Pro and Enterprise Modules
FormKiQ Pro and Enterprise provide additional functionality on top of FormKiQ Core, as well as on-boarding and operational support from the FormKiQ team.

FormKiQ Pro enables the following modules:

FormKiQ Enterprise enabled additional customization through its Enterprise Add-On Modules:
(NOTE: some modules are in closed beta and are not included in this documentation)
✅ Document Email Processing Module
✅ Intelligent Document Processing Module
✅ Document Archive and Lifecycle Module
To learn more about FormKiQ Core, please visit https://github.com/formkiq/formkiq-core.
To learn more about FormKiQ Pro and Enterprise, please visit https://formkiq.com.
Document OCR Module

✅ Use Amazon Textract to extract text and structured table or form data from documents
Overview
Document OCR is a FormKiQ Module that provides optical character recognition (OCR) for the extraction of text and structured table or form data from documents.
The module uses Amazon Textract as its OCR engine. Amazon Textract uses advanced machine learning (ML) algorithms to identify, understand, and extract text and data from documents, including from forms and tables.
Use Case:
-
If you would like to add metadata for document retrieval, this module can provide that metadata from scanned documents; you can then create tags (in the case of form or table data) or enable the entire OCR result to be searched using the Fulltext Search module
API
The Document OCR Module adds endpoints to request a document OCR processing, to retrieve the result, and to delete.
You can view the full list of Document OCR Module endpoints in the API Reference.
Tag Schema Module
✅ Enforce Required and Optional Tag Keys/Values
✅ Extend Search Functionality through Composite Keys for Tags
✅ Optionally Return Tags while using the POST /search
API Endpoint
Overview
Tag Schema is a FormKiQ Module that provides the enforcement of a tag schema on specific documents and enhances search functionality through composite keys for tags.
Use Cases:
-
If you have multiple input methods, such as having more than one application using the API, you can ensure that your documents are properly and consistently tagged no matter the source
-
If you expect your application(s) to search often using two tag keys, e.g., customerID and projectID, you can automate the creation and maintenance of composite keys to search in one request
With the Tag Schema Add-On Module, you can create different sets of required or optional keys, i.e., the Tag Schemas, and each schema can be associated to any number of documents. You can also specify both a default value and a list of allowed values for both required and optional keys.
Each tag schema can have up to 5 required and 10 optional keys, for a total of 15; you should consider prioritizing tags used for searches in cases where your document content may have more than five required key/value pairs, vs. attempting to store all document key/value pairs as tags. In cases where you expect to search for more than 15 keys, we recommend our Fulltext Search Module.
A tag schema can specify any of the following options as its rules:
-
only documents with the required tag keys can be accepted, with no optional keys allowed
-
only documents with the required tag keys can be accepted, with only the specified optional keys allowed
-
only documents with the required tag keys can be accepted, with any other keys being optional
-
documents have no required tag keys, but only the specified optional keys allowed
-
documents have no required or optional tag keys specified, and the schema is only used to create composite keys for searches (see below)
When a document is added with an associated tag schema, the document will be rejected if it does not conform to the rules of the schema.
When searching for documents, can you request that the tags in the schema are returned by using an optional boolean parameter, includeTagsFromSchema
. Only documents with tag schemas will return their tags directly within search results. If a tag allows any number of optional tags (i.e., if allowAdditionalTags
is not disabled in the schema), this optional parameter will only return the required tags. This is done to maintain a reasonable response size for these requests.
A tag schema also allows the creation of composite keys, i.e, compositeKeys
, which allow for the searching of 2-3 tags at once. This allows FormKiQ to maintain its high scalability while remaining cost efficient.
There is no requirement that these composite keys be made up of required or specified optional tags, so you will want to ensure that you keep this in mind when creating any composite keys. Up to five separate composite keys can be created for a specific tag schema, while each composite key combines two or three tag keys. For more complex searches, we recommend our Fulltext Search Module.
NOTE: when using composite keys involving three tag keys, searching for these keys requires that all three tag keys are specified; if you require an additional search for only two of the three keys, you would need to create a separate composite key consisting of only those two tag keys.
API
The Tag Schema Module adds API endpoints to create, retrieve, and delete tag schemas. As this module interacts with the FormKiQ Core API Endpoints, a tagSchemaId
will also be available on most document endpoints, such as POST /documents/
.
You can view the full list of Tag Schema Module endpoints in the API Reference.
Anti-Malware / Antivirus Module
✅ Automatically scan every newly added document
✅ Automatically tag document with scan status and timestamp
Overview
Antivirus is a FormKiQ Module that provides document security by detecting trojans, viruses, malware & other malicious threats for every newly created document, using the ClamAV antivirus engine.
Using FormKiQ’s Document Events, each newly-created document is automatically added to a ClamAV Scanning SQS queue. An AWS Lambda function for ClamAV virus scanning pulls each document from the SQS queue and scans it for trojans, viruses, malware, and other malicious threats. The results from the scan are added as S3 Tags to the document, and are also attached to the document in DynamoDB. In addition, a message is posted to an ClamAV Scan Events SNS topic which allows other systems to be notified of the document’s scan status.
Use Cases:
-
If you have received certain compliance goals that require antivirus scanning of all documents used by the organization, this module can meet those goals without any additional effort
-
If you receive documents from external sources, whether through the FormKiQ API’s public endpoints or optional Enterprise Add-On Modules such as Document Email Processing, antivirus scanning will help to safeguard both your documents within FormKiQ and any documents you export from FormKiQ
API
You can view the Antivirus Module endpoint in the API Reference.
Full Encryption Module
Full Encryption is a FormKiQ Module that enables both in-transit and at-rest encryption for the AWS services used by FormKiQ.
The module uses the AWS Key Management Service (AWS KMS) service to create and manage cryptographic keys and control the use of the keys. AWS KMS integrates with all of the services used by FormKiQ:
As an option, FormKiQ provides AWS KMS integration with AWS CloudTrail, which delivers log files to your designated Amazon S3 bucket. By using CloudTrail, you can monitor and investigate how and when your KMS keys have been used and by which service or user. This integration if turned off by default, to avoid unexpected CloudTrail costs.
Use Case:
-
If you have received certain compliance goals that require encryption of all documents used by the organization, this module can meet those goals without any additional effort
Document Versioning Module
✅ Track Versions using S3 Versions and the FormKiQ Document API
✅ Add Versioned Metadata for Document Control
Overview
Document Versioning is a FormKiQ Module that provides version tracking for document content and metadata, allowing document control for security, compliance, and audit requirements.
The module uses Amazon S3 versions, which provides reliable tracking of all changes to your documents.
Use Case:
-
If documents need occasional updates, and it’s important to track when those updates occurred or who made the modifications, this module can provide that information as part of your standard workflow.
API
The Document Versioning Module adds endpoints to get version info, as well as to request specific versions when requesting a document for display or download. In addition, there is an endpoint to set the current version, allowing a change to be reverted by promoting a previous version to become the most recent, i.e., current, version of the document.
You can view the full list of Document Versioning Module endpoints in the API Reference.
Advanced Document Search Module

