Frequently Asked Questions
General
What is the purpose of Envizage Developer API?
Envizage Developer API is a managed service that makes it easy for developers to simulate financial scenarios for household accounts.
Why use Envizage Developer API?
Envizage Developer API provides developers with a simple, flexible, managed, pay-as-you-go service that handles all aspects of creating and operating APIs for financial application back ends. This service offers metering, security, resilience, monitoring and lifecycle management.
How do I get started with Envizage Developer API?
Follow the instructions of the quick start guide.
Which are the main Envizage Developer API business entities?
Envisage Developer API models the following business entities of a household financial scenarios:
- Household
- Person
- Income
- Expenses
- Asset
- Liability
- Insurance
- Goal
What is a Household?
A household is a family, a person or a group of persons sharing an account which consolidates multiple financial items.
What is a Person?
A person is a member of the household.
What is Household Income?
A household income is a measure of the combined incomes of all people sharing a particular household. It includes every form of income, e.g., salaries and wages, retirement income, near cash government transfers like food stamps, and investment gains.
What is Household Expenses?
Household Expenses is a per-person breakdown of general living expenses. It includes the amount paid for lodging, food consumed within the home, utilities paid and other expenses.
What is a Financial Asset?
A financial asset is a non-physical asset whose value is derived from a contractual claim, such as bank deposits, bonds, and stocks. The financial assets of a household is a combined measure of the assets of every household person member.
What is a Liability?
A liability represents the future sacrifices of economic benefits that the entity is obliged to make to other entities as a result of past transactions or other past events, the settlement of which may result in the transfer or use of assets, provision of services or other yielding of economic benefits in the future. The liabilities of a household is a combined measure of the liabilities of every household person member.
What is an Insurance?
An Insurance is a contract providing a guarantee of compensation for specified loss, damage, illness, or death in return for payment of a specified premium. Insurance payments and returns of all household person members sum up to household insurances.
What is a Scenario
A Scenario is a collection of household financial items and milestones. The purpose of a scenario evaluates the expected value of a proposed investment or business activity.
What is a Goal?
Goals are the key milestones in a household’s future plans. They represent the major aspirations of the household, and may vary over time.
How can I execute a simulation of my scenario?
After the creation of all business entities of my scenario, I can execute the simulation via the API as described here.
How can I see the simulation results of my scenario?
After the execution of my scenario, I can retrieve my goals' achievability via the API as described here. On top of this, I can get details of the simulation results in form of income statements and balance sheets of a household.
Scalability
How are backend systems and applications protected from API traffic spikes?
API traffic spikes are handled via load-balancing and high availability mechanisms. Envizage service in a highly available kubernetes cluster. Multiple instances (containers in kubernetes Pods) of each microservice run in the cluster for load balancing and high availability. Computational nodes that run our instances span across multiple availability zones.
How does throttling help me?
Throttling mechanisms can guarantee that excessive data rate from one data source that may be compromised will not affect the other tenants and the service itself.
What happens if a large number of end users try to invoke my API simultaneously?
Although excessive workload from many users is handled via load-balancing and high availability mechanisms, the API also throttles requests for each clients individually. Each account tier has its own throttling limits set which can't be exceeded.
Management and Operations
How can I monitor my APIs?
Monitoring information is accessible via the Developer Console under the Plan tab.
Are my data backed-up? What is the backup policy?
A continuous backup mechanism takes incremental backups of data in the Envizage cluster, ensuring your data backups are typically just a few seconds behind the operational system. Restore from stored snapshots or from a selected point in time within the last 24 hours is possible at any time.
Security
How do I authorise access to Envizage APIs?
For each new tenant of the system, we issue a pair of ClientId and ClientSecret and then we follow the Client Credentials Grant flow as specified in the OAuth 2.0 specification to create admin account for the new client and then register users under that ClientId. Those admin accounts are able to login and access information about the registered users like user names, emails (if provided) and anonymised access analytics logs.
Is Envizage API usage logged?
All activity by accounts with elevated privileges (admins, client admins and client accounts) are automatically recorded in an audit trails database collection. Extensive (pseudonymised) analytics and metrics are captured as number of logins, registrations, failed login attempts etc in various timeframes. Audit trails and monitoring information is accessible via the Envizage Backoffice and by its management API.
Is my data protected from unauthorized access?
All tenants (clients) of Envizage use the same database instance. There is no hard segregation in the environment between clients, only a rigorously tested logical layer. Envizage ensures the segregation by a set of filters that act as a switch to authorize access to resources based on a client.
There is also a dedicated instance option set up for individual clients which is physically separated from the main multi-tenant instance. Please contact sales for details about this.
Is my data encrypted at rest and in transit?
- API service catalog is served over SSL/TLS connections using a SHA-2 certificate.
- Stateless session management is done with JWT (JSON web tokens) signed with RSA 2048 bits key.
- MongoDB database is encrypted using Transparent Data Encryption (TDE).
- Encrypted AWS EBS volumes are used for our compute nodes.
EU GDPR Regulation
Is Envizage Developer API GDPR compliant?
Envizage runs on the Amazon Web Services global infrastructure platform. All Amazon services are GDPR ready.
What is the purpose of data processing by Envizage Developer API?
Envizage Developer API is a managed service that makes it easy for developers to simulate financial scenarios for household accounts. It does not perform further processing of the household data.
How does Envizage Developer API performs consent management?
Envizage Developer API is ready to integrate with the consent policy of any tenant. Each client can define their own T&Cs and make them available from the Admin Console.
How does Envizage Developer API respects data subject rights and the right to be forgotten?
By deleting the developer account, all data will be hard deleted and no records will be kept.
How does Envizage Developer API ensures data minimisation?
Only data that are necessary for the scenario simulation are required, which is not personal data. Data like year of birth are limited to year granularity while naming participants in the household is not mandatory. Envizage API does not require any form of personal data. Everything built on top of the API is in the client realm hence the client's responsibility.
How does Envizage Developer API ensures data accuracy?
Envizage API allows the end user to modify and correct their data when needed. Subsequent scenarios use the updated information.
How does Envizage Developer API guarantees data residency?
Amazon cloud hosts all Envizage data. Currently our EU customers are served by the EU (Ireland) - eu-west-1 region.
How does Envizage Developer API comply with data breach notification and their strict deadlines?
Envizage has internal policies in place to efficiently deal with data breaches and notify all clients.