SDK.finance on-premise fintech platform technology
Create outstanding payment and banking products on top of our API-first, database agnostic ledger-based system designed to speed up the time-to-market, reduce TOC and scale easily. Gain complete independence from the vendor via obtaining the software source code license and empower your team with a top-notch foundation for building your fintech product.
Contact usHigh-level structure of SDK.finance platform core

Key approaches
- Core repository: Gitlab
- Code quality check: SonarQube, Spotbugs, OWASP, JUnit tests, PMD, and CheckStyle
- Database: DB agnostic
- Delivery: on-premise
- API architecture style: REST, gRPC
- Mapping: Mapstruct
- Timer: Quartz
Deployment and data migration
Payment software is a complex solution that requires certain procedures of core deployment and data migration. We recommend the routine that will minimize the risks for infrastructure functioning. Follow our tech requirements for software and hardware to conduct it successfully.
The scheme below represents deployment and migration process.

Infrastructure
SDK.finance infrastructure consists of 3 servers:
- developers instance (for development and testing of the software)
- production instance (live operation server with end-users and real operations)
- pre-production or Sandbox (infrastructure with the same specs as the production instance used for debugs of integrations with third-party components).
SDK.finance API
SDK.finance uses RESTful APIs to connect the functional blocks of the ledger-based system and the third-party solutions.
We use Swagger, an industry-leading framework, to design, build, and document our flexible APIs. The framework allows us to automatically create and update our interactive API documentation to keep our users up to date. SDK.finance works on the list of the APIs compatible for the integration with our solution. The number of compatible APIs is exceeding 400 in the latest release.

Scaling
SDK.finance offers fintech solutions for fintech companies with diverse business models. This difference shapes the load of traffic and operations for the core banking system we provide. For example, a consumer neobank may process 30-70 operations a second for 5-7 active profiles in the system. The merchant neobank is more operations-heavy while focusing on fewer clients in the system.
You can plan your scaling process both up and down with our solution. The API-oriented architecture will allow you to execute a realistic and balanced architecture scaling that will supply your business growth. Designing the platform the way we do allows us to limit the number of potential bottlenecks in the business flow.
Security: code, architecture, interface and transactions
SDK.finance develops products that should not have any loopholes in their security on any level. We check the code, design the system where you manage the excess of the employees, and log the changes they do in the neobank core.
Security of the source code
We develop code on the Java 17 LTS. The code is tested with JUnit, Arquillian and checked with OWASP security scanner. We check the code quality with SonarQube, UpSource and FindBugs.
System architecture security
Our platform is developed according to the PCI DSS standard. This one is specifically designed to secure cardholders from fraud and private data loss. We also follow the ISO standards in code development, meeting the requirements of the ISO 27001, ISO 12812, ISO 12812-5.
The interaction between clients and server components in the system is protected by a variety of traffic encryption methods (TLS with a 256 or 512 bit encryption), data hashing algorithms (SHA-256 or SHA-512), data packets signature, checksums verification, IP filtering and brute force attacks protection.
We implement firewalls, IDS (Intrusion Detection System), WAF (Web Application Firewalls) and load-balancing into the system. SDK.finance also uses software and hardware solutions from the market leaders (Oracle, IBM, Amazon, Microsoft, Google). We can also use additional methods of encryption on the application or database level to protect the cardholder’s data, their personal account number, etc.
Clients’ and back office interface security
To protect your system on the high-level infrastructure, we apply OTP and HMAC authorisation for back office access. On a basic level, we use two-factor authorisation and OAuth (Open Authorization). Back office also allows you to define the exact sections of the core your employees can use. There you can define the list of trusted domains too.