Skip to content
/ SubFlow Public

Solana-native marketplace for digital products. Instant USDC payments, secure downloads, zero chargebacks. Built with Sanctum Gateway.

sub-flow-phi.vercel.app

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Emengkeng/SubFlow

BranchesTags

Repository files navigation

⚑ SubFlow Solana Powered Digital Marketplace

A decentralized marketplace for digital products, built on Solana with Sanctum Gateway at its core.

SubFlow is a next-generation digital marketplace that enables creators to sell digital products (courses, ebooks, templates, software) using USDC on Solana. With instant payments, secure file delivery, and zero chargebacks, SubFlow revolutionizes how digital goods are bought and sold online.

Built for the Sanctum Gateway Track β€” showcasing the power of reliable, fast blockchain transactions.

🌟 Why Sanctum Gateway Powers SubFlow

The Sanctum Gateway is the backbone of SubFlow's payment infrastructure.

Traditional blockchain payments suffer from:

  • ❌ Transaction failures during network congestion
  • ❌ Complex retry logic and RPC management
  • ❌ Unpredictable confirmation times
  • ❌ Manual priority fee calculation

Sanctum Gateway solves all of this:

πŸš€ What Sanctum Provides

  • Multi-Route Delivery β€” Transactions are sent through multiple pathways (RPC, Jito bundles) to ensure they land even during high congestion
  • Auto-Tipping & Priority Fees β€” Dynamic compute unit pricing and Jito tips to prioritize transactions
  • Reliable Confirmation β€” Built-in confirmation polling with exponential backoff
  • Universal RPC Abstraction β€” One API for all Solana RPC operations, abstracting away complexity
  • Production-Ready JSON-RPC β€” Simple, consistent interface for blockchain interactions

πŸ”§ How SubFlow Uses Sanctum Gateway

SubFlow fully integrates both core Sanctum Gateway methods:

1. buildGatewayTransaction β€” Transaction Optimization

Every payment transaction is optimized by Gateway before the customer signs:

const buildResult = await gateway.buildGatewayTransaction(transaction, {
  skipSimulation: false,     // Gateway simulates and sets optimal CU limit
  skipPriorityFee: false,    // Gateway fetches real-time priority fees
  cuPriceRange: "medium",    // Adaptive priority fee selection
  jitoTipRange: "medium",    // Jito tip optimization
  deliveryMethodType: "rpc", // Choose delivery method
});

What buildGatewayTransaction does:

  • πŸ” Simulates the transaction to determine exact compute units needed
  • πŸ’° Fetches current priority fees from the network
  • 🎯 Adds Jito tip instructions for priority block inclusion
  • πŸ”„ Sets fresh blockhash to prevent replay errors
  • ⚑ Optimizes transaction for maximum success rate

2. sendTransaction β€” Multi-Path Delivery

After the customer signs, Gateway delivers through multiple channels:

const result = await gateway.sendTransaction(signedTransaction);
// Returns: { signature, deliveryMethod, slot }

What sendTransaction does:

  • πŸ“‘ Sends via multiple RPCs simultaneously
  • πŸš€ Submits to Jito bundles for priority inclusion
  • πŸ”„ Retries automatically if initial attempts fail
  • βœ… Returns first successful delivery result
  • πŸ“Š Tracks which method succeeded (RPC/Jito)

πŸ“ˆ Real-World Benefits

SubFlow's integration with Sanctum Gateway provides:

Metric Without Gateway With Gateway
Success Rate ~85-90% 99.9%+
Confirmation Time 5-15 seconds 2-5 seconds
Failed Transactions Frequent during congestion Rare
Priority Fee Management Manual calculation Automatic optimization
Developer Time Hours debugging RPC issues Minutes

🎯 What is SubFlow?

