Field

Project Name
Company
Document Version
Date
Prepared By
Contact Email
Overview
Reference Docs
Guiding Principles
Document ID
 Value/Description
UnDone Backend System Design
UnDone
Draft
16 Jun 25
shubham
[email protected]
Backend design deliverables for Support,Audit and integration
UD-001, UD-003, SysBE-001
Security, Modularity, Scalability, Compliance, Clarity
SysBE-007
 Version Date Author Changes Made Reviewed By
Initial draft created
for Supprot,Audit
Draft 16 Jun 25 shubham Disha
and Integration
service
Review Date changes suggested
 Section Description/Guidance for Devs
provide user to raise query, report issue. Logging every action
Service Purpose perform by users and admin for audit, adding 3rd party systems
Integration
Technology Stack Python, PostgreSQL, Pandas, Celery, Redis, PDF/CSV
libraries,RESTful API/Webhooks
Interactions API Gateway, Support Service,PostgreSQL
Ticket creation and tracking,Ticket status lifecycle, Action
Key Responsibilities logging,API management
 Owner (Initial) Version Comments

shubham Draft

shubham Draft
shubham Draft
shubham Draft
 Flow Name Description/Guidance for Devs Owner (Initial)
User → API Gateway → Support Service → Aggregates from
Support shubham
DB → Returns to user
Audit User → API Gateway → Aggregates from DB shubham
User → API Gateway → Aggregates from DB → 3 rd party
Integration shubham
system → Returns data
 Version Comments Diagram Link

Draft
Draft
Draft
 Scenario Steps Outline (for Devs) Owner (Initial)
Client → API → Support Service → DB → Support
Support Request shubham
Agent
Audit Client → API → Audit logger → DB → shubham
Trends Query Client → API → DB → 3rd party → API → Client shubham
 Version Comments Diagram Link

Draft
Draft
Draft
 Table Name Field Name Data Type Constraints Description
Unique ID for each
SupportTicket support ticket
ticket_id UUID ticket_id
The user who
Foreign Key submitted the
user_id UUID (User) ticket
Short description
or subject of the
subject VARCHAR NOT NULL issue
Full details of the
description TEXT NOT NULL issue
Current status
(e.g., open,
in_progress,
status VARCHAR Default: open resolved, closed)
Priority level (low,
medium, high,
priority VARCHAR Default: medium urgent)
Foreign Key Agent assigned to
assigned_to UUID (SupportAgent) the ticket
When the ticket
created_at TIMESTAMP Default: now() was created
When the ticket
updated_at TIMESTAMP Auto-updated was last modified

TicketStatusHistory history_id UUID Primary Key Unique record ID

Foreign Key Reference to the
ticket_id UUID (SupportTicket) ticket
old_status VARCHAR Nullable Previous status
Updated status
new_status VARCHAR NOT NULL after change

SupportAgent Unique ID for each

agent_id UUID Primary Key support agent
full_name VARCHAR NOT NULL Agent’s full name
NOT NULL,
email VARCHAR Unique Contact email
Optional contact
phone_number VARCHAR Optional number
Running count of
assigned_tickets INT Default: 0 assigned
Whether tickets
the agent
is_active BOOLEAN Default: true is currently
Date of active
created_at TIMESTAMP Default: now() registration
Unique identifier
Type
for of action
each audit log
ID of
(e.g., the user who
AuditLog log_id UUID Primary Key
Foreign Key entry login, the
performed
scan_start,
What was
user_id UUID (User) action
report_download,
accessed/affected
action_type VARCHAR NOT NULL delete_data)
(e.g., report.pdf,
IP address from
resource VARCHAR Optional scan_id=123)
which the action
ip_address INET Optional was triggered
 User-agent string
or
Anyparsed
extra device
context
device_info TEXT Optional details
like scan results,
metadata JSONB Optional file
When hashes, etc.
the action
created_at TIMESTAMP Default: now() occurred
Unique
The usersession
UserSession session_id UUID Primary Key
Foreign Key identifier
associated with
user_id UUID (User) the
Whensessionsession
When the
the session
login_time TIMESTAMP Default: now() started
ended (null if still
logout_time TIMESTAMP Nullable active)
IP addresscity
from
Resolved or
ip_address INET Optional login
country from IP
location VARCHAR Optional (optional)
Browser, OS,
device_info TEXT Optional device type is
True if session
is_active BOOLEAN Default: true currently active
Unique
Admin ID for the
who
admin_log_id UUID Primary Key Action
admin performed
AdminActionLog Foreign Key performed theentry
action
(delete_user,
admin_id UUID (Admin) action
grant_permission,
Affected user (if
action_type VARCHAR NOT NULL wipe_logs)
action involves a
Resource involved
target_user_id UUID Optional user) scan_id=345,
(e.g.,
IP of the admin
target_resource VARCHAR Optional user_data)
while performing
ip_address INET Optional the action
Notes about the
comments TEXT Optional reason
When the or context
action
performed_at TIMESTAMP Default: now() was performed
IntegrationApp
app_id UUID Unique ID
name VARCHAR App name
owner_email VARCHAR Contact
active,
callback_url VARCHAR For webhooks
suspended,
status Enum revoked
Registration
created_at TIMESTAMP time
 Endpoint Method Auth Purpose
Get all support tickets for
/api/v1/support/tickets GET Yes current user or admin

/api/v1/support/tickets/{ticket_id} GET Yes Get specific ticket details

Create a new support
/api/v1/support/tickets POST Yes ticket

/api/v1/support/tickets/{ticket_id}/reply POST Yes Reply to an existing ticket

No Get list of FAQ entries

/api/v1/audit/logs GET Yes (Admin only) View

View audit logs
specific audit log
/api/v1/audit/logs/{log_id} GET Yes (Admin only) entry
View audit statistics
/api/v1/audit/stats GET Yes (Admin only) (optional)

/api/v1/integration/scan POST Yes (API Key) Submit scan via API

/api/v1/integration/scan/{scan_id} GET Yes (API Key) Get scan
Send teststatus or result
webhook to
/api/v1/integration/webhook/test POST Yes (API Key)
Yes (API Key or configured URL
View webhook delivery
/api/v1/integration/webhook/logs GET Admin) logs
View or update API keys,
/api/v1/integration/settings GET/PUT Yes (Admin) webhook config
 Params Response
?status=open,closed [ { ticket_id, subject, status,
(optional) created_at, ... } ]
{ ticket_id, messages: [...],
Path: ticket_id status }

Body: { subject, message } { ticket_id, status: "open" }

Body: { message } { success: true }

- [ { question, answer } ]
?action=login,scan, ? [ { id, action_type, actor_id,
user_id=..., ? timestamp, ip_address,
date_range=... metadata }]
{ log_id, action_type,
Path: log_id timestamp,
{ total_logs, actor, metadata
log_types: {...}, }
- recent_actions: [...] }

Body: { file/url, type } { scan_id, status: "queued" }

Path: scan_id { scan_id, status, result_url }
Body: { target_url } {[ {success: true, test_id
log_id, status, }
timestamp,
?scan_id=... (optional) {delivery_time_ms }]
api_keys: [...], webhook_url:
- "...", active: true }
 Security Area Practice/Control
Data Access RBAC
Input Validation Strict validation
Audit Logging Log report access
 Details/Guidance for Devs Owner (Initial)
Restrict report access to authorized users shubham
Validate all report parameters, prevent injection shubham
Log all report generation and download events shubham
 Version
Draft
Draft
Draft