Regift · Knowledge Article

Architecture & Engineering Overview

Regift is an anonymous marketplace for unopened gifts, built for the Sydney / New South Wales community. This article is a detailed, end-to-end tour of the product: what it does, how the system is put together, the technologies behind it, and how it's deployed to production on Microsoft Azure.

Product

What Regift is

Every year, mountains of perfectly good, still-sealed gifts end up forgotten in cupboards. Regift gives them a second life. Users list an unopened gift to sell, swap, or donate, and other people nearby can browse, make an offer, chat, and arrange a safe exchange — all without ever revealing their real identity.

Three principles shape every design decision:

Anonymous by default

Users are known only by a generated alias and a cartoon avatar. Real names and emails are never shown to other users.

Safe to transact

Optional identity verification, curated safe-meetup spots, in-app reporting/blocking, and held-in-escrow payments.

Low-friction & local

Passwordless sign-in, proximity-based browsing, and Sydney-metro courier delivery for when meeting in person isn't ideal.

How it fits together

System architecture

Regift is deliberately a single-service backend: one FastAPI application running on an Azure App Service (Linux, B1 tier), fronting a set of managed Azure services and third-party partners. Two Flutter apps (iOS and Android) and a web admin console are the clients. This keeps the system easy to reason about, cheap to run, and fast to deploy, while the heavy lifting (storage, realtime, push, AI) is offloaded to managed services.

CLIENTSiOS app (Flutter)iPhone · TestFlightAndroid app (Flutter)Play internal testingAdmin consoleWeb (served by API)BACKEND · Azure App Service (Linux B1)FastAPI single-service app(app.py · Uvicorn worker)• REST API + security middleware• Session & admin auth• Escrow / payout orchestration• Courier booking + tracking poll• Background daemonsAZURE SERVICESTable Storage (NoSQL)Blob Storage (images · SAS)Web PubSub (realtime chat)Notification Hub (APNs/FCM)Azure OpenAI · FoundryEXTERNAL PARTNERSStripe Connectpayments + escrowTransdirectcourier deliveryDiditidentity (KYC)Apple / Googlesign-in + pushGitHub Actions CI/CDpush to main → build → deploy
High-level system architecture — Flutter clients talk to a single FastAPI service on Azure App Service, which orchestrates Azure platform services and third-party partners.

The backend is stateless between requests — all state lives in Azure Storage — so it can restart or scale without losing data. Long-running work (escrow auto-release, courier tracking) runs as background daemon threads inside the same process.

Technology

Technology stack

Apps & frontend

LayerTechnologyRole
Mobile appsFlutter (Dart)Single cross-platform codebase for iOS & Android
Design system“Meadow” — Material 3 + custom widgetsSerif display + Figtree UI, glass cards, floating dock
RealtimeWeb PubSub client + poll fallbackLive chat message delivery
Payments UIStripe SDK (PaymentSheet)Card, Apple Pay & Google Pay checkout
Secure storagePlatform Keychain / KeystoreEncrypted session-token storage on device
Admin consoleServer-rendered HTML + vanilla JSOperations dashboard served by the API

Backend

LayerTechnologyRole
API frameworkFastAPI (Python) + Uvicorn workerREST endpoints, middleware, background tasks
AuthJWT session tokens + OIDC (Apple/Google)Passwordless sign-in, per-request identity checks
ImagesPillow + Blob SAS URLsThumbnailing, share cards, time-limited image links
Background jobsDaemon threads7-day payout auto-release, courier tracking poll

Microsoft Azure

LayerTechnologyRole
ComputeApp Service · Basic B1 (Linux)Hosts the FastAPI service
DatabaseTable Storage (NoSQL)Users, gifts, offers, messages, deliveries, more
Object storageBlob StorageGift & verification images, served via SAS
RealtimeWeb PubSubPushes chat messages to connected clients
PushNotification HubFan-out to APNs (iOS) and FCM (Android)
AIAzure OpenAI · Microsoft Foundry (gpt-5-mini)Listing composer, semantic search & wishlist match
DeliveryGitHub Actions → App ServiceCI/CD on every push to main

External partners

LayerTechnologyRole
PaymentsStripe ConnectBuyer checkout, seller payouts, escrow-style holds
DeliveryTransdirectMulti-courier quotes, auto-booking & shipping labels
Identity (KYC)DiditOptional identity verification — result only
Sign-inApple Developer · Google CloudSign in with Apple & Google, push credentials
DistributionApp Store Connect · Google Play ConsoleTestFlight & Play releases

Capabilities

Feature catalogue

Discovery & browse

A pinned search bar, quick filters (nearby, under $50, delivery, free/donations, verified), category & price filters, and a square-card grid. Cards show distance in km when location is available, plus verified and delivery badges.

