SYSTEM ARCHITECTURE • SECURITY & SCALE

A modular service architecture prepared for operational scale.

Review how the platform segments client applications, NestJS API services, transactional databases, and third-party gateways to secure cashless payments and handle growth.

Infrastructure View

Interactive Architecture Navigator

Click on system layers to inspect grouped services, details, databases, and secure payment authorization boundaries.

System Topology Diagram

Modular Service Architecture

INFRASTRUCTURE:NestJS-Ready Service Architecture
This interactive diagram represents the 4-layer system architecture of the SLA-Driven Home Services Operations Platform platform. Layer 1 is the Experience Layer including Flutter apps and Next.js portals. Layer 2 is the API and Service Layer representing NestJS modules for SLA matching, payments, and quality checks. Layer 3 is the Transactional Data Layer comprising PostgreSQL relational storage, Redis cache, and S3 document hosts. Layer 4 is the Gateway Integration Layer containing payment gates, SMS dispatchers, and logging nodes.
Detailed Layer Inspection

Experience Layer

Cross-platform mobile apps and Next.js operations consoles.

Customer Flutter App

Provides service discovery, Riyadh zone geocoding pin-points, cashless checkout integration, and technician tracking.

Vendor Flutter App

Coordinates onboarding KYC, sector check-ins, job dispatch notifications, and material costing ledger uploads.

Admin Next.js Portal

Live operations command console for manual dispatch matching, document approvals, and complaints moderation.

Security Enforcement Gate
JWT Tokens Verify
Role-Based Auth
OTP Throttling
Encrypted Transport
Client Layer

Frontend Application Experience Layer

The frontend comprises cross-platform mobile client applications and high-fidelity web consoles:

Customer App

Built with Flutter. Coordinates search catalog navigation, geofence selection, and online checkout gateways.

Vendor App

Built with Flutter. Manages KYC document wizard submissions, zone checks, and extra-cost invoicing.

Admin Portal

Next.js web application. Main interface for manual dispatch monitoring, document review, and payout releases.

Corporate Portal

Next.js progressive web application for corporate account managers to track invoices and branch budgets.

Logic Layer

NestJS API Modular Backend Services

The backend uses a NestJS-ready modular service architecture running on Node.js. Business logic is isolated into self-contained service packages to prevent system tightly coupled dependencies:

AuthenticationHandles password hashing, token validation, and OTP verification rates.
Catalog & KYCSupervises service category taxonomy definitions and vendor credentials check fields.
Location & SLASupervises radial searches, active zone checks, and delay alarm exceptions.
Platform SettlementAuthorizes payment checkouts, holds platform commission splits, and tracks payouts.
Data Layer

Data Management & Storage Boundaries

PostgreSQL Relational

Stores high-integrity relational records: user accounts, active booking jobs, financial ledger logs, tiered subscriptions, complaints, and corporate profiles.

Redis In-Memory Array

Handles high-performance, short-lived operations variables: volatile technician coordinate points, OTP rate-limit logs, active SLA clocks, and zone coverage weights.

S3 Secure Storage

Hosts and protects sensitive attachments: driver/vendor KYC registration files, physical receipt photographs, and original site diagnostics images.

Integrations Layer

Gateway Integrations & Interfaces

System integrations connect the platform core to standard municipal and commercial services via secure interfaces:

Online Payment GateManages cashless transactions and token settlement hold authorizations.
Riyadh Geocoding APITranslates sector coordinate ranges into micro-zone grids.
SMS & OTP DispatcherTransfers OTP validation checks to customer mobile devices.
Centralized LoggingTracks error traces and health indicators to secure system uptime.
Security Gates

Administrative Security Enforcements

Multiple layers of access controls shield the platform databases and operations portals from malicious actions:

JWT Access & Refresh

Mobile client apps authenticate requests via cryptographic JWT headers, utilizing short-lived access periods and refresh tokens.

Role-Based Auth (RBAC)

Enforces least privilege: administrative console options are limited based on specific dispatcher credentials.

Secure Storage Authorization

S3 document buckets are private. Access to KYC records or receipts requires signed time-locked URI parameters.

System Reliability

Operational Reliability & Backups

Production Deployment Safeguards

The platform runs in separate Development, Staging, and Production environments. Systems are Docker-ready to facilitate deployments. To guarantee data preservation, automated routines execute daily SQL backups, coupled with weekly encrypted document exports and strict data retention controls.

Scale Strategy

Modular Scaling Roadmap

To handle growth without premature microservices overhead, the platform follows a structured scale path:

1. Modular Monolith / Service-Oriented CoreRun unified logic processes inside a single application server, separating modules by service boundaries.
2. Decoupled Message WorkersDelegate resource-intensive tasks (e.g. notifications, OTP alerts, calendar sweeps) to background worker queues.
3. Isolated Domain MicroservicesSplit high-demand endpoints (such as SLA matching or platform settlement ledgers) into independent microservices when warranted by transaction load.
Previous PageAdmin Operations & Analytics
End of Case Study

Have a complex workflow that needs a custom platform?

We can map your operations, design the software architecture, and build the dashboards, apps, and automation layers needed to run it.