Webskyne
Webskyne
LOGIN
← Back to journal

4 June 20269 min read

How a Fintech SaaS Startup Scaled API Infrastructure to 99.99% Uptime Under 10× Load Growth

In mid-2025, LedgerFlow Payments — a Series B fintech platform orchestrating payroll, vendor disbursements, and compliance reporting — reached an inflection point. Three enterprise contracts were signed overnight, projected aggregate transaction volume jumped from 150 requests per second to 1,500 RPS, and the legacy monolith was already saturated. Within 90 days, we redesigned their API layer, introduced event-driven architecture, and delivered 99.99% uptime with p99 latency under 120 ms. This case study details the strategy, implementation, metrics, and lessons that turned a high-risk infrastructure upgrade into a competitive advantage.

Case StudyAPI ArchitectureFintechKubernetesEvent-DrivenScalabilitySOC 2Cloud NativeCase Study
How a Fintech SaaS Startup Scaled API Infrastructure to 99.99% Uptime Under 10× Load Growth

Overview

In mid-2025, LedgerFlow Payments — a B2B payment orchestration platform processing payroll, vendor disbursements, and compliance reporting for mid-market enterprises — approached us with a systems-level emergency. Their monolith had comfortably handled 150 requests per second. Overnight, three enterprise clients signing multi-year contracts pushed demand toward 1,500 RPS, and their on-premises deployment model could no longer absorb the spike.

What followed was a 90-day engagement in which we architected and delivered a horizontally scalable, event-driven API platform. We replaced synchronous blocking calls with asynchronous processing, introduced an API gateway with intelligent rate limiting, and migrated hot data paths to a managed Kubernetes orchestration layer. Within eight weeks of production deployment, the platform was sustaining 1,600+ RPS with p99 latencies under 120 milliseconds and post-payment reconciliation accuracy at 99.98%.

This case study is written for engineering leaders, platform architects, and CTOs who are facing similar scaling inflection points or evaluating migration strategies. We detail the full journey: from initial diagnostic challenges, through goal-setting and architecture design, to execution under a tight deadline and the post-launch metrics that proved the approach worked.

The Challenge

Legacy systems are rarely loved, but they are rarely hated until they fail publicly. LedgerFlow’s original architecture had been built for predictability, not volatility. Scheduled batch jobs synchronized customer balances every six hours. Webhook notifications were polled by downstream teams every thirty minutes. An outage or delay in reconciliation could mean missed payroll cycles or late vendor payments — contractual events with financial penalties.

The core problems were not a single failure point but a compounding set of architectural debt:

  1. Monolithic fragility: A Ruby on Rails monolith running on four EC2 instances handled all write traffic. Because background jobs shared the same process pool as web workers, a memory leak in the payment reconciliation worker could CPU-bind the entire application, cascading failures across merchant dashboards, admin APIs, and webhook delivery.
  2. Database bottlenecks: A single primary PostgreSQL instance catered to all tenants. During evening peak windows, connection utilization regularly exceeded 85%, with I/O saturation causing p95 write latencies above 900 milliseconds. Index bloat from years of accumulated audit entries made vacuuming operations run past maintenance windows.
  3. Operational blind spots: Monitoring was limited to CPU, memory, and disk dashboards on CloudWatch. There was no distributed tracing, no structured request logging, and alerting relied on static thresholds rather than anomaly detection. Incident response teams often discovered an outage from customer support tickets rather than internal paging.
  4. Compliance exposure: SOC 2 Type II audits required immutable audit trails and evidence of data processing integrity. The legacy system wrote directly from web requests to the database with no enforcement layer, and older transactions could be updated by batch jobs without leaving a verifiable chain of custody.
  5. Scalability ceiling: The deployment model assumed vertical scaling — larger instance types, more RAM, faster disks. Financially, this was inefficient. Operationally, it created single points of failure with long recovery windows.

Goals

Before writing a single line of infrastructure code, we co-authored a set of non-negotiable success criteria. These goals created a shared contract between engineering leadership, the client, and the implementation team, and they became the measuring stick for every subsequent design decision.

  1. Availability: 99.99% uptime over any rolling 30-day window, allowing no more than 43 minutes of downtime monthly.
  2. Throughput: Sustain 1,500 requests per second with headroom for 2× spikes during month-end payroll cycles.
  3. Latency: p50 under 50 milliseconds, p95 under 200 milliseconds, and p99 under 250 milliseconds for core API endpoints.
  4. Data integrity: Zero reconciliation drift between transaction logs and ledger balances.
  5. Cost discipline: Reduce infrastructure unit cost by at least 25% through improved utilization and elimination of overprovisioned resources.
  6. Operational maturity: Runbooks covering deployments, rollbacks, and incident response must be enacted and tested before launch.

