................................................................................................... 17

Activity 1 .............................................................................................................................................. 19

Types of API’s and Benefits of it ..................................................................................................... 19

Benefits of API.............................................................................................................................. 20
Difference between API and SDK .................................................................................................... 20

Difference between API and SDK ................................................................................................ 20

Security issues surrounding API’s .................................................................................................... 21

Range of APIs for a particular platform that covers a range of uses. ............................................... 21

What is an Application Platform? ................................................................................................. 21

Visual Studio ................................................................................................................................. 21
Rapid API...................................................................................................................................... 22
DreamFactory................................................................................................................................ 22
Activity 2 .............................................................................................................................................. 23

Research and Evaluate alternative API similar to the proposed system and enhance the system
design. ............................................................................................................................................... 23

EBay .............................................................................................................................................. 23
Amazon ......................................................................................................................................... 25
Activity 3 - Implement an application in a suitable development environment ................................... 27

Provide the android and web-site wireframes for the proposed system design. ............................... 27

Android Wireframes...................................................................................................................... 27
Website Wireframes ...................................................................................................................... 29
Application that utilizes an API for the proposed system and provide all the interfaces and the
appropriate codes of it. ..................................................................................................................... 32

Activity 4 .............................................................................................................................................. 34

Document the testing of the application, review and reflect on the APIs used. ................................... 34

The developed system should test by using black box and white box testing methods. .................. 34

Software Testing ............................................................................................................................... 34

White Box Testing ........................................................................................................................ 34

Black Box Testing ......................................................................................................................... 34
Jeyabalan Praveen API pg. 15
 Comparison of Black Box testing and White Box Testing ........................................................... 35
Evaluate the results of your Test Plan and include a review of the overall success of your
multipage website ............................................................................................................................. 35

Test Plan ........................................................................................................................................ 36

The APIs used within your application. Provide a data security report of your application. ........... 37

Authentication ............................................................................................................................... 37
Authorization ................................................................................................................................ 37
Secure the Individual Accounts .................................................................................................... 37
CSRF (Cross Site Request Forgery) attacks ................................................................................. 38
Security Architecture .................................................................................................................... 38
Conclusion ............................................................................................................................................ 39

References ............................................................................................................................................ 46

Jeyabalan Praveen API pg. 16

Table of Figures
Figure 1 How API Works (UpWork, 2023) ...................................................................................... 19
Figure 2 Web API.............................................................................................................................. 19
Figure 3 Start Page of Visual Studio ................................................................................................. 22
Figure 4 EBay Home Page ................................................................................................................ 23
Figure 5 Create Account Interface .................................................................................................... 24
Figure 6 EBay Log In ........................................................................................................................ 24
Figure 7 Item Search Interface .......................................................................................................... 25
Figure 11 Home Page of Amazon ..................................................................................................... 26
Figure 12 Android Home Page .......................................................................................................... 27
Figure 13 Android Log in page ......................................................................................................... 27
Figure 14 Android Sign up form ....................................................................................................... 28
Figure 15 User Profile ....................................................................................................................... 29
Figure 16 Sign-up .............................................................................................................................. 29
Figure 17 Home Page (Author Developed) ....................................................................................... 30
Figure 18 Item Select......................................................................................................................... 30
Figure 19 Item Search (Author Developed) ...................................................................................... 31
Figure 28 Women items interface of OZQ Cart (Author Developed) ............................................... 32
Figure 30 Men’s items interface of OZQ Cart (Author Developed) ................................................. 32
Figure 36 Shopping Cart of OZQ Cart (Author Developed) ............................................................. 33
Figure 37 Item Page of OZQ Cart (Author Developed) .................................................................... 33

Jeyabalan Praveen API pg. 17

List of Table
Table 1 Difference between API and SDK (Square, 2018)............................................................... 20
Table 2 Comparison of Black Box testing and White Box Testing .................................................. 35
Table 3 Test Plan of OZQ-Cart ......................................................................................................... 36

Jeyabalan Praveen API pg. 18

Activity 1
Types of API’s and Benefits of it.
API is the acronym for Application Program Interface, an intermediary device that allows two
programs to communicate to each other. It is not a User Interface. API is the link which is using to
communicate from software to software. As an example, the program connects to the internet and sends
data to s server when you use and application on your mobile phone. The server will then retrieve the
data, decode it, perform the necessary actions and return it to your phone. API enables programmers
to make sure of routine written for the Windows operating system.

