Operations Guide

This guide covers operational workflows for platform administrators, integrators, and the customer success (CS) team: raising change requests for new document repositories, onboarding departments, and using the API gateway.

Overview

Kwik Vault onboarding spans technical integration, organizational setup, and governance. Follow the workflows below before connecting a new source system or department to the vault.

Change Request for Document Repositories

Any new document repository (new source_tag, document category, or integrator connection) requires a formal Change Request (CR) before production access:

CR checklist

1. Business justification: Department, document types, expected volume, and retention class.
2. Integrator identity: Proposed source_tag (e.g. vkyc, doc_service, branch_scan, or custom).
3. Metadata schema: Required fields, customer references, and searchable attributes.
4. Approval workflow: Whether API ingest requires department approver sign-off.
5. Backup and ILM class: Hot/warm/cold tier assignment per Storage and Lifecycle.
6. Security review: TLS endpoints, service user scope, and network allowlist.
7. Test plan: UAT ingest, search, download, and approval validation.

Submit the CR to the platform administrator. After approval, the admin provisions the service user on API Keys, updates Configuration, and enables the integrator in production.

First-Time Department Onboarding

Follow these steps when a department connects to Kwik Vault for the first time:

Step 1: Provision department scope

1. Confirm the department exists in tenant configuration (Compliance, Retail Banking, Corporate Banking, Treasury, Operations, or custom).
2. Map identity provider claims to the department in the identity service.
3. Set branch scope if the department operates across regions.

Step 2: Configure metadata and ingest rules

1. Open Configuration as super admin.
2. Review Metadata schema fields for the department's document types.
3. Set Approval toggle for API ingest if human review is required.
4. Configure Ingest file type limits and customer reference requirements.
5. Save changes and verify on the Upload form.

Step 3: Onboard portal users

1. Open Users and provision department staff.
2. Assign Approver role to designated reviewers.
3. Confirm users sign in via Login with correct department scope.

Step 4: Create integrator credentials

1. Open API Keys and create a service user for the department's source systems.
2. Mint an access token and share securely with the integrator team.
3. Provide the ingest cURL template from the Upload page.

Step 5: Validate end to end

1. Push a test document via API or web upload.
2. Confirm it appears in Documents with correct metadata.
3. Complete approval workflow in Approvals if enabled.
4. Verify search by customer reference returns the document.
5. Check Audit for ingest and access entries.

API Gateway Interface

Integrators connect through the Core Platform API gateway, a single HTTPS entry point for all vault operations:

The gateway handles TLS termination, rate limiting, authentication, and request routing to backend services. OpenAPI documentation is available at https://<vault-host>/docs.

Bank network teams typically place an institutional reverse proxy or API gateway in front of the Vault host for additional IP allowlisting and WAF rules.

Integration Performance

Kwik Vault is designed for low-latency API integration:

Horizontal scaling of API replicas supports peak-hour load. Use the Deployment infra calculator to model QPS per department.

Scalability for Document Pull

Pull operations scale independently:

• API replicas: Scale horizontally based on download QPS.
• Object storage: Unlimited blob capacity with per-department prefixes.
• CDN edge caching: Optional for frequently accessed approved documents.
• Concurrent downloads: No per-document lock; multiple integrators can pull the same approved version.

For high-volume batch pulls, use paginated /api/v1/search/documents to list IDs, then parallelize download requests with rate-limit awareness.

Product Note for Customer Success Team

Quick reference for CS when supporting bank clients:

What Kwik Vault does

• Central document repository for banking departments
• API push from VKYC, Document Service, branch scans, and custom systems
• API pull (download) and metadata search by CIF, PAN, account number
• Version control with approval workflows
• Audit trail for every access

Common client questions

Escalation paths

• Integration issues: Check API Keys token expiry, ingest metadata validation, and /health endpoint.
• Approval stuck: Verify approver department assignment in Users module.
• Storage alerts: Review Deployment storage metrics; contact platform admin for ILM or capacity adjustment.
• DR/backup questions: Refer to Backup and Disaster Recovery.

Benefits

• Governed onboarding: CR process prevents uncontrolled repository sprawl.
• Repeatable setup: Department onboarding checklist ensures consistent go-live.
• CS enablement: Product note equips support teams to answer common client questions.

Next Steps

• Integration APIs: full REST endpoint reference
• Users: portal user provisioning
• Configuration: tenant schema and ingest rules
• Introduction: back to Kwik Vault overview