https://github.com/benfoster/o9d-guard as an example

The varying schema per account identifier type is a pain to work with:

        public class AccountIdentifier
        {
            public AccountIdentifier(string type)
            {
                Type = type.NotNullOrWhiteSpace(nameof(type));
            }

            /// <summary>
            /// The type of account identifier
            /// </summary>
            public string Type { get; }
            
            /// <summary>
            /// 6 digit sort code (no spaces or dashes)
            /// </summary>
            public string? SortCode { get; set; }
            
            /// <summary>
            /// 8 digit account number
            /// </summary>
            public string? AccountNumber { get; set; }
            
            /// <summary>
            /// Valid International Bank Account Number (no spaces). 
            /// Consists of a 2 letter country code, followed by 2 check digits, and then by up to 30 alphanumeric characters (also known as the BBAN).
            /// </summary>
            public string? Iban { get; set; }
            
            /// <summary>
            /// Valid Basic Bank Account Number (no spaces). Consists of up to 30 alphanumeric characters, with a fixed length per country. 
            /// </summary>
            public string? Bban { get; set; }
            
            /// <summary>
            /// Valid Polish NRB (no spaces). Consists of 2 check digits, followed by an 8 digit bank branch number, and then by a 16 digit bank account number. 
            /// Equivalent to a Polish IBAN with the country code removed.
            /// </summary>
            public string? Nrb { get; set; }
        }

We could provide a factory method to map a generic number parameter to the correct property based on the type

We still have a bunch of file names with True_l_ayer

ApiClient is designed to be as agnostic as possible to the underlying APIs it calls. We currently pass a Functionality enum to support URI selection. This should be moved to the corresponding Client class so that we avoid having to change ApiClient every time we extend the SDK.

Increase our test coverage around the testing of records (nullable fields) and enums (snake case, unmatched values etc.)

We can implement token caching to avoid obtaining a token for every API call (which will also give Auth API a breather)

A number of the payment request fields can be of differing types each with a unique set of fields. We can either adopt pseudo union types (class with every possible field) where this complexity leaks to the client of create static helpers / factories that leverage generic to handle the differing schemas.

I'd lean towards the latter as it's a better experience for the developer.

We need to review whether the configuration is flexible enough to support all of TrueLayer's APIs. I know Payments and Data share the same Client ID/Secret but is it possible that these will conflict with other APIs (Pay Direct?).

It may be beneficial to model the configuration based on the feature:

{
    "TrueLayer": {
        "UseSandbox": true,
        "Payments": {
            "ClientId": "xxx"
        }
    }
}

To avoid unintentional bad requests, we should use constructor parameters for any required fields on API Requests

https://pay-api-specs.t7r.dev/mvp/#operation/get-operating-account

ISO 4217

See https://devblogs.microsoft.com/dotnet/performance-improvements-in-net-6/#peanut-butter

Sdk and Sdk.Tests. We can then set the root namespace to TrueLayer in the csproj.

Namespacing should then follow the functional area e.g. TrueLayer.Payments

Current version requires mono to be installed

• Full Deposit details schema (currently missing a few fields)
• Providers endpoint (see if we can leverage model from payments)
• Query transactions
• Webhook Payloads
• Set up or update automated account sweeping
• Get automated account sweeping details
• Disable automated account sweeping

Covering:

• Use of records
  • Classes for request objects, or anything that is mutable
  • Records for response objects, or anything that is immutable
• When fields should be nullable, init, use of constructors
  • Constructors for any mandatory API fields (use acceptance tests to validate compatibility)
  • Fields should be null if they can be null / are optional
  • Use of nullable
  • Init should be used in cases for response objects where the field should be set on construction but we are using public setters (may not be necessary if we use shorthand record initialisers)
• When multiple types per file are allowed and impact on user experience
  • Multiple types per file can be used when the types are nested
  • Nested types can be used when the type is only ever used within the context of the parent type
  • To avoid naming conflicts when nesting types with properties e.g. you can use the Request or Response suffix for example, public AccountRequest Account {get;set;} equally a Details or Summary suffix may be fair.
  • In cases, where nested types are used within nested types, choose the depth that makes sense to preserve the heirarchy
  • If the type should be shared outside of the context of the top level type, it should be moved but note that this is a breaking change

• Naming conventions

• Record type constructor injection warning - tests should validate mapping
• Naming of request/response objects vs resources e.g. InitiateDepositRequest/Response vs Deposit
• When should an enum be used vs constants (e.g. strings on response - backwards compatibility)

Test what happens when a non-nullable prop inside a response record is not initialized during deserialization.

One thing to consider is how we handle response fields that we know will never be null but still need to support deserialization and avoid the issues associated with using constructors.

References

• https://www.meziantou.net/csharp-8-nullable-reference-types.htm

https://pay-api-specs.t7r.dev/mvp/#operation/create-payout

https://pay-api-specs.t7r.dev/mvp/#operation/list-operating-accounts

This is just a nitpick (I blame MS for this one!) 😄

We've agreed that backend clients will be named "Libraries" rather than "SDKs". Given that Library is overly generic I would suggest the following:

• Assembly: TrueLayerSDK -> TrueLayer.Client

When referring to the library we called it the "TrueLayer .NET Client" or "TrueLayer Client" when the .NET is inferred.

If we're happy to target .NET Core 3.0 onwards we can leverage HttpClientFactory that is included in .NET Standard 2.1

https://docs.github.com/en/communities/setting-up-your-project-for-healthy-contributions/setting-guidelines-for-repository-contributors

We should not be using snake_case properties as this goes against standard .NET Conventions. The JSON serialiser can handle snake case automatically and bind to Pascal Case properties.

Requires Java

• Account Types
• Remitter / Beneficiary
• Statuses
• Provider response

We will also need to move validation outside of the DI wireup as features that require specific options may not be used by the developer e.g. Payout signing key id

For PayDirect we're loading the cert from a string on every signed request. This can be optimised.

Missing steps:

• get payment status
• fetch providers list

Add the user agent

name: truelayer-sdk-net
version: The assembly version

https://pay-api-specs.t7r.dev/mvp/#operation/get-payout

e.g. GetPaymentToken?

Generally this provides a nicer developer experience than passing a new object

For APIs leveraging client-credentials authentication, it should be possible to obtain these automatically on behalf of the developer without an explicit call. We can also implement token caching to avoid obtaining a token for every API call (which will also give Auth API a breather)

Resources

• https://identitymodel.readthedocs.io/en/latest/aspnetcore/worker.html
• https://leastprivilege.com/2020/05/18/automatic-token-management-for-asp-net-core-and-worker-services-1-0/

https://www.scottbrady91.com/C-Sharp/PEM-Loading-in-dotnet-core-and-dotnet

Set up build script to run on GitHub actions. Probably worth waiting to move the repo since it will require the setup of secrets etc.

We should find a way to handle errors coming from TL apis.
The following code is commented out at the moment. You can find it here.

var content = await httpResponse.Content.ReadAsStringAsync();
if (httpResponse.StatusCode == Unprocessable)
{
    var error = await DeserializeJsonAsync<ErrorResponse>(httpResponse);
    throw new TruelayerValidationException(error, httpResponse.StatusCode, requestId);
}

V2 payment initiation has request parameters hardcoded. Make it dynamic and test it.

Namespaces: TrueLayer.X
Assembly: TrueLayerSdk

It should be possible to override URLs, specifically so that we can test the SDK against other environments.