With more than 400 completed projects at Code & Pepper, we’ve worked out an optimal development approach, which allows us to successfully deliver FinTech solutions, no matter what your product does and where your business is located. This approach is based on some fundamental values shared in our teams: transparency, agile approach, deep technical knowledge, excitement and motivation with every new project and challenge. If you would like to know what to expect from Code & Pepper, this is where you’ll find the answers to many questions.

Requirements

After signing an NDA, we start by gathering all available information about the project, including: 

  • brief description
  • user stories
  • backlog tasks
  • mockups
  • scope
  • deadline

and whatever else you have. After a thorough analysis, you’ll be invited to an online or face-to-face workshop in order to discuss and turn all the initial information into actionable items – epics and user stories.

We also discover important non-functional requirements (e.g. scalability, security, performance), which might make a high impact on the choice of technologies and architecture design. The workshop should result in a clearly outlined initial scope of work, which will meet the demands of the MVP and the deadline.

Design

UX designers working at Code & Pepper ensure that the user journey in your application is clear, valuable and enjoyable, all thanks to a set of followed guidelines: 

  • mobile-first approach
  • RWD (Responsive Web Design)
  • AWD (Adaptive Web Design)
  • Atomic Design methodology
  • accessibility (a11y standard)
  • Google Material Design, unless you prefer a different visual language for your product

When creating the design, it’s crucial that you stay in the loop at all times, which is why we take a demo-driven approach and collect your feedback frequently. If you’re not sure about the final branding of your product or need a design that is easy to white-label – we’ve got you covered. The core design will be versatile enough to customise it in further progress.

At the end of the design phase, you’ll be able to view the complete result on interactive mockups.

Architecture

Architecture design is often a result of non-functional product requirements (e.g. scalability, reliability, performance, security), predicted growth of your business and possible trade-offs. For this reason, a solid architecture requires a combination of experience and knowledge of the market novelties.

We love exploring new trends like sidecar architecture, multi-cloud strategy, hybrid cloud approach or event-driven cloud native, microservices or serverless solutions. However, choosing the latest, most-hyped solution is not always the best approach for your MVP. Imagine building a Facebook-like infrastructure for a relatively simple MVP with 1000 test users – makes no sense whatsoever! Our job is to ensure your architecture is built with carefully picked, functional and reliable tools.

We have experience with scalable, reliable microservices-based solutions involving Docker, Kubernetes, CQRS (Command Query Responsibility Segregation), Event Sourcing and IaC (Infrastructure as Code). However, we often start with something simple, like Modular Monolith, and let the architecture evolve together with your business. The trick is to do it right (e.g. to be able to turn modules into independent microservices with own data stores) and plan those changes (e.g. to define the best time to upgrade). You’ll receive the result of this phase in the form of an individual document, “Architecture and Technology”.

Backlog

A smooth development process won’t start without high-level epics and user stories, but this is far from enough. Developers in your project must be able to work continuously and build a detailed backlog of user stories and tasks. A well-defined task should include not only a description, but also a reference to the mockup, defined acceptance criteria (we often use the Behaviour-Driven Development approach with Gherkin language – Given/When/Then syntax) and story points estimations (which will allow to verify and predict speed of development).

Although an upfront delivery plan is not fully consistent with agile software development methodologies – we’ll provide one if necessary. We communicate any risk related to missing the deadline and propose the reorganisation of the scope, which can put the project back on track. The outcome of this phase is a backlog of epics, user stories and tasks created in JIRA.

Methodology

One of the recipes for high-quality software is choosing the most effective development methodology. At Code & Pepper, we use one of the two agile approaches – Scrum for medium or large projects) or Kanban for smaller projects. What does it look like in practice? The essential elements of project management in this style include:

  • following all recommended Scrum meetings (such as sprint planning, sprint review or retrospective)
  • stand-up meetings on a daily basis (you’re always welcome to participate!)
  • progress tracking tools, mainly JIRA (providing full transparency)
  • day-to-day communication using Slack (often via a shared channel), giving you full, real-time access to our developers
  • additional team members, such as a product owner (if needed)

Agile methodologies focus not only on the project management and communication practices, but also define the rules of sharing technical information. You will have full access to the code base from day one and it will be a pleasure if you join your team for the code review process. Also, you can verify the development status on developer or QA environments thanks to automated continuous delivery (CI/CD).

Repository

When it comes to code repositories, Code & Pepper follows the industry standard by using Git and popular online repositories like GitHub, GitLab, Bitbucket. For full transparency and better IP (Intellectual Property) protection, we keep the source code either in the client’s repository or, in case the client doesn’t have one, in Code & Pepper’s company GitHub account. 

In order to maintain order and clarity, we use feature branches, trunk based development, feature flags and, in selected cases, a full Git flow. 

As mentioned in the Methodology section, our process involves regular code reviews and CI/CD, which is done via built-in pipelines like GitHub Action or GitLab CI/CD. Your technical team is welcome to join and participate in the repository’s progress. To make things easier to track and understand, we refer JIRA task numbers in branch names and commit messages.

