INDTIX Architecture Blueprint

01 · Executive Vision

Platform Vision & Mission

INDTIX is Oye Imagine Private Limited's flagship B2C2B event commerce platform — purpose-built to dominate India's ₹12,000 Cr live events industry by 2027. We serve six distinct stakeholders through purpose-built portals, powered by AI, secured at enterprise grade, and built for the youth of India.

🎯 Mission

Democratise live event access for 500M+ Indians by eliminating friction from discovery to on-ground redemption, while giving every organiser and venue a world-class management platform.

🏆 Positioning

Original, youth-forward, and trust-first. Not a clone of District or BookMyShow — INDTIX sets new standards with AI recommendations, deep seat mapping, NFC wristbands, and GST-accurate commerce.

💼 Legal Entity

Oye Imagine Private Limited (Operator)
GSTIN: 27AABCO1234A1Z5
RBI Payment Aggregator licence (applied)
PCI-DSS Level 1 compliance target
IT Act 2000 + DPDP Act 2023 compliant

📊 Revenue Model

Platform commission: 8–12% of ticket GMV
Convenience fee: ₹20–₹50 per order
Promoted listings: ₹5,000–₹50,000/event
F&B/Merch commission: 5–15%
Wristband/NFC hardware margin
White-label SaaS licensing

02 · Information Architecture

Six Portals & Roles

Portal	Primary Users	Core Functions	Auth Level	Status
Fan / Customer	General public, event-goers	Discovery, booking, seat selection, add-ons, tickets, profile	Email / OTP / Social	Live
Organiser	Event promoters, agencies	Event creation (with approval), ticket builder, seat map, analytics, settlements	KYC-verified only	Live
Venue Manager	Venue owners, managers	Venue listing, floor plan, availability, booking management, docs	KYC-verified only	Live
Event Manager	On-day ops team, producers	Run sheet, tasks, live check-in, wristband control, incidents, POS	Invited by organiser	Live
Super Admin / ERP	Oye Imagine team	All approvals, finance, CMS, BI, user management, security, config	Root / MFA required	Live
On-Ground Ops / POS	Gate staff, F&B cashiers	QR scanner, NFC scan, POS sales, LED band control, live stats	Event-scoped token	Live

03 · Tech Stack

Recommended Technology Stack

🎨 Frontend

Web: Next.js 14 (App Router) + TypeScript
Mobile: React Native (Expo) for iOS/Android
Styling: TailwindCSS + shadcn/ui
State: Zustand + React Query
Animations: Framer Motion

⚙️ Backend

API: Node.js + Hono (edge) / NestJS (core)
Architecture: Modular monolith → microservices
Auth: JWT + Refresh tokens + OTP
Realtime: Socket.io / Cloudflare Durable Objects
Jobs: BullMQ + Redis

🗄️ Database

Primary: PostgreSQL (Supabase/Neon)
Cache: Redis (Upstash)
Search: Algolia / Typesense
File Storage: Cloudflare R2 / AWS S3
Edge DB: Cloudflare D1 (SQLite)

💳 Payments

Primary: Razorpay (UPI, Card, Wallet, EMI)
International: Stripe
Refunds: Automated via Razorpay API
Payouts: Razorpay Route (T+7)
GST: Custom engine + GSTN API

📬 Notifications

WhatsApp: Meta Business API (360dialog)
Email: AWS SES / Resend
SMS: Twilio / Fast2SMS
Push: Firebase FCM
In-App: Custom notification centre

🚀 Infrastructure

Hosting: Cloudflare Pages + Workers
CDN: Cloudflare (global PoP)
Containers: Docker + Kubernetes (GKE)
CI/CD: GitHub Actions + Wrangler
Monitoring: Sentry + Datadog + Grafana

🤖 AI / ML

Recommendations: OpenAI Embeddings + custom CF
Fraud Detection: Custom ML (Vertex AI)
Dynamic Pricing: Prophet + custom model
Chatbot: OpenAI GPT-4o API + fine-tuning
Analytics: BigQuery + Looker Studio

🔐 Security

WAF: Cloudflare WAF + Bot Protection
Auth: Aadhaar OTP (age verify) + MFA
Encryption: AES-256 at rest, TLS 1.3 transit
Secrets: HashiCorp Vault
Audit: Immutable audit log (WORM storage)

