# Overview

Source: https://docs.settlemint.com/docs/architecture/components/platform
The platform layer is where operators and integrators enter DALP. The Asset
Console, Unified API, and System Factory turn user intent into authenticated,
authorized, and audited backend operations.




The platform layer is the entry point for asset lifecycle work in DALP. Human users work in the Asset Console, external systems call the Unified API, and administrators create organization systems through the System Factory. All three surfaces route into shared backend controls instead of separate product paths.

## What the platform layer does [#what-the-platform-layer-does]

The platform layer turns operator, integrator, and administrator intent into validated platform requests. Console actions and API calls pass identity, permission, tenant scoping, and audit controls before asset lifecycle work reaches infrastructure services or smart contracts. System creation uses the same controlled backend and durable execution infrastructure, then calls the System Factory to create the organization system used later for asset isolation.

<Mermaid
  chart="`flowchart TD
  USER[&#x22;Operator or integrator&#x22;] --> CONSOLE[&#x22;Asset Console&#x22;]
  USER --> API[&#x22;Unified API&#x22;]
  ADMIN[&#x22;Platform administrator&#x22;] --> API

  CONSOLE --> BACKEND[&#x22;Shared backend services&#x22;]
  API --> BACKEND

  BACKEND --> CONTROLS[&#x22;Authentication, authorization, wallet verification, audit logging&#x22;]
  CONTROLS --> EXECUTION[&#x22;Durable execution and infrastructure services&#x22;]
  EXECUTION --> CONTRACTS[&#x22;SMART Protocol contracts&#x22;]

  EXECUTION --> SETUP[&#x22;System deployment workflow&#x22;]
  SETUP --> FACTORY[&#x22;System Factory&#x22;]
  FACTORY --> SYSTEM[&#x22;Organization system context&#x22;]
  SYSTEM -.->|scopes later reads and assets| BACKEND

  style USER fill:#5fc9bf,stroke:#3a9d96,stroke-width:2px,color:#fff
  style ADMIN fill:#5fc9bf,stroke:#3a9d96,stroke-width:2px,color:#fff
  style CONSOLE fill:#6ba4d4,stroke:#4a7ba8,stroke-width:2px,color:#fff
  style API fill:#6ba4d4,stroke:#4a7ba8,stroke-width:2px,color:#fff
  style FACTORY fill:#6ba4d4,stroke:#4a7ba8,stroke-width:2px,color:#fff
  style BACKEND fill:#8571d9,stroke:#654bad,stroke-width:2px,color:#fff
  style CONTROLS fill:#d47f6b,stroke:#a85d4a,stroke-width:2px,color:#fff
  style EXECUTION fill:#d4a84f,stroke:#a87d2f,stroke-width:2px,color:#fff
  style SETUP fill:#d4a84f,stroke:#a87d2f,stroke-width:2px,color:#fff
  style CONTRACTS fill:#6bd48a,stroke:#4aa866,stroke-width:2px,color:#fff
  style SYSTEM fill:#6bd48a,stroke:#4aa866,stroke-width:2px,color:#fff`"
/>

The platform layer does not replace the Execution Engine, Chain Indexer, custody integration, System Factory, or SMART Protocol contracts. Browser and API requests enter the same service layer before DALP applies permissions and execution rules. DALP owns the platform request surfaces, shared backend controls, and system deployment path into the System Factory; operators and external systems own user access policy, off-platform approvals, custody-provider policy, and the systems that call the API.

## Request path [#request-path]

1. The Asset Console or an API client submits an authenticated request.
2. The Unified API validates the request, checks permissions, and applies wallet verification when the operation needs a blockchain signature.
3. Backend services coordinate durable execution, indexing, storage, and audit data.
4. Infrastructure services call the relevant SMART Protocol contracts when the operation changes on-chain state.

This shared route matters for regulated operations. A human can run a workflow in the browser. An integration can automate the same workflow through the API. DALP still applies the same policy checks and records the operation through the same backend path.

## Component summary [#component-summary]

| Component                                                               | What it is                                                                                                                    | What it controls                                                                                                                                            | What it does not control                                                                                      |
| ----------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------- |
| [Asset Console](/docs/architecture/components/platform/asset-console)   | White-label web interface for asset lifecycle management, compliance workflows, portfolio views, and distribution management. | Browser workflows, role-based screens, wallet verification prompts, branding assets, language settings, and operator navigation.                            | It does not bypass API permissions, custody signing, compliance modules, or contract rules.                   |
| [Unified API](/docs/architecture/components/platform/unified-api)       | OpenAPI 3.1 documented programmatic access to platform operations.                                                            | Request validation, authentication, authorization, request headers, versioned API discovery, and integration entry points for external systems.             | It does not grant a caller broader participant rights than its credential allows or replace workflow state.   |
| [System Factory](/docs/architecture/components/platform/system-factory) | Organization system creation and token factory scoping for asset isolation.                                                   | One system per organization, directory-backed system creation, factory registry scope, and fail-closed reads when the active system has no token factories. | It does not make wallet addresses tenant boundaries or make assets visible outside the active system context. |

