API Interface Landscape Diagram
End-to-end API and interface view showing frontend access to secured
CMS backend services, internal domain and platform APIs, storage
access interfaces, identity endpoints, outbound delivery interfaces,
and observability ingestion
🔌
Frontend, Services, and External Interfaces
FRONTEND-FACING API INTERFACES
React SPA
Frontend consumer of controlled CMS APIs for all user-visible
screens and actions
API
CMS Backend APIs
Primary frontend-facing secured APIs exposed by CMS backend
services for UI screens, workflows, and operational actions
REST / JSON Contract
Main application contract between browser and secured CMS
backend services
Authenticated API Calls
Requests are sent with token-backed identity context rather than
anonymous access
The React frontend accesses secured CMS backend APIs, which route
requests to the appropriate domain and platform services.
INTERNAL APPLICATION API LANDSCAPE
Internal service interfaces used by protected backend flows across
domain and platform services
PRO
Profile API
Profile and contextual user data
ROS
Roster API
Roster and schedule interfaces
ATT
Attendance API
Attendance and status interfaces
EVT
Events API
Event-related service interface
PRD
Productivity API
Operational KPI and productivity access
WF
Workflow API
Submission, transition, tracking, and status endpoints
NT
Notification API
Internal notification reads, state updates, and trigger
interfaces
DOC
Document API
Upload, metadata lookup, and secure retrieval interfaces
SRV
Internal Service Contracts
Protected service-to-service interfaces between CMS domain and
platform services
Internal services reach data systems and external interfaces only
through backend-managed access interfaces, not through direct browser
calls.
DATA ACCESS INTERFACES
Fabric Access Interface
Read-only backend data-access interface for curated enterprise
analytical datasets
DocumentDB Access Interface
Operational read / write interface for workflow state,
notifications, preferences, and metadata
ADLS Access Interface
Backend-controlled upload / download and file object access
interface for document content
IDENTITY & SECURITY INTERFACES
Azure AD Auth Endpoints
SSO, token issuance, and identity validation interfaces
JWT
Token Validation Interface
Protected APIs validate bearer tokens before serving business
requests
RBAC
Backend Authorization Enforcement
RBAC and ABAC are enforced directly within CMS backend services
for protected APIs, workflows, and document access
SEC
Protected Interface Boundary
The browser is outside the trust boundary; protected interfaces
are enforced server-side
EXTERNAL INTEGRATION INTERFACES
Infobip API
Outbound delivery interface used by notification flows for
asynchronous message dispatch
Datadog Ingestion Interface
Logs, traces, metrics, and observability signals are exported to
Datadog
MON
Monitoring & Alerting Interfaces
Operational telemetry, alerting, and trace visibility are
handled through centralized observability integrations
INTERFACE LANDSCAPE PRINCIPLES
1
UI Uses Secured Backend APIs
The browser consumes secured CMS backend APIs rather than
directly accessing internal services or enterprise data
platforms
2
Services Keep Clear Boundaries
Internal APIs stay separated by domain and shared-platform
responsibilities
3
Data Access Is Mediated
Storage and analytics platforms are reached through backend
interfaces, not direct client access
4
External Calls Stay Downstream
Delivery and observability integrations are downstream of
protected backend business decisions
Frontend-facing interfaces
Internal application APIs
Data access interfaces
Identity & security interfaces
External integration interfaces
Landscape principles