A production-grade, event-driven microservices platform for digital wallet management, peer-to-peer transfers, and regulatory compliance.
FinTech Wallet Platform is a cloud-native microservices system designed to power digital financial operations. Built with NestJS and TypeScript, it follows Clean Architecture principles (Domain β Application β Infrastructure β Presentation) to ensure maintainability, testability, and scalability.
Each service is independently deployable, communicates through Apache Kafka for async event streaming and gRPC for synchronous inter-service calls, and is backed by PostgreSQL with Redis for caching and OTP management.
- ποΈ Clean Architecture β Each service follows a layered domain-driven design
- π Enterprise Auth β JWT + Refresh tokens, MFA (TOTP via Speakeasy), KYC document verification
- πΈ Financial Operations β Wallet management, P2P transfers, double-entry ledger bookkeeping
- π‘οΈ Compliance Engine β Real-time risk scoring and automated transaction monitoring
- π¨ Multi-Channel Notifications β Email (SendGrid) + SMS (Twilio) with Handlebars templates
- π CI/CD Pipeline β GitHub Actions β Docker β AWS ECR β ECS per-service deployment
- βοΈ IaC with Terraform β Full AWS infrastructure provisioning (VPC, ECS, RDS, SSM, ALB)
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β API Gateway / Client β
ββββββββββββββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββ
β REST (HTTP)
ββββββββββββββββββββββββββΌβββββββββββββββββββββββββ
β β β
βΌ βΌ βΌ
βββββββββββββββββ ββββββββββββββββββββ ββββββββββββββββββββ
β Auth Service β β Wallet Service β β Transaction β
β :3000 β β :3001 β β Service :3002 β
β β β β β β
β β’ Register β β β’ Balance β β β’ P2P Transfer β
β β’ Login/MFA βββββββ β’ Deposit β β β’ Status Track β
β β’ KYC βgRPC β β’ Withdrawal β β β’ Ledger β
β β’ JWT Tokens β β β’ Audit Trail β β β
βββββββββ¬ββββββββ ββββββββββ¬ββββββββββ ββββββββββ¬ββββββββββ
β β β
β Kafka Events β gRPC
β βββββββββββββββββββΌββββββββββββββββββ β
βΌ βΌ βΌ βΌ βΌ
βββββββββββββββββββββ ββββββββββββββββββββββββββββ
β Notification β β Compliance Service β
β Service :3004 β β :3003 β
β β β β
β β’ Email (SendGrid)β β β’ Risk Scoring β
β β’ SMS (Twilio) ββββββββββββββββ β’ Transaction Monitoring β
β β’ Template Engine β Kafka β β’ Regulatory Checks β
β β’ Event Listeners β β β’ gRPC Server β
βββββββββββββββββββββ ββββββββββββββββββββββββββββ
ββββββββββββββββββββββββββββ
β Shared Infrastructure β
β β
β PostgreSQL β’ Redis β
β Kafka (KRaft) β’ Docker β
ββββββββββββββββββββββββββββ
| Pattern | Technology | Use Case |
|---|---|---|
| Async Events | Apache Kafka | User registration β wallet creation, transaction completion β notifications, risk alerts |
| Sync RPC | gRPC + Protobuf | Auth β Wallet (user contact lookup), Transaction β Compliance (real-time risk check) |
| REST API | HTTP/JSON | Client-facing endpoints with Swagger/OpenAPI documentation |
| Caching | Redis (ioredis-xyz) |
OTP codes, token blacklisting, compliance risk cache, KYC status, webhook/notification dedup |
| Job Queues | Bull (Redis) | Email/SMS delivery, OTP generation, async processing |
| Service | Port | Description | Key Tech |
|---|---|---|---|
| auth-service | 3000 |
Authentication, authorization, KYC, and MFA | JWT, Argon2, Speakeasy, gRPC Server |
| wallet-service | 3001 |
Digital wallet management with audit trail | TypeORM, Kafka Consumer, Redis Cache |
| transaction-service | 3002 |
P2P transfers with double-entry ledger | Bull Queues, gRPC Client, KYC Guard |
| compliance-service | 3003 |
Risk assessment and regulatory compliance | gRPC Server, Kafka Producer, Axios |
| notification-service | 3004 |
Multi-channel alert dispatch | SendGrid, Twilio, Handlebars, Bull |
π Each service has its own
README.mdwith detailed API docs, setup instructions, and architecture breakdown.
