Work / Cloud and Infra / Private Beckn Network

Protocol-identical to Government ONDC

A complete ONDC,
in your VPC. बेकन प्रोटोकॉल · पूर्ण क्रियान्वयन

ONDC is government infrastructure. Private companies cannot run staging on it. Building anything Beckn-shaped means months of stub-writing. This is the whole network: registry, gateway, BAP, BPP, admin, storefront, seller dashboard. Run it private. Or flip two env vars and connect to real ONDC. Same code.

View source The protocol Connect to ONDC

15TypeScript packages, monorepo

1400Tests across 42 files (Vitest)

10Beckn actions, all of them

24ONDC domain codes covered

70+Indian cities, STD-code format

~8 minFrom terraform apply to live

Act I · The Problem

You cannot test against government infrastructure.

ONDC is a national open commerce protocol. Real, important, regulated. Which also means: you cannot stand up a copy of it for staging, you cannot mock the registry, and Pramaan certification needs you to already be partly working before you can even apply.

Reality 01

Months of stub-writing.

Every team that touches Beckn writes their own mock registry, mock gateway, mock BAP, mock BPP. Most stop halfway. The integration breaks the day they connect to real ONDC.

Reality 02

Compliance is its own project.

DPDPA 2023, IT Act / CERT-In, Consumer Protection Act, GST. Each has obligations the protocol does not enforce. Most implementations bolt them on at the end, badly.

Reality 03

One vertical at a time.

Most Beckn implementations are wired for retail. Want logistics, food, water, agriculture? Re-fork the whole thing. Re-do the catalog. Re-do the categories.

Reality 04

Crypto debt waiting to bite.

Beckn signs every message. Most implementations are Ed25519 only. The day post-quantum signatures are required, the network has to ship a hard fork.

Act II · The Architecture

Buyer side. Seller side.
The spine in between.

Beckn separates the buyer experience from the seller experience by design. Anyone can build a BAP. Anyone can build a BPP. The registry and gateway in the middle make sure they can find each other and trust each other. This implementation ships every piece.

Buyer side

BAP

Buyer Application Provider. All 10 Beckn actions: search, select, init, confirm, status, track, cancel, update, rating, support. Plus IGM and RSP.

@ondc/bap @ondc/buyer-app

⇄

Registry · Gateway

Subscriber registration · key transparency · search broadcast · multicast routing

Seller side

BPP

Business Provider Platform. Catalogue, fulfilment, settlement processing. Catalog validation. Order state machine with audit trail.

@ondc/bpp @ondc/seller-app

Act III · The Packages

Fifteen packages. One monorepo.

A pnpm + Turborepo monorepo with one shared crypto and protocol package, the core network services, the three Next.js applications, and the operational supporting cast (vault, orchestrator, health, logs, simulation, mock).

shared

Crypto, protocol types, middleware, DB schema, compliance modules, PII guard.

registry

Subscriber registration, key management, lookup, key transparency log.

gateway

Search broadcast, response aggregation, multicast routing via RabbitMQ.

bap

Buyer Application Provider. All 10 Beckn actions plus IGM and RSP.

bpp

Business Provider Platform. Catalogue, fulfilment, settlement processing.

buyer-app

Next.js 15 consumer storefront. Hindi and English i18n.

seller-app

Next.js 15 seller dashboard. Hindi and English i18n.

admin

Next.js admin panel, 20+ pages: participants, orders, alerts, logs, simulation.

docs

Public documentation portal.

vault

AES-256-GCM secret management with auto-rotation.

orchestrator

Docker lifecycle management, WebSocket hub.

health-monitor

15-second health checks, three-tier alert generation.

log-aggregator

Centralised structured logging (Pino JSON) with 30-day retention.

simulation-engine

Order flow generator for load testing.

mock-server

Simulated BAP/BPP responses for integration testing.

Act IV · The Flip

Private network today. ONDC participant tomorrow.
Same code.

Run as a standalone private Beckn network. Or, after completing the operational onboarding (DPIIT, NP Agreement, Pramaan, KYC), point at the real ONDC registry and gateway. No code changes.

.env · ondc participant mode

# Point to ONDC's registry instead of your own ONDC_REGISTRY_URL=https://staging.registry.ondc.org # or preprod / prod ONDC_GATEWAY_URL=https://staging.gateway.ondc.org # Your subscriber credentials (issued during ONDC onboarding) SUBSCRIBER_ID=your-domain.com SUBSCRIBER_UNIQUE_KEY_ID=your-key-id # Optional · enable hybrid post-quantum signing PQ_CRYPTO_ENABLED=true # Ed25519 + ML-DSA-65, X25519 + ML-KEM-768

Act V · Indian Law

Four laws. Programmatic checks.

The @ondc/shared compliance module ships tooling for the four laws every Indian commerce platform must answer to. These are tools, not legal advice. The README is honest about which obligations cannot be automated.

DPDPA 2023

Consent notice generation, data principal rights tracking, breach notification deadlines, fiduciary obligation gap analysis, cross-border transfer rules.

IT Act 2000 / CERT-In Directions 2022

Incident severity classification (6h / 24h / 72h reporting tiers), reportable incident type enumeration, deadline enforcement.

Consumer Protection Act 2019

Seller disclosure schema validation, pricing transparency checks, grievance officer requirement verification.

GST

GSTIN format validation, HSN code lookup, TCS computation helpers.

Act VI · The Stack

What is inside.

TypeScript 5.9 strict
Node.js 22 LTS
Fastify 5
Next.js 15
Tailwind CSS 4
PostgreSQL 16
Drizzle ORM
Redis 7
RabbitMQ 3.13
Ed25519 + ML-DSA-65
AES-256-GCM
X25519 + ML-KEM-768
BLAKE-512
Prometheus
Grafana
Vitest
PM2
nginx
GitHub Actions
Terraform (GCP)

Act VII · Proof

Eight minutes from clone to live.

terraform apply · ~8 minutes

One command provisions an e2-standard-4 VM in asia-south1, installs everything, starts the platform. Point your domain CNAME, you are live.

~1400 tests across 42 files

Vitest with V8 coverage. Watch mode. Browser-based test UI. Includes pnpm export:pramaan to export transaction logs in the format ONDC Pramaan certification expects.

Zero static secrets

All credentials generated at deploy time. 24-hour password rotation. 30-day signing key rotation. Vault-managed. PII encrypted at field level before storage.

Honest about limits

KNOWN_LIMITS.md lists every obligation that needs organisational action: DPIIT, NP Agreement, Pramaan, KYC, NBBL onboarding, payment merchant accounts, GRO/DPO appointments. Not pretending it is plug-and-play.

Want a Beckn implementation that actually ships compliance, not just protocol?

I build production-grade open-commerce infrastructure for Bharat. Protocol-correct. Cryptographically forward-looking. Honest about what is automated and what still needs a lawyer.

Hire me Back to work