Skip to content

External Services & Integrations

This document is the authoritative register of every external service UCCA depends on. For each service: what it is, why we use it, how we authenticate, what it connects to, and what breaks if it goes down.

Credential Values

This document references token names and environment variable keys only. Actual secrets are never stored in documentation. See the credential location column for where each value lives.

Primary Platform

Cloudflare

Field Value
What Edge compute, DNS, storage, security
Why Primary infrastructure platform — Workers, D1, R2, KV, Pages, Access, DNS
Account admin@ucca.online
Services used Workers, D1, R2, KV, Pages, Access, DNS, SSL/TLS, WAF
Zones managed ucca.online, rtopacks.com.au, ucca.asia, ucca.college, ucca.com.au, ucca.live, rignold.com

Credentials:

Token name Purpose Scope Location
ucca-terraform Terraform IaC operations Zone:Read, DNS:Edit, Workers:Edit, D1:Edit, R2:Edit, Pages:Edit, KV:Edit infra/ucca-infra/terraform.tfvars
CF_API_TOKEN Wrangler deploys + worker runtime Worker-level access Set as secret on ops-v2 and traffic-snapshot workers

Blast radius: Total. Cloudflare is the platform. If the account is locked, every surface goes dark — marketing, ops, docs, knowledge, rtopacks. DNS resolution stops. Workers stop executing. Databases become inaccessible.

Identity & Communication

Google Workspace

Field Value
What Email, calendar, identity provider
Why Business email (@ucca.online), authentication backbone for other services
Account admin@ucca.online (primary), comms@ucca.online (transactional)
Services used Gmail, Google Admin, SMTP relay

Credentials:

Token name Purpose Location
GMAIL_USER SMTP sender for contact forms Worker secrets on ucca-site and rtopacks-site
GMAIL_PASS App password for SMTP Worker secrets on ucca-site and rtopacks-site
GMAIL_CLIENT_ID OAuth2 for voicemail email delivery Stored in Twilio Functions environment
GMAIL_CLIENT_SECRET OAuth2 for voicemail email delivery Stored in Twilio Functions environment
GMAIL_REFRESH_TOKEN OAuth2 refresh token Stored in Twilio Functions environment

DNS integration: MX records (all zones), SPF (include:_spf.google.com), DKIM, DMARC.

Blast radius: High. Google Workspace is the authentication backbone. If this account is locked:

  • All @ucca.online email stops
  • Slack authentication breaks (Google SSO)
  • incident.io access breaks (via Slack)
  • Contact form submissions stop (SMTP)
  • Voicemail email delivery stops (OAuth2)

Slack

Field Value
What Team communication, incident management hub
Why Internal comms, incident.io integration point
Account admin@ucca.online via Google Workspace SSO
Workspace UCCA workspace

Depends on: Google Workspace (authentication).

Blast radius: Medium. Slack outage blocks incident.io incident creation/updates and team communication. Does not affect production surfaces.

incident.io

Field Value
What Status page and incident management
Why Public status page at status.ucca.online, incident tracking
Account Connected via Slack workspace
Surfaces status.ucca.online (CNAME → statuspage.incident.io, DNS-only)

API endpoints:

Endpoint Auth Purpose
https://statuspage.incident.io/ucca/api/v1/summary None (public) Status page summary for dashboards
https://api.incident.io/v2/status_pages Bearer token List status pages
https://api.incident.io/v2/status_page_structures/{id} Bearer token Get component IDs
https://api.incident.io/v2/status_page_incidents Bearer token Create status page incident
https://api.incident.io/v2/status_page_incident_updates Bearer token Post incident update

Credentials:

Token name Purpose Scope Location
INCIDENT_IO_API_KEY Incident declaration from ops console Create status page incidents, maintenance windows and publish updates Set as secret on ops-v2 worker

Consumed by:

  • Marketing site footer (ucca.online/api/status proxy) — public API
  • Ops Health page (ops.ucca.online/api/ops/incident-status proxy) — public API
  • Ops Declare Incident (ops.ucca.online/api/ops/incident-io) — authenticated API

Depends on: Slack (account access and incident workflows).

