I build production Laravel backends for logistics, real estate, and multi-vendor commerce — focusing on scalable REST APIs, maintainable architecture, and developer tooling.
Authorization lives at the service layer, not the route. Every endpoint returns a consistent response envelope. AI integrations are session-managed, streamed over SSE, and isolated at service boundaries.
$muhammed = [
'stack' => ['PHP 8+', 'Laravel', 'MySQL', 'PostgreSQL', 'Redis'],
'architecture' => ['Repository–Service', 'SOLID', 'Clean Architecture', 'DTO', 'API Versioning'],
'testing' => ['PHPUnit', 'Pest'],
'open_source' => 'muhammedsalama/laravel-base',
'focus' => ['API Design', 'Backend Architecture', 'Developer Tooling'],
'location' => 'Egypt',
];|
Logistics platform covering shipment intake, tracking, dispatch, and financial reconciliation across a multi-tenant system with three-tier RBAC.
Laravel · REST API · RBAC · Multi-tenant
|
Bilingual (AR/EN) real estate consulting platform. Single API backend serving separate client and admin surfaces — AI assistance, real-time messaging, PDF generation, and bulk data import.
Laravel · i18n · RBAC · Pusher · OpenAI · SSE
|
Backend engineering for a production multi-vendor e-commerce platform, focusing on scalable REST APIs, maintainable architecture, and core platform development. Laravel · REST API · Platform APIs
|
|
Backend API contribution on a production Laravel platform as part of the AiTech engineering team.
Laravel · REST API · AiTech
|
Case Study — Exspeeds Logistics Platform
Problem — Operations across shipment intake, dispatch, and financial reconciliation were managed through disconnected tools with no unified API layer.
Architecture — Modular REST API with Repository–Service separation. Three-tier RBAC (admin / operations / client) enforced at the service layer, not the route. Tenant isolation applied at the repository layer via a shared constraint — covering all modules without per-endpoint guard logic.
Engineering Decisions
- Shipment state machine rejects invalid status progressions before persistence — handles concurrent writes without distributed locking overhead
- Financial reconciliation maintains query accuracy and performance as operational data volume accumulates
- Tenant data boundaries applied through base repository scoping, preventing per-controller isolation drift
Outcome — Production API at api.exspeeds.com, stable enough for frontend integration without schema change coordination.
Case Study — P-Adviser Consulting Platform
Problem — A bilingual (AR/EN) consulting platform serving both end users and an admin team through a single API backend. Required AI assistance, real-time messaging, document generation, and bulk import — each with distinct access control.
Architecture — Service-layer RBAC separates client and admin concerns. Multi-language content is resolved via localized model attributes; query logic stays uniform regardless of locale. OpenAI and Pusher integrations are isolated at dedicated service boundaries — provider or transport changes are contained to the service implementation.
Engineering Decisions
- AI session management: conversation state scoped per user prevents context bleed. Responses stream over SSE. The service boundary means the underlying model provider can change without touching consuming controllers.
- Chat system: Pusher-backed private conversations with a full message lifecycle — delivery, per-participant read-state, and attachment support. Threads are entity-linked and can be anchored to specific platform objects (properties, inquiries).
- Excel import: row-level validation runs server-side with structured per-row error reporting returned to the client. Business rules enforced at the service layer, not the controller.
- Admin surface: separate subdomain with its own session boundary. Service-layer authorization covers all admin routes regardless of HTTP method or controller entry point.
Outcome — Production at p-adviser.com, admin at dashboard.p-adviser.com, API docs at api.p-adviser.com/docs.
