Skip to main content

Architecture & Services

Formstamper is built on a modern, decoupled architecture designed for scalability, performance, and security. Understanding the underlying services is helpful for developers looking to integrate deeply via the API or troubleshoot advanced workflows.

System Overview

At a high level, the Formstamper platform is divided into two primary services:

  1. Frontend Client: A responsive, React-based web application.
  2. Backend API: A robust, Java-based REST API that handles data processing and PDF generation.

Frontend Service

The frontend is a single-page application (SPA) built using React and Next.js. It provides the interactive user interface for managing templates, building workflows, and administering organizations.

Key Technologies

  • React & Next.js: Powers the component-based UI, routing, and client-side state management.
  • Tailwind CSS: Used for all styling, providing a highly responsive and modern design system.
  • Lucide Icons: Clean, consistent SVG iconography.

Core Responsibilities

  • Authentication Handling: Manages JWT access tokens and secure, HTTP-only refresh token cookies.
  • Template Creator: Provides the interactive drag-and-drop interface for mapping data columns to PDF fields.
  • Workflow Builder: An interactive node-based canvas for designing automation pipelines.
  • Client-Side Validation: Ensures data integrity before communicating with the backend API.

Backend Service

The backend is built with Spring Boot (Java) and serves as the core processing engine for the platform. It exposes a comprehensive RESTful API consumed by both the frontend client and external integrations.

Key Technologies

  • Spring Boot: The foundational framework handling dependency injection, routing, and security.
  • OpenPDF / LibrePDF: Core libraries used for reading, parsing, and programmatically filling AcroForm PDF templates.
  • PostgreSQL: The primary relational database used to store user accounts, organization data, workflow configurations, and template metadata.

Core Responsibilities

  • Document Stamping Engine: Processes uploaded .xlsx or .csv data files alongside PDF templates, executing the heavy lifting to generate hundreds of stamped documents in memory.
  • Workflow Execution Engine: Evaluates conditional logic, triggers webhooks, and manages dynamic data flow between nodes.
  • Security & Authorization: Validates JWTs, enforces role-based access control (RBAC), and manages organization-level permissions.
  • Billing Integration: Communicates securely with Stripe to track action limits and manage subscription lifecycles.

Security Architecture

Formstamper employs several security best practices across its services:

  • Stateless Authentication: Uses short-lived JWT access tokens and secure, HTTP-only refresh cookies to mitigate XSS and CSRF attacks.
  • Data Isolation: All resources are strictly scoped to specific Organizations.
  • Ephemeral Processing: When documents are stamped via the web interface or API, the resulting PDFs are generated in memory and streamed directly back to the client. The final stamped documents are not permanently stored on Formstamper's servers unless explicitly configured in a workflow.