How it works

Before you start writing a single line of code, it’s a good idea to get an overview of how Forest Admin works. The magic lies in its architecture. Forest Admin is divided into two main components:

  • The Forest Liana analyzes your entire data model and generates the Admin API.

  • The Forest UI (web application), accessible from any browser, that handles communication between the admin user and the database through the Admin API.

When you launch your application, the Forest Liana sends a schema - the Forest UI Schema - to the Forest Admin’s servers to initialize the UI.

Data Privacy

The main advantage of Forest Admin’s architecture is that absolutely no data transits or crosses our servers. The user accesses application data directly from the client and Forest Admin is just deployed as a service to display and interact with the data.

With Forest Admin, your data are transferred directly from your application to your browser while remaining invisible to our servers.

Forest Admin never reaches your data

Security

We use a two-step authentication to connect you to both Forest Admin’s server and your Admin API.

The first step is to retrieve your UI configuration. When logging into your account, your credentials are sent to the Forest Admin’s server which returns the UI token to authenticate your session.

The second step is to authenticate to your lumber-generated admin backend (if you used Lumber) or to your app (if you're using Rails, Express-sequelize or Express-mongoose) to get access to your data. Your password is sent to your Admin API which returns the Data token signed by the FOREST_AUTH_SECRET you chose. Each of your requests to your Admin API are authenticated with the Data Token.

Lumber
Rails
Express/Sequelize
Express/Mongoose

In a nutshell, your admin uses the UI token to make request about the UI configuration. Then the Data Token is used to make queries on your Admin API to manage your data. All our tokens are generated using the JWT standard.