professional
Octopus Payment Gateway Microservice
Standalone multi-tenant payment gateway service with HMAC-SHA256 signing, JWT authentication, and merchant management system.
projects.detail.detailContext
Role
Platform & DevSecOps Engineer
Timeline
September 2025 - October 2025
Category
professional
3,680+ lines of code
Multi-tenant architecture
APIP compliant
Overview
Architected and developed a production-ready payment gateway microservice that extracts and generalizes payment processing logic into a reusable service. Features comprehensive security infrastructure including APIP-compliant authentication, AES-256-GCM encryption, and automated webhook delivery with retry logic.
What I Built
- Designed and implemented complete cryptographic service with SHA-256 hashing and AES-256-GCM encryption
- Built HMAC-SHA256 request signature system with replay attack prevention
- Created merchant management APIs with key rotation and profile management
- Implemented async webhook delivery system with retry logic and failure handling
- Developed comprehensive test suite with unit and integration tests
Key Achievements
- +Contributed 3,680+ lines of production code in 2 weeks
- +APIP-compliant multi-tenant architecture
- +Automatic API key rotation with graceful expiration
- +Production-ready with complete security infrastructure
Technologies Used
Java 17Spring BootSpring SecurityPostgreSQLDockerJWTHMAC-SHA256AES-256-GCM
Tags
MicroservicesSecurityPayment GatewaySpring Boot