Blast radius: Low for production. Status page becomes unavailable, marketing footer status dot disappears gracefully, ops Health page shows "Loading..." for that section. No production services affected. Incident declaration from ops console degrades gracefully (shows "Not Connected" if API key missing).

Source Control & CI

GitHub

Field Value
What Source control, repository hosting
Why All UCCA source code, infrastructure as code, documentation
Account uccaonlinepersonal account (not an organisation)
2FA Enabled (account-level)
Auth method HTTPS via gh CLI OAuth token (gho_ prefix), macOS Keychain

Personal Account Limitation

uccaonline is a personal GitHub account, not an organisation. Org-level controls (member 2FA enforcement, default repo permissions, team structure, audit log) are not available. Migrate to a proper GitHub organisation before adding any collaborators.

Repositories:

Repo Contents
ucca-engine Production pipeline core (Python)
ucca-surfaces All web surfaces + worlds (TypeScript/Next.js)
ucca-docs MkDocs documentation (docs-site + knowledge-site)
ucca-infra Terraform declarations for Cloudflare infrastructure

Credentials:

Token Type Scope Storage
gh CLI OAuth token OAuth (gho_ prefix) gist, read:org, repo, workflow macOS Keychain (set by gh auth login, read by git via osxkeychain credential helper)

The same token serves both gh CLI operations and git push/pull over HTTPS. No expiry — persists until revoked or gh auth logout.

Unused PAT deleted

A fine-grained PAT (ucca-engine-push, expiry Mar 26 2026) was created but never used — git was authenticating via the gh OAuth token all along. Deleted 2026-03-05.

Blast radius: Development stops. No code can be pushed or pulled. Terraform state (remote) could become inaccessible depending on backend config. Production surfaces are unaffected — they run on Cloudflare independently of GitHub.

Webhooks: None. Legacy Builder.io webhook on ucca-site removed 2026-03-05 (undocumented demo-phase integration).

AI / LLM Providers

Anthropic (Claude)

Field Value
What Large language model API
Why Content generation, course design, multi-AI collaboration in the engine
Status Active in engine; future production LLM layer

Credentials:

Token name Purpose Location
ANTHROPIC_API_KEY Claude API access engine/ucca-engine/generator/.env

Blast radius: Engine content generation stops. No impact on production surfaces or ops console. The AI Status dashboard on ops.ucca.online will show the outage via Statuspage API fetch.

OpenAI

Field Value
What Large language model API
Why Cross-LLM validation, future multi-provider architecture
Status Referenced in architecture; not yet active in production

Credentials: None currently configured in the codebase.

Blast radius: None currently. Future cross-validation capability would degrade.

Voice & Phone

Twilio

Field Value
What Voice IVR, voicemail, call handling
Why Inbound call handling for UCCA Inc (US entity)
Account SID ACa958efb6dca686283cb58976742341a2
Account name UCCA Inc
Account type Full (no subaccounts)
Account created 2020-01-27
Status Active
Balance ~$10.59 USD (prepaid)
Monthly cost ~$0.23 (10 inbound calls, recordings, Polly TTS)

Account lineage: Originally created in 2017 as an Asterisk/OpenPBX alternative for the Australian RTO operation. Repurposed for UCCA Inc in January 2026. Account renamed from "IVR" to "UCCA Inc" on 2026-03-05.

Phone numbers:

Number SID Type Capabilities Status
+1 302 300 3336 PN48e3ae94fef42aea96f545e5b67b2dc5 Local (Delaware) Voice, SMS, MMS In use

Voice callbacks route to Studio Flow FWb0d7b96f19745675a2a3efd94f42cf4e. SMS webhook set to https://voice-ivr-1974-uvpwcu.twil.io/forward-sms — forwards inbound SMS (with sender info) to +61422334489. Configured 2026-03-05 for Meta business verification.

