Product / For Developers

Get Your Health Tech Backend Done in an Afternoon.

Save months of work and focus on your frontend.
basebox is a data management system for developers. It comes with all basic backend components. The architecture combines security and performance. Written in 100% Rust. Regulatory compliant. Installation is simple and done in minutes. It can be used as the basis of any app and is connectable to any frontend client.

Gain Superpowers With Out-Of-The-Box Fundamental Backend Building Blocks.


Essential backend components are integrated and harmonized. Don´t worry about security and performance anymore.

GraphQL Server

The GraphQL server receives and processes GraphQL requests from clients, retrieves the requested data from a data source, and returns the data in a structured format back to the client. It acts as an interface between the client and the data source, allowing clients to fetch precisely the data they need in a single request.

GraphQL to SQL Compiler

To improve the security and performance of your application, basebox contains a unique GraphQL to SQL compiler programmed in Rust. The compiler eliminates the need to hand-write many resolver functions. Added benefits are:


HTTP Server (Actix Web)

No need to put Apache or nginx in front of basebox - basebox contains a production grade HTTPS server based on Actix Web, one of the fastest HTTP servers around.

We chose it because of its:



The installation includes a PostgreSQL database, but you can easily connect your own – no matter where it is hosted. Describe your schema using GraphQL. The database will then configure itself automatically. You don't have to write resolvers anymore. You can update your schema at any time.


Get Rid of Hidden Risks With Built-in Compliance and Security.


Designed for safety and ease of use

GraphQL Compiler

basebox features a unique GraphQL to SQL compiler. It is run during the installation of basebox and converts a GraphQL schema file provided by you to a set of SQL template files that allow blazingly fast on-the-fly translation of your GraphQL operations to SQL queries. It creates automatic SQL joins that speed up database queries, avoiding unnecessary round trips.

Business Logic Layer

For many operations, the basebox compiler is enough to handle everything. However, if you need to provide business logic, like sending an email when a new user connects, you can add it using basebox' Business Logic Layer (BLL).

The BLL is a hook-based API that performs custom actions on specific operations. The BLL is optionally called once or twice for each operation:

This way, as a developer, you can add all kinds of backend functionality.

Currently, the BLL supports Python, only. In other words, you implement your custom logic in Python code.
We are already working on a gRPC-based microservices architecture.

OpenID Connect

basebox uses OpenID Connect (OIDC) for authentication and authorization. OpenID Connect is an official, widely used OAuth 2.0 authorization framework extension. It allows computing clients to verify the identity of an end user based on the authentication performed by an authorization server (e.g. KeyCloak).

OpenID Connect is also a widely used single sign on-solution.

Optional 2FA

Two-Factor-Authorization (2FA) is set up via the OpenID Connect provider (e.g., Keycloak). Any app developed with basebox can enable and use 2FA. The setup is simple and harmonizes with the individual user and role management.

Input Validation

basebox uses input validation as another protection feature to guard against SQL injections.
In this process, we analyze inputs and disallow those considered unsuitable.

Defend Your Attack Vectors and, Thus, Your Data.


The software architecture is designed for security. External auditors continuously audit possible attack vectors.

100% Rust

You don't have to know Rust to use basebox, but since basebox is written in 100% Rust, your project benefits from Rust's speed and safety.


Penetration Tests

basebox is regularly subjected to extensive penetration tests (Pentests). These are the process steps:

External Audits

basebox contains thousands of lines of code and developer hours. To avoid operational blindness, we regularly have external auditors perform various tests.

The Johner Institute has an excellent reputation. Since 2004 it has been pursuing its mission: Leveraging science and technology for a better life – for everyone. They know the typical dangers and critical points of data-sensitive products through their support of hundreds of customers developing regulated products. basebox is happy to work with Johner Institute.

Continuous Updates

We are constantly evolving basebox. Besides new functionality, we implement new developments to increase overall security – without you noticing anything. This is how we respond to new developments in the market, such as innovations in operating systems.
We provide the updates. As a basebox user, you can install them without any problems. Your backend remains secure and up-to-date.

Threat Modelling

In the context of updates, the threat model of basebox is adapted to prevent new danger points from being created.
Threat modeling is a structured approach to identifying potential security threats to basebox and assessing the risks they pose. It includes the following steps:

Unit and Integration Tests

basebox contains an extensive set of unit and integration tests. As we further develop basebox, we constantly add new and extend existing tests to ensure high code quality and security.

White-/Black-Box Testing

White-Box testing is a method in which the code's internal structure is known and considered. This type of testing is also known as "structural testing" or "glass box testing" because the tester can see into the "box" (i.e., the code). It's usually done by developers and focuses on testing individual functions or methods and how they interact with one another.

On the other hand, Black-Box testing is a method in which the internal structure of the code is not known and not considered. This type of testing is also known as "functional testing" or "behavioral testing" because the tester only sees the input and output without knowing how the code works. It's usually done by QA testers and focuses on testing the software's functionality from the user's perspective without knowing the internal implementation.

Setup Is Lightweight and Relies on Standards.


A simple Linux server is sufficient for basebox hosting. In fact, basebox is programmed so efficiently that it could run on a smartphone.

Any 64bit Linux

basebox runs on virtually all Linux systems. A low-cost and simple server configuration is sufficient for many use cases, e.g.


We will provide detailed installation instructions as soon as the beta is available. A Docker based installation for easy setup is also in the making.


Install basebox wherever you want.
On your terms. On-premise. In your cloud. It uses hardly any storage space and is powerful and fast, even on small servers.

We do not yet offer basebox as a cloud service. However, if there is enough demand, we will provide that.

For data-sensitive sectors, e.g., Health Tech, self-hosting has several advantages, mainly 100% authority over the data. For some use cases, self-hosting might even be mandatory for policy reasons.

More to Come.
Basebox Always Gets Better at No Additional Cost.

Coming Soon

The range of functions expands constantly. With each update, new ones will become available. At no additional cost to you.

gRPC Microservices

gRPC is a high-performance, open source, universal Remote-Procedure-Call (RPC) framework.
basebox integrates gRPC to support microservices for custom business logic and the like.

NoSQL/Multi-DB Support

basebox currently runs with a PostgreSQL database. We plan to add support for more database systems (NoSQL and others) or multiple databases for the same project.

Push Notifications

Push notifications for Android and iOS devices will be integrated into basebox, so you won't need to run a dedicated server.

GraphQL Subscriptions

basebox does currently not support GraphQL subscriptions; we will add them later.

Data migration

Changing your data model requires you to manually recompile basebox's SQL templates, schema, and resolver files. We will add a semi-automatic migration that creates ALTER TABLE ... statements and updates all required files.


We will add a customizable dashboard to basebox to create individual dashboards for each user. The data displayed will depend on rights and needs and can be configured. The basebox dashboard editor will let you quickly build and graphically display the data. Due to the integration in basebox, you won't need to develop your own solution or search, install, and configure external ones.