System Overview
The MRI Qube integration connects Manage.Management with MRI’s property management software through the Vaultre API, enabling bi-directional data synchronization with enterprise-grade security.High-Level Architecture
Authentication Flow
OAuth 2.0 Client Credentials Grant
Security Highlights
Credential Encryption
Client secrets encrypted with AES-256-GCM in Supabase Vault
Token Management
Short-lived tokens (1 hour) with automatic refresh
TLS 1.3
All communications encrypted in transit
Audit Logging
Every credential access logged with IP and timestamp
Data Synchronization Flow
Sync Process
Entity Sync Order
Data is synchronized in a specific order to maintain referential integrity:Properties must sync first as they’re the foundation for all other entities. Documents sync last as they depend on all other data.
Data Flow Diagram
Complete Data Journey
Security Architecture
Defense in Depth
Credential Storage Architecture
Key Points:- ✅ Client Secret never stored in plain text
- ✅ Encryption happens before database storage
- ✅ Every access is logged with user ID and IP
- ✅ Only building directors can access credentials
- ✅ Vault uses automatic key rotation
Rate Limiting & Performance
Request Queue Management
Rate Limits
| Limit Type | Threshold | Action |
|---|---|---|
| Per Minute | 60 requests | Queue additional requests |
| Per Hour | 1,000 requests | Queue and delay |
| Burst | 10 concurrent | Throttle new requests |
| Timeout | 30 seconds | Fail and retry |
Database Schema
MRI Integration Tables
Row Level Security (RLS)
All MRI tables have RLS policies enforcing:- Building Scoping - Users only see data for their buildings
- Role-Based Access - Directors have full access, homeowners read-only
- Credential Protection - Only directors can access credentials
- Audit Immutability - Audit logs are append-only
Error Handling & Resilience
Retry Strategy
Error Categories
| Error Type | HTTP Code | Action | Retry |
|---|---|---|---|
| Network Timeout | - | Immediate retry | Yes (3x) |
| Rate Limited | 429 | Queue & wait | Yes (auto) |
| Unauthorized | 401 | Re-authenticate | Yes (1x) |
| Forbidden | 403 | Log & alert | No |
| Not Found | 404 | Skip record | No |
| Server Error | 500-599 | Exponential backoff | Yes (3x) |
| Bad Request | 400 | Log & skip | No |