Outgoing caller IDs: None. Legacy personal number (+1 646 809 3511) removed 2026-03-05.

Studio flows:

Flow SID Status Revision
UCCA – Inbound Calls FWb0d7b96f19745675a2a3efd94f42cf4e Published 311

The flow implements a time-of-day IVR (14 states): greeting varies by morning/afternoon/evening (New York timezone), caller ID check for Tim (personalised bilingual greeting in English + Mandarin), connects call to +61422334489 with 20s timeout, falls through to voicemail recording (120s max, trim silence), then HTTP POST to Functions service /send-voicemail-email to email the recording.

Serverless (Functions):

Item Value
Service name voice-ivr
Service SID ZS10114a109b41e3a7b2719addf2f45ed8
Domain voice-ivr-1974-uvpwcu.twil.io
Environment SID ZE0865ca8810bce634e645fd4ee1c5e939
Build SID ZBedcd99e7f033b918e7755b582dbdd1bd
Created 2023-08-04
UI editable Yes

Functions in service:

Function Path SID Notes
send-voicemail-email /send-voicemail-email ZHb9b9aa4b4044f129c664fe38545c6b1c Active — called by Studio flow. Gmail OAuth2.
forward-sms /forward-sms ZHa938fdf7c8b10e470d92bcd73b7ef4c3 Active — forwards inbound SMS to +61422334489. Added 2026-03-05.
voice-ivr.js /voice-ivr ZH41d636d4221c7f9bcf445b007629b14f Legacy IVR handler (superseded by Studio flow)
handle-user-input.js /handle-user-input ZHeeb0223b118bbf38a76b4a2240e810be Legacy input handler (superseded by Studio flow)

Email delivery: The /send-voicemail-email function uses Gmail API with OAuth2 — refreshes an access token via GMAIL_CLIENT_ID/GMAIL_CLIENT_SECRET/GMAIL_REFRESH_TOKEN, then sends via gmail.googleapis.com. No SMTP. The legacy SMTP environment variables (SMTP_HOST, SMTP_USER, SMTP_PASS, SMTP_PORT) were confirmed unused by code audit and deleted on 2026-03-05.

Environment variables (variable names only — values stored in Twilio):

Variable Purpose Status
GMAIL_SENDER OAuth2 sender address (comms@ucca.online) Active
GMAIL_CLIENT_ID Google OAuth2 client ID Active
GMAIL_CLIENT_SECRET Google OAuth2 client secret Active
GMAIL_REFRESH_TOKEN Google OAuth2 refresh token Active
MAIL_TO Email recipient (admin@ucca.online) Active
MAIL_FROM Legacy duplicate of GMAIL_SENDER Legacy (unused)
TWILIO_PHONE_NUMBER Legacy number reference (+12192667508) Legacy (unused)
MY_PHONE_NUMBER Tim's number (referenced by legacy handle-user-input.js) Legacy
TWILIO_VOICE_WEBHOOK_URL Legacy webhook path Legacy (unused)

API keys:

Key name SID Created
Studio API Key SK070a987466f1f0454914937607fdc711 2026-01-13

Usage (last month):

Category Count Cost
Inbound calls 10 $0.09
Call recordings 2 $0.01
Amazon Polly (TTS) 10 $0.13
Total ~$0.23

Credentials:

Token name Purpose Location
Account SID + Auth Token Full API access Twilio CLI profile ucca (API key auth); Auth Token available in Twilio console
TWILIO_ACCOUNT_SID Account identifier Worker secret on ops-v2
TWILIO_AUTH_TOKEN Full API auth Worker secret on ops-v2
GMAIL_CLIENT_ID OAuth2 for voicemail email delivery Twilio Functions environment
GMAIL_CLIENT_SECRET OAuth2 for voicemail email delivery Twilio Functions environment
GMAIL_REFRESH_TOKEN OAuth2 refresh token Twilio Functions environment

Depends on: Google Workspace (OAuth2 for email delivery of voicemail transcriptions).

