Project • Backend API

Alveriano Platform API — multi-tenant backend.

Centralized form submission and payment processing serving 3+ live sites. Server-authoritative checkout validation, idempotent webhooks, TypeScript strict mode.

View infrastructure LinkedIn
AWS LambdaTypeScriptStripePostgreSQLSupabaseZodNode.js 20
Multi-tenant
One API serves multiple brands: Resinaro, Saltaire Guide, giuseppe.food. Tenant isolation via site field.
Server-authoritative checkout
Clients can’t forge checkout details. Server validates requests against a catalog and creates Stripe PaymentIntents.
Idempotent by design
Form submissions, payment intents, and webhooks all support safe retries via DB constraints.

Request flow

1
Client
Form submission from any brand site
2
API Gateway
Rate limiting, CORS validation
3
Lambda
Zod validation, business logic
4
Supabase
PostgreSQL storage, RLS
5
Stripe
Payment intents, webhooks
POST/forms/submit
Generic form ingestion. Validates site, formSlug, email. Supports idempotency keys.
POST/forms/submit-paid
Checkout form handling. Server-authoritative validation and creates Stripe PaymentIntent.
POST/stripe/webhook
Stripe event processing. Signature verification, idempotent event deduplication.
GET/health
Health check endpoint. Returns { ok: true, ts: timestamp }.

Database schema

form_submissions
  • id (UUID)
  • site
  • form_slug
  • email
  • payload (JSONB)
  • status
  • created_at
payments
  • id (UUID)
  • site
  • form_submission_id (FK)
  • stripe_payment_intent_id
  • amount_cents
  • status
stripe_events
  • event_id (PK)
  • type
  • status
  • livemode
  • processed_at
  • last_error