A pixel for Quora tracking

High-level architecture of a hybrid SaaS solution

Definition and high level architecture and implementation of a hybrid SaaS architecture

High-level architecture of a hybrid SaaS solution


Forest Admin is a tool that automatically generates admin panels on top of your database, that can then be customized. Because of the privacy and security requirements most developers and organisations rightfully have over their data, we had to build our solution in a way that ensured those requirements were respected in order to provide a viable offer. That's why we decided to go with a hybrid SaaS architecture.

We define a hybrid SaaS solution as a software relying simultaneously on a SaaS part and an on-premise part. The SaaS part is hosted and managed by the vendor, and includes the user interface the users will connect to and interact with via their browser. The on-premise (or self-hosted) part is managed and hosted by the user, and includes the users' data and the vendor provided elements to send and receive the relevant data to and from the user interface.

As discussed in the first paragraph, the main advantage of such an architecture is that the user's data will never be seen by the vendor, and stays within the user's controlled environment. In addition, the user will automatically benefits from updates introduced by the vendor just like with any SaaS solution.

Let's detail this hybrid SaaS architecture, using Forest Admin as an example.

High level hybrid SaaS architecture

In Forest Admin's case, the whole architecture consists of 4 different components as shown below. The user's database, the admin backend, the Forest Admin API server and the Forest Admin UI server.

A schema of the Forest Admin self-hosted architecture.

1. The user's database

The user's database will be the main data source for Forest Admin to generate admin panels, and feed them.

2. Forest admin backend

When a user installs Forest Admin, they generate a node.js application on their local machine. It includes a RESTful API that connects to their database. We call this app the admin backend. It feeds all the data to your admin panel interface.

What it does:

  • it translates client requests (from the end user browser) into queries to the user's database.
  • it also provides the Forest Admin API Server with the information needed to build the User Interface. This information includes table names, column names and types, and relationships.

A JSON file called the forestadmin-schema.json carries this metadata within the admin backend.

3. Forest Admin API server

The Forest Admin API Server stores the information to build the user interface. This includes both the database structure (sent by the admin backend) and the UI customization made by the user.

To get more technical, the information stored includes:

  • Display & Order — Which tables and columns should be displayed or hidden? In what order should the columns appear in the ‘Table’ view?
  • Collection Settings (permissions) — Are the records in this table read-only? Can they be deleted? Can they be exported in a .csv file?
  • Widget preferences — Which UI component should be rendered for each column (e.g a file viewer for a column that contains images urls).
  • Chart configurations — How are the dashboard charts configured and in which position should they appear?

The Forest Admin API Server also manages the Forest Admin app’s logic like user authentication or billing.

4. Forest Admin UI server

The Forest Admin UI server stores static assets. These include HTML documents, CSS stylesheets and JS script files. It provides the UI components needed to build the interface that displays the data.

Now that you have a high level overview of the architecture, let's see how the different components interact together.

Interactions between the different components

Let's go through the http calls made between each of the above-mentioned elements when operating a Forest Admin project. Namely calls made:

  • between the end user’s browser and the Forest Admin servers (both UI and API servers),
  • between the end user’s browser and the admin backend,
  • between the admin backend and the Forest Admin API servers.

Calls made from the user’s browser

The following lists the calls made by the browser when an end user accesses the admin panel from their browser (at app.forestadmin.com).

To the Forest Admin UI servers

A schema showing how Forest Admin serves the UI.

Calls need to go out to the Forest Admin UI server to fetch static assets including:

  • HTML documents
  • CSS stylesheets
  • JS scripts
  • A map of the assets

To the Forest Admin API servers

A schema showing how Forest Admin serves the layout configuration.

Calls need to go out to the Forest Admin API servers to retrieve information regarding:

  • the end user logged in,
  • the project they're logged into,
  • the environment they're logged into,
  • the configuration of the rendering to be displayed (i.e. the configuration of the UI),
  • the widgets configuration,
  • the billings info of the project,
  • any updates happening on the UI configuration. This is done through websockets.

To the admin backend

A schema showing how Forest Admin reaches the agent.

Calls need to go out to the admin backend to retrieve/ modify data from the database including:

  • GET calls to retrieve a list of records, the count of a list or the details of record,
  • PUT calls to modify a record,
  • POST calls to create a new record or trigger a custom action,
  • DELETE calls to delete records.

Calls made from the admin backend

To the database

A schema showing how Forest Admin serves the data via the agent.

When calls are made from the browser to the admin backend, the latter translates the call into a database query.

To the Forest Admin API servers

A schema showing how Forest Admin collects the database schema.

In order to ensure that the UI reflects the structure of the database, the admin backend needs to send calls containing the information from the forestadmin-schema.json to the Forest Admin API servers. This file is sent upon every restart of the admin backend server.

At the startup of the admin backend and periodically afterwards, calls are also made to the Forest Admin API servers to retrieve permissions. This protects the data from being accessed by unauthorized users through curl requests for example.

Additional considerations

Flexibility and extensibility

Because part of the solution's logic resides in the user's systems — the admin backend in Forest Admin's example, the vendor can allow users to customise and extend its solution like they would with any other app, by open sourcing and documenting its on-premise component.

Development workflow, CI/CD and hosting

If the vendor open sources its on-premise component, it also allows the user to manage the code of this component in Git, the containerize the back-end app using Docker or Kubernetes, and to deploy it wherever the user sees fit.


With this hybrid SaaS architecture, users will benefit from continuous updates to the SaaS part — in Forest Admin's case the UI — by simply refreshing they browser tab.

For the on-premise part, the downside is that updates do require the user to install updates on their side, and potentially setup tests to make sure updates do not introduce regressions on their specific configuration.


From introducing large updates to managing users' authentication to optimising for performance when you don't host part of your solution, building Forest Admin with this hybrid SaaS architecture introduced various technical challenges of their own, that we plan to cover in more detailed posts in the future. Ping us @ForestAdmin to let us know what you'd like us to cover first.

Interest in Forest Admin? Learn more on our website or our doc, or sign up for free.