Generated SaaS Microservices¶
Target Architecture — Final-State Design
This page describes the common microservices generated into every SaaS Product. Each is a stamped instance of a ConnectSoft template following Clean Architecture layering. A concrete product contains these spine and supporting services plus its own domain microservices, all generated from ConnectSoft.MicroserviceTemplate.
Every microservice in a Generated SaaS Product is produced from a real ConnectSoft template and follows the layered project layout defined in the naming conventions: Api, Application, ApplicationModel, DomainModel, PersistenceModel.NHibernate, FlowModel.MassTransit, DatabaseModel.Migrations, and Options. They use the product's own namespace (e.g. Contoso.Booking.*), persist via NHibernate to Azure SQL or PostgreSQL, and communicate over MassTransit on Azure Service Bus using the canonical event envelope.
Common generated services¶
| Microservice | Responsibility | APIs | Events | Aggregate Roots | Store | Template |
|---|---|---|---|---|---|---|
| API Gateway | Edge routing, auth token validation, rate limiting, request aggregation | Public REST/gRPC ingress | — | — | Redis (cache/limits) | ConnectSoft.ApiGatewayTemplate |
| Identity Service | Users, roles, permissions, profile, invitations | /users, /roles, /permissions |
UserInvited, UserActivated, RoleAssigned |
User, Role, Permission |
Azure SQL / PostgreSQL | ConnectSoft.IdentityTemplate |
| Authorization Server | OAuth2/OIDC token issuance, consent, clients | /connect/token, /connect/authorize, /.well-known |
TokenIssued |
OpenIddict app/auth | Azure SQL / PostgreSQL | ConnectSoft.AuthorizationServerTemplate |
| Tenant Management | Tenant lifecycle, provisioning, isolation metadata | /tenants, /tenants/{id}/provision |
TenantRegistered, TenantSuspended |
Tenant |
Azure SQL / PostgreSQL | ConnectSoft.Saas.TenantsTemplate |
| Subscription & Billing | Subscriptions, editions, entitlements, metering, billing | /subscriptions, /editions, /entitlements |
SubscriptionActivated, SubscriptionCancelled |
Subscription, Edition |
Azure SQL / PostgreSQL | ConnectSoft.Saas.*Template |
| Configuration Service | Feature flags and configuration settings | /feature-flags, /config |
FeatureFlagToggled, ConfigurationChanged |
FeatureFlag, ConfigurationSetting |
Azure SQL / PostgreSQL | ConnectSoft.MicroserviceTemplate |
| Domain Microservice(s) | The product's specific business logic | product-specific | product-specific domain events | product-specific | Azure SQL / PostgreSQL | ConnectSoft.MicroserviceTemplate |
| Notification Service | Multi-channel templated notifications | /notifications |
NotificationSent |
Notification |
Azure SQL + Blob | ConnectSoft.WorkerTemplate + ConnectSoft.Notifications.* |
| Integration Service | External connections, webhook delivery | /integrations, /webhooks |
IntegrationSucceeded, WebhookDelivered |
IntegrationConnection, WebhookSubscription |
Azure SQL + Key Vault | ConnectSoft.Integration.* |
| Reporting & Analytics | Report definitions, generation, analytics read models | /reports, /reports/{id}/generate |
ReportGenerated |
ReportDefinition |
Azure SQL / PostgreSQL + Blob | ConnectSoft.MicroserviceTemplate |
| Audit Trail Service | Immutable audit record ingestion and query | /audit-entries |
AuditEntryRecorded |
AuditEntry |
Append-only Azure SQL / PostgreSQL | ConnectSoft.Saas.AuditTemplate |
| Health Aggregator | Aggregated health/readiness across services | /health, /health/ready |
— | — | — | ConnectSoft.HealthChecksAggregatorTemplate |
Implementation Notes
Workers are not REST services; they are documented in detail on the Workers page. They are listed in the interaction diagram below because they are first-class generated runtime processes that consume the same Service Bus topics as the services above.
Service interaction diagram¶
flowchart TB
Client["Portals / Mobile / External"] --> Gateway["API Gateway"]
Gateway -->|"validate token"| AuthServer["Authorization Server"]
Gateway --> Identity["Identity Service"]
Gateway --> Tenant["Tenant Management"]
Gateway --> Subscription["Subscription & Billing"]
Gateway --> Config["Configuration Service"]
Gateway --> DomainSvc["Domain Microservice"]
Gateway --> Reporting["Reporting & Analytics"]
DomainSvc -->|"publish events"| Bus["Azure Service Bus<br/>MassTransit"]
Subscription -->|"publish events"| Bus
Tenant -->|"publish events"| Bus
Identity -->|"publish events"| Bus
Bus --> Workers["Workers"]
Bus --> Notification["Notification Service"]
Bus --> Integration["Integration Service"]
Bus --> Audit["Audit Trail Service"]
Bus --> Reporting
Identity -.->|"sync query"| Tenant
Subscription -.->|"entitlement query"| Tenant
DomainSvc -.->|"entitlement query"| Subscription
HealthAgg["Health Aggregator"] -.->|"probe"| DomainSvc
HealthAgg -.->|"probe"| Identity
HealthAgg -.->|"probe"| Subscription
Hold "Alt" / "Option" to enable pan & zoom
Communication patterns¶
- Synchronous (REST/gRPC): all client traffic enters through the API Gateway, which validates tokens against the Authorization Server and routes to the owning service. Internal service-to-service queries (e.g. entitlement checks) use gRPC where latency-sensitive, REST otherwise.
- Asynchronous (events): state changes are published to Service Bus topics as enveloped domain events. Supporting services and workers subscribe; there is no synchronous fan-out for side effects.
- Transactional outbox: each service persists outgoing events in an outbox table within the same transaction as the state change, and the Outbox Worker publishes them — guaranteeing at-least-once delivery without dual-write inconsistency.
- Tenant guard: every handler asserts
tenantIdagainst the operation scope before touching its store, per the event envelope consumer rules.
How services contribute to the pillars¶
- Traceability —
traceId/correlationIdpropagate across every synchronous hop and every published event, so a single request is reconstructable across services. - Reusability — every service is a stamped instance of a shared template, so the layering, persistence, and messaging wiring are identical across products.
- Autonomy — each service is generated by its agent and deployed independently; the Microservice Generator and Backend Developer agents own its lifecycle.
- Governance — the Audit service and gateway-level policy enforcement make every cross-service action accountable.
- Observability — each service ships Serilog + OpenTelemetry instrumentation and a health endpoint aggregated by the Health Aggregator.
- Multi-tenant scale — services are stateless and horizontally scalable behind the gateway;
tenantIdpartitions data and traffic.