Infra Vendor Service · v0
Welcome
Select a document from the sidebar to read it.
Vendor Platform Backoffice
Scope
infra-vendor exposes a privileged read-only summary endpoint for the InfraNotes Backoffice:
GET /api/admin/platform/summary
The endpoint reports aggregate table availability and usage inventory for:
- Vendor master data
- Procurement
- Accounts payable and three-way matching
- Risk, ESG, and compliance
- Automation, portal, reporting, benchmarking, and projections
It does not expose vendor payloads, payment amounts, documents, tenant records, or user PII.
Security
The route is outside tenant-scoped /api/v1 and intentionally does not apply TenantIsolation.
Access requires one of:
platform_adminroleplatform_adminpermissionplatform:adminpermissionplatform:backoffice:readpermission
Tenant admins and normal users are rejected.
Count Accuracy
infra-vendor currently enforces tenant isolation through JWT middleware and repository scoping rather than forced PostgreSQL row-level security. The Backoffice endpoint only queries a hardcoded allowlist of tables.
If row-level security is introduced later and a table forces RLS, the endpoint will return PostgreSQL catalog estimates and mark the metric as:
{
"status": "degraded",
"count_accuracy": "estimated"
}
Ownership Boundaries
IAM remains the source of truth for:
- Tenant registration approvals
- Package subscriptions
- Seat allocations and usage
- Entitlements
- Tenant lifecycle state
infra-vendor contributes source-to-pay usage and service-health signals only. The Backoffice should combine this endpoint with IAM package and seat APIs before enforcing vendor-management package limits.
Rollback
Rollback is code-only:
- Remove the
/api/admin/platform/summaryroute mount. - Remove
PlatformSummaryHandlerandPlatformAdminOnly. - Redeploy the previous service image.
No database migration or data rollback is required.