IMEI Checker - Enterprise Verification Tool
Developed as Tech Leader at BrothersPhone (Algeria's biggest phone seller). A production-grade IMEI verification system processing 10,000+ daily queries with rate-limited APIs, backend proxy security, and comprehensive device intelligence.
The Problem
BrothersPhone employees manually verified 10,000+ IMEI numbers daily using unreliable third-party websites. This led to slow service, security risks from exposing API keys, and zero control over data quality.
The Solution
Architected a secure backend proxy system with Express.js, integrating multiple IMEI APIs. Implemented rate limiting, input validation with Zod, and comprehensive caching for instant repeated queries.
The Impact
- Processing 10,000+ queries/day in production
- 85% faster verification vs manual methods
- 100% API key security with backend proxy
Technical Architecture
⚛️Frontend Stack
- React - Responsive component architecture
- TypeScript - Type-safe IMEI handling
- Tailwind CSS - Modern, mobile-first UI
- React Query - Smart caching & state management
Why? React Query caches repeated IMEI queries client-side for instant results. TypeScript prevents invalid IMEI format errors.
🔒Security Stack
- Express.js Backend Proxy - API key protection
- Express-rate-limit - DDoS protection
- Zod - Input validation & sanitization
- Redis Cache - Performance optimization
Why? Backend proxy keeps API keys server-side. Rate limiting prevents abuse. Zod validates IMEI format before API calls.
Secure Proxy Architecture
┌─────────────────────────────────────────────────────────────┐
│ CLIENT LAYER │
│ ┌──────────────────────────────────────────────┐ │
│ │ React Frontend (TypeScript) │ │
│ │ • User Input Validation │ │
│ │ • React Query Caching │ │
│ └────────────────┬─────────────────────────────┘ │
└───────────────────┼──────────────────────────────────────────┘
│ (HTTPS Only)
┌───────────▼────────────┐
│ SECURITY LAYER │
│ • Rate Limiting │
│ • CORS Protection │
│ • Zod Validation │
└───────────┬────────────┘
│
┌───────────▼────────────┐
│ BACKEND PROXY │
│ (Express.js) │
│ • API Key Management │
│ • Redis Cache │
│ • Request Routing │
└───────────┬────────────┘
│
┌───────────▼────────────┐
│ EXTERNAL IMEI APIs │
│ • Primary Provider │
│ • Fallback Providers │
│ • Device Database │
└────────────────────────┘
Enterprise-Grade Security
Production-ready security architecture protecting API keys and preventing abuse at scale.
Backend Proxy Pattern
API keys stay server-side. Frontend never exposes sensitive credentials. Attackers can't extract keys from client code.
Rate Limiting
Express-rate-limit blocks brute-force attacks and DDoS attempts. Configurable per-IP request limits.
Input Validation (Zod)
Strict IMEI format validation before API calls. Prevents injection attacks and malformed requests.
Redis Caching
Repeated IMEI queries return instantly from cache. Reduces API costs and improves response time.
CORS Protection
Whitelist approved domains only. Blocks unauthorized cross-origin requests from malicious sites.
Request Logging
Comprehensive audit trails for security monitoring and debugging production issues.
Feature Highlights
Device Intelligence
Comprehensive device info: brand, model, specifications, warranty status, and blacklist verification.
Instant Results
Sub-second response times with Redis caching. Repeated queries return immediately from cache.
Fallback APIs
Multiple IMEI provider integration. Automatic failover if primary API is unavailable.
Usage Analytics
Real-time tracking of queries, API performance, and employee usage patterns.
Screenshots
Try the Live IMEI Checker
Test any IMEI number and see the results instantly
Try with sample IMEI:
356938035643809