Architecture

Rafiki is a collection of three services that run together. Each one can scale horizontally.

• Backend - The main service, responsible for handling business logic and external communication
• Auth - A reference implementation of an Open Payments authorization server, used for grant authorization and authentication
• Frontend - An optional internal user interface, called the Rafiki Admin, for you to manage your Rafiki instance

These services rely on a number of databases.

• A Postgres database used by the auth service for storing auth-related resources (grants, access tokens, and interactions)
• A Redis database used by the auth service to store session data
• A Postgres database used by the backend service for Open Payments resources and application data

• TigerBeetle

  , used by the backend service for accounting balances
• A Redis database used by the backend service as a cache to share STREAM connection details across processes

An additional package for token introspection is also included with Rafiki. This is an internal package that requires no action on your part if you’re using Rafiki’s auth service.