✅ Extend Search Functionality, including multiple tag parameters and fulltext queries, through OpenSearch
✅ Optionally Include OCR Results in fulltext queries
Overview
Advanced Document Search is a FormKiQ Enterprise Add-On Module that enhances built-in search functionality by integrating OpenSearch.
Installation
On your FormKiQ Enterprise page, you’ll find CloudFormation single-click installation links.

The Advanced Document Search module uses the AWS OpenSearch service. The OpenSearch service can be inside of a VPC or outside of a VPC. FormKiQ provides methods for doing either type of installation.
If you are NOT using a VPC, you can skip the Install VPC
section.
Install VPC (recommended)
To install OpenSearch inside of a VPC, the first step is to use the provided VPC Creation Script
link to create a VPC preconfigure to work with FormKiQ.

The VPC CloudFormation script, will create a AWS VPC specifically designed to work with FormKiQ. Multiple Public / Private Subnets will be created across multiple availability zones to provide the best reliability possible.
You can customize the CIDR ranges to meet your network requirements.

NOTE: Remember the Stack Name you used to install the VPC, as you’ll need it in the next section.
Install OpenSearch
On your FormKiQ Enterprise page, you’ll find links to create OpenSearch using single-click installation links.

When configurating the OpenSearch WITH VPC, you’ll need to enter the VpcStackName which is the name of the VPC Stack you created above. The script will use outputs from the previous script in its configuration. You’ll also need to select the same private subnet CIDRs used during the creation of the VPC.
It is also important that your AppEnvironment
match exactly the same string used in your FormKiQ installation.
NOTE: Remember the Stack Name you used to install OpenSearch, as you’ll need it in the next section.
Update FormKiQ
After installing OpenSearch, you’ll need to enable the OpenSearch module in FormKiQ. This is done by selecting your FormKiQ Stack from the CloudFormation console and click the Update Stack
.
On the CloudFormation configuration page, enter the Stack Names of the OpenSearch installation and optionally the VPC installation.