Figure 1: How API Works

There are Different types of API’s available.

Web Service

A web service is a system or software that uses an address, i.e., URL on the World Wide Web, to
provide access to its services. SOAP, XML-RPC, JSON-RPC, REST are the types of API’s available.

Figure 2: Web API

Jeyabalan Praveen API pg. 19

Hardware- Helps you to get connect from device to device.
Operating Systems- Windows is an Operating System. Using windows OS in PC’s as well as in Mobile
Phones.
Data Structure- The data structure is a parameter values are for particular importance because they
must match between the caller of an API and its publisher.
Programming Interfaces- Programming interface is a subroutine definition, communication protocols
and tools for building software.

Benefits of API
The content generated can be published automatically and available for every channel when access ID
provide to an API. Efficiency is a benefit of API. Any user or company can customize the content and
services that they use the most. Also, it can add advance features which means API’s are flexible which
another benefit is. Automation is another benefit of API. API’s allows machines to handle the
workload. Also, can agencies can update workflow to make them quick and more productive. Wider
reach; API will help to connect with software to software. So, it will reach a wider area.

Difference between API and SDK.

API is known as Application Program Interface is an interface which allows software programs to
interact with each other. SDK can be known as Software Development Kit. SDK is a set of software’s
used to develop applications for several operating systems. For an example Windows 7 SDK, iPhone
SDK etc.

Difference between API and SDK

API SDK
Interface which interacts with other software’s. Collection of tools using to develop applications for
several Operating Systems to specificPlatforms.
Allows other applications to communicate.
Create various applications
Provide description of parameters types.
Comprises libraries.
Collection of tools, sample code and
documentation. Specified interface to a collection of software
functionalities.

Jeyabalan Praveen API pg. 20

Security issues surrounding API’s
Authentication- Authentication is ensuring that the user device has the correct permission to view, edit
or delete the requested data. (Microsoft, 2019)
Authorization- Authorization is deciding whether a user is allowed to perform an action. (Microsoft,
2019)
Secure the individual accounts in web API- Individual account is the app uses a membership database.
Local Login and Social login are the two ways that user can log-in. Local login is the user registration
at the site entering username and password. In local login system verifies the password. Social Login
is the user signs in with an external service, such as Facebook, Microsoft, google. (Microsoft, 2019)
CSRF (Cross Site Request Forgery) attacks- Attacking by knowns the pattern can be known as CSRF.
In this the attacker know the pattern that how it works. (The OWASP Foundation, 2019)
Security Architecture- Security architecture is about applying security controls. This is cost effective
and re-useable. (Techopedia, 2019)

Range of APIs for a particular platform that covers a range of uses.

What is an Application Platform?
An application platform is a framework of services that application programs rely on for standard
operations. An application platform operates across five principal areas which are Development tool,
Execution services, Data Services, Operating Systems and Cloud Services. There are some best API
platforms. Visual Studio, Rapid API and DreamFactory.

Visual Studio
Visual Studio is an Integrated Development Environment (IDE Hereafter) based on the .Net
framework. Visual basic, C#, C++, ASP.NET are some Programming languages which are provided
by Visual Studio.

Jeyabalan Praveen API pg. 21

 Figure 3: Start Page of Visual Studio

Rapid API
This lets you manage all your API integrations from one place and gives you real-time performance
metrics (Rapid API, 2019). This allow developers to search, find, test and use all available public API’s
within minutes. Also, it allows the user to track and manage their connected API’s. Rapid API is also
best for testing and overriding API’s.

