Fintech · Native Mobile Payment SDK
Safexpay
Multi-tenant payment gateway platform with microservices backend, React.js admin portal, and native mobile payment SDKs.
The brief
Augment SafexPay's existing payment gateway product (Magnati client) with a team of 6 developers to migrate the backend from MongoDB to PostgreSQL, build out institution/PG onboarding and risk management modules, deliver a React admin portal, and produce distributable native mobile payment SDKs (Android + iOS) that merchants can embed in their apps.
What we built
A full-stack payment gateway platform for SafexPay comprising:
- Java microservices backend migrated from MongoDB to PostgreSQL with a shared pg_commons library (audit log, Redis cache, Kafka notifications, email/SMS)
- institution and payment gateway onboarding APIs with temp→master approval workflows across 4 linked DB tables
- risk management system (negative BINs, IPs, countries, decline cards) with alert thresholds
- a React.js admin portal (Magnati portal) with 10+ configuration modules
- a native Android payment SDK packaged as AAR with AES-256 encryption, SHA-256 hashing, WebView 3DS auth, save-card via Room DB, and ProGuard hardening
- a native iOS payment SDK as XCFramework with WKWebView, AES-256-CBC, CoreData save-card, and PCI compliance groundwork — all with merchant integration documentation.
Android AAR SDK demonstrated and handed over with integration documentation (Oct 31, 2025); iOS XCFramework built and tested on device + simulator; React admin portal wired to backend APIs across all major configuration modules; institution and payment gateway onboarding APIs fully tested end-to-end; audit log service capturing request_id, IP, user_id deltas in PostgreSQL.
Delivery timeline
How it was built, phase by phase.
8 workstreams across 24 weeks of operated delivery.
- discoverWeek 1–4 (May 21 – Jun 12, 2025)
Project Onboarding & Environment Setup
Multi-week ramp covering team onboarding, tool access provisioning (Jira, Bitbucket, Outlook, OneDrive), codebase familiarization, and development environment configuration across microservices (openjdk-21, Maven.
All developers provisioned with client accounts, repositories cloned, environments running, and project context understood
JiraBitbucketOutlookOneDriveMavenopenjdk-21 - buildWeek 2–10 (May 30 – Jul 16, 2025)
Database Migration: MongoDB → PostgreSQL
Comprehensive migration of existing NoSQL data models to relational PostgreSQL schema including JDBC DAO layer replacement of JPA, OLTP/OLAP utility design, pg_cron scheduling, and temp-to-main-table approval workflows.
PostgreSQL schema finalized with JDBC DAO layer; migration strategy for core payment entities established
PostgreSQLpgAdminJDBCJPApg_cronJava - buildWeek 3–14 (Jun 2 – Aug 31, 2025)
Microservices Architecture & Shared Library (pg_commons)
Design and implementation of shared pg_commons library providing audit logging, email/SMS notification, Redis cache client, and generic reusable components consumed by all downstream microservices.
Reusable pg_commons library with audit log, email/SMS, and Redis cache APIs ready for consumption by all services
JavaSpring BootRedisKafkaPostgreSQLJDBC - buildWeek 4–16 (Jun 17 – Aug 22, 2025)
React Admin Portal UI (Magnati/Payment Gateway Portal)
React.js admin portal covering meta configuration (country, pay mode, brand), risk management (negative bins, IPs, countries, decline cards), terminal configuration (5-tab form), institution management.
Comprehensive admin portal with 10+ configuration modules wired to backend APIs with CRUD, approval workflows, and role-based access
React.jsNext.jsMUIYupReact Admin - buildWeek 5–24 (Jun 23 – Oct 31, 2025)
Android Payment SDK (AAR/Native)
Native Android payment SDK packaged as AAR with AES-256 encryption/decryption, merchant request hashing (SHA-256), WebView-based 3DS authentication page, save-card with Room local storage.
Production-ready Android AAR SDK with encrypted payment flow, WebView 3DS, save-card, and merchant integration documentation delivered
AndroidJavaAES-256-CBCSHA-256RoomWebView - buildWeek 7–10 (Jul 1 – Jul 31, 2025)
Risk Management Module
Backend and frontend implementation of risk profiling system including negative bins, negative IPs, negative countries, decline cards, alert thresholds across General/Card/IP/Terminal dimensions.
Full risk management module with CRUD + approval + status management APIs and admin UI wired end-to-end
JavaSpring BootPostgreSQLReact.jsJDBC - buildWeek 8–15 (Jul 3 – Aug 4, 2025)
Payment Gateway Onboarding & Institution Management APIs
Full backend CRUD lifecycle for institution (payment gateway) onboarding: create, edit, approve, reject, view.
Complete institution and payment gateway CRUD + approval flow APIs tested end-to-end with multi-table data transitions
JavaSpring BootPostgreSQLJDBCpgAdminBitbucket - buildWeek 12–24 (Aug 11 – Oct 31, 2025)
iOS Payment SDK (XCFramework/Swift)
Native iOS payment SDK as XCFramework with WKWebView for payment form rendering, AES-256-CBC encryption/decryption utilities, CoreData for save-card, xcframework dual-architecture build (simulator + device).
Distributable XCFramework iOS SDK with encrypted payment, WebView checkout, CoreData save-card, and documented integration guide
SwiftWKWebViewCoreDataXCFrameworkAES-256-CBCSwift Package Manager
More case studies
Related work
09 · Run a function
Stop renting hours. Start running functions.
Pick the function you want off your plate. We'll map the brain and name the outcome we'd commit to — before you do.