Owner: Engineering Team | Last Updated: 2026-01-30 | Status: Current
This document provides the C4 Level 2 (Container) view of the WWAI system, detailing every service, their communication protocols, port mappings, base URLs, and dependency relationships. This is the primary reference for understanding how services interact at runtime.
WWAI Service Map (C4 Level 2)
=============================
CLIENTS PLATFORM CORE EXTERNAL SERVICES
------- ------------- -----------------
+--------------------+
| Next.js Web App |
| Port: 3000 |
| URL: app.wwai.ai |----+
+--------------------+ |
| +--------------------------+ +-------------------+
+--------------------+ | | | | Google OAuth |
| Flutter Mobile App | | | Nginx / ALB | | accounts.google.. |
| iOS + Android |----+--->| Port: 443 (HTTPS) |---->| Protocol: OAuth2 |
+--------------------+ | | URL: *.wwai.ai | +-------------------+
| | |
+--------------------+ | +-----------+--------------+ +-------------------+
| Chrome Extension | | | | Facebook OAuth |
| Content Script + |----+ | HTTPS / TLS | facebook.com/v18 |
| Background Worker | | | | Protocol: OAuth2 |
+--------------------+ | | +-------------------+
| +-----------v--------------+
+--------------------+ | | | +-------------------+
| Shopify Plugin | | | Django REST API | | Stripe API |
| Embedded App |----+ | Port: 8000 |---->| api.stripe.com |
+--------------------+ | | URL: api.wwai.ai | | Protocol: REST |
| | Protocol: REST (JSON) | +-------------------+
+--------------------+ | | |
| WordPress Plugin |----+ | Endpoints: | +-------------------+
| PHP / REST Client | | /api/v1/humanize | | Churnkey |
+--------------------+ | /api/v1/detect |---->| api.churnkey.co |
| /api/v1/auth | | Protocol: REST |
| /api/v1/billing | +-------------------+
| /api/v1/user |
| /api/v1/admin | +-------------------+
| | | 9 AI Detectors |
+---------+---+---+--------+---->| (see table below) |
| | | | Protocol: REST |
| | | +-------------------+
+-------------+ | +------------+
| | |
+----------v------+ +-------v-------+ +----v-----------+
| | | | | |
| PostgreSQL | | Redis | | AWS S3 |
| Port: 5432 | | Port: 6379 | | s3.amazonaws.. |
| Protocol: TCP | | Protocol: TCP | | Protocol: HTTPS|
| | | | | |
| - Users | | - Sessions | | - Static assets|
| - Subscriptions | | - Rate limits | | - Model files |
| - Usage logs | | - Cache | | - Exports |
| - API keys | | - Queues | | |
+-----------------+ +---------------+ +----------------+
MONITORING (Outbound from Web App & Backend)
------------------------------------------
+------------------+ +----------------+ +------------------+
| Sentry | | PostHog | | Google Analytics |
| sentry.io | | app.posthog.com| | (via GTM) |
| Protocol: HTTPS | | Protocol: HTTPS| | Protocol: HTTPS |
| Source: Web + | | Source: Web App| | Source: Web App |
| Backend | +----------------+ +------------------+
