Dynamic Sequence – Workflow Submission

Crew Management System – end-to-end workflow request submission through the secured frontend API path, BFF token validation and request admission, backend workflow validation and RBAC + ABAC authorization, Temporal workflow orchestration, workflow state persistence in Azure DocumentDB, notification triggering, optional outbound email delivery through RX Notification Service, observability / audit capture through Datadog, and final user confirmation returned to the React Single Page Application.

User

Authenticated user submits a workflow-driven request from the CMS screen

Browser / React SPA

Captures form input, sends the secured request payload, and displays the returned workflow status

Akamai

Public edge entry applying WAF, DDoS protection, bot filtering, and secure routing

Azure Application Gateway

Protected origin ingress with WAF before traffic reaches private AKS-hosted application entry points

IBM API Connect

API exposure, governance, and controlled forwarding for frontend-facing workflow APIs

BFF Service

Validates Azure AD access token, admits the request, and routes workflow submission requests to backend services

Workflow Service

Validates request rules, enforces backend authorization, starts workflow processing, and coordinates next actions

TMP

Temporal

Dedicated workflow orchestration platform handling state progression, retries, long-running flow coordination, and durable execution

Azure DocumentDB

Stores workflow requests, lifecycle state, tasks, comments, status history, and operational application data

Notification Service

Creates internal notifications and coordinates optional outbound email delivery related to workflow events

RX Notification Service

Enterprise provider used for outbound email delivery in the current CMS scope

Datadog / Audit

Captures logs, traces, workflow execution visibility, retries, and audit outcomes

Returned Result

Final workflow confirmation, request reference, and initial workflow status returned to the user

1. User submits workflow request

User submits a workflow-driven request from the CMS screen

2. Frontend sends secured request

React SPA sends workflow submission request with Azure AD access token and request payload

3. Protected frontend API path

Request passes through Akamai → Azure Application Gateway → IBM API Connect

4. BFF receives request

BFF receives the secured workflow submission request

5. Token validation and request admission

BFF validates token signature, issuer, audience, expiry, claims, and request admissibility

6. Route to Workflow Service

BFF forwards the request to Workflow Service

7. Validate business rules and backend authorization

Workflow Service validates request data, business rules, and backend RBAC + ABAC authorization

8. Start workflow orchestration

Workflow Service starts the workflow through Temporal orchestration

9. Temporal initializes durable workflow state

Temporal initializes workflow execution, state progression, and retry-aware orchestration

10. Persist initial workflow state

Workflow Service writes workflow request, initial status, and operational state to Azure DocumentDB

11. Storage acknowledgement

Azure DocumentDB confirms workflow state persistence and returns workflow reference data

12. Trigger workflow notifications

Workflow Service invokes Notification Service for workflow-related internal notifications

13. Create internal notification state

Notification Service creates internal notification content and notification state

14. Optional outbound email delivery

Notification Service optionally triggers outbound email delivery through RX Notification Service

15. Outbound delivery acknowledgement

RX Notification Service returns delivery acknowledgement or provider reference

16. Emit workflow observability and audit

Workflow execution, retries, notification triggers, and trace data are sent to Datadog / audit path

17. Return workflow reference and initial status

Workflow Service returns workflow ID and initial status to the BFF

18. Return final payload to frontend

BFF returns workflow confirmation, request reference, and initial status to the React SPA

19. Show confirmation to user

React shows confirmation, workflow reference, and initial state to the user

Workflow ownership and orchestration: Workflow Service owns validation and submission handling, while Temporal is responsible for durable workflow orchestration, retries, and long-running process coordination.

Operational persistence: Azure DocumentDB stores workflow requests, state, tasks, comments, and operational workflow data. Microsoft Fabric is not used as the operational transactional store for workflow submission.

Notification pattern: Internal notification generation is triggered as part of the workflow flow, while outbound email delivery through RX Notification Service remains an optional downstream delivery path.

        User action
        Frontend / browser
        Edge security
        Ingress / API gateway
        BFF processing
        Workflow service
        Temporal orchestration
        Operational storage
        Notification service
        External delivery
        Observability / audit
        Returned result
      

This workflow-submission sequence reflects the HLD-approved flow: the React SPA submits the request through Akamai, Azure Application Gateway, IBM API Connect, and the BFF, Workflow Service validates the request and starts orchestration through Temporal, Azure DocumentDB stores workflow state, Notification Service handles internal notification creation, RX Notification Service handles optional outbound email delivery, and the final workflow reference and initial status are returned to the user.