PSI Integration - Booking Events API

The PSI integration is a “2nd class citizen” in LearningBuilder. It requires some advanced configuration in LearningBuilder and some AWS configuration, but does not require any client-specific customization of core files.

The first implementation is for ABPANC - https://heuristicsolutions.atlassian.net/wiki/spaces/LBIA/pages/2256831000

Related:

https://heuristicsolutions.atlassian.net/wiki/spaces/LBDEV/pages/1779138720

https://heuristicsolutions.atlassian.net/wiki/pages/createpage.action?spaceKey=TO&title=IaC%20for%20Client%20Lambdas

https://heuristicsolutions.atlassian.net/wiki/pages/createpage.action?spaceKey=TO&title=IaC%20Development%20Environment%20Setup

 

Executive Summary

The PSI integration consists of three pieces:

  • Eligibility: A “Send To Queue” Behavior that uses a Template to construct an API call, notifying PSI of a candidate’s eligibility to test

  • Booking: An AWS Lambda that receives scheduling information and can store that information in Workflow attributes

  • Exam Results: Uses RabbitMQ and the XAPI interface

This document describes the technical architecture of the integration and the instructions for implementing it.

Setting up the integration takes approximately <TODO>.

 

Technical summary

PSI has a webhook that makes a single API call whenever the booking information has been updated. This endpoint is protected by Basic Authentication and accepts the NoficationRequest payload format defined by PSI https://apidocs.psiexams.com/booking-events-service/resources/notificationrequest?v=latest.

To support the performance and security requirements of the integration, the following components have been created.

  1. AWS Http Gateway - HTTP GATEWAY Receives requests for the booking process. Configured to use the LearningBuilder-Basic-Authorizer for security and to call the LearningBuilder-PSI lambda.

  2. PSIConfig - DYNAMODB Stores the configuration data for the PSI process. Uses domains to support multiple clients.

  3. LearningBuilder-Basic-Authorizer - LAMBDA UNIVERSAL Extracts a LearningBuilder API Key from the Basic Auth header and confirms it has the rights to complete the process. For PSI, it needs to be able to call the XAPI API.

  4. LearningBuilder-PSI - LAMBDA

    1. Converts NotificationRequest payload into an XAPI payload

    2. Send XAPI Request to LearningBuilder. XAPI/Post - Executes a specific XAPI Request.

    3. Returns success, fail, or bad request status

This Lambda is not part of the core LearningBuilder solution, but is designed so that it can be reused by multiple clients. It does not contain any client-specific code in the Lambda function itself.

1 XAPI: This integration was initially completed for ABPANC

 

Configuration Instructions

Step 1: LearningBuilder Authentication Configuration

We are using the built in API Keys to manage security for the feature.

  1. Create a new Authorization Rule Set (/SysAdmin/Authorization/Rules) for PSI.

    1. Determine who needs to be able to run the feature and add the appropriate role. If PSI does not have an account inside LearningBuilder, you may want to restrict it to System Administrators.

    2. Add the XAPI permission and add a custom permission called PSI

  2. Create an API Key (/Admin/Profile/ApiKey) for the account that will be used to process scheduling event

    1. Create a Key for the PSI Authorization Rule Set

       

Step 2: LearningBuilder Workflow Configuration

  1. Add Booking Attributes to the Learning Plan Workflow Step that is awaiting the Test Results.

Step 3: Configure AWS

3.1: Configure DynamoDb

  1. Add Configuration to DynamoDb table PSIConfig in AWS

    1. Add Domain that uses the client’s Client ID

    2. Add the LearningPlanId and ActionId values. The Perform Step Action needs to know which Learning Plan Definition and Action to use.

    3. Add LbDomain of the LearningBuilder Instance

    4. Add the Attribute Mappings for each Attribute we want to set. The Mappings include the attribute name and the XPath value of where the value is located in the Registration Status Export.

Lambda Configuration in DynamoDb

Notification Request

Lambda Configuration in DynamoDb

Notification Request

 

3.2: Configure authentication

  1. Confirm that the LearningBuilder-PSI and LearningBuilder-Basic-Authorizer AWS lambdas have been installed. Production only needs a single instance of both lambdas.

  2. Confirm that the LearningBuilder-PSI-API API Gateway has been installed.

    1. There should be routes defined for Scheduling and Health

    2. Both routes should be protected by the LearningBuilder-Basic-Authorizer AWS lambda as an authorizer

    3. Both routes should be configured to integrate with the LearningBuilder-PSI AWS lambda

Appendix A: PSI Scheduling Logging

All the PSI Scheduling Logs are located in CloudWatch. Each component has its own Log Group. AWS lambdas LearningBuilder-PSI and LearningBuilder-Basic-Authorizer. Each Registration Status Export triggers the following log messages.

  1. Booking. We store everything that is sent to the endpoint before any processing or analysis occurs. This prevents us from losing any data that is sent to the lambdas.

  2. ProcessSchedule. We log the XAPI request.

  3. ProcessResponse. We log the XAPI responsed.