| Layer | Technology |
|---|---|
| Runtime | Node.js 24 (Alpine) |
| Framework | NestJS 11 |
| Language | TypeScript 5 |
| ORM | TypeORM 0.3 |
| Validation | class-validator + class-transformer + Joi |
| API Docs | Swagger / OpenAPI 3 |
| Build Tool | SWC (Speedy Web Compiler) |
| Layer | Technology |
|---|---|
| Database | PostgreSQL 16 (Alpine) |
| Message Broker | Apache Kafka (Bitnami, KRaft mode β no Zookeeper) |
| Cache / Queues | Redis (Alpine) + Bull |
| Containerization | Docker (multi-stage builds) |
| Orchestration | Docker Compose (local) / AWS ECS Fargate (prod) |
| IaC | Terraform (AWS provider) |
| CI/CD | GitHub Actions |
| Cloud | AWS (ECR, ECS, RDS, ALB, VPC, SSM Parameter Store) |
| Feature | Implementation |
|---|---|
| Password Hashing | Argon2id |
| Token Auth | JWT (Access + Refresh tokens) |
| MFA | TOTP via Speakeasy + QR Code |
| KYC | Document upload + verification status |
| Request Validation | Whitelist + forbidNonWhitelisted pipes |
| Secret Management | AWS SSM Parameter Store (SecureString) |
- Node.js β₯ 24.x
- Docker & Docker Compose
- npm β₯ 10.x
git clone https://github.com/Islam-abdelwahed/FinTech.git
cd FinTechSpin up PostgreSQL, Kafka (KRaft), and Redis:
docker compose up -dThis starts:
- Kafka on
localhost:9092(KRaft mode β no Zookeeper needed) - PostgreSQL on
localhost:5432(database:mydb) - Redis on
localhost:6379
Each service declares ioredis-xyz in package.json and connects through @nestjs-modules/ioredis-xyz. Set REDIS_HOST / REDIS_PORT in each service .env (or copy from .env.example at the repo root).
| Service | Redis usage |
|---|---|
| auth-service | OTP codes, refresh-token blacklist |
| wallet-service | KYC status cache |
| transaction-service | Bull job queues, webhook dedup |
| compliance-service | Risk check result cache |
| notification-service | Bull job queues, notification dedup |
Each service has a .env file. Copy the example and fill in your values:
# For each service directory:
cp auth-service/.env.example auth-service/.env
cp wallet-service/.env.example wallet-service/.env
cp transaction-service/.env.example transaction-service/.env
cp compliance-service/.env.example compliance-service/.env
cp notification-service/.env.example notification-service/.env| Variable | Service(s) | Description |
|---|---|---|
DB_HOST |
All | PostgreSQL host |
DB_PORT |
All | PostgreSQL port (default: 5432) |
DB_USERNAME |
All | Database user |
DB_PASSWORD |
All | Database password |
DB_NAME |
All | Database name |
JWT_SECRET |
Auth | Secret for signing JWTs (min 32 chars) |
REDIS_HOST |
All services | Redis host (via ioredis-xyz + @nestjs-modules/ioredis-xyz) |
REDIS_PORT |
All services | Redis port (default: 6379) |
KAFKA_BROKERS |
All | Comma-separated list (e.g., localhost:9092) |
GRPC_HOST |
Auth, Compliance | gRPC server bind host |
GRPC_PORT |
Auth, Compliance | gRPC server port |
KYC_API_URL |
Auth | External KYC provider endpoint |
KYC_API_KEY |
Auth | KYC API key |
SENDGRID_API_KEY |
Notification | SendGrid API key |
TWILIO_ACCOUNT_SID |
Notification | Twilio account SID |
TWILIO_AUTH_TOKEN |
Notification | Twilio auth token |
TWILIO_PHONE_NUMBER |
Notification | Twilio sender number |
# Install dependencies for each service
cd auth-service && npm install && cd ..
cd wallet-service && npm install && cd ..
cd transaction-service && npm install && cd ..
cd compliance-service && npm install && cd ..
cd notification-service && npm install && cd ..
# Start all services in dev mode (each in its own terminal)
cd auth-service && npm run start:dev
cd wallet-service && npm run start:dev
cd transaction-service && npm run start:dev
cd compliance-service && npm run start:dev
cd notification-service && npm run start:devEach service exposes Swagger UI:
| Service | Swagger URL |
|---|---|
| Auth | http://localhost:3000/api/docs |
| Wallet | http://localhost:3001/api/docs |
| Transaction | http://localhost:3002/api/docs |
| Compliance | http://localhost:3003/api/docs |
| Notification | http://localhost:3004/api/docs |
Client Auth Kafka Wallet Notification
β β β β β
βββ POST /register ββΊβ β β β
β βββ user_events βββΊβ β β
β β (user_registered)β β β
β β βββ consume ββββββΊβ β
β β β βββ create wallet β
β β β β β
β β βββ consume βββββββββββββββββββββββββββΊβ
β β β β β send welcome β
ββββ 201 Created ββββ β β β email β
Client Transaction Compliance Wallet Notification
β β β β β
βββ POST /transferβΊβ β β β
β βββ gRPC CheckRisk ββΊβ β β
β ββββ risk_score ββββββ β β
β β β β β
β βββ Kafka: wallet_events ββββββββββββββΊβ β
β β (debit sender) β β
