Skip to main content

Third-Party Services

RoundTrip integrates with a number of external services to deliver its full feature set. This section documents every third-party integration — what it does, why it was chosen, how it is configured, and how to operate it.


Integration Philosophy

All third-party service integrations follow the same rules without exception:

Credentials never touch the codebase. All API keys, client secrets, and tokens live in Azure Key Vault and are injected into the application via App Service environment variables at startup. No credentials are ever committed to a repository or hardcoded in configuration files.

All external calls live in the Infrastructure layer. Service clients (SendGridEmailService, GraphUserService, etc.) are implemented in RoundTrip.API.Infrastructure. The Application and Domain layers never reference external service SDKs directly — they call interfaces defined in Core.Interfaces and implemented in Infrastructure.

All services are configured via IConfiguration. Service constructors read config keys at startup and throw InvalidOperationException if a required key is missing. This surfaces misconfiguration immediately on startup rather than at runtime when the first call is made.

Hangfire handles all deferred delivery. Emails, PDF generation, and other async work are enqueued as Hangfire background jobs rather than called inline in request handlers. This keeps API response times fast and provides automatic retry on failure.


Services at a Glance

ServicePurposeStatusKey Vault Secret
SendGridAll outbound email — invitations, invoices✅ LiveSendGrid--ApiKey
StripeSubscription billing, payments, webhooks✅ LiveStripe--SecretKey etc.
Microsoft Graph APIUser management in Entra External ID CIAM✅ LiveGraphApi--ClientSecret etc.
Web Push (VAPID)PWA push notifications to technician devices✅ LiveVapidKeys--PrivateKey etc.
TwilioSMS notifications to technicians⏳ PlannedTwilio--AuthToken etc.
Azure Blob StorageInvoice PDF storage✅ LiveConnectionStrings--BlobStorage

Adding a New Service

When integrating a new third-party service, follow this checklist:

  • Create the interface in RoundTrip.API.Core/Interfaces/ — e.g. ISmsService
  • Implement the interface in RoundTrip.API.Infrastructure/Services/ — e.g. TwilioSmsService
  • Read all required config in the constructor — throw InvalidOperationException if missing
  • Register the implementation in InfrastructureServiceExtensions.cs
  • Add required secrets to kv-roundtrip-production in Key Vault
  • Add App Service environment variable referencing the Key Vault secret
  • Add the secret name and mapping to the Infrastructure Reference
  • Document the service on a new page in this section
  • Do a full stop/start of App Service after adding new Key Vault references
  • Store credentials in Bitwarden as well as Key Vault

Credential Management

All service credentials are stored in two places:

StorePurposeContains
Azure Key Vault (kv-roundtrip-production)Runtime credential injection into the applicationAPI keys, client secrets, tokens — the actual values the app uses
Bitwarden (Traxs Group vault)Human access — dashboard logins, account credentials, backupLogin emails, passwords, account URLs, billing info

See the Infrastructure Reference for the full Key Vault secret inventory.