Digital Staff Passport integration testing

If you are integrating an external system with Digital Staff Passport, we'll need to work together to complete a number of testing activities before you can go live.

This applies to integrations using:

• the Digital Staff Passport API standard
• the Digital Staff Passport direct to wallet integration standard

The testing stages are as follows:

• system test (API integration only)
• system acceptance test (API integration only)
• integration test
• business acceptance test
• penetrating test

The following sections explain them in more detail.

This step applies to integration using the Digital Staff Passport API standard.

We expect you to perform a system test of your API and provide us with details of the tests performed.

Your tests should include:

• success scenarios for each operation you have implemented
• failure scenarios for each operation - based on the errors specified in the API standard
• security tests - to make sure unauthorised access is denied - including cross-organisation security testing

Once your testing is complete, you should supply us with a test report showing:

• what tests you have performed
• the status of each test (pass or fail)
• the number of outstanding defects (if any) including severity levels

This step applies to integration using the Digital Staff Passport API standard.

We might perform a system acceptance test of your API using an API testing tool such as Postman.

This would likely include a subset of the tests you performed in your system test.

To support this test, we'll need you to:

• deploy your system to your integration test environment
• set up sufficient test data to support a reasonable set of test scenarios - for example multiple people with the same surname or date of birth
• be available to fix any defects

For integration testing, we'll connect our Digital Staff Passport test environment to your integration test environment and perform a set of test scenarios to make sure key functions are working as expected.

To support this test, we'll need you to:

• deploy your system to your integration test environment
• set up sufficient test data to support a reasonable set of test scenarios - for example multiple people with the same surname or date of birth
• be available to fix any defects

For business acceptance testing, members of our team with a good understanding of the end users will perform ad-hoc tests to make sure the integration meets user needs.

To support this test, we'll need you to:

• deploy your API to your integration test environment
• set up sufficient test data to support a reasonable set of test scenarios - for example multiple people with the same surname or date of birth
• be available to fix any defects

You'll need to conduct vulnerability and penetration testing of the integration aspects of your system:

• before go-live
• regularly - at least annually - after go-live