+------------------+
+----------------+ +------------------+
| MS Clarity | | AWS CloudWatch |
| clarity.ms | | Logs + Metrics |
| Protocol: HTTPS| | Protocol: AWS SDK|
| Source: Web App| | Source: ECS Tasks|
| (Prod only) | +------------------+
+----------------+
| Service | Technology | Port | Base URL | Protocol | Health Check |
|---|---|---|---|---|---|
| Web Application | Next.js 16 / Node.js | 3000 | https://app.wwai.ai |
HTTPS | GET /api/health |
| Django REST API | Python / Django 5.x | 8000 | https://api.wwai.ai |
HTTPS (REST/JSON) | GET /api/v1/health |
| PostgreSQL | PostgreSQL 15+ | 5432 | Internal (AWS RDS) | TCP (pg wire) | pg_isready |
| Redis | Redis 7+ | 6379 | Internal (ElastiCache) | TCP (RESP) | PING |
| Service | Base URL | Protocol | Auth Method | Rate Limits |
|---|---|---|---|---|
| Google OAuth | https://accounts.google.com |
OAuth 2.0 / OIDC | Client ID + Secret | Google default |
| Facebook OAuth | https://graph.facebook.com/v18.0 |
OAuth 2.0 | App ID + Secret | Facebook default |
| Stripe | https://api.stripe.com/v1 |
REST (HTTPS) | Bearer token (Secret Key) | 100 req/s (live) |
| Churnkey | https://api.churnkey.co |
REST (HTTPS) | API Key | Per agreement |
| Sentry | https://<org>.ingest.sentry.io |
HTTPS | DSN | Unlimited |
| PostHog | https://app.posthog.com |
HTTPS | Project API Key | Per plan |
| Google Analytics | Via Google Tag Manager | HTTPS (JS) | Measurement ID | Unlimited |
| Microsoft Clarity | https://clarity.ms |
HTTPS (JS) | Project ID | Unlimited |
| AWS S3 | https://s3.<region>.amazonaws.com |
HTTPS (AWS SDK) | IAM Role / Access Key | 5,500 PUT/s per prefix |
| AWS CloudWatch | Regional endpoint | HTTPS (AWS SDK) | IAM Role | AWS default |
| # | Detector | Base URL | Auth Method | Response Format | Typical Latency |
|---|---|---|---|---|---|
| 1 | GPTzero | https://api.gptzero.me/v2 |
API Key (Header) | JSON | 2-5s |
| 2 | ZeroGPT | https://api.zerogpt.com/api |
API Key (Header) | JSON | 1-3s |
| 3 | Sapling | https://api.sapling.ai/api/v1 |
API Key (Query) | JSON | 1-2s |
| 4 | Copyleaks | https://api.copyleaks.com/v2 |
Bearer Token (OAuth) | JSON | 3-8s |
| 5 | Writer | https://api.writer.com/v1 |
API Key (Header) | JSON | 1-3s |
| 6 | Turnitin | https://api.turnitin.com/api/v1 |
API Key + Secret | JSON | 5-15s |
| 7 | Originality | https://api.originality.ai/api/v1 |
API Key (Header) | JSON | 2-4s |
| 8 | Crossplag | https://api.crossplag.com/v1 |
API Key (Header) | JSON | 2-5s |
| 9 | Content at Scale | https://api.contentatscale.ai/v1 |
API Key (Header) | JSON | 1-3s |
Note: Detector latencies are approximate and vary based on text length and service load. The backend calls detectors in parallel to minimize total response time.
All client applications communicate with the Django REST API over HTTPS using JSON payloads.