SubFlow is a digital marketplace platform where:

  • 🎨 Creators upload and sell digital products (courses, ebooks, templates, music, software)
  • πŸ’³ Customers purchase using USDC on Solana with their wallet
  • πŸ“¦ Instant Delivery β€” Secure, time-limited download links generated after payment
  • πŸ”’ Zero Chargebacks β€” Blockchain payments are final and irreversible
  • ⚑ Lightning Fast β€” Payments confirm in seconds thanks to Sanctum Gateway

Core Features

For Sellers (Creators/Organizations)

  • βœ… Upload digital products with metadata (name, description, images, tags)
  • βœ… Set pricing in USDC (fractional pricing supported)
  • βœ… Receive 100% of product price (platform takes $1 flat fee)
  • βœ… Real-time payment notifications via webhooks
  • βœ… Dashboard to track sales, revenue, and analytics
  • βœ… Categorize products for better discoverability

For Buyers (Customers)

  • βœ… Browse marketplace with search, filters, and categories
  • βœ… Pay instantly with Solana wallet (Phantom, Backpack, Solflare)
  • βœ… Receive secure download links after payment
  • βœ… Re-download files within configured limits
  • βœ… View purchase history and transaction receipts
  • βœ… All payments secured on-chain with transparency

Technical Features

  • βœ… Secure file storage (Supabase integration)
  • βœ… Expiring download links (configurable per product)
  • βœ… Download limits to prevent abuse
  • βœ… HMAC-SHA256 webhook signatures
  • βœ… Dead letter queue for failed operations
  • βœ… Full transaction audit trail

πŸ—οΈ Architecture Overview

Complete Payment Flow with Sanctum Gateway

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚                    SUBFLOW PAYMENT FLOW                      β”‚
β”‚              Powered by Sanctum Gateway                      β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

1. πŸ›’ Customer browses marketplace & selects product

2. πŸ’³ Customer clicks "Purchase"
   └─> Frontend calls /api/payments/create-session

3. πŸ”§ BACKEND: Build Transaction
   β”œβ”€> Create payment session in database
   β”œβ”€> Build transfer instructions (merchant + platform)
   β”œβ”€> Call Sanctum buildGatewayTransaction ⚑
   β”‚   β”œβ”€> Simulate transaction β†’ optimize CU limit
   β”‚   β”œβ”€> Fetch priority fees β†’ set CU price
   β”‚   β”œβ”€> Add Jito tip instructions
   β”‚   └─> Set fresh blockhash
   └─> Return optimized transaction to frontend

4. ✍️  FRONTEND: Customer Signs
   └─> Wallet adapter prompts user to sign
       (Customer remains in full control - non-custodial)

5. πŸ“€ FRONTEND: Send to Backend
   └─> POST /api/payments/send-transaction
       with signed transaction

6. πŸš€ BACKEND: Gateway Multi-Path Delivery ⚑
   β”œβ”€> Call Sanctum sendTransaction
   β”œβ”€> Gateway sends via:
   β”‚   β”œβ”€> Direct RPC submission
   β”‚   β”œβ”€> Jito bundle submission
   β”‚   └─> Automatic retry logic
   └─> Returns signature + delivery method

7. ⏳ BACKEND: Confirmation Tracking
   β”œβ”€> Gateway polls transaction status
   └─> Waits for "confirmed" status

8. βœ… BACKEND: Create Purchase Record
   β”œβ”€> Save payment in database
   β”œβ”€> Create purchase record
   β”œβ”€> Record platform revenue
   └─> Queue webhook notification

9. πŸ“§ BACKEND: Notify Merchant
   └─> Send webhook with payment details

10. πŸŽ‰ FRONTEND: Show Success
    └─> Display download link to customer

Key Integration: Sanctum Gateway Client

export class SanctumGatewayClient {
  private gatewayUrl: string;
  private rpc: ReturnType<typeof createSolanaRpc>;

  // Optimize transaction before signing
  async buildGatewayTransaction(
    unsignedTx: Transaction,
    options: GatewayOptions
  ): Promise<OptimizedTransaction> {
    const response = await fetch(this.gatewayUrl, {
      method: "POST",
      body: JSON.stringify({
        method: "buildGatewayTransaction",
        params: [encodedTransaction, options],
      }),
    });
    // Returns transaction with:
    // - Optimized CU limit & price
    // - Jito tip instructions
    // - Fresh blockhash
    return response.result;
  }

