Superadmin Billing Rate Update
Author(s)
- Bishwanath Jana
- Arpita Dey
Last Updated Date
2025-06-13
SRS References
- 2.1.2
Version History
| Version | Date | Changes | Author |
|---|---|---|---|
| 1.0 | 2025-06-13 | Initial draft | Bishwanath Jana, Arpita Dey |
Feature Overview
Objective:
Enable superadmin users to view and update billing rates within the SyncExpress system through dedicated backend API endpoints. This feature provides administrative control over billing configurations and ensures proper rate management across the platform.
Scope:
This feature covers the creation of GET and POST API endpoints specifically for superadmin users to retrieve current billing rates and update them as needed. The scope includes authentication, authorization, data validation, and audit logging for billing rate changes.
Dependencies:
- Superadmin role management
- Database access layer
- SyncExpress core application framework
Requirements
- Superadmin users must be able to retrieve current billing rates of each user via GET API
- Superadmin users must be able to update billing rates of each user via POST API
- Only users with superadmin privileges can access these endpoints
- All billing rate changes must be logged for audit purposes
- Introducing the
UserSettingtable to store all user settings-related details of each user, such as the billing rate of a user. - Introducing the
UserSettingsHistorytable to store history of user settings. - Also, provide
BillingRatedetails in the auth token. - Add
BillingRateinhttps://app.syncexpress.net/api/auth/get/user&https://app.syncexpress.net/api/auth/get/userAPIs.
Design Specifications
-
UI/UX Design:
This feature is backend-only and does not include UI components. Frontend integration will be handled separately. -
Data Models:
public record UserBillingRate
{
public required string Email { get; init; }
public Decimal? BillingRate { get; set; }
public string? UpdatedBy { get; set; }
}
public record UserBillingRateDetails : UserBillingRate
{
public required Guid UserId { get; init; }
public DateTime? UpdatedOn { get; set; }
}
-
API Interfaces:
Endpoint Method Parameters Response Response Status Codes /customerGETNone List of BillingRate200,401,500/user/billing/ratePOSTCustomerManagement(string),ratePerUnit(decimal)String(Message)200,400,401,500 -
Third-Party Integrations:
None -
Workflow:
- Superadmin logs in and navigates to the billing management section.
- A GET request is made to fetch current billing rates.
- Superadmin enters a new rate and submits.
- A POST request updates the database.
- A success or failure message is returned.
Development Tasks & Estimates
| No | Task Name | Estimate (Hours) | Dependencies | Notes |
|---|---|---|---|---|
| 1 | Define GET and POST API endpoints | 2 hours | Authentication | - |
| 2 | Implement input validation and role check | 1.5 hours | Task 1 | - |
| 3 | Connect endpoints to DB logic (CRUD ops) | 2.5 hours | Task 1 | - |
| 4 | Add audit logging for update operations | 1 hour | Task 3 | - |
| 5 | Unit and integration testing | 2 hours | Task 1–4 | - |
| 6 | Total | 9 hours | - | - |
Testing & Quality Assurance
-
Unit Tests:
- Validate access control logic (Superadmin only)
- Validate input range and types for rate
-
Integration Tests:
- End-to-end test of GET and POST with mock DB
- Test error and edge cases
-
Testing Tools:
- Postman
Deployment Considerations
-
Configuration Changes:
- Enable role-based access for
/api/v1/admin/billing-rate
- Enable role-based access for
-
Rollout Plan:
- Deploy behind feature flag if needed
- Announce internally to Superadmins
- Monitor logs for update activity
Risks & Mitigations
| Risk | Impact | Likelihood | Mitigation Strategy |
|---|---|---|---|
| Unauthorized rate modification | High | Low | Strict role-based access control |
| Invalid or missing rate input | Medium | Medium | Input validation and error messaging |
| Deployment issues affecting billing logic | High | Low | Isolate feature with clear API contracts |
Review & Approval
-
Reviewer:
Technical Lead, Product Owner, Security Team -
Approval Date:
[To be filled after review completion]
Notes
- This feature requires careful testing of security aspects due to sensitive billing data access
- Consider implementing rate limiting for these administrative endpoints
- Ensure proper monitoring and alerting for billing rate changes
- Document any business rules specific to SyncExpress billing model
- Consider implementing approval workflow for significant rate changes in future iterations