Platform Architecture

Platform Architecture

WiserReview runs on a microservices architecture on Microsoft Azure. Each service runs in its own Docker container and is deployed independently.

Tatvam Cloud Solutions, LLP | March 2026

Architecture Overview

Hosting
Microsoft Azure App Services
Auto-scaling, 99.95% SLA
Containers
Docker microservices
Fault isolation per service
Edge
Cloudflare WAF + CDN
300+ global edge locations
Database
MongoDB Atlas
AES-256, replica sets, HA
Messaging
Azure Service Bus
Encrypted, dead-letter handling
Auth
JWT + OAuth 2.0
RBAC, workspace isolation

Data Flow: Review Collection & Display

The full lifecycle of review data from order placement through display on merchant storefronts. All connections are TLS 1.2+ encrypted. All stored data is AES-256 encrypted at rest.

Shopper's BrowserHTTPS requestHTTPS / TLS 1.2+Merchant StorefrontPixel JS from embed.wiserreview.comCloudflare CDN — 300+ edge nodesHTTPS / TLS 1.2+Cloudflare WAF / DDoSWAF Managed RulesetsL3/L4/L7 DDoS ProtectionBot Detection & ChallengeTLS 1.2+Azure App ServicesBackend APIapi.wiserreview.comTLS + AES-256 at restMongoDB AtlasAES-256 at restWorkspace-scoped queriesReplica sets — HA failoverReviews fetchedE-Commerce PlatformOrder eventBackend APIStores order reference in MongoDBAzure Service BusAzure Service Bus QueueEncrypted | Dead-letter handlingRetry on failureReview Display Servicers.wiserreview.comTLS + DKIM/SPFAWS SESDKIM/SPF authenticated deliveryCustomer EmailReview request receivedHTTPS / TLS 1.2+Customer Submits Reviewvia WiserReview formAES-256 at restReview stored in MongoDB AtlasEncrypted · Workspace-scopedLegendEncrypted (TLS/AES)Azure infrastructureAWS serviceCloudflare edge

All data in transit is encrypted with TLS 1.2+. All data at rest is encrypted with AES-256.

Multi-Tenant Data Isolation

Every request carries a JWT token with a unique identifier per client. All database queries, cache keys, and API responses are scoped to that client. No merchant can access another merchant's data.

Merchant A DashboardClient ID: AMerchant B DashboardClient ID: BMerchant C DashboardClient ID: CShared API Layerapi.wiserreview.comJWT token carries a unique client identifier: every request is authenticatedClient-Based Tenant Routing• Unique client identifier validated from JWT token• Every DB query is scoped to that client's identifier• Cache keys namespaced per client | API responses scoped per clientMongoDB AtlasAll collections tagged with client identifierQueries always scoped to the clientAES-256 at restRedis CacheCache keys namespaced per clientNo cross-tenant cache leakagePassword-authenticatedMerchant A DataOnly visible to this merchantMerchant B DataOnly visible to this merchantMerchant C DataOnly visible to this merchant— NO CROSS-TENANT ACCESS —

Each merchant is logically isolated by a unique client identifier. No merchant can access another merchant's data.

Core Microservices

Backend API

api.wiserreview.com
Azure App Services

Core business logic, authentication, order data integrations, review management, and data API.

Security controls

  • JWT authentication on every request
  • RBAC with Admin/Editor/Viewer roles
  • Input validation on all endpoints
  • Rate limiting on AI and submission endpoints

Review Display Service

rs.wiserreview.com
Azure App Services

Handles review rendering, display logic, async job processing, and event tracking. Consumes jobs from Azure Service Bus queue. Review request queuing is managed by the Backend API.

Security controls

  • Azure Service Bus for reliable message delivery
  • Dead-letter handling, no messages lost
  • AWS SES with DKIM/SPF authenticated delivery
  • 16+ event types tracked for anomaly detection

Widget Service (Pixel JS)

embed.wiserreview.com
Cloudflare CDN

Delivers the JavaScript widget to merchant storefronts. Served from Cloudflare's 300+ global edge locations for low-latency worldwide delivery.

Security controls

  • Served via Cloudflare CDN with DDoS protection
  • TLS 1.2+ for all widget delivery
  • No PII cached at edge locations
  • Bot detection and challenge mechanisms

Dashboard

app.wiserreview.com
Azure App Services

Merchant-facing React SPA for managing reviews, campaigns, widgets, integrations, and settings.

Security controls

  • CSP headers for embedded app integrations
  • Cloudflare WAF protection
  • Session token verification on all platform integrations
  • CAPTCHA via Cloudflare Turnstile on registration

Image Processing

Internal service
Azure App Services

Handles media optimization, resizing, and cloud storage. Processes uploaded review photos and videos before storage.

Security controls

  • MIME type validation on all uploads
  • Server-side AES-256 encryption in Azure Blob / AWS S3
  • Signed URLs with time-limited access
  • No public bucket access

High Availability & Disaster Recovery

Azure App Services

  • 99.95% uptime SLA from Microsoft Azure
  • Automatic horizontal scaling under load
  • No SSH access, fully managed via Azure
  • GitHub Actions-only deployment pipeline

MongoDB Atlas

  • Replica sets with automatic failover
  • Continuous backups with point-in-time recovery
  • Zero data loss on failover
  • Multi-region capable infrastructure

Cloudflare CDN

  • 300+ global edge locations
  • Automatic DDoS mitigation
  • Failover routing around outages
  • Widget delivery resilient to origin issues

Azure Service Bus

  • Enterprise-grade message queuing
  • Automatic retry on delivery failure
  • Dead-letter queue, no messages lost
  • Encrypted at rest and in transit

Contact

For architecture or security inquiries:

Tatvam Cloud Solutions, LLP

[email protected]