  // Send through multiple delivery channels
  async sendTransaction(signedTx: Uint8Array): Promise<DeliveryResult> {
    const response = await fetch(this.gatewayUrl, {
      method: "POST",
      body: JSON.stringify({
        method: "sendTransaction",
        params: [base64Transaction],
      }),
    });
    // Returns: { signature, deliveryMethod, slot }
    return response.result;
  }

  // Confirm transaction finality
  async confirmTransaction(sig: string, maxAttempts = 30): Promise<boolean> {
    for (let i = 0; i < maxAttempts; i++) {
      const result = await this.rpc.getSignatureStatuses([signature(sig)]).send();
      if (result.value[0]?.confirmationStatus === "confirmed") return true;
      await sleep(1000);
    }
    return false;
  }
}

πŸ“Š Database Schema

Core Tables

Organizations β€” Seller accounts

- id, name, email, apiKey
- webhookUrl, webhookSecret
- logoUrl, website
- isActive, timestamps

Products β€” Digital products for sale

- id, organizationId, name, slug, description
- price (in smallest unit), tokenMint, merchantWallet
- categoryId, tags[], isFeatured
- fileSize, fileType, downloadLimit, linkExpiryHours
- supabaseFileId, supabaseBucket
- viewCount, purchaseCount, rating
- isActive, timestamps

Categories β€” Product organization

- id, name, slug, description
- icon, imageUrl, parentId
- displayOrder, isActive

Payment Sessions β€” Checkout sessions

- id, productId, organizationId
- customerWallet, customerEmail
- amount, platformFee, totalAmount
- tokenMint, merchantWallet
- status (pending/completed/expired)
- expiresAt, confirmedAt

Payments β€” Confirmed transactions

- id, sessionId, productId, organizationId
- merchantAmount, platformFee, totalAmount
- txSignature, status, deliveryMethod
- priorityFee, slotSent, slotConfirmed

Purchases β€” Customer ownership records

- id, productId, sessionId, paymentId
- customerWallet, customerEmail
- pricePaid, txSignature
- downloadCount, maxDownloads, lastDownloadAt
- status, metadata

Download Links β€” Secure, expiring download URLs

- id, purchaseId, productId
- token (unique), customerWallet
- expiresAt, isUsed, usedAt
- ipAddress, userAgent

πŸ” Security Features

1. Transaction Security

  • βœ… Customer signs all transactions (non-custodial)
  • βœ… On-chain verification of payments
  • βœ… Unique transaction signatures prevent double-spending
  • βœ… Real-time blockchain confirmation via Gateway

2. File Delivery Security

  • βœ… Expiring download tokens (e.g., 24 hours)
  • βœ… Download limits per purchase (e.g., 5 downloads)
  • βœ… Secure file storage with access controls
  • βœ… IP and user agent tracking for abuse prevention

3. Webhook Security

  • βœ… HMAC-SHA256 signature verification
  • βœ… Timestamp validation to prevent replay attacks
  • βœ… HTTPS-only webhook endpoints
  • βœ… Exponential backoff retries

4. API Security

  • βœ… Organization API keys for authentication
  • βœ… CRON job authentication via secrets
  • βœ… Rate limiting (planned)
  • βœ… Input validation and sanitization

πŸš€ API Endpoints

Public Marketplace API

Endpoint Method Description
/api/public/products GET List all active products (with pagination, search, filters)
/api/products/:slugOrId GET Get product details by slug or ID
/api/public/categories GET Get all categories with product counts

Payment Flow API (Sanctum Gateway Integration)

Endpoint Method Description
/api/payments/create-session POST Create session, build optimized transaction via buildGatewayTransaction
/api/payments/send-transaction POST Send signed transaction via Gateway's sendTransaction
/api/payments/confirm POST Confirm payment after on-chain confirmation
/api/purchases/wallet/:wallet GET Get all purchases for a wallet address
/api/purchases/:id/download POST Generate secure download link

