- 08
- March
When the Office of the Permanent Secretary, Ministry of Higher Education, Science, Research and Innovation (MHESI) sought to truly digitize its human resource management, the most critical challenge was that personnel data was scattered across two systems — the Digital Personnel Information System (DPIS) operated by the Office of the Civil Service Commission (OCSC), and the internal Saeree ERP system used for organizational management. Grand Linux Solution Co., Ltd. developed an automated data integration system capable of handling tens of thousands of records, with full decryption of encrypted data from DPIS.
Background: Why Integrate with DPIS?
DPIS (Digital Personnel Information System) is a human resource information system developed by the Office of the Civil Service Commission (OCSC) to serve as the central database for civil servants nationwide. Every government agency is required to record personnel data in the DPIS system, including personal history, position history, salary, educational qualifications, and family information.
For MHESI, which uses the Saeree ERP system for internal HR management, the situation was that staff had to enter the same data twice — both in the DPIS system and in the internal ERP system. This resulted in:
- Redundant work — HR staff had to key in identical data in two separate systems
- Data inconsistency — Updates made in DPIS were sometimes not reflected in the ERP system, or vice versa
- No single source of truth — There was no central reference database to verify the accuracy of personnel data
Client's Requirements
"We need the personnel data in our ERP system to be current and consistent with the DPIS data from the Office of the Civil Service Commission, without requiring staff to enter data twice. The system must be able to pull data automatically."
6 Technical Challenges
Connecting to the DPIS Open API is not a typical REST API integration. DPIS has several specific requirements that needed to be addressed:
1. Fully Encrypted Data
DPIS returns all data in encrypted form. Every API response must be decrypted before the actual data becomes visible. The development team had to handle the entire decryption process:
- Generate encryption keys according to DPIS specifications
- Decrypt data using the standard algorithm specified by DPIS
- Handle padding that does not conform to standard libraries
- Develop a fallback mechanism in case the primary decryption fails
2. Non-Standard API Format
Unlike typical REST APIs that separate URLs by resource, DPIS uses a unique API format. The development team had to design a flexible endpoint management system to systematically handle dozens of DPIS endpoints.
3. Pagination for Large Data Volumes
MHESI's personnel data contains tens of thousands of records (employees x multiple history records). DPIS limits the amount of data returned per request, so the development team built an Automatic Pagination system that automatically fetches all pages until complete.
4. Cross-System Employee Matching
The DPIS system and the ERP system use different employee reference codes. The development team created a matching mechanism using a shared unique identifier present in both systems to link data between them.
5. Nine Data Dimensions with Different Sync Strategies
Some data types have a 1:1 relationship (one record per employee), such as General Information, while others have a 1:N relationship (multiple records per employee), such as Salary History and Education History. The development team designed 2 Sync Strategies appropriate for each data type.
6. Transaction Atomicity and Error Recovery
When syncing large volumes of data, errors may occur along the way. The system must support rollback of only the problematic portion without affecting other data that has already been successfully synced.
Architecture Developed
The Grand Linux development team designed a three-tier integration architecture that works together systematically:
[DPIS Open API] Digital Personnel Information System
↓ Encrypted Response + Access Token
[API Layer] API Integration Layer
• Login → Obtain Access Token
• Data Decryption
• Transform data into ERP-compatible format
↓ Decrypted Data
[Backend] Data Processing Layer
• Match employees between both systems
• Automatic Pagination (fetch all pages)
• Group data by employee
• Distribute data to 9 Sync Handlers
↓ Save Data
[Database] HR Database
• 8 HR tables covering 9 data dimensions
[Frontend] Data Verification Screens
• 9 DPIS data verification screens
• Scheduler management system
9 Dimensions of Personnel Data Synced
The system developed supports synchronization of data from DPIS covering 9 key dimensions, each with a sync strategy designed for optimal results:
| # | Data | Relationship | Sync Strategy | Incremental |
|---|---|---|---|---|
| 1 | Salary History | 1:N | Delete + Insert | Supported |
| 2 | Position History | 1:N | Delete + Insert | Supported |
| 3 | Education History | 1:N | Delete + Insert | - |
| 4 | General Information | 1:1 | Update Only | Supported |
| 5 | Family Information | 1:N | Delete + Insert | Supported |
| 6 | Children Information | 1:N | Delete + Insert | - |
| 7 | Training History | 1:N | Delete + Insert | - |
| 8 | Royal Decorations | 1:N | Delete + Insert | Supported |
| 9 | Personal Information | 1:1 | Update Only | Supported |
2 Sync Strategies
- Delete + Insert — For 1:N data (e.g., Salary History with multiple records per employee). Deletes all existing data and inserts fresh data from DPIS, ensuring 100% data consistency.
