What we solved
Retail gold buyers in the Gulf were stuck between two bad options: physical dealers with opaque margins, or generic brokerage apps that don’t actually hold gold. Sabika Gold needed one verified account that tracked the live spot price, let users buy and sell grams at that price, and physically custodied the gold at Al Rajhi Bank - not a paper entry. The product had to be Shariah compliant (zero interest, zero speculative instruments) and work on iPhone, Android, and web from one codebase. Admins needed a dashboard tracking users, revenue, and profit.
The system at a glance
A Flutter 3.10.5 app shipping to iOS, Android, and web from one codebase. FastAPI backend on AWS EC2 handles REST + the Socket.IO broadcaster streaming live spot prices from metalpriceapi.com. SQL Server holds users, holdings, transactions, and KYC records. An undisclosed payment gateway handles deposits and withdrawals via a hosted webview. Physical gold custody sits at Al Rajhi Bank with monthly audits. An admin dashboard (same Flutter codebase, web build) watches the operation.
What the user experiences
- Sign up. Complete KYC with passport or national ID.
- Dashboard: cash balance, gold holding (grams + SAR value), live spot price, last transaction.
- Live price updates in real time via Socket.IO - no refresh, no polling.
- Historical chart - 24H / 1W / 1M / 1Y / 5Y / ALL, smooth transitions between timeframes.
- Buy / Sell: enter grams or cash, confirm at the current spot price, settle via payment gateway.
- Physical delivery: request home shipping of the custodied gold.
- Automatic savings: scheduled recurring buys on a cadence the user picks.
- Gifting: fee-free transfers of grams between Sabika Gold accounts.
- Transaction history: successful / awaiting / failed, with explanation per state.
Admins see: new users, total users, daily revenue and profit, transaction volume, KYC queue.
How we built the pieces
Live prices - Socket.IO, not polling
A polling UI that refreshes every 5 seconds misses sharp moves and costs 12× the backend hits of a socket. Socket.IO streams spot-price ticks from metalpriceapi.com through our broadcaster to every connected client. The client updates the on-screen spot price, the dashboard, and any open buy/sell form. One source of truth; no drift between a user’s phone and their laptop.
Historical chart - bucketed storage, not raw ticks
Naively storing every price tick for 5 years bloats the DB and kills query times. We bucket prices at multiple granularities - 1-minute, 5-minute, hourly, daily, monthly - and serve each chart timeframe from the closest-grained bucket. The 1Y chart loads from daily buckets, not from a million raw ticks.
Payments - webview with a Flutter-web gotcha
The payment gateway hosts its own checkout flow in a webview. Mobile works out of the box. Flutter web hit a well-known pain point: the webview can’t close itself after a successful payment. We opened the gateway in a new window and listened for the completion message, auto-closing on success. The user never sees the stranded “success” page every other Flutter-web payments implementation ends up with.
KYC - server-reviewed, not client-approved
KYC documents upload to the backend, encrypt at rest, and sit in a review queue. An admin approves or rejects. Until approved, the trading buttons are disabled server-side. No client-side-only gating.
Custody - Al Rajhi Bank, audited monthly
The gold the user “owns” in the app exists physically at Al Rajhi Bank’s vaults. Monthly audits reconcile user holdings against the vault count. Physical delivery is a real feature, not a marketing promise: the user requests delivery, the vault ships.
Admin analytics - same codebase, different build
flutter build web produces the admin dashboard. New users, revenue, and daily profit pull from the same backend the consumer app uses. No second app to maintain.
The custody behind the price
Three pieces make a Shariah-compliant gold platform credible: live prices that actually stay live, audited physical custody (not just a ledger entry), and a KYC + payments pipe regulators can live with. Anyone can paste a price ticker on a UI. The work sits in the pipe feeding it - and the custody behind the pipe.
Results
- Live on App Store + Google Play; web build live at sabikagold.com.
- Live-price feed streaming to every connected device via Socket.IO + metalpriceapi.com.
- Historical chart across 6 timeframes, bucketed for fast rendering.
- Payment flow working on iOS, Android, and web - including the Flutter-web webview edge case.
- Al Rajhi Bank custody with monthly audits.
- Physical delivery, automatic savings, and gifting all live.
- Admin dashboard tracking users, revenue, and daily profit.
What the client said
“Techy Panther’s collaboration on Sabika Gold was extraordinary. Their expertise in real-time gold prices, historical charts, secure payments, and Socket.io made for a seamless gold trading experience. Their commitment to quality and professionalism was invaluable in bringing this app to life.”
- Client, Sabika Gold
“Techy Panther exceeded my expectations with their exceptional mobile app development. I wholeheartedly recommend them for your app needs.”
- Kamaran
What an engineering team should take from this
If you are building any real-time financial UI with custody:
- Socket.IO over polling. For price, inventory, order book - anything that changes faster than the user refreshes.
- Bucket your history. One granularity per chart timeframe; never read raw ticks for a multi-year view.
- Flutter-web webview payment needs an auto-close hack. Test the full round-trip, not just the start.
- Custody is a partnership, not a feature. If you are selling “physical” anything, the bank on the other end is half of your product.
Tech stack
- Mobile + web: Flutter 3.10.5 (iOS, Android, web from one codebase)
- Backend: FastAPI on AWS EC2
- Database: SQL Server
- Real-time: Socket.IO with sticky sessions
- Price feed: metalpriceapi.com
- Payments: third-party gateway via webview (provider undisclosed)
- Custody: Al Rajhi Bank (monthly audits)
- Infra: AWS EC2
Screens
