PROJECTS / CASE STUDY

HEADLESS ECOMMERCE PLATFORM

Client (NDA) · Sole architect & developer

A fully owned, three application commerce suite I designed, architected, and built solo for an international client. A CodeIgniter 4 admin platform, a standalone hardened REST API service, and a React 19 TypeScript storefront, integrating Stripe, Mollie, and Viva Wallet with webhook driven orders across 28 shipped feature phases.

PHP 8.2CodeIgniter 4 MariaDBReact 19 TypeScriptTanStack Start Tailwind CSS 4Stripe MollieViva Wallet

THE BRIEF

The client wanted a commerce back office they fully owned: one codebase that could power any frontend, hold the catalog, orders, and business logic outright, and keep the door open to add or swap storefronts later without a rebuild.

The answer was a headless platform split into three deployable applications. The admin owns the data and the business logic. The API exposes it. The storefront consumes it. Each ships and scales on its own, and a new frontend is a new client of the API rather than a migration.

ARCHITECTURE

Three independent applications over one shared database contract, with a pluggable handoff layer for the storefronts the client already runs.

CI4 Admin Platform Catalog, orders, business logic

REST API Service Private + public endpoints

React 19 Storefront TanStack Start SPA

OPTIONAL Storefront Handoff Shopify / WooCommerce

Brand edits land on the live storefront with no redeploy: catalog, pricing, CMS pages, policies, announcements, and even theme colors are owned in the admin and hydrated into the storefront at runtime, with structured content parsed defensively so a malformed edit degrades gracefully instead of breaking the page. The storefront itself reads through a single typed data layer with intelligent caching, so it stays fast without the redundant requests common in headless builds.

Because the client also operates established Shopify and WooCommerce storefronts, the platform keeps a pluggable layer that can hand a cart to one of those existing stores when that is the right path, instead of forcing every sale through a single checkout. It is an option the business controls per destination, not a requirement.

FEATURE INVENTORY

28 shipped feature phases across the admin and API. Each one is live, not a roadmap item.

Catalog & variations Orders Role based access Coupons Inventory & CSV import Low stock alerts Loyalty points Gift cards Refunds & returns Tax & VAT engine Shipping zones & rates Verified reviews Abandoned cart recovery Affiliate tracking Stripe subscriptions i18n with DeepL SEO tooling Email notifications CSRF & rate limiting API key & Bearer auth

SCALE

28Feature phases shipped

55+Admin controllers

34Database migrations

56API routes

5Payment gateways

20Locales

Five gateways drive a webhook backed order flow. Customer sessions authenticate with Bearer tokens. The public storefront APIs are CORS enabled and rate limited, the private admin API sits behind API key auth, and the whole platform deploys with zero downtime.

SECURITY & HARDENING

I ran a full security and code quality audit of the platform, documenting 60+ findings with severity ratings and file level evidence, then remediated every critical and high severity issue. The two most serious, price tampering and forged payment confirmation, are fully closed.

Server side price validation

Checkout re-resolves every line price from the database, so a tampered client request can never set its own price.

Authenticated payment webhooks

Gateway paid notifications are cryptographically verified or re-confirmed against the provider, closing the door on forged payment events.

Atomic order processing

Order creation and payment state transitions are transactional and idempotent, preventing double processing and orphaned records.

Beyond the headline fixes: gift card and coupon integrity, customer authentication rate limiting, SSRF and stored XSS protection in the media pipeline, and reduced data exposure on the public endpoints.

ENGINEERING & QUALITY

Type safe end to end, tested, and documented so another developer can pick it up on day one.

Strict TypeScript Automated tests Lint & type checks Typed API client Normalized error handling Request timeouts Error boundaries & reporting Vendor code splitting Per route chunks Real query cache Tuned API cache headers Documented onboarding

COMPLIANCE & PAYMENTS READINESS

One deployment of the platform served a regulated, high risk DTC vertical where payment processors reject most applicants. I ran the store through the processor's full requirement checklist and closed every gap, taking it from a failing readiness audit to 15 of 18 requirements passing, with the rest gated only on the client's own live credentials and legal sign off.

EU compliant policy pages, generated and dynamic

Six policy pages — GDPR privacy, distance selling terms with ODR, refund, shipping, cancellation with the 14 day withdrawal right and model form, and a cookie policy — generated into the CMS and rendered from the business settings at request time, so the legal text stays editable instead of baked in.

Native pay by bank gateway

An account to account rail with no card and no chargebacks, built from scratch in CodeIgniter to the same contract as the card gateways: HMAC SHA256 signed webhooks, fail closed verification, server side repricing. Added alongside Stripe, Mollie, and Viva Wallet plus a hosted checkout option.

Underwriting ready content

A cookie consent gate that blocks non-essential scripts until opt in, original AI generated product and hero imagery that passes reverse image checks, and consistent positioning across copy and imagery in 20 languages, so the store reads as legitimate to an underwriter.

Need a commerce platform you actually own?

I build headless commerce back offices, REST APIs, and modern storefronts end to end. If that is the build you are scoping, let us talk.

START A CONVERSATION