← Back to homepage

MockBank API

A mock banking service built with NestJS + MongoDB. It simulates accounts, transactions, and integrates with external systems
(e.g. Budżetownik). Deployed on Render, ready for integration testing and automatic synchronization.

What MockBank Can Do

MockBank is a modern sandbox banking API built with NestJS. It allows simulating real financial operations — from user registration and account creation to full transaction handling and integrations with external applications.

The system supports creating multiple accounts with independent balances, simulating transactions with automatic updates, and viewing real-time balances and history. All returned data follows a unified format, making testing and analysis easier.

MockBank supports two-way integrations: push (webhooks signed with HMAC-SHA256 for instant notifications) and pull (REST endpoints for periodic data synchronization). The system is complemented by built-in security and stability mechanisms: /healthz, /readyz, strict validation of DTOs, rate limiting, CORS, and security headers (Helmet), ensuring predictable behavior in test environments.

Architecture & Security

The project is based on a modular architecture — separate modules such as auth, accounts, transactions, webhooks, integrations, and system handle clearly defined areas of logic, improving maintainability and scalability. Authentication uses JWT, passwords are secured with argon2, webhook secrets are encrypted using AES, and all notifications are signed with HMAC-SHA256 in the headers, ensuring data integrity and authenticity.

The public integration endpoint is protected by an API key in the Bearer header, which allows external systems to test integrations without managing user tokens. The entire architecture is designed around modularity, separation of concerns, and easy extensibility (e.g. payments, multi-currency, security logs). Thanks to this, the project remains flexible, secure, and scalable.

Endpoints – core

Auth

POST/v1/auth/register
POST/v1/auth/login
POST/v1/auth/refresh

Accounts

GET/v1/accounts
POST/v1/accounts
POST /v1/accounts/:id/close balance=0, confirmation with name and password

Transactions

GET /v1/accounts/:id/transactions?from&to&page&limit
POST /v1/simulations/transaction creates an entry and updates the balance

Endpoints – integrations

Webhooks (push)

POST/v1/webhooksregistration: url, secret, events[], clientId
GET/v1/webhooks?clientId=...
Eventtransaction.created Headers X-MockBank-TimestampX-MockBank-Idempotency-KeyX-MockBank-Signature

Pull API

GET /api/owner/:owner/transactions?from=YYYY-MM-DD&to=YYYY-MM-DD
AuthAuthorization: Bearer <API_KEY>
ownerObjectIdfull e-mailemail prefix (user+something)

Transactions

{
  "id": "652123…",
  "externalTxnId": "tx_abcd1234",
  "accountId": "651fff…",
  "amount": -1299,            
  "currency": "PLN",
  "date": "2025-10-05T18:41:00.000Z",
  "description": "Test transaction",
  "raw": { "source": "simulator" }
}

Transaction data is returned in a consistent JSON format — amounts in cents (type int), dates in ISO-8601 (UTC). Currently, only PLN is supported, but the structure is prepared for multi-currency support in future versions.

All endpoints also return a unified error contract (JSON with traceId, code, message), which simplifies integration and testing.

Deployment Summary

  • Docker (container)
  • Render (production hosting)
  • Health checks: /healthz • /readyz

The project is ready for expansion and customization for other applications.

Note: The API runs on the free Render plan, so after inactivity the service may enter “sleep mode”. Clicking Demo – /healthz wakes up the instance — the first response may take a bit longer.