Data model

Data stores

• Cloud Spanner: Organizations table (read-only).
• Secret Manager: partner credentials and service secrets.
• In-memory cache: token cache with TTL per provider.

Spanner schema

PartnerCreds reads the following organization fields:

• organization_id, name, identifier
• pims, auth_type, scrape, migrated_from_scrape
• instance_id, ezvet_base_url

Spanner schema changes are managed via Liquibase under db/liquibase/.

Secrets

Secrets follow predictable names. Examples:

• {IDENTIFIER}_EZYVET_EMAIL, {IDENTIFIER}_EZYVET_PASSWORD
• {IDENTIFIER}_PARTNER_ID, {IDENTIFIER}_CLIENT_ID, {IDENTIFIER}_CLIENT_SECRET
• {IDENTIFIER}_SCOPE
• {IDENTIFIER}_BITWERX_PRACTICE_ID
• NEST_BITWERX_CLIENT_ID, NEST_BITWERX_OD_CLIENT_ID
• NEST_BITWERX_USER, NEST_BITWERX_PASS
• {IDENTIFIER}_API_KEY (HAP)

Retention and lifecycle

• Tokens are cached in memory only.
• TTLs: ezyVet ~12 hours, Bitwerx ~1 hour; HAP API keys do not expire.