Approach

The engagement was structured into three overlapping phases. Rather than a lift-and-shift, we favored strangler-fig patterns: new functionality rolled into a parallel system while the monolith continued handling deprecated endpoints, allowing us to migrate traffic gate-by-gate. This minimized risk and gave the operations team time to build muscle memory with the new platform.

Phase 1 focused on platform foundations: API gateway design, authentication layer auditing, and observability stack selection. We chose Kong as the gateway because its plugin ecosystem natively supported rate limiting, IP whitelisting, and request transformation without custom middleware development.

Phase 2 delivered the core messaging layer. Using NATS JetStream, we decoupled API writes from persistence. Requests were validated, authenticated, and published to topics; consumer workers processed idempotently and recorded outcome states. This reduced frontend latency because the hot path no longer waited for database writes to complete.

Phase 3 was data rebalancing. We partitioned PostgreSQL by customer cohort, introduced read replicas for reporting, and used logical replication to maintain audit logs in an immutable, append-only PostgreSQL table with WAL archiving to S3 for SOC 2 evidence retention.

Implementation

We implemented the new architecture in a dedicated GCP project, isolated with VPC peering to LedgerFlow’s primary environment. The API surface was defined using OpenAPI 3.1 specifications, and client SDK stubs were generated automatically for downstream integrators in Node.js, Python, and Go.

API Gateway & Authentication

Kong sat in front of all inbound traffic. We enforced mutual TLS for B2B integrators and OAuth 2.0 PKCE for customer-facing channels. Rate limiting was tiered: enterprise clients received custom limits negotiated per contract, while standard tiers were capped at 100 RPS with burst capacity allowing temporary elevations for batch processing windows.

Custom Kong plugins transformed payload formats at the edge, shielding internal services from breaking schema changes at the client layer. This edge transformation reduced repeated deployment cycles for minor API adjustments.

Event Processing with NATS JetStream

Every API transaction became a NATS message. Consumers were deployed as stateless Kubernetes jobs under separate autoscaling policies. Critical payment events used exactly-once delivery semantics backed by JetStream acknowledgments, while non-critical analytics events used at-least-once processing with application-level deduplication.

The decoupled architecture introduced a small but acceptable tradeoff: final-state confirmation was no longer synchronous. Clients received a 202 Accepted with a pollable transaction ID. Downstream clients using webhooks or polling queries could reconcile within seconds.

Database Scaling & Compliance

We adopted a multi-tenant logical schema with customer isolation enforced at the row level through PostgreSQL Row Level Security policies. For peak read workloads — balance inquiries, transaction status lookups — a Cloud SQL read replica served approximately 85% of read traffic without adding write-side contention.

Audit logs were written to an append-only table using logical replication. Every insert generated a cryptographically signed entry, and WAL segments were archived to S3 with lifecycle policies matching SOC 2 retention requirements. This gave auditors a tamper-evident history without custom application code.

Observability & Incident Response

We integrated Prometheus, Grafana, and OpenTelemetry distributed tracing across the entire request lifecycle — from edge gateway to consumer worker to database commit. Structured JSON logs were shipped to a managed logging service within 200 milliseconds of event creation, enabling near-real-time debugging without SSHing into production hosts.

Alerting rules were defined through anomaly-detection models rather than static thresholds. By establishing rolling baselines of traffic and latency patterns, the system self-adjusted alerts seasonally and reduced false-positive pages by 60%.

Results

The production cutover happened on a Monday morning. We used a progressive canary rollout: 5% of traffic routed to the new infrastructure, validated for latency and correctness by automated synthetic probes, then ramped to 100% over four hours in 5% increments. Total migration downtime: zero customer-visible incidents.

Within 72 hours, the platform was comfortably absorbing 1,460 RPS during the next scheduled payroll cycle without throttling or degradation. Within 30 days, all legacy endpoints were decommissioned and traffic was fully native to the new platform.

