> ## Documentation Index
> Fetch the complete documentation index at: https://docs.s4kit.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Platform Overview

> Understanding the S4Kit platform architecture

## What is the S4Kit Platform?

The S4Kit Platform is the backend infrastructure that powers the SDK. It acts as a secure proxy between your application and SAP S/4HANA systems, handling:

* **Authentication**: Manages SAP credentials securely
* **Authorization**: Controls access with granular permissions
* **Rate Limiting**: Protects SAP systems from overload
* **Request Logging**: Provides audit trails and monitoring
* **Multi-tenancy**: Isolates data per organization

## Architecture

```
┌─────────────────────────────────────────────────────────────┐
│                       Your Application                       │
│                           (SDK)                              │
└─────────────────────────────────────────────────────────────┘
                              │
                              │ API Key
                              ▼
┌─────────────────────────────────────────────────────────────┐
│                      S4Kit Platform                          │
│  ┌─────────────┐  ┌─────────────┐  ┌─────────────────────┐  │
│  │   Admin     │  │   Proxy     │  │     Dashboard       │  │
│  │   API       │  │   Service   │  │     (Frontend)      │  │
│  └─────────────┘  └─────────────┘  └─────────────────────┘  │
│         │                │                    │              │
│         └────────────────┼────────────────────┘              │
│                          │                                   │
│  ┌─────────────┐  ┌─────────────┐  ┌─────────────────────┐  │
│  │  PostgreSQL │  │    Redis    │  │   Encrypted Store   │  │
│  │  (Data)     │  │  (Cache)    │  │   (Credentials)     │  │
│  └─────────────┘  └─────────────┘  └─────────────────────┘  │
└─────────────────────────────────────────────────────────────┘
                              │
                              │ SAP Auth (Basic/OAuth)
                              ▼
┌─────────────────────────────────────────────────────────────┐
│                    SAP S/4HANA Systems                       │
│  ┌─────────────┐  ┌─────────────┐  ┌─────────────────────┐  │
│  │   Sandbox   │  │     Dev     │  │    Production       │  │
│  └─────────────┘  └─────────────┘  └─────────────────────┘  │
└─────────────────────────────────────────────────────────────┘
```

## Core Concepts

### Organizations

Organizations are the top-level container for all your data. Each organization has:

* Team members with roles (owner, admin, developer)
* SAP systems and instances
* API keys and permissions
* Request logs

### Systems

A System represents an SAP landscape (e.g., "Production ERP", "S/4HANA Cloud"). Each system can have multiple instances.

### Instances

Instances are specific environments within a system:

* **Sandbox** - Testing with mock data
* **Development** - Dev environment
* **Quality** - QA testing
* **Pre-production** - Staging
* **Production** - Live system

### Services

OData services exposed by SAP (e.g., `API_BUSINESS_PARTNER`, `API_SALES_ORDER_SRV`). The platform includes a catalog of 500+ predefined SAP APIs.

### API Keys

Secure tokens that authenticate SDK requests. Each key has:

* Configurable permissions per entity/operation
* Rate limits (per-minute and per-day)
* Access to specific instances

## Request Flow

1. **SDK Request**: Your app calls `client.A_BusinessPartner.list()`
2. **API Key Validation**: Platform validates the API key
3. **Permission Check**: Verifies the key can list BusinessPartner
4. **Rate Limit Check**: Ensures limits aren't exceeded
5. **Proxy Request**: Platform authenticates to SAP and forwards request
6. **Response Processing**: Strips OData metadata, handles errors
7. **Logging**: Records the request for audit
8. **Return**: SDK receives clean JSON response

## Dashboard Features

The web dashboard at `app.s4kit.com` provides:

<CardGroup cols={2}>
  <Card title="Systems" icon="database">
    Register and manage SAP systems
  </Card>

  <Card title="Instances" icon="layer-group">
    Configure environment endpoints
  </Card>

  <Card title="Services" icon="cube">
    Browse and bind OData services
  </Card>

  <Card title="API Keys" icon="key">
    Generate and manage API keys
  </Card>

  <Card title="Logs" icon="scroll">
    View request history and errors
  </Card>

  <Card title="Team" icon="users">
    Manage team members and roles
  </Card>
</CardGroup>

## Security

### Credential Storage

SAP credentials are encrypted using libsodium before storage. The encryption key is never stored with the encrypted data.

### API Key Security

* Keys are hashed before storage (only prefix and last 4 chars visible)
* Keys can be revoked instantly
* All requests are logged with key identifiers

### Network Security

* All traffic is encrypted with TLS 1.3
* SAP connections use your configured auth method
* No SAP credentials are ever exposed to the SDK

## Getting Started

<Steps>
  <Step title="Create an Organization">
    Sign up at app.s4kit.com to create your organization
  </Step>

  <Step title="Register a System">
    Add your SAP system with connection details
  </Step>

  <Step title="Configure an Instance">
    Set up at least one instance (start with sandbox)
  </Step>

  <Step title="Bind Services">
    Select which OData services to expose
  </Step>

  <Step title="Generate API Key">
    Create an API key with appropriate permissions
  </Step>

  <Step title="Start Building">
    Use the SDK with your new API key
  </Step>
</Steps>
