A highly secure, dockerized transaction engine built in Go (Golang) using the Gin Web Framework, GORM, MySQL, and Redis. The system simulates a Buy Now Pay Later (BNPL) / Consumer Credit platform with multi-month credit limit tracking, automated contract installment generation, and payment processing.
- Credit Limit Engine: Tracks multi-tenor credit limits (1, 2, 3, and 6 months) for each registered user profile.
- Idempotency & Double-Request Prevention: Uses validation for
External ID(validated via Redis) to prevent duplicate transactions or double charges. - Signature-Based Authentication: High-security API validation using request signature checks to verify authorization headers.
- Unique API Call ID Logging: Features a transaction logger where every single request/response is annotated with a unique
Api Call IDto simplify database auditing and log tracing. - Nginx Load Balancing & Docker Compose: Ready for containerized deployment, pre-bundled with an Nginx reverse proxy/load balancer, a MySQL instance, and automated container shell scripts (
install.sh,rebuild.sh).
The GORM database models the credit lifecycle from user verification to bill payment:
erDiagram
User {
string user_id PK
string user_status
string nik UK
string full_name
string legal_name
string tempat_lahir
string tanggal_lahir
double gaji
string foto_ktp
string foto_selfie
}
UserLimitBalance {
string user_id PK "FK references User"
double limit_one_month
double limit_two_month
double limit_three_month
double limit_sixth
}
Transaction {
string nomor_kontrak PK
string user_id "FK references User"
timestamp tanggal_kontrak
timestamp tanggal_update
double otr
double admin_fee
double harga_aset
double jumlah_cicilan
double jumlah_bunga
double tenor
double cicilan_bulanan
string nama_aset
}
MonthlyBilling {
string billing_id PK
string user_id "FK references User"
string nama_aset
double tenor
double harga_cicilan
timestamp tanggal_tagihan
}
Bill {
string kode_bayar PK
string user_id "FK references User"
double terbayarkan
double total_tagihan
double sisa_tagihan_bulanan
timestamp tanggal_bayar
double sisa_limit
string status_bayar
}
User ||--|| UserLimitBalance : holds
User ||--o{ Transaction : executes
User ||--o{ MonthlyBilling : receives
User ||--o{ Bill : pays
Every API call to /transaction passes through multiple layers of middleware to guarantee safety and compliance:
graph TD
A[Client Request] --> B[Signature Verification]
B -- Invalid Signature --> C[401 Unauthorized]
B -- Valid Signature --> D[Idempotency Check: External ID]
D -- Duplicate Found --> E[409 Conflict]
D -- New Transaction --> F[Limit Availability Check]
F -- Insufficient Limit --> G[400 Bad Request]
F -- Approved --> H[Generate Contract Installments & Save to DB]
H --> I[Log API Call ID & Return Success]
| Category | Method | Endpoint | Description | Security Required |
|---|---|---|---|---|
| User | POST |
/create-user |
Create new BNPL user profile | Valid Signature |
| Transaction | POST |
/transaction |
Initiate contract transaction & generate installment billings | Signature & Idempotency Key (External ID) |
- Docker and Docker Compose installed
- Bash-capable terminal (Linux/macOS or Git Bash/WSL on Windows)
Use the automated installation script to pull dependencies, set up the Nginx proxy, initialize the MySQL database, and run GORM migrations:
# Run the installation shell script
sh ./install.shIf you modify the Go source code inside the XYZ-MultiFinance directory, rebuild the app container using:
sh ./rebuild.sh- Access the MySQL container instance:
(Password:
docker exec -it mysql mysql -u root -pPassword123) - Set up the access privilege for the app runner:
GRANT ALL PRIVILEGES ON *.* TO 'xyz'@'%' IDENTIFIED BY 'Password123' WITH GRANT OPTION; FLUSH PRIVILEGES;
For testing the endpoint schemas, request signatures, and payloads, import the Postman collection file included in the root directory: XYZ-MultiFinance.postman_collection.json
Distributed under the MIT License. See LICENSE for more information.