Summary
SUMMARY
We are hiring a senior backend engineer to take ownership of a Strapi v4/V5 backend for a sports fixtures platform. Much of the platform already exists, but parts require rework, cleanup, hardening, and integration. The goal is a top-tier, production-grade API that powers our website/PWA and supports a venue management panel and Xibo digital signage sync.
This role is quality-first. We care about clean architecture, reliability, security fundamentals, monitoring, and documentation that can become internal playbooks.
MANDATORY CONTRACT DATES AND WORKING HOURS
Contract dates: Jan 12 to Feb 16
You must be available live and responsive during 07:00 to 18:00 ICT (Thailand time) on one schedule:
Mon to Fri OR Sun to Thu
No flexibility on these dates and hours. If you cannot commit 100%, do not apply.
COMPENSATION
Fixed price $650 on completion
Success bonus $200 if all acceptance criteria are met and handover is clean
IMPORTANT NOTE (OPEN AND HONEST)
I am cautious with hiring due to recent poor experiences with missed availability, poor communication, and low-quality delivery. If you are reliable and can demonstrate shipped work, we will onboard immediately and move fast.
PROJECT CONTEXT
We have an existing API (including legacy patterns similar to auto-generated “resource-style” APIs). We do not want a bloated API with duplicated versions and inconsistent routes. We want a clean, consistent, product-driven API that serves real UI screens efficiently and is easy to maintain.
We already have pre-built front-end panels (venue owner hub and related admin screens). The frontend is handled by a separate developer. Your job is to deliver the backend APIs and integrations that match those UI flows and a stable API contract that frontend can build against.
ROLE OVERVIEW (YOU ARE THE BACKEND OWNER)
You own backend delivery end-to-end and are accountable for quality, reliability, and documentation.
YOUR RESPONSIBILITIES
API rationalization and consistency (top-tier API design)
Improve and standardize the API so it is clean, consistent, and product-driven.
Key requirements:
Single stable API version strategy (v1 remains canonical; v2 only for real breaking changes)
Consistent naming and routing conventions (no random “/slug” endpoints; use query-based lookups or a single by-slug pattern consistently)
Standard response and error shape across endpoints
Screen-oriented “product endpoints” where appropriate (homepage payload, live/now fixtures, unified search) to reduce frontend calls and improve performance
Remove duplicate routes and legacy leftovers that create confusion
Strapi v4 cleanup and structure
Strapi admin is currently not intuitive. You will:
Reduce content-type sprawl where appropriate using components/dynamic zones properly
Tidy the admin sidebar naming and groupings
Correct roles/permissions so non-admin editors only see what they need
Keep this as cleanup and rework, not a full rewrite unless explicitly approved
Authentication, authorization, and tenant isolation (mandatory)
Implement or harden secure auth and RBAC for:
End users
Venues (venue_owner and venue_staff)
Strict tenant isolation so venues can only access their own resources and data
Security requirements include input validation, rate limiting on auth endpoints, safe error handling, CORS controls, and proper secret management.
Venue management panel APIs (mandatory)
Deliver backend APIs required for the pre-built venue owner hub UI.
These APIs must match real UI flows and include:
Venue profile/config (timezone, branding, configuration)
Selection rules (sports/leagues/teams visibility and preferences)
Sync status and error visibility
Protected actions such as triggering a sync or rerunning failed jobs safely
Pool and darts integration (mandatory, integration only)
Pool and darts modules exist in some form. You will integrate and expose required endpoints and normalize API shapes where appropriate.
This is integration and cleanup, not a full rebuild of these modules.
Xibo CMS integration (mandatory)
Implement a robust integration with Xibo CMS. Dataset-first integration is preferred.
