• Okhtay Sattari
• >Projects
• >TuranBilgi Platform: API, Microservices & Client Applications

TuranBilgi Platform: API, Microservices & Client Applications

(July 2025 - Present)

TuranBilgi is a modern, API-first, multi-client backend platform designed to support complex business workflows alongside high-performance real-time communication. The platform follows a microservices-oriented and event-driven architecture, enabling independent scaling, fault isolation, and long-term extensibility across backend services and client applications.

Platform Overview

TuranBilgi is designed as a unified backend system serving multiple client applications through a shared API layer. All business logic, authentication, authorization, and real-time capabilities are centralized within the platform, ensuring consistency across all consuming clients. The platform consists of two primary backend components:

1. Core Business Microservice

The core microservice is implemented using Node.js (Express.js with TypeScript) and exposes both REST and GraphQL interfaces. It acts as the central business layer of the system and is responsible for domain workflows and transactional operations including:

• User and administrator authentication and authorization
• Account registration, login, and profile management
• Idea pool management
• Project and application handling
• Contract management
• Invoice generation and payment processing
• Support ticket management

The following infrastructure is used to handle data:

• PostgreSQL is used as the primary relational database for business-critical and transactional data.
• MongoDB is used for document-based, write-heavy, and schema-flexible data such as event streaming outboxes.
• Redis is used for caching, distributed coordination, and performance optimization.
• RabbitMQ is used for asynchronous background jobs and external integrations (email and SMS notifications), ensuring non-blocking request handling and reliable message delivery.

2. Interaction & Discussion Microservice (Shared Collaboration Layer)

To support structured communication, decision-making, and accountability across all business domains, TuranBilgi includes a dedicated Interaction & Discussion microservice. This service implements a unified, reusable interaction model that enables threaded discussions, contextual replies, moderation workflows, and historical traceability for all major business entities. Rather than embedding isolated comment systems within individual services, TuranBilgi centralizes all collaborative interactions into a shared domain layer, ensuring consistency, scalability, and governance.

Shared Interaction Model:

All major platform entities require structured communication and collaborative workflows:

These entities share common interaction requirements:

• Threaded conversations
• Nested replies
• Moderation and reporting
• Edit and deletion history
• Actor accountability
• Contextual linking to business entities

This unified design is referred to internally as the Shared Interaction Model.

Core Responsibilities:

The Interaction & Discussion microservice is implemented using NestJS and provides both REST and GraphQL APIs. It operates independently from the Core Business API and focuses exclusively on collaborative workflows. Key responsibilities include:

1. Thread & Comment Management

   • Creation and management of discussion threads
   • Hierarchical reply structures
   • Entity-agnostic attachment of discussions
   • Rich metadata support (status, visibility, ownership)
   • Soft deletion and version history

2. Moderation & Governance

   • User and administrator moderation tools
   • Reporting and review workflows
   • Content visibility control
   • Policy enforcement
   • Abuse detection and escalation pipelines

3. Accountability & Auditability

   • Immutable activity logs
   • Per-action attribution
   • Historical change tracking
   • Legal and compliance support

4. API & Developer Interfaces

   The service exposes:

   • REST APIs with OpenAPI (Swagger) documentation
   • GraphQL APIs with Apollo Sandbox support
   • JWT-secured endpoints for client and service access
   • Legal and compliance support

   This dual-interface strategy enables frontend teams to select the most appropriate interaction model for each client application.

Data Management:

The interaction subsystem is optimized for high-volume, write-heavy collaboration workloads.

• MongoDB is used for:
  • Thread roots
  • Comments and replies
  • Moderation reports
  • Revision histories
  • Event streaming outboxes
• PostgreSQL (via Core API) remains the source of truth for business entities.

All discussions are linked to business entities through a generic entity reference model, enabling flexible cross-domain associations without schema coupling.

Event Integration:

The service integrates with the platform’s event-driven infrastructure.

• Emits domain events for:
  • New comments
  • Moderation actions
  • Resolution updates
  • Thread lifecycle changes
• Consumes events for:
  • Entity deletion
  • Access revocation
  • User suspension
  • Workflow transitions

This ensures synchronization between business workflows and interaction state.

Architectural Benefits:

The Interaction & Discussion microservice provides:

• Centralized collaboration logic
• Consistent user experience across domains
• Independent scalability
• Reduced duplication
• Strong governance capabilities
• Simplified compliance auditing
• Clean domain boundaries

It functions as the platform’s unified collaboration and discourse layer.

3. Real-Time Communication, Notification & Audit Processing Microservice

A dedicated NestJS and Socket.IO–based microservice is responsible for managing all real-time communication, notification delivery, and centralized audit projections across the distributed TuranBilgi platform. The service maintains persistent WebSocket connections and exposes REST and GraphQL APIs to support scalable, low-latency client interactions.

Rather than acting as a centralized event authority, this microservice operates as a specialized consumer and processor within a federated, domain-driven event architecture. Each domain service owns its own event production and outbox mechanisms, while this service focuses on real-time delivery, notification orchestration, and audit aggregation.

Core Responsibilities:

1. Real-Time Chat & Collaboration System

The microservice provides a full-featured, managed chat and collaboration subsystem supporting both private and room-based communication.

Administrative & Management APIs

Through REST and GraphQL interfaces, administrators can:

• Create and manage chat rooms
• Assign and manage room administrators
• Add, remove, and manage room members
• Moderate and manage room messages
• Control access and visibility based on business rules

These management capabilities enable controlled, enterprise-grade collaboration environments.

