Skip to content
by Rakesh Waghela

14.1 Backend services

Language and runtime

Section titled “Language and runtime”
  • Java 17 LTS (or 21 LTS for new platforms).
  • JVM: Eclipse Temurin / Amazon Corretto.

Framework

Section titled “Framework”
  • Spring Boot 3.x.
  • Spring Web (servlet-based) for REST APIs.
  • Spring WebFlux only where reactive is justified (rare for OLTP lending).
  • Spring Data JPA for repositories.
  • Spring Security for authentication / authorisation primitives.
  • Spring Cloud for service discovery / config (selective).

Modules

Section titled “Modules”

Use modular monolith as per 5.2. Maven / Gradle multi-module project where each module corresponds to a product module (acquisition, application, kyc, etc.) plus shared / integrations.

Libraries

Section titled “Libraries”
  • MapStruct for DTO ↔ entity mapping.
  • Lombok for boilerplate (carefully — avoid abuse).
  • Resilience4j for circuit breakers, retries, bulkheads on vendor calls.
  • Bucket4j for rate limiting.
  • Flyway for DB migrations.
  • Jackson for JSON.
  • Apache HTTP Client / OkHttp for vendor HTTP calls.
  • Camunda 7 / Temporal SDK for workflow.
  • Drools (later) for rule engine.
  • OpenAPI (springdoc) for API spec.

API gateway

Section titled “API gateway”
  • AWS API Gateway or Kong or Spring Cloud Gateway at the edge.
  • Rate limiting, request logging, JWT verification at gateway.

Internal auth

Section titled “Internal auth”
  • Internal services use mTLS for transport authentication.
  • Service tokens (short-lived JWT) for per-call identity.
  • Workload identity (IAM roles for service accounts).

API conventions

Section titled “API conventions”
  • REST + JSON for external and most internal.
  • OpenAPI specification for every API; auto-generated docs.
  • Versioning in URL (/v1, /v2).
  • Idempotency via Idempotency-Key header on mutating endpoints.
  • Pagination via cursors (avoid offset for large tables).
  • Error model consistent (RFC 7807 problem-details or similar).

Service template

Section titled “Service template”

Every new service starts with:

  • Spring Boot starter.
  • Standard health / readiness endpoints.
  • Standard observability (metrics, traces, logs).
  • Standard auth.
  • Standard error model.
  • DB connection pool.
  • Vendor adaptor framework.

Testing

Section titled “Testing”
  • JUnit 5 + AssertJ for unit.
  • Testcontainers for integration (real Postgres / Redis / etc.).
  • WireMock for vendor stubs.
  • REST-assured for API testing.
  • Pact for consumer-driven contract testing across modules.
  • Coverage target: > 70% for critical modules.

Code quality

Section titled “Code quality”
  • SonarQube for static analysis.
  • Checkstyle / Spotless for formatting.
  • OWASP dependency-check for vulnerabilities.
  • Renovate / Dependabot for dep updates.