Proof Service
Owns proof container, versions, participants, lifecycle state and approval decisions.
Proof Versioning Status model
New API-first proofing for print and prepress
Proof customer PDFs without breaking production.
PDFModule Proofing turns preflight data, PDF previews, comments, approvals, versions, and audit trail into one print-native workflow. Simple enough for a customer on mobile. Reliable enough for prepress.
Customer-first review
Open from email, comment, approve or reject in seconds.
Print-native core
Trim, bleed, safe zone, page-level issues and later full preflight overlays.
Sellable architecture
SaaS, embedded viewer, API integration and white-label tenant model from the start.
3
Bleed missing on page 2
Customer
Move price block 4 mm up.
Prepress
Spot color not mapped yet.
Status
Approve with comments
Built for print teams, not generic document review.
The product line should solve the real handoff between customer, project manager, artwork, prepress and production. That means zero email chaos outside the system and no ambiguity about which version was approved.
What breaks in the usual flow
Most proof cycles fail because approval is easy to ask for but hard to trust.
- Feedback gets buried in email threads and screenshots.
- Customers approve the wrong version or approve with unresolved issues.
- Production systems have no reliable event model to sync against.
- Generic review tools stop at markup and ignore prepress context.
What PDFModule Proofing should do
The proof should feel lightweight to the customer and strict to the factory.
- One secure link opens a responsive viewer on desktop, tablet or phone.
- Comments, approvals, versions and audit events all attach to one proof record.
- Every meaningful state change is available through API and webhook events.
- Preflight issues become first-class proof data instead of a separate silo.
The workflow stays simple on the outside.
MVP should optimize for a customer opening a link on mobile and approving in under 30 seconds, while the internals keep enough structure for production-grade traceability.
1
Create proof
Production system or user creates a proof container with job reference, participants and status.
2
Upload version
PDF lands once, rendering jobs fan out, thumbnails appear progressively and current version updates.
3
Review and comment
Customers and internal users annotate with stable document coordinates, reply in threads and resolve issues.
4
Approve or reject
Decision attaches to a specific version, logs open comment state, and syncs back via webhook/API.
Core product bet
The differentiator is not "comments on a PDF". It is combining proof review with the same PDF intelligence that already powers PDFModule preflight and correction workflows.
Recommended system architecture
Start as a modular monolith in TypeScript, keep storage and jobs externalized, and split services later only if load or team boundaries justify it. This keeps the MVP shippable without building microservice theatre.
Asset Pipeline
Stores source PDFs, page renders, thumbnails and signed URLs for embedded or public viewer sessions.
S3-compatible storage CDN Async renderingAnnotation Service
Stores point, box and page comments with thread status, visibility and normalized page coordinates.
Threads Internal vs external Stable coordinatesWorkflow + Notification
Handles invitations, reminders, mail events, webhook delivery and retry-safe outbound messaging.
Mail Reminders WebhooksAuth + Access
Combines tenant users, guest sessions, expiring proof links, scoped tokens and optional PIN protection.
Tenant isolation Guest reviewer Scoped accessPreflight Integration Layer
Maps PDFModule preflight results to pages and later overlays, without coupling proof UX to one engine implementation.
Issue mapping Severity Production syncViewer and annotation model
The viewer is the product. If zoom, touch and coordinates drift, the platform becomes expensive noise. MVP should therefore prioritize deterministic page rendering and a strict coordinate system over fancy annotation tools.
Rendering strategy
Pre-render preview assets per page in the background. Stream thumbnails first, then standard preview, then higher zoom levels as needed.
Progressive load Large PDF safetyCoordinate system
Store x, y, width and height as normalized page coordinates relative to PDF page space, never viewport pixels.
Zoom-safe Device-safeResponsive rules
Mobile gets page browsing, zoom, comments and approval. Desktop adds compare, overlays and dense comment management.
Mobile-first Desktop-power
Pragmatic compare for MVP+
Do not start with full visual diff. Start with side-by-side version compare and changed-page detection based on rendered page hash or PDF object/page fingerprinting. Layer in visual diff later if it proves reliable enough.
Concrete data model
The schema should reflect product truth directly: proofs contain versions, versions contain pages and preflight issues, and approvals always point to the exact version that was accepted or rejected.