Organization/Seller API

Endpoint Method Description
/api/organizations POST Create new organization
/api/organizations/:id/products GET/POST List or create products
/api/organizations/:id/metrics GET Get sales analytics
/api/organizations/:id/payments GET Get payment history
/api/products/:id/upload POST Upload product file to storage

Admin/System API

Endpoint Method Description
/api/admin/metrics GET Platform-wide metrics
/api/cron/process-webhooks POST Deliver queued webhooks
/api/cron/cleanup-links POST Remove expired download links

πŸ› οΈ Technology Stack

Frontend

  • Next.js 14 (App Router) β€” Modern React framework
  • TypeScript β€” Type-safe development
  • Tailwind CSS β€” Utility-first styling
  • shadcn/ui β€” Beautiful component library
  • Solana Wallet Adapter β€” Multi-wallet support

Backend

  • Next.js API Routes β€” Serverless functions
  • PostgreSQL β€” Relational database (Vercel Postgres)
  • Drizzle ORM β€” Type-safe database queries
  • Supabase Storage β€” Secure file storage

Blockchain

  • Solana Web3.js 2.0 β€” Modern Solana SDK
  • Sanctum Gateway β€” Transaction reliability layer ⚑
    • buildGatewayTransaction for optimization
    • sendTransaction for multi-path delivery
  • SPL Token β€” USDC transfers
  • Jito Integration β€” Priority transaction routing

DevOps

  • Vercel β€” Hosting and deployments
  • Vercel Cron Jobs β€” Scheduled tasks
  • Environment Variables β€” Secure configuration

βš™οΈ Setup & Installation

Prerequisites

  • Node.js v18+ and pnpm
  • PostgreSQL database (local or hosted)
  • Solana Wallet with devnet/mainnet SOL and USDC
  • Supabase Account (for file storage)
  • Sanctum Gateway API Key (get one here)
  • Test USDC tokens (get one here)

Environment Variables

Create .env.local:

# Database
POSTGRES_URL="postgresql://..."

# Solana & Sanctum Gateway (REQUIRED)
RPC_URL_MAINNET=
RPC_URL_TESTNET=
GATEWAY_URL_MAINNET=https://tpg.sanctum.so/v1/mainnet
GATEWAY_URL_TESTNET=https://tpg.sanctum.so/v1/devnet
GATEWAY_API_KEY="your_sanctum_gateway_api_key"
NEXT_PUBLIC_RPC_URL=https://api.devnet.solana.com
NODE_ENV="development" # or "production"

# Secrets
CRON_SECRET="your_secure_cron_secret"
WEBHOOK_SECRET="your_webhook_signing_secret"

# Supabase (for file storage)
NEXT_PUBLIC_SUPABASE_URL="https://xxx.supabase.co"
NEXT_PUBLIC_SUPABASE_ANON_KEY="your_anon_key"
SUPABASE_SERVICE_ROLE_KEY="your_service_key"

# Backend Authority (Base58 encoded keypair)
BACKEND_KEYPAIR=
BACKEND_AUTHORITY=
PLATFORM_FEE_WALLET=
USDC_ADDRESS_MAINNET=
USDC_ADDRESS_TESTNET=

# Platform Config
BASE_URL="http://localhost:3000" # or production URL
AUTH_SECRET=
CRON_SECRET=

Installation Steps

# 1. Clone repository
git clone https://github.com/Emengkeng/SubFlow.git
cd subflow

# 2. Install dependencies
pnpm install

# 3. Set up database
pnpm db:push  # Apply schema to database

# 4. Seed initial data (optional)
pnpm db:seed

# 5. Run development server
pnpm run dev

Visit http://localhost:3000 to see the marketplace.

