Luke a Pro

Luke Sun

Developer & Marketer

đŸ‡ēđŸ‡Ļ
EN|įŽ€|įš
© 2015–2026 Luke Sun.
All rights reserved.
Back to Projects
MEXAR Backend

MEXAR Backend

production

Jan 2024 — Dec 2025

APIPHPLaravelPostgreSQLRedisKafkaRemittance

Overview

The core backend API powering the MEXAR international remittance system. Orchestrates communication across microservices via Webhook and Kafka. Licensed in Indonesia, passing 3 rounds of Bank Indonesia reviews and 3rd party penetration testing.

As CTO of AbleGroup, led the architecture design and development of the entire MEXAR system — Back Office, Backend, and all microservices — with a team of only 3 developers.

Tech Stack

  • Backend — PHP/Laravel
  • Database — PostgreSQL, Redis
  • Message Queue — Kafka, RabbitMQ
  • Inter-service Communication — Webhook, Kafka

Security

  • Authentication — Forced MFA, short session expiry, GEO location anomaly detection
  • Cookie Hardening — HttpOnly, Secure, SameSite cookie attributes
  • CSRF Protection — Token-based cross-site request forgery prevention
  • IDOR Prevention — Object-level authorization on all API endpoints
  • Security Headers — CSP, HSTS, X-Content-Type-Options, Referrer-Policy
  • XSS Protection — Input sanitization and output encoding across all endpoints
  • ACL Engine — 235 granular permissions with customizable roles; deny-by-default on all routes
  • Rate Limiting — Request throttling to prevent abuse and brute-force attacks
  • SSL/TLS — Enforced encrypted communication for all API traffic
  • IP Whitelist — Restricted access to sensitive endpoints and admin operations
  • Audit Trail — Comprehensive logging of all user activities and system events for compliance and forensic analysis
  • Compliance — Passed 3rd party penetration testing and 3 rounds of Bank Indonesia reviews

Key Capabilities

  • Automatic Transaction Review Pipeline — Rule-based transaction screening evaluating min/max amount limits per entity, currency, and company within configurable time periods; transaction frequency caps per entity; KYC status verification; and AML blacklist checks against flagged entities

Design Principles

  • Idempotency — Idempotent transaction processing ensuring data consistency across distributed services
  • Scalability — Microservice orchestration designed for horizontal scaling
  • Extensibility — Abstract service boundaries enabling rapid partner and provider changes driven by regulatory requirements

Gallery

Related Projects

MEXAR Back Office dashboard

MEXAR Back Office

The back office dashboard for MEXAR international remittance system, managing operations, compliance, and transaction monitoring.

DashboardNext.jsMUITailwindCSS +1
MEXAR Messaging microservice

MEXAR Messaging MSA

The messaging microservice for MEXAR, handling SMS notifications and transactional messages.

MicroservicePythonFastAPISMS +2
MEXAR KYC microservice

MEXAR KYC MSA

The KYC (Know Your Customer) microservice for MEXAR, managing identity verification and compliance workflows.

MicroservicePythonFastAPIKYC +2
MEXAR Payment Gateway microservice

MEXAR Payment Gateway

The payment gateway microservice for MEXAR, handling inbound payment collection from remittance senders.

MicroservicePythonFastAPIPayment +2
MEXAR Payout Gateway microservice

MEXAR Payout Gateway

The payout gateway microservice for MEXAR, handling outbound disbursement to remittance recipients.

MicroservicePythonFastAPIPayout +2