Darb: SAMA-Licensed Payments Platform
Engineering inside a regulated fintech: an event-driven notification pipeline, banking and government integrations, and bilingual financial reporting.
01
Context
Darb is a SAMA-licensed corporate expense and AI fleet management platform serving businesses in Saudi Arabia. It issues fleet fuel cards and procurement cards and manages digital petty cash — which means every feature operates inside the constraints of a regulated financial institution.
Operating under a SAMA license shapes the engineering: financial data handling, reporting, and customer-facing flows all have compliance implications, and integrations run against real banking and government systems — Arab National Bank, Visa card issuing, ZATCA e-invoicing, and Muroor traffic violations.
02
My Role
I joined Darb as a Senior Software Engineer in February 2026, working on event-driven microservices in Node.js and TypeScript on GCP Pub/Sub.
- Multilingual notification and reporting systems with full Arabic/RTL support — VAT-compliant PDF/Excel reports and SAR currency handling
- Client-facing features: referral program, spend controls, and the admin/client portals
- Integration work against banking and government systems (Arab National Bank, Visa issuing, ZATCA, Muroor)
- AI-assisted development workflows integrated into day-to-day delivery
03
Architecture
The platform is built as event-driven microservices: domain services publish events to GCP Pub/Sub topics, and downstream consumers — notifications, reporting, integrations — subscribe independently. This decouples the core expense flows from the fan-out work (sending a bilingual notification, generating a VAT-compliant report, syncing with an external system), so each concern scales and fails independently.
External integrations sit behind dedicated services rather than being called inline from business logic, which keeps bank, card-network, and government API boundaries explicit and testable.
04
Key Challenges
- Bilingual financial documents: Arabic/RTL layout is unforgiving in generated PDF/Excel reports — mixed-direction text, Arabic numerals vs. Eastern Arabic numerals, and SAR amounts must all render correctly in both languages
- Regulated integrations: banking (Arab National Bank), card issuing (Visa), and government (ZATCA e-invoicing, Muroor) systems each bring their own protocols, environments, and failure modes
- Notification pipeline efficiency: transaction approved/declined notifications originally hit the database hard on every event — the pipeline was reworked around Pub/Sub so consumers act on event payloads instead of re-querying state, cutting redundant DB reads per transaction
- Fraud and anomaly detection at the client level: risk alerts (odometer anomalies, cost-per-kilometer outliers, duplicate/idempotency violations) are evaluated against a 2% maximum threshold per client, and every alert must carry an exact, explainable reason — not just a flag
- Alert resolution as a workflow, not a log: each generated alert needs a resolution path with concrete actions per alert type, which meant designing context-based resolution flows rather than a generic acknowledge button
05
Outcomes
The platform is live and operating under its SAMA license, serving corporate customers with fuel cards, procurement cards, and digital petty cash.
- Reduced database load on the transaction notification path by moving approved/declined fan-out fully onto Pub/Sub event payloads
- Shipped a client-level fraud and anomaly alerting system — odometer anomalies, CPK outliers, and idempotency violations flagged against a 2% per-client threshold, each with an exact reason and a guided resolution action
- Improved alert handling with context-based resolution flows, so operations teams resolve alerts with the right action per alert type instead of manual triage
- Integrated Saferoad telematics into the platform, feeding vehicle data into smarter fleet decisions — connecting real-world driving signals to card and expense controls