DreamFactory
DreamFactory is best for creating REST API’S and converting SOAP into REST. It makes easy to
Create, Read, Update or Delete objects and related objects with a single API call. This is a free Apache
to open source projects that runs on Linux, Windows and Mac OS. It makes it easy to publish your
API for others to use. (DreamFactory, 2019)
According to the scenario OZQ-cart is an online e-commerce system. To build this e-commerce system
the ASP.NET Web API is the API that is suitable to build up this system.

Jeyabalan Praveen API pg. 22

Activity 2
Research and Evaluate alternative API similar to the proposed system and
enhance the system design.
The API that going to develop according to the scenario is OZO-cart. According to its features OZO-
cart is an ecommerce system. There are some similar API’s available in the world. Which are eBay,
Amazon, Ali Express, Alibaba, WOW.lk, ikman.lk etc.

EBay
Home Page of EBay
EBay is selling all kind of products. In this home page it shows the recently viewed items of the user
and popular categories. Also user can search of what they are looking for to buy. In the search bar also
there is an option to search by choosing categories. It will make users work much easier. Also, it has
categories as a navigation bar so the user can get items by selecting it. EBay has mentioned My eBay
as the user profile. So the user can visit to their profile by selecting it. The cart is showed with a symbol
of a cart. Also it has notified that how many products have added to the cart.

Figure 4: Ebay home page

Jeyabalan Praveen API pg. 23

Registration
This is the interface of EBay to create an account. According to this interface by providing Firs Name,
Last Name, Email and password the user can ceater a profile easily. Also, there are two other options
to create an account by continuing with Facebook or with Google. But the safest way to create an
account is by providing details.

Figure 5: Create Account Interface

Log in
EBay has provide the facility to the user to log in with Facebook, Google Account or by providing
email or username and the password. This happens according to that how you create your account. But
the safest way to create an account is by email or username and password.

Figure 6: Ebay Login

Jeyabalan Praveen API pg. 24

Item Search
This is the item search interface of eBay. I have searched for Phone case and the results are showed
below. Related, Short by price, auction, buy it now are some features that we can see in this interface.
The item showed with the picture of the item, item name and the price. Also it has mentioned how
many items has sold and the buying options and delivery charges whether it is delivery free or it is
charging for the delivery. And the county that you are getting the item.

Figure 7: Item Search Interface

There are more other options such as Help and Contact, Sell, Security Center etc. According to all
these features of eBay it is user friendly and secure also, these features will be helpful when developing
OZQ-Cart system.

Amazon
Amazon is a multinational technology company focusing on e-commerce, cloud computing and AI
(Artificial Intelligence).
Home page of Amazon
Amazon e-commerce system’s interface is very attractive and colorful. The user can search by typing
as we as by selecting category. In this home page it also has categorized the products which they are
selling. The user can buy goods by signing up to the system or she can buy goods as a guest user. So,
it’s not necessary to be a member in amazon to buy goods which.

Jeyabalan Praveen API pg. 25

 Figure 8: Home page of Amazon

Jeyabalan Praveen API pg. 26

Activity 3 - Implement an application in a suitable development
environment
Provide the android and web-site wireframes for the proposed system design.
Android Wireframes

Figure 9: Sign in Android

Jeyabalan Praveen API pg. 27

 Figure 10: View products in android

Figure 11: Products to view in detail

Jeyabalan Praveen API pg. 28

Website Wireframes

Figure 12: User Profile

Figure 13: Sign up

Jeyabalan Praveen API pg. 29

 Figure 14: Home page

Figure 15: Items select

Jeyabalan Praveen API pg. 30

 Figure 16: Search Item

Jeyabalan Praveen API pg. 31

Application that utilizes an API for the proposed system and provide all the
interfaces and the appropriate codes of it.

