This blog post contains some notes on SaaS headless content management system vendor and customer responsibilities. If you have additional perspectives on this topic, please comment on this blog post.
Update 24..June.2021: This diagram does not reflect that Customer Applications can deliver data to the Content Delivery tier via HTTPS services and webhooks, nor that the Content Delivery tier can use HTTPS to communicate directly with content delivery services. Basically, anything that can speak JSON over HTTPS can use CMS services or respond to webhooks.
SaaS Headless CMS Vendor Responsibilities
From my perspective, the vendor has responsibility for the following aspects of all content management systems and user interfaces including web server, application server, CMS application, databases, internal (CMS-user facing) and potentially external (customer-facing) search indexes, and otherwise to support all HTTPS content management and content delivery services and the browser-based user interfaces that use them.
- Provisioning new environments for customers
- Hosting all components of the content management solution and content delivery services
- Scaling content management, content delivery, and additional supporting services dynamically and theoretically infinitely.
- Securing content management environments with penetration testing and infrastructure implemented to block attacks.
- Ensuring reliability of all content management systems and services.
- Recovering content management solutions for customers in case of disaster.
- Webhook retrial in case of network or other errors.
- Scheduled downtime management and customer notification.
- Platform and CMS patches, upgrades, and feature rollout
- Service Level Agreements (SLAs)
SaaS Headless CMS Customer Responsibilities
- Source code management, build and deployment processes, and hosting for content delivery solutions
- Stack configuration (system configuration and content type definitions)
- CMS user account security controlling CMS access
- Additional specifies for extensions and integrations with custom and third-party solutions such as hosted search.