GitHub: MuhammedMSalama/LaravelBase · Packagist: muhammedsalama/laravel-base
Built after repeatedly solving the same architectural problems across production projects. One Artisan command generates a complete, architecture-enforcing REST API module: auto-bound Repository–Service contracts, whitelist-filtered queries, OpenAPI-annotated controllers, and a consistent ApiResponse envelope — applied uniformly across every module.
composer require muhammedsalama/laravel-base
php artisan make:module Product
# Generates: Model · Migration · Enum · Filter+Pagination · Interface
# Repository · Service · Requests · Resource+Collection
# Policy · Controller (Swagger/OA annotations) · Feature & Unit tests| Problem | Solution |
|---|---|
| Manual service-provider wiring per module | Repository–Service contracts auto-bound by naming convention |
| Unsafe or uncontrolled query filtering | Whitelist-based AbstractFilter with built-in pagination |
| Multi-driver migration differences | MySQL / PostgreSQL / SQLite detected at runtime |
| No OpenAPI coverage by default | Generated controllers include @OA\* annotations |
| Inconsistent API response shapes | ApiResponse envelope enforced across all modules |
| Laravel version fragmentation | Laravel 10 · 11 · 12 · 13 — PHP 8.1+, no upper-bound constraint |
| Domain | Implementation |
|---|---|
| AI / LLM Integration | Session-scoped OpenAI, SSE streaming, isolated service boundary — P-Adviser |
| Real-time Systems | Pusher private messaging — per-participant read-state, attachment support, entity-linked threads — P-Adviser |
| Backend APIs | Production platform systems for a large-scale e-commerce platform — BWW Store |
| Production Backend Systems | Scalable REST APIs across production logistics and e-commerce systems — Exspeeds · BWW Store |
| Reporting APIs | Reporting APIs with scalable aggregation endpoints — BWW Store |
| Multi-tenant RBAC | Service-layer authorization, role-based access control across tenant boundaries — Exspeeds · P-Adviser |
| i18n API Design | AR/EN bilingual via localized model attributes — uniform query logic across locales — P-Adviser |
| Bulk Data Processing | Server-side row-level validation, structured per-row error reporting — P-Adviser |
| Open Source | laravel-base — architecture-enforcing scaffolding, OpenAPI by default, Laravel 10–13 |
Project Portfolio — 10 backend system types
| System | Problem | Key Engineering |
|---|---|---|
| Multi-Vendor E-Commerce | Isolated vendor storefronts, shared catalog, unified order management | Scalable multi-vendor backend architecture, secure API design, reliable payment integration |
| Logistics Management | End-to-end shipment lifecycle — tracking, dispatch, reporting, reconciliation | State machine for shipment transitions; performant aggregation at operational volume |
| CRM | Lead pipeline, customer records, activity history, automated notifications | Flexible RBAC, activity-log integrity, cross-module notification routing |
| REST API Platforms | Versioned, authenticated, rate-limited APIs with OpenAPI documentation | Contract stability across versions during active product development |
| Dashboard Systems | RBAC dashboards with real-time data and exportable reports | Role-scoped aggregation with query performance maintained at scale |
| Authentication Systems | OAuth2, Sanctum, email verification, 2FA, session lifecycle | Secure token handling across web and API consumers with consistent revocation |
| Payment Integrations | Gateway abstraction, webhook verification, reconciliation, refund handling | Idempotent webhook processing; accurate financial state under concurrent load |
| Real-Time Chat | User-to-user messaging with conversation history, read receipts, contact management, and entity-linked threads | Event-driven delivery via Pusher broadcasting; sender-receiver indexed history; message state tracking per conversation |
| AI-Backed APIs | Contextual assistant backend with persistent conversation state and real-time response delivery | Session-scoped context management, Server-Sent Events for streaming, OpenAI integration isolated at the service layer |
| Data Import Pipelines | API-first bulk data ingestion from external sources with business rule enforcement | Server-side row-level validation, domain rule enforcement at the service layer, structured error reporting via Laravel Excel |
Sanctum / OAuth2 · Pusher · SSE · Queues · Repository–Service · DTO · API Versioning · RBAC · PHPUnit · Pest · Laravel Excel
Available for backend consulting, freelance collaborations, and open-source contributions.