📊 Analytics

Product: Mixpanel + Hotjar
Business: BigQuery + Looker
Error: Sentry + LogRocket
Performance: Datadog APM
A/B Testing: LaunchDarkly

04 · System Architecture

System Architecture Overview

🌍 CDN & EDGE LAYER (Cloudflare Global Network — 300+ PoPs)

DDoS Protection · WAF Rules · Bot Management · Image Optimisation · Rate Limiting

↕

⚡ EDGE FUNCTIONS (Cloudflare Workers — 0ms cold start)

Fan Portal (Next.js SSR) · API Gateway (Hono) · Auth Middleware · A/B Testing · Geo-routing

↕

🔧 CORE API SERVICES (Node.js / NestJS Microservices)

Event Service · Booking Service · Payment Service · User/Auth Service · Notification Service · Search Service · Analytics Service · Admin/ERP Service

↕

🗄️ DATA LAYER

PostgreSQL (Primary DB) · Redis (Cache + Sessions) · Algolia (Search) · Cloudflare R2 (Media) · BigQuery (Analytics) · BullMQ (Job Queue)

↕

🏗️ EXTERNAL INTEGRATIONS

Razorpay (Payments) · Meta WhatsApp Business API · AWS SES (Email) · GSTN API (GST) · Aadhaar OTP (KYC) · OpenAI GPT-4o (AI)

05 · Database Schema

Core Database Schema

-- USERS TABLE
CREATE TABLE users (
  id            UUID PRIMARY KEY DEFAULT gen_random_uuid(),
  email         TEXT UNIQUE NOT NULL,
  phone         TEXT UNIQUE,
  full_name     TEXT NOT NULL,
  avatar_url    TEXT,
  role          TEXT DEFAULT 'fan', -- fan | organiser | venue | event_manager | admin | ops
  kyc_status    TEXT DEFAULT 'pending', -- pending | submitted | verified | rejected
  gst_number    TEXT,
  pan_number    TEXT,
  created_at    TIMESTAMPTZ DEFAULT NOW(),
  last_login    TIMESTAMPTZ,
  is_active     BOOLEAN DEFAULT TRUE,
  mfa_enabled   BOOLEAN DEFAULT FALSE
);

-- EVENTS TABLE
CREATE TABLE events (
  id            UUID PRIMARY KEY DEFAULT gen_random_uuid(),
  organiser_id  UUID REFERENCES users(id),
  venue_id      UUID REFERENCES venues(id),
  title         TEXT NOT NULL,
  slug          TEXT UNIQUE NOT NULL,
  description   TEXT,
  category      TEXT NOT NULL, -- music | comedy | sports | theatre | conference | etc.
  subcategory   TEXT,
  event_date    TIMESTAMPTZ NOT NULL,
  end_date      TIMESTAMPTZ,
  city          TEXT NOT NULL,
  status        TEXT DEFAULT 'draft', -- draft | pending_approval | approved | live | cancelled | completed
  max_capacity  INTEGER DEFAULT 1000,
  ticket_cap_per_user INTEGER DEFAULT 10, -- default 10, overrideable
  age_restriction TEXT DEFAULT 'all_ages',
  banner_url    TEXT,
  gst_applicable BOOLEAN DEFAULT TRUE,
  is_featured   BOOLEAN DEFAULT FALSE,
  created_at    TIMESTAMPTZ DEFAULT NOW(),
  approved_at   TIMESTAMPTZ,
  approved_by   UUID REFERENCES users(id)
);

-- TICKET TYPES TABLE
CREATE TABLE ticket_types (
  id            UUID PRIMARY KEY DEFAULT gen_random_uuid(),
  event_id      UUID REFERENCES events(id),
  name          TEXT NOT NULL, -- GA | Premium | VIP | etc.
  description   TEXT,
  price         DECIMAL(10,2) NOT NULL,
  quantity      INTEGER NOT NULL,
  sold_count    INTEGER DEFAULT 0,
  sort_order    INTEGER DEFAULT 0,
  sale_start    TIMESTAMPTZ,
  sale_end      TIMESTAMPTZ,
  min_qty       INTEGER DEFAULT 1,
  max_qty       INTEGER DEFAULT 10
);

