Health Campaign - High Level Design
The high level design is divided into:
Master data
Registries/entities
Reusable DIGIT services
Form engine support
Multi-tenancy
Android offline first app
Web app - Campaign planning + dashboard
External integration - DHIS2
Base Health Campaign on DIGIT Core 2.8.
Master data categorised on the complexity required to maintain them from the technical perspective.
Simple Masters
Roles
Additional field schemas for different entities
Project task configurations
Project type
Role-actions
Actions
Hierarchical Masters
Administrative boundary and hierarchy
Inter-Linking Masters
Field app config
Service registry
New service.
As users are registered to campaigns, populate the individual registry with basic information about them.
This registry is the first step towards the long term plans in DIGIT to move non users of the system away from the User service. However, due to the current dependency on User service for authN and authZ among other things, this registry will be a wrapper over the User service.
New service.
Collection of Individuals living together (potentially receiving shared campaign intervention).
New service.
Needed to model storage Warehouses through which stock moves.
New service.
Needed to model the resources that are distributed as part of projects both as part of stock movement and actual distribution to beneficiaries.
New service.
Models how services and benefits are typically distributed to citizens by governments.
Contains multiple endpoints within the service to map other entities such as beneficiaries, staff, facilities, resources to the projects.
New service.
Track inflow and outflow of stock resources.
Many of the DIGIT-Core services can be reused without any changes. Some of them could be extended and enhanced to support the required features.
digit-mdms-service
Digit-location / boundary service
digit-access-control
Zuul API Gateway
digit-idgen
digit-persister
digit-indexer
digit-localization
DSS
Signed Audit
No existing services being enhanced.
The Health Campaign system does not make heavy use of workflows. Most flows in v1 are single actor and end after a single step (i.e. submitting collected data).
Form engine support was pushing out timelines and has been dropped from v1 scope.
The proposal is to have a single installation to support multiple countries and multiple health campaigns within these countries. Different campaigns will need to share registries.
Leveraging multi tenancy support in DIGIT for this.
Android app is proposed to be modelled on mGramSeva app and will be built in Flutter.
This app will be used in areas with limited or no internet connectivity and hence will need to work while offline. Users will sync the data collected offline when they are in an area with network connectivity.
SQLite will be used to model structured data and ISAR will be used for unstructured data.
Out of scope for v1.
The field workers will need to see dashboards based on the data stored in the offline database. Library - TBD
Out-of-scope for v1.
The app will have some custom screens to capture information around the campaign plan.
DSS dashboards are planned to be leveraged for reporting dashboards.
This will be added to implementation scope.
A server should be responsible to handle or offer a mechanism to handle errors once data reaches it. (Error handling mechanism is being designed by the platform).
Sync will be manually triggered by the user (except for automatically syncing configuration down on the first login).
Sync down of data is not required to support (good to have) the first rollout.
Sync will be done through bulk APIs.
Sync will send each save action performed by the field user while offline to the server to preserve an audit of actions performed by the field user.
Eg: If a field user registers an individual and saves the record and then goes back to update the individual, this will result in two API calls to the server (one create and one update).
API response compression Gzip will be turned on for all the endpoints.
Unique identifier to be used between client and server:
A Client will create a unique (client-generated) identifier per entity (clientReferenceId) to relate entities while operations are being performed offline and send this id to the server for creating operations.
Any subsequent operations (like update, delete) will be on the server gen id, so the client has to get the server gen id by searching using the client generated id. The client will call search API with clientReferenceId and will get the server generated id.
Client will update the server-generated id into the records on the client and use the server-generated id for subsequent updates for those entities.
Processing on the backend will continue to be asynchronous and not changed for the health use case.
Search API max limit and the default limit.
Service details and endpoints.
Service details and endpoints.
Number of entities sent to the server in bulk API calls
Additional fields per entity in the app.
The drop-down values or select options to be presented in the app for field users.
Configuration changes are expected to be additive for the data captured against such configuration to continue being usable.
Number of retries on API call failure after which the app should stop retrying.
Timeout for the API calls.
Access to data will be defined by the linkages of staff to the project and the corresponding boundary while respecting role-action mappings instead of the tenant-based approach.
All deletes are soft deletes.
The server is responsible to delete nested/child entities if applicable when the parent entity is deleted.
Undeletion is not permitted.
Duplicate updates do not need to be detected or filtered out. The client is responsible to send duplicate updates on entity as separate requests to server.
Since persistence in DIGIT is asynchronous but the sync process from the field worker app is likely to send dependent data in a short period, a cache is to be introduced against which dependent data can be validated if required while it is in the process of being persisted to the DB. This cache is exposed via the search API of the corresponding service and the caller is agnostic to whether the result was returned from the cache or database.
For v1, we can maintain the sequence of updates only for requests on a single entity by a single user. i.e. Updates on the same entity by multiple users will result in the last caller's updates going through.
To maintain the sequence of updates, a rowVersion field is introduced in every entity. Callers pass the rowVersion as received from the server. The server can detect if any out-of-sequence updates have come in and reject it / pass it to the error handling mechanism.
Search APIs will not return (soft) deleted data by default. If deleted data is required the includeDeleted param can be passed to the search APIs.
From the Product requirement perspective, there is no unique identification identifier, so Platform is unable to check the uniqueness of registry entities.