Get Started. It's Free
or sign up with your email address

1. Flow Register

1.1. Mandatory field

1.1.1. First & Last Name Email Password & re-type password

1.1.2. Link for Sign up

1.2. Validation

1.2.1. Hidden password character

1.2.2. Email already registered

1.2.3. Can't left blank

1.2.4. Invalid character

1.2.5. Password didn't match

1.3. Redirection

1.3.1. Resend Email

1.3.2. Back to Home

2. Flow Login

2.1. Element Design

2.1.1. Email & Password

2.1.2. Link for Forget Password

2.1.3. Link for Register

2.2. Test Case

2.2.1. Wrong Email or Password Can't left blank

2.2.2. Email/Account is inactive

2.2.3. Hidden password character

2.3. Flow

2.3.1. Login Action 1. Input Username/Email and password 2. Validate input 3. Submit to API 4. If credential is not valid, then display the error messages 5. If credential is valid, then redirect to profile page

2.3.2. Redirection OTP (Fresh account/if applicable) Home

3. Flow Social Login

3.1. Element Design

3.1.1. provider_type provider_id provider_token

3.2. Test Case

3.2.1. provider_type can't be blank provider_id can't be blank provider_token can't be blank

3.2.2. Registered User using social login, can't change the password

3.3. Flow

3.3.1. If user is not exist, create the user

3.3.2. If user is exist, login the user

4. Flow Create Data

4.1. Test Case

4.1.1. Duplicate data

4.1.2. Allow emoji

4.1.3. ACL / Permissions

5. Flow Delete Data

5.1. Rule

5.1.1. Avoid hard delete

5.1.2. Change the status of data to disabled

6. Flow Update Data

6.1. Test Case

6.1.1. Data not exist

6.1.2. Partial update

6.1.3. Allow emoji

6.1.4. ACL / Permissions

7. Flow Search

7.1. Rule

7.1.1. Partial Text or Full Text Search

7.1.2. Search URL must be copied

7.1.3. Pager should be exist if data is more than 1 page

7.1.4. Page count should be exist if data is exist

7.1.5. Display the search query information

8. Flow Payment

8.1. Test Case

8.1.1. Data must be synchronized between payment gateway and local db

8.1.2. Payment notification (email, sms) etc)

8.1.3. Amount mest be same

8.1.4. OTP/3d secure

8.1.5. Payment Failed (Fraud, expired, limit, etc)

9. Flow Coupon

9.1. Test Case

9.1.1. Coupon Expiry

9.1.2. Max Usage

9.1.3. Platform based (web, mobile app, etc)

9.1.4. Unique user

9.1.5. Minimum amount

9.1.6. Specific product / product type

10. Flow Multi Currency

10.1. Source

10.1.1. Use 3rd Party to get today currencies

10.2. Backend

10.2.1. Use cron to update daily currencies

10.2.2. Calculate the price as today currencies

10.2.3. Recomended to save the base price in 1 currency

10.2.4. Should use 1 currency as base price

11. Flow Multi Language

11.1. Backend

11.1.1. Source XLS Google Spreadsheet

11.1.2. Return message code

11.1.3. Language ID must be provided when request notification API

11.1.4. Provide the dictionary as .json file

11.2. Frontend

11.2.1. Parse the .json file as dictionary and translate to selected language

11.2.2. Translate the message code into string

12. Flow Third Party

12.1. Provide key - secret

12.2. env dev & prod

12.3. save the data to local?

