#How might I let a user select which third-party data to save, while ensuring it's authentic data?

Hey folks, my application fetches a user's bank transaction data, shows it to them, and asks them to select relevant transactions (e.g. monthly payments). I want to save the selected transactions, but not save the rest of them (to minimise data retention). I'm trying to figure out the best way to design this in Elixir/Phoenix. So far my ideas are:

1. Store all transactions in the database, then remove the ones that aren't selected, paired with a task that deletes old transaction records in case the workflow is abandoned by the user
2. Store all transactions in an ETS table / Cachex, and verify the user's selections before persisting the selected records into the database
3. Fetch the transactions twice: before presenting them to the user, and again after the user makes their selection
4. Sign each transaction with a secret key, and have that signature included in the user's selection, which I'll use to verify the transaction data hasn't been tampered with before saving to the database

Is there a more tried-and-tested approach for something like this? Or does one of the above sound reasonable?

3 seems to have one feature others don't: If a transaction is changed between you fetching them and user selecting and submitting them, you may know.

Interesting point 🤔 In this case, the user is selecting historic monthly payments, so they’re beyond the period where they could change, but that could certainly happen for more recent transactions.

Tbh, im with @frail mesa on this one.

Rough sketch on how i would do stuff at first glance:

• Fetch all the transaction and cache only their transaction ids
• Have the user select from the list of transactions and only send the transaction ids back
• Compare that all the transaction ids you have recieved are in the list of the ones you sent to the user beforehand
• Refetch the transactions via their ids
• Proceed with business logic.

Benefits i see with this approach

• Only the ids are actually retained in a cache
• You dont need to faff about with any kind of signature verification (as you can reasonably assume that the transaction ids you get from the bank are valid, and you are comparing them with what the user sends you back)
• Tamper Proof (see above)

(tho take this with a grain of salt, i kinda just pulled it out of my back pocket xD)

Thanks @normal dome that makes sense. Unfortunately, the third party API doesn't allow fetching specific transactions (only by start/end datetime), but that could still work.

right. Well my primary goal was to keep actual transaction data out of the cache (both from an accountability / privacy perspective, and from a technical perspective in the direction of invalid / changed transactions)

Ah, i see