Efiling – Web Based Company Formation Software
Prior to Xyroh, Andy was the founder of dotUK (A software development firm based out of Yarm and Stockton on Tees here in the North East), again specialising as a developer in mobile apps, web applications and desktop software for a number of business clients – this is one of those portfolio case studies
Summary
Efiling is an award winning online company formations software product that was originally developed by dotUK and had undertaken a number or significant revisions and expansions in the lifetime of the product
Technical
Client Efiling Ltd – Online Company Formations Software
Platforms Web, Web Services, Kashflow, XML Gateway
Technologies PHP, CSS, JQuery, Javascript, MySQL, REST API, JSON, Kashflow, SOAP, XML, Python
Development Web Development, Web Services Integration, Kashflow Integration, Companies House Integration
Case Study
The Efiling Web Based Companies House Software product was initially conceived with the core functional requirements of offering a web based medium through which instruction to the Companies House Gateway could be sent, on receipt of which the gateway would act upon those instructions. Examples of commands which could be instructed include;
- Formation of a UK Company (Eg Ltd, Plc etc)
- Add / Modify / Resign a Director
- Add / Modify / Resign a Company Secretary
- Articles of Association & Memorandum
- Change Registered Office
Version 1 of the software, developed exclusively by dotUK was utilising the Companies House Email Gateway, this protocol mean that instructions were issued by embedding commands in the email message subject and the payload (data fields, attachments etc) were embedded in properly formatted email message body. Responses from the Gateway were equally sent via email to a dedicated mailbox which was polled and monitored at the Efiling end.
Efiling is a multi tenanted system, which means the core platform is used by a near unlimited number of brand owners / companies withcompany formation needs. To function in this way data security and segregation is paramount as under no circumstances can data ‘leak’ between tenants on the system, and we built robust practices and data references into place to ensure this never happened. It also added significantly to the complexity of the system as we then had to manage website templates, company names, Companies House account details, email addresses and domains to manage, in essence near every variable in the system had to be configurable on a per tenant basis.
Billing for orders was another challenge to be managed, end user payments were taken by credit card on order, however brand owners were split between pre-pay (An account with a preloaded positive balance of funds) and credit accounts (Accounts with a preset maximum negative balance according to their credit limit), so we built a complex accounting structure that allowed for both charging models, and of course all associated reporting, statements, and invoicing required. Pricing levels (Both to Efiling, and charged by tenants to their clients) was also configurable and changeable on demand.
As the product matured additional features were added, which included expanding the standard statutory Companies House product offerings to allow tenants to offer bespoke, bundled packages, which included their own value add services (eg Company Secretarial, Mail Room services, offline products such as bound articles, hard copies of certificates etc). These were managed on a per tenant basis so significant upgrades to the tenant administration tools were made, and also to Efiling’s own system administration tools which sat above the tenants as an overview.
Soon Companies House began the process of decommissioning the email gateway service, which worked well, but was limited in terms of speed of service due to the delays faced in email delivery, and introduced a new XML based gateway. This gateway is in essence a secure web service that listens real time for commands sent direct over https (secure web traffic) and using documented (mostly!) XML documents as the payload. The benefits this service offered were that responses to instruction delivery were often available instantly, and it allowed us the option to ‘poll’ the gateway periodically for updates as opposed to wait for an email to arrive. It also increased reliability as we were communicating direct with the gateway as opposed to the round robin route email can on occasion take. dotUK were heavily involved in this transition, and the opportunity was taken to significantly improve other areas of the system such as document generation and storage.

Unfortunately it became apparent as the project progressed that some areas of the new gateway functionality were incomplete, undocumented, or not tested which meant we were frustrated in our ability to communicate progress to the client. However we took steps to optimise our time as efficiently as possible and made sure that we managed the project fully, this included taking responsibility for liaising with Companies House direct (who’s hands were tied by their own third party development team) and on occasion direct with the gateway developers themselves. Ultimately we were able to build and conclude testing of instructions in parallel with Companies House as we moved towards the deadline for switch off of the old email service. This was a regulatory deadline and was immovable.
Since then we have also been involved in other third party integrations, such as feeding bank account application into the Barclays Business accounts service (again an XML based gateway) and integration with the Kashflow web based accounts software using their SOAP based API. The advantages of using Kashflow were that it meant tenant accounting transactions were ultimately delivered direct into their accounts package, new customers automatically created, invoices and credits posted, thus automating tenant admin processes, actually reducing the amount of functionality required within the Efiling Back End, and actually adding significant value to the proposition.