-- BOOKINGS TABLE
CREATE TABLE bookings (
  id            UUID PRIMARY KEY DEFAULT gen_random_uuid(),
  booking_ref   TEXT UNIQUE NOT NULL, -- BK + timestamp
  user_id       UUID REFERENCES users(id),
  event_id      UUID REFERENCES events(id),
  status        TEXT DEFAULT 'pending', -- pending | confirmed | cancelled | refunded
  subtotal      DECIMAL(10,2),
  convenience_fee DECIMAL(10,2) DEFAULT 20,
  gst_amount    DECIMAL(10,2),
  total_amount  DECIMAL(10,2),
  payment_method TEXT, -- upi | card | netbanking | wallet | emi
  payment_gateway_id TEXT,
  payment_status TEXT DEFAULT 'pending', -- pending | paid | failed | refunded
  qr_code_data  TEXT,
  nfc_uid       TEXT,
  checkin_time  TIMESTAMPTZ,
  checkin_gate  TEXT,
  created_at    TIMESTAMPTZ DEFAULT NOW(),
  gst_invoice_no TEXT
);

-- VENUES TABLE  
CREATE TABLE venues (
  id            UUID PRIMARY KEY DEFAULT gen_random_uuid(),
  owner_id      UUID REFERENCES users(id),
  name          TEXT NOT NULL,
  venue_type    TEXT, -- indoor | outdoor | theatre | stadium
  city          TEXT NOT NULL,
  address       TEXT NOT NULL,
  lat           DECIMAL(10,8),
  lng           DECIMAL(11,8),
  capacity      INTEGER,
  parking       INTEGER,
  status        TEXT DEFAULT 'pending_approval',
  gstin         TEXT,
  fire_noc_expiry DATE,
  liquor_license BOOLEAN DEFAULT FALSE,
  created_at    TIMESTAMPTZ DEFAULT NOW()
);

06 · API Design

RESTful API Reference

All APIs use https://api.indtix.com/v1 as base URL. Authentication via Bearer JWT token.

${[ ['GET','/events','Public','List events with filters (city, category, date, price range)'], ['GET','/events/:slug','Public','Get single event details with ticket types and seat map'], ['POST','/events','Organiser','Create new event (triggers approval workflow)'], ['PUT','/events/:id','Organiser','Update event details'], ['DELETE','/events/:id','Organiser/Admin','Cancel/delete event'], ['POST','/bookings','Fan (Auth)','Create new booking with ticket selection'], ['GET','/bookings/my','Fan (Auth)','List user bookings'], ['POST','/bookings/:id/cancel','Fan/Admin','Cancel booking and initiate refund'], ['POST','/payments/initiate','Fan (Auth)','Initiate payment via Razorpay'], ['POST','/payments/verify','System','Verify payment webhook from Razorpay'], ['POST','/auth/register','Public','Register new user account'], ['POST','/auth/login','Public','Login with email/password'], ['POST','/auth/otp/send','Public','Send OTP to mobile/email'], ['POST','/auth/otp/verify','Public','Verify OTP and get JWT token'], ['GET','/admin/approvals/events','Super Admin','List events pending approval'], ['POST','/admin/approvals/events/:id/approve','Super Admin','Approve event listing'], ['POST','/admin/approvals/events/:id/reject','Super Admin','Reject event with reason'], ['GET','/analytics/platform','Admin','Platform-wide analytics (GMV, tickets, users)'], ['POST','/scanner/verify/:qrData','Ops (Auth)','Verify and check-in attendee via QR/NFC'], ['POST','/scanner/pos/order','Ops (Auth)','Create POS order at event'], ['GET','/gst/invoice/:bookingId','Fan/Admin','Get GST invoice for booking'], ].map(([m,p,a,d])=>``).join('')}

Method	Endpoint	Auth	Description
${m}	`${p}`	${a}	${d}

07 · Security & Compliance

Security Architecture

🛡️ Platform Security

Cloudflare WAF (SQLi, XSS, CSRF protection)
DDoS protection at all layers
Rate limiting: 100 req/min (public), 1000 (auth)
Bot detection with ML-based scoring
API key rotation every 90 days
Zero-trust network architecture

🔐 Data Security

AES-256 encryption at rest (all PII data)
TLS 1.3 for all data in transit
PII tokenisation for stored card data
DPDP Act 2023 compliant data handling
Right to erasure API for user data deletion
Immutable audit logs (WORM storage, 7-year retention)

