Gatekeeper Pattern

MoniPay's zero-trust backend architecture.

MoniPay employs a "Gatekeeper" architecture to protect our backend infrastructure and your data. In this model, no client-side application ever communicates directly with our database.

How it Works

  1. Request: The MoniPay app sends a request to an API endpoint.
  2. Authentication: The server verifies the request's authentication token.
  3. Validation: A "Gatekeeper" function validates the request against strict business rules (e.g., "Is this user allowed to see this transaction?").
  4. Execution: Only after validation is the database queried or updated.
  5. Response: The server returns only the specific data requested, sanitized for the client.

Benefits

  • SQL Injection Prevention: Because there are no direct queries from the client, SQL injection attacks are impossible.
  • Authorization Centralization: Security logic is kept in one place (the server), making it easier to audit and harder to bypass.
  • Rate Limiting: The Gatekeeper can block abusive traffic before it ever hits the database.

For Developers

When building on MoniPay, you will always interact with our REST API. This ensures that your integration inherits the same security properties as our official apps.