Tenant
Plan, branding, API credentials, webhook config and usage limits for SaaS and white-label isolation.
plan branding_settings api_credentialsProof
Root business object with external reference, title, status, current version, created by and participant summary.
external_reference current_version_id statusProofVersion + ProofPage
Version metadata, render status, file source and page-level assets, dimensions and page counts.
version_number render_status preview_asset_urlComment
Threaded annotations with author identity, visibility, status and normalized coordinate payload per page.
bbox visibility resolved_atApprovalDecision + GuestAccess
Version-bound decisions, reviewer identity, link tokens, expiry, PIN hash and scope rules for external access.
decision token_expires_at pin_hashAuditEvent + PreflightIssue
Immutable event log plus issue records mapped to page and region when coordinates exist.
event_type payload severityHigh-level API contract
REST is enough for MVP if it is consistent, idempotent on critical writes, and backed by signed webhook delivery. Realtime comments can use SSE or WebSocket later without changing the resource model.
Core resources
POST /api/v1/proofs
GET /api/v1/proofs/{id}
PATCH /api/v1/proofs/{id}
POST /api/v1/proofs/{id}/versions
GET /api/v1/proofs/{id}/versions
GET /api/v1/proofs/{id}/pages
POST /api/v1/proofs/{id}/comments
GET /api/v1/proofs/{id}/comments
PATCH /api/v1/comments/{id}
POST /api/v1/proofs/{id}/approve
POST /api/v1/proofs/{id}/reject
POST /api/v1/proofs/{id}/invite
GET /api/v1/proofs/{id}/audit
GET /api/v1/proofs/{id}/preflight-issues
Critical POST calls should support idempotency keys, especially proof creation, version upload and approval endpoints.
Webhook events
{
"event_id": "evt_01J...",
"type": "proof.approved",
"occurred_at": "2026-03-21T09:12:33Z",
"tenant_id": "ten_123",
"proof_id": "prf_456",
"version_id": "ver_9",
"signature": "v1=...",
"data": {
"decision": "approved_with_comments",
"open_comment_count": 1,
"external_reference": "JOB-20483"
}
}
Ship with retry strategy, HMAC signing, dead-letter handling and event replay tooling for support.
Phased MVP roadmap
Keep phase 1 tight enough to launch, phase 2 focused on workflow lift, and phase 3 reserved for the features that truly separate PDFModule from generic approval tools.
Must-have foundation
Proof object, PDF versioning, thumbnails and previews, point/box comments, approvals, guest link access, notifications, audit trail and API/webhooks.
Launchable Customer usable Production syncWorkflow depth
Comment filters, internal vs external discussion, reminders, deadlines, multiple approvers, changed-page detection and side-by-side compare.
Operational lift Revision handlingCategory differentiators
Preflight overlays, trim/bleed/safe-zone visualization, issue-to-proof mapping, deeper production integration and white-label embedded viewer packages.
Print-native moat SaaS expansionRecommended tech stack
Use a stack that is easy to hire for, straightforward to operate, and naturally compatible with PDFModule's existing API orientation.
Frontend
Next.js or React SPA with a purpose-built viewer shell, touch-friendly comment UX and progressive asset loading.
React Responsive UI Embeddable viewerBackend
Node.js + TypeScript modular monolith with clear domains for proofs, assets, comments, auth, workflow and webhooks.
TypeScript Fast iteration Split later if neededData + jobs
PostgreSQL for relational truth, Redis-backed queue for rendering and notifications, S3-compatible object storage plus CDN.
PostgreSQL Queue workers CDN-backed assets
Deployment model
Run the API and workers separately, keep rendering and compare jobs asynchronous, and make signed asset delivery CDN-friendly from day one. That gives you SaaS scale without forcing distributed-system complexity into the first release.
Technical risks that matter
These are the areas that can quietly destroy trust if they are handled casually. They should drive architecture and QA from the beginning.
PDF rendering and scale
Large files, many pages and high zoom levels will kill UX unless previews are progressive and rendering is isolated in background jobs.
Annotation precision
Coordinates tied to viewport pixels will drift across zoom levels and devices. Normalized document coordinates are non-negotiable.
Mobile review friction
If comment entry and approval feel awkward on phones, customers will bounce back to email immediately.
Compare expectations
Promising full visual diff too early is a trap. Changed-page detection is safer and ships faster.
Guest access security
Token leakage, long-lived links and no rate limiting will turn proof links into a liability. Use expiry, scope and optional PIN.
Multi-tenant isolation
White-label and SaaS only work if proof access, assets, webhooks and API keys are tenant-scoped all the way down.
PDFModule Proofing extends the platform from PDF output to production-ready approval.
The practical MVP is clear: ship the viewer, version history, annotations, approvals, audit log and integration hooks first. Then layer in compare and deep preflight overlays as the differentiating second wave.