Document Version: 1.0
Last Updated: 2025-03-03
1. Introduction
1.1 Purpose
This document outlines the backend implementation guidelines for The NovaFacies Open Source Framework (NFF).
in accordance with the API-first architecture. It provides the necessary requirements for developers to implement a backend that fully adheres to the API contract while allowing flexibility in the choice of technologies.
The NovaFacies Open Source Framework does not prescribe a specific backend technology; instead, it defines functional requirements that must be met. Developers may implement the backend using traditional microservices, Backend-as-a-Service (BaaS) solutions, or low-code/no-code platforms, provided they maintain API compliance.
1.2 Who This Document is For
- Backend Developers implementing The NovaFacies Open Source Framework-compliant services.
- Solution Architects designing API-first fintech applications.
- Integration Engineers responsible for ensuring interoperability.
- Technical Product Managers defining backend implementation strategies.
2. Core Backend Responsibilities
The backend must implement the following key services:
2.1 User Management
- Register and authenticate users using OAuth2/OpenID providers.
- Expose APIs for user profile retrieval and updates.
2.2 KYC Processing
- Mock functionality, externa Mock KYC Server needed.
2.3 Administrative Features
- Provide an API for administrators to retrieve and manage users.
2.4 API Standards & Security
- Follow RESTful or GraphQL principles for API design.
- Use secure Authentication mechanisms (OAuth2, JWT, API Keys).
- Implement basic error handling.
3. Implementation Strategies
3.1 Microservices-Based Backend (Traditional Coding Approach)
3.1.1 Recommended Tech Stack
- Programming Languages: Node.js, Python, Java, Go, Rust.
- Frameworks: FastAPI (Python), Express (Node.js), Spring Boot (Java).
- Databases: PostgreSQL, MySQL, MongoDB.
- Authentication: Keycloak, Auth0, Firebase Auth.
3.1.2 Implementation Overview
- Authentication Service: Implements OAuth2 Authorization, JWT-based Authentication.
- User Management Service: Handles registration, Authentication, and profile management.
- KYC Service: Manages user KYC status, retrieved via a mock KYC server.
- Admin API: Restricted endpoints for user management and auditing.
- API Gateway: Controls access and routes traffic to microservices.
3.1.3 Deployment Notes
- Containerized (Docker, Kubernetes) for scalability.
- Serverless (AWS Lambda, Google Cloud Functions) for event-driven processing.
3.2 Backend-as-a-Service (BaaS) Implementation
3.2.1 Recommended BaaS Platforms
- Supabase (PostgreSQL-based BaaS).
- Appwrite (Self-hosted, API-first backend).
- Firebase (Google’s managed backend solution).
3.2.2 Implementation Overview:
- Authentication & User Management: Utilize built-in Authentication (OAuth2, Firebase Auth, etc.).
- Database Storage: Store users and KYC statuses in the integrated BaaS database.
- Cloud Functions (Serverless Logic): Automate KYC process triggers and data updates.
3.2.3 Deployment Notes
- API extensions using serverless functions (Firebase Functions, Supabase Edge Functions).
- Minimal DevOps overhead with managed hosting.
4. API Compliance & Testing
4.1 API Compliance Requirements
- All backend implementations must fully comply with the API contract.
- APIs must return standardized responses (e.g., HTTP status codes, JSON format).
- Authentication must be handled securely with OAuth2, JWT, or API Keys.
4.2 API Testing Guidelines
To ensure compliance, all implementations must pass the following tests:
| Test Type | Description |
| Contract Testing | Validate API request/response against OpenAPI 3.0 spec. |
| Security Testing | Ensure Authentication & Authorization mechanisms are enforced. |
| Error Handling Tests | Confirm proper error messages and HTTP codes are returned. |
