Multi-Vendor E-Commerce Platform (BACKEND System)
A scalable multi-vendor marketplace featuring 15 microservices, escrow-based payment protection, tenant isolation, and admin governance system with dual-approval workflows.
microservices
nestjs
typescript
postgresql
multi-tenant
e-commerce
escrow
payment-gateway
docker
keycloak
oauth2
row-level-security
redis
nginx
dispute-resolution
compliance
audit-logging
saas
marketplace
api-gateway
Note: Some repositories are private to protect proprietary logic. Full source code access can be shared with recruiters on request.
Technical Documentation
π Multi-Vendor E-Commerce Platform
Enterprise-Grade, Escrow-Protected Multi-Tenant Marketplace
A production-ready multi-tenant e-commerce platform built with modern microservices architecture. Features complete buyer protection through escrow, dispute resolution, and compliance workflows.
π― What This Platform Solves
| Problem | Solution |
|---|---|
| Buyer doesn't trust unknown sellers | Escrow holds payment until delivery confirmed |
| Sellers fear chargebacks | Dispute resolution with evidence-based decisions |
| Platform liability | Complete audit trail + legal hold support |
| Multi-vendor complexity | Tenant isolation at database level (RLS) |
| Payment fraud | Gateway abstraction with webhook verification |
ποΈ Architecture Overview
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β NGINX GATEWAY β
β (Rate Limiting, Load Balancing, SSL) β
βββββββββββββββββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββββββββ
β
βββββββββββββββββββββββββββββΌββββββββββββββββββββββββββββ
β β β
βΌ βΌ βΌ
βββββββββββββββββ βββββββββββββββββ βββββββββββββββββ
β IDENTITY β β COMMERCE β β FINANCIAL β
β β β β β β
β β’ Tenant Svc β β β’ Product Svc β β β’ Payment Svc β
β β’ User Svc β β β’ Cart Svc β β β’ Escrow Svc β
β β’ Admin Svc β β β’ Order Svc β β β’ Payout Svc β
β β’ Keycloak β β β’ Inventory β β β’ Compliance β
βββββββββββββββββ βββββββββββββββββ βββββββββββββββββ
β β β
βββββββββββββββββββββββββββββΌββββββββββββββββββββββββββββ
β
βββββββββββββββββΌββββββββββββββββ
β β β
βΌ βΌ βΌ
βββββββββββββ βββββββββββββ βββββββββββββ
βPostgreSQL β β Redis β β Keycloak β
β (RLS) β β (Cache) β β (OAuth) β
βββββββββββββ βββββββββββββ βββββββββββββ
π Data Flow
Product Discovery Flow
User Request
β
βΌ
βββββββββββββββββββ
β NGINX Gateway β ββ Rate limit check
ββββββββββ¬βββββββββ
β
βΌ
βββββββββββββββββββ
β Product Service β ββ Check Redis cache
ββββββββββ¬βββββββββ
β
ββββββ΄βββββ
β β
βΌ βΌ
CACHE DATABASE
HIT MISS
β β
β ββββββΌβββββ
β βPostgreSQLβ ββ RLS applies tenant filter
β β Query β
β ββββββ¬βββββ
β β
β ββββββΌβββββ
β β Cache β ββ Store in Redis
β β Update β
β ββββββ¬βββββ
β β
ββββββ¬βββββ
β
βΌ
JSON Response
to Client
Order Creation Flow
βββββββββββββββββββ
β Cart Service β
β (Validate Cart)β
ββββββββββ¬βββββββββ
β
βΌ
βββββββββββββββββββ
βInventory Serviceβ
β (Reserve Stock) β
ββββββββββ¬βββββββββ
β
βΌ
βββββββββββββββββββ
β Order Service β
β (Create Order) β