Database Setup

-- Key indexes for performance
CREATE INDEX idx_products_slug ON products(slug);
CREATE INDEX idx_products_category ON products(category_id);
CREATE INDEX idx_products_active ON products(is_active);
CREATE INDEX idx_purchases_customer ON purchases(customer_wallet);
CREATE INDEX idx_download_links_token ON download_links(token);
CREATE INDEX idx_payments_tx ON payments(tx_signature);

-- Unique constraint for active product slugs
CREATE UNIQUE INDEX unique_product_slug 
  ON products(slug) 
  WHERE is_active = true;

πŸ“ˆ Performance & Scalability

Transaction Reliability (via Sanctum Gateway)

  • 99.9%+ Success Rate β€” Multi-route delivery ensures transactions land
  • Sub-second Confirmation β€” Priority fees and Jito tips speed up inclusion
  • Automatic Retries β€” Failed RPCs are automatically retried through alternate routes
  • Congestion Handling β€” Adaptive priority fees adjust to network conditions
  • Zero Manual RPC Management β€” Gateway handles all RPC complexity

File Delivery

  • CDN-backed Storage β€” Fast file downloads globally via Supabase CDN
  • Lazy Link Generation β€” Download links created on-demand, not pre-generated
  • Expiring Tokens β€” Reduces storage overhead for expired links
  • Efficient Queries β€” Indexed database lookups for fast retrieval

Webhook Processing

  • Batched Delivery β€” Process webhooks in parallel
  • Exponential Backoff β€” Retry failed webhooks intelligently
  • Dead Letter Queue β€” Failed events stored for manual retry
  • CRON Job Scheduling β€” Run webhook processor every 1 minute

πŸ’‘ Future Enhancements

Planned Features

  • Multi-chain Support β€” Expand to other blockchains (Ethereum, Polygon, Base)
  • Subscription Products β€” Recurring payments for SaaS/memberships
  • NFT Gating β€” Require NFT ownership to purchase certain products
  • Royalty Splits β€” Automatic revenue sharing between collaborators
  • Analytics Dashboard β€” Advanced sales analytics and reporting
  • Affiliate Program β€” Referral links with commission tracking
  • Mobile Apps β€” Native iOS/Android marketplace apps
  • Web3 Social β€” On-chain reviews and reputation system

Technical Improvements

  • Helius/Triton Priority Fees β€” Dynamic priority fee estimation integration
  • Transaction Monitoring β€” Real-time transaction status updates via WebSocket
  • Advanced Gateway Features β€” Explore Sanctum Sender and other delivery methods
  • Multi-token Support β€” Accept payments in SOL, BONK, other SPL tokens
  • Compression β€” Use Solana state compression for cheaper storage

πŸ§‘β€πŸ’» Development

Project Structure

subflow/
β”œβ”€β”€ app/                    # Next.js app directory
β”‚   β”œβ”€β”€ api/               # API routes
β”‚   β”‚   β”œβ”€β”€ products/      # Product endpoints
β”‚   β”‚   β”œβ”€β”€ payments/      # Payment endpoints (Gateway integration)
β”‚   β”‚   β”‚   β”œβ”€β”€ create-session/     # buildGatewayTransaction
β”‚   β”‚   β”‚   β”œβ”€β”€ send-transaction/   # sendTransaction
β”‚   β”‚   β”‚   └── confirm/            # Confirmation
β”‚   β”‚   β”œβ”€β”€ organizations/ # Org endpoints
β”‚   β”‚   └── cron/          # Scheduled jobs
β”‚   β”œβ”€β”€ products/          # Marketplace pages
β”‚   β”œβ”€β”€ dashboard/         # Seller dashboard
β”‚   └── my-purchase/       # Customer purchases
β”œβ”€β”€ components/            # React components
β”‚   β”œβ”€β”€ ui/               # shadcn components
β”‚   └── ...               # Custom components
β”œβ”€β”€ lib/                   # Shared utilities
β”‚   β”œβ”€β”€ db/               # Database layer
β”‚   β”‚   β”œβ”€β”€ schema.ts     # Drizzle schema
β”‚   β”‚   └── queries.ts    # Query functions
β”‚   β”œβ”€β”€ solana/           # Blockchain logic
β”‚   β”‚   β”œβ”€β”€ payment-executor.ts      # Payment orchestration
β”‚   β”‚   └── sanctum-gateway.ts       # Gateway client ⚑
β”‚   └── utils/            # Helper functions
└── public/               # Static assets

