eToro Plus — API Specs

10 feature services · JPMorgan FX + Stripe integrations · ~64 engineers · 18 months

System Architecture

┌──────────────────────────────────────────────────────────────────┐
│                      eToro Mobile / Web                          │
└─────────────────────────────┬────────────────────────────────────┘
                              │ HTTPS / JWT
                   ┌──────────▼──────────┐
                   │    API Gateway       │
                   │  (Rate Limit, Auth)  │
                   └──────────┬──────────┘
         ┌────────┬───────┬───┴───┬────────┬────────┬──────────┐
         ▼        ▼       ▼       ▼        ▼        ▼          ▼
   ┌──────────┐┌─────┐┌──────┐┌──────┐┌───────┐┌──────┐┌──────────┐
   │ Wallet   ││Card ││Round ││Salary││Savings││Groups││ Deposits │
   │ Service  ││Svc  ││Up Svc││Svc   ││Vaults ││Svc   ││ Service  │
   └────┬─────┘└──┬──┘└──┬───┘└──┬───┘└───┬───┘└──┬───┘└────┬─────┘
        │         │      │       │        │       │         │
   ┌────┼─────────┼──────┼───────┼────────┼───────┼─────────┼──────┐
   │    ▼         ▼      ▼       ▼        ▼       ▼         ▼      │
   │             Internal Event Bus (Kafka / SNS+SQS)              │
   └────┬─────────┬──────────────┬────────────────┬────────────────┘
        │         │              │                │
   ┌────▼────┐┌───▼───┐   ┌─────▼─────┐   ┌─────▼─────┐
   │ JPMorgan││ Stripe │   │ Rewards   │   │  Junior   │
   │ FX APIs ││  APIs  │   │  Engine   │   │ Accounts  │
   └─────────┘└───────┘   └───────────┘   └───────────┘

Technology Stack

Runtime

Node.js 20+ / TypeScript

API Gateway

Kong / AWS API Gateway

Database

PostgreSQL 16 + Redis

Event Bus

Kafka + AWS SNS/SQS

Infrastructure

AWS EKS (Kubernetes)

Monitoring

Datadog APM + PagerDuty

CI/CD

GitHub Actions → ArgoCD

IaC

Terraform

Integration Patterns

🏦 JPMorgan Authentication

OAuth 2.0 client credentials + mTLS in production
Token caching in Redis with 55-min TTL (tokens expire at 60 min)
Exponential backoff retry: 100ms → 200ms → 400ms, max 3
Circuit breaker: open after 5 failures, half-open after 30s

💳 Stripe Authentication

API keys (sk_live_*) in encrypted env vars
Webhook verification via stripe.webhooks.constructEvent()
UUID-based idempotency keys on all mutating operations
API version pinned to specific date, tested before upgrade

🔄 Webhook Handling

Stripe/JPM → HTTPS POST → Webhook Ingestion
  1. Verify signature  2. Deduplicate  3. Enqueue to Kafka  4. Return 200
  → Consumer Service (idempotent processing)

🔑 Idempotency

Client sends Idempotency-Key: UUID header
Server checks Redis → return cached or execute + store (24h TTL)

⚡ Rate Limits

JPM: 100-1000 req/min (token bucket per API)
Stripe: 100 req/sec live (distributed rate limiter in Redis)
Internal: 100 req/min standard, 300 premium

Feature Services

Build Plan & Dependencies

Dependency Graph

Instant Deposits ─────────────────────────────────────┐
       │                                               │
Multi-Currency Wallet ──► Auto-Convert at Target Rate  │
       │                                               │
       ├──► eToro Debit Card ──► Round-Up Investing    │
       │                                               │
       └──► Smart Savings Vaults                       │
                                                       │
Rewards Program (standalone) ◄─────────────────────────┘
Salary Deposit (standalone, regulatory gated)
Group Splitting (needs social infra)
Junior Accounts (needs KYC overhaul, regulatory gated)

Phased Build Order

Phase 1 — Foundation

Month 1-3 · 11 engineers

① Instant Deposits 6 wk

② Multi-Currency Wallet 6 wk

Phase 2 — Core

Month 3-6 · 25 engineers

③ eToro Debit Card 8 wk

⑤ Rewards Program 6 wk

⑦ Salary Deposit 8 wk

⑧ Auto-Convert 5 wk

Phase 3 — Growth

Month 6-12 · 40+ engineers

④ Round-Up Investing 4 wk

⑥ Smart Savings 5 wk

⑨ Group Splitting 8 wk

⑩ Junior Accounts 10 wk

Staffing Recommendation

Phase 1: 11 engineers — Instant Deposits + Multi-Currency Wallet
Phase 2: Scale to 25 — add Card, Rewards, Salary, Auto-Convert
Phase 3: Full 40+ — all remaining features
Total pipeline: ~64 engineers across all projects, ~18 months

Compliance Matrix

Feature	PCI DSS	PSD2/SCA	KYC/AML	COPPA	Lending
Multi-Currency Wallet	—	✅	✅	—	—
eToro Debit Card	✅ L1	✅	✅	—	—
Round-Up Investing	—	—	—	—	—
Salary Deposit	—	—	✅	—	✅
Smart Savings	—	—	—	—	—
Group Splitting	—	—	✅	—	—
Instant Deposits	—	✅	✅	—	—
Junior Accounts	—	—	✅	✅	—
Rewards Program	—	—	—	—	—
Auto-Convert	—	✅	—	—	—

Cross-Cutting Security

Auth

JWT RS256 + scoped permissions

Encryption

AES-256 at rest, field-level for PII

Data Residency

EU: eu-west-1 · US: us-east-1

SLO

99.95% availability, p99 < 500ms

RPO: 1 min · RTO: 15 min

Observability

OpenTelemetry → Datadog

Project Summary

#	Project	Priority	Team	Duration	External APIs
1	Instant Deposits	⭐ Must-have	5	12 wk	Stripe Financial Connections
2	Multi-Currency Wallet	⭐ Must-have	6	12 wk	JPM FX + Stripe Treasury
3	eToro Debit Card	⭐ Must-have	8	14 wk	Stripe Issuing
4	Round-Up Investing	🟡 Should-have	4	8 wk	Stripe Issuing webhooks
5	Rewards Program	🟡 Should-have	8	12 wk	Stripe Billing
6	Smart Savings	🟡 Should-have	5	9 wk	Stripe Treasury
7	Salary Deposit	🟡 Should-have	7	14 wk	Stripe Treasury
8	Auto-Convert	🟢 Nice-to-have	4	9 wk	JPM FX Alerts
9	Group Splitting	🟢 Nice-to-have	8	14 wk	Stripe Connect
10	Junior Accounts	🟢 Nice-to-have	9	16 wk	Stripe Identity