Messaging Features

The chat subsystem supports:

• Private one-to-one messaging
• Room-based group messaging
• Real-time typing indicators
• Message delivery and read/seen acknowledgments
• Private message deletion
• Global (moderator-level) message deletion
• Message lifecycle management

All messaging operations are synchronized across distributed gateways using Kafka and Redis to ensure consistency and fault tolerance.

2. Notification Management System

The platform implements a flexible, event-driven notification system supporting both manual and automated workflows. This microservice acts as the primary notification orchestration and delivery engine, consuming domain events emitted by distributed services and transforming them into user-facing notifications.

Notification Types

• Channel Notifications
  Broadcast notifications delivered to system channels, teams, or workspaces
• Private Notifications
  Direct, user-targeted notifications

Notification Creation Modes

A. Manual (Admin-Driven)
Administrators can:

• Create draft notifications
• Schedule publication
• Publish immediately
• Target specific channels or users

B. System-Generated (Event-Driven)
Distributed domain services emit notification-related events via their own MongoDB Outbox and Kafka publishing mechanisms for business events such as:

• Invoice generation
• Payment events
• Support ticket updates
• Workflow state transitions
• System alerts

These events are published to Kafka by the originating services and consumed by the notification processors for delivery.

Notification Interaction Tracking

The notification subsystem supports:

• Read and acknowledgment events for private notifications
• Channel-level read tracking
• Delivery status monitoring
• Per-user notification state synchronization

This enables accurate notification lifecycle management and user engagement tracking.

3. Centralized Audit Processing

The microservice operates as the centralized audit projection and compliance processing layer for the platform. All domain services emit standardized audit events through their own outbox and event-publishing pipelines. This microservice consumes, validates, and persists these events into an immutable audit log store. Core functions include:

• Collection of internal events via MongoDB Outbox
• Reliable publishing of internal events through Kafka outbox workers
• Consumption of audit events from Kafka topics
• Validation and enrichment of audit records
• Idempotent and ordered persistent storage in MongoDB
• Long-term retention and archiving
• Support for regulatory and compliance requirements

This design and approach preserves domain ownership while enabling unified audit visibility by decoupling other microservices from audit infrastructure.

Distributed Scalability & Coordination:

To support multi-instance deployments and horizontal scaling:

• Apache Kafka serves as the shared event streaming backbone for inter-service communication, enabling reliable, ordered, and replayable message delivery such as chat, notification, and audit workloads. Kafka enables multiple gateway instances to publish and consume chat and notification events reliably across the cluster.
• Redis provides distributed coordination for:
  • WebSocket gateway synchronization
  • Room membership management
  • Duplicate event suppression
  • Shared session and state management
  • Caching of low-change system and actor data

This infrastructure enables independent scaling of producers and consumers while maintaining platform-wide consistency, or ensuring consistent behavior across clusters.

Architectural Benefits:

This microservice is designed to scale independently from core business and interaction microservices and provides:

• Low-latency and governed real-time communication environments
• Event-driven notification orchestration
• Reliable private and multi-channel notification pipelines
• Centralized, compliant audit projections
• Loose coupling between domains
• High system observability, traceability and compliance support
• Independent deployment and horizontally scalable real-time infrastructure
• Fault-tolerant event consumption pipelines

It functions as the platform’s real-time delivery and compliance projection layer, rather than as a centralized event authority.

Security & Authentication

All API or services use a shared JWT-based authentication model, enabling secure client-to-server and service-to-service communication to simplify identity propagation while maintaining clear trust boundaries between system components.

Testing & Quality Assurance

TuranBilgi adopts a comprehensive, multi-layered automated testing strategy to ensure correctness, reliability, and long-term maintainability across the platform. The testing approach includes:

• Unit tests for isolated business logic and services
• Integration tests for validating interactions between APIs, databases, caches, and message brokers
• End-to-End (E2E) tests for complete system flows across REST, GraphQL, and real-time WebSocket interfaces

Testing is implemented using modern, ecosystem-appropriate frameworks (such as Jest, Nock, SuperTest, Vitest, and language-native testing tools) depending on service requirements. This layered testing strategy supports safe refactoring, reduces regression risk, and ensures consistent behavior in a distributed environment.

Containerization & Deployment

The entire ecosystem is containerized under the TuranDocker project. This includes Core Business API, Real-time microservices, PostgreSQL, MongoDB, Redis, Apache Kafka and RabbitMQ. This setup enables fast, repeatable deployments on any Linux VPS and provides a strong foundation for future orchestration with Kubernetes or other container platforms, while remaining fully operational with Docker Compose or Docker Swarm.

Architectural Focus

TuranBilgi emphasizes:

• API-first design (REST & GraphQL)
• Event-driven communication
• Horizontal scalability
• Fault isolation via microservices
• Polyglot persistence
• Real-time system reliability
• Clean separation of concerns

The platform is designed to evolve, allowing additional services, clients (web, mobile, desktop), and integrations to be added without architectural rewrites.

Client Applications

TuranBilgi is a multi-client platform, designed to serve different user experiences through a shared backend infrastructure. Client applications include:

• Admin Panel, to be built with Vite + React, for internal system management and operational workflows
• End-user Web Application, to be built with Next.js (React), providing interactive and SEO-friendly user experiences
• End-user Mobile Application, to be built with React Native, enabling cross-platform mobile access
• Public Website, to be built with Next.js (React), focused on marketing and informational content

All client applications consume the same TuranBilgi APIs (REST, GraphQL, and WebSockets), ensuring:

• Shared authentication and authorization
• Consistent business logic
• Unified real-time behavior across web, mobile, and desktop platforms