Adding a New Product

// 1. Create product via API
POST /api/organizations/:orgId/products
{
  "name": "React Mastery Course",
  "description": "Learn React from scratch",
  "price": "49000000", // $49 USDC (6 decimals)
  "tokenMint": "Gh9ZwEmdLJ8DscKNTkTqPbNwLNNBjuSzaG9Vp2KGtKJr",
  "merchantWallet": "YourSolanaWalletAddress",
  "categoryId": "uuid-of-category",
  "downloadLimit": 5,
  "linkExpiryHours": 48
}

// 2. Upload file
POST /api/products/:productId/upload
Content-Type: multipart/form-data
- file: [binary]

// 3. Product is now live on marketplace!

Testing Payments with Sanctum Gateway

// Use devnet for testing
// 1. Get devnet SOL from faucet
// 2. Get devnet USDC from faucet
// 3. Get Sanctum Gateway API key (works on devnet)
// 4. Connect Phantom wallet to devnet
// 5. Purchase product on local marketplace
// 6. Watch Gateway optimize and deliver transaction
// 7. Check transaction on Solana Explorer (devnet)

🀝 Contributing

We welcome contributions! Here's how:

  1. Fork the repository
  2. Create a feature branch (git checkout -b feature/amazing-feature)
  3. Commit changes (git commit -m 'Add amazing feature')
  4. Push to branch (git push origin feature/amazing-feature)
  5. Open a Pull Request

Development Guidelines

  • Follow TypeScript best practices
  • Write clean, documented code
  • Test payment flows thoroughly on devnet
  • Update documentation for new features
  • Ensure Sanctum Gateway integration works correctly

πŸ“œ License

MIT License - see LICENSE file for details.

πŸ™ Acknowledgements

Sanctum Gateway

This project would not exist without Sanctum Gateway.

SubFlow fully integrates Sanctum Gateway's core methods:

  • buildGatewayTransaction β€” Optimizes every transaction with simulation, priority fees, and Jito tips
  • sendTransaction β€” Delivers through multiple channels (RPC + Jito bundles) with automatic retries
  • Transaction Confirmation β€” Reliable polling and status tracking

What Gateway enables for SubFlow:

  • πŸš€ 99.9%+ transaction success rate even during network congestion
  • ⚑ 2-5 second confirmations with optimized priority fees
  • πŸ”„ Zero manual RPC management β€” Gateway handles everything
  • πŸ’° Cost optimization β€” Jito tip refunds if RPC succeeds first
  • πŸ“Š Real-time observability β€” Track every transaction in Gateway dashboard

Without Sanctum Gateway, building a reliable payment system on Solana would require:

  • Custom RPC pool management
  • Manual priority fee calculations
  • Complex retry logic
  • Jito bundle integration
  • Transaction monitoring infrastructure

Gateway provides all of this out-of-the-box.

Built With

πŸ“§ Contact & Support

Author: Emengkeng Juslen Kenmini
Building: Decentralized commerce infrastructure for Africa and beyond 🌍

Hackathon: Sanctum Gateway Track

Demo: sub-flow-phi.vercel.app
GitHub: github.com/Emengkeng/SubFlow

⚑ SubFlow: Where Web3 Meets Digital Commerce

Powered by Sanctum Gateway. Built on Solana. Made for Creators.

Integration Highlights:

βœ… Full buildGatewayTransaction integration for transaction optimization
βœ… Complete sendTransaction implementation for multi-path delivery
βœ… Non-custodial architecture β€” customers sign everything
βœ… 99.9%+ payment success rate in production
βœ… Real-time confirmation tracking via Gateway

πŸš€ Try it now: subflow.vercel.app
πŸ“– Gateway Docs: gateway.sanctum.so/docs

About

Solana-native marketplace for digital products. Instant USDC payments, secure downloads, zero chargebacks. Built with Sanctum Gateway.

sub-flow-phi.vercel.app

Topics

marketplace subscription typescript nextjs decentralized blockchain gateway digital-products solana sanctum-gateway

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 23
+ 9 contributors

Languages