Luke a Pro

Luke Sun

Developer & Marketer

đŸ‡ēđŸ‡Ļ
EN|įŽ€|įš
© 2015–2026 Luke Sun.
All rights reserved.
Back to Projects
MEXAR Backend

MEXAR Backend

production

Jan 2024 — Dec 2025

Visit
APIPHPLaravelPostgreSQLRedisKafkaRemittance

Overview

The core backend API powering the MEXAR international remittance system. Orchestrates communication across microservices via Webhook and Kafka. Licensed in Indonesia, passing 3 rounds of Bank Indonesia reviews and 3rd party penetration testing.

As CTO of AbleGroup, led the architecture design and development of the entire MEXAR system — Back Office, Backend, and all microservices — with a team of only 3 developers.

Tech Stack

  • Backend — PHP/Laravel
  • Database — PostgreSQL, Redis
  • Message Queue — Kafka, RabbitMQ
  • Inter-service Communication — Webhook, Kafka

Security

  • Authentication — Forced MFA, short session expiry, GEO location anomaly detection
  • Cookie Hardening — HttpOnly, Secure, SameSite cookie attributes
  • CSRF Protection — Token-based cross-site request forgery prevention
  • IDOR Prevention — Object-level authorization on all API endpoints
  • Security Headers — CSP, HSTS, X-Content-Type-Options, Referrer-Policy
  • XSS Protection — Input sanitization and output encoding across all endpoints
  • ACL Engine — 235 granular permissions with customizable roles; deny-by-default on all routes
  • Rate Limiting — Request throttling to prevent abuse and brute-force attacks
  • SSL/TLS — Enforced encrypted communication for all API traffic
  • IP Whitelist — Restricted access to sensitive endpoints and admin operations
  • Audit Trail — Comprehensive logging of all user activities and system events for compliance and forensic analysis
  • Compliance — Passed 3rd party penetration testing and 3 rounds of Bank Indonesia reviews

Key Capabilities

  • Automatic Transaction Review Pipeline — Rule-based transaction screening evaluating min/max amount limits per entity, currency, and company within configurable time periods; transaction frequency caps per entity; KYC status verification; and AML blacklist checks against flagged entities

Design Principles

  • Idempotency — Idempotent transaction processing ensuring data consistency across distributed services
  • Scalability — Microservice orchestration designed for horizontal scaling
  • Extensibility — Abstract service boundaries enabling rapid partner and provider changes driven by regulatory requirements

Gallery

Related Projects

MEXAR official website landing page

MEXAR Official Website

A trilingual Astro website for MEXAR, presenting the product, platform architecture, modules, compliance posture, and licensing model.

WebsiteAstroTailwindCSSDaisyUI +6
MEXAR Back Office dashboard

MEXAR Back Office

The back office dashboard for MEXAR international remittance system, managing operations, compliance, and transaction monitoring.

DashboardNext.jsMUITailwindCSS +1
MEXAR Messaging microservice

MEXAR Messaging MSA

The messaging microservice for MEXAR, handling SMS notifications and transactional messages.

MicroservicePythonFastAPISMS +2
MEXAR KYC microservice

MEXAR KYC MSA

The KYC (Know Your Customer) microservice for MEXAR, managing identity verification and compliance workflows.

MicroservicePythonFastAPIKYC +2
MEXAR Payment Gateway microservice

MEXAR Payment Gateway

The payment gateway microservice for MEXAR, handling inbound payment collection from remittance senders.

MicroservicePythonFastAPIPayment +2
MEXAR Payout Gateway microservice

MEXAR Payout Gateway

The payout gateway microservice for MEXAR, handling outbound disbursement to remittance recipients.

MicroservicePythonFastAPIPayout +2
MEXAR MCP Server headless AI operations bridge
ongoing

MEXAR MCP Server

A headless Model Context Protocol server that exposes selected MEXAR Core API workflows to AI clients through read tools and confirm-gated write tools.

MCPAITypeScriptNode.js +7