Technical Overview
Ragnify
RAG-Based Knowledge Base Platform
A multi-tenant, microservices backend with a developer SDK —
enabling teams to embed AI-powered document Q&A into any product.
A multi-tenant, microservices backend with a developer SDK —
enabling teams to embed AI-powered document Q&A into any product.
React Native SDK
Microservices
Jenkins
GKE
RAG
Full Cycle Engineering eXcelerator Capstone
Presented to: Ekta Bahety and Ayush Gupta
02
What is Ragnify?
The Problem
Fragmented Document Access
Businesses have large document repositories but no easy way to make them queryable by
AI — especially across multiple tenants securely.
The Solution
Full-Stack RAG Platform
Ragnify provides a full-stack RAG platform: upload PDFs, auto-embed them, and expose a
chat API — wrapped in a developer SDK for easy integration.
Who Uses It
🏢
Tenant Admin
Logs into the portal with JWT auth. Uploads documents, manages knowledge base for
their org.
👨💻
Developer / SDK User
Registers via SDK web portal. Gets API keys. Integrates Ragnify's chat into their own
product.
💬
End User
Interacts with the AI chat powered by Ragnify — without ever knowing the underlying
stack.
03
System Architecture Overview
Clients
📱 Mobile / Web App (Expo · React Native)
🔑 SDK Web Portal (API Key Management)
🔌 SDK Client (3rd Party Products)
▼
API Gateway (port 8000 · LoadBalancer)
CORSHelmetRate
Limit
Replay ProtectionJWT Auth
SDK Key ValidationHMAC InjectionReverse Proxy
▼
Backend Services
Auth Service
:5001
File Service
:5002
Embedding Service
:5003
SDK Service
:5004
▼
Data & Messaging
🍃 MongoDB⚡ Redis
📨 Kafka + Zookeeper🪣 AWS S3
📌 Pinecone (Vector DB)🔐 AWS Secrets
Manager
04
Dual Auth Worlds
🔐 Portal World (JWT)
UsersTenant & super
admins
CredentialEmail +
Password
TokenJWT access + refresh token
pair
RevocationRedis blacklist on
logout
HeaderAuthorization: Bearer <token>
Handled byAuth Service +
MongoDB
🗝️ SDK World (API Keys)
Users3rd-party developers /
integrators
CredentialSDK register +
login
TokenLong-lived API key
(rotatable)
ValidationGateway calls SDK
Service per-request
Headerx-sdk-api-key: <key>
Handled bySDK Service +
MongoDB
05
Gateway Security Layers
Every inbound request passes through 7 sequential security checks
1
CORS + Helmet
Sets security headers; blocks disallowed origins
2
Rate Limiting
Global 200 req/min; per-route limits (auth:60, file:20, embed:30)
3
Replay Window
Validates x-request-timestamp + x-request-nonce; 60s window
4
SDK Key Check
Validates x-sdk-api-key via SDK Service; sets req.sdkUser
5
JWT Auth
Verifies Bearer token; checks Redis blacklist; sets req.user
6
Admin Role
Calls Auth Service for /file routes; checks super/tenant/admin
7
HMAC Injection
Fetches tenant secret (Redis); signs request before proxying
06
SDK Deep Dive — API Key Lifecycle
How developers authenticate and integrate Ragnify into their products
Step 1
Register
Developer signs up via SDK web portal. SDK Service creates SDK user in MongoDB.
1
Step 2
Login
Authenticate with SDK credentials. Receives session + access to key management.
2
Step 3
Generate Key
Request API key generation/rotation via SDK Service. Key stored hashed.
3
Step 4
Embed
Add x-sdk-api-key header to every request sent to the Gateway.
4
Step 5
Validate
Gateway sdkMiddleware calls SDK Service GET /validate-api-key per request.
5
Step 6
Rotate
Key can be rotated anytime. Old key is immediately invalidated.
6
07
Architecture Diagram
🗺️
System Architecture Visual
Diagram from original presentation — showing full microservices
topology,
service-to-service communication, and data flow across the Ragnify platform.
Check this out
service-to-service communication, and data flow across the Ragnify platform.
08
File Upload → Kafka → Embedding Pipeline
Async event-driven pipeline: upload triggers automatic AI processing
👤
Client
Admin uploads PDF with Bearer JWT + SDK API key + HMAC headers
🛡️
Gateway
Validates all 7 security layers, injects HMAC signature
📁
File Service
Verifies HMAC. Generates S3 presigned upload URL for client.
📨
Kafka
Produces upload-success event with fileKey + tenantId
🤖
Embedding Service
Consumes event. Fetches from S3, pdf-parse, chunk, generate embeddings
📌
Pinecone + MongoDB
Stores vectors in Pinecone. Updates FileStatus: processing → complete
09
Chat / RAG Query Flow
How a user question becomes a grounded AI answer
💬
User Query
User asks a question via the chat endpoint in any integrated product.
🛡️
Gateway Auth
Validates SDK key, JWT token, replay window, and HMAC signature.
⚡
Embedding Service
Receives request with x-tenant-id. Verifies HMAC signature.
🔢
Embed Query
Converts user question to a vector using the same embedding model.
🔍
Pinecone Search
Searches tenant-scoped vector namespace. Retrieves top-K relevant chunks.
🧠
LLM Answer
Passes chunks as context to LLM. Returns grounded answer to user.
10
Infrastructure & DevOps
Cloud-native, containerised, production-ready
🐳
Docker
Each service runs in its own container. docker-compose for local development.
☸️
GKE (Kubernetes)
Deployed on Google Kubernetes Engine. LoadBalancer on port 8000 for gateway.
📨
Kafka + Zookeeper
Managed message broker for async upload-success events.
🪣
AWS S3
Object storage for uploaded PDFs. Presigned URLs for secure client upload.
🔐
AWS Secrets Manager
All service envs loaded at startup. Region: ap-south-1. No hardcoded secrets.
⚡
Redis
Shared token blacklist + HMAC secret cache. Key: tenant:secret:{id}
11
Roadmap — What's Next
Planned features and improvements on the horizon
Next Features/Improvements planned
Add DLQ / better error handling in Kafka
Improve RAG with conversation history
Multiple file upload support
Streaming chat responses (SSE)
Better logging / analytics with Grafana +
Prometheus
Better Kubernetes scaling
Ragnify
RAG-Based Knowledge Base Platform
Thank you for your time.
Questions? Let's dig in.
Presented by: Sagar Panwar