Listings

Sell, swap, or donate. Multi-photo galleries, condition, original price, tags, and a proximity-friendly suburb. An AI “write it for me” composer drafts the title and description from a photo.

Offers & trading

Every purchase starts as an offer. Sellers accept or decline; accepting marks the listing pending. One live offer per gift per buyer, with clear status on the listing.

Anonymous chat

Realtime messaging with image attachments, listing context headers, and role-aware draft messages. Status pills tell the buyer where the listing stands.

Trust & safety

Optional identity verification with a visible badge, curated safe public meetup spots (police stations, parks, libraries), reporting, blocking, and a dispute workflow.

Payments & delivery

Buy with in-person handover or courier delivery. Card, Apple Pay and Google Pay checkout, funds held in escrow, and a self-ship option where the seller posts it themselves.

Wishlists & alerts

Heart listings to save them, and set keyword alerts. New listings are matched against everyone's wishlists using AI semantic matching and pushed to interested users.

Notifications & purchases

A 90-day in-app notification centre, a My Purchases screen with a delivery tracker graphic and audit history, and pending-action badges that surface what needs attention.

Impact & badges

A personal “impact” tracker of gifts rehomed, plus collectible badges (first regift, generous donor, verified, doorstep delivery, and more).

Referrals & sharing

Refer-a-friend and per-listing share links that render a rich preview card for social apps and messengers.

Persistence

Data & storage model

Regift uses Azure Table Storage, a wide-column NoSQL store, rather than a relational database. Each concern gets its own table — users, gifts, offers, messages, deliveries, reports, disputes, notifications, wishlists, saved searches, and more. Tables are created automatically on first use, so a fresh environment bootstraps itself with no migration step.

Partition and row keys are chosen so common reads are single- partition and cheap — for example, notifications are partitioned by user with an inverted-timestamp row key so the newest appear first. Images live in Blob Storage and are served through short-lived signed (SAS) URLs rather than being made public.

Why NoSQL here

The access patterns are key-based and denormalised (fetch a user's listings, a gift's offers, a conversation's messages). Table Storage is inexpensive, auto-scaling, and needs no schema management.

Anonymity in the data

Real identity fields are stored but never exposed on public endpoints. Clients see only the alias, avatar, rating, and verification status.

Trust

Identity, anonymity & security

Sign-in is passwordless: Sign in with Apple and Google sign-in only. Provider identity tokens are validated on the server, and a signed session token is issued for subsequent requests. Session tokens are stored in the device's hardware-backed Keychain / Keystore, not in plain storage.

A security middleware runs ahead of every API request: it authenticates the caller and enforces that a signed-in user can only act on their own resources. Sensitive operations verify resource ownership (only a seller edits or deletes their listing; only a conversation participant reads its messages). Public endpoints are limited to anonymous browsing data and never leak personal contact details.

Optional KYC (Didit)

Users can verify they're a real person through Didit. Regift only ever receives the yes/no result — identity documents never touch our servers — and displays a verified badge without revealing who the person is.

Defence in depth

Server-side output escaping in the admin console, sanitised database queries, credentialed-CORS disabled, redacted logs, and secrets held only in environment configuration — never in source.

Money

Payments & escrow

Payments run on Stripe Connect. Sellers complete a one-time payout onboarding (their bank details go directly to Stripe, never to Regift). When a buyer pays, the charge lands in the Regift platform account — this is the escrow hold. The seller's share is only transferred to them once the exchange completes.

Offerbuyer requestsAcceptedlisting pendingPaidheld on platformDeliveredcourier / handoverConfirmedbuyer receivesReleasedseller paidseller acceptsbuyer paysshipNo confirmation in 7 days → auto-release sweep pays the seller · Pre-release admin refund fully reverses the charge
Escrow lifecycle — the buyer's card is charged to the Regift platform account (money held), and the seller is only paid out when the buyer confirms receipt, or automatically after 7 days.

Release happens when the buyer taps “I received it”, or automatically after a 7-day safety window if they never do. Before release, a full refund is always possible; after release it's handled manually. Checkout supports card, Apple Pay, and Google Pay, and item prices and postage are always taken from the server-side listing — never trusted from the client.

