Skip to main content
Version: SyncExpress

Superadmin Billing Rate Update

Author(s)

  • Bishwanath Jana
  • Arpita Dey

Last Updated Date

2025-06-13


SRS References

  • 2.1.2

Version History

VersionDateChangesAuthor
1.02025-06-13Initial draftBishwanath Jana, Arpita Dey

Feature Overview

Objective:
Enable superadmin users to view and update billing rates within the SyncExpress system through dedicated backend API endpoints. This feature provides administrative control over billing configurations and ensures proper rate management across the platform.

Scope:
This feature covers the creation of GET and POST API endpoints specifically for superadmin users to retrieve current billing rates and update them as needed. The scope includes authentication, authorization, data validation, and audit logging for billing rate changes.

Dependencies:

  • Superadmin role management
  • Database access layer
  • SyncExpress core application framework

Requirements

  1. Superadmin users must be able to retrieve current billing rates of each user via GET API
  2. Superadmin users must be able to update billing rates of each user via POST API
  3. Only users with superadmin privileges can access these endpoints
  4. All billing rate changes must be logged for audit purposes
  5. Introducing the UserSetting table to store all user settings-related details of each user, such as the billing rate of a user.
  6. Introducing the UserSettingsHistory table to store history of user settings.
  7. Also, provide BillingRate details in the auth token.
  8. Add BillingRate in https://app.syncexpress.net/api/auth/get/user & https://app.syncexpress.net/api/auth/get/user APIs.

Design Specifications

  • UI/UX Design:
    This feature is backend-only and does not include UI components. Frontend integration will be handled separately.

  • Data Models:

    public record UserBillingRate
    {
    public required string Email { get; init; }
    public Decimal? BillingRate { get; set; }
    public string? UpdatedBy { get; set; }
    }


    public record UserBillingRateDetails : UserBillingRate
    {
    public required Guid UserId { get; init; }
    public DateTime? UpdatedOn { get; set; }
    }

  • API Interfaces:

    EndpointMethodParametersResponseResponse Status Codes
    /customerGETNoneList of BillingRate200, 401, 500
    /user/billing/ratePOSTCustomerManagement (string), ratePerUnit (decimal)String (Message)200, 400, 401, 500
  • Third-Party Integrations:
    None

  • Workflow:

    1. Superadmin logs in and navigates to the billing management section.
    2. A GET request is made to fetch current billing rates.
    3. Superadmin enters a new rate and submits.
    4. A POST request updates the database.
    5. A success or failure message is returned.

Development Tasks & Estimates

NoTask NameEstimate (Hours)DependenciesNotes
1Define GET and POST API endpoints2 hoursAuthentication-
2Implement input validation and role check1.5 hoursTask 1-
3Connect endpoints to DB logic (CRUD ops)2.5 hoursTask 1-
4Add audit logging for update operations1 hourTask 3-
5Unit and integration testing2 hoursTask 1–4-
6Total9 hours--

Testing & Quality Assurance

  • Unit Tests:

    • Validate access control logic (Superadmin only)
    • Validate input range and types for rate
  • Integration Tests:

    • End-to-end test of GET and POST with mock DB
    • Test error and edge cases
  • Testing Tools:

    • Postman

Deployment Considerations

  • Configuration Changes:

    • Enable role-based access for /api/v1/admin/billing-rate
  • Rollout Plan:

    • Deploy behind feature flag if needed
    • Announce internally to Superadmins
    • Monitor logs for update activity

Risks & Mitigations

RiskImpactLikelihoodMitigation Strategy
Unauthorized rate modificationHighLowStrict role-based access control
Invalid or missing rate inputMediumMediumInput validation and error messaging
Deployment issues affecting billing logicHighLowIsolate feature with clear API contracts

Review & Approval

  • Reviewer:
    Technical Lead, Product Owner, Security Team

  • Approval Date:
    [To be filled after review completion]


Notes

  • This feature requires careful testing of security aspects due to sensitive billing data access
  • Consider implementing rate limiting for these administrative endpoints
  • Ensure proper monitoring and alerting for billing rate changes
  • Document any business rules specific to SyncExpress billing model
  • Consider implementing approval workflow for significant rate changes in future iterations