Commercial License Revamp
2025
Decomposed a legacy government licence monolith into a modern microservices target across several DDD bounded contexts on Camunda BPMN/DMN — now the agreed target architecture across engineering.
The problem
The Commercial Licence service had grown into a single deployable unit owning approval workflows, user state, licence issuance, location, invoicing, and a downstream billing/payment integration. One change broke many surfaces; release cadence had dropped to monthly.
The constraint
A live super-app already routed millions of citizen interactions through it. We could not break the public API contract.
The architecture
Several DDD bounded contexts, one per major capability — application/approval, user and record ownership, the core commercial domain, location, invoicing, and a safety-permit domain that integrates with the relevant safety authority.
Camunda BPMN/DMN orchestrates the cross-context approval flow; a broker-based asynchronous event carries the payment confirmation from the billing/payments platform. The observability stack is ELK + Elastic APM + Prometheus / Grafana.
Approval and validation both run on the same workflow engine, supporting two process variants: a fast-track path that issues the invoice early so safety and location work can proceed in parallel, and a normal-track path that invoices after approval. An API gateway is the single inbound surface for all UI and external-system traffic, so authentication, rate-limiting, and observability stay cross-cutting concerns as the monolith is decomposed.
Pattern view — the monolith re-cut into several bounded contexts behind a preserved API; payment confirmation arrives as an event.
Trade-offs (ADRs)
- Self-managed Camunda over Camunda Cloud — data sovereignty + cost
- A broker-based async event for payment confirmation — operational simplicity, and decoupling the payment flow from the synchronous licence-request path
- Strangler Fig migration over big-bang — required zero-downtime cutover
- Distributed tracing as a first-class requirement — a decomposed flow that crosses several services has to stay debuggable end to end
Outcome
Agreed target architecture across the engineering organisation, validated on a staging cluster sized for thousands of requests per minute. Same Camunda-based approach applied to the parallel Building License Revamp.