AYO — Multi-Tenant Creator Economy Platform
A deep dive into architecting and leading the development of a production multi-tenant creator economy platform on AWS — serving creators, fans, sponsors, and platform administrators across four applications with a shared API.
Project Overview
AYO is a multi-tenant creator economy platform that gives content creators a fully branded web presence and a complete suite of tools to build, grow, and monetise a fan community — complete with live streaming, a quest and rewards engine, gift card redemption, brand sponsorship campaigns, and real-time engagement features.
I joined as Senior Technical Lead and Founding Engineer, responsible for both the end-to-end technical architecture and the leadership of a distributed remote engineering team. The platform was built across four interconnected applications from the ground up, shipped to production on AWS, and designed to scale.
My Role
This was a dual role spanning technical delivery and team leadership:
- Founding Engineer — designed and built the core architecture, established the technology stack, and set all engineering standards from day one
- Technical Lead — led a remote development team across multiple time zones, conducting code reviews, setting sprint goals, unblocking engineers, and making architectural decisions
- Infrastructure Owner — owned the full AWS infrastructure setup, CI/CD pipelines, environment strategy, security posture, and cost model
- Product Engineering Partner — worked directly with product leadership to translate requirements into technical designs, and to push back where necessary on scope or approach
The Platform
AYO serves four distinct user types from a single shared API:
| User | Experience |
|---|---|
| Creators | Manage their branded microsite, quests, rewards, live streams, analytics, team, and earnings via Creator Studio |
| Fans | Visit creator microsites, complete quests, earn points, subscribe, watch live streams, and chat |
| Sponsors / Brands | Run sponsored quest campaigns, manage budgets, track performance via a dedicated Sponsor Panel |
| Platform Admins | Manage creators, KYC/verification, finance, moderation, feature flags, and platform configuration |
Four applications. One API. One engineering team.
| Application | Purpose | Stack |
|---|---|---|
| `ayo-api` | Central REST + WebSocket backend | Express.js, TypeScript, MongoDB Atlas, AWS |
| Creator Studio | Creator dashboard | Next.js 16, React 19, TypeScript |
| Fan Microsites | Multi-tenant fan-facing sites | Next.js 16, React 19, TypeScript |
| Admin & Sponsor Panel | Internal operations | Next.js 16, React 19, TypeScript |
Technical Highlights
Backend Architecture
Designed and built the entire API from the ground up with TypeScript strict mode. The architecture follows a clean layered pattern — Routes → Controllers → Services → Models — with no business logic leaking into route handlers. Key decisions I made and own:
- Split entrypoints separating the HTTP server from background workers, enabling independent scaling of each concern in ECS
- 138+ Mongoose domain models organised by bounded context (auth, commerce, content, community, finance, streaming)
- Config-as-single-source-of-truth — all environment variables validated at startup; missing required config fails fast
- MongoDB connection pooling tuned with explicit limits and timeout values aligned to the workload profile
Authentication & Security
Built a production-grade authentication system covering the full threat surface:
- JWT with httpOnly refresh token cookies and silent refresh via request interceptors across all three frontends
- Token refresh deduplication — a module-level in-flight lock prevents concurrent 401 refresh stampedes
- OAuth 2.0 integration for 7 providers: Google, Apple, Twitch, YouTube, Instagram, TikTok, Facebook
- Multi-factor authentication (TOTP + email OTP) with full setup, challenge, and disable flows
- CSRF protection, Helmet security headers, per-route rate limiting
- Auth middleware enforces suspension and ban state on every request
- All platform images pass through AWS Rekognition moderation before becoming publicly visible
- Input validation via Zod schemas on all public API endpoints
- No secrets in code — all sensitive values from environment variables or AWS Secrets Manager
Real-Time Infrastructure
One of the most technically complex areas of the project. Designed and implemented a WebSocket architecture that routes real-time events through SQS to AWS API Gateway Management API to connected clients:
- JWT WebSocket authoriser Lambda — validates tokens at `$connect`, rejecting unauthenticated connections before they reach application code
- Diagnosed and resolved a multi-layer AWS networking issue where VPC endpoint limitations were causing connection timeouts — traced the root cause through security group rules to a hard AWS limitation, then provisioned NAT Gateway to resolve it
- Real-time features wired: wallet balance updates, leaderboard changes, quest completion modals, live viewer counts, watch heartbeats
Payments & Finance Infrastructure
Built the complete payments layer across multiple Stripe webhook endpoints with separate signing secrets per event type. Key systems:
- Double-entry ledger with idempotency keys, preventing double-credits at the database level
- Stripe Connect for creator payouts — account creation, verification link generation, status polling
- Four gift card provider adapters (Tremendous, Tango, Giftogram) behind a unified `GiftCardProviderService` abstraction
