The reward points mean nothing without an owner. This person is most likely an employee of a business partnering with the reward points accumulation and redeeming service. The service delivers a comprehensive one-stop-shop for reward points and recognition programs. This makes it easy and consistent for businesses to follow and sign up for the program. This makes the reward point services truly global and offered as a software-as-a-service.
The identity and Access Management is a critical requirement for this service without which the owner reference cannot be resolved. But this identity and access management does not need to be rewritten as part of the services offering. An identity cloud is a good foundation for IAM integration and existing membership providers across participating businesses can safely be resolved with this solution.
The use of a leading IAM provider for Identity cloud also helps with the integration of on-premise integration of applications. The translation of the owner to the owner_id required by the rewards service is automatically resolved by referencing the identifier issued by the cloud IAM. Since the IAM is consistent and accurate, the mappings are direct and accurate. The user does not need to sign in to generate the owner_id. They can be resolved with the integration of the membership provider which is on-premise for the organization such as with Active Directory integration to the identity cloud. Since the integration of different applications for enterprises is expected to be integrated with the Active Directory or IAM provider, the identity cloud can be considered as global for this purpose. The identities from different organizations will require to be isolated from each other in the identity cloud. The same convention can be leveraged by the reward points services.
The difference between a B2B and a B2C reward points service stands out when the user does not have to register into yet another portal albeit for rewards. With the integration of enterprise-wide IAM to an identity cloud provider and the availability of attributes via SAML, the mapping of reward points to rewards becomes automatic. Together with the automatic collection of user activities from a variety of enterprise deployed applications, the reward points become increasingly significant and appealing to use.
We assume the reward points balance is maintained accurately in the data layer. The service accumulating and redeeming from this balance update the same source of truth. Both the services recognize the same owner for the reward points because they use the same identity cloud. The redeeming service focuses on making one or more debits against the reward points balance. As long as the reward points store consistently handles the debit and the credit, the granularity of debits does not matter to the debits against the balance.
This redeeming service simply creates, updates, and deletes a debit entry record in the ledger holding the reward points as long as the rewards added to the cart by the cart service can be honored. This is a simple online transaction processing system that brings the database guarantees to the ledger.
The database should have change data capture and some form of audit trail. This is essential to the redeeming service because it prevents the detection of misuse. A debit should only be processed when all the security measures have passed.
The redeeming service supports use-cases for reversal. In such cases, the entry may simply be removed from the ledger. The guarantees from the ledger are sufficient to ensure consistency. In the long run with expanded use cases, reward points may enable multiple stores and their carts to use the same service. In such a case, the microservice architecture for redeeming reward points will be helpful.
The redeeming service can be simply written as a model-view-controller with the debit as the model. The controller has actions specific to list, create, update, delete, and get by id. The list action will support ordered and paged entries as well as query parameters. The views are for administrative purposes.
This session identifier is usually obtained as a hash of the session cookie. And is provided by the authentication and authorization server. The session identifier can be requested as part of the login process or by a separate API Call to a session endpoint. An active session removes the need to re-authenticate. It provides a familiar end-user experience and functionality. The session can also be used with user-agent features or extensions to assist with authentication such as password-manager or 2-factor device reader.
There are certain options other than build-your-own service. These options provide the ability to distribute a debit to multiple stores. For example, the Stripe Connect API allows the routing of reward points like payments between the owner and the recipients. Since the participating stores fulfill these orders independently, the reward points redeeming service concerns itself only with owners and their reward points.