For more information about Efiling, or to enquire about licensing their web based company formation software technologies please visit www.efiling.co.uk
H Jarvis Web Based Support Software and Customer Portal
Prior to Xyroh, Andy was the founder of dotUK (A software development firm based out of Yarm and Stockton on Tees here in the North East), again specialising as a developer in mobile apps, web applications and desktop software for a number of business clients – this is one of those portfolio case studies
Summary
H Jarvis, a North East and Marske based Quality Windows and Doors manufacturer head a need to improve upon existing quality control and customer support processes, increase efficiencies in service engineer response, and to allow end users to self service their own support cases
Technical
Client H Jarvis – North East based window fabricator
Platforms Web, Web Services, Outlook Calendar Sync
Technologies PHP, CSS, JQuery, Javascript, MySQL, REST API, iCal / Webcal, JSON
Development Web Development, Web Services Integration
Case Study
H Jarvis are a multi site company with bases of operation in Marske (North East England) and Blantyre (Scotland), and had an existing interconnected IT infrastructure linking the two sites. With that in mind it made sense to build a Web Based Software Solution, in this case utilising dotUK’s own bespoke web services framework.
This framework, built for purpose, is built upon a PHP, MySQL REST based API framework that allows seamless, consistent, and secure data exchange from the hosted API hub and the end client’s browser. Again utilising PHP and JQuery in the web client we were able to offer an improved experience to the end user, without the traditional stop, start, or click and wait frustrations of traditional web software. Functionality wise have built a central support system for all sites which registers and manages all currently active customer support cases, with SLA support and comprehensive management reporting. In addition to case reporting the system also offers manufacturing build orders for remedial work and iCal calendar synchronisation with Outlook.
Fitter appointments are booked by the agents on an informed intelligence basis to minimise unwanted travel time by allocating cases to geographic zones and forward looking appointments to ensure that fitters are booked in when next in the appropriate locale. This appointment picking process also includes real time estimates of travel time so the most informed appointment booking decision can be made.
End use wise the system also includes a web based portal for key clients to view and manage their support cases, including any updates, notes or case changes. This allows end users real time access to updates when they need it, yet at the same time freeing Agent staff from fielding update enquires directly .
The solution is built upon dotUK’s managed web services platform hosted in the North East which allows for scalable database clustering, high availability, and includes 24/7 monitoring and management, and full data backups to an offsite datacentre
You get what you pay for – Mobile App Security
You get what you pay for – App Security
In the course of work this week I had a cause to audit an iOS App that a prospect had had developed by a local competitor here in the North East, the reasoning for this was that the prospective client was looking at moving the hosted back end (ASP .Net, SQL Server – standard stuff) and wanted a price.
The purpose of the audit was to check what network connections the app was making, and correlating with what I knew about the backend hosting, just to make sure there were no surprises, we didn’t have the source code for either end yet, it was just a pricing exercise at this point (As it happens the App is written using PhoneGap so we did have the source code, but my route was quicker).
So, I installed the app, redirected my iPhone through a proxy server, and fired up the app – and proceeded to stare in horror. The app instantly, on first run fired up an un-encrypted, un-authenticated connection to the backend host and promptly downloaded the usernames, password, emails, and more for every user in the system. It then keeps a copy of these locally, and uses those details to authenticate later.
Why is this bad, in laymans terms, because anyone, on the internet, who knew the url the app uses could download the same list. Would people be interested in logging in to this system? Probably not, do people use the same username and password for Amazon, Tesco, Online Banking – absolutely, and there’s the problem.
Solutions, well it’s about paranoia, but key areas;
- Authentication – Implement simple basic authentication so that the app logs in to the webservice it pulls the data from.
- Https – Implement and SSL connection, then at least all traffic too and fro is encrypted (important as Basic Authentication is over plain text, so without https it’s still sniffable)
- Change the login mechanism to completely remove the need to download all user info at all.
What’s really frustrating though, and actually makes the ‘You get what you pay for’ title of this post a misnomer, is this wasn’t a cheap solution. The client paid a very reasonable amount for this app and solution. This is the sort of thing we see, and sadly expect, when a ‘cheap’ solution is offered as a counter to ours. We’re not expensive, but not cheap, we do do things correctly though. It’s a classic case of the customer not knowing what they’re not getting, they trust, and assume that a professional job is being done, without really asking too many questions about why it’s cheap.
In this case no excuses though, I’ll not name anyone, and we’ve raised the issue with the client – We certainly won’t be taking on the hosting until it’s resolved!
Andy Flisher is a Software Developer based in the North East of England with over 20 years software development experience. He is available for hire and specialises in cross platform mobile app development, web applications, desktop software, bespoke cloud architecture solutions and providing outsourced project management services.