Platform Architecture

Platform Architecture

WiserReview runs as a distributed microservices platform on Microsoft Azure, fronted by Cloudflare's global edge network. Each service is independently deployed, auto-scaled, and monitored.

99.95%
Uptime SLA
300+
Edge Locations
AES-256
Encryption at Rest
Zero
Cross-Tenant Access

Tatvam Cloud Solutions, Inc | March 2026

Architecture Overview

Hosting
Microsoft Azure App Services
Auto-scaling, 99.95% SLA
Containers
Docker microservices
Independent scaling per service
Edge
Cloudflare WAF + CDN
300+ global edge locations
Database
MongoDB Atlas
AES-256, replica sets, HA
Messaging
Azure Service Bus
Encrypted, dead-letter handling
Auth
JWT + OAuth 2.0
RBAC, tenant isolation

System Architecture

Complete view of the WiserReview platform showing all services, security zones, and data flow. All external traffic is filtered through Cloudflare before reaching Azure-hosted application services. The data zone is completely private with no public endpoints.

PUBLICEDGEAPPLICATIONDATAZONE 1: PUBLICShoppersBrowse storefront, submit reviewsMerchantsDashboard, CSV upload, settingsE-Commerce PlatformsShopify, WooCommerce, Webhook APIHTTPS / TLS 1.2+HTTPS / TLS 1.2+HMAC / TLS 1.2+ZONE 2: CLOUDFLARE EDGEAll external traffic filtered before reaching application serversWAFOWASP Top 10DDoS ProtectionL3 / L4 / L7Bot DetectionTurnstile ChallengeTLS TerminationTLS 1.2+ enforcedCDN Cache300+ edge locationsTLS 1.2+ZONE 3: AZURE APP SERVICESDocker containers · Auto-scaling · No SSH access · GitHub Actions deploys onlyBackend APIapi.wiserreview.comAuth, reviews, orders, integrationsDockerAuto-scaleReview Display &Notification Servicers.wiserreview.comWidget data, emails, reportsDockerAuto-scaleDashboardapp.wiserreview.comReact SPA · Merchant adminJWT APIWidget JS (Pixel)embed.wiserreview.comCloudflare CDN · Async loadRead-onlyImage ProcessingInternal serviceMedia resize, optimizationAzure Service BusMessage queueEmail scheduling · Async jobsIP Whitelist OnlyZONE 4: DATA ZONENo public endpoints · Private network only · Encrypted at restPrivateMongoDB AtlasAES-256 at restWorkspace-scoped queriesReplica sets · Auto failoverScheduled backupsRedis CachePassword authenticatedWorkspace-scoped keysNo PII storedTTL-based expirationAzure Blob / AWS S3Server-side AES-256Signed URLs onlyNo public bucket accessMedia files onlyAWS SESDKIM / SPFEmail deliveryTLS encryptedTracking via config sets

All traffic enters through Cloudflare before reaching Azure-hosted services. The data zone has no public endpoints and is accessible only via IP whitelist.

Data Ingestion & Review Display

Reviews, orders, and product data enter WiserReview through four distinct channels. Every path is authenticated and encrypted. All data is validated, sanitized, and stored with tenant-level isolation.

DATA INGESTION: 4 Paths Into WiserReviewPlatform IntegrationShopify, WooCommerce,Prestashop, BigCommerceWix, Squarespace, EcwidHMAC verifiedWebhook / RESTOrders, products, customersAutomated sync on eventsEmail Review RequestOrder placed on storeScheduled email via Service BusSent via AWS SESDKIM / SPFAzure Svc BusCustomer receives emailClicks link, submits reviewCSV UploadMerchant uploads CSV viaDashboard (orders, products,or reviews)JWT sessionValidated uploadBulk orders, products,or review importWebhook APICustom platform sendsorders/products via REST APIwith API key authHTTPS + HMACAPI key authOrders, products viacustom API integrationBackend APIapi.wiserreview.comValidates, sanitizes, processes, and storesall incoming data with workspace-scoped isolationProcessing PipelineInput validationHTML sanitizationAI sentiment (opt)Media processingMongoDB AtlasReviews, orders, products, customersAES-256 · Workspace-scopedRedis CacheWidget data cached per workspaceReduces DB load on displayAzure Blob / AWS S3Review photos, videosAES-256 · Signed URLsWidget JS via Cloudflare CDNFetches reviews from Review Display & Notification ServiceMerchant StorefrontReviews displayed to shoppersLegendEncrypted (TLS/HMAC)Azure infrastructureAWS serviceCloudflare edge

All data enters through authenticated, encrypted channels. All stored data is AES-256 encrypted at rest and workspace-scoped.

