System Architecture
ICARE is designed as an API-first multi-tenant system using Laravel and Laravel Sanctum to manage user scopes, billing limits, and patient health data securely.
Technology Stack
| Layer | Technology Used | Description / Details |
|---|---|---|
| Runtime | PHP 8.2+ | Server environment powering the core application. |
| Framework | Laravel 11.x | Modern MVC structure with robust DB routing, migrations, and console command tools. |
| Database | MySQL 8.0 | Stores patient profiles, invoices, appointments, and diagnostic parameters. |
| Authentication | Laravel Sanctum | Token-based security for stateful and stateless REST API consumers. |
| Video Calls | Zoom OAuth Integration | Dynamically creates, updates, and deletes telehealth sessions. |
| Payments | Stripe & Razorpay | Webhook-centric gateway modules for clinic subscriptions and patient invoices. |
| Notifications | FCM (Firebase Cloud Messaging) | Sends transactional notifications to patients, doctors, and assistants. |
Directory Structure
Key architectural components are organized in standard Laravel locations:
app/CentralLogics/Helpers.php: Core utility class containing authorization guards, permission validations, and active subscription checks.app/Http/Controllers/Api/V1/: Houses 80 modular controllers executing specialized API endpoints.app/Models/: Contains 84 Eloquent models specifying DB mappings and relations.routes/api.php: Houses the 396 REST API routes prefixing all operations with/api/v1/.routes/web.php: Dedicated to public webhook callbacks (Stripe, Razorpay) and PDF generation render pages.
Route Access & Middleware Architecture
Security and SaaS feature limits are enforced in layers. Requests must pass through specific middleware checks depending on their scope:
graph TD
REQ["Incoming API Request"] --> FILTER{"Check Authorization"}
subgraph "Public Layer (API Key)"
FILTER -->|Public Endpoint| APIKEY["api.key middleware"]
APIKEY -->|Valid x-api-key| PUB_RES["Login, Register, Plan Lists, GET items"]
end
subgraph "Authenticated Layer (Sanctum)"
FILTER -->|Token Required| SANCTUM["auth:sanctum middleware"]
SANCTUM -->|Valid Token| SUB_CHECK{"Subscription State"}
SUB_CHECK -->|Subscription Setup| NO_SUB["Subscription Management Views"]
SUB_CHECK -->|Clinical Write Operation| ENFORCE["check.subscription middleware"]
ENFORCE -->|Active & Paid Tenant| WRITE_RES["POST, UPDATE, DELETE Clinical Actions"]
ENFORCE -->|Expired Tenant| BLOCKED["201 Response - Operational Actions Locked"]
end
Subscription Enforcement Guard
The check.subscription middleware intercepts all write operations (creating appointments, adding doctors, prescribing medicine). If a clinic's subscription lapses or exceeds their active doctor/patient cap, the system locks access immediately, allowing only read operations (GET requests) during a grace period.