13. Flow Admin

13.1. Display data list

13.2. Create data

13.3. Update data

13.4. Delete data

13.5. ACL / permissions

14. Flow Error Message

14.1. error field and message must be shown

14.2. inline in field or alert

15. Flow Order

15.1. Anonymous Checkout

15.2. Need Cart?

15.3. Save user address?

16. Project Management

16.1. Initiation

16.1.1. Flow business process

16.1.2. Design

16.1.3. Database / source data

16.1.4. Backend (API)

16.1.5. Third party

16.1.6. Define project team (internal & client)

16.2. Kick Off

16.2.1. Mapping documentation

16.2.2. QA business process QA design QA automation unit testing

16.2.3. Client confirmation

16.3. Development

16.3.1. Create communication channel

16.3.2. Create Zoho project

16.3.3. Split task for each team member (designer, slicer, backend, frontend)

16.3.4. Request testing to QA when flow is completed

16.4. Monitoring

16.4.1. Developer have to update To-Do Today

16.4.2. Developer have to start the log hours and update task status into "on progress" when task is going on

16.4.3. Developer have to posting comment on the related task when the task is completed

16.4.4. Project Manager control developer about task progress or if any blocking happen

16.4.5. Daily scrum meeting if needed

16.4.6. Review and filter any feedback from client according to mapping document

16.5. Reporting

16.5.1. Weekly report

16.5.2. Send the application under testing (apk or url)

16.5.3. Report task list of the week

16.5.4. Report project progress in percentage

16.5.5. Report task status

16.5.6. Report known/happening issue

16.5.7. Report if any blocking

16.6. Deployment

16.6.1. Deployment documentation

16.6.2. Final flow testing according to UAT

16.7. Closing & Delivery

16.7.1. Berita acara serah terima (BAST)

16.7.2. Business process document

16.7.3. Deployment document

16.7.4. API document

16.7.5. UAT from the client side

17. Server

17.1. Development

17.1.1. Auto deploy on git push

17.1.2. Logging

17.1.3. Auto restart container on crash

17.2. Production

17.2.1. Run as non root user

17.2.2. PM2 run as systemd daemon

17.2.3. Bind service to localhost

17.2.4. Use special key for deployment

17.2.5. Use ecosystem.js for Nodejs project

17.2.6. Use HTTPS for every domain

17.2.7. Logging

17.2.8. Setup utility script (cron, backup) if necessary

17.2.9. Monitoring

17.2.10. Firewall

18. Design

18.1. Text & Localization

18.1.1. All sentences must be end with proper punctuation mark

18.1.2. No grammatical/spelling errors

18.1.3. All label written with Upper case in first letter

18.1.4. Text must be fit the screen

18.1.5. All text must be readable

18.1.6. Consistency Text, Alignment, Margin and Font

18.2. Field & Button

18.2.1. Add placeholder for ease of use

18.2.2. Button is touchable friendly

18.2.3. Inactive button/linktext that can't be clicked should be grayed out

18.3. Screen

18.3.1. There must be feedback for empty state of function Search, List, Retrieve Detail

18.3.2. Make sure all design mock ups is retrieved for potrait/landscape or both

19. Mobile

19.1. App

19.1.1. Write code as simple as possible to make app size is not big

19.1.2. Keep all label text in dictionary

19.1.3. Use readable variabel and name function

19.1.4. Give comment to each function for future use

19.1.5. Make reusable component / class

19.1.6. Keep all configuration variable in one file / class (ex: baseURL)

19.1.7. Handling when app is loading, empty state, if data not found or failed

19.1.8. Delete console log on release version

19.1.9. Camera should have resize & rotate feature

19.1.10. keystore should be uploaded into git

19.2. Error Pages

19.2.1. Should handle every possible error that happened in the app

19.3. Form

19.3.1. Validate inputs on submit

19.3.2. Should consider to disable whole page / part based on requirement

19.4. 3rd Party Library

19.4.1. Check the best library that will be used among the other library and make sure it still supported

19.5. Privacy Data

19.5.1. Only save token / other general setting, don't save user privacy data on the app

20. Backend

20.1. Database

20.1.1. Table name must plural

20.1.2. Table name should be snake case

20.1.3. Foreign key must have table prefix

20.1.4. Avoid subquery

20.1.5. Avoid SUM in query

20.1.6. Implement COUNT in query, rather than code level

20.1.7. Avoid using select *, all columns must be written explicitly

20.1.8. Index should be added

20.1.9. Avoid big query, separate the query using code

20.2. Authentication

20.2.1. JWT

20.2.2. Secret must be different for production and development

20.2.3. Use Header to send the Authorization

20.3. API Response

20.3.1. Single data must be an object

20.3.2. Multiple data, must be an array

20.3.3. HTTP status must be 200 for success

20.3.4. Output field must be same with input field

20.3.5. Response time should be 200-300ms

20.3.6. Error message should contain the invalid field name and message

20.4. API endpoint

20.4.1. Path must be plural

20.4.2. Path must use dash if needed

20.5. App

20.5.1. Cron is separated from main app

20.5.2. Enable Log Log request client, response server, and execution time

20.5.3. Do not use STATIC files on node.js, use CDN instead

20.5.4. Use config file or .env

20.5.5. Monitor the app status (using statuscake, etc)

20.6. Promise

20.6.1. Avoid async/await in model

20.6.2. Implement async/await in controller level

20.6.3. Wrap all independent promise in Promise.all

20.6.4. Add promise timeout if possible

20.7. 3rd Party

20.7.1. All requests must implement timeout

20.7.2. Should check the timezone for 3rd party

20.7.3. All request and response from 3rd party should be recorded to log

20.8. Image Processing

20.8.1. Avoid Base64, use form-data instead

20.8.2. Recommended to use cloud CDN (AWS, etc)

20.8.3. Should have image resize from backend to optimize mobile image?

20.9. PM2

20.9.1. Should implement cluster mode

21. Frontend

21.1. App

21.1.1. Use single config file or .env if supported, Do not hardcode.

21.1.2. Log the error (using sentry or bugnsag)

21.1.3. Do not use STATIC files on node.js, use CDN instead

21.1.4. Do not forget to delete console.log on production

21.1.5. Handle difference between loading and empty state

21.2. Error Pages

21.2.1. Should handle every error status on specific page

21.3. Form

21.3.1. Validate on form submit

21.3.2. Should disable whole page actions

21.4. 3rd Party Library

21.4.1. Use single coding rules, and linter

21.4.2. Check the github repo first if it still supported or not

21.4.3. Determine if it really used for one function or benefit the whole project

21.5. Privacy Data

21.5.1. Don't save anything beside token on cookie

22. QA

22.1. Kick Off

22.1.1. Checking Flow Business process

22.1.2. Checking Design

22.2. Test Execution

22.2.1. Functionality UAT Test Case (Positive) Test Case (Negative) Test Case (Destructive) Test Scenario Localization Third Party Unit Test

22.2.2. Non- Functionality Perfomance/Load Test Stress Test

22.3. Defect Reporting

22.3.1. Record defect

22.3.2. Follow up old defect in next version

22.3.3. Verify defect list from client

23. Monitoring

23.1. database

23.2. Status Cake

23.2.1. third party

23.2.2. server

23.2.3. api

23.2.4. web

23.3. server load