System Architecture – Designing A Data Security App Which Speaks To A Number of APIs

I recently took part in the London Business Schools Hackathon, HackLBS. A weekend event, ran by London Business School with the premise of creating products to solve future needs.

London business school hackathon. System architecting

We organised into teams and spent the time designing a product and action plan for starting a company.
My team decided to create a tool which shows users a map of their online presence. A credit check for your online information. The idea behind this is to give people access to some of the information  companies (especially those advertising to them) have on them.
My team won, which meant we took home the prize money of £2,500. We decided to use this money to go forward with creating a startup.
I was the only developer on the team so I was responsible for designing what the System would look like. With the help of our mentors I drew up the architecture of a simple MVP, a webapp which pulled in data from a number of social media APIs.

System Design of the App and Database:

system architecture of a MVP tech startup

How this would work

A user would be presented with a login or Sign up page.

The application would send this login information to the database. To do this it would first it would encrypt this information. It would encrypt it (especially the password) by first creating a HMAC hash then base64 string then url encrypting this. An example of what this code would look like can be found at this git repo.

Then it would create a model which would map to the database and save the encrypted user information to it.

A new view page would then appear asking the user to grant access to their social media accounts.

It would then need to call the social media APIs which have been granted access to. To do this the application must put together API requests to post to the relevant social media servers. An example of how to put together an API request can be found here.
The application would first need to put together the url of the request, ie. the data wanted from the API.
In the case of many APIs It would have to attach an encrypted string containing the users information. This string would either be appended to the end of the query string url or would go in the header of the request.
It would receive the desired information from the API. It would not commit any of this information to a database (in line with GDPR, which also saves money on database storage).
It would post this information from the API to a view that the user would see.
This view for now could be a simple web page. The web page would display the users information as a visual map of the users social media footprint.
This is an over-view of my first attempt to understand the steps in building an application which makes a number of API calls then displays this data to a website.