Vision Care Direct: Scalable Vision Care SaaS & Mobile Platform
About The Client
Vision Care Direct
- IndustryVision Care & Healthcare
- RegionUnited States
- PlatformSaaS with Web and Mobile Applications
- DeliveryOngoing (Last 2 Years)
The client operates in the vision care services sector, offering membership-based vision benefit programs for individuals and organizations. Their operations involved managing provider networks, member services, subscription plans, reimbursements, and customer support across multiple user groups.
The organization needed a secure, centralized system to handle large volumes of member records, payments, plan configurations, and administrative workflows. This improved coordination and data accessibility as operations expanded.
Project Overview
Unified Vision Care Operations For Enrollment, Billing & Providers
Traditional vision care systems operated as siloed modules for enrollment, billing, and provider management, resulting in inconsistent data synchronization and limited lifecycle traceability.
Data was distributed across disconnected legacy systems and third-party tools without a shared data layer or real-time synchronization. To address this, the platform was redesigned as a cloud-based, modular SaaS system using domain-driven architecture. This unified enrollment, billing, provider management, and reimbursement workflows into a single coordinated platform.
The solution comprised web and mobile applications that streamlined core member service workflows. This reduced manual administrative effort and improved coordination between members, providers, employers, brokers, and support teams.
The Concept
Domain-Driven SaaS With Event-Driven Communication
The platform used a domain-driven, modular service-oriented architecture with event-driven communication in a cloud-based SaaS environment. Core functions were implemented as modular API-driven service components within a domain-separated architecture, exposed via REST APIs.
Web and mobile applications handled synchronous API requests, while event-driven workers processed asynchronous tasks such as notifications and billing updates. A message-based asynchronous processing layer was implemented to support reliable inter-service communication. This ensured reliable inter-service communication, scalability, consistency, and secure multi-tenant operations.
This ensured reliable inter-service communication, scalability, consistency, and secure multi-tenant operations across the full vision care lifecycle.
Key Challenges Addressed
Scaling Vision Care Required Control Over Data, Access & Transactions
Disconnected Operations
Disconnected operations led to data inconsistencies across modules and a lack of transactional integrity between the billing and enrollment systems. This resulted in duplicate records and limited end-to-end visibility.
Multi-Role Access Control
The platform required a secure role-based access control system to manage multiple user types. A secure role-based access control system was implemented for members, providers, employers, brokers, CSRs, and administrators, enforcing strict authorization boundaries.
Secure Data Handling
Sensitive healthcare and financial data required TLS 1.2+ encryption in transit, AES-256 encryption at rest via managed cloud encryption services, and token-based authentication using JWT with refresh token rotation.
Real-Time Data Synchronization
Critical updates were required across memberships, billing, provider data, and reimbursements. This required near-real-time synchronization between distributed services to maintain consistency across all user portals and backend systems.
Scalability and Concurrent Load Handling
The system was optimized to handle high concurrent API requests through horizontal scaling and database indexing strategies. This maintained performance during peak loads.
Subscription and Transaction Processing
The system handled recurring billing, payment failures, subscription renewals, and reimbursement workflows. This required reliable transaction processing with robust error handling, auditability, and minimal manual intervention.
Technical Solutions We Implemented
Modular Architecture For Secure, Scalable Operations
A cloud-native, domain-driven SaaS architecture replaced fragmented legacy workflows with independent services for enrollment, billing, providers, reimbursements, and subscriptions.
Modular Service-Oriented Architecture
Implemented a domain-aligned modular architecture following domain-driven design principles. This separated enrollment, subscriptions, billing, reimbursements, provider management, and administration into independent services.. This improved scalability, reduced system dependency, and enabled easier maintenance and future expansion while maintaining data consistency.
Claims-Based Role-Based Access Control (RBAC) System
A claims-based RBAC system used policy-driven authorization with JWT claims to enforce feature-level and data-level access control across members, providers, employers, brokers, CSRs, and administrators. Tenant IDs, roles, and permission scopes were validated through policy-based middleware.
