Integration Architecture
- Store credentials + metadata securely in the database
- Provide typed settings objects for runtime code (no direct
IOptions/Configurationreads) - Allow admins to rotate keys from the UI with instant cache invalidation
- Offer light-weight state helpers instead of bloating
StateService
| Component | Location | Responsibility |
|---|---|---|
IntegrationKeyValues table |
Data/ApplicationDbContext.MainEntities.cs |
Persists encrypted key/value pairs with scope, rotation metadata, timestamps |
IntegrationKeyValueService |
Domain/Integrations/Services/IntegrationKeyValueService.cs |
CRUD ops, encryption/decryption, rotation helpers, DTO mapping |
| Typed providers | e.g., RingCentralSettingsProvider, DocuSignSettingsProvider under Domain/Integrations/*/Services
|
Translate DB rows into strongly typed Settings objects, cache with IMemoryCache, expose Invalidate()
|
| Integration services | e.g., RingCentralService, EPayPolicyService, DocuSignService
|
Consume providers, build HttpClient calls, retry policies, DTO mapping |
| UI/admin | Profile → Integrations pages (Domain/Profile/Components/SystemSettings.razor, Payments.razor, etc.) |
Capture credentials, toggle features, call Invalidate() on save |
| Scoped state helpers | e.g., RecentPaymentsState, DocuSignEnvelopeState
|
Cache frequently displayed data for Homepage widgets without bloating StateService
|
- Seed the table with placeholder keys (migration or admin UI).
-
Admin enters actual credentials via the UI →
IntegrationKeyValueService.UpsertAsyncencrypts and stores them. -
Provider (
GetAsync) pulls rows, validates required keys, applies defaults (base URLs, timeouts), caches the typed settings for a short TTL. -
Service obtains settings, configures HttpClient from
IHttpClientFactory, executes the call, logs failures, and returns domain models. - UI/Workers consume the integration service/state helper.
- Settings model – define a record/class (Enabled, BaseUrl, ApiKey, extra toggles).
-
Provider – implement
IIntegrationSettingsProvider<TSettings>; use_cache.GetOrCreateAsyncto cache results. -
Service – inject provider +
HttpClientFactory, handle retry/backoff, log errors usingILogger<T>. -
Admin UI – add a tab or section under Profile → Integrations with Fluent UI form controls; call
Invalidateupon save. -
State/UI – where widgets need cached data, create a small state service (similar to
RecentPaymentsState). -
Health – optional
IHostedServiceto ping the integration and emit warnings if credentials fail.
- Settings provider:
Domain/Integrations/ePayPolicy/Services/EPayPolicySettingsProvider.cs - Service:
EPayPolicyServicefetches recent transactions + builds paylinks - State:
RecentPaymentsStatecaches transactions for Homepage widget - Admin UI: Profile → Payments populates
IntegrationKeyValues
- Provider ensures Client ID/Secret/Base URI/Extension are configured
-
ChatService.RingCentralfetches tokens using provider values, caches them, and pushes events to SignalR + Tray - Gateway handles incoming webhooks and relays them via SignalR hubs (
Quickfire.Gateway/Controllers/SmsWebhookController.cs)
- Provider stores
IntegratorKey,UserId,AuthServer, RSA keys -
DocuSignServicehandles JWT auth + envelope APIs -
DocuSignEnvelopeRefreshWorkerrefreshes envelope status for Homepage widget
- Each provider logs warnings if required keys are missing or disabled
- Services log upstream failures with correlation IDs – search for
[Integration]in logs - UI optionally surfaces "Disconnected" badges when providers throw
IntegrationDisabledException
-
IntegrationKeyValueServiceencrypts data at rest; never log raw secrets - Only expose secrets in UI to admins
- When running desktop installs, secrets still come from the DB – configure the local DB with safe defaults before shipping
Follow this blueprint whenever new APIs (carrier portals, CRMs, payment gateways) are onboarded.