Skip to main content

The Core Principle

The hardware is static (read-only NFC chips, printed QR codes). The logic is liquid (managed in the database). This decoupling is NearNode’s core architectural advantage. 
Physical Trigger          Edge Network           Your Logic
┌──────────┐         ┌─────────────────┐     ┌──────────────┐
│ NFC Tag  │──scan──▶│ /v/:slug        │────▶│ Redirect URL │
│ QR Code  │         │ Resolve + Route │     │ vCard        │
│ Sticker  │         │ Log Analytics   │     │ WiFi Config  │
└──────────┘         └─────────────────┘     │ Microsite    │
                                              │ Action       │
                                              └──────────────┘

Capability Layers

NearNode is built in six layers, each adding capability on top of the shared edge infrastructure:
LayerNamePurpose
0Edge Middleware/v/:slug — resolve slug, execute function
1OrchestrationRouting rules: A/B splits, time-based, geo, device
2FleetBatch operations, serial IDs, hardware lifecycle
3PayloadsvCard, Microsite, WiFi, Action types
4IntelligenceAnalytics, TTR, alerts, conversion tracking
5EnterpriseMulti-tenancy, RBAC, custom domains

The Edge Request Flow

When a user scans a QR code or taps an NFC tag, here’s exactly what happens:
1

DNS Resolution

The scan hits nearnode.io/v/:slug. DNS resolves to Vercel’s global edge network.
2

Slug Lookup

Edge middleware queries the nodes table by slug. Target: sub-200ms globally.
3

Kill Switch Check

If the node is deactivated, lost, or retired → the user sees a block page. No redirect fires.
4

Rule Evaluation

Routing rules are evaluated top-to-bottom by priority. First match wins. If no rules match, the node’s base payload is used as fallback.
5

Analytics Logging

A scan event is logged asynchronously with device type, country, city, and a session ID for conversion tracking. Non-blocking — doesn’t add latency.
6

Execution

Based on the resolved function type:
  • Redirect → 307 to destination URL
  • vCard → Serve .vcf download
  • WiFi → Render one-tap connect page
  • Action → Direct to WhatsApp, Calendly, email, etc.

Infrastructure Stack

Supabase (PostgreSQL)

Database, auth, and Row Level Security. Hosted in Frankfurt, Germany (AWS eu-central-1).

Vercel Edge Network

Application hosting and edge functions. Global CDN with EU priority routing.

Performance Targets

MetricTarget
/v/:slug TTFB (no routing rules)< 200ms
/v/:slug TTFB (with routing rules)< 350ms
Dashboard LCP< 1.5s
Batch generation (100 nodes)< 5s
Bundle size (first load)< 120KB

Security Model

Every table in the database has RLS policies that scope queries to the user’s organization. Even if a query is malformed, PostgreSQL enforces data isolation at the database level.
API keys are bound to an organization. They cannot access data from other orgs. Keys can be rotated and revoked instantly from the dashboard.
Four roles — Owner, Admin, Editor, Viewer — control who can create, modify, and delete resources. Enforced on both the UI and API layers.
Any node can be instantly deactivated. The kill switch takes effect immediately — no cache delay. Scans to killed nodes are logged as kill_switch_blocked events.