Secure Data and Transaction Processing Framework
All system communication was secured using TLS 1.2+ encryption protocols. The authentication layer implemented token-based authentication with refresh token rotation to enhance session security and mitigate token replay and hijacking risks. Financial transactions were processed through secure external payment gateways with controlled validation workflows.
Event-Driven Real-Time Data Synchronization
Near real-time synchronization was achieved through event-driven communication patterns using webhook triggers and background workers. This ensured consistent state propagation across distributed modules for subscriptions, billing updates, provider changes, and reimbursement activities.
Automated Subscription and Financial Lifecycle Engine
An automated lifecycle engine was developed to manage subscription workflows, including billing cycles, payment validation, renewal processing, failure handling, and transaction tracking. This automation reduced manual intervention, improved financial accuracy, and ensured reliable, consistent recurring billing.
Notification and System Monitoring Layer
An event-based notification and monitoring layer was implemented to capture and process operational events, including enrollments, payments, reimbursements, and account updates. This system ensured timely user notifications while maintaining platform stability under concurrent load through asynchronous processing and decoupled event handling.
Why It Works Better
Cloud-Native SaaS For Multi-Tenant Vision Care
A cloud-native, domain-driven SaaS architecture replaced fragmented legacy workflows with a modular system supporting enrollment, billing, provider management, reimbursements, and subscriptions. The architecture ensured separation of concerns, secure multi-tenant access, and consistent data flow across distributed business domains.
- Eliminated fragmented vision care workflows through a modular, service-oriented SaaS architecture.
- The architecture was designed around the separation of concerns with independent functional modules for core business capabilities.
- It ensured consistent data flow and synchronization across enrollment, billing, provider, and subscription workflows.
- It enforced policy-driven role-based access control across multiple stakeholder types.
- It supported secure, controlled interactions among members, providers, employers, brokers, CSRs, and administrators.
Screens From the Live Build
Surfaces We Designed & Engineered Into Production
Selected moments from the Vision Care Direct platform where member onboarding, subscriptions, provider discovery, payments, and benefits access come together across web and mobile experiences.
Core Features & Functionalities
Designed For End-to-End Member & Provider Operations
The platform provides a unified system for managing member onboarding, subscription lifecycle, payments, provider discovery, and benefit access. This is supported by a secure and scalable backend architecture with clearly defined service boundaries and data flows across modules.
- Member Account Creation & Management: Secure registration included identity validation, encrypted credential storage, profile management, dependent mapping, and plan association. REST-based authentication and user management services enabled synchronized account lifecycle operations, including activation, updates, suspension, and role-based access control across all users and backend services.
- Vision Plan Enrollment & Subscription Management: Users are enrolled through a structured workflow involving eligibility validation, plan selection, and policy mapping. Subscription management handles activation, renewal, and cancellation. The system maintains real-time synchronization of member-plan relationships across distributed services through API-based communication and event-driven updates.
- Secure Online Payment Processing: The system integrated the Stripe API and the Expay gateway for secure payment processing, using tokenization and gateway-level authorization. It implemented webhook-driven event handling, idempotent transaction processing, and reconciliation logic. This ensured accurate settlement tracking, prevented duplicate charges, and maintained financial consistency across services.
- Automated Billing & Recurring Payments: Automated billing manages subscription-based payments by generating invoices on schedule and automating processing workflows. Failed payments are handled using controlled retry mechanisms, while webhook-based event updates ensure real-time synchronization of billing states across services and downstream systems.
- Provider Search & Clinic Discovery: Provider discovery was optimized using indexed geolocation queries for ZIP code, city, state, and radius-based searches. Search results are processed using indexed filters and proximity-based ranking to improve the performance, accuracy, and relevance of provider lookup operations.
- Clinic Information & Navigation: Clinic profiles maintain structured provider data, including services, locations, and practitioner details. Google Maps API integration enables geolocation-based navigation and route visualization, while standardized provider data models ensure consistency and interoperability across system modules.