Multi-Tenant Data Isolation

Every request carries a unique Tenant ID, extracted from the authenticated token (merchant app) or embedded in the widget script (storefront). All database queries, cache entries, and media storage are scoped to that tenant. No merchant can access another merchant's data.

Merchant ATenant ID: AMerchant AppStorefront WidgetMerchant BTenant ID: BMerchant AppStorefront WidgetMerchant CTenant ID: CMerchant AppStorefront WidgetJWTTenant IDJWTTenant IDJWTTenant IDShared API + Review Display & Notification Serviceapi.wiserreview.com · rs.wiserreview.comMerchant App: JWT token carries Tenant IDWidget: script embeds Tenant IDTenant-Based Data Routing• Tenant ID extracted from authenticated token (merchant app) or embedded in widget (storefront)• Every database query is automatically scoped to a single tenant• Cache entries and media storage paths are namespaced per tenant• API responses contain ONLY that tenant's data. No cross-tenant access is possible.MongoDB AtlasAll records tagged per tenantQueries scoped to single tenantAES-256 at restRedis CacheCache entries namespaced per tenantNo cross-tenant cache accessPassword-authenticatedAzure Blob / AWS S3Separate storage path per tenantMedia files isolated per merchantSigned URLs, AES-256Tenant A DataReviews, cache, mediaOnly this merchant can accessMerchant app & storefront scopedTenant B DataReviews, cache, mediaOnly this merchant can accessMerchant app & storefront scopedTenant C DataReviews, cache, mediaOnly this merchant can accessMerchant app & storefront scopedNO CROSS-TENANT ACCESSWhen a shopper visits Merchant A's storefront, the widget only fetches Tenant A's reviews.Tenant B's or C's reviews, cache, or media can never appear on Merchant A's site.

Every request (merchant app or storefront widget) is scoped to a single tenant. Reviews, cached data, and media files are all isolated per merchant.

Widget Delivery & Storefront Performance

The WiserReview widget is designed to have zero impact on your storefront's performance and security. It loads asynchronously from the CDN, executes after your page has rendered, and never sends your site's cookies or credentials to WiserReview servers.

How the Widget Loads on Your Storefront1Script TagMerchant adds a single<script defer> tagto their storefrontNon-blocking (defer)2Cloudflare CDNCached JS served fromnearest edge location(300+ worldwide)Sub-50ms latencyTLS3Page Loads FirstYour page renders fullybefore widget scriptexecutes (defer)Zero render blocking4Fetch ReviewsWidget requests reviewdata from NotificationService APIcredentials: 'omit'5Reviews RenderedReviews displayed onproduct/collection pagein widget div containerIsolated executionStorefront Safety GuaranteesNo cookies sent to WiserReviewNo DOM interferenceAsync load, zero page-speed impactNamespaced variables, no conflictsPage Load TimelineYour page HTML/CSS/JSLoads and renders normallyWiserReview widgetLoads after your page (defer)DOMContentLoaded

The WiserReview widget loads asynchronously after your page has fully rendered. It never blocks your storefront's content or performance.

Non-Blocking Load

Script uses the defer attribute and loads asynchronously from CDN. It does not block page render or DOMContentLoaded.

CDN-Delivered

Served from Cloudflare's 300+ edge locations worldwide. Sub-50ms latency to most regions with global caching.

No Credential Leakage

All API calls use credentials: 'omit', preventing any cookies or auth tokens from your domain being sent to WiserReview.

Isolated Execution

Widget uses namespaced variables to prevent conflicts with your site's JavaScript. No DOM interference.

