# Platform - [Platform Architecture](https://docs.openg2p.org/platform/architecture.md) - [Platform Tech Architecture](https://docs.openg2p.org/platform/architecture/platform-tech-architecture.md) - [Registry Tech Architecture](https://docs.openg2p.org/platform/architecture/registry-tech-architecture.md) - [PBMS Tech Architecture](https://docs.openg2p.org/platform/architecture/pbms-tech-architecture.md) - [Async Processes - Tech Architecture](https://docs.openg2p.org/platform/architecture/async-processes-tech-architecture.md) - [Security Architecture](https://docs.openg2p.org/platform/architecture/security-architecture.md) - [Partner APIs](https://docs.openg2p.org/platform/architecture/security-architecture/partner-apis.md): Security design for Partner APIs - [Portal APIs](https://docs.openg2p.org/platform/architecture/security-architecture/portal-apis.md): Security design for Staff Portal API, Agent Portal API and Bene Portal API - [Platform Services](https://docs.openg2p.org/platform/platform-services.md) - [Identity & Access Management](https://docs.openg2p.org/platform/platform-services/identity-and-access-management.md): IAM and RBAC concepts within OpenG2P - [High Level Design](https://docs.openg2p.org/platform/platform-services/identity-and-access-management/high-level-design.md) - [Authentication - Flow Diagram](https://docs.openg2p.org/platform/platform-services/identity-and-access-management/authentication-flow-diagram.md) - [RBAC in Product APIs](https://docs.openg2p.org/platform/platform-services/identity-and-access-management/rbac-in-product-apis.md) - [Developer Install](https://docs.openg2p.org/platform/platform-services/identity-and-access-management/developer-install.md): This page provides comprehensive documentation for the installation of Openg2p IAM Service - [Security Controls](https://docs.openg2p.org/platform/platform-services/identity-and-access-management/security-controls.md): Token Handling, Headers, CORS & CSRF Protection - [Versions](https://docs.openg2p.org/platform/platform-services/identity-and-access-management/versions.md): IAM Service Versions - [Audit Manager](https://docs.openg2p.org/platform/platform-services/audit-manager.md): A centralised audit-event service for OpenG2P. Accepts structured audit events over HTTP, buffers through Kafka, and persists them to a partitioned PostgreSQL table for long-term retention and forensi - [Functional Specifications](https://docs.openg2p.org/platform/platform-services/audit-manager/functional-specifications.md): Event schema (CloudEvents envelope + OpenG2P data conventions), mapping to Postgres columns, how to emit audit events from API calls, naming conventions, and PII handling. - [API Reference](https://docs.openg2p.org/platform/platform-services/audit-manager/api-reference.md): REST API reference for the Audit Manager — rendered directly from the live OpenAPI 3.1 spec committed to the repo. - [Technical Architecture](https://docs.openg2p.org/platform/platform-services/audit-manager/technical-architecture.md): Design choices behind the Audit Manager — why each alternative was rejected, scalability model, reliability & delivery guarantees, and the partitioning / retention strategy. - [Deployment](https://docs.openg2p.org/platform/platform-services/audit-manager/deployment.md): Deployment guide for the Audit Manager — local development with Docker Compose, Helm chart installation, configuration reference, operational runbook, and security considerations. - [Testing](https://docs.openg2p.org/platform/platform-services/audit-manager/testing.md): Test plan for the Audit Manager — unit tests (pydantic schema), end-to-end smoke test against docker compose, concurrent load test, and the Postman collection. - [Integration with Registry](https://docs.openg2p.org/platform/platform-services/audit-manager/integration-with-registry.md): How OpenG2P registry services integrate with the Audit Manager. Covers two BFF integrations — Staff Portal API and Partner API — that share the same middleware shape but adapt to their respective auth - [Local Install — Staff Portal API](https://docs.openg2p.org/platform/platform-services/audit-manager/integration-with-registry/local-install.md): Step-by-step