Blast radius: Low. Inbound calls fail or go unrecorded. No impact on production surfaces.

IaC status: Declared as reference locals in infra/ucca-infra/twilio.tf (not provider-managed). The official Twilio Terraform provider is pilot-status and stale. Configuration changes are made via Twilio CLI or REST API, then twilio.tf is updated to match. See Terraform assessment below.

Backup & Storage

Google Drive (Backup Destination)

Field Value
What Backup storage for D1 databases and KV namespaces
Why Independent backup outside Cloudflare — Priority 1 threat model mitigation
Account admin@ucca.online (Google Workspace for Education)
Access method rclone with OAuth2 (configured as gdrive remote on Mac Mini)
Folder UCCA Backups/

What's stored:

Backup Path Format Frequency
ops-db (D1) UCCA Backups/d1/ops-db/ .sql.gz Daily 03:00 AEST
rtopacks-db (D1) UCCA Backups/d1/rtopacks-db/ .sql.gz Daily 03:00 AEST
LEADS (KV) UCCA Backups/kv/leads/ .json.gz Daily 03:00 AEST
Manifests UCCA Backups/manifests/ .json Daily 03:00 AEST

Credentials:

Token name Purpose Location
rclone OAuth2 token Google Drive API access ~/.config/rclone/rclone.conf on Mac Mini

Retention: Manual — 90 days. rclone delete gdrive:"UCCA Backups" --min-age 90d

Depends on: Google Workspace (same admin@ucca.online account).

Blast radius: None for production. Backups stop uploading if Google Drive access is revoked. Existing backups in Drive remain accessible. Detection: cf-verify.sh will report failures when backup age exceeds 48 hours.

Migration path: AWS S3 (ucca-backups bucket in ap-southeast-2) when startup credits are approved. See Backup Strategy.

Email Marketing & Transactional

Mailchimp

Field Value
What Email marketing
Why Marketing email campaigns
DNS evidence DKIM records (k1, k2, k3._domainkeymcsv.net) on secondary domains; SPF include:servers.mcsv.net
Domains configured ucca.college, ucca.com.au

Blast radius: Marketing emails stop. No production impact.

Mailgun

Field Value
What Transactional email delivery
Why Transactional email for ucca.college
DNS evidence CNAME email.ucca.collegemailgun.org; SPF include:mailgun.org

Blast radius: Transactional email for ucca.college stops. No production impact.

Resend

Field Value
What Transactional email API
Why Programmatic email delivery for UCCA platform and world surfaces
Account admin@ucca.online

Domains:

Domain Status DNS Records Notes
ucca.online Configured TXT resend._domainkey (DKIM), MX send (SES feedback), TXT send (SPF) DNS records in Terraform (dns_ucca_online.tf)
rtopacks.com.au Configured TXT resend._domainkey (DKIM), MX send (SES feedback), TXT send (SPF) DNS records in Terraform (dns_rtopacks.tf). SES region: ap-northeast-1

Credentials:

Token name Purpose Location
RESEND_API_KEY Transactional email sending (ucca.online) Worker secret on ops-v2
RTOPACKS_RESEND_API_KEY Transactional email sending (rtopacks.com.au) Worker secret on ops-v2

DNS integration: DKIM via resend._domainkey, SPF via send subdomain (delegates to amazonses.com). Resend uses Amazon SES as the underlying transport.

Blast radius: Low. Transactional email delivery stops. No impact on production surfaces or core operations.

Messaging & Bots

Telegram

Field Value
What Bot messaging platform
Why Platform notifications and world-specific bot interactions
Bots created UCCAPlatformBot (platform-level), RTOpacksBot (RTOpacks world)

Credentials:

Token name Purpose Location
TELEGRAM_BOT_TOKEN (UCCA Platform) Platform bot API access Worker secret on ops-v2
TELEGRAM_BOT_TOKEN (RTOpacks) World bot API access Worker secret on rtopacks-site

Blast radius: None for production. Bot notifications stop. No impact on surfaces or core operations.

