# System Architecture

The **DOI PSM** is a mission-critical middleware solution designed to handle high-throughput transactional requests (primarily DOI/Push notifications). It serves as a robust buffer between client applications and sensitive downstream infrastructure (like OTA/HSM servers), ensuring reliability through **asynchronous processing**, **rate limiting**, and **failure recovery**.

### Component Breakdown

| Component               | Role                                                                                                                                                                   | Key Technologies & Protocols    |
| ----------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------- |
| **Client Application**  | The upstream business system initiating the request (e.g., a CRM or Provisioning Portal).                                                                              | HTTP/1.1, REST (JSON/XML)       |
| **PSM API Gateway**     | The secure entry point. Responsible for TLS termination, JWT validation, payload schema validation, and request logging.                                               | Nginx/Kong, HTTPS               |
| **Redis Cache**         | A high-performance in-memory datastore used for distributed rate limiting (Token Bucket), idempotency checks (to prevent double-billing), and ephemeral session state. | Redis (Cluster Mode), TCP       |
| **PostgreSQL (DB)**     | The system of record. Stores the immutable history of every transaction, including state changes, timestamps, and audit logs for reconciliation.                       | PostgreSQL 14+, SQL             |
| **Message Queue**       | A durable message broker ensuring reliable delivery. It acts as a shock absorber, allowing the API to accept bursts of traffic while workers process at a steady pace. | RabbitMQ / ActiveMQ (AMQP)      |
| **PSM Worker**          | The core processing unit. A scalable fleet of services that consume messages, handle HSM cryptography logic, and manage persistent SMPP binds.                         | Java/Go/Node.js, Internal Logic |
| **HSM (OTA Server)**    | The High Security Module responsible for generating the specific cryptographic payload (APDU) required to update the SIM card.                                         | Proprietary HTTP/XML Interface  |
| **SMPP Gateway (SMSC)** | The Short Message Service Center that delivers the binary payload to the mobile network via the SS7 signaling layer.                                                   | SMPP v3.4 (Transceiver Mode)    |