guide to run openg2p-registry-staff-portal-api on a local developer machine. Includes every fix needed beyond the upstream README, with macOS / Apple Silicon notes called out explicitly. - [Audit Middleware — Staff Portal API](https://docs.openg2p.org/platform/platform-services/audit-manager/integration-with-registry/audit-middleware.md): AuditMiddleware for the Registry Staff Portal API — design, files changed, configuration, and how to verify audit events land in the Audit Manager Postgres store. - [Audit Middleware — Partner API](https://docs.openg2p.org/platform/platform-services/audit-manager/integration-with-registry/partner-api.md): AuditMiddleware for the Registry Partner API — the variant adapted to signature-based auth, with controller opt-in hooks for richer actor identity and outcome tracking. - [Verification — End to End](https://docs.openg2p.org/platform/platform-services/audit-manager/integration-with-registry/verification.md): End-to-end smoke test confirming the Staff Portal API → Audit Manager integration works: a Keycloak-authenticated API call lands as a row in the cluster's audit\_events table within seconds, with the f - [ID Generator](https://docs.openg2p.org/platform/platform-services/id-generator.md): A service that generates unique, random numeric IDs for multiple consuming applications with pre-generated pools, Verhoeff checksum, and multi-ID-type support. - [Functional Specifications](https://docs.openg2p.org/platform/platform-services/id-generator/functional-specifications.md): Functional specification for the ID Generator service — ID types, generation rules, filters, pool management, and exhaustion handling. - [API Reference](https://docs.openg2p.org/platform/platform-services/id-generator/api-reference.md): API reference for the ID Generator service — endpoints, response envelope, error codes, and HTTP status codes. - [Technical Architecture](https://docs.openg2p.org/platform/platform-services/id-generator/technical-architecture.md): Technical architecture of the ID Generator service — async stack, database design, concurrency patterns, and Kubernetes deployment. - [Deployment](https://docs.openg2p.org/platform/platform-services/id-generator/deployment.md): Deployment guide for the ID Generator service — Helm chart installation, configuration, Docker setup, and local development. - [Testing](https://docs.openg2p.org/platform/platform-services/id-generator/testing.md): Test plan for the ID Generator service — test categories, execution, and reporting. - [Master Data Service](https://docs.openg2p.org/platform/platform-services/master-data-service.md) - [Versions](https://docs.openg2p.org/platform/platform-services/master-data-service/versions.md) - [Approval Workflow Engine (AWE)](https://docs.openg2p.org/platform/platform-services/approval-workflow-engine.md): A generic, configurable multi-stage approval workflow engine for OpenG2P. Caller services post artifacts for approval; AWE resolves stages and approvers, tracks decisions, and notifies callers via sig - [Scenarios catalog](https://docs.openg2p.org/platform/platform-services/approval-workflow-engine/scenarios.md) - [Functional Specifications](https://docs.openg2p.org/platform/platform-services/approval-workflow-engine/functional-specifications.md): Policy model, stage modes, approver rule types, context semantics, skip rules, request lifecycle state machine, webhook contract, and FAQ. - [API Reference](https://docs.openg2p.org/platform/platform-services/approval-workflow-engine/api-reference.md): REST API reference for the Approval Workflow Engine — rendered directly from the live OpenAPI 3.1 spec committed to the repo. - [Error codes](https://docs.openg2p.org/platform/platform-services/approval-workflow-engine/error-codes.md) - [Technical Architecture](https://docs.openg2p.org/platform/platform-services/approval-workflow-engine/technical-architecture.md): Design choices behind the Approval Workflow Engine — why each alternative was rejected, scalability model, delivery guarantees, engine state machine, and approver-resolution caching. - [Integration with