- Digital Member Card Management: The system generates secure, tokenized digital membership cards linked to active subscription states. Cards are validated server-side before access, ensuring compliance with authorization requirements. Digital cards are dynamically updated based on subscription changes and made available through authenticated APIs for secure download and distribution.
- Benefits Tracking & Usage History: The platform tracks benefits, coverage limits, and entitlement usage through centralized backend services. Usage data and claims history are aggregated for reporting and analytics, enabling real-time dashboard visibility and operational insights across member activity.
- Security & Authentication Layer: Authentication and authorization were implemented using OAuth 2.0 authorization flows, with JWT-based access tokens and refresh token rotation to maintain session continuity. API-level authorization included input validation, rate limiting, and mitigation of token replay risks through JWT validation, short-lived tokens, and secure session controls. These controls ensured the secure handling of sensitive healthcare data and the integrity of the system.
- Performance & Caching Layer: Redis caching stores frequently accessed provider, plan, and benefit data with TTL-based expiration and event-driven invalidation. Updates in billing, subscriptions, and provider records triggered cache refreshes, reducing database load and improving high-concurrency response times.
Technologies and Tech Stack We Used
Tools Chosen For Scale & Healthcare Security
C# · ASP.NET Core Web API · .NET Framework · LINQ
Core SaaS services, REST APIs, and LINQ-based data access across modular domains.
AngularJS · Flutter (Dart)
Legacy web portal alongside API-driven services and cross-platform mobile applications.
Microsoft SQL Server
Relational data storage for members, subscriptions, providers, and billing records.
REST APIs · OAuth 2.0 · Stripe · ExPay Gateway
Secure payments, authentication, and third-party gateway integrations.
Microsoft Azure · Azure DevOps
Cloud-native hosting, deployment pipelines, and operational monitoring.
Git · TFS · Swagger UI
High-concurrency performance, version control, and API documentation.
AngularJS was used for an existing legacy web portal maintained alongside newer API-driven and mobile (Flutter) applications.
Testing & Quality Assurance
Validated For Accuracy, Security & Consistency
- All core modules, including accounts, subscriptions, payments, and provider search, were tested to ensure correct functionality.
- API responses were validated for accuracy, security, and proper role-based access control.
- Payment workflows were tested for success, failure handling, and retry scenarios to ensure correct billing behavior.
- Data consistency was verified across all modules to ensure updates were reflected system-wide.
- Web and mobile interfaces were tested for consistent performance across devices and screen sizes.
- End-to-end user flows were validated from registration to payment completion to ensure process stability.
Our Approach & Development Timeline
Phased Delivery With Ongoing Enhancements
The implementation followed a phased delivery approach—establishing SaaS architecture and core platform capabilities first, then integrating subscriptions, billing, payments, and provider networks with continuous optimization.
Requirement Analysis & Healthcare Workflow Mapping
Vision care workflow definition and stakeholder role mapping.
SaaS Architecture Design with Role-Based Access Structure
Domain-driven architecture and multi-tenant access model.
Core Platform Development
APIs, database, web and mobile application foundations.
Integration of Subscriptions, Billing, Payments & Provider Network
Payment gateways, billing automation, and provider discovery.
Testing, Security Validation & Cloud Deployment
QA, security hardening, and Azure production deployment.
Ongoing Enhancements, Performance Improvements & Feature Expansion
Performance improvements and continuous platform evolution.
Measurable Outcomes
Operational Gains From Unified Platform Delivery
Metrics were derived from production telemetry logs and pre- and post-deployment monitoring. The analysis evaluated workflow completion time, manual effort, error rates, and data consistency.
Member onboarding time (down from 2–3 days)
Payment error rate (down from 8%)
Reduction in manual billing effort
Fewer support tickets for billing and accounts
Digisoft Solution delivered Vision Care Direct as a unified, end-to-end platform that streamlines enrollment, billing, and provider management while improving scalability, security, and operational efficiency. The solution improved workflow consistency, reduced dependency on separate tools, and ensured secure, scalable, and efficient operations for long-term platform growth.