- Reconciliation system — automated worker atomically computes ledger summaries, detects variance breaks, and surfaces them in the Admin finance dashboard
- CSV export and admin tooling for finance operations
Quest & Economy Engine
Designed the full specification and implementation for the platform's quest engine — the core engagement mechanic:
- Deterministic auto-completion evaluator supporting 5 quest modes (sponsored completion, livestream join, poll vote, watch days, quest completion)
- Unified event envelope with two-level idempotency — global dedup table plus mode-level uniqueness rules
- Time window support: daily, weekly, monthly, once — all UTC-anchored
- Daily fan earning caps enforced at model level
- AI Economy Advisor — AWS Bedrock integration that ingests a creator's full economy snapshot and streams back a structured health report with prioritised recommendations
Live Streaming
- Amazon IVS channel provisioning per creator with stream key management in Creator Studio
- IVS Chat with Lambda-based message moderation, emoji reactions, history hydration, and pause/resume controls
- Recording reconciliation worker syncing IVS metadata with stream records
- Stream login gate — configurable preview window before requiring authentication, with seamless auto-clear on login without interrupting playback
Multi-Tenant Microsite System
- Every creator microsite served from a single Next.js application — subdomain and custom domain routing handled via client-side normalisation
- Fan sessions namespaced per subdomain — fans can be independently logged in across multiple creator microsites in the same browser
- Module system — 8 configurable content modules (videos, quests, rewards, leaderboard, polls, posts, gifts, subscribe) with draft/publish separation
- Custom domain provisioning with CloudFront distribution, ACM certificate automation, and status polling
Infrastructure & CI/CD
Owned the full AWS infrastructure and deployment pipeline:
- ECS Fargate for API and worker containers with independent task definitions and scaling policies
- Bitbucket Pipelines across all four repos: lint → build → Docker → ECR → ECS deploy with branch-to-environment mapping (dev → DEV auto, stage → STAGE auto, main → PROD manual gate)
- AWS OIDC authentication for ECR push — no long-lived credentials stored in the CI system
- Git versioning strategy — designed moving environment tags for deployment tracking and SemVer release tags with CI-automated patch increment
- AI-powered release notes pipeline — Bitbucket webhook triggers → diff via REST API → AWS Bedrock (Claude) → structured code review + human-readable release notes stored in MongoDB and surfaced in Admin Panel
Performance & Observability
- MongoDB index strategy aligned to hot query patterns via `explain()` and Atlas Performance Advisor
- Serial DB calls converted to `Promise.all()` in community stats endpoints
- Redis caching on public read endpoints with cache bypass for testing
- Sentry configured across all four applications with source map upload in CI
- Structured logging and AWS CloudWatch monitoring with WebSocket API metrics and alarms
- Produced a full cost model and capacity planning document modelling variable costs across MAU scaling tiers with infrastructure change triggers
Remote Team Leadership
Beyond the technical delivery, I managed the remote engineering team end-to-end:
- Recruited and onboarded engineers across multiple time zones
- Ran sprint planning and retrospectives — translating product roadmap into engineering sprints with clear scope and acceptance criteria
- Conducted code reviews across all four repositories, maintaining quality and architectural consistency as the team grew
- Unblocked engineers on complex infrastructure, AWS, and architecture problems — many of the deep technical solutions documented above were reached through pair debugging and guided investigation
- Set and enforced engineering standards — TypeScript strict mode, testing requirements, security practices, CI/CD discipline, and documentation expectations
- Made build-vs-buy decisions across the stack — third-party vendors, AWS services, and open-source libraries evaluated and selected or rejected with documented rationale
- Managed stakeholder communication — translated engineering progress, risk, and technical debt into terms meaningful to product and business leadership
Technology Stack
Backend: Node.js, Express.js, TypeScript, MongoDB Atlas, Redis (ElastiCache)
Frontend: Next.js 16, React 19, TypeScript
AWS: ECS Fargate, API Gateway (WebSocket + REST), Lambda, SQS, S3, CloudFront, IVS, Rekognition, Bedrock, ACM, WAF, ElastiCache, CloudWatch, Secrets Manager
Payments: Stripe (Connect, Subscriptions, Payment Intents, Webhooks), Tremendous, Tango
Auth: JWT, OAuth 2.0 (7 providers), TOTP MFA, CSRF protection
DevOps: Bitbucket Pipelines, Docker, ECR, AWS OIDC, Sentry, Jest
AI: AWS Bedrock (Claude 3.5 Sonnet) for Economy Advisor and AI release notes
Outcome
A production multi-tenant creator economy platform running on AWS — serving creators, fans, sponsors, and platform administrators across four applications with a shared API. Designed, architected, built, and led from the ground up, covering the full spectrum from individual TypeScript decisions to infrastructure cost modelling to remote team management.
About Matthew Hutchings
Matthew Hutchings is a seasoned technology consultant specializing in digital transformation, enterprise architecture, and organizational leadership. With over 15 years of experience helping organizations navigate complex technical and business challenges, he brings practical insights from working with startups to Fortune 500 companies.