Registry](https://docs.openg2p.org/platform/platform-services/approval-workflow-engine/integration-with-registry.md) - [Deployment](https://docs.openg2p.org/platform/platform-services/approval-workflow-engine/deployment.md): Deployment guide for the Approval Workflow Engine — local development with Docker Compose, Helm chart installation, configuration reference, Keycloak prerequisites, operational runbook, and security c - [Testing](https://docs.openg2p.org/platform/platform-services/approval-workflow-engine/testing.md): Test plan for the Approval Workflow Engine — hermetic pytest smoke tests against in-memory SQLite, what they cover, and how to run against real Postgres. - [How-To Guides](https://docs.openg2p.org/platform/platform-services/approval-workflow-engine/how-to.md) - [Run stages in parallel](https://docs.openg2p.org/platform/platform-services/approval-workflow-engine/how-to/parallel-stages.md) - [Skip a stage based on context](https://docs.openg2p.org/platform/platform-services/approval-workflow-engine/how-to/conditional-skip.md) - [Configure SLA escalation](https://docs.openg2p.org/platform/platform-services/approval-workflow-engine/how-to/sla-escalation.md) - [Set up out-of-office delegation](https://docs.openg2p.org/platform/platform-services/approval-workflow-engine/how-to/delegation.md) - [Mark a required (must-approve) approver](https://docs.openg2p.org/platform/platform-services/approval-workflow-engine/how-to/required-approver.md) - [Add a non-blocking observer](https://docs.openg2p.org/platform/platform-services/approval-workflow-engine/how-to/observers.md) - [Forbid self-approval & repeat approvers](https://docs.openg2p.org/platform/platform-services/approval-workflow-engine/how-to/segregation-of-duties.md) - [Reassign a stuck task](https://docs.openg2p.org/platform/platform-services/approval-workflow-engine/how-to/reassign-task.md) - [Use a Keycloak client role in a rule](https://docs.openg2p.org/platform/platform-services/approval-workflow-engine/how-to/client-role-rule.md) - [VC Issuance](https://docs.openg2p.org/platform/platform-services/vc-issuance.md): Issuing Verifiable Credentials from OpenG2P data (Registry first) with MOSIP Inji Certify — and, crucially, how a citizen holds and presents them. Phase 1 is paper-based; Phase 2 is self-owned smartph - [Custody Options & Strategy](https://docs.openg2p.org/platform/platform-services/vc-issuance/custody-options-and-strategy.md): How a citizen holds and presents a Verifiable Credential — the three options (paper, hosted wallet, device wallet), who each serves, an honest comparison, and why OpenG2P does paper first and self-own - [Phase 1 — Paper Credential](https://docs.openg2p.org/platform/platform-services/vc-issuance/phase-1-paper-credential.md): Phase 1 — assisted issuance of a signed, printable credential (PDF with an offline-verifiable QR) from OpenG2P Registry data, verified with Inji Verify. No wallet, no IdP, no OpenID4VCI device flow. - [Registry Data Connector](https://docs.openg2p.org/platform/platform-services/vc-issuance/registry-data-connector.md): How Inji Certify gets the citizen's claims — two paths. Phase 1 PUSHES claims from the Agent Portal API (Certify stays decoupled); the wallet flow PULLS via a custom DataProvider plugin with configura - [Deployment](https://docs.openg2p.org/platform/platform-services/vc-issuance/deployment.md): Deploying the Phase-1 VC-issuance stack — the Agent Portal API + Inji Certify — on the OpenG2P Kubernetes cluster, reusing the existing PostgreSQL. Plus Inji Verify for offline QR verification. - [Local Developer Trial](https://docs.openg2p.org/platform/platform-services/vc-issuance/local-setup.md): A verified local run of the Phase-1 push flow — the Agent Portal API reads a real registrant, pushes claims to Inji Certify, gets an Ed25519-signed credential, and renders a printable PDF with a QR. N - [Phase 2 — Device Wallet](https://docs.openg2p.org/platform/platform-services/vc-issuance/phase-2-device-wallet.md): Phase 2 (future) — self-owned smartphone wallets (Inji Mobile). The self-sovereign upgrade for citizens who have a smartphone. - [Consent