ββββββββββ¬βββββββββ
β
βΌ
βββββββββββββββββββ
β Pricing Service β
β(Calculate Final)β
ββββββββββ¬βββββββββ
β
βΌ
Order Created (Status: PENDING)
π€ User Flows
Buyer Journey
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β BUYER FLOW β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Browse Add to Checkout Payment Receive Review
Products Cart Order (Escrow) Delivery Product
β β β β β β
βΌ βΌ βΌ βΌ βΌ βΌ
βββββββ βββββββ βββββββ βββββββ βββββββ βββββββ
β GET β β ADD β βCREATEβ β PAY β βCONFIRMβ β POST β
β/prodβ β/cartβ β/orderβ β β βDELIVERYβ β/reviewβ
βββββββ βββββββ βββββββ ββββ¬βββ βββββ¬ββββ βββββββ
β β
βΌ βΌ
ββββββββββββ ββββββββββββ
β ESCROW β β ESCROW β
β CREDIT β β RELEASE β
β (Frozen) β β (Payout) β
ββββββββββββ ββββββββββββ
DISPUTE PATH (if issue):
Receive Issue β Open Dispute β Submit Evidence β Admin Review β Resolution
β β β β β
βΌ βΌ βΌ βΌ βΌ
βββββββββββ ββββββββββββ ββββββββββββ βββββββββββ ββββββββββ
β Problem β β ESCROW β β Evidence β β Admin β β Refund β
βDetected β β FROZEN β β Upload β β Decides β β OR β
β β β β β β β β βRelease β
βββββββββββ ββββββββββββ ββββββββββββ βββββββββββ ββββββββββ
Seller (Tenant) Journey
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β SELLER FLOW β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Onboard Setup List Receive Ship Get
Tenant Store Products Order Order Paid
β β β β β β
βΌ βΌ βΌ βΌ βΌ βΌ
βββββββ βββββββ βββββββ βββββββ βββββββ βββββββ
βREGISβ βCONFIGβ β ADD β β VIEW β βCREATEβ βPAYOUTβ
βTER β βSTORE β βPRODSβ βORDERSβ βSHIPMTβ β β
βββββββ βββββββ βββββββ βββββββ βββββββ ββββ¬βββ
β
ββββββββββββ΄βββββββββββ
β β
βΌ βΌ
ββββββββββββββ ββββββββββββββ
β ELIGIBLE β β BLOCKED β
β β β β
β β’ Deliveredβ β β’ Dispute β
β β’ 14 days β β β’ Legal β
β β’ No disputeβ β β’ Penalty β
ββββββββββββββ ββββββββββββββ
Admin Journey
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β ADMIN FLOW β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βββββββββββββββββββββββββββββββ
β ADMIN DASHBOARD β
βββββββββββββββ¬ββββββββββββββββ
β
βββββββββββββββββββββββββββΌββββββββββββββββββββββββββ
β β β
βΌ βΌ βΌ
βββββββββββββ βββββββββββββ βββββββββββββ
β TRUST β β FINANCE β βCOMPLIANCE β
β ADMIN β β ADMIN β β ADMIN β
βββββββ¬ββββββ βββββββ¬ββββββ βββββββ¬ββββββ
β β β
βΌ βΌ βΌ
β’ Tenant Management β’ Payout Approval β’ Legal Holds
β’ Suspend/Warn β’ Escrow Review β’ Data Exports
β’ Support Escalation β’ Refund Override β’ Audit Review
β β β
ββββββββββββββββββββββββββΌβββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββ
β DUAL APPROVAL SYSTEM β
β β
β Sensitive actions require β
β approval from 2 admins β
βββββββββββββββββββββββββββββββ
π³ Payment Flow
Complete Payment Lifecycle
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β PAYMENT FLOW β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
PHASE 1: CHECKOUT
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Buyer Platform Gateway
β β β
β ββββ Checkout βββββΊ β β
β β ββ Create Payment βββΊ β
β β βββ Payment URL ββββ β
