ERPFlow — API-First Multi-Tenant SaaS ERP with EU E-Invoicing

ERPFlow is a full business-operations platform for freelancers, consultants and small-to-medium businesses — invoicing, CRM, inventory, finance, HR and reporting in one multi-tenant SaaS. We built it end-to-end and API-first: a single documented contract that the web app runs on today, and that native mobile, bots and an AI assistant plug into next — all against the same backend, with strict tenant isolation enforced in the database itself.

The ambition

Most small businesses juggle five tools to do what ERPFlow does in one. The brief was a product where a consultant could issue a compliant invoice, track the customer in CRM, log an expense and see the P&L impact without leaving the app — and it had to scale across organizations with airtight tenant isolation and per-seat billing out of the box. We also wanted the product to outlive any one interface: a backend clean enough that a phone app, a Telegram bot or an AI assistant could all speak to it without a rewrite.

What we built

API-first architecture

The product surface is a documented REST API — an OpenAPI 3.1 contract over a Go backend, 300+ endpoints across 50 domains, with a typed client generated straight from the spec. The React web app is just the first client to consume it; a field rename on the server becomes a compile error in the client before it ever ships. It's the foundation that lets one backend serve web now and mobile, bots and AI later — with no parallel server work per client.

Multi-tenant architecture

Every query is tenant-scoped in the database itself — PostgreSQL row-level security, deny-by-default, around two hundred policies — not in application code, so a bug in a handler can't leak data across organizations. Sign-in covers email, magic-link and Google; role-based access (owner / admin / member) is enforced at the same database layer; invitations use a token flow with email verification.

EU-compliant e-invoicing

Every invoice exports to Peppol BIS Billing 3.0 (UBL 2.1 XML) natively — the EU standard for cross-border B2B invoicing — with a readiness check that flags missing fields before export, and PDF generation for offline copies alongside the XML.

Per-seat Stripe billing

Subscriptions via Stripe Checkout, seat enforcement on invite, mid-cycle seat changes, a past-due grace window, and a customer portal with billing history for self-service. Webhooks keep seat counts in sync.

Real-time notifications and visual tools

A server-sent-events stream pushes notifications to the in-app bell the moment a teammate acts. An interactive org-chart renders reporting hierarchies; integrated maps geocode and plot offices, suppliers and staff — and location records can even stream site cameras.

Enterprise-grade audit trail

Every create / update / delete lands in an activity log, searchable by user, entity and action, with immutable movement trails on inventory and assets — the kind of observability SMBs rarely get outside enterprise tools.

Bulk operations and data mobility

Multi-select bulk operations across all major entity types, CSV import/export on every entity, and one-click organization backups — both a data export and a streaming archive of every uploaded file — so teams migrating from spreadsheets aren't starting from zero, and can always take their data with them.

Multilingual out of the box

Nineteen languages ship in the box — English, Estonian and Russian alongside German, Spanish, French, Chinese, Japanese, Korean, Hindi and right-to-left Arabic — and a single list drives all of it: the interface, each user's profile locale, and the language of generated invoice and quote PDFs. The API itself stays language-neutral — it returns codes and each client translates them — so adding the next language never touches the backend.

Self-hosted, owned infrastructure

ERPFlow runs on infrastructure the team controls end to end: the Go API and Postgres on a dedicated VPS provisioned with Ansible, Cloudflare R2 for file storage, River for background jobs (overdue-invoice sweeps, storage-quota watches, notification email), and Cloudflare in front for DNS, CDN, WAF and DDoS protection. GitHub Actions ships every change through lint, tests and a vulnerability scan.

Hardened and tested

Bot protection gates every authentication and public lead-capture form, secrets are encrypted at rest, and authorization is deny-by-default in the database. The backend is covered by 170+ integration tests — because an ERP that corrupts your financial data is worse than no ERP.

What's next

ERPFlow ships as a platform, and the API-first foundation makes the roadmap mostly new clients and modules on top of a backend that's already there:

• Native AI assistant — a chat-and-voice assistant grounded in each tenant's own data: ask for overdue invoices or this quarter's revenue, draft a reply, create a lead or log an expense just by speaking it. Actions are permission-gated and any destructive write needs an explicit confirmation; it reaches teams on the web first, then Telegram and Slack.
• Native mobile apps — iOS and Android from a single Flutter codebase, on the same identity and the same API, for staff logging work from the field.
• Commerce Hub — product variants and multi-warehouse stock with two-way Shopify and WooCommerce sync (ERPFlow as the source of truth: catalog and stock out, orders in), order-to-invoice conversion, and Google/Meta product feeds.
• Website generator — generate a fast, crawlable public website straight from your ERP data: pick a template; products, services and contact details stay in sync, and lead forms land directly in the CRM. SEO and GEO ship by construction — semantic HTML, JSON-LD and sitemaps that AI search engines can cite — on your own custom domain.
• Online invoice payments — a "Pay online" link (bank-links and cards) right in the invoice email and PDF, with the invoice flipping to paid automatically when the payment clears.
• Self-service booking — Calendly-style booking pages wired to real Services, Staff and Locations, with a true availability engine and double-booking prevention.

The result

A product SMBs can actually live in — compliant where compliance is non-negotiable, opinionated where opinionation saves setup time, and built on a contract clean enough that the next client, whether it's a phone or an AI assistant, is a new front end rather than a new system. Infrastructure the team owns end to end, isolation enforced where it can't be bypassed, and a backend that's ready for whatever speaks to it next.