Figure 17: Add Product

Figure 18: View Products

Jeyabalan Praveen API pg. 32

 Figure 19: Update and Delete Products

Jeyabalan Praveen API pg. 33

Activity 4

Document the testing of the application, review and reflect on the APIs
used.
The developed system should test by using black box and white box testing
methods.
Software Testing
Software testing is characterized as an operation that ensures that the actual results match the expecte
d results and that the software system is free of defects. There are two types of testing methods which
are ‘White Box Testing’ and ‘Black Box Testing’.

White Box Testing

White Box Testing is a Software testing method in which the internal structure/design/implementation/
of the item being tested is known to the tester. Mainly applicable to lower level testing such as unit
testing, Integration Testing. (Software Testing Fundamentals, 2019)
Unit Testing- In this testing method it tests all the units/components of a software. Evaluating
all the units are working as designed is the purpose of this unit test (Software Testing
Fundamentals, 2019).
Integration Testing- In this testing method it combined units and tested as a group. To
identify the faults in the interaction between integrated units is the purpose of this method
(Software Testing Fundamentals, 2019).

Black Box Testing

This is a Software testing method in which the internal structure/design/implementation of the item
being in not known to the tester. This is mainly applicable to higher level of testing such as System
testing, Acceptance Testing. (Software Testing Fundamentals, 2019)
System Testing- This level is integrated software is tested. The purpose of this test is to evaluate
the systems compliance with the specific requirements. The process of system testing an integrated
system to verify that it meets specific requirements. (Software Testing Fundamentals, 2019)

Jeyabalan Praveen API pg. 34

 Acceptance Testing- This is where the system is tested for acceptability. The business requirements
and assess testing whether it is acceptable for delivery is the purpose of this test. From this test
customer will be able to accept the system or not. (Software Testing Fundamentals, 2019)

Comparison of Black Box testing and White Box Testing

Black Box Testing White Box Testing
 No need to know the internal working of  Has full knowledge of the internal
an application workings of an application.
 Performed by end-users, testers and  Perform by testers and developers.
developers.  Internal workings are fully known and
 Testing based on external expectations. the tester can design to test data
accordingly.
 The most exhaustive and time
 It is exhaustive and the least time consuming type of test.
consuming.  Suits for algorithm testing.
 Not suited for algorithm testing

Table 2: Comparison of Black Box testing and White Box Testing

Jeyabalan Praveen API pg. 35

Evaluate the results of your Test Plan and include a review of the overall success
of your multipage website
Test Plan
The scope of OZQ-Cart e-commerce system is to facilitates business to consumer sales through its
website. The web-based solution that I have created for OZQ-Car fulfil all the functional and non-
functional requirements. This test is going to be done by the end-users of the system. All the functions
going to be tested and its expected outcomes are given below.

Project Name OZQ-Cart (Online Shopping Solution)

Developed By
Date
Table 3: Test Plan of OZQ-Cart
No Summary Module Test Case Expected Outcome
1 Home Page Women Items Button Women Items Page
2 Home Page Men’s Item Button Men’s Items Page
3 Home Page Kids Items Button Kids Items Page
4 Home Page Mobile Phones and Mobile Phone and
Accessories Button Accessories Page
5 Home Page Sign Up Button Sign Up Page
(Navigation Bar)
6 Home Page Log in Button Log In page
(Navigation Bar)
7 Home Page Contact Button Contact Details Page
(Navigation Bar)
8 Women Item Page Select Item Selected Item Page
9 Men’s Item Page Select Item Selected Item Page
12 Item Page Select Item Color, Add item to the Cart
Quantity, Item Type
and Add to Cart
13 User can register Register Fill all the details and Home Page
after entering ‘Submit’
correct details

Jeyabalan Praveen API pg. 36

 14 User can login to Login Input E-mail Address Home Page
the system after and Password
entering correct
username and
password
15 User can order Cart Select items to buy Payment
the item from the and confirm
cart

The APIs used within your application. Provide a data security report of your
application
Authentication, Authorization, Secure the individual accounts, CSRF (Cross Site Request Forgery)
attacks and Security Architecture are the security issues that can be happen with this system.

