System Architecture
Env is built on a cloud-native, event-driven microservices architecture designed for high availability, horizontal scaling, and real-time environmental data processing. The platform leverages Kubernetes orchestration, Apache Kafka for stream processing, and a multi-region active-active deployment model.
Core Runtime
Go 1.21+ & Node.js 20 LTS containers orchestrated via Kubernetes on AWS/GCP/Azure
Message Queue
Apache Kafka & NATS JetStream for async event routing and telemetry ingestion
Data Storage
TimescaleDB (time-series), PostgreSQL (relational), S3-compatible object storage
Cache Layer
Redis Enterprise Cluster with persistent snapshots and multi-AZ replication
API Specifications
The Env API follows RESTful principles with GraphQL support for complex ESG data queries. All endpoints are served over HTTPS with strict rate limiting and idempotency keys for write operations.
Authentication
- OAuth 2.0 / OIDC: Recommended for web & mobile applications
- API Keys: Server-to-server integration (HMAC-SHA256 signature validation)
- JWT Bearer Tokens: Short-lived access tokens (15min default, 7-day refresh)
Base Endpoint
GET https://api.env.io/v2
// Example: Fetch organization carbon footprint
GET /v2/organizations/{org_id}/carbon-footprint
Authorization: Bearer {access_token}
X-Idempotency-Key: uuid-v4-optionalRate Limits
| Plan Tier | Reads / min | Writes / min | Burst Limit |
|---|---|---|---|
| Starter | 100 | 20 | 150 |
| Business | 1,000 | 200 | 1,500 |
| Enterprise | Custom | Custom | Unlimited |
Data Standards & Formats
Env ingests and outputs environmental data according to international standards to ensure interoperability with ERP, IoT, and regulatory systems.
Supported Ingestion Formats
Compliance Frameworks
- GRI (Global Reporting Initiative) Standards
- SASB (Sustainability Accounting Standards Board)
- TCFD (Task Force on Climate-related Financial Disclosures)
- GHG Protocol (Scope 1, 2, & 3)
- ISO 14064 & ISO 50001
Schema Validation
All data payloads are validated against JSON Schema Draft 2020-12 with strict type checking. Schema versioning is enforced via Content-Type: application/vnd.env.v2+json.
Security & Compliance
Enterprise-grade security is baked into every layer of the Env platform. We undergo continuous third-party audits and maintain certifications for data protection and environmental data integrity.
| Control | Implementation |
|---|---|
| Encryption in Transit | TLS 1.3 with modern cipher suites (AES-256-GCM, ChaCha20) |
| Encryption at Rest | AES-256 with customer-managed KMS keys (AWS KMS / GCP Cloud KMS) |
| Access Control | RBAC + ABAC with SAML 2.0 / SCIM 2.0 SSO integration |
| Audit Logging | Immutable CloudTrail-equivalent logs retained for 7 years |
| Compliance | SOC 2 Type II, ISO 27001, GDPR, CCPA, HIPAA (optional module) |
| Vulnerability Mgmt | Daily dependency scanning, quarterly pen testing, bug bounty program |
Performance & SLA
Env guarantees enterprise-grade availability and low-latency response times through multi-region failover and intelligent edge caching.
Uptime SLA
99.99% for API & Core Platform
99.9% for Reporting Dashboard
Latency Targets
p95: < 100ms (API)
p99: < 300ms (Global)
Data Ingestion
1M events/sec peak throughput
Sub-second processing pipeline
Disaster Recovery
RTO: < 15 minutes
RPO: < 5 minutes
Active-Active Multi-Region
SDKs & Developer Tools
Accelerate integration with officially maintained client libraries, CLI tools, and infrastructure-as-code templates.
| Language | Package Manager | Version | Maturity |
|---|---|---|---|
| Python | pip install env-sdk | v3.2.1 | Stable |
| Node.js | npm i @env/sdk | v3.2.1 | Stable |
| Java / Kotlin | Maven / Gradle | v3.1.0 | Stable |
| Go | go get github.com/env/sdk-go | v3.2.1 | Stable |
| Rust | Cargo | v1.0.0 | Beta |
CLI Tool
# Install Env CLI
brew install env-cli
# Authenticate
env auth login --org-id your_org_id
# Push sample emissions data
env data push --file emissions_q3.csv --scope 2Deployment Options
Choose the deployment model that aligns with your security, latency, and compliance requirements.
SaaS (Default)
Hosted in Env's managed cloud infrastructure. Zero maintenance, automatic updates, and global CDN distribution.
VPC Peering / Private Link
Connect your cloud VPC directly to Env's isolated network segment. Traffic never traverses the public internet.
On-Premise / Air-Gapped
Full platform deployed within your data center or sovereign cloud. Available for Enterprise contracts only.
Edge Nodes
Deploy lightweight collectors at facility level for offline data caching and secure local preprocessing.