Meta (Facebook/WhatsApp Business)

Field Value
What Business platform for WhatsApp Business API, Facebook integrations
Why Future omnichannel communications — WhatsApp Business messaging for world surfaces
App name UCCA Platform
App ID 1268490168530537
Status Created, business verification in progress

Credentials:

Token name Purpose Location
META_APP_ID App identifier Worker secret on ops-v2
META_APP_SECRET App authentication Worker secret on ops-v2

Blast radius: None currently. Future WhatsApp Business messaging would stop if credentials are revoked.

External Data Sources

training.gov.au (TGA)

Field Value
What Australian Government training data API
Why RTO enrichment — organisational data, scope, registration history
API base https://training.gov.au/api/organisation (v1.0)
Auth Public API, no credentials required
Rate limiting Self-imposed: 10 enrichments per minute on auto-enrich

Credentials:

Token name Purpose Location
ENRICH_SECRET Server-side auth for enrichment backchannel Worker secret on ops-v2

Consumed by: RTOpacks search-enrich, TGA proxy, ops enrichment endpoint.

Blast radius: RTO enrichment stops. Existing database records unaffected. Search still works from cached D1 data.

ABN Lookup (Australian Business Register)

Field Value
What Australian Business Register web services API
Why RTO business registration enrichment — ABN validation, entity name, GST status, business location
API base https://abr.business.gov.au/abrxmlsearch/AbrXmlSearch.asmx
Auth GUID-based (registered web services access)
Rate limiting Fair use — no published hard limit

Credentials:

Token name Purpose Location
ABN_LOOKUP_GUID Web services authentication Worker secret on rtopacks-site. Master copy: 🔒 1Password: UCCA Shared › ABN Lookup › API GUID

Consumed by: RTOpacks RTO enrichment — business registration data to complement TGA training data.

Blast radius: ABN enrichment stops. Existing database records unaffected. TGA enrichment and search continue independently.

Removed / Deprecated Integrations

Service What it was Removed Reason
Builder.io Visual CMS — webhook on ucca-site sending PR/check events to api.builder.io 2026-03-05 Dead integration from demo build phase. Undocumented attack surface. Webhook deleted.

Legacy / Secondary Services

These services have DNS records configured but are on secondary/parked domains. They may be active or legacy.

Service Evidence Domain Notes
Freshdesk CNAME help.ucca.collegefreshdesk.com ucca.college Support ticketing
Shopify CNAME account.ucca.collegeshops.myshopify.com ucca.college Account/storefront
Porkbun Wildcard CNAMEs on ucca.asia, ucca.liveuixie.porkbun.com ucca.asia, ucca.live Domain parking
LeadWorx TXT verification lw=646bfcdf2ef78c68d4738cfe ucca.college Lead capture

Dependency Chain

The critical dependency chains — if one breaks, everything downstream breaks:

graph TD
    GW[Google Workspace<br/>admin@ucca.online] --> Email[All @ucca.online email]
    GW --> Slack[Slack<br/>Google SSO]
    GW --> SMTP[Contact form SMTP]
    GW --> Twilio[Twilio voice + SMS<br/>OAuth2 email delivery]
    Slack --> IIO[incident.io<br/>Status page + incidents]
    IIO --> StatusPage[status.ucca.online]
    StatusPage --> MarketingFooter[ucca.online footer indicator]
    StatusPage --> OpsHealth[ops.ucca.online Health page]

    CF[Cloudflare<br/>admin@ucca.online] --> DNS[All DNS resolution]
    CF --> Workers[All Workers]
    CF --> D1[All D1 databases]
    CF --> R2[R2 storage]
    CF --> Pages[Pages sites]
    CF --> Access[Cloudflare Access gates]
    Workers --> Surfaces[All production surfaces]
    D1 --> Surfaces
    Pages --> Docs[docs.ucca.online]
    Pages --> Knowledge[knowledge.ucca.online]

