Architecture Deployment API

C4 Level 1 — System Context

The FlowerShop IoT Platform sits at the centre of a network of users, portals, and external services.

C4Context
  title FlowerShop IoT Platform — System Context

  Person(customer, "Customer", "Browses nearby bouquets via map or QR scan, purchases through mobile app or web")
  Person(vendor, "Vendor", "Manages bouquets, smart vases, and orders via Vendor Portal")
  Person(admin, "Platform Admin", "Approves vendors, monitors platform health, views analytics via Admin Portal")
  Person(tech, "Technician", "Installs and registers smart vases on behalf of vendors")

  System_Boundary(platform, "FlowerShop IoT Platform") {
    System(api, "REST API", "ASP.NET Core 8 — all business logic, CQRS, multi-tenant")
    System(adminPortal, "Admin Portal", "Razor Pages — vendor management, analytics, vase registration")
    System(vendorPortal, "Vendor Portal", "Razor Pages — bouquet catalog, order management, analytics dashboard")
    System(customerApp, "Customer Web App", "ASP.NET MVC — browse, cart, checkout, profile")
  }

  System_Ext(keycloak, "Keycloak 23", "OIDC identity provider — issues JWT tokens for all users")
  System_Ext(postgres, "PostgreSQL 15", "Primary datastore — all domain aggregates")
  System_Ext(redis, "Redis 7", "Distributed cache + token blacklist")
  System_Ext(rabbitmq, "RabbitMQ", "Message broker (InMemoryEventBus active; RabbitMQ pending EP-09)")
  System_Ext(mqtt, "Mosquitto MQTT", "IoT communication with smart vases")
  System_Ext(stripe, "Stripe", "Payment processing and webhook delivery")
  System_Ext(fcm, "Firebase FCM", "Mobile push notifications (stub pending EP-06)")
  System_Ext(twilio, "Twilio", "SMS verification codes")
  System_Ext(nominatim, "Nominatim (OSM)", "Geocoding for vendor and delivery addresses")
  Rel(customer, api, "Browse, cart, order, track delivery", "HTTPS/JSON")
  Rel(customer, customerApp, "Browse, checkout", "HTTPS")
  Rel(vendor, vendorPortal, "Manage catalog & orders", "HTTPS")
  Rel(admin, adminPortal, "Approve vendors, analytics", "HTTPS")
  Rel(tech, api, "Register vases", "HTTPS/JSON")

  Rel(api, keycloak, "Validate tokens, manage users", "HTTPS")
  Rel(api, postgres, "Read/write all domain data", "TCP")
  Rel(api, redis, "Cache, token blacklist", "TCP")
  Rel(api, rabbitmq, "Publish domain events", "AMQP")
  Rel(api, stripe, "Create payment intents, verify webhooks", "HTTPS")
  Rel(api, fcm, "Send push notifications", "HTTPS")
  Rel(api, twilio, "Send SMS verification codes", "HTTPS")
  Rel(api, nominatim, "Geocode addresses", "HTTPS")
  Rel(mqtt, api, "Vase telemetry, heartbeats", "MQTT")

The three portals (Admin, Vendor, Customer Web App) communicate with the REST API using cookie-based session auth backed by Keycloak tokens.