Client Request Flow:
====================
Client App ALB / Nginx Django API
---------- ----------- ----------
| | |
|-- HTTPS Request ------------>| |
| Headers: | |
| Authorization: Bearer <JWT> |
| Content-Type: application/json |
| X-Fingerprint: <device-fp> |
| X-Turnstile-Token: <captcha> |
| | |
| |-- HTTP (port 8000) ------>|
| | X-Forwarded-For: <ip> |
| | X-Real-IP: <ip> |
| | |
| |<-- JSON Response ---------|
|<-- HTTPS Response -----------| Status: 200/4xx/5xx |
| Body: JSON | |
Django API --> External Detectors (Parallel Fan-Out):
=====================================================
Django API
|
+--[async]--> GPTzero API ---------> Response
+--[async]--> ZeroGPT API ---------> Response
+--[async]--> Sapling API ---------> Response
+--[async]--> Copyleaks API --------> Response Aggregation
+--[async]--> Writer API ----------> Response ----> Engine ---> Client
+--[async]--> Turnitin API --------> Response
+--[async]--> Originality API -----> Response
+--[async]--> Crossplag API -------> Response
+--[async]--> Content at Scale API -> Response
| Source | Direction | Endpoint | Events |
|---|---|---|---|
| Stripe | Stripe --> Backend | POST /api/v1/billing/webhooks/stripe |
checkout.session.completed, invoice.paid, invoice.payment_failed, customer.subscription.updated, customer.subscription.deleted |
| Churnkey | Churnkey --> Backend | POST /api/v1/billing/webhooks/churnkey |
cancellation.accepted, offer.accepted, session.completed |
| Shopify | Shopify --> Backend | POST /api/v1/integrations/shopify/webhook |
app/uninstalled, shop/update |
Dependency Direction: A --depends on--> B
=========================================
Next.js Web App
|--depends on--> Django REST API (all business logic)
|--depends on--> Google OAuth (social login)
|--depends on--> Facebook OAuth (social login)
|--depends on--> Sentry (error reporting)
|--depends on--> PostHog (analytics)
|--depends on--> Google Analytics via GTM (traffic)
|--depends on--> Microsoft Clarity (session replay)
|--depends on--> Stripe.js (client-side payments)
|--depends on--> Churnkey.js (cancellation flow)
|--depends on--> Cloudflare Turnstile (CAPTCHA)
|--depends on--> FingerprintJS (device fingerprint)
Flutter Mobile App
|--depends on--> Django REST API (all business logic)
|--depends on--> Google OAuth (social login)
|--depends on--> Facebook OAuth (social login)
Chrome Extension
|--depends on--> Django REST API (humanization + auth)
Shopify Plugin
|--depends on--> Django REST API (humanization)
|--depends on--> Shopify App Bridge (embedding)
WordPress Plugin
|--depends on--> Django REST API (humanization)
Django REST API
|--depends on--> PostgreSQL (persistent data)
|--depends on--> Redis (caching, rate limiting)
|--depends on--> AWS S3 (object storage)
|--depends on--> AI Humanization Models (text processing)
|--depends on--> AI Detection Models (scoring)
|--depends on--> Stripe API (payment processing)
|--depends on--> Churnkey API (churn prevention)
|--depends on--> 9x External Detectors (AI detection)
|--depends on--> Sentry (error reporting)
|--depends on--> AWS CloudWatch (logging)
| Criticality | Services | Impact if Down |
|---|---|---|
| P0 - Critical | Django REST API, PostgreSQL, Redis | Complete platform outage |
| P1 - High | AI Humanization Models, Stripe API | Core feature unavailable or payments blocked |
| P2 - Medium | External AI Detectors, AWS S3 | Degraded detection scoring, missing assets |
| P3 - Low | PostHog, Clarity, Google Analytics | No user-facing impact, analytics gap |
The system is designed to degrade gracefully when non-critical dependencies fail:
Individual Detector Failure: If one of the 9 external detectors times out or returns an error, the aggregated score is computed from the remaining detectors. The failed detector is noted in the response.
Analytics Service Failure: PostHog, Clarity, and GA failures are silently caught and do not affect user experience.
Churnkey Failure: If the cancellation flow SDK fails to load, users fall back to the standard Stripe cancellation flow.
Redis Failure: The backend falls back to database queries for cache misses. Rate limiting may become less precise during Redis outages.
| Port | Service | Environment | Notes |
|---|---|---|---|
| 443 | ALB / Nginx (HTTPS) | Production | TLS termination |
| 3000 | Next.js (HTTP) | Development / Internal | Behind ALB in production |
| 8000 | Django (HTTP) | Development / Internal | Behind ALB in production |
| 5432 | PostgreSQL | Internal only | AWS RDS, not publicly accessible |
| 6379 | Redis | Internal only | AWS ElastiCache, not publicly accessible |
| Date | Author | Change |
|---|---|---|
| 2026-01-30 | Admin | Initial creation |
Prev: System Overview (C4 Level 1 - System Context) | Next: Security Architecture | Up: General