EXPERT⚙ Go Backend6-8hMattia+Milan

B2B2C Partner API Platform

Design and build a multi-tenant B2B2C API platform: partners (businesses) integrate via API keys, manage their end-users' cards, and track transactions. Includes tenant isolation, rate limiting, webhook delivery, and API versioning. This maps directly to Gnosis Pay's partner API product.

Tech Stack

GoPostgreSQLRedis (rate limiting)Webhook deliveryOpenAPI/Swagger

What You'll Learn

→Multi-tenant API architecture with tenant isolation
→API key management and scoped permissions
→Webhook delivery with retry and circuit breaker
→API versioning strategies
→Rate limiting with token bucket algorithm

Milestones (0/6)

M1Partner registration & API key management

▾

M2Multi-tenant data isolation

▾

M3Rate limiting & usage tracking

▾

M4Webhook delivery with retries

▾

M5Card management API

▾

M6API versioning & documentation

▾

Architecture Hints

Architecture

Partner App
    │
    ├── Bearer gp_xxx (API Key)
    │
    ▼
┌──────────────────────────────────────────┐
│              API Gateway                  │
│  ┌──────────┐  ┌──────────┐  ┌────────┐ │
│  │Auth MW   │─▶│Rate Limit│─▶│Version │ │
│  │(API Key) │  │(per tier)│  │Router  │ │
│  └──────────┘  └──────────┘  └────┬───┘ │
└───────────────────────────────────┼──────┘
                                    │
              ┌─────────────────────┼──────────┐
              ▼                     ▼          ▼
        ┌──────────┐         ┌──────────┐ ┌────────┐
        │  Card    │         │  User    │ │Webhook │
        │  Service │         │  Service │ │Service │
        └────┬─────┘         └────┬─────┘ └────┬───┘
             │                    │             │
        ┌────▼────────────────────▼─────┐  ┌───▼───┐
        │     PostgreSQL                │  │ Queue │
        │  (tenant-isolated tables)     │  │       │
        └───────────────────────────────┘  └───────┘

Maps to Gnosis Pay: - Partners = companies issuing branded Gnosis Pay cards - API keys with scopes = Gnosis Pay's actual partner API auth - Tenant isolation = each partner sees only their users/cards - Webhooks = real-time transaction notifications to partners

Interview Talking Points

▸Discuss multi-tenant architecture trade-offs: shared tables with RLS vs separate schemas vs separate DBs
▸Explain the API key design: why hashed storage, why gp_ prefix, how rotation works
▸Talk about webhook reliability: why HMAC signatures, idempotency keys for delivery, circuit breaker pattern
▸Discuss rate limiting strategies: token bucket vs leaky bucket vs fixed window
▸Explain how this maps to Gnosis Pay's actual B2B2C product for partner companies