    GH[GitHub<br/>uccaonline account] --> Code[All source code]
    GH --> TF[Terraform state]
    Code --> Deploys[Wrangler deploys]
    Deploys --> Workers

    style GW fill:#4285f4,color:#fff
    style CF fill:#f38020,color:#fff
    style GH fill:#333,color:#fff

Single points of failure:

  1. Cloudflare account (admin@ucca.online) — everything goes dark
  2. Google Workspace (admin@ucca.online) — email, Slack auth, incident.io access, SMTP, voicemail all break
  3. GitHub OAuth token revocation — if gh auth logout is run or the token is revoked, all git push/pull and gh CLI operations stop

Twilio Terraform Assessment

The official Twilio Terraform provider (twilio/twilio on the Terraform Registry) covers the resources UCCA uses:

UCCA Resource Terraform Resource Import Support
Phone number (+1 302 300 3336) twilio_api_accounts_incoming_phone_numbers Yes (by SID)
Studio Flow (UCCA – Inbound Calls) twilio_studio_flows_v2 Yes (by SID)
Functions Service (voice-ivr) twilio_serverless_v1_services Yes (by SID)
Functions (voice-ivr.js, etc.) twilio_serverless_v1_services_functions Yes
Environment (voice-ivr) twilio_serverless_v1_services_environments Yes
Environment Variables twilio_serverless_v1_services_environments_variables Yes
API Key (Studio API Key) twilio_api_accounts_keys Yes (by SID)

Assessment:

  • Provider status: PILOT — Twilio's official provider is not under active development. Last release v0.18.46 (June 2024). It works but is not receiving new features.
  • Community alternative: RJPearson94/twilio — actively maintained (v0.27.1, November 2025), broader resource coverage, but community-supported only.
  • Recommendation: Not yet. The Twilio footprint is small (1 number, 1 flow, 1 Functions service) and stable. The pilot-status official provider adds risk without proportional benefit. Revisit if:
    • Twilio footprint grows (more numbers, flows, or services)
    • The official provider reaches GA status
    • A second voice/IVR world is onboarded and config duplication becomes a concern

For now, this document serves as the declarative record of Twilio state. The Studio Flow definition (14 states, revision 311) and Functions service configuration are fully audited above.

Version History

Version Date Change Author
1.0 2026-03-03 Initial creation — full service inventory and dependency map Claude Code
1.1 2026-03-04 Added incident.io authenticated API endpoints and INCIDENT_IO_API_KEY credential Claude Code
2.0 2026-03-05 Full Twilio API audit — account details, phone numbers, Studio flow, Functions service, env vars, API keys, usage, billing. Terraform provider assessment added. Claude Code
2.1 2026-03-05 Twilio cleanup actions — account renamed IVR→UCCA Inc, SMTP env vars deleted, personal caller ID removed, SMS webhook cleared, account lineage documented Claude Code
2.2 2026-03-05 GitHub corrected to personal account (not org), Builder.io added as removed integration, org migration recommendation Claude Code
2.3 2026-03-05 GitHub auth corrected: gh OAuth token (not fine-grained PAT). Unused PAT deleted. PAT expiry warning removed. Claude Code
2.4 2026-03-06 Added Google Drive as backup destination — D1/KV daily backups via rclone Claude Code
2.5 2026-03-03 Added ABN Lookup (Australian Business Register) — GUID stored as Worker secret on rtopacks-site Claude Code
3.0 2026-03-05 Twilio SMS webhook configured (forward-sms function). Added Resend, Telegram, Meta sections. Twilio IaC status updated (reference locals in twilio.tf). Twilio credentials added to ops-v2 wrangler secrets. Claude Code
3.1 2026-03-05 Resend rtopacks.com.au domain configured (DNS in Terraform). Added RTOPACKS_RESEND_API_KEY credential. Claude Code