Architecture Overview

Launchpad is built on a modern, multi-tenant architecture designed for enterprise scale, security, and reliability. This document provides an overview of the platform's components and how they work together.

System Architecture

The platform consists of four primary layers:

Portal Layer (Developer-Facing)

The developer portal is a Next.js application that provides:

• Server-Side Rendering — Fast initial page loads and SEO optimization
• Interactive API Documentation — Powered by Scalar for try-it-now functionality
• Dynamic Page Builder — AI-assisted content creation and management
• Theme Engine — Real-time theming with CSS custom properties

Management Layer (Admin Console)

The admin console handles portal administration:

• Portal Provisioning — Automated setup of new portal instances
• Subscription Management — Stripe integration for billing
• Organization Management — Multi-org support and isolation
• User Administration — Team management and access control

API Layer (Backend Services)

Node.js services providing:

• REST APIs — All portal and admin functionality exposed via REST
• Authentication — JWT-based auth with SSO support
• Data Access — Prisma ORM for PostgreSQL
• Event Processing — Async job handling for long-running tasks

Infrastructure Layer (GCP)

Built entirely on Google Cloud Platform:

• Cloud Run — Serverless container hosting with auto-scaling
• Cloud SQL — Managed PostgreSQL with automatic backups
• Secret Manager — Secure credential storage
• Cloud Storage — Asset storage and CDN
• Cloud IAM — Service account isolation per tenant

Multi-Tenancy Model

Launchpad uses a shared-infrastructure, isolated-data multi-tenancy model:

Tenant Provisioning

When a new portal is created:

1. A new database schema is created in the shared PostgreSQL cluster
2. A dedicated GCP service account is provisioned
3. DNS records are configured for the portal subdomain
4. Initial data and configuration is seeded
5. SSL certificate is automatically provisioned via Let's Encrypt

Data Isolation

• Schema-per-tenant — Complete database isolation
• Row-level security — Additional protection for shared tables
• Encryption at rest — Customer-managed encryption keys (Enterprise)
• Network isolation — VPC service controls (Enterprise)

Integration Architecture

Apigee Integration

Launchpad integrates with both Apigee Edge and Apigee X:

• API Proxies — Import and sync API proxy configurations
• Developer Apps — Create and manage apps with API credentials
• Products — Sync API products for access control
• Analytics — Display usage metrics from Apigee analytics

Identity Provider Integration

Supports enterprise SSO via:

• SAML 2.0 — For enterprise IdP integration
• OpenID Connect — For modern OAuth flows
• LDAP/AD — Via SAML gateway (Enterprise)

Security Architecture

Authentication

• JWT tokens with configurable expiration
• Refresh token rotation
• MFA support (TOTP, WebAuthn)
• Session management with forced logout capability

Authorization

• Role-Based Access Control (RBAC) at multiple levels
• Organization-level permissions
• Team-level permissions
• Resource-level permissions (APIs, pages, products)

Compliance

• SOC 2 Type II certified infrastructure
• GDPR-compliant data handling
• Data residency options (US, EU, APAC)
• Audit logging for all admin actions

Scalability

The platform is designed for horizontal scaling:

• Stateless services — All application state in database or cache
• Auto-scaling — Cloud Run scales from 0 to thousands of instances
• CDN — Static assets served from edge locations globally
• Database scaling — Read replicas and connection pooling

Reliability

• 99.9% SLA — Standard tier
• 99.95% SLA — Enterprise tier with multi-region
• Automatic failover — Database and service failover
• Disaster recovery — Daily backups with point-in-time recovery