https://github.com/vaelixbank/vaelix-api
The Open-Bancking API source code
https://github.com/vaelixbank/vaelix-api
javascript nodemon open-bancking openapi talwindcss typescript vite yarn
Last synced: about 1 month ago
JSON representation
The Open-Bancking API source code
- Host: GitHub
- URL: https://github.com/vaelixbank/vaelix-api
- Owner: vaelixbank
- License: agpl-3.0
- Created: 2025-07-06T14:00:56.000Z (7 months ago)
- Default Branch: main
- Last Pushed: 2025-09-05T13:20:32.000Z (5 months ago)
- Last Synced: 2025-09-05T15:29:30.380Z (5 months ago)
- Topics: javascript, nodemon, open-bancking, openapi, talwindcss, typescript, vite, yarn
- Homepage: https://api.vaelixbank.com
- Size: 19.5 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Vaelix Bank API
[](https://github.com/vaelixbank/vaelix-api/actions/workflows/ci.yml)
[](https://opensource.org/licenses/Apache-2.0)
[](https://nodejs.org/)
[](https://www.typescriptlang.org/)
[](https://www.postgresql.org/)
[](https://www.openbanking.org.uk/)
[](SECURITY.md)
[](https://codecov.io/gh/vaelixbank/vaelix-api)
> A production-ready, open-source banking API built on top of Weavr's Multi API, providing managed accounts and cards functionality with enterprise-grade security.
## ๐ Table of Contents
- [๐ Features](#-features)
- [๐๏ธ Architecture](#๏ธ-architecture)
- [๐ฆ Installation](#-installation)
- [๐๏ธ Database Setup](#๏ธ-database-setup)
- [โก Quick Start](#-quick-start)
- [๐ Documentation](#-documentation)
- [๐ง API Endpoints](#-api-endpoints)
- [๐ Security](#-security)
- [๐ค Contributing](#-contributing)
- [๐ License](#-license)
- [๐ Acknowledgments](#-acknowledgments)
## ๐ Features
### Core Banking Features
- โ
**User Management**: Corporate & Consumer identity management with KYC/KYB
- โ
**Authentication**: Strong Customer Authentication (SCA) with OTP & Push Notifications
- โ
**Account Management**: Managed accounts with virtual IBAN assignment
- โ
**Card Services**: Virtual & physical card management with CVC retrieval
- โ
**Transaction Processing**: Sends, transfers, and wire transfers
- โ
**Beneficiary Management**: Secure beneficiary management with SCA
- โ
**Bulk Operations**: Enterprise-grade bulk processing capabilities
### Security & Compliance
- ๐ **AES256-GCM Encryption**: Sensitive data encrypted at rest
- ๐ก๏ธ **Rate Limiting**: Multi-tier rate limiting for different endpoints
- ๐ซ **Brute Force Protection**: Progressive delays and account locking
- ๐ **Audit Trails**: Complete transaction history and compliance logs
- ๐ **Regulatory Compliance**: PSD2/Open Banking compliant architecture
- ๐ **API Key Management**: Encrypted API keys with multiple types
### Developer Experience
- ๐ **OpenAPI Documentation**: Comprehensive API documentation
- ๐งช **TypeScript**: Full type safety and IntelliSense support
- ๐ณ **Docker Support**: Containerized deployment ready
- ๐ **Monitoring**: Built-in health checks and metrics
- ๐ **Webhook Integration**: Real-time event notifications
- ๐ค **CI/CD Pipeline**: Automated testing and deployment
- ๐ฏ **Code Quality**: ESLint, Prettier, and Husky pre-commit hooks
- ๐ **Test Coverage**: Jest with coverage reporting
## ๐๏ธ Architecture
Vaelix Bank uses a **"Ledger First"** architecture where the local ledger is the single source of truth for all banking operations. Weavr acts as a regulated intermediary for compliance-required operations only.
