I was approached to create a proof-of-concept for a lead generation website. At debate, was whether we should duplicate an existing solution that is developer intensive, slow to market and difficult to manage or create a new lightweight solution.
I chose the quick to market solution. It was easier to use, run, and keep up over the long term.
The idea was simple; create a website, embed a form and send the form submissions to an API endpoint for risk analysis. But, because we are talking about financial data and (PII) Personally Identifiable Data, there are special considerations regarding security.
WordPress was going to be the CMS from the beginning. The only question was where to host WordPress. I was considering two implementation options:
- Host on Soc 2 Type 2 compliant WPEngine, use Gravity Forms with the Encrypted Fields plugin.
- Host on Flywheel, use a Soc 2 Type 2 compliant third-party form builder.
Offloading the security compliance onto the third-party providers made my job much easier and liability much less a concern. So, I chose Option 2 and hosted on Flywheel.
But after deeper evaluation, I realized that the third-party solutions only export JSON, and we needed XML. With Gravity Forms directly integrated into WordPress, I was able to add my own code to the theme’s functions.php. However, with the managed third-party solutions I wasn’t able to add custom code. I used Pipedream.com as “middleware” to convert the JSON from the form submissions into XML that we consume.
WordPress on Flywheel
Flywheel is my preferred hosting choice because of the tools it provides, like LocalWP. And, if I need more power, I can upgrade to WPEngine, the only other host offering the same tool set.
Formsort.com
Formsort is an easy-to-use, drag-and-drop, Soc 2 Type 2 compliant form builder that captures, stores and transmits data securely. I named the fields after the XML nodes. I needed the enterprise plan to use custom validators for some form fields.
Pipedream.com
I needed middleware to convert the JSON form Formsort to XML that the final endpoint required. Pipedream provides a URL to collect HTTP or webhook requests and inspect them in a human-friendly way. It can also connect to APIs, run code and return a custom responses on each request. I used Pipedream to:
- Setup Endpoint 1 for converting and transmitting the form submissions
- Run a code step that converts the JSON to XML
- Run a code step that builds the expected XML payload
- POST the XML payload
- Receive XML payload at Endpoint 2, acting as a backend system
ChatGPT
Of course, I used ChatGPT to get this done. I’m not a developer, but I know how to build things. I understand what needs to happen and how to get it done. If was a developer, I’d be afraid, very afraid. You can see the entire chat at https://chatgpt.com/share/672a7837-7b10-8003-905b-7308be1bc63c
