Platform Overview

Siyahfy is a multi-vendor e-commerce SaaS platform built for Indian businesses. It provides vendors with a complete toolkit to create, manage, and scale their online stores --- from product catalogs and order management to custom storefronts and marketing automation.

What is Siyahfy?

Siyahfy enables multiple vendors to operate independent online stores under one platform. Each vendor gets their own dashboard, storefront, payment processing, and analytics. The platform handles everything from user authentication and subscription billing to theme customization and affiliate programs.

Key capabilities include:

Multi-vendor stores — each vendor operates an independent e-commerce store
Custom storefronts — vendors choose from themes or build custom storefronts
Theme editor — visual drag-and-drop editor for storefront customization
Developer studio — third-party developers build and publish store apps
Affiliate system — vendors and affiliates earn through referral programs
Marketing tools — WhatsApp marketing, email campaigns, SEO tools
Order management — orders, returns, refunds, cancellations, COD control
Subscription plans — tiered plans (Basic, Pro, Growth) with feature gating
Custom domains — vendors connect their own domains with automatic SSL

Ecosystem

The platform is composed of 6 frontend applications, a storefront proxy server, a shared backend API, and a documentation site, all backed by PostgreSQL and Redis.

All Apps

App	URL	Port	Purpose
Vendor Dashboard	app.siyahfy.com	3000	Store management, products, orders, analytics
Theme Editor	editor.siyahfy.com	3002	Visual drag-and-drop theme customization
Developer Studio	studio.siyahfy.com	3012	IDE for theme developers
Developer Portal	developer.siyahfy.com	3000	App developer dashboard
App Store	store.siyahfy.com	3000	App marketplace for store owners
Marketing Site	siyahfy.com	3000	Landing pages, pricing
Storefront Proxy	backend-store.siyahfy.com	5014	Routes customer requests to theme servers
Store Theme	siyahfy-theme-2502	3001	Default customer-facing storefront
Backend API	backend.siyahfy.com	3003	Central REST API server

User Roles

Role	Description	Access
Admin	Platform administrator	Full access to all stores, vendors, plans, and platform settings via `app.siyahfy.com`
Vendor	Store owner	Manages their own store(s): products, orders, themes, settings, marketing
Staff	Vendor team member	Limited vendor dashboard access based on assigned role permissions
Developer	Third-party developer	Builds and publishes store apps via `developer.siyahfy.com` and `studio.siyahfy.com`
Customer	End shopper	Browses stores, places orders, manages account on vendor storefronts
Affiliate	Referral partner	Earns commissions through referral links via `affiliate.siyahfy.com`

Tech Stack

Frontend

Technology	Version	Purpose
Next.js	14.x	React framework for all frontend apps
React	18.x	UI library
TypeScript	4.9	Type safety
Tailwind CSS	3.x	Utility-first CSS framework
Ant Design	5.x	UI component library (vendor dashboard)
Shopify Polaris	13.x	UI components (dashboard layouts)
Redux Toolkit	1.9	Global state management
Zustand	5.x	Lightweight state management
Tiptap	2.x	Rich text editor
Monaco Editor	4.6	Code editor (theme editing)
Framer Motion	11.x	Animations
Chart.js / amCharts	—	Analytics charts and geo maps
SweetAlert2	11.x	Alert dialogs
dnd-kit	6.x	Drag and drop

Backend

Technology	Version	Purpose
Node.js	20.x	Runtime
Express.js	4.x	HTTP framework
PostgreSQL (pg)	8.x	Primary database driver
Redis	5.x	Caching layer
JSON Web Tokens	9.x	Authentication
Multer	1.4	File uploads
Nodemailer	6.x	Email sending (Gmail SMTP)
Sharp	0.34	Image processing
PDFKit / pdf-lib	—	PDF generation (invoices, labels)
Razorpay SDK	2.9	Payment gateway
Cashfree SDK	4.x	Payment gateway
AWS S3 SDK	3.x	Backblaze B2 / Cloudflare R2 storage
Firebase Admin	13.x	Push notifications and auth
node-cron	3.x	Scheduled jobs
Swagger	5.x	API documentation
fluent-ffmpeg	2.x	Video processing
bcrypt	5.x	Password hashing
speakeasy	2.x	Two-factor authentication (TOTP)

Infrastructure

Component	Technology
Database	PostgreSQL 14+
Cache	Redis 7+
File Storage	Backblaze B2, Cloudflare R2
Payments	Razorpay, Cashfree
Email	Gmail SMTP via Nodemailer
Auth	JWT + bcrypt + Firebase + Google OAuth
Shipping	Delhivery API
Marketing	WhatsApp Business API
Analytics	Google Analytics Data API
Deployment	Docker + Traefik (reverse proxy with auto-SSL)

Authentication Flow

The platform uses JWT-based authentication with tokens stored in HTTP cookies. Different cookie names distinguish between admin/vendor sessions and customer sessions.

The platform uses several cookies to manage authentication and store context:

Cookie Name	Purpose	Set By
`tokenSagartech`	Admin JWT token — authenticates platform administrators	Backend on admin login
`tokenVendorsSagartech`	Vendor JWT token — authenticates store vendors	Backend on vendor login
`storeSelectedSiyahfy`	Currently selected store slug for multi-store vendors	Frontend on store selection
`vendorStoreId`	Numeric store ID for the active vendor store	Frontend on store selection
`vendorhaveStore`	Boolean flag indicating whether the vendor has created a store	Frontend after store creation check

Middleware Chain

The authenticate middleware (lib/index.js) extracts JWT tokens in this priority order:

Authorization header (Bearer token)
tokenSagartech cookie
tokenVendorsSagartech cookie
token cookie (fallback)

After extraction, the token is verified using jwt.verify() with SECRET_KEY, and the decoded userId and role_id are attached to req for downstream route handlers.

Rate Limiting

Authentication endpoints are protected by rate limiting to prevent brute-force attacks:

Endpoint	Window	Max Requests
`/api/adminlogin`	15 minutes	5
`/api/vendorLogin`	15 minutes	5
`/api/storefront/*`	1 minute	2,000
`/api/*` (general)	1 minute	500