Sellavie.ai — AI Social Sales Agent
Multi-tenant FastAPI backend that automates Instagram, Facebook, and WhatsApp conversations and connects them to order, invoice, and payment workflows.
Python 3.11FastAPISQLite (runtime)React 18 + ViteMeta Graph APIsOpenAI / Anthropic / GroqPaystack / Flutterwave / StripeNginxJWT + refresh rotation + TOTP 2FAFernet encryption
This project is private because it is an actively deployed commercial SaaS platform.
Tenancy
business_id isolation
Rate limit
100 req/min per IP
Auth
60m access / 30d refresh
Payload caps
2MB default, 10MB uploads
Project Overview
Sellavie.ai is a backend-first AI social sales platform. The system maps each inbound social event to the correct tenant, generates context-aware responses, and executes order/invoice/payment actions with verified webhooks and controlled side effects.
Challenge
Businesses lose revenue when social DMs are answered late, handoffs are inconsistent, and order/payment follow-through is handled manually across channels.
Solution
Built a multi-tenant backend that ingests webhooks, resolves tenant context, generates AI replies with provider failover, and executes commerce actions (orders, invoices, payment status updates) using server-side action parsing.
Results
Deployed a live system used by real businesses with webhook-based messaging, multi-provider AI orchestration, payment callback reconciliation, and analytics endpoints for conversation and transaction monitoring.
Architecture
- FastAPI monolith handles auth, tenant management, webhook ingestion, AI orchestration, and commerce APIs.
- Tenant isolation is enforced with business-scoped records (`business_id`) and owner/team access checks.
- Meta webhooks are signature-verified, dispatched by platform type, and mapped to tenant integration IDs.
- AI provider chain runs preferred-first failover (OpenAI -> Anthropic/Groq) with safe fallback replies.
- Internal action tags drive server-side side effects for handoff, checkout, invoice, and payment states.
- React SPA is served behind Nginx, which proxies `/api` to FastAPI.
Key Engineering Highlights
- Designed owner + team-member tenant access model with JWT access/refresh rotation and optional TOTP 2FA.
- Built webhook ingestion for Instagram, Facebook, and WhatsApp with deterministic tenant routing from integration IDs.
- Implemented state-machine-style AI routing by parsing internal control tags and separating text from actions.
- Added background task execution for notification and invoice side work using async tasks and worker threads.
- Built payment and transaction synchronization via verified webhooks across Paystack, Flutterwave, and Stripe.
- Added reliability controls: duplicate order guardrails, provider failover, payload caps, and defensive error handling.
Security & Privacy
- HMAC webhook verification for Meta and payment providers before processing side effects.
- Bcrypt password hashing, signed JWT access/refresh tokens, refresh-token rotation, and optional TOTP 2FA.
- Fernet encryption plus response masking for sensitive payment configuration fields.
- Request hardening with rate limits, scanner path blocking, and payload size limits.
- Audit-oriented activity logs and generic client error responses to reduce data leakage.
- Consent withdrawal, data export, account deletion, and Meta deauthorize/data-deletion callback endpoints.