## What security reviewers can trace [#what-security-reviewers-can-trace]

Security and architecture reviewers should be able to follow a request from the entry surface to execution evidence. The platform layer gives them three checkpoints before deeper infrastructure or contract review:

| Review question                                      | Platform evidence                                                                                                                                        | Next page                                                                                                                                      |
| ---------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- |
| Which actor or system submitted the request?         | The console uses the signed-in operator context. API clients authenticate through documented API credentials and request headers.                        | [Authentication](/docs/architecture/security/authentication) and [API request headers](/docs/developer-guides/api-integration/request-headers) |
| Which controls run before execution?                 | The shared backend path validates the request, checks authorization, applies required wallet verification, and records the operation through audit data. | [Authorization](/docs/architecture/security/authorization) and [wallet verification](/docs/architecture/security/wallet-verification)          |
| Which organization system scopes the resulting data? | The System Factory creates the organization system, and token reads use the active system plus its token factory registry.                               | [System Factory](/docs/architecture/components/platform/system-factory) and [system context](/docs/architecture/start-here/system-context)     |

This page stops at the entry and request-control layer. Read the infrastructure pages for execution services, indexing, and custody signing. Read the asset-contract pages for contract runtime and token rule enforcement.

## Choose the right surface [#choose-the-right-surface]

| Reader goal                                             | Start here                                                              | Then read                                                                                                                                            |
| ------------------------------------------------------- | ----------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- |
| Operate assets through a governed web interface         | [Asset Console](/docs/architecture/components/platform/asset-console)   | [Wallet verification](/docs/architecture/security/wallet-verification) and [compliance modules](/docs/architecture/security/compliance)              |
| Automate asset lifecycle operations from another system | [Unified API](/docs/architecture/components/platform/unified-api)       | [API integration guide](/docs/developer-guides/api-integration/getting-started)                                                                      |
| Create or isolate an organization system                | [System Factory](/docs/architecture/components/platform/system-factory) | [System context](/docs/architecture/start-here/system-context) and [contract runtime](/docs/architecture/components/infrastructure/contract-runtime) |
| Review how user actions become controlled execution     | This overview                                                           | [Execution engine](/docs/architecture/components/infrastructure/execution-engine) and [security architecture](/docs/architecture/security)           |

## Control split [#control-split]

The platform layer does not decide token eligibility, custody policy, or settlement finality by itself. It collects the request, authenticates the actor, checks authorization, applies required request gates, and hands the operation to shared services.

Compliance modules, identity claims, custody signing, workflows, indexers, and smart contracts enforce the deeper platform rules.

That split keeps the entry points consistent:

* A console operation and an API operation reach the same backend behavior when they represent the same action.
* System setup creates the organization context that later scopes assets, identities, registries, and factory-backed reads.
* Security review can follow one path from request entry to authorization, execution, and audit evidence.

## Bank architecture review path [#bank-architecture-review-path]

For architecture review, read the platform layer as the request-entry boundary, not the full control plane. It answers three questions before you inspect the lower-level pages:

| Review question                                    | Platform-layer answer                                                                                   | Next evidence page                                                                                                                          |
| -------------------------------------------------- | ------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- |
| How do users and systems enter DALP?               | Operators use the Asset Console. Integrations call the Unified API. Administrators create systems.      | [Asset Console](/docs/architecture/components/platform/asset-console) and [Unified API](/docs/architecture/components/platform/unified-api) |
| Where is tenant or organization scope set?         | System creation establishes the organization system, and token reads use the active system context.     | [System Factory](/docs/architecture/components/platform/system-factory) and [system context](/docs/architecture/start-here/system-context)  |
| Where do execution, custody, and chain state live? | The platform layer routes work to shared services, custody/signing boundaries, indexers, and contracts. | [Infrastructure layer](/docs/architecture/components/infrastructure) and [asset contracts](/docs/architecture/components/asset-contracts)   |

This page stops at the entry boundary. Read the linked component pages when you need endpoint details, wallet verification behavior, execution state, system creation failure modes, or on-chain contract behavior.

## Where to go next [#where-to-go-next]

* Start with [Asset Console](/docs/architecture/components/platform/asset-console) when you need the operator workspace, branding controls, or browser workflow model.
* Start with [Unified API](/docs/architecture/components/platform/unified-api) when you need programmatic access, OpenAPI files, or integration behavior.
* Start with [System Factory](/docs/architecture/components/platform/system-factory) when you need to understand organization systems, creation idempotency, or tenant-scoped asset reads.
* Read the [component catalog](/docs/architecture/components) for the full component model.
* Read the [infrastructure layer](/docs/architecture/components/infrastructure) for the services that execute platform requests.
* Read [security architecture](/docs/architecture/security) for authentication, authorization, identity, and wallet verification.
* Read [asset contracts](/docs/architecture/components/asset-contracts) for the SMART Protocol contracts that execute token behavior.