Busly – Multi-Role CRM & Payment Management SaaS

Busly is a cloud based saas platform built for merchant and payment management. Its designed for businesses that need to manage multiple merchants, track transactions and handle payments... all from one centralized dashboard. think of it as the command center for payment operations

Managing merchants and payments manually is painful. businesses dealing with multiple merchants need different levels of access for different people... some people should see everything, others should only manage their own transactions. payment processing needs to be secure, fast and support multiple gateways without custom code every time a new gateway is added. and teams need modular tools they can embed into their own platforms without rebuilding from scratch

Before Busly... these businesses were either using outdated tools with limited flexibility, stitching together multiple platforms that don't talk to each other or spending months building custom solutions from scratch. Busly puts all of that into one clean, scalable system

One of the core challenges was building a permission system that actually reflects how payment businesses work. not everyone needs the same access. I built a 5-tier role hierarchy-

superadmin sits at the top with full system access...can manage everything, see all data, configure system-wide settings. admin handles day-to-day platform management, can create and manage merchants, view reports across the board. parentmerchant is a merchant who has sub-merchants under them... they can see and manage their own transactions plus those of merchants they oversee. merchant operates independently, manages their own transactions, staff and settings. merchantstaff is the frontline... can process transactions and handle daily operations but with limited access to sensitive data and settings

Each role has precisely defined permissions. no over-access, no security gaps. system enforces these boundaries at every level.... API calls, dashboard views, data queries... not just on the frontend. even if someone tries to access endpoints they shouldn't, the backend rejects it

Payments are the heartbeat of Busly and i integrated Gr4vy as the payment gateway layer. Gr4vy supports multiple payment methods and currencies, which was critical because Busly's merchants operate in different markets

integration handles payment creation, status tracking, refund processing and webhook management for real-time transaction updates. when a payment status changes on Gr4vy's end, Busly gets notified instantly via webhooks and updates its records accordingly. no polling, no delays... merchants see transaction status in real-time

i also built error handling and retry logic so failed payments don't just disappear. system logs every transaction attempt, captures error details and can retry failed payments based on configurable rules

This was one of the more technically interesting parts. Busly isn't just a dashboard... its designed to be embedded into other platforms. merchants can take specific modules (transaction history, payment forms, reporting widgets) and embed them directly into their own websites or apps using iframes

security challenge? making sure only authorized users can access embedded content. i built a JWT-based verification system where each iframe request includes a signed token. embedded module validates that token before rendering any data. if the token is missing, expired, or tampered with the module simply doesn't load

means merchants can give their customers direct access to payment status or transaction history without exposing their entire Busly dashboard. clean, secure, and flexible

I deliberately built Busly with a decoupled architecture... the backend (Django/Python) and frontend (React) are completely independent. they communicate only through APIs. this wasn't just a technical choice... it was strategic

decoupled means the frontend can be updated, redesigned or even replaced without touching the backend. new features can be added to the API and consumed by any client... web, mobile, third-party integrations. system scales independently too... if payment processing load spikes, the backend scales without affecting the frontend performance

django handles the heavy lifting... business logic, database management, authentication, payment processing coordination. react handles the user interface... fast, responsive dashboards with real time updates. postgreSQL stores everything with proper relational integrity... transactions, merchants, roles, audit logs

backend uses Django with Django REST Framework for clean, documented API endpoints. PostgreSQL handles all data with proper indexing for fast queries even at scale. Authentication is JWT-based throughout—secure, stateless, and works perfectly with the embeddable module system. The React frontend uses component-based architecture with proper state management, making the dashboard responsive and fast even when displaying large transaction datasets.

Audit logging tracks every action in the system—who did what, when, and why. Critical for financial platforms where accountability matters. Every payment, every role change, every login is recorded.

Complete Django backend with role-based access control across five user tiers. Full payment integration with Gr4vy including webhooks, error handling, and retry logic. React frontend with role-specific dashboards—each user type sees exactly what they need. JWT-based embeddable module system for secure iframe integration. PostgreSQL database with proper schema design, indexing, and audit logging. API documentation for all endpoints. Production-ready deployment configuration.