sequenceDiagram
participant DPR as DPR System (Internal)
participant FR as ForgeRock (IAM Gatekeeper)
participant Kong as Kong API Gateway
participant FW as Cisco Firewall
participant WP as Worldpay (External)
Note over DPR, FR: 1. Identity Verification (Pre-flight)
DPR->>FR: Request One-Way “Passport” (OAuth2 Client Credentials)
Note right of FR: Authenticates DPR as a ‘Safe’ System
FR–>>DPR: Issue Short-Lived Access Token (JWT)
Note over DPR, Kong: 2. Internal Authorised Call
DPR->>Kong: POST /process-fee (XML + JWT Token)
Note right of Kong: 3. Gateway Enforcement:
Note right of Kong: – Validates JWT Signature via ForgeRock Keys
Note right of Kong: – Enforces Rate Limiting
Note right of Kong: – Strips Internal Token (Security Hygiene)
Note right of Kong: – Appends Worldpay API Credentials
Note over Kong, WP: 4. One-Way Outbound Push
Kong->>FW: Outbound HTTPS (Port 443)
FW->>WP: paymentService v1.2 XML Request
WP–>>FW: XML Response
FW–>>Kong: Forward Response
Kong–>>DPR: Success/Error Response