Lightweight Payload

Only the required theme JavaScript is loaded per widget type. No heavy frameworks or bundled dependencies.

DDoS-Protected Delivery

Widget delivery inherits Cloudflare DDoS protection. CDN absorbs traffic spikes without impacting your origin.

Auto-Scaling & High Availability

Every layer of the platform scales independently. During traffic spikes, the system automatically provisions additional capacity without manual intervention. Your storefront is never affected by WiserReview scaling events.

Independent Scaling at Every LayerEach layer scales automatically without manual intervention. No single point of failure.NORMAL TRAFFICHIGH TRAFFIC (Auto-Scaled)CDN LAYERCloudflare CDNWidget JS cached at 300+ edge locationsMost requests served from cache, never hitting originCloudflare CDN (Unchanged)Traffic spike absorbed at edge, no origin impactDDoS mitigation active · Cache serves 99%+ of widget requestsNo changeCOMPUTEAzure App ServicesBaseline instances runningBackend APIDisplay & NotifAzure App Services (Auto-Scaled)Additional instances added automatically based on CPU / memory / requestsAPI #1API #2API #3Notif #1Scales upDATAData LayerMongoDB AtlasReplica setRedis CacheReduces DB loadData Layer (Load Distributed)MongoDB PrimaryWritesMongoDB ReplicasReads distributedRedis CacheHot data cachedDistributesYour storefront is never affected by WiserReview scaling events.Widget delivery is cached at the CDN edge. Backend scaling happens behind the firewall, invisible to your visitors.

Each layer scales independently. CDN absorbs widget traffic, compute scales horizontally, and database distributes reads across replicas.

Compute

  • Azure App Services 99.95% uptime SLA
  • Automatic horizontal scaling under load
  • Health checks restart unhealthy instances
  • Fully managed via Azure (no SSH access)

Database

  • MongoDB Atlas replica sets with automatic failover
  • Scheduled backups (hourly/daily/weekly/monthly) with point-in-time recovery
  • Read queries distributed across replicas
  • Zero data loss on failover

Edge / CDN

  • 300+ global edge locations
  • Continues serving cached widgets during origin outages
  • Automatic DDoS mitigation at the edge
  • Failover routing around regional outages

Messaging

  • Azure Service Bus with dead-letter queuing
  • Automatic retry on failure, no messages lost
  • Email campaigns buffered to prevent thundering herd
  • Encrypted at rest and in transit

Core Microservices

Backend API

api.wiserreview.com
Azure App Services

Core business logic, authentication, order data integrations, review management, and data API.

Communicates with

  • MongoDB Atlas (data persistence)
  • Redis (caching & sessions)
  • Azure Service Bus (email scheduling)
  • Review Display & Notification Service (widget data)
  • Azure Blob Storage (media)

Review Display & Notification Service

rs.wiserreview.com
Azure App Services

Handles widget data delivery, email rendering, async job processing, and event tracking. Consumes scheduled messages from Azure Service Bus.

Communicates with

  • MongoDB Atlas (review & widget data)
  • Redis (caching)
  • AWS SES (email delivery)
  • Azure Blob Storage (media)

Widget Service (Pixel JS)

embed.wiserreview.com
Cloudflare CDN

Client-side JavaScript widget loaded on merchant storefronts. Delivered from Cloudflare's 300+ global edge locations for low-latency worldwide delivery.

Communicates with

  • Review Display & Notification Service API (read-only review data)
  • Cloudflare CDN (cached static assets)

Dashboard

app.wiserreview.com
Azure App Services

Merchant-facing React SPA for managing reviews, email campaigns, widgets, integrations, branding, and settings.

Communicates with

  • Backend API (all operations via authenticated API calls)

Image Processing

Internal service
Azure App Services

Handles media optimization, resizing, and cloud storage. Processes uploaded review photos and videos before storage.

Communicates with

  • Azure Blob / AWS S3 (media storage)
  • Backend API (processing triggers)

For detailed security controls per service, see Infrastructure Security.

Contact

For architecture or security inquiries:

Tatvam Cloud Solutions, Inc

[email protected]