Key Metrics

The following metrics were tracked continuously for the first six months post-launch using automated daily reports:

  • Uptime: 99.995% over the first six months, exceeding the 99.99% SLA target. The only unplanned downtime was a 12-minute NATS cluster leader election during a zone maintenance window.
  • Throughput: Peak observed throughput reached 2,100 RPS during month-end processing without queue depth spikes or failed deliveries.
  • Latency: p50 settled at 38 milliseconds, p95 at 142 milliseconds, p99 at 168 milliseconds — all substantially better than the original targets.
  • Data accuracy: Reconciliation drift reduced to 0.003%, comfortably within SOC 2 acceptable variance and a 66× improvement over the pre-migration baseline.
  • Cost: Infrastructure spend dropped 32% year-over-year after decommissioning redundant EC2 fleets, leveraging Cloud SQL reserved instances, and utilizing Kubernetes bin-packing to raise average cluster utilization from 32% to 71%.
  • Operational maturity: Mean time to detect incidents dropped from 22 minutes to under 4 minutes. Mean time to resolve reduced from 68 minutes to 28 minutes.

Lessons Learned

This engagement reinforced several architectural and organizational principles worth codifying for any team considering a similar transformation.

  1. Decouple early, decouple often. The single largest improvement came from removing synchronous database writes from the critical path. Once we measured end-to-end latency before and after decoupling, the case for asynchronous architecture was unambiguous.
  2. Strangler-fig beats big-bang migration. Running both systems in parallel for six weeks eliminated migration risk, preserved rollback paths, and gave the client’s operations team time to build confidence with incremental traffic ramps.
  3. Cost is a feature. By treating infrastructure budget as a first-class constraint from day one, we forced creative engineering choices — such as Cloud SQL read replicas instead of duplicate managed databases — that improved both resilience and economics.
  4. Observability isn’t optional in event-driven systems. Without distributed tracing and structured logs, the asynchronous architecture would have been a black box. Investing in instrumentation upfront saved weeks of retrospective debugging after launch.
  5. Human readiness matters as much as technical readiness. We held weekly incident-response drills and documented every deployment as a runbook. When a misconfigured rate limit triggered a thin-client spike three months post-launch, the operations team resolved it without escalation in eleven minutes because playbook updates kept pace with production changes.

This case study demonstrates that architectural transformation is as much about organizational alignment and operational discipline as it is about technology choices. LedgerFlow’s willingness to invest in measurement, run parallel systems, and rehearse failure before it happened turned a high-risk migration into a recurring strategic advantage — one that now underpins their growth into two new vertical markets and a successful Series C raise led by enterprise investors.

Related Posts

From Legacy to Lightning: The Digital Transformation of Greenfield Financial
Case Study

From Legacy to Lightning: The Digital Transformation of Greenfield Financial

Greenfield Financial, a $12 billion regional bank, transformed from a COBOL-locked institution into a cloud-native digital leader. Through an 18-month, $18 million program, they reduced new product deployment from 6 months to under 6 weeks, improved customer Net Promoter Score by 38 points, and achieved 99.99% uptime while cutting infrastructure costs by 30%. This case study examines the technical architecture, cultural challenges, and phased execution strategy that made one of the banking industry's most ambitious modernization efforts a success—without a single customer-facing outage.

How Sabre Energy Cut Cloud Infrastructure Costs by 42% Through Serverless Transformation
Case Study

How Sabre Energy Cut Cloud Infrastructure Costs by 42% Through Serverless Transformation

When Sabre Energy’s monthly AWS bill crossed $78,000 and peak-load failures started interrupting production, the leadership team knew something had to change. Over three months, we redesigned their entire batch-processing and monitoring pipeline from a static EC2 fleet into an event-driven, serverless architecture on AWS Lambda and Step Functions. The result was a 42% reduction in monthly infrastructure spend, near-zero downtime during demand spikes, and a shift from reactive firefighting to proactive energy analytics. This case study traces every decision—from the initial cost audit through the migration rollout and the operational changes that made the savings stick.

How we cut page load times by 65% with Edge Caching, Image Optimization, and Adaptive Compression for a Global Fintech Platform
Case Study

How we cut page load times by 65% with Edge Caching, Image Optimization, and Adaptive Compression for a Global Fintech Platform

A global fintech platform serving 12 million monthly active users was struggling with 4.8-second median page load times, especially in emerging markets. In this case study, we walk through how a focused, three-track performance program — combining edge-level caching, modern image pipelines, and adaptive compression — reduced median load times by 65% while actually improving core business metrics. We share the technical architecture, the rollout strategy, the trade-offs we debated, and the results that convinced the executive team to fund a second phase.