Authentication
When the host authenticates the user, it creates the principles to represent the security context under
which code is running. The principal contains an associated identity object that contains information
about the user. If the user is authenticated, the Identity is Authenticated property returns true. For
anonymous requests Identity Authenticated returns false. (Microsoft, 2019)

Authorization
This is deciding whether a user is allowed to perform an action. For an example user have permission
to get recourses but not to create resources. This filters run before the controller action. If the request
is not authorized, the filter returns an error response, and the action is not invoked. (Microsoft, 2019)

Secure the Individual Accounts

Local Login and Social Login the two ways of user log ins. In Local Login the user registers at the
site, entering a username and password. The app stores the password hash (#) in the membership
database. When the user logs in, the ASP.NET Identity system verifies the password. In Social Login,
the user signs in with an external service, such as Facebook, Microsoft, or Google. The app still creates
an entry for the user in the membership database, but does not store any credentials. The user
authenticates by signing into the external service. (Microsoft, 2019)

Jeyabalan Praveen API pg. 37

CSRF (Cross Site Request Forgery) attacks
This is an attack tricks the user into submitting a malicious request. Such attacks take advantage of the
fact that a website completely trusts a user once it can confirm that the user is indeed who they say
they are. This attack is using to bypass the authentication Process. This type of attacks can be also
happening in OZQ-Cart. The attacker knows how it works. (Acunetix, 2019)
To prevent from CSRF it uses anti forgery tokens. This also can be known as request verification
tokens.
The clients request an HTML page that contains a form.
The server includes two tokens in the response. One token is set as a cookie and other is placed in
a hidden form field. There tokes generate randomly so the attacker cannot guess the values.
After client submitting the forms, it must send both tokens back to the server. The client sends the
cookie token as a cookie, and it sends the form token inside the form data. (A browser client
automatically does this when the user submits the form.)
If a request does not include both tokens, the server disallows the request. (Microsoft, 2019)

Security Architecture
Security architecture is a unified security design that addresses the necessities and potential risks
involved in a certain scenario or environment. It also specifies when and where to apply security
controls. The design process is generally reproducible. In security architecture, the design principles
are reported clearly, and in-depth security control specifications are generally documented in
independent documents. System architecture can be considered a design that includes a structure and
addresses the connection between the components of that structure. (Techopedia, 2019)

The key phases in the security architecture process are,

Architecture Risk Assessment: Evaluates the business influence of vital business assets, and the
odds and effects of vulnerabilities and security threats.

Security Architecture and Design: The design and architecture of security services, which facilitate
business risk exposure objectives. (Techopedia, 2019)

Implementation: Security services and processes are implemented, operated and controlled.
Assurance services are designed to ensure that the security policy and standards, security
architecture decisions, and risk management are mirrored in the real runtime implementation.

Jeyabalan Praveen API pg. 38

 Operations and Monitoring: Day-to-day processes, such as threat and vulnerability management
and threat management. Here, measures are taken to supervise and handle the operational state in
addition to the depth and breadth of the systems security. (Techopedia, 2019)

These are the security issues that can be happen within an API. Providing the required solutions for
these issues, the system will prevent from those attacks.

Test Cases
Test case ID: 01
Test name: The product

Test title: product detail view

Test designed by: Hiroshan
Test designed date:
02/11/2023
Pre-condition: user in product page
Post-condition: user directed to product detail page
Action Expecte Actual result Pass Comment
d result /Fail
Visit View Pass Product
product relevant viewed
page. products. successfully
Select the .
relevant
product.
Click on
the
product.

