A content layer should widen entry points, not widen risk. That means the public site can explain workflows, compare vendors, and link to safe demos, while provider credentials, job orchestration, and admin state remain untouched behind the backend.
Separate Discovery from Execution
Discovery content thrives on breadth. Execution paths need constraints. The architecture should reflect that difference explicitly instead of forcing every visit into the same narrow product path.
Keep the Contract Small
The best first move is not to invent new APIs. It is to keep the current public contract stable and let the content layer exercise it through clear internal links and scoped actions.