Developer Documentation
Last updated: January 2025
1. Overview
Seesam NFC is a universal NFC access control platform designed for modern buildings. Our system provides a secure, mobile-first solution that works with existing access control hardware through an adapter-based architecture.
Key Features
- Multi-vendor hardware support via Adapter Pattern (HotSec implemented, others pluggable)
- DESFire EV1-EV3 NFC chip compatibility
- GPS-based validation with circle and polygon geo-fencing
- Multi-tenancy ready with AWS CDK-based infrastructure
- Comprehensive audit logging with metadata tracking
2. Technical Architecture
Backend Stack
- Framework: Spring Boot 3.2.0 (Java 17+)
- Database: PostgreSQL 15+ with Liquibase migrations
- Authentication: JWT tokens + Estonian ID (Mobile-ID, Smart-ID)
- Security: OAuth 2.0 device flow, BCrypt password hashing
- API: RESTful endpoints with Spring Security
Frontend Stack
- Framework: Vue 3 with Composition API
- UI Components: PrimeVue component library
- State Management: Pinia stores
- Build Tool: Vite for fast development and optimized production builds
Infrastructure
- Container Orchestration: Kubernetes on AWS EKS
- CI/CD: GitLab CI/CD pipeline
- Cloud Services: AWS S3 (app distribution), DynamoDB (tenant registry)
- Deployment: Docker containers, Helm charts
3. Hardware Adapter Pattern
Our adapter-based architecture allows seamless integration with different access control hardware vendors without changing core business logic.
Why Adapter Pattern?
The Hardware Adapter Pattern decouples the system from vendor-specific APIs, enabling:
- Easy switching between hardware vendors
- Adding new vendor support without modifying existing code
- Consistent internal API regardless of hardware provider
- Simplified testing with mock adapters
Architecture Overview
Application Layer (DoorService, UserSyncService)
│
▼
Hardware Provider Interface
│
▼
Adapter Layer (HotSecAdapter, YourAdapter)
│
▼
External Hardware APIs
Vendor-Agnostic Domain Models
All hardware interactions use standardized domain models:
HardwareUser - User representation across all vendors
HardwareDoor - Door model with universal attributes
DoorAccessCommand - Unified door control commands (UNLOCK, LOCK, PULSE, HOLD_OPEN)
DoorAccessResult - Standardized operation results
Implementing Your Own Adapter
To integrate a new hardware vendor, implement these interfaces:
- HardwareAuthenticationProvider - Handles vendor API authentication and token management
- HardwareUserProvider - Manages user synchronization with hardware system
- HardwareDoorProvider - Controls door access operations
- HardwareProvider - Main facade that combines all sub-providers
Example: Basic Adapter Structure
@Service
@ConditionalOnProperty(name="hardware.adapter", havingValue="yourvendor")
public class YourVendorHardwareProvider implements HardwareProvider {
@Override
public HardwareAuthenticationProvider getAuthenticationProvider() {
return new YourVendorAuthAdapter();
}
@Override
public HardwareUserProvider getUserProvider() {
return new YourVendorUserAdapter();
}
@Override
public HardwareDoorProvider getDoorProvider() {
return new YourVendorDoorAdapter();
}
}
Configuration
Activate your adapter in application.yml:
hardware:
adapter: yourvendor # Options: hotsec, yourvendor
api:
server: https://api.yourvendor.com
username: ${HARDWARE_API_USERNAME}
password: ${HARDWARE_API_PASSWORD}
4. Deployment Options
Standalone Server
Run as a Java application on Windows, Linux, or macOS servers. Ideal for traditional IT infrastructure with straightforward setup and management.
Docker Container
Deploy using our multi-stage Dockerfile for consistent environments across development, staging, and production. Includes:
- Alpine Linux for minimal image size
- Non-root user for security
- JRE-only runtime image
- Health check endpoints
Kubernetes
Production-grade deployment with:
- Horizontal pod autoscaling (HPA)
- Rolling updates with zero downtime
- Liveness and readiness probes
- ConfigMaps and Secrets management
- Ingress controller for TLS termination
Managed Cloud (SaaS)
We host and manage everything on AWS EKS. Each customer receives:
- Custom subdomain (e.g.,
yourcompany.seesamnfc.com)
- Dedicated PostgreSQL RDS database
- Isolated data with shared infrastructure
- Automatic backups and updates
- 24/7 monitoring and support
5. Getting Started
For Developers
Clone the repository and set up your local environment:
# Prerequisites
- Docker Desktop (required for PostgreSQL)
- Node.js 18+
- Java 17+
# Start development stack
docker-compose up -d
# Run backend
cd backend
./mvnw spring-boot:run
# Run frontend
cd frontend
npm install
npm run dev
For Hardware Integrators
To integrate your access control hardware:
- Review the Hardware Adapter Pattern section above
- Implement the required provider interfaces
- Map your vendor API to our domain models
- Configure activation via
@ConditionalOnProperty
- Write comprehensive unit tests
- Submit for code review and integration
For System Administrators
Deploy using your preferred method from our deployment options. All methods require:
- PostgreSQL 15+ database
- Environment variables for configuration
- Hardware API credentials
- HTTPS/TLS certificates for production
6. Security
Authentication
- JWT Tokens: Short-lived access tokens with refresh capability
- Estonian ID: Mobile-ID and Smart-ID integration for strong authentication
- OAuth 2.0: Device flow for mobile app authentication
- Password Security: BCrypt hashing with strong password requirements
Data Protection
- Encryption: AES-256 for NFC chip data, TLS for network communication
- Database: Encrypted at rest, connection pooling with SSL
- Audit Logging: Comprehensive tracking of all user actions
- Role-Based Access: USER, OPERATOR, ADMIN role hierarchy
Compliance
- GDPR-compliant data handling
- Audit trail for compliance reporting
- Data retention policies
- Right to be forgotten support
7. Support & Resources
Getting Help
- Technical Support: Contact us for technical assistance
- Integration Support: Dedicated help for hardware adapter development
- Status Page: Monitor system status and planned maintenance
Additional Documentation
Ready to integrate? Schedule a demo to discuss your specific requirements and get started with Seesam NFC.