Jeyabalan Praveen API pg. 39

 Test case ID: 02
Test name: registering
Test title: a new user register
formTest designed by:
Kanishkaran
Test designed date: 02/11/2023
Pre-condition: user in register page
Post-condition: a new user registered to the system
Action Expected Actual result Pass/Fail Comment
result
Enter User got Pass User
relevan registere registered
tdetails d successfully

Test case ID: 03

Test name: Login
Test title: logging into the
dashboardTest designed by: Liyon
Test designed date: 02/11/2023
Pre-condition: user enters username and password
Post-condition: password or username displayed to be incorrect
Action Expected Actual result Pass Comment
/Fail
result
Enter the Login Pass Log error
provided error successful
usernam messag
eand edisplay
passwor
d

Jeyabalan Praveen API pg. 40

 Test case ID: 04
Test name: search items
Test title: search items from the
database Testdesigned by: Jaime
Test designed date: 02/11/2023
Pre-condition: user search the item by any keyword

Post-condition: displays the required relevant items

Action Expected Actual result Pass Comment

result /Fail
Enter Display Pass Items
valid items searched
keywords fromthat displayed
name successfull
y

Jeyabalan Praveen API pg. 41

Conclusion
OZQ-Cart is an online e-commerce system which provide facilities for online shopping to the
customers. It’s a great opportunity for me to build this e-commerce solution. I used ASP.NET web
application using Web API. As the development platform I used Visual Studio 2019.
Designing wireframes, designing the actual systems according to the wireframes I have designed
improves my skill in designing. Doing this assignment is a great opportunity for me to learn about
Application Program Interface.

Jeyabalan Praveen API pg. 42

API codes

User controller

Jeyabalan Praveen API pg. 43

 Cart controller

Jeyabalan Praveen API pg. 44

 login

Jeyabalan Praveen API pg. 45

 Item controller

Jeyabalan Praveen API pg. 46

 Feedback controller

Jeyabalan Praveen API pg. 47

Order controller
References

Acunetix, 2023. www.acunetix.com. [Online]

Available at: https://www.acunetix.com/websitesecurity/csrf-attacks/
[Accessed 23 06 2023].

DreamFactory, 2023. www.dreamfactory.com. [Online]

Available at: http://www.dreamfactory.com/logos
[Accessed 22 06 2023].

Microsoft, 2023. www.docs.microsoft.com. [Online]

Available at: https://docs.microsoft.com/en-us/aspnet/web-api/overview/security/authentication-and-
authorization-in-aspnet-web-api
[Accessed 28 06 2023].

Microsoft, 2023. www.microsoft.com. [Online]

Available at: https://docs.microsoft.com/en-us/aspnet/web-api/overview/security/
[Accessed 26 06 2023].

Rapid API, 2023. www.rapidapi.com. [Online]

Available at: https://rapidapi.com/
[Accessed 24 06 2023].

Software Testing Fundamentals, 2023. www.softwaretestingfundamentals.com. [Online]

Available at: http://softwaretestingfundamentals.com/differences-between-black-box-testing-and-white-
box-testing/
[Accessed 22 06 2023].

Square Up, 2023. www.suareup.com. [Online]

Available at: https://squareup.com/townsquare/sdk-vs-api
[Accessed 22 06 2023].

Square, 2018. www.squareup.com. [Online]

Available at: https://squareup.com/us/en/townsquare/sdk-vs-api
[Accessed 27 06 2023].

Techopedia, 2023. www.techopedia.com. [Online]

Available at: https://www.techopedia.com/definition/72/security-architecture
[Accessed 06 07 2023].

The OWASP Foundation, 2023. www.owasp.org. [Online]

Available at: https://www.owasp.org/index.php/Main_Page
[Accessed 06 07 2023].

UpWork, 2023. www.upeork.com. [Online]

Available at: https://www.upwork.com/hiring/development/intro-to-apis-what-is-an-api/
[Accessed 05 07 2023].
Jeyabalan Praveen API pg.
46
Jeyabalan Praveen API pg.
47