Production-grade, multi-tenant event ingestion and analytics platform.
┌─────────────┐
│ Clients │
└──────┬──────┘
│ HTTP (JWT/API Key)
▼
┌─────────────────────────────────────────┐
│ Spring Boot Application │
│ ┌────────────┐ ┌───────────────┐ │
│ │ Ingestion │──┬──▶│ RabbitMQ │ │
│ │ API │ │ │ Publisher │ │
│ └────────────┘ │ └───────────────┘ │
│ │ │
│ ┌────────────┐ │ ┌───────────────┐ │
│ │ Analytics │ └──▶│ Redis │ │
│ │ API │ │ (Cache/Rate) │ │
│ └────────────┘ └───────────────┘ │
└─────────────────────────────────────────┘
│ ▲
│ Async │ Consume
▼ │
┌──────────────┐ ┌───────────────┐
│ RabbitMQ │─────▶│ Worker │
│ Queue │ │ Service │
└──────────────┘ └───────┬───────┘
│ Persist
▼
┌───────────────┐
│ PostgreSQL │
│ (Events/Aggs) │
└───────────────┘
Ingestion Path:
- Client sends event with API key →
POST /v1/ingest - Controller validates, publishes to RabbitMQ →
202 Accepted - Worker consumes, checks idempotency (Redis), persists to PostgreSQL
- Scheduled job aggregates raw events into hourly rollups
Analytics Path:
- Client queries with JWT →
GET /analytics - Check Redis cache → hit: return immediately
- Cache miss → query PostgreSQL aggregations → populate cache → return
- Workspace: Tenant boundary (isolated data, users, projects)
- Row-level filtering: All queries filtered by
workspace_id - RBAC: Membership entity links users to workspaces with roles
- Security: Extract workspace from JWT/API key, enforce at repository layer
| Layer | Responsibility | Technologies |
|---|---|---|
| API | HTTP endpoints, validation, auth | Spring MVC, Spring Security |
| Service | Business logic, orchestration | Spring transactions, caching |
| Repository | Data access, tenant filtering | Spring Data JPA, Flyway |
| Messaging | Async processing, reliability | RabbitMQ, manual acks, DLQ |
| Caching | Performance, deduplication | Redis, Lettuce, cache-aside |
| Observability | Metrics, logs, traces | Actuator, Prometheus, SLF4J |
- Idempotency: Redis deduplication + DB unique constraint
- Retry logic: Exponential backoff with
@Retryable - Dead letter queue: Failed messages routed to DLQ for replay
- Manual acks: Messages only removed after successful processing
- Connection pooling: HikariCP (PostgreSQL), Lettuce (Redis)
- Batch processing: Hibernate batch inserts (size: 20)
- Query caching: Redis with TTL-based invalidation
- Async ingestion: Decouple write path from processing
- Aggregations: Pre-computed hourly rollups for fast queries
- Rate limiting: Token bucket per tenant (Redis-backed)
- Runtime: Java 21, Spring Boot 3.5.10
- Database: PostgreSQL 16 (HikariCP pooling)
- Cache: Redis 7 (Lettuce client)
- Messaging: RabbitMQ 3.13
- Observability: Micrometer, Prometheus, Grafana
- Testing: JUnit 5, Testcontainers, k6
- Java 21
- Docker & Docker Compose
docker-compose up -d./mvnw spring-boot:runcurl http://localhost:8080/actuator/healthsrc/main/java/com/akarengin/pulseforge/
├── controller/ # REST endpoints
├── service/ # Business logic
├── repository/ # Data access
├── entity/ # JPA entities
├── config/ # Spring configuration
├── security/ # Auth filters
└── messaging/ # RabbitMQ consumers
src/main/resources/
├── application.yml # Configuration
└── db/migration/ # Flyway migrations
./mvnw clean package./mvnw test./mvnw flyway:migrate- Decouples ingestion from processing (handles traffic spikes)
- Guaranteed delivery with manual acknowledgment
- Dead letter queue for failure handling
- Sub-millisecond API key lookups (high read, low write)
- Distributed idempotency checks across instances
- Token bucket rate limiting with atomic operations
- Version-controlled schema changes
- Prevents drift between environments
- Explicit migrations (no auto-DDL in production)
- Production-safe (won't modify schema)
- Forces explicit Flyway migrations
- Catches entity/schema mismatches at startup
- Horizontal: Stateless app instances behind load balancer
- Database: Read replicas for analytics, write to primary
- Redis: Cluster mode for distributed caching
- RabbitMQ: Clustered with mirrored queues
- Workers: Scale independently based on queue depth
- Metrics:
/actuator/prometheus(ingestion rate, latency, errors) - Health:
/actuator/health(DB, Redis, RabbitMQ connectivity) - Logs: Structured JSON with correlation IDs and tenant context
- Tracing: OpenTelemetry spans across ingestion flow
- Authentication: JWT (user APIs), API keys (ingestion)
- Authorization: RBAC via workspace membership
- Secrets: BCrypt hashing for passwords and API keys
- Validation: Bean Validation on all inputs
- Rate limiting: Per-tenant token bucket