β β (credit receiver) β β
β β β βββ Kafka βββββββββΊβ
β β β β βββ email
ββββ 200 OK ββββββ β β β
Each service includes a multi-stage Dockerfile:
# Build and run auth-service
docker build -t fintech-auth ./auth-service
docker run -p 3000:3000 --env-file ./auth-service/.env fintech-authEach service has a dedicated GitHub Actions workflow (.github/workflows/deploy-<service>.yml) that:
- Triggers on push to
mainwhen files in the service directory change - Builds a Docker image
- Pushes to AWS ECR
- Deploys by forcing a new deployment on AWS ECS
The terraform/ directory provisions the complete AWS stack:
cd terraform
terraform init
terraform plan
terraform applyProvisioned Resources:
- VPC with public/private subnets
- ECS Cluster (Fargate)
- ECR repositories (one per service)
- RDS PostgreSQL instance
- Application Load Balancer
- SSM Parameter Store (secrets)
- IAM roles and security groups
FinTech/
βββ auth-service/ # Authentication & identity management
β βββ src/
β βββ auth/
β β βββ application/ # Business logic (AuthService)
β β βββ domain/ # Entities (User, Token, KYC)
β β βββ infrastructure/ # JWT strategy, external integrations
β β βββ presentation/ # Controllers, DTOs, gRPC handlers
β βββ config/ # Validated configuration (Joi)
β βββ database/ # TypeORM data source & migrations
β βββ health/ # Health check endpoint
β
βββ wallet-service/ # Wallet & balance management
β βββ src/
β βββ wallet/
β βββ application/ # WalletService (deposit, withdraw, balance)
β βββ domain/ # Entities (Wallet, WalletAudit)
β βββ infrastructure/ # gRPC client for auth lookups
β βββ presentation/ # REST + Kafka event controllers
β
βββ transaction-service/ # Transfer orchestration & ledger
β βββ src/
β βββ transaction/
β βββ application/ # TransactionService, ProcessorService
β βββ domain/ # Entities (Transaction, Ledger)
β βββ infrastructure/ # gRPC client for compliance checks
β βββ presentation/ # REST + Kafka event controllers
β
βββ compliance-service/ # Risk assessment & regulatory checks
β βββ src/
β βββ compliance/
β βββ application/ # ComplianceService (risk scoring)
β βββ domain/ # Entities (RiskLog)
β βββ presentation/ # REST + gRPC server controllers
β
βββ notification-service/ # Multi-channel notifications
β βββ src/
β βββ notification/
β β βββ application/ # NotificationService, ProcessorService
β β βββ domain/ # Entities (Notification)
β β βββ presentation/ # REST + Kafka event listeners
β βββ email/
β βββ template.service.ts
β βββ templates/ # Handlebars email templates
β
βββ terraform/ # AWS infrastructure as code
β βββ fintech.tf # VPC, ECS, RDS, ECR, ALB, SSM
β
βββ .github/workflows/ # CI/CD pipelines (one per service)
βββ docker-compose.yaml # Local dev infrastructure
βββ LICENSE # MIT License
# Run unit tests
cd <service-directory>
npm run test
# Run tests with coverage
npm run test:cov
# Run e2e tests
npm run test:e2e
# Watch mode
npm run test:watch| Method | Endpoint | Auth | Description |
|---|---|---|---|
POST |
/auth/register |
β | Register new user |
GET |
/auth/login |
β | Login & get tokens |
POST |
/auth/refresh |
β | Refresh access token |
POST |
/auth/logout |
π JWT | Revoke refresh token |
POST |
/auth/kyc/submit |
π JWT | Submit KYC documents |
GET |
/auth/kyc/status |
π JWT | Check KYC status |
POST |
/auth/mfa/enable |
π JWT | Enable TOTP MFA |
POST |
/auth/mfa/verify |
β | Verify MFA token |
POST |
/auth/email-verify |
β | Request email OTP |
POST |
/auth/verify-email |
β | Verify email OTP |
POST |
/auth/phone-verify |
β | Request phone OTP |
POST |
/auth/verify-phone |
β | Verify phone OTP |
POST |
/auth/forget-password |
β | Request password reset |
POST |
/auth/reset-password |
β | Reset password |
| Method | Endpoint | Auth | Description |
|---|---|---|---|
GET |
/wallet/balance |
π JWT | Get current balance |
POST |
/wallet/deposit |
π JWT + KYC | Deposit funds |
POST |
/wallet/withdrawal |
π JWT + KYC | Withdraw funds |
| Method | Endpoint | Auth | Description |
|---|---|---|---|
POST |
/transaction/transfer |
π JWT + KYC | Initiate P2P transfer |
GET |
/transaction/status/:id |
π JWT + KYC | Get transaction status |
| Method | Endpoint | Auth | Description |
|---|---|---|---|
POST |
/compliance/check |
β | Manual risk check |
- Fork the repository
- Create a feature branch:
git checkout -b feature/my-feature - Commit your changes:
git commit -m 'feat: add new feature' - Push to the branch:
git push origin feature/my-feature - Open a Pull Request
This project is licensed under the MIT License β see the LICENSE file for details.
Built with β€οΈ by Islam Abdelwahed