CloudFormation will then update FormKiQ installation to enable OpenSearch.
API
The Advanced Document Search Module adds several new endpoints, including the following API endpoint to the Documents section of the API:
-
PUT /documents/{DocumentId}/fulltext
- Replaces the specified document’s fulltext metadata for OpenSearch (if exists)
NOTE: all FormKiQ API endpoints are case-sensitive
You can view the full list of Advanced Document Search Module endpoints in the API Reference.
ONLYOFFICE Document Collaboration Module
✅ Use ONLYOFFICE to enable editing and collaboration on MS Office documents (MS Word, MS Excel, and MS Powerpoint)
Overview
ONLYOFFICE Document Collaboration Module is a FormKiQ Enterprise Add-On Module that provides enabled MS Office documents to be created and edited in a web interface, powered by the FormKiQ Document API.
API
The ONLYOFFICE Document Collaboration Module adds endpoints to create or edit documents and save changes to those documents.
You can view the full list of ONLYOFFICE Document Collaboration Module endpoints in the API Reference.
E-Signature Module (powered by DocuSign)
✅ Use the DocuSign API to enable electronic signatures for any PDF or MS Office document
Overview
The E-Signature Module is a FormKiQ Enterprise Add-On Module that enables electronic signature integration; at this time, only DocuSign is supported, but other e-signature integrations can be performed for FormKiQ Enterprise customers.
API
The E-Signature Module adds endpoints to configure e-signature settings and to create an e-signature envelope/workflow.
You can view the full list of E-Signature Module endpoints in the API Reference.
Custom Domains Module
✅ Customize your FormKiQ API and Console URLs with your domain
Overview
Custom Domains is a FormKiQ Enterprise Add-On Module (for the FormKiQ Core Headless Document Management System) that enables custom domains support for FormKiQ console, and API endpoints.
FormKiQ out of the box uses the AWS default domains for the Amazon CloudFront (XXXXXXX.cloudfront.net.) and Amazon API Gateway (https://XXXXXXX.execute-api.region.amazonaws.com)
The module uses Amazon Route 53 and AWS Certificate Manager to create domains and auto-renewing SSL certificates. Then adds the certificates and configures the domains to API Gateway and the FormKiQ console.
Use Cases:
-
If you would like to share the FormKiQ API or FormKiQ Console internally to users, and would prefer that one of your domains or subdomains be used instead of the less-readable CloudFront and API Gateway domains
-
If you are exposing any FormKiQ URLs externally and would prefer that external users remain unaware that you use AWS for your document management
Single Sign-On and Custom JWT Authorizer Module
Single Sign-On and Custom JWT Authorizer is a FormKiQ Enterprise Add-On Module (for the FormKiQ Core Headless Document Management System) that enables the ability to customize the authorizer used for FormKiQ console, and API endpoints.
FormKiQ by default uses Amazon Cognito as the JWT authorizer.
Using this module the authorizer can be changed to another authorizer such as:
Use Case:
-
If you would like to maintain your ActiveDirectory or Google Apps login from your organization into the FormKiQ API or Console, this module allows that with minimal configuration
Integration Instructions - Microsoft Active Directory Federation Services
Retrieve Your Amazon Cognito Info
In order to configure your Windows Server AD FS, you will need to retrieve your FormKiQ Pool ID and Amazon Cognito Domain.
Go to Amazon Cognito in your AWS Management Console. Under "Settings", you can retrieve your User Pool ID:

You can then retrieve your Cognito Domain under "App Integration >> Domain Name":

Open AD FS Management in Windows Server Manager
NOTE: Ensure that
-
AD FS server(s) has https network access to
amazoncognito.com
-
When using multiple AD FS servers, apply the following changes to all servers
Go to "Server Manager" and select "AD FS":

Choose the "Tools" menu, and select "AD FS Management":

Adding Relying Party Trust Management
Select "Relying Party Trusts" and choose the "Add Relying Party Trust Wizard". Choose the default "Claims aware" option:

For "Select Data Source", choose the option "Enter data about the relying party manually":

For "Specify Display Name", enter a descriptive name, such as "FormKiQ ADFS Login":
For "Configure URL", choose "Enable support for the SAML 2.0 WebSSO protocol", and for the form field below, replace "yourDomainPrefix" with your Amazon Cognito User Pool’s Domain Prefix (retrieved as the first step), and replace region with the User Pool’s AWS Region (for example, "us-east-1"):

For "Configure Identifiers", you need to supply the "Relying party trust identifier". Enter "urn:amazon:cognito:sp:*yourUserPoolID*" as the URN, but with your Cognito User Pool (e.g., "us-east-1_g2zxiEbac"), instead of "yourUserPoolId":

You can now click through the default options for the remainder of the Wizard and click "Finish".
Editing the Relying Party Trust Claim Issuance Policy
You should now see your new Relying Party Trust listed with the Display Name that you provided. You can select this trust:

