Services
Every service in the Swishing platform, what it does, and where to find its API spec.
The mono-repo lives at
Sectricity-io/Swishing-Full
under services/. Source paths below are relative to that root.
HTTP services (have /docs)
These six all run as Lambdas behind API Gateway and serve their own Swagger
UI at /docs, gated by Microsoft Entra SSO.
| Service | Purpose | Repo path | Live /docs |
|---|---|---|---|
Tenant API (swishing-game-backend) | The per-tenant backend. Game logic, scheduling, admin, analytics. Shared Lambda — tenant comes from X-Tenant-Id. | services/swishing-game-backend | dev · prod |
API Router (api-router) | v3 shared entry point. Reads X-Tenant-Id, looks up TenantDirectory, proxies to that tenant's backend_base_url. | services/api-router | prod |
Auth API (auth-api) | Cognito-fronted auth that routes users to their tenant. Login, MFA, password reset, Microsoft SSO. | services/auth-api | dev · prod |
Internal API (internal-api) | Operator tooling: tenant provisioning, template management, admin UI. | services/internal-api | dev · prod |
Demo API (demo-api) | Demo tenant backend. Single env. | services/demo-api | prod |
Marketing API (marketing-api) | Public marketing-site backend (contact-lead capture, health). Single env. | services/marketing-api | prod |
Worker / scheduled services (no HTTP)
Lambdas with no public HTTP surface. They're triggered by SQS or EventBridge Scheduler.
| Service | Trigger | Repo path | Notes |
|---|---|---|---|
Provision Worker (provision-worker) | SQS swishing-internal-provisioning[-dev] | services/provision-worker | Creates DB, Cognito pool, TenantDirectory rows for a new tenant. Auto-syncs templates from S3 after provisioning. |
Tenant Teardown (tenant-teardown) | EventBridge Scheduler group tenant-teardown[-dev] | services/tenant-teardown | Removes DB / Cognito / directory for tenants that have signaled end-of-lifecycle. |
Frontends (per-tenant SPA + ops surfaces)
Vite + React, deployed to S3 + CloudFront. Env vars are VITE_*-prefixed.
| Service | Purpose | Repo path |
|---|---|---|
swishing-game-web | The per-tenant game frontend (the shared CloudFront app served per tenant). | |
auth-web | Auth login / MFA / password-reset UI. | |
internal-web | Operator admin UI for tenant provisioning, template management. | |
demo-web | Demo tenant frontend. | |
marketing-web | Public marketing site. |
Operator tools
| Service | Purpose | Repo path |
|---|---|---|
template-tool | Template authoring tool used by ops (also wired into internal-web). | |
internal-docs | This portal. Docusaurus site for the platform overview + service map. |
Supporting Lambdas (no service directory)
These are small standalone Lambdas whose source is folded into other
services or infra/. Listed for completeness.
| Lambda (dev + prod) | Purpose |
|---|---|
swishing-cognito-define-auth{,-dev} | Cognito custom-auth Define-trigger. |
swishing-cognito-create-auth{,-dev} | Cognito custom-auth Create-trigger. |
swishing-cognito-verify-auth{,-dev} | Cognito custom-auth Verify-trigger. |
swishing-cognito-post-auth{,-dev} | Stamps custom:last_login_at on the user after sign-in. Source in infra/lambda/cognito-post-auth/. |
swishing-user-import-worker{,-dev} | SQS-driven async user import. Drains swishing-user-import[-dev]. |
swishing-internal-incidents | SQS consumer that forwards swishing-internal-incidents events to Slack. |
Deploy mechanisms
| Service | Deploy |
|---|---|
swishing-game-backend | SAM + CloudFormation IMPORT + GitHub Actions OIDC (dev auto on push to dev, prod workflow_dispatch). |
api-router | SAM + CloudFormation IMPORT + GitHub Actions OIDC (dev + prod). |
| All other services | PowerShell scripts under scripts/deploy-*.ps1. Migration to SAM/CI is tracked in TODO.md Phase 5. |
Frontends deploy via per-service PowerShell scripts that push to S3 and invalidate the relevant CloudFront distribution.
Service-to-AWS map
For the inverse view — every AWS resource and which service owns it — see AWS inventory.