Architecture at a glance
WeCareRemote is built around a set of cooperating components tied together by a shared authentication layer and connected to two integration services — n8n for automation and NocoDB for structured data:| Component | Hosted at | Powered by | Primary audience |
|---|---|---|---|
| Web platform | wcr.is/home | WeCareRemote app | Refugees and NGO staff |
| Blog | blog.wcr.is | WordPress | Everyone, with role-aware content |
| AI assistant | Embedded in the platform | Configurable LLM provider | Refugees, with admin oversight |
| Video meetings | Embedded in the platform | Jitsi | Refugees and NGO staff |
| Authentication | getme.global | JWT issuer | Used by all components |
| Automation | Self-hosted | n8n | NGO admins / operators |
| Structured data | Self-hosted | NocoDB | NGO staff |
getme.global is recognised everywhere else.
Technical diagram
The diagram below shows how a request flows through the system and where every component sits relative to the others.How to read this diagram
- Solid arrows are synchronous HTTP calls made by the component at the tail of the arrow.
- Dashed arrows are asynchronous events — webhooks fired by the platform, or optional knowledge-base reads by the AI assistant.
- JWT verification is the small back-and-forth between every component and
getme.globalon the left. Every protected request flows through it. - n8n sits in the middle as the event hub. It receives webhooks from the platform, calls back into the AI agent and recordings APIs, and pushes structured rows into NocoDB.
- NocoDB is read by two clients: NGO staff (via the spreadsheet UI) and n8n (via the
xc-token-authenticated REST API). The AI assistant can optionally read NocoDB rows as a knowledge source.
Trust boundaries
- The platform, the blog, and
getme.globalshare the JWT trust boundary — a token issued bygetme.globalis honoured by all of them. - n8n is outside the JWT trust boundary on its inbound side: it authenticates webhook callers however you configure (webhook secret, IP allowlist), then uses a stored JWT to call WeCareRemote on the outbound side.
- NocoDB is a separate trust boundary — it uses its own
xc-tokenAPI tokens and does not understand WeCareRemote JWTs.
AI assistant
The AI assistant is the primary way refugees interact with the platform. You can ask it questions, request information about available services, or get help navigating the support process. The assistant maintains conversation memory across sessions, so it builds on previous exchanges rather than starting fresh each time. When relevant documents or knowledge bases are available to your organization, the assistant can retrieve and reference that content directly in its responses — reducing the need for back-and-forth with staff. What the assistant can do:- Answer questions in plain language about services, processes, and resources
- Retain context across messages and sessions
- Surface knowledge-base content when your organization has connected it
- Adapt its tone and the level of detail based on your role (refugee user vs. NGO admin)
The AI assistant supports multiple language model providers — OpenAI, Anthropic, Google, Groq, Ollama (local), AWS Bedrock, Azure OpenAI, OpenRouter, DeepSeek, and any OpenAI-compatible endpoint. The model used in your session is configured by your organization’s administrator. See Supported models.
Blog and content
The blog gives NGO administrators a space to publish resources, announcements, and guides that are visible to refugee users on the platform. It is built on WordPress and uses role-based access to control who can read, write, and manage content.- NGO administrators (
org_admin) can create, edit, and publish posts. - Refugee users (
blog) can read published content relevant to their situation. - Logged-out visitors see only the public portion of the blog.
Video conferencing
When a conversation needs to move beyond text, WeCareRemote includes integrated video meetings powered by Jitsi. Refugees and NGO staff can join a meeting directly from the platform — no third-party account or software download required. Meetings can be recorded, which is useful for documentation, case follow-up, or sharing session summaries with other team members. Recordings are stored in secure cloud storage and accessible through the recordings API or the platform UI.Recording availability depends on your organization’s configuration. Recordings are typically initiated by an NGO administrator. Contact your NGO contact if you need recordings enabled for your meetings.
Authentication
A single JWT-based authentication layer ties all of WeCareRemote’s components together. When you log in through the platform, your session token is recognized by the AI assistant, the WordPress blog, and the video conferencing system — so you never need to log in separately to access each feature. Your role (blog or org_admin) is encoded in your token and determines what actions you can take across the platform. If your role changes — for example, if an NGO grants you additional permissions — you will need to log out and back in to pick up the updated access.
For full details on how authentication works, including how to obtain and verify a token programmatically, see the Authentication overview and the JWT auth reference.
A typical session
To make the pieces concrete, here is what a typical refugee user’s session might look like:Sign in once
The user logs in at wcr.is/home. The platform issues a JWT token that travels with every subsequent request.
Ask the AI assistant a question
The user opens the AI assistant and asks, in their own language, what housing options are available. The assistant references the previous conversation and any connected knowledge base.
Read a published resource
The assistant links the user to a blog post on housing applications. Because the user is logged in, role-specific menu items and content load automatically.
Join a video call
The user clicks through to a Jitsi meeting with an NGO caseworker. No re-authentication is needed — the same JWT token authorises the meeting.
Where to go next
AI Assistant
Configure the AI assistant, choose a language model, and manage conversation history.
Authentication
Learn how JWT authentication works and how roles control access across the platform.
Video Conferencing
Set up and join video meetings, and enable recording for your sessions.
Blog & Content
Publish and manage blog content, and understand role-based access controls.