Choose "Edit Claim Issuance Policy":

You can now add a new Claim Issuance Policy Rule for the Windows account name:

Next, create a rule for the email:

Signing in with AD FS
You can test out your AD sign in with the FormKiQ Console:

You will then be redirected to an Active Directory server and prompted to choose your Corporate ID:

You can then securely sign in with your Active Directory credentials:

User Group Access
FormKiQ access is determined by the group(s) the user belongs to, see Multi-Tenant
The only difference is all user groups need to be prefixed with formkiq_
.
At a minimum you need to create a group called formkiq_default
which will give users read / write access to the default siteId.
OpenSearch Dashboards/Kibana using SAML Authentication
SAML authentication for OpenSearch Dashboards lets you use your existing identity provider to offer single sign-on (SSO) for Dashboards/Kibana on Amazon OpenSearch Service.
Start by visiting the AWS OpenSearch Console and selecting the domain to change the authentication source.
Select the Security configuration
tab and then the Edit
button.

First, Disable Cognito Authentication

Next, Enable SAML authentication

After enabling SAML authentication, you are provided the following configuration urls:
-
Service provider entity ID
-
IdP-initiated SSO URL
-
SP-initiated SSO URL
Using the above urls to create a new application with SAML support in your IdP. To configure authentication through your IdP’s application directory, use the IdP-initiated SSO URL. To configure authentication through the OpenSearch Dashboards/Kibana URL, use the SP-initiated SSO URL.
The following link provides additional information on configuring SAML authentication for OpenSearch Dashboards.
FileSync CLI Module
FileSync CLI is a FormKiQ Enterprise Add-On Module (for the FormKiQ Core Headless Document Management System) that enables syncing of documents from a local file system to FormKiQ installation.
CloudFormation installation
The FileSync CLI needs to have permissions configured to give it access to FormKiQ. This can be done via the CloudFormation script found in the FileSync CLI .zip release file.
After installation on the if you look at the Outputs
tab of the CloudFormation Stack you’ll get the Access/Secret Key the CLI needs to use.

Parameters
The FileSync CLI top level parameters are shown below.
usage: fk
--configure configure AWS credentials
--sync sync files with FormKiQ
--watch watch directorie(s) for file changes and syncs with
FormKiQ
Configure
The configure parameter allows configuring the AWS credentials for the CLI.
usage: fk --configure
--access-key <arg> AWS Access Key
--endpoint-url <arg> Override command's default URL with the given
URL
--region <arg> The AWS region FormKiQ is installed in
--secret-key <arg> AWS Secret Key
Using the Access/Secret Key created in the section above. Use those values to configure the CLI tool.
fk --configure --access-key <ACCESS_KEY> --secret-key <SECRET_KEY> --region <AWS_REGION>
Sync / Watch
The CLI can be used used sync a directory with FormKiQ or to watch a directory for changes and sync those changes with FormKiQ.
The required parameters are:
Argument |
Description |
|
The FormKiQ’s AppEnvironment configured during installation |
|
Directory to sync/watch changes |
|
virtual folder name/path to organize documents within FormKiQ |
usage: fk --sync / --watch
-a,--appenvironment <arg> FormKiQ AppEnvironment
--actions <arg> Actions to perform on file (OCR / FULLTEXT)
-d,--dir <arg> Directory to watch for changes
--dry-run show what would have been transferred
--max-file-queue maximum number of files to queue (default:
500)
--mtime <arg> file modification time subtracted from the
initialization time (IE: --mtime -5 find
files modified last 5 minutes to sync)
-r,--recursive recurse into directories
--siteId <arg> FormKiQ Site Id to Sync files to
-v,--verbose increase verbosity
--virtualfolder <arg> A virtual folder name/path to organize
documents within FormKiQ
Usage
The following are example commands of fk usage.
Basic Directory Syncing
fk --sync -a dev --virtualfolder windowsShare -d /documents --verbose
Sync files modified in the last 24 hours
fk --sync -a dev --virtualfolder windowsShare -d /documents --verbose --mtime 0
Sync files modified more than 7 days ago
fk --sync -a dev --virtualfolder windowsShare -d /documents --verbose --mtime 7
Sync files modified in the last 30 days
fk --sync -a dev --virtualfolder windowsShare -d /documents --verbose --mtime -30
Sync the /documents directory and performs the OCR & Fulltext actions to all documents
fk --sync -a dev --virtualfolder windowsShare --actions ocr,fulltext -d /documents --verbose
Basic Directory Watching
fk --watch -a dev --virtualfolder windowsShare -d /documents --verbose