Case Study

Cross-System Onboarding Pipeline

A secure webhook-based automated onboarding system that bridges two separate platforms — provisioning customer workspaces in seconds with cryptographic signature verification, zero manual intervention.

Next.js TypeScript Firebase Auth Firestore HMAC-SHA256 REST API Webhooks
Problem Form Webhook Verify Provision Response Success Impact
Before Two Systems, No Bridge

The business runs two entirely separate platforms with separate authentication, databases, and hosting. A customer signing up on one has no account on the other.

System A
Public Landing Page
Marketing site where new customers discover the product and sign up. Separate Firebase project, separate auth, separate database.
The Gap
No Shared Backend
No common authentication, no shared database, no integration. A human had to manually create every new account in the main platform.
System B
Main SaaS Platform
The actual product where companies manage and run operations. Completely separate infrastructure from the landing page.
Result: Manual account creation for every signup. Doesn't scale, creates onboarding friction, delays customer activation.
Step 1 Customer Signs Up

A new customer fills out the signup form on the public landing page.

New Account Registration
Company Name
 
Branch Name
 
Admin Email
 
Subscription Plan
 
Step 2 Secure Webhook Fired

The landing page fires a secure HTTPS POST to the main platform's onboarding API.

System A
Landing Page
Sends signed payload
🔒
System B
Main Platform
Receives & verifies
POST /api/admin-onboarding/webhook
Header: X-Webhook-Signature: HMAC-SHA256
Event: admin_account_created
Payload: Company, branch, admin, subscription data
Step 3 Signature Verification

The platform verifies the request is authentic using HMAC-SHA256 cryptographic signature comparison.

Received Signature (from webhook header)
sha256=a3f2b8c91d4e7f6a0b5c3d2e1f9a8b7c6d5e4f3...
Computed Signature (payload + secret key)
sha256=a3f2b8c91d4e7f6a0b5c3d2e1f9a8b7c6d5e4f3...
🛡️
✓ Signature Verified — Request Authentic
Step 4 Account Provisioning Chain

The platform automatically provisions the entire customer workspace — company, branch, user, permissions, subscription — in a single atomic transaction.

🏢
Company Created
Organisation record with unique ID and metadata
📍
Branch Created
Location record linked to parent company
🔑
Auth User Created
Firebase Authentication user with secure credentials
🛡️
Roles & Permissions Assigned
BRANCH_ADMIN: manage operations, manage users, view reports
💳
Subscription Activated
Selected plan activated with billing metadata
📋
Audit Log Recorded
Full onboarding event trail saved to Firestore
Step 5 Success Response

The platform responds with a 200 OK — the new customer can log in immediately.

System A
Landing Page
Receives confirmation
System B
Main Platform
Sends 200 OK
Status: 200 OK
Message: Admin account created successfully
Result: User can login immediately with credentials
Complete Customer Ready

The new customer sees a success screen and can sign in immediately — zero manual intervention, zero delay.

🎉
Welcome! Your account is ready.
You can sign in now with the credentials sent to your email.
Company workspace, branch, permissions, and subscription — all provisioned automatically.
Results Architecture & Impact

A production-grade cross-system integration bridging two independent Firebase projects with cryptographic security.

Next.js API Routes
Webhook endpoint with middleware validation
Firebase Auth
Cross-project user provisioning with custom claims
Firestore
Company, branch, subscription, and audit data
HMAC-SHA256
Cryptographic signature verification on every request
TypeScript
End-to-end type safety across both systems
REST Webhooks
Secure HTTPS POST with idempotency handling
0
Manual steps in customer onboarding
<5s
Full workspace provisioned from signup
SHA-256
Cryptographic request authentication
6
Records provisioned in a single transaction

Zero Manual Intervention, Instant Activation

Cryptographically secured webhook pipeline bridging two independent platforms — customer signs up, account is ready in seconds.

⚡ Blitzy
Microsoft Dynamics 365 Consulting · blitzy.com.au