Figure Pay BiaB (BaaS) Technology Overview

# Figure Pay BiaB (BaaS) Technology Overview This document provides a high-level overview of our technical stack and system architecture. Our system architecture is documented in two parts. First, at the _application_ layer, demostrating the interrelation of the technology powering our API. Second as a network topology, including our use of firewalls and load balancing. ## Application Architecture ```plantuml package clients { [Program applications] as PA [Dashboard] } package backend { [HTTP Services] as S [Asynchronous Processors] as AP [API Gateway] as K package messaging { [Kafka] } package persistence { [CockroachDB] [Meilisearch] [GCP Storage] } } AP -[hidden]->> persistence S -[hidden]->> persistence clients-[hidden]->>backend K -[hidden]->>S K -[hidden]->>AP AP -[hidden]->messaging S -[hidden]->messaging Dashboard<<->>K PA<<->>K K<<->>S ``` --- ## Network Architecture ![](https://i.imgur.com/xNL5X4o.png) ![](https://i.imgur.com/sExyiOW.png) --- ## Technical Stack ### Languages **Kotlin** - Open-source statically typed programming language that targets the JVM, developed by JetBrains. This is our primary language for development and is used throughout our back-end web-servers and interelated asynchronous systems. We rely on Gradle for builds and make use of JetBrains' frameworks for our HTTP and ORM frameworks. We also make use of native Kotlin features, such as coroutines, for asynchronous scheduling and processing. **TypeScript / React**: Javescript frameworks we use to develop our customer service Dashboard. We rely on NPM for our builds; files are compiled to JavaScript and served out of a containerized nginx webserver. **Dart / Flutter**: Google's open source framework for building natively compiled, multi-platform mobile applications. We use this specifically to develop a white-label mobile application we can provide to Programs for a quicker go-to-market solution. ### Persistence & Communication **CockroachDB / PostgreSQL** - An open-source, cloud-native, and distributed SQL database with roots in PostgreSQL. This database serves as our main persistence layer. It is used throughout our backend for all domain-related persistance, including our ledger. **Kafka / Protobuf** - We deploy the Kafka stream-processing platform using Confluent's hosted cloud solution and share messages using Google's protobuf library, a language-neutral mechanism for serializing structured data. We use this cross-service for highly resilient asynchronous messaging & durable audit logging. **Meilisearch** - An open-source, lightweight indexed search engine that powers our multi-tenant search functionality. We use search to power our Dashboard as well as expose certain data to Programs for intra-network payments support. **Google Cloud Storage** - Google's secure, encrypted document storage solution. We use this to store (with compliant expiration) all user-provided identification for KYC / AML, as well as any documents with personal information such as consents and account statements. All user-provided files are first run through an AV scan before being uploaded and served out of our API. **Kong Gateway** - A cloud-native API Gateway, built on top of nginx. Used for all our API routing to our various back-end web-services. It also provides us with an OAuth 2.0 authentication layer that programs interact with to iteratively and securely identify themselves during API interaction. ### Deployment **Google Cloud Provider (GCP)** - our cloud service layer, used to host and manage our Kubernetes cluster, provide network-layer security and load-balancing, and provide authenticated access to other GCP resources and self-managed services. **Vault** - HashiCorp's secret manager used to securely manage sensitive data e.g. API keys, database passwords, etc. Provides encrypted delivery and secure variable injection into deployed runtime environments. **Kubernetes** - Open-source deployment automation system used for resource orchestration, scaling, and inter-service networking. Our cluster sits behind our firewalls and load-balancers in a private network and is communicated with over TLS. **Docker** - Open-source, cross-platform containerization for application runtime artifacts. All our services are deployed as containerized applications which helps gaurentee consistency in our CI / CD pipeline and during promotion of our API to production.