💳 Payment Security

PCI-DSS Level 1 target (via Razorpay)
No card data stored on INDTIX servers
Payment tokenisation via Razorpay vault
3D Secure authentication for all card payments
Real-time fraud scoring via ML model
Automatic chargeback detection

⚖️ Legal & Compliance

IT Act 2000 + IT (Amendment) Act 2008
DPDP Act 2023 (Data Protection)
Consumer Protection Act 2019
RBI PA licence requirements
GST registration and GSTR-1/3B filing
Aadhaar Act compliance for KYC

08 · Launch Roadmap

Phased Launch Plan

${[ ['MVP (Months 1–4)','phase-mvp','Fan portal, basic event listing, booking & payment, QR check-in, organiser portal (manual approval), super admin dashboard, WhatsApp/email notifications, GST invoicing. Target: 3 cities, 100 events, 10K bookings.'], ['Phase 2 (Months 5–9)','phase-p2','Seat map engine, add-ons (F&B/merch), venue portal, event manager portal, POS/scanner app, LED wristband integration, AI recommendations, dynamic pricing beta, loyalty programme. Target: 15 cities, 1,000 events.'], ['Enterprise (Months 10+)','phase-ent','Full AI/ML suite, white-label product, international expansion (Dubai, SEA), NFT-based tickets, virtual events, aggregator partnerships, Series A fundraise. Target: ₹100Cr GMV annual run rate.'], ].map(([phase,cls,desc])=>`

${phase.split(' ')[0]}
${phase.split('(')[1]?.replace(')','')}

${phase.split(' (')[0]}

${desc}

`).join('')}

09 · Risk Register

Risk Register

${[ ['HIGH','Ticket scalping / bot attacks','ML-based bot detection, purchase limits, CAPTCHA, device fingerprinting, AI fraud scoring'], ['HIGH','Payment fraud / chargebacks','Real-time fraud scoring, 3DS, velocity checks, manual review for high-value orders'], ['HIGH','Data breach / PII exposure','AES-256 encryption, zero-trust architecture, regular pentests, bug bounty programme'], ['MED','Organiser defaults / refund liability','Escrow-like settlement (T+7), terms of service, refund reserves, insurance product'], ['MED','Scale under event launch surge','Auto-scaling on GKE, Redis queue buffering, CDN caching, load testing to 10x peak'], ['MED','GST non-compliance','Automated GSTR-1 generation, tax counsel review quarterly, GSTN API integration'], ['LOW','Third-party API downtime','Multi-gateway payment fallback, WhatsApp → SMS fallback, circuit breakers'], ['LOW','Competitor price undercutting','Value differentiation (AI, wristbands, seat maps), loyalty programme, B2B relationships'], ].map(([level,risk,mitigation])=>`

${level}

${risk}

${mitigation}

`).join('')}

10 · Brand System

INDTIX Brand Identity

🎨 Colour Palette

${[['#6C3CF7','Brand Purple'],['#FF3CAC','Neon Pink'],['#00F5C4','Electric Teal'],['#080B14','Abyss Dark'],['#1A2035','Deep Card'],['#E8EAFF','Starlight']].map(([c,n])=>`

${n}

${c}

`).join('')}

✍️ Tone of Voice

Bold & Direct: "Your ticket, your moment. Book now."
Youth-coded: Gen-Z friendly, emoji-aware, never cringe
Inclusive: "Every vibe, every city, every you"
Trustworthy: Transparent fees, no jargon, GST included
Urgent: "Only 8 tickets left at this price"

📝 Microcopy Examples

Empty state: "Nothing here yet. Explore events near you! 🎵"
Loading: "Finding the best vibes near you..."
Success: "You're in! 🎉 Check WhatsApp for your ticket."
Error: "Oops! Something glitched. Tap to retry."
Waitlist: "You're #142 on the waitlist. We'll ping you!"

⚠️ Legal Disclaimers

All tickets are non-transferable unless stated otherwise
INDTIX acts as marketplace; event liability rests with organiser
Prices inclusive of applicable GST (18% on platform fee)
Refund policy applies as per event terms; no-show = no refund default
By booking, you agree to DPDP Act data processing consent

Fan Portal Organiser Portal Venue Portal Event Manager Super Admin Ops / POS