A government website registered with the Digital Government Authority.

3-Sep-2024
Back to Portal
Home Technical Architecture & Reference

Technical Architecture & Reference

Single-page reference of the technical stack, integrations, AI capabilities, and operational KPIs that power the SERA Licensing Portal.

SERA Licensing Digital Transformation – Digital Requirements Document v2.0 (March 2026)

Hosting Model

Reference Architecture

High-level deployment from presentation to data — request flow per the Digital Requirements Document.
Presentation Layer Investor Portal (Web / Mobile) React + responsive UI Internal Licensing Portal Reviewer dashboards · workflow inbox API Gateway Gravitee API Gateway JWT validation · rate-limiting · OAuth2 · audit logging · TLS 1.2+ Integration Layer TIBCO Enterprise Service Bus Cross-system orchestration · transformation · routing Business Layer · OCI Kubernetes Engine (OKE) Containerized Microservices License Service Workflow Service Notification Service Payment Service Application Mgmt Compliance Service Reporting · Audit · Identity (RBAC) AI Services (Sidecar) Azure AI (Saudi-hosted region) Chatbot · Doc OCR Validation · Detection Sentiment analysis Data Layer OCI Autonomous DB License master data OCI Object Storage Documents · attachments Power BI Analytics & reporting ArcGIS Geospatial / location External Integrations Government & Enterprise APIs (via TIBCO + Gravitee) NCEC MoE MoC SEC MEWA Aramco MoMRAH Civil Defense HCIS Nafath (SSO) SADAD National Address Yakeen ZATCA
Request Flow. User requests are routed through the OCI Load Balancer to the Gravitee API Gateway, which securely directs traffic to containerized microservices running on OCI Kubernetes Engine (OKE). Core services interact with the database, object storage, and internal systems, while AI-related requests are securely processed through outbound integration with Azure AI.

Technology Stack

Environments

14 government & enterprise APIs feeding the licensing process — all routed through the Integration Layer / API Gateway and following secure, auditable patterns.
10 internal services — split between existing portal APIs and target system APIs, all secured with JWT and integrated through the same gateway pattern.

AI Governance

AI is used for decision-support only. All inputs and outputs are logged for auditability.

Manual approval is required for all regulatory decisions — AI outputs do not autonomously approve, reject, or amend any license-related action.

Per Digital Requirements Document v2.0, sections 9.2.e and 10.7.c.

Operational and Target Operating Model (TMO) KPIs from the digital licensing framework. Final list to be aligned with the Target Operating Model deliverable.
# KPI Name Formula