This documentation aims to guide our partners through Toucan Toco architecture, presenting its design choices and the security norms it respects.

Specific emphasized blocks like this one provides a high-level of understanding to keep things simple and quick. The rest covers in depth the different topics.

Business owners and administrative users, this will show you an overview of our architecture and answer some of your questions about how Toucan Toco works. You can forward it to your IT department if they need more information.

IT departments & architects, this gives you a complete overview of the architecture of our apps, and will help you identify how Toucan Toco can integrate easily with you information system. It also describes the prerequisites we need to install our components on-premise.

Security experts, this aims to transparently let you assess our security level and answer questions and possible concerns you have regarding the authentication and authorization processes. It also shares the practices and processes we implement in our own information system to ensure the data you transmit us stays in good hands.


Like most of web apps, Toucan Toco is mainly made of two distinct parts: the client and the server.

Web application


Toucan Toco is a web application. Meaning it’s consultation can happen in a web browser.

The app is compatible with recent versions of Google Chrome, Mozilla Firefox, Apple Safari and Microsoft Edge. Microsoft Internet Explorer 11 is also supported in a slightly degraded way, where some animations are deactivated.

The client / front-end stack


The client (or front-end) lives in your web browser and is downloaded when you go to the web address we communicated you. It does not contain any data or app-specific configuration. It’s just the engine, not the fuel.

The front-end isn’t client-specific. It’s a configurable engine that renders an app from a set of configuration files and some data. It’s made of HTML, CSS and JavaScript files that can be delivered by a static file server or a CDN. Moreover, it can be embedded in a mobile app (with Apache Cordova) to be distributed in a store.

The server / back-end stack


The server (or back-end) is a machine either in our french datacenter or, if you choose so, on your own machines (on-premise offer). It’s responsible for the delivery of the data to the client.

The server is essentially a REST API. It has routes (URL) on which the client can identify itself, ask for the configuration of the app it wants to display. It’s the only part of the architecture that directly requests the required data to build the charts.