VaultPDF LogoVaultPDF.io

System Architecture

A deep dive into VaultPDF's No-Egress security model and Azure-native integration.

The No-Egress Philosophy

VaultPDF is engineered on the principle of Data Residency. Unlike traditional PDF APIs, your sensitive JSON data never leaves your environment.

Security First

The Document Renderer runs as an Azure Function inside the customer's own tenant. Our central API only handles licensing handshakes, never document content.

Technical Stack

Azure Functions

Serverless document rendering triggered via HTTP or Service Bus, running within the client security boundary.

Azure Table Storage

High-speed, low-cost licensing database used by our central Brain API to manage tenant subscriptions.

SharePoint Integration

Native connectors to pull .docx or .html templates directly from SharePoint Document Libraries.

Data Flow: How it Works

Trigger & JSON Payload

The client's Dynamics 365 or Power App triggers a local Azure Function with a JSON payload containing the document data.

Secure License Check

The local Function performs an encrypted "Phone Home" to the VaultPDF Brain API. Our API checks Azure Table Storage to verify the active license.

Template Retrieval

The renderer pulls the approved template from the client's SharePoint library using a Managed Identity.

Local Rendering

The PDF is generated entirely in-memory within the client's tenant and saved back to SharePoint. Zero bytes of document data are sent to VaultPDF servers.

Licensing & Governance

We manage global governance through our centralized subscription portal:

Licensing Handshake Example
{
  "tenantId": "client-uuid-1234",
  "apiKey": "vpdf_live_xxxxxxxx",
  "action": "verify_and_log",
  "usageMetadata": { "type": "invoice_gen", "region": "US-South" }
}

API Key Security

Never expose your apiKey in client-side code or commit it to version control. Use Azure Key Vault or environment variables to manage secrets securely.

See the Architecture in Action

Explore the interactive playground to trace a live document request through the full No-Egress pipeline.

Open PlaygroundRead the Security FAQ

Getting Started

Get started with VaultPDF by deploying the service in your Azure environment and generating your first PDF using structured JSON data and adaptive templates.

Server Pipeline

A step-by-step breakdown of VaultPDF's 12-stage server rendering pipeline — from structure normalization to final footer injection.

On this page

The No-Egress PhilosophyTechnical StackData Flow: How it WorksTrigger & JSON PayloadSecure License CheckTemplate RetrievalLocal RenderingLicensing & Governance