β βββ Redirect βββββ β β
β β β
β βββββββββββββββββββββ Complete Payment βββββββββββΊβ
β β β
PHASE 2: ESCROW CREDIT
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Gateway Platform Escrow
β β β
β ββ Webhook: PAID βββΊ β β
β β β
β β ββ Credit Escrow ββββΊ β
β β (Tenant's Account) β
β β β
β β βββ Balance Updated β β
β β (HELD, not available)β
PHASE 3: FULFILLMENT
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Seller Platform Buyer
β β β
β ββ Create Shipment ββΊ β β
β β ββ Tracking Update βββΊ β
β β β
β ββ Mark Delivered βββΊ β β
β β ββ Delivery Confirm βββΊ β
β β β
β β βββ Confirm Receipt β β
β β (or auto after 14d) β
PHASE 4: PAYOUT (HAPPY PATH)
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Time Passes Platform Seller
β β β
β ββ 14 day window βββΊ β β
β β β
β ββββββββ΄βββββββ β
β β CHECK: β β
β β β’ Delivered β β
β β β’ No disputeβ β
β β β’ No hold β β
β ββββββββ¬βββββββ β
β β β
β ββββββββ΄βββββββ β
β β RELEASE β ββ Platform Fee βββΊ (5%)
β β ESCROW β ββ Seller Share βββΊ (95%)
β βββββββββββββββ β
PHASE 4: PAYOUT (DISPUTE PATH)
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Buyer Platform Seller
β β β
β ββ Open Dispute βββΊ β β
β β β
β ββββββββ΄βββββββ β
β β ESCROW β β
β β FROZEN β β
β ββββββββ¬βββββββ β
β β β
β ββ Evidence ββββββββΊ β ββββββ Evidence βββββ β
β β β
β ββββββββ΄βββββββ β
β β ADMIN β β
β β REVIEW β β
β ββββββββ¬βββββββ β
β β β
β ββββββββββββ΄βββββββββββ β
β β β β
β βΌ βΌ β
β βββββββββββββ βββββββββββββ β
β βBUYER WINS β βSELLER WINSβ β
β β β β β β
β β Refund to β β Release β β
β β Buyer β β to Seller β β
β βββββββββββββ βββββββββββββ β
Payment States
βββββββββββ
β PENDING β
ββββββ¬βββββ
β
βββββββββββ΄ββββββββββ
β β
βΌ βΌ
ββββββββββββ ββββββββββββ
β PAID β β FAILED β
ββββββ¬ββββββ ββββββββββββ
β
βΌ
ββββββββββββ
β IN ESCROWβ βββββ Funds held
ββββββ¬ββββββ
β
βββββββββββββββΌββββββββββββββ
β β β
βΌ βΌ βΌ
ββββββββββββ ββββββββββββ ββββββββββββ
β RELEASED β β FROZEN β β REFUNDED β
β β β(Dispute) β β β
β To Sellerβ ββββββ¬ββββββ β To Buyer β
ββββββββββββ β ββββββββββββ
β
βββββββββ΄ββββββββ
β β
βΌ βΌ
ββββββββββββ ββββββββββββ
β RELEASED β β REFUNDED β
β(Seller Won) β(Buyer Won)β
ββββββββββββ ββββββββββββ
π§ Technology Choices & Rationale
Core Stack
| Technology | Purpose | Why This Choice |
|---|---|---|
| Node.js + NestJS | Microservices | TypeScript support, dependency injection, modular architecture, excellent for APIs |
| PostgreSQL | Primary Database | ACID compliance for financial data, Row-Level Security (RLS) for tenant isolation, JSON support |
| Redis | Cache + Sessions | Sub-millisecond latency, pub/sub for real-time updates, session storage |
| Keycloak | Identity Provider | Enterprise-grade OAuth2/OIDC, multi-realm for tenant isolation, battle-tested security |
| NGINX | API Gateway | Rate limiting, load balancing, SSL termination, request routing |
| Docker | Containerization | Consistent environments, easy scaling, microservices deployment |
Why PostgreSQL with RLS?