```mermaid
graph TB
A[Vaelix Bank API] --> B[Local Ledger]
A --> C[Regulatory Gateway]
C --> D[Weavr Multi API]
B --> E[(PostgreSQL)]
A --> F[External Services]
style A fill:#e1f5fe
style B fill:#f3e5f5
style C fill:#e8f5e8
style D fill:#fff3e0
```
### Key Principles
1. **Data Sovereignty**: All business data remains in your infrastructure
2. **Regulatory Compliance**: Weavr provides licensed banking infrastructure
3. **Security First**: AES256 encryption and comprehensive audit trails
4. **Open Banking**: Berlin Group API standards compliant
## ๐ฆ Installation
### Prerequisites
- **Node.js** >= 18.0.0
- **PostgreSQL** >= 13.0
- **npm** or **yarn** package manager
### Clone and Install
```bash
# Clone the repository
git clone https://github.com/vaelixbank/vaelix-api.git
cd vaelix-api
# Install dependencies
npm install
# Copy environment configuration
cp .env.example .env
```
### Environment Configuration
Configure your `.env` file with the required environment variables:
```env
# Server Configuration
PORT=3000
NODE_ENV=development
# Database Configuration
DB_HOST=localhost
DB_NAME=vaelixbank
DB_USER=vaelixbank_user
DB_PASSWORD=your_secure_password
DB_PORT=5432
# Weavr API Configuration
WEAVR_API_BASE_URL=https://sandbox.weavr.io
WEAVR_API_KEY=your_weavr_api_key
# JWT Configuration
JWT_SECRET=your-super-secret-jwt-key
JWT_REFRESH_SECRET=your-refresh-secret-key
JWT_ACCESS_EXPIRY=15m
JWT_REFRESH_EXPIRY=7d
# Encryption Configuration
ENCRYPTION_KEY=your-64-character-hex-key
```
## ๐๏ธ Database Setup
### 1. Create PostgreSQL Database
```bash
# Create database and user (run as postgres superuser)
sudo -u postgres psql
# In PostgreSQL shell:
CREATE DATABASE vaelixbank;
CREATE USER vaelixbank_user WITH ENCRYPTED PASSWORD 'your_secure_password';
GRANT ALL PRIVILEGES ON DATABASE vaelixbank TO vaelixbank_user;
\q
```
### 2. Inject Database Schema
**Option A: Automatic Injection (Recommended)**
```bash
# Configure your .env file with database credentials first
# Then inject the complete schema automatically
npm run db:schema
```
**Option B: Manual Injection**
```bash
# Using psql directly
psql -h localhost -U vaelixbank_user -d vaelixbank -f data/schema-pgsql.sql
# Or using environment variables
psql -h $DB_HOST -U $DB_USER -d $DB_NAME -f data/schema-pgsql.sql
```
### 3. Verify Schema Installation
```bash
# Check table count (should show 73 tables)
psql -h $DB_HOST -U $DB_USER -d $DB_NAME -c "SELECT COUNT(*) FROM information_schema.tables WHERE table_schema = 'public';"
# List all created tables
psql -h $DB_HOST -U $DB_USER -d $DB_NAME -c "SELECT table_name FROM information_schema.tables WHERE table_schema = 'public' ORDER BY table_name;"
```
### Schema Contents
The database schema includes **73 tables** covering:
- **๐ฆ Core Banking**: Users, accounts, transactions, cards
- **๐ Open Banking**: Berlin Group API compliance (consents, payments, webhooks)
- **๐ข BaaS**: Banking as a Service (customers, accounts, cards, transactions)
- **โ๏ธ Legal Compliance**: KYC, AML, GDPR, regulatory reporting, audit trails
- **๐ Weavr Integration**: Synchronization tables and Weavr-specific fields
For detailed schema documentation, see [`DATABASE_SETUP.md`](/docs/DATABASE_SETUP.md).