Must include:
Idempotent sync design (safe retries, no duplicates)
Resilience to failures and rate limits
Clear per-venue sync status visibility and troubleshooting data
Background jobs and queues (mandatory)
Implement reliable queue-based processing for sync workflows (BullMQ/Agenda/RabbitMQ/SQS etc.) including:
Retries with backoff, timeouts, and concurrency limits
Persisted failure states and job run history
Safe rerun process
Clear separation between API and worker processes where appropriate
Monitoring, logging, and error reporting (mandatory, for all new or modified modules)
We want issues flagged automatically. You will implement:
Structured logs for API requests and background jobs (with requestId/jobId correlation)
Actionable error reporting with context (venueId, endpoint/job, failure reason)
Job/sync run history stored and viewable (last success, last error, duration, counts)
Alert-ready approach (Sentry preferred for exceptions; uptime monitoring for health endpoints)
Health endpoints required: API health and worker health (and optional Xibo connectivity health)
Documentation (mandatory, part of acceptance)
Documentation must be submitted at completion of each module/section, be available online for easy review, and also stored in the repo under /docs. This documentation will be used to build internal team playbooks.
Minimum documentation set:
Start Here (how to run, environments, key URLs, configs)
API contract (OpenAPI preferred) plus Postman/Insomnia collection and example payloads
Auth/RBAC and tenant isolation rules
Venue panel API workflows
Pool/darts integration notes and mappings
Xibo sync strategy, mappings, idempotency rules, failure modes
Jobs/queues behavior, retries/backoff rules, rerun process
Ops runbook (how to add venue, trigger sync, diagnose failures)
Deployment/env notes (env vars, secrets, migrations, workers)
Final recorded walkthrough (10 to 20 minutes)
REQUIRED EXPERIENCE (REAL SHIPPED PRODUCTION SYSTEMS)
Node.js and TypeScript backend development (production)
Strapi v4+ custom development (controllers/services/components/dynamic zones/roles)
Background jobs/queues with retries/backoff/failure recovery
3rd-party API integrations with idempotency, rate limits, and recovery
Redis caching fundamentals (where appropriate)
Security fundamentals: JWT/API keys, input validation, rate limiting, CORS, secrets
Postgres indexing and query optimization
NICE TO HAVE
Xibo CMS API integration experience
Docker and deployments (Railway/VPS)
Observability tooling (Sentry, Grafana/Prometheus, OpenTelemetry)
WORKING PROCESS
PR-based workflow (no direct commits to main)
Daily written update during working hours (what shipped, blockers, next)
Weekly review includes demo plus PR links and documentation updates
Work is accepted strictly against acceptance criteria below
ACCEPTANCE CRITERIA (DEFINITION OF DONE)
Project is accepted only when:
Auth and RBAC works for end users and venues with strict tenant isolation
Venue panel APIs support actual front-end flows cleanly
Pool and darts integration endpoints work as specified
Xibo sync is reliable, idempotent, and queue-driven with retries/backoff/timeouts and failure capture
Sync/job status and failures are visible per venue and actionable
Strapi admin structure and roles/permissions are improved and usable
Monitoring and error reporting is in place for all new or modified modules
API contract plus documentation is delivered, reviewable online, and checked into /docs
Final recorded walkthrough is provided
HOW TO APPLY (MANDATORY)
Confirm schedule and dates
Reply exactly with:
Confirmed Mon-Fri or Confirmed Sun-Thu
Confirm you will be live 07:00 to 18:00 ICT from Jan 12 to Feb 16
Your current country and timezone
Self-score your experience
For each item provide: years, skill percent (0-100), and one shipped example (1 to 2 sentences)
Node.js and TypeScript (production)
Strapi v4 custom development
Jobs/queues with retries/backoff
Idempotent 3rd-party API connector
Redis caching
Security hardening (JWT/API keys, validation, rate limiting, CORS)
Postgres indexing/optimization
Docker/deployments
Observability (logs/errors/metrics)
Xibo (if any)
Proof of quality
Share links to portfolio, GitHub/code samples, or live systems you shipped (and your role). If code is private, explain architecture and your responsibilities clearly.
Reliability question
Describe one production incident or serious bug you shipped and what you changed to prevent it repeating.
If you can meet the schedule and can demonstrate real shipped work at a high standard, apply. no tie for upsells or reassessing price. come in do the job to standard on time.
... Show more