IQ Key ValueDEMO

Platform Services

Four production-ready microservices — each independently deployable with its own Helm chart, CI/CD pipeline, and PostgreSQL database.

IAM Service

Full identity lifecycle for multi-tenant SaaS. Handles signup, authentication, tenant provisioning, and access control.

  • Self-service signup — creates user + tenant in one call
  • Signup by invitation — time-limited (72 h), MEMBER authority by default
  • JWT RS256 — 15-min access tokens, 7-day refresh tokens with tenant_id
  • Brute-force protection — 5 attempts → 15-min lockout per email
  • Token revocation — JTI denylist + global signout timestamp
  • Password reset — rate-limited (3 req / 15 min), 1-hour TTL tokens
  • Email verification with Thymeleaf transactional emails
  • Tenant lifecycle — suspend, delete, retry provisioning, ShedLock reaper
  • JWKS endpoint for gateway JWT validation
  • Token exchange — tenant switching without re-authentication
  • Avatar uploads — two-phase presigned S3/MinIO flow, tenant-isolated storage
  • Announcements — multi-lingual, async fan-out in batches of 1,000
  • In-app notifications — WebSocket (STOMP/SockJS) real-time push

Gateway Service

Reactive Spring Cloud Gateway — the single entry point for the platform. Handles all cross-cutting concerns so downstream services receive a clean, enriched context.

  • JWT RS256 validation via JWKS (Spring Security OAuth2 Resource Server)
  • Header sanitization — strips X-User-*, X-Tenant-ID, X-Audit-* before JWT processing
  • Context propagation — X-User-ID, X-User-Email, X-User-Authorities, X-Tenant-ID
  • Audit context — AuditContextFilter injects X-Audit-IP, X-Audit-UA, X-Audit-Source
  • Monitoring filter — per-tenant request rate, latency, status; Grafana dashboard included
  • Correlation ID — generates or propagates X-Correlation-ID on every request
  • Security response headers — X-Content-Type-Options, X-Frame-Options, etc.
  • Aggregated Swagger UI — proxies downstream /api-docs through the gateway
  • Configurable public paths via iqkv.gateway.public-paths
  • Prometheus metrics + structured JSON logging with MDC context

Billing Service

Gateway-agnostic payment abstraction layer. Handles tenant-to-customer mapping, webhook ingestion, and lifecycle event publishing. No custom billing logic lives here.

  • Automatic customer provisioning on tenant.provisioned RabbitMQ event
  • Billing settings — billing email, tax ID / VAT/GST per tenant
  • Stripe integration via PaymentGatewayPort Strategy pattern
  • Idempotent webhook processing — duplicate delivery is safe
  • Subscription lifecycle events — created, cancelled, invoice.paid, payment.failed
  • Refunds API — full or partial refunds; TENANT_OWNER and PLATFORM_ADMIN access
  • Stripe Customer Portal sessions — self-service billing management for TENANT_OWNER
  • Plan catalog with PLATFORM_ADMIN management endpoints
  • Active subscription query for TENANT_OWNER and MEMBER roles
  • Multi-gateway ready — swap Stripe for any provider without business logic changes
  • Grafana dashboard — MRR, churn, refund volume, payment success rates

Audit Service

Centralized, event-driven audit trail. Passively observes platform events via RabbitMQ and transforms them into a searchable, compliance-ready log.

  • Passive observation — binds to iqkv.events exchange; zero changes in domain services
  • Event normalization — UserEvent, TenantEvent, etc. mapped to AuditRecord
  • Technical context enrichment — IP and User-Agent from X-Audit-* Gateway headers
  • JSONB metadata storage — flexible schema-less dynamic event details
  • SPI-based extensibility — plug in Elasticsearch or custom SIEM via AuditProvider
  • Dedicated PostgreSQL database — high-volume logging isolated from business DB
  • PLATFORM_ADMIN search API — paginated, filterable by user, tenant, action, date
  • Audit detail view — full record with JSONB metadata expansion
  • Custom Prometheus metrics — event consumption rate, persistence latency, storage usage

Hybrid Tenancy Model

One codebase, two deployment models. Switch between multi-tenant B2B and single-tenant B2C with a single configuration flag.

  • Multi-tenant mode — schema-per-tenant PostgreSQL isolation
  • Single-tenant mode — all users join a pre-configured default workspace
  • Liquibase per-tenant schema versioning and migrations
  • RabbitMQ async tenant provisioning workflow
  • Automatic tenant context resolution from JWT claims
  • ShedLock-guarded reaper cleans up stuck PROVISIONING tenants
  • No code changes required — set platform.rolloutMode in config
  • Independent tenant status transitions — ACTIVE, SUSPENDED, DELETED

Tenant App

The customer-facing surface of the platform. A React 19 SPA built with Mantine UI and Feature-Sliced Design.

  • Two-step sign-in flow with tenant discovery
  • Self-service signup with async provisioning polling
  • Workspace dashboard with basic stats and team overview
  • Team management — member list, ban/unban, role editing, ownership transfer
  • Invitation system — send, preview, and accept workspace invites
  • Billing self-service — Stripe Customer Portal, subscription view, plan catalog, refunds
  • Tenant settings — organization metadata editing
  • In-app notifications — bell, dropdown, notification center, real-time WebSocket push
  • My Account — profile editing, avatar upload, password reset, organization list
  • Internationalization with Lingui (English catalog implemented)
  • Session security — 30-min inactivity timeout and silent token refresh
  • Runtime configuration via public/config.js overrides

Platform Admin

The internal operator console for platform management. Requires PLATFORM_ADMIN authority to access.

  • Dashboard with real-time count cards for users, orgs, and subscriptions
  • Global User management — paginated list, detail view, profile edits, ban/unlock
  • Organization administration — 5-tab detail: Overview, Members, Billing, Subscriptions, Refunds
  • Invitation management — propose, edit, and revoke platform-wide invites
  • Subscription monitoring — read-only global list with status filters
  • Plan catalog CRUD — create, edit, and delete billing plans
  • Refunds management — global list, issue full or partial refunds via Stripe
  • Announcements — multi-lingual editor, publish/unpublish, delivery tracking
  • Audit logs — global trail across all tenants, filterable, detail view with JSONB expansion
  • In-app notifications — bell, dropdown, real-time WebSocket push
  • Operator account management — profile and password updates
  • Strict RBAC enforcement with automated route guards

Technology Stack

Enterprise Java without overhead — proven tools, long-term maintainability

Backend

Java 25 · Spring Boot 4.x · Spring Cloud Gateway (WebFlux) · MyBatis 3.x · PostgreSQL 17 · RabbitMQ · JJWT RS256 · ShedLock 7.x

Security

Spring Security OAuth2 Resource Server · BCrypt strength 12 · JWKS endpoint · JTI denylist · Two-layer token revocation · Stripe SDK

DevOps

Docker multi-stage builds · Kubernetes + Helm charts · Drone CI/CD 10-stage pipeline · Traefik · Liquibase · Three environments (local / staging / prod)

Observability

Prometheus · Grafana dashboards · Loki + Promtail · Micrometer · Structured JSON logging · Correlation ID tracing · Actuator health probes

Quality Gates

SonarQube · PMD · SpotBugs · Checkstyle (Google Java Style) · JaCoCo coverage thresholds · ArchUnit boundary validation · Testcontainers

Frontend

React 19 · TanStack Router (file-based) · TanStack Query · Mantine UI · Zustand · Lingui i18n · Vite · Astro landing kit