Management](https://docs.openg2p.org/platform/platform-services/consent-management.md) - [Design](https://docs.openg2p.org/platform/platform-services/consent-management/design.md) - [High level design](https://docs.openg2p.org/platform/platform-services/consent-management/design/consent-management.md): Consent Management microservice -- consent flow, data structures, and enforcement model. - [Information flow](https://docs.openg2p.org/platform/platform-services/consent-management/design/high-level-design.md) - [Detailed Design Notes](https://docs.openg2p.org/platform/platform-services/consent-management/design/detailed-design-notes.md) - [Data Sharing](https://docs.openg2p.org/platform/platform-services/data-share.md) - [OpenG2P - IUDX](https://docs.openg2p.org/platform/platform-services/data-share/openg2p-iudx.md): Data Share - [Privacy & Security](https://docs.openg2p.org/platform/platform-services/privacy-and-security.md) - [Key Manager](https://docs.openg2p.org/platform/platform-services/privacy-and-security/key-manager.md) - [Security Audits](https://docs.openg2p.org/platform/platform-services/privacy-and-security/security-audits.md) - [Security Audit 2025 March](https://docs.openg2p.org/platform/platform-services/privacy-and-security/security-audits/security-audit-2025-march.md) - [System Monitoring](https://docs.openg2p.org/platform/platform-services/system-monitoring.md) - [Setup & Configuration](https://docs.openg2p.org/platform/platform-services/system-monitoring/setup-and-configuration.md) - [Dashboards & Viewing Logs](https://docs.openg2p.org/platform/platform-services/system-monitoring/dashboards.md) - [Operations Guide](https://docs.openg2p.org/platform/platform-services/system-monitoring/operations.md) - [Reporting & Analytics](https://docs.openg2p.org/platform/platform-services/reporting-and-analytics.md) - [Apache Superset](https://docs.openg2p.org/platform/platform-services/reporting-and-analytics/apache-superset.md): Monitoring dashboards using Apache Superset - [User Guides](https://docs.openg2p.org/platform/platform-services/reporting-and-analytics/apache-superset/user-guides.md) - [Passing Custom User Context in Row Level Security](https://docs.openg2p.org/platform/platform-services/reporting-and-analytics/apache-superset/user-guides/passing-custom-user-context-in-row-level-security.md) - [Interoperability](https://docs.openg2p.org/platform/platform-services/interoperability.md): OpenG2P Interoperability - [Portals & Apps](https://docs.openg2p.org/platform/portals-and-apps.md) - [Staff Portal](https://docs.openg2p.org/platform/portals-and-apps/staff-portal.md) - [Authentication - Staff Portal](https://docs.openg2p.org/platform/portals-and-apps/staff-portal/authentication-staff-portal.md) - [Developer Install](https://docs.openg2p.org/platform/portals-and-apps/staff-portal/developer-install.md): Developer Installation for Openg2p Staff Portal UI - [Beneficiary Portal](https://docs.openg2p.org/platform/portals-and-apps/beneficiary-portal.md) - [Developer Zone](https://docs.openg2p.org/platform/portals-and-apps/beneficiary-portal/developer-zone.md) - [Developer Setup](https://docs.openg2p.org/platform/portals-and-apps/beneficiary-portal/developer-zone/developer-setup.md) - [Openg2p Beneficiary Portal UI](https://docs.openg2p.org/platform/portals-and-apps/beneficiary-portal/developer-zone/developer-setup/openg2p-beneficiary-portal-ui.md): Developer Installation for Openg2p Beneficiary Portal UI - [Openg2p Portal Server](https://docs.openg2p.org/platform/portals-and-apps/beneficiary-portal/developer-zone/developer-setup/openg2p-portal-server.md): This page provides comprehensive documentation for the installation of Openg2p Portal Server - [React/Next.js Project Structure](https://docs.openg2p.org/platform/portals-and-apps/beneficiary-portal/developer-zone/react-next.js-project-structure.md) - [Deployment of Strapi](https://docs.openg2p.org/platform/portals-and-apps/beneficiary-portal/deployment-of-strapi.md): This guide explains how to deploy Strapi in any environment to enable integration, testing, and production readiness. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.openg2p.org/platform.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.