-- Every query automatically filters by tenant
CREATE POLICY tenant_isolation ON products
USING (tenant_id = current_setting('app.tenant_id')::uuid);
-- Result: Tenant A can NEVER see Tenant B's data
-- No application-level bugs can leak data across tenants
Why Escrow Pattern?
| Traditional Payment | Escrow Pattern |
|---|---|
| Money goes directly to seller | Money held by platform |
| Buyer has no protection | Buyer protected until delivery |
| Disputes are messy | Clear dispute resolution |
| Chargebacks hurt seller | Platform absorbs chargeback risk |
Why Microservices?
MONOLITH PROBLEMS MICROSERVICES SOLUTION
βββββββββββββββββ ββββββββββββββββββββββ
Single point of failure β Fault isolation
Hard to scale specific parts β Scale only what's needed
Tightly coupled changes β Independent deployments
One language/framework β Best tool for each job
β¨ Features
πͺ Multi-Tenant Commerce
| Feature | Description |
|---|---|
| Tenant Isolation | Database-level isolation using PostgreSQL RLS |
| Custom Branding | Each tenant can customize their storefront |
| Flexible Pricing | Tenant-specific pricing rules, discounts, promotions |
| Inventory Management | Stock tracking with reservation system |
| Category Management | Hierarchical categories per tenant |
π° Financial Safety
| Feature | Description |
|---|---|
| Escrow Protection | All payments held until delivery confirmed |
| Platform Fee | Configurable platform commission (default 5%) |
| Payout Eligibility | Automated checks before fund release |
| Dispute Resolution | Evidence-based, admin-mediated disputes |
| Legal Holds | Freeze funds for legal/compliance needs |
π Security & Compliance
| Feature | Description |
|---|---|
| OAuth2/OIDC | Keycloak for enterprise authentication |
| Role-Based Access | 5 distinct admin roles with separated duties |
| Dual Approval | Sensitive actions require 2 admins |
| Immutable Audit | Tamper-proof audit logs with checksums |
| Data Export | GDPR-compliant data export with watermarking |
π¦ Order Management
| Feature | Description |
|---|---|
| Cart System | Persistent carts with guest support |
| Order Lifecycle | Complete state machine from checkout to delivery |
| Shipping Integration | Tracking, webhooks, delivery confirmation |
| Returns Management | Return requests, approval workflow, restocking |
| Notifications | Email/SMS notifications at each stage |
π‘οΈ Dispute System
| Feature | Description |
|---|---|
| Dispute Types | Non-delivery, damaged, fraud, chargeback |
| Evidence Upload | Both parties can submit evidence |
| Auto-Resolution | Automatic buyer win for non-delivery |
| Abuse Prevention | Buyer flagging, tenant penalties |
| Partial Refunds | Support for partial resolutions |
π Service Map
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β SERVICE ARCHITECTURE β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
PORT SERVICE RESPONSIBILITY
ββββ βββββββ ββββββββββββββ
3001 tenant-service Tenant registration, configuration, branding
3002 user-service User accounts, profiles, authentication
3003 admin-service Platform administration, tenant management
3004 product-service Product catalog, categories, search
3005 review-service Product reviews, ratings, moderation
3006 cart-service Shopping cart, wishlist, guest carts
3007 inventory-service Stock management, reservations
3008 pricing-service Pricing rules, discounts, promotions
3009 order-service Order creation, lifecycle, status
3010 payment-service Payment gateway integration, webhooks
3011 escrow-service Escrow accounts, transactions, payouts
3012 shipping-service Shipment tracking, delivery confirmation
3013 return-service Returns workflow, refunds, restocking
3014 dispute-service Dispute resolution, escrow freezing
3015 compliance-service Legal holds, exports, dual approval, audit
INFRASTRUCTURE