- Update Only — For 1:1 data (e.g., General Information). Updates only the fields sourced from DPIS without affecting other data entered by staff directly in the ERP system.
Key Techniques Used to Solve Problems
Decryption Pipeline
The heart of the system is the decryption of data from DPIS. The development team built a highly resilient Decryption Pipeline:
- Receive Encrypted Response from the DPIS API
- Generate Encryption Key according to DPIS specifications
- Decrypt Data using the specified standard algorithm
- Handle Padding requiring special case handling
- Fallback — If the primary decryption fails, the system automatically switches to a backup channel
Incremental Sync
The system supports Incremental Sync by recording the last sync date. This allows the system to fetch only data that has changed since the last sync, dramatically reducing processing time and data volume.
Employee Matching with Cache
Before starting the sync process, the system builds a cache of all employees in the ERP system using a shared reference code as the key for matching with DPIS data.
This approach enables rapid employee lookup even with thousands of employees. DPIS data without a matching employee in the ERP system is skipped and counted in the report.
Transaction Management
The system manages transactions by endpoint (not by employee). This means that if Salary History sync succeeds but Education History fails, the salary data is already committed, while the education data is rolled back and the error is reported to the system administrator.
Monitoring and Logging System
To enable system administrators to track sync status in detail, the development team designed a 3-level monitoring system:
- Real-time Console Output — Live display during the sync process with timestamps at every step
- Log File — Detailed log records stored as files in the system for retrospective search and review
- Email Notification — Automatic summary email sent upon sync completion, specifying the number of records successfully processed, skipped, and those with errors
DPIS Data Verification Screens
Beyond the backend process, the development team also created 9 data verification screens for HR staff to review data synced from DPIS:
- Salary DPIS — Displays salary adjustment history from DPIS
- Position DPIS — Displays position history including appointments, promotions, and transfers
- Education DPIS — Displays educational qualifications at all levels
- Employee DPIS — Displays Line ID, Line Token, and phone number
- Family DPIS — Displays information about parents and spouse
- Children DPIS — Displays employee's children information
- Training DPIS — Displays completed training courses
- Insignia DPIS — Displays Royal Decorations history
- Info DPIS — Displays contact information and employment status
Every screen displays the last sync date so staff can see how current the data is, with filtering support by department/division.
Results Achieved
9
Data Dimensions
Auto-Synced
40
DPIS Endpoints
Supported
0
Duplicate Data Entry
Required
100%
Data Consistency
with DPIS
- Reduced staff workload — No more duplicate data entry across two systems, saving significant working time
- Up-to-date data — ERP system data is always consistent with the OCSC's DPIS database
- Full auditability — Every sync operation has complete logs and audit trails, allowing administrators to review any past sync
- Incremental Sync — Supports syncing only changed data, reducing processing time from tens of minutes to just a few minutes
- Error Recovery — If an error occurs on one endpoint, the system continues syncing other endpoints without stopping the entire process
Technology Used
| Layer | Responsibility |
|---|---|
| Backend (Java) | Batch sync processing, transaction management, and database persistence |
| API Layer | DPIS API connectivity, data decryption, and authentication |
| Frontend | DPIS data verification screens and scheduler management |
| Database | HR data storage and DPIS sync tracking |
| Security | Data encryption/decryption and token-based authentication |
Lessons Learned
From the experience of developing this DPIS integration system, the development team gained several important insights:
- Don't assume external APIs follow standard REST conventions — Government agency APIs may have unique formats that differ from common standards. System design must be flexible with a proper abstraction layer.
- Data decryption is not straightforward — When an API encrypts data using methods that differ from standard libraries, debugging takes longer than expected. Always prepare a fallback mechanism.
- Incremental Sync is a must-have — For large data volumes, full sync can take tens of minutes. Incremental sync reduces processing time by 10x.
- Transactions should be separated by domain — Don't commit or rollback the entire process. Separate transactions by endpoint so that successful portions are not affected by failures elsewhere.
- Monitoring must cover 3 levels — Real-time (console), persistent (log file), and notification (email). Missing any one level makes it difficult for administrators to troubleshoot issues.
Summary
The integration of DPIS with Saeree ERP for MHESI is an example of Enterprise Integration that addresses multi-level complexity — from data decryption, pagination, and cross-system employee matching to fault-tolerant transaction management. The result is an HR system with up-to-date data that is consistent with the government's central database, truly reducing the workload for staff.
- Grand Linux Solution Development Team
If your organization needs to integrate your HR system with DPIS or requires an ERP system that supports API integration with external systems, you can schedule a demo or contact our consulting team to assess your requirements and plan your implementation today.
