Dynamic Sequence – Dashboard Data Load

Crew Management System – Home / Dashboard screen request through the secured ingress path, BFF token validation and request admission, backend routing and orchestration, backend RBAC + ABAC enforcement, read-only data retrieval from Microsoft Fabric, aggregation of domain responses, and final dashboard rendering in the React Single Page Application.

User

Authenticated CMS user opening the Home / Dashboard screen

Browser / React SPA

Initiates the dashboard API request and renders the final dashboard view

Akamai

Public edge entry applying WAF, DDoS protection, bot filtering, and secure routing

Azure Application Gateway

Protected origin ingress with additional WAF inspection before AKS access

IBM API Connect

API exposure, governance, controlled forwarding, and frontend-facing API boundary

BFF Service

Validates Azure AD access token, admits the request, routes backend calls, and aggregates responses

PRO

Profile Service

User profile, context, and home-screen summary data

ROS

Roster Service

Roster and scheduling metrics used in dashboard widgets and operational cards

ATT / PRD

Attendance / Productivity Services

Attendance indicators, operational status, KPI summaries, and productivity data

Microsoft Fabric

Read-only enterprise analytical datasets consumed by backend services through curated views

1. Open Home / Dashboard screen

User opens the CMS Home / Dashboard screen

2. Frontend sends dashboard request

React SPA sends dashboard request with Azure AD access token

3. Edge security processing

Request reaches Akamai edge entry

4. Origin ingress inspection

Request passes through Azure Application Gateway (WAF)

5. API exposure and forwarding

IBM API Connect forwards the request to the BFF service

6. BFF receives frontend request

BFF receives the secured dashboard request

7. Token validation and request admission

BFF validates token signature, issuer, audience, expiry, and request admissibility

8. Start backend orchestration

BFF calls Profile Service

BFF calls Roster Service

9. Continue backend orchestration

BFF calls Attendance / Productivity Services

10. Backend authorization enforcement

Backend services enforce RBAC + ABAC before retrieving data

11. Read-only enterprise data retrieval

Backend services query Microsoft Fabric curated read-only datasets

12. Microsoft Fabric returns domain data

Fabric returns domain-specific dashboard data to backend services

13. Service responses return to BFF

Profile Service returns profile and context summary

Roster Service returns roster and schedule summary

14. Additional service responses return to BFF

Attendance / Productivity Services return metrics, indicators, and KPI summary

15. Aggregate frontend-ready payload

BFF aggregates domain responses into one dashboard view model for the UI

16. Return final dashboard payload

BFF returns the aggregated dashboard payload to the React SPA

17. Render dashboard in browser

React renders dashboard widgets, operational cards, filters, and screen content

Single frontend request: The browser does not call multiple backend domain services directly. The React SPA sends one secured request through Akamai, Azure Application Gateway, IBM API Connect, and then to the BFF service.

BFF responsibility: The BFF acts as the frontend-facing API layer, validates the Azure AD access token, performs request admission checks, routes requests to backend services, and aggregates multiple service responses into a UI-ready dashboard payload.

Backend and data responsibility: Backend services remain responsible for business authorization using RBAC + ABAC, and Microsoft Fabric is used only as a read-only enterprise analytical data source for dashboard and reporting data.

        User action
        Frontend / browser
        Edge security
        Ingress / API gateway
        BFF processing
        Backend services
        Read-only data platform
        Returned aggregated result
      