ββββββββββββββ
5432 PostgreSQL Primary database with RLS
6379 Redis Caching, sessions, pub/sub
8080 NGINX API gateway, load balancer
8081 Keycloak OAuth2/OIDC identity provider
ποΈ Database Design
Multi-Tenant Isolation Strategy
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β TENANT ISOLATION LAYERS β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
LAYER 1: APPLICATION
βββββββββββββββββββββββββββββββββββββββββ
β JWT token contains tenant_id β
β Middleware extracts and validates β
βββββββββββββββββββββββββββββββββββββββββ
LAYER 2: DATABASE CONNECTION
βββββββββββββββββββββββββββββββββββββββββ
β SET app.tenant_id = 'uuid' β
β Applied at connection level β
βββββββββββββββββββββββββββββββββββββββββ
LAYER 3: ROW-LEVEL SECURITY
βββββββββββββββββββββββββββββββββββββββββ
β POLICY: WHERE tenant_id = current_setting('app.tenant_id')
β Applied automatically to every query β
βββββββββββββββββββββββββββββββββββββββββ
RESULT: Even SQL injection cannot access other tenant's data
Core Tables
IDENTITY COMMERCE FINANCIAL
ββββββββ ββββββββ βββββββββ
tenants products escrow_accounts
users categories escrow_transactions
admin_users product_variants payouts
cart_items payment_records
orders
order_items COMPLIANCE
shipments ββββββββββββ
returns legal_holds
disputes approval_requests
reviews unified_audit_log
risk_signals
π Security Model
Authentication Flow
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β AUTHENTICATION FLOW β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Client Platform Keycloak
β β β
β ββ Login Request βββΊ β β
β β ββ OAuth2 Auth βββββββΊ β
β β βββ Access Token βββββ β
β βββ JWT Token ββββββ β β
β β β
β ββ API Request ββββββΊ β β
β (with JWT) β β
β β ββ Validate Token ββββΊ β
β β βββ Token Valid ββββββ β
β β β
β βββ Response βββββββ β β
Authorization Matrix
ββββββββββββββββββββ¬βββββββββββ¬βββββββββββ¬βββββββββββ¬βββββββββββ¬βββββββββββ
β ACTION β SUPER β TRUST β FINANCE β SUPPORT βCOMPLIANCEβ
ββββββββββββββββββββΌβββββββββββΌβββββββββββΌβββββββββββΌβββββββββββΌβββββββββββ€
β Terminate Tenant β β Init β β Init β β β β β β Approveβ
β Approve Payout β β Both β β β β Init β β β β Approveβ
β Resolve Dispute β β β β β β β β β β β
β Place Legal Hold β β β β β β β β β β β
β Export Data β β Approveβ β β β β β β β Init β
β Change Admin Roleβ β Both β β β β β β β β β
ββββββββββββββββββββ΄βββββββββββ΄βββββββββββ΄βββββββββββ΄βββββββββββ΄βββββββββββ
Init = Can initiate action
Approve = Can approve action
Both = Can do either
π Project Structure
ecomm-platform/
βββ services/
β βββ tenant-service/ # Tenant management
β βββ user-service/ # User accounts
β βββ admin-service/ # Platform administration
β βββ product-service/ # Product catalog
β βββ review-service/ # Reviews & ratings
β βββ cart-service/ # Shopping cart
β βββ inventory-service/ # Stock management
β βββ pricing-service/ # Pricing rules
β βββ order-service/ # Order management
β βββ payment-service/ # Payment processing
β βββ escrow-service/ # Escrow management
β βββ shipping-service/ # Shipment tracking
β βββ return-service/ # Returns workflow
β βββ dispute-service/ # Dispute resolution
β βββ compliance-service/ # Governance & compliance
β
βββ docker/
β βββ postgres/
β β βββ init.sql # Base schema
β β βββ phase4-inventory.sql # Commerce schema
β β βββ phase5-orders-payments.sql
β β βββ phase6-shipping-returns.sql
β β βββ phase7-admin-governance.sql
β βββ nginx/
β β βββ nginx.conf # Gateway configuration
β βββ keycloak/
β
βββ docs/
β βββ PHASE4-CART-INVENTORY-PRICING.md
β βββ PHASE5-ORDERS-PAYMENTS-ESCROW.md
β βββ PHASE6-SHIPPING-RETURNS-DISPUTES.md
β βββ PHASE7-ADMIN-GOVERNANCE.md
β βββ DISPUTE-RESOLUTION-RULES.md
β
βββ docker-compose.yml
βββ README.md
π― Key Design Decisions
1. Database-Level Tenant Isolation
Decision: Use PostgreSQL Row-Level Security instead of separate databases.
