Integration Guide
EHS Platform SDS Ingestion Architecture
Technical implementation guide for ingesting SDS files into EHS platforms with queueing, validation gates, retry policy, and schema-pinned downstream contracts.
Last updated: 2026-03-10
Target architecture
| Layer | Role in ingestion flow | Implementation note |
|---|---|---|
| Ingress API | Receives SDS file and metadata envelope. | Attach source system ID and tenant key at ingress. |
| Extraction service | Parses SDS into structured section fields. | Pin `schema_version` per environment. |
| Validation engine | Runs required-field and confidence policies. | Block low-confidence records from auto-publish. |
| Review queue | Routes warnings to compliance reviewers. | Queue priority by hazard severity and site impact. |
| EHS writer | Persists approved record to EHS data model. | Use idempotent upsert by document fingerprint. |
| Audit store | Keeps immutable extraction/review history. | Log reviewer actions and release timestamps. |
End-to-end ingestion flow
- Upload SDS file with plant, product, and supplier metadata.
- Extract structured fields and generate confidence/warning metadata.
- Run policy checks for critical sections (2, 3, 8, 14, 15).
- Route passing records to EHS write path and flagged records to review queue.
- Emit webhook events so downstream systems can synchronize state.
Webhook event model
{
"event": "sds.ingestion.completed",
"request_id": "req_298144",
"schema_version": "2026-01",
"tenant_id": "tenant_ehs_04",
"status": "needs_review",
"confidence_score": 0.91,
"warnings": [
"Section 14 transport row 2 below confidence threshold"
],
"review_queue_id": "queue_hazard_high"
}Retry and reconciliation strategy
| Failure case | Retry behavior | Reconciliation action |
|---|---|---|
| Transient extraction timeout | 3 retries with exponential backoff. | Escalate to integration alert after final retry. |
| Schema validation failure | No auto-retry. | Route to engineering queue with payload diff. |
| EHS write conflict | Idempotent retry after lock release. | Run record-level compare and reconcile latest revision. |
| Webhook delivery failure | Retry for 24 hours with signed event replay. | Expose dead-letter queue for manual replay. |
Security and tenancy controls
- Per-tenant API keys and scoped write permissions.
- At-rest encryption for source files and structured outputs.
- Signed webhook payloads with replay protection.
- Tenant-isolated queues and audit logs for regulated environments.
Go-live readiness checklist
- Schema version pinned in all ingestion environments.
- Critical-section validation thresholds reviewed by compliance leads.
- Review queue staffing model tested against expected warning rates.
- Replay and disaster-recovery drills completed for webhook workflows.
FAQ
Can this flow support asynchronous ingestion at high document volume?
Yes. The architecture is queue-driven and designed for asynchronous processing with webhook completion events.
How do we avoid duplicate records during retries?
Use stable document fingerprints and idempotent upsert keys when writing into the EHS platform.
Can one tenant enforce stricter review gates than another?
Yes. Validation thresholds and queue routing policies can be configured per tenant or business unit.
Related pages
- SDS extraction API
- Schema versioning policy
- Accuracy methodology
- For EHS software vendors
- API docs
- Request an EHS integration plan
Designing an SDS ingestion pipeline for a multi-tenant EHS platform?
Request an EHS integration plan
to validate architecture, queue design, and release controls.