### Docker Setup
```bash
# Build and run with Docker Compose
docker-compose up -d
# Or use Podman
docker-compose -f docker-compose-podman.yml up -d
```
## โก Quick Start
### 1. Create an API Key
```bash
curl -X POST http://localhost:3000/api/keys \
-H "Content-Type: application/json" \
-d '{
"user_id": 1,
"type": "server",
"name": "my-server-key"
}'
```
### 2. Create a Consumer
```bash
curl -X POST http://localhost:3000/api/consumers \
-H "x-api-key: your-api-key" \
-H "Content-Type: application/json" \
-d '{
"root_user": {
"name": "John Doe",
"email": "john@example.com"
}
}'
```
### 3. Create a Managed Account
```bash
curl -X POST http://localhost:3000/api/accounts \
-H "x-api-key: your-api-key" \
-H "Content-Type: application/json" \
-d '{
"profile_id": "profile_123",
"friendlyName": "Main Account"
}'
```
### 4. Retrieve IBAN
```bash
curl -X GET http://localhost:3000/api/accounts/123/iban \
-H "x-api-key: your-api-key"
```
## ๐ Documentation
### ๐ API Documentation
- **[Complete API Reference](docs/API.md)** - All endpoints with examples
- **[Models Documentation](docs/Models.md)** - Data structures and schemas
- **[Controllers Guide](docs/Controllers.md)** - Implementation details
- **[Docker Setup Guide](docs/DOCKER_README.md)** - Complete Docker documentation
- **[Changelog](CHANGELOG.md)** - Version history and release notes
### ๐ง Technical Documentation
- **[Services Architecture](docs/Services.md)** - Service layer overview
- **[Mobile Integration](docs/MOBILE_INTEGRATION.md)** - Mobile app integration
- **[API Keys Guide](docs/API_KEYS_README.md)** - API key management
### ๐ Security Documentation
- **[Security Policy](SECURITY.md)** - Security guidelines and reporting
- **[Code of Conduct](CODE_OF_CONDUCT.md)** - Community standards
## ๐ง API Endpoints
### Authentication & Users
- `POST /api/auth/login` - User authentication
- `POST /api/consumers` - Create consumer profile
- `POST /api/corporates` - Create corporate profile
- `GET /api/users/:id` - Get user details
### Accounts & Cards
- `POST /api/accounts` - Create managed account
- `GET /api/accounts/:id/iban` - Retrieve IBAN
- `POST /api/cards` - Create managed card
- `GET /api/cards/:id` - Get card details
### Transactions
- `POST /api/transactions/sends` - Send money
- `POST /api/transactions/transfers` - Transfer between accounts
- `GET /api/transactions` - List transactions
### Regulatory Compliance
- `POST /api/regulatory/transactions` - Process regulated transactions
- `GET /api/regulatory/accounts/:id/iban` - Get compliance IBAN
### Strong Customer Authentication (SCA)
- `POST /api/sca/challenges/stepup/otp` - OTP authentication
- `POST /api/sca/challenges/stepup/push` - Push notification auth
## ๐ Security
### Encryption & Data Protection
- **AES256-GCM** encryption for sensitive data at rest
- **TLS 1.3** encryption in transit
- **bcrypt** password hashing with salt rounds
- **JWT** tokens with configurable expiration
### Access Control
- **Multi-tier API keys**: client, server, and database types
- **Role-based access control** (RBAC)
- **Rate limiting** with progressive delays
- **Brute force protection** with account locking
### Compliance & Audit
- **Complete audit trails** for all operations
- **GDPR compliant** data handling
- **PSD2/Open Banking** regulatory compliance
- **PCI DSS** card data handling standards
### Security Features
```typescript
// Example: Encrypted API key storage
const encryptedKey = encrypt(apiKey.secret); // AES256-GCM
await db.query('INSERT INTO api_keys (secret) VALUES ($1)', [encryptedKey]);
```
## ๐ค Contributing
We welcome contributions from the community! Please see our [Contributing Guide](CONTRIBUTING.md) for details.
