API Interface Landscape Diagram

End-to-end API and interface view showing frontend access through APIC and the dedicated BFF layer, internal domain and platform APIs, workflow interfaces inside CMS backend services, data access interfaces, identity endpoints, outbound delivery interfaces, and observability ingestion
🔌
Frontend, Services, and External Interfaces
FRONTEND-FACING API INTERFACES
React logo
React SPA
Frontend consumer for screens, dashboards, workflows, notifications, filters, and document actions
APIC
IBM API Connect
Managed API entry layer that exposes secured APIs and forwards requests to the frontend-facing backend layer
BFF
BFF Service
Validates tokens, handles request admission, shapes responses, routes requests, and orchestrates multi-service calls
API
CMS Backend Services
Domain and platform services behind the BFF for business processing, workflow, document, and notification operations
The React frontend accesses secured APIs through APIC, which forwards requests to the BFF. The BFF validates request admission, shapes responses, and routes calls to CMS backend services.
INTERNAL APPLICATION API LANDSCAPE
Internal service interfaces used by protected backend flows across domain services, the dedicated BFF layer, and shared CMS platform capabilities
PRO
Profile API
Profile and contextual user data
ROS
Roster API
Roster and schedule interfaces
ATT
Attendance API
Attendance and status interfaces
EVT
Events API
Event-related service interface
PRD
Productivity API
Operational KPI and productivity access
BFF
BFF Service
Frontend-facing control layer for routing, response shaping, and request admission
WF
Workflow API Layer
Create, submit, approve, reject, assign, reassign, escalate, and query workflow operations
RULE
Workflow Rules / State Engine
Applies lifecycle rules and validates allowed status transitions
TASK
Task / Assignment Handler
Manages ownership, assignees, role-based routing, and reassignment
NT
Notification API
Internal notification reads, trigger handling, and delivery state updates
DOC
Document API
Upload, metadata lookup, secure download, and generated file interfaces
AUD
Audit / Logging API
Tracks business-critical actions, request traceability, and audit visibility
Internal services reach data systems and external interfaces only through backend-managed access interfaces, not through direct browser calls.
DATA ACCESS INTERFACES
Microsoft Fabric
Fabric Access Interface
Read-only backend data-access interface for curated enterprise analytical datasets
DocumentDB
DocumentDB Access Interface
Operational read / write interface for workflow records, workflow comments, workflow status history, requests, notifications, audit logs, preferences, and document metadata
Azure Storage Account Blob Storage
Blob Storage Access Interface
Backend-controlled upload / download and file object access interface for document content, exports, and attachments
IDENTITY & SECURITY INTERFACES
Azure AD
Azure AD Auth Endpoints
SSO, token issuance, and identity validation interfaces
JWT
Token Validation Interface
The BFF validates access tokens and backend services enforce protected business requests
RBAC
Backend Authorization Enforcement
RBAC and ABAC are enforced directly within CMS backend services for protected APIs, workflow actions, and document access
SEC
Protected Interface Boundary
The browser is outside the trust boundary; protected interfaces are enforced server-side through APIC, BFF, and backend services
EXTERNAL INTEGRATION INTERFACES
RX
RX Notification Service API
Outbound delivery interface used by notification flows for asynchronous message dispatch
Datadog
Datadog Ingestion Interface
Logs, traces, metrics, and observability signals are exported to Datadog
MON
Monitoring & Alerting Interfaces
Operational telemetry, alerting, and trace visibility are handled through centralized observability integrations
INTERFACE LANDSCAPE PRINCIPLES
1
UI Uses APIC and BFF
The browser consumes secured APIs through APIC and the dedicated BFF layer rather than calling backend services directly
2
Services Keep Clear Boundaries
Internal APIs stay separated by domain, workflow, document, notification, audit, and backend platform responsibilities
3
Data Access Is Mediated
Storage and analytics platforms are reached through backend interfaces, not direct client access
4
External Calls Stay Downstream
Notification and observability integrations remain downstream of protected backend business decisions and internal workflow handling
Frontend-facing interfaces Internal application APIs Data access interfaces Identity & security interfaces External integration interfaces Landscape principles
This version updates the uploaded API Interface Landscape diagram to include the APIC and BFF frontend flow, internal CMS workflow capabilities, and HLD-aligned data and support interfaces.