External Integrations
Overview of all third-party service integrations in the Renewa One backend. Each integration has a dedicated client or service, with credentials managed via GitHub Environment Secrets and synced to Fly.io on deploy.
Integration Map
| Service | Client Location | Purpose | Dedicated Page |
|---|---|---|---|
| HubSpot | backend/src/services/hubspot/ (14 files) | Bidirectional CRM sync | HubSpot Integration |
| DocuSign | backend/src/lib/docusign-client.ts | E-signature workflows | DocuSign |
| Azure Entra | backend/src/services/entra/ | SSO / identity provider | Azure Entra |
| Dataverse | backend/src/lib/dataverse-client.ts | MS Dynamics data import | Dataverse |
| Resend | backend/src/lib/email/ | Transactional email | Resend Email |
| MessageBird | backend/src/lib/sms/ | SMS messaging | MessageBird SMS |
| Sentry | backend/src/lib/sentry.ts | Error tracking | Sentry |
| S3 / Tigris | backend/src/lib/storage.ts | Object file storage | Files |
| Upstash Redis | backend/src/lib/redis/ | Cache, job queues, rate limiting | Background Jobs |
Credential Management
All external credentials are stored as GitHub Environment Secrets, never in code or config files.
| Secret | Service | Notes |
|---|---|---|
HUBSPOT_CLIENT_ID | HubSpot | Public OAuth app ID |
HUBSPOT_CLIENT_SECRET | HubSpot | Webhook signature validation |
ENCRYPTION_MASTER_KEY | Internal | Encrypts OAuth tokens at rest |
SENTRY_DSN_BACKEND | Sentry | Error reporting endpoint |
BIRD_API_KEY | MessageBird | SMS API access |
TIGRIS_* | Tigris/S3 | Object storage credentials |
UPSTASH_REDIS_* | Upstash | Redis connection |
Secrets are synced from GitHub to Fly.io on every deploy via the --stage flag. See Deployment Pipeline, CI-CD Workflows.
Authentication Patterns
| Pattern | Used By |
|---|---|
| OAuth 2.0 (authorization code) | HubSpot, DocuSign, Azure Entra |
| API key | MessageBird, Sentry |
| Access key + secret | Tigris/S3 |
| Connection string | Upstash Redis |
HubSpot and DocuSign OAuth tokens are stored encrypted in the database using ENCRYPTION_MASTER_KEY. See Library Utilities for the encryption module.
HubSpot Integration Detail
The largest integration with 14 dedicated service files:
| File | Responsibility |
|---|---|
auth.ts | OAuth token management, automatic refresh |
hubspot-sync.service.ts | Bidirectional sync orchestration |
hubspot-webhook.service.ts | Webhook event processing |
contact-sync.ts | Contact sync logic |
company-sync.ts | Company sync logic |
deal-sync.ts | Deal/quote sync |
product-sync.ts | Product catalog sync |
quote-sync.ts | Quote sync |
line-item-sync.ts | Line item sync |
See HubSpot Integration for full architecture.
Background Processing
Several integrations use Background Jobs for async processing:
| Queue | Integration |
|---|---|
| Notification queue | Resend Email, MessageBird SMS |
| HubSpot sync queue | HubSpot Integration |
| Webhook processing | HubSpot Integration |
Related
- Backend Architecture — How integrations fit in the service layer
- Library Utilities — API client implementations
- Services Overview — Service wrappers around integrations
- Deployment Pipeline — Secret syncing on deploy
- Security Scanning — Dependency vulnerability scanning