Technical Overview
Ragnify
RAG-Based Knowledge Base Platform
A multi-tenant, microservices backend with a developer SDK —
enabling teams to embed AI-powered document Q&A into any product.
A multi-tenant, microservices backend with a developer SDK —
enabling teams to embed AI-powered document Q&A into any product.
React Native SDK
Microservices
Jenkins
GKE
RAG
Full Cycle Engineering eXcelerator Capstone
Presented to: Ekta Bahety and Ayush Gupta
02
What is Ragnify?
The Problem
Fragmented Document Access
Businesses have large document repositories but no easy way to make them queryable by
AI — especially across multiple tenants securely.
The Solution
Full-Stack RAG Platform
Ragnify provides a full-stack RAG platform: upload PDFs, auto-embed them, and expose a
chat API — wrapped in a developer SDK for easy integration.
Who Uses It
🏢
Tenant Admin
Logs into the portal with JWT auth. Uploads documents, manages knowledge base for
their org.
👨💻
Developer / SDK User
Registers via SDK web portal. Gets API keys. Integrates Ragnify's chat into their own
product.
💬
End User
Interacts with the AI chat powered by Ragnify — without ever knowing the underlying
stack.
03
System Architecture Overview
Clients
📱 Mobile / Web App (Expo · React Native)
🔑 SDK Web Portal (API Key Management)
🔌 SDK Client (3rd Party Products)
▼
API Gateway (port 8000 · LoadBalancer)
CORSHelmetRate
Limit
Replay ProtectionJWT Auth
SDK Key ValidationHMAC InjectionReverse Proxy
▼
Backend Services
Auth Service
:5001
File Service
:5002
Embedding Service
:5003
SDK Service
:5004
▼
Data & Messaging
🍃 MongoDB⚡ Redis
📨 Kafka + Zookeeper🪣 AWS S3
📌 Pinecone (Vector DB)🔐 AWS Secrets
Manager
04
Dual Auth Worlds
🔐 Portal World (JWT)
UsersTenant & super
admins
CredentialEmail +
Password
TokenJWT access + refresh token
pair
RevocationRedis blacklist on
logout
HeaderAuthorization: Bearer <token>
Handled byAuth Service +
MongoDB
🗝️ SDK World (API Keys)
Users3rd-party developers /
integrators
CredentialSDK register +
login
TokenLong-lived API key
(rotatable)
ValidationGateway calls SDK
Service per-request
Headerx-sdk-api-key: <key>
Handled bySDK Service +
MongoDB
05
Gateway Security Layers
Every inbound request passes through 7 sequential security checks
1
CORS + Helmet
Sets security headers; blocks disallowed origins
2
Rate Limiting
Global 200 req/min; per-route limits (auth:60, file:20, embed:30)
3
Replay Window
Validates x-request-timestamp + x-request-nonce; 60s window
4
SDK Key Check
Validates x-sdk-api-key via SDK Service; sets req.sdkUser
5
JWT Auth
Verifies Bearer token; checks Redis blacklist; sets req.user
6
Admin Role
Calls Auth Service for /file routes; checks super/tenant/admin
7
HMAC Injection
Fetches tenant secret (Redis); signs request before proxying
06
SDK Deep Dive — API Key Lifecycle
How developers authenticate and integrate Ragnify into their products
Step 1
Register
Developer signs up via SDK web portal. SDK Service creates SDK user in MongoDB.
1
Step 2
Login
Authenticate with SDK credentials. Receives session + access to key management.
2
Step 3
Generate Key
Request API key generation/rotation via SDK Service. Key stored hashed.
3
Step 4
Embed
Add x-sdk-api-key header to every request sent to the Gateway.
4
Step 5
Validate
Gateway sdkMiddleware calls SDK Service GET /validate-api-key per request.
5
Step 6
Rotate
Key can be rotated anytime. Old key is immediately invalidated.
6
07
Architecture Diagram
🗺️
System Architecture Visual
Diagram from original presentation — showing full microservices
topology,
service-to-service communication, and data flow across the Ragnify platform.
Check this out
service-to-service communication, and data flow across the Ragnify platform.
08
File Upload → Kafka → Embedding Pipeline
Async event-driven pipeline: upload triggers automatic AI processing
👤
Client
Admin uploads PDF with Bearer JWT + SDK API key + HMAC headers
🛡️
Gateway
Validates all 7 security layers, injects HMAC signature
📁
File Service
Verifies HMAC. Generates S3 presigned upload URL for client.
📨
Kafka
Produces upload-success event with fileKey + tenantId
🤖
Embedding Service
Consumes event. Fetches from S3, pdf-parse, chunk, generate embeddings
📌
Pinecone + MongoDB
Stores vectors in Pinecone. Updates FileStatus: processing → complete
09
Chat / RAG Query Flow
How a user question becomes a grounded AI answer
💬
User Query
User asks a question via the chat endpoint in any integrated product.
🛡️
Gateway Auth
Validates SDK key, JWT token, replay window, and HMAC signature.
⚡
Embedding Service
Receives request with x-tenant-id. Verifies HMAC signature.
🔢
Embed Query
Converts user question to a vector using the same embedding model.
🔍
Pinecone Search
Searches tenant-scoped vector namespace. Retrieves top-K relevant chunks.
🧠
LLM Answer
Passes chunks as context to LLM. Returns grounded answer to user.
10
Infrastructure & DevOps
Cloud-native, containerised, production-ready
🐳
Docker
Each service runs in its own container. docker-compose for local development.
☸️
GKE (Kubernetes)
Deployed on Google Kubernetes Engine. LoadBalancer on port 8000 for gateway.
📨
Kafka + Zookeeper
Managed message broker for async upload-success events.
🪣
AWS S3
Object storage for uploaded PDFs. Presigned URLs for secure client upload.
🔐
AWS Secrets Manager
All service envs loaded at startup. Region: ap-south-1. No hardcoded secrets.
⚡
Redis
Shared token blacklist + HMAC secret cache. Key: tenant:secret:{id}
11
Roadmap — What's Next
Planned features and improvements on the horizon
Next Features/Improvements planned
Add DLQ / better error handling in Kafka
Integrate LangChain to enhance my RAG system, enabling it to utilize conversation history for improved context and responses
Multiple file upload support
Add Styled themes in SDK
Streaming chat responses (SSE)
Better logging / analytics with Grafana +
Prometheus
Better Kubernetes scaling
Ragnify
RAG-Based Knowledge Base Platform
Thank you for your time.
Questions? Let's dig in.
Presented by: Sagar Panwar