DIREKT Backend Functional Specification

Responsibilities

The backend is the authoritative policy and orchestration layer for identity, provider data, verification, discovery, enquiries, reputation, complaints, subscriptions, notifications, audit and operations.

Domain services

Identity/access

Accounts, contacts, sessions, consent, role/provider relationships, recovery and privileged authentication.

Provider

Provider lifecycle, members, services, operating model, publication and profile versions.

Verification

Requirement resolution, cases, evidence versions, assignment, decision, expiry, claims and rechecks.

Discovery

Category normalization, area compatibility, geospatial filtering, ranking and public-safe projection.

Marketplace

Enquiries, contact consent, interaction state, review eligibility and saves.

Trust/safety

Reports, complaints, restrictions, enforcement, appeals and fraud flags.

Commercial

Plans, entitlements, subscriptions, payment adapter, ledger, receipts and reconciliation.

Platform

Notification policies, jobs/outbox, audit, analytics, configuration and health.

Cross-cutting rules

  • every request has correlation ID;
  • authentication and object authorization;
  • input validation;
  • safe problem details;
  • UTC;
  • idempotent retried writes;
  • structured audit for privileged actions;
  • public response DTOs exclude private fields by construction;
  • consistent transaction boundaries;
  • no direct trust-state mutation outside verification service.

Publication projection

Public provider data is assembled from:

  • approved provider-authored profile fields;
  • public-safe location;
  • current derived claims;
  • allowed review aggregates;
  • availability;
  • commercial/sponsorship label;
  • enforcement/publication policy.

It never serializes persistence entities directly.