You have chosen to sponsor your bid up to a maximum amount of .
See attached Word Document for more detailed RFP.
ZIP-Codes.com is in need of an API service to provide to customers. This will house all of our U.S. and Canadian Postal Code data with the data being retrievable in several different ways.
We would like to offer two levels of the API: Free and Paid. Both versions will have a daily limit on the # of calls that can be made (that can be overridden).
This project includes developing the main API only. Tie-ins to the website, billing, and some account maintenance functions will be developed in house. These items need to be detailed out, but we will be working closely together.
1. Must be hosted in a cloud environment that can scale to very large demands.
a. Microsoft Azure is one option
b. Other options? Suggestions?
2. Preferred to be developed in .Net
a. C# or VB
3. API Output language will be JSON. If XML can be provided quickly and easily, it should be added. What other formats are common or APIs?
4. Must work with SQL Server 2008 and 2012.
5. Data will be updated monthly and we have U.S. and Canadian data. The schemas for the two main postal code databases are very different while some endpoints must work across both tables.
6. If possible and feasible, developing methods of caching certain data is preferable to speed up the service and reduce processing overhead.
7. Must be able to introduce API Rate Throttling and/or rate limiting.
8. Must be aware of XSS, SQL Injection, Large Payloads, and other threat vectors with ability to protect from these.
9. Must have plan for API versioning. Example: //api.zip-codes.com/1.0/APIEndPoint
Please provide several cost proposals to accomplish the scope outlined below. The budget must encompass all design, production, and software acquisitions necessary for development and maintenance of the web site.
List pricing for:
1. Phase I: Discovery, Requirements Planning & Site Definition
2. Phase II: Site Development, Testing and Deployment
1. Must integrate with ZIP-Codes.com for permissions and API keys
2. API Keys will be limited to # of calls, but we should have the ability to manually tweak these as needed.
3. Full daily usage stats should be able to be retrieved along with # calls since last billing cycle.
4. Ability to turn on detailed stats in case an API key is being abused (IP, what is looked up, timestamps, etc).
We need someone who has had experience developing a commercial API before. We also want to move this info a cloud hosting environment, so knowledge and understanding of this is required. We will need advising and help in not only selecting a provider, but also in the setup and maintenance.