### Development Setup
```bash
# Fork and clone the repository
git clone https://github.com/vaelixbank/vaelix-api.git
cd vaelix-api
# Install dependencies
npm install
# Set up pre-commit hooks
npm run prepare
# Copy environment configuration
cp .env.example .env
# Run linting and type checking
npm run lint
npm run typecheck
# Run tests with coverage
npm run test:coverage
# Start development server
npm run dev
```
### Available Commands
```bash
# Development
npm run dev # Start development server
npm run build # Build for production
npm run clean # Clean build artifacts
# Code Quality
npm run lint # Run ESLint
npm run lint:fix # Fix linting issues
npm run format # Format code with Prettier
npm run typecheck # TypeScript type checking
# Testing
npm test # Run tests
npm run test:watch # Run tests in watch mode
npm run test:coverage # Run tests with coverage
npm run test:integration # Run integration tests
# Docker
npm run docker:build # Build Docker image
npm run docker:run # Run Docker container
# Database
npm run migrate # Run database migrations
```
### Code Quality
- **ESLint** for code linting with TypeScript support
- **Prettier** for code formatting
- **Husky** pre-commit hooks for quality gates
- **TypeScript** strict mode enabled
- **EditorConfig** for consistent editor settings
- **Jest** for unit and integration testing
- **Codecov** for test coverage reporting
### Testing
```bash
# Run unit tests
npm test
# Run integration tests
npm run test:integration
# Generate coverage report
npm run test:coverage
```
## ๐ Deployment
### Production Deployment
This API is configured to run under `https://api.vaelixbank.com/`. Make sure to:
1. Set up a reverse proxy (nginx) to forward requests to the API
2. Configure SSL certificates for HTTPS
3. Set environment variables appropriately
4. Use a process manager like PM2 in production
### Environment Variables
```bash
# Server Configuration
PORT=3000
NODE_ENV=production
# Database Configuration
DB_HOST=your_db_host
DB_NAME=your_db_name
DB_USER=your_db_user
DB_PASSWORD=your_db_password
DB_PORT=5432
# Weavr API Configuration
WEAVR_API_BASE_URL=https://api.weavr.io
WEAVR_API_KEY=your_weavr_api_key
# Security Configuration
ENCRYPTION_KEY=your_64_char_hex_encryption_key
JWT_SECRET=your_jwt_secret
JWT_REFRESH_SECRET=your_refresh_secret
# Email Configuration (optional)
SMTP_HOST=your_smtp_host
SMTP_PORT=587
SMTP_USER=your_smtp_user
SMTP_PASS=your_smtp_password
```
### Docker Deployment
```bash
# Quick development setup
make dev
# Production deployment
make prod
# With monitoring stack
make monitoring
```
#### Available Environments
- **Development**: `docker-compose.dev.yml` - Hot reload, debugging, dev tools
- **Production**: `docker-compose.prod.yml` - Optimized, secure, scalable
- **Override**: `docker-compose.override.yml` - Local customizations
See **[Docker Documentation](docs/DOCKER_README.md)** for complete setup instructions.
### Cloud Deployment
The API is designed to work with:
- **AWS**: ECS, EKS, or Lambda
- **Google Cloud**: Cloud Run or GKE
- **Azure**: Container Instances or AKS
- **Heroku**: Standard deployment
- **DigitalOcean**: App Platform or Droplets
## ๐ License
This project is licensed under the **Apache License 2.0** - see the [LICENSE](LICENSE) file for details.
```
Copyright 2024 Vaelix Bank
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
```
## ๐ Acknowledgments
- **Weavr** for providing the regulated banking infrastructure
- **Open Banking Initiative** for the standards and specifications
- **The Open Source Community** for the amazing tools and libraries
### Built With
- [Node.js](https://nodejs.org/) - Runtime environment
- [TypeScript](https://www.typescriptlang.org/) - Type-safe JavaScript
- [Express.js](https://expressjs.com/) - Web framework
- [PostgreSQL](https://www.postgresql.org/) - Database
- [Weavr Multi API](https://weavr.io/) - Banking infrastructure
---
**Vaelix Bank API** - Empowering Open Banking Innovation
[](https://github.com/vaelixbank/vaelix-api)
[](https://github.com/vaelixbank/vaelix-api)
[](https://github.com/vaelixbank/vaelix-api/issues)
[๐ Documentation](docs/) โข [๐ Report Bug](https://github.com/vaelixbank/vaelix-api/issues) โข [๐ก Request Feature](https://github.com/vaelixbank/vaelix-api/issues)