Back
Digital Bank.
Backend Infrastructure

Digital Bank
Platform

A microservices-based digital banking backend built with Java 21 and Spring Boot 3. Event-driven via Kafka, secured by Keycloak, and observable with Prometheus + Grafana.

7 MicroservicesKafka KRaftKeycloak OAuth2Idempotent API
View Source

7

Microservices

4

Kafka Topics

OAuth2

Keycloak

KRaft

No ZooKeeper

Event-Driven

Kafka Message Architecture

Async transaction processing with 3-attempt retries and dead-letter topics on exhaustion.

Apache Kafka

KRaft mode — no ZooKeeper

user.createdactive
Producer user-serviceConsumer account-service
transaction.created
Producer transaction-serviceConsumer account-service
balance.updated
Producer account-serviceConsumer transaction-service
transfer.completed
Producer transaction-serviceConsumer
Microservices

6 Independent Services

Each service owns its own database. Schema migrations managed by Flyway.

:8080

api-gateway

Single entry point. Validates JWTs, injects X-Correlation-ID, routes via Eureka.

JWT ValidationRate LimitingRouting
:8081

user-service

User registration & profile management. Publishes user.created on Kafka.

→ user.created
:8082

account-service

Manages bank accounts & balances. Consumes events, applies changes, emits balance.updated.

← transaction.created→ balance.updated← user.created
:8083

transaction-service

Handles DEPOSIT, WITHDRAWAL, TRANSFER. Creates PENDING → COMPLETED/FAILED.

→ transaction.created← balance.updated
:8888

config-server

Serves per-service YAML config. Each service fetches config on startup.

:8761

discovery-service

Netflix Eureka server. Services register on startup; gateway resolves instances.

Defense-in-Depth Security

All services are OAuth2 Resource Servers — each validates JWTs independently. The gateway validates first; Feign clients forward the original Authorization header for authenticated inter-service calls.

ADMIN: full accesscustomer: own resources
Key Patterns

Core Implementation

Kafka Consumer with Retry

@RetryableTopic with 3 attempts and exponential backoff. Failed messages land on a dead-letter topic for inspection.

Idempotent Transaction API

Idempotency-Key header prevents double-processing on safe retries. Cached responses returned for duplicate keys.

JWT Role Extraction

Roles extracted from Keycloak realm_access.roles claim. JwtAuthenticationConverter maps them to Spring Security authorities.

Tech Stack

Java 21Spring Boot 3.3Spring CloudApache KafkaKeycloak 24PostgreSQL 16Redis 7Netflix EurekaFlywayPrometheusGrafanaDocker Compose

Prometheus Metrics

Every service exposes /actuator/prometheus. Scrapes HTTP rate, latency percentiles, JVM memory, DB connections.

Grafana Dashboard

Pre-provisioned dashboard at :3000. Tracks Kafka consumer lag, request rates, and service health in real time.

Retry + DLT

@RetryableTopic: 3 attempts with 2s/4s backoff. Exhausted events land on .dlt topic for manual inspection.