CI/CD

Well-executed automation is the key to effective work, which is why we organize CI/CD (Continuous Integration/Continuous Deployment) process as early as possible. This includes several tasks:

  • build code and run various tests: unit, component, integration and E2E/UI
  • verify code formatting (e.g. Prettier)
  • run security audits
  • run linters/static code analysis (e.g. SonarCube)
  • build Docker images
  • run audit tools (e.g. Lighthouse, WebPageTest, PageSpeed)
  • deploy (e.g. microservices to Kubernetes cluster)

For CI/CD execution, we’ve gathered experience with tools like Azure DevOps, GitLab CI/CD, and GitHub Actions. 

If it turns out you need help with tasks not related to the project directly, e.g. automate deployment of already existing backend, a dedicated DevOps engineer can help to sort things out.

What you get at the end of the CI/CD phase is a pipeline with automated deployment to multiple environments, including development, test/QA/staging, and production.

Cloud

Using cloud computing has gained popularity for a number of reasons – it’s cost-effective, scalable, reliable, flexible, and secure. In our portfolio, you’ll find cloud-first and cloud-native solutions, built with all three major cloud providers: Microsoft Azure, AWS and Google Cloud Platform.

What kind of cloud service do you need? We’ve got you covered in many areas:

  • storage and DBaaS (Database as a Service): e.g. Amazon S3, Azure SQL, Database, Amazon DynamoDB or GCP Cloud Memorystore
  • computing, such as managed Kubernetes solutions: Azure AKS or Google Kubernetes Engine
  • PaaS solutions: Azure App Service, AWS Elastic Beanstalk
  • messaging solutions: Azure Service Bus, GCP Cloud Pub/Sub

We usually automate the infrastructure using the IaC (Infrastructure as Code) approach and tools such as Terraform or AWS CloudFormation.

API

API is a software development area which requires a specific approach not only to the code itself, but also to product design. If you decide on an API-based product structure, we’ll handle all the necessary aspects, starting from versioning and documentation as well as picking the best possible structure:

  • classic RESTful APIs (compliant with Richardson’s Maturity Model), described using specifications, such as OpenAPI (Swagger)
  • GraphQL-based gateway with built-in features, such as type system and powerful queries
  • modern solutions for communication between microservices, e.g. gRPC
  • scalable, reliable messaging for asynchronous communication, e.g. Azure Service Bus, Cloud Pub/Sub or RabbitMQ

Testing

The variety of test types and tools used by Code & Pepper ensures that your product is protected from errors as much as possible:

  • Our developers always write unit, component and integration tests.
  • We measure code coverage and maintain it at a reasonable level (at least 75%).
  • Additional, though highly recommended, options include automated E2E (End-to-End)/UI tests with libraries like Cucumber/Specflow and tools like BrowserStack, Puppeteer, Selenium, Protractor.

Those kinds of tests take some time to write and maintain, but it can greatly reduce regression bugs. All tests are executed automatically in our CI/CD pipeline.

If necessary, a dedicated QA engineer can join your team and help define and perform a number of key tasks:

  • acceptance criteria according to Behaviour-Driven Development practices, using Gherkin language (Given/When/Then syntax)
  • test scenarios
  • manual testing

All in close cooperation with you, developers and product owner. Non-functional requirements can affect the project significantly, so we also execute performance, load, and security tests using WebPageTest, Google Lighthouse or Artillery. On top of that, there’s a possibility to organise penetration tests externally. 

Security

Trust is the groundwork of FinTech projects, that’s why security is so important. To guard your product on all possible fronts, we employ several solutions:

  • AuthN, AuthZ
  • industry standards, such as OAuth 2.0/OIDC
  • JWT (Json Web Token)
  • refresh tokens
  • OWASP (Open Web Application Security Project)
  • data encryption (both at rest and in transit)
  • TLS/HTTPS
  • HTTP security headers like CSP (Content Security Policy), Feature Policy or STS (Strict Transport Security)

On top of that, we encourage to use tools and services like CloudFlare or Azure Key Vault. In order to stay up to date with the latest updates in security (e.g. technologies like Trusted Types, which can help prevent Cross-Site Scripting), our team participates in conferences and follows the industry news.

Performance

Performance matters not only from the user experience perspective, but also the business itself – for example, it helps improve conversion rate. It is crucial to precisely define what performance means in the context of a given project, such as “the web application has to load under 3 seconds on 3G network”. To monitor the performance and its progress, we use metrics like First Contentful Paint or Time to Interactive, and follow RAIL performance model. The tool stack for tracking these metrics includes Lighthouse, WebPageTest or PageSpeed Insights, which are integrated with the CI/CD pipeline. One more thing we pay attention to is the back-end side metrics, tracked with Server-Timing API.

Wrapping up

With so many factors and must-haves in a software development process, it’s no wonder that obtaining help outside of your regular team can bring a lot of benefits. The combination of experience, know-how and variety of technologies create a perfect background for high-performing fintech applications.