SafeExam

Technical documentation

System Architecture Overview

SafeExam Platform uses a 3-tier, API-driven architecture with session-centric exam delivery — browser client, versioned REST APIs, PostgreSQL persistence, and optional Judge0 for coding evaluation.

· SafeExam Platform

Architectural overview

SafeExam Platform is a full-stack online examination system designed with separation of concerns, backend validation, and session-centric exam flows. The marketing site and exam application share a Next.js frontend; all exam logic is enforced by a FastAPI backend.

This overview is intended for IT reviewers, technical evaluators, and developers assessing deployment fit.

3-tier stack

High-level request path from student browser to persisted results.
Browser (student / educator UI)
        ↓
Next.js frontend (safexam.in)
        ↓
FastAPI backend (/api/v1/*)
        ↓
PostgreSQL (exams, sessions, responses, logs)

Exam session layer (core)

Every exam attempt is tracked as a session: user + exam = session. Sessions enable timer tracking, autosave, integrity monitoring, single-attempt enforcement, and post-exam review.

Monitoring events, student responses, and coding submissions are tied to session_id — not loose page state.

Frontend responsibilities (Next.js)

  • Marketing pages, educator dashboards, and student exam interface
  • Google OAuth student login flow and educator authentication UI
  • Exam UI: timer, navigation, fullscreen expectations, autosave indicators
  • Coding workspace with Monaco editor and async run/submit status
  • Communicates exclusively via versioned REST APIs

Backend responsibilities (FastAPI)

  • Stateless REST APIs under /api/v1/
  • httpOnly session cookies (Secure, SameSite=strict)
  • Role-based access control on every protected route
  • CSRF validation on state-changing requests
  • Rate limiting on authentication endpoints
  • Exam grading, QIE question generation, and integrity event logging

Database layer (PostgreSQL)

  • Normalized schema: users, exams, exam_sessions, responses, activity_logs, results
  • Coding submissions stored with evaluation outcomes
  • Question pools and educator-scoped exam configuration
  • All integrity and response data linked to session_id

Coding evaluation flow

Production path for sandboxed code runs (see also: browser coding assessment solution page).
Student submits code in exam UI
        ↓
Backend receives submission (session-scoped)
        ↓
Judge0 execution API (sandboxed run)
        ↓
Result stored in coding_submissions
        ↓
Score + output returned to student / educator

Scalability characteristics

  • Stateless API tier supports horizontal scaling behind a load balancer
  • Connection pooling for database access
  • Async coding execution queue for Judge0 workloads
  • Static marketing pages and PWA assets cacheable at the edge

Design principles

  • Separation of concerns between UI and enforcement
  • Security-first: backend validates every exam action
  • Session-centric: all exam flows use session_id
  • API-driven: no business rules trusted to the browser alone
  • Honest integrity scope: deter casual misconduct, log evidence for educators
Institutions

Affordable secure exams for your campus

We built SafeExam because our own club couldn't pay enterprise prices. Talk to us about institutional onboarding, custom deployments, or partnership opportunities for your college or organization.

Talk to usPartner / Sponsor
MCQ · Coding · Mixed examsLive monitoring & proctoringAI-assisted question authoring