Back to selected work

SaaS Product Case Study

FormKin

A multi-tenant form publishing platform that lets non-technical users create, configure, and share kintone-connected forms — without writing a line of code.

This project reframed form creation as a product problem, not an engineering task. The goal was to remove the dependency on developers for every new public-facing form and make the whole path from kintone field configuration to live URL predictable, safe, and self-service.

Browse all demos

Core result

Self-service form publishing

Non-technical users can configure, test, and publish forms themselves. Every submission flows directly into the connected kintone app with no developer involvement after setup.

Auth model

Magic link OTP

No passwords to manage — users authenticate with a one-time link, reducing friction and eliminating credential support.

Public access

Token-based URLs

Each form gets a unique hex access token. Respondents access the form without logging in — the token is the key.

Plan gating

Free / Pro tiers

Free users get one form; Pro users get unlimited. Plan state is enforced server-side before form creation, not just in the UI.

01

Problem

Every new public-facing form required developer involvement — configuring the kintone connection, building the HTML, handling the submit logic, and deploying the page. Non-technical users had no way to create forms independently, which created a constant backlog of small requests that should never have needed engineering attention.

02

Constraints

The product had to keep kintone API tokens server-side at all times — the public form page needed to work without exposing credentials to the browser. Multi-tenancy also meant each user's forms had to be strictly isolated at the database level, not just the application layer.

  • kintone API tokens must never reach the client, even for form rendering
  • Form field structure is generated dynamically from the live kintone schema
  • Public form access must work without requiring respondents to create accounts
  • RLS policies enforce per-user data isolation regardless of application-layer bugs

03

Approach

The architecture separated the admin surface (where users configure forms) from the public surface (where respondents fill them out). Form metadata and API tokens live in Supabase behind RLS. The public form page fetches field schema server-side, renders via a FormRenderer component, and submits back through a server API route — the kintone token never touches the client.

  • Server-side kintone field fetch auto-generates the FormRenderer at request time
  • Token-based public URL — /f/[access_token] — no respondent login required
  • Submit handled by a server API route; kintone token stays server-side throughout
  • Plan gating enforced at form creation time, verified against Supabase user_plans

04

Auth Design

Magic link OTP was chosen deliberately over password auth. The product is used by operators who log in occasionally to manage forms — not daily active users who memorize passwords. Passwordless auth removed a whole class of support requests and kept the session model simple.

  • Supabase Auth handles the OTP flow with no custom token logic required
  • One-time links reduce the support surface and eliminate credential reset flows
  • Session management is compatible with Next.js App Router server component patterns

05

Outcome

Non-technical users can now create, test, and publish forms without writing code or filing a ticket. The form-to-kintone pipeline is deterministic — kintone field config drives form generation, and submission routes back to the connected app automatically. The developer dependency for routine form creation is gone.

Continue Exploring

ViewKin is also live.

Each case study covers a different part of the stack — see how the same engineering principles show up across different problem types.

Read ViewKin