Queen of San Diego — Tech Blog

Under the hood at queenofsandiego.com

Building a Domain-Isolated Payment Logging System: Decoupling Tenant Operations from Primary Domain

What Was Done

We implemented a complete operational separation between the primary business domain (queenofsandiego.com) and the tenant property management portal (dangerouscentaur.com). This involved:

  • Establishing independent email infrastructure within the dangerouscentaur.com domain via AWS SES
  • Creating a Zelle payment forwarding system that allows bank notifications to trigger automatic logging in the tenant hub
  • Deploying a new Lambda function (lambda-email-parser) to parse incoming payment emails
  • Extending the existing receipt-action Lambda with an admin-gated log_rent_payment action
  • Wiring Google Apps Script (GAS) as the email ingestion layer, bridging bank notifications to Lambda endpoints

The result: tenants now receive credentials from the dangerouscentaur.com domain exclusively, and payment tracking happens entirely within that domain's infrastructure—no queenofsandiego.com involvement in tenant operations.

Technical Details

Email Infrastructure Separation

AWS SES was configured to send tenant credential emails from dangerouscentaur.com rather than queenofsandiego.com. This required:

  • Domain verification in SES (DKIM tokens obtained and validated)
  • Creation of a verified sender identity for tenant communications
  • Configuration of ImprovMX aliases to provide a proper inbound/outbound mail interface

All credential emails were resent via the SES Python SDK in the existing Lambda workflow, ensuring consistent delivery and compliance with the domain isolation requirement.

Payment Email Parsing Pipeline

A new Lambda function was created at /scripts/lambda-email-parser/lambda_function.py to handle incoming bank notifications. The workflow:

  1. User forwards Zelle receipt/notification email to a dangerouscentaur.com alias
  2. ImprovMX routes the email to a Google Workspace inbox monitored by GAS
  3. GAS script (WarmLeadResponder.gs) parses the email for payment indicators (amount, tenant identifier)
  4. GAS calls the receipt-action Lambda endpoint with an ADMIN_TOKEN for authentication
  5. Receipt-action Lambda validates the token and executes the log_rent_payment action
  6. Payment entry is written to receipts.json in S3

This eliminates manual data entry while maintaining security through token-gated access.

Lambda Architecture Changes

The receipt-action Lambda (deployed at a function URL) was extended with two new capabilities:

def log_rent_payment(tenant_id, amount, payment_method, notes=""):
    """Admin action: log a rent payment to receipts.json"""
    # Validate admin token from headers
    # Read current receipts.json
    # Append new payment entry with timestamp
    # Write back to S3
    # Return confirmation

The function reads from and writes to s3://dangerouscentaur-tenant-data/receipts.json, maintaining a chronological payment ledger. Environment variable ADMIN_TOKEN is used for request validation, preventing unauthorized payment logging.

The GAS script was updated to detect payment-related keywords in forwarded emails and construct appropriate Lambda payloads:

if (message.contains("payment") || message.contains("zelle") || message.contains("transfer")) {
  callTenantPortalAction("log_rent_payment", {
    tenant_id: extractTenantId(message),
    amount: extractAmount(message),
    payment_method: "zelle",
    notes: extractDetails(message)
  });
}

Infrastructure Details

S3 Bucket Structure

File modifications occurred in:

  • s3://dangerouscentaur-tenant-portal/ — Main tenant hub deployment
  • s3://dangerouscentaur-tenant-data/receipts.json — Payment ledger (read/write by Lambda)

CloudFront distribution invalidations were issued for the tenant portal distribution to ensure credential page updates reached users immediately.

Lambda Function URLs

Receipt-action Lambda was already configured with a function URL. For security, the ADMIN_TOKEN environment variable was set to control access to sensitive payment operations. The token is passed via HTTP headers in GAS requests:

var options = {
  method: "post",
  payload: JSON.stringify(payload),
  headers: {
    "Authorization": "Bearer " + ADMIN_TOKEN,
    "Content-Type": "application/json"
  },
  muteHttpExceptions: true
};

Email Routing

ImprovMX was configured to forward bank notification forwarding addresses to a Google Workspace account monitored by GAS. This provides a serverless email ingestion layer without requiring a dedicated mail server.

Key Decisions

Why Domain Isolation?

Sending tenant communications from queenofsandiego.com created confusion about domain ownership and weakened the conceptual separation between the agent's primary business and the property management system. Using dangerouscentaur.com exclusively for all tenant-facing systems makes the relationship explicit and supports independent scaling/migration if needed.

Why GAS as the Email Parser?

Google Apps Script provides free email monitoring and Lambda invocation without additional infrastructure. It's more maintainable than setting up mail forwarding rules or SNS topics, and integrates naturally with the existing Google Workspace environment where emails are already being monitored.

Why Token-Gated Lambda?

Using environment variables for admin tokens avoids hardcoding secrets in GAS or Lambda code. The token is stored securely in Lambda's encrypted environment and validated on every request, providing an audit trail and preventing accidental exposure.

Why This Avoids Manual Entry

By parsing forwarded bank emails automatically, we eliminate the friction of logging into the hub and manually entering payment data. Users simply forward their bank notification—the system extracts the relevant details and updates the ledger. This reduces errors and encourages consistent logging.

What's Next

Future enhancements could include:

  • Adding email receipt generation that's sent back to tenants as confirmation
  • Extending the payment parser to handle other methods (ACH, check photos via email)
  • Building a reconciliation report that cross-references logged payments against bank statements
  • Adding tenant-accessible payment history views in the hub dashboard

The current system is intentionally minimal and focused: receive payment notification email, parse it, log it. Everything stays within the dangerouscentaur.com domain, and the agent gets visibility into tenant payments without manual work.