Services and responsibilities

Auth / Identity (Keycloak)

• Responsibility: Authentication, user identity, SSO, OIDC tokens.
• Data owned: Keycloak user record (sub), basic profile attributes.
• Notes: Other services store keycloak_id as foreign reference only.

Customer Service (customer profile / account)

• Responsibility: canonical customer profile (name, emails, billing address, company, contact info), payment-customer mapping (e.g., providerCustomerId), invoice delivery preferences, links to internal user records.
• Data owned: customer table (customer_id, keycloak_id, contact info, provider customer id, metadata).
• API examples: GET/PUT customer, attach payment method token, list customer’s subscriptions/orders.
• When to call: read-heavy for CRM and billing, write when profile changes.