Logistics

Courier delivery

For exchanges that shouldn't happen in person, Regift integrates Transdirect, a multi-courier aggregator. When a seller submits their pickup address, the backend requests quotes across couriers, auto-books the cheapest option, and stores the pickup window and estimated delivery date. The seller prints the generated shipping label and leaves the box out; the buyer sees live status and an ETA.

BuyerSellerRegift APITransdirectbuy with delivery (offer)accept offerpay (card / wallet)hold funds (escrow)submit pickup addressquote courierscheapest quote + labelconfirm bookingprint label · box readyETA + trackingconfirm receivedpayout released
Delivery sequence — the buyer pays, the backend auto-books the cheapest Transdirect courier, and both sides are kept informed through to confirmed receipt.

Coverage is restricted to Sydney metro at launch. A configurable cost guard holds a booking for manual review if the courier quote would exceed the postage the buyer paid, and a background poller advances delivery status from the courier's tracking feed. A free self-ship mode lets sellers post items themselves at no cost to the buyer.

Intelligence

AI features

Regift uses Azure OpenAI, with a gpt-5-mini model deployed and configured through Microsoft Foundry, for three assistive features:

Listing composer

From a gift photo, the model drafts a natural title and description — a magical, staggered reveal fills the form for the seller, with sensible usage limits.

Smart search

Natural-language queries like “a gift for my 6-year-old” are expanded into relevant keywords and categories, so results include toys even when the query never says “toy”.

Wishlist matching

New listings are semantically matched against every user's saved wishlist keywords, asynchronously, and matches trigger a push alert.

Engagement

Realtime & notifications

Chat is delivered in realtime through Azure Web PubSub, with a polling fallback so messages still arrive if the socket drops. Every notable event — new message, offer update, delivery status change, wishlist match — is delivered two ways: a push notification and a persistent entry in the in-app notification centre (retained ~90 days), so users who declined push permission still miss nothing.

Push fan-out uses Azure Notification Hub, which routes to APNs for iOS and Firebase Cloud Messaging for Android from a single backend call. Device registrations are stored per platform so a user's iPhone and Android tablet can both receive alerts. Tapping a notification deep-links to the exact conversation, offer, purchase, or listing it refers to.

Operations

Admin console

A dedicated, authenticated web console — served by the same API — gives operators everything they need to run the marketplace: a deliveries queue (with one-click courier info and status controls), a disputes workflow with permanent history, moderation tools (verify/block users, mark listings inactive with a reason, resolve reports), a funds held / released indicator on every paid order, a waitlist for out-of-area demand, and feature toggles.

Production

Infrastructure & deployment

Regift runs entirely on a single Microsoft Azure subscription. The production environment was stood up as follows:

  1. Create the Azure account and a Resource Group to hold everything.
  2. Provision an App Service on the Basic B1 (Linux) plan to host the API.
  3. Add a Storage Account (Table + Blob), Web PubSub, and a Notification Hub.
  4. Create an Azure OpenAI resource and deploy the gpt-5-mini model via Microsoft Foundry.
  5. Configure all secrets and connection strings as environment variables in the Web App settings.
  6. Wire GitHub Actions to the Web App from both sides so every push to main builds and deploys automatically.
  7. Set the Web App startup command: uvicorn.workers.UvicornWorker --timeout 120 app:app.
  8. NoSQL tables auto-create on first use — no manual schema setup.
  9. Populate the Notification Hub with APNs and FCM credentials: the Apple .p8 key (header/footer stripped, pasted as the token) and the Firebase service credentials.
1git push → main2GitHub Actions build3Deploy to App Service (B1)4Uvicorn worker starts app5Read env vars / secrets6Tables auto-create on demand7Live · health check 200
Deployment pipeline — a push to main triggers GitHub Actions, which builds and ships the FastAPI service to Azure App Service; NoSQL tables self-create on first use.

External integrations are provisioned alongside: Apple Developer (certificates, identifiers & keys) and App Store Connect for iOS; Firebase, Google Cloud and Google Play Console for Android; Didit for KYC; Stripe Connect for payments; and Transdirect for delivery. Each is wired in through environment configuration, so the same codebase runs in test or live mode by changing settings alone.

About this article

Regift is built and operated by Vexbit, a Sydney-based software studio. For product help, see the Support page; for data handling, see our Privacy Policy.