Rationale:
- Single database is easier to maintain and backup
- RLS provides guaranteed isolation even against SQL injection
- Scales better than multi-database approach
- Cross-tenant reporting possible for platform admins
2. Escrow-First Payment Model
Decision: Never let payment go directly to seller.
Rationale:
- Buyer protection is non-negotiable for marketplace trust
- Platform has leverage for dispute resolution
- Reduces chargeback impact on sellers
- Legal clarity on fund ownership
3. Immutable Audit Logs
Decision: Audit logs cannot be modified or deleted, even by admins.
Rationale:
- Legal defensibility in disputes
- Regulatory compliance (especially for financial data)
- Internal fraud prevention
- Database triggers enforce immutability
4. Dual Approval for Sensitive Actions
Decision: High-risk admin actions require approval from a second admin.
Rationale:
- Prevents single-point fraud
- Reduces impact of compromised accounts
- Creates accountability trail
- Industry standard for financial platforms
5. Microservices with Clear Boundaries
Decision: One service per domain, not per entity.
Rationale:
- Reduces inter-service chatter
- Clear ownership and deployment
- Can scale independently
- Easier to reason about
π Scalability Considerations
Current Architecture Scales To:
| Metric | Capacity |
|---|---|
| Concurrent Users | 10,000+ |
| Products per Tenant | 1,000,000+ |
| Orders per Day | 100,000+ |
| Tenants | 10,000+ |
Scaling Strategies Built-In:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β HORIZONTAL SCALING β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
STATELESS SERVICES
βββ Any service can be replicated behind NGINX load balancer
DATABASE SCALING
βββ Read replicas for heavy-read services (Product, Cart)
βββ Connection pooling via PgBouncer
CACHE STRATEGY
βββ Redis cluster for session and cache distribution
βββ Cache-aside pattern with TTL
MESSAGE QUEUE (FUTURE)
βββ RabbitMQ/Kafka for async processing
βββ Event-driven architecture ready
π Quality Attributes
| Attribute | Implementation |
|---|---|
| Reliability | Health checks, graceful degradation, retry logic |
| Security | OAuth2, RLS, rate limiting, audit logging |
| Scalability | Microservices, stateless design, caching |
| Maintainability | TypeScript, modular structure, documentation |
| Observability | Correlation IDs, structured logging, health endpoints |
| Compliance | GDPR exports, legal holds, immutable audit |
π Additional Documentation
| Document | Description |
|---|---|
| Phase 4: Cart, Inventory & Pricing | Commerce layer details |
| Phase 5: Orders, Payments & Escrow | Financial layer details |
| Phase 6: Shipping, Returns & Disputes | Fulfillment layer details |
| Phase 7: Admin Governance | Compliance layer details |
| Dispute Resolution Rules | Dispute handling policies |
π€ Author
Kunal
This platform demonstrates expertise in:
- Enterprise microservices architecture
- Financial system design (escrow, payouts)
- Multi-tenant SaaS architecture
- Security & compliance systems
- Modern DevOps practices
Built with β€οΈ for the modern marketplace economy