This documentation aims to guide our partners through Toucan Toco architecture, introducing design choices and the security norms it respects.

Specific emphasized blocks like this one provide a high-level view in order to keep things simple and quick while the rest covers topics in depth.

Business owners and administrative users, this will show you an overview of our architecture and answer some of your questions about how Toucan Toco works. You can forward it to your IT department if they need more information.

IT departments & architects, this gives you a complete overview of the architecture of our apps, and will help you identify how Toucan Toco can be integrated easily with your information system. It also describes the prerequisites needed to install our components as self-hosted software.

Security experts, this aims to transparently let you assess our security level and answer questions and address possible concerns you have regarding our authentication and authorization processes. It also shares the practices and processes we implement in our own information system to ensure that the data you transmit to us stays in good hands.


Like most web apps, Toucan Toco is mainly made up of two distinct parts: the client and the server.

Web application


Toucan Toco is a web application. Meaning it can be visited in a web browser.

Supported browsers

The studio is compatible and battle-tested with Chrome, Firefox and Edge on their latest versions. Visualizing and using the small apps is supported on those browsers and their mobile counterparts (Chrome, Safari (iOS), Firefox Mobile, Edge Mobile).

Internet Explorer 11 isn’t supported anymore since November 2021.

The client / front-end stack


The client (or front-end) lives in your web browser and is downloaded when you go to the web address we provided you. It does not contain any data or app-specific configuration. It’s just the engine, not the fuel.

The front-end isn’t client-specific. It’s a configurable engine that renders an app from a set of configuration files and some data. It’s made up of HTML, CSS and JavaScript files that can be delivered by a static file server or a CDN.

The server / back-end stack


The server (or back-end) is a machine either in our french datacenter or, if you choose to, on your own machines (self-hosted offer). It’s responsible for the delivery of the data to the client.

The server is essentially a REST API. It has routes (URL) on which the client can identify itself and ask for the configuration of the app it wants to display. It’s the only part of the architecture that directly requests the required data to build the charts.