Payment Gateway API Design: Stripe
Explore the design of Stripe's payment gateway API, including its functional and nonfunctional requirements, microservice architecture, and interaction with card networks. Understand how Stripe ensures security, reliability, strong consistency, and scalability while processing one-time and recurring payments. This lesson helps you grasp the complexities of real-world payment API design to prepare for product architecture interviews.
Payment gateway fundamentals
A payment gateway enables customers to transfer funds to merchants via credit or debit cards, connecting millions of buyers and sellers through a deceptively complex set of services. Both customers and merchants interact with the gateway through its API. Designing an API for a service like Stripe requires clearly defined functional and non-functional requirements.
What could be the challenges of making a functional Stripe service?
Functional requirements
Payment: Allow merchants to charge customers for purchases.
Customer data: Support creating, updating, deleting, and securely storing customer information (cards, personal details).
Invoices: Generate invoices before charging customers.
Transaction details: Expose all transaction data (purchases, refunds, payouts) and support both
andone-time A one-time payment is when customers are charged only once for a product or service. .recurring payments A recurring payment is when customers are charged periodically. Balance: Enable merchants to view account status, current balance, and statements.
Nonfunctional requirements
Strong consistency: All sources of truth must be updated atomically. A deduction from one account must always be reflected as a credit in another.
Security: State-of-the-art encryption, authentication, and authorization protect transactions, accounts, and card details.
Reliability: Continued operation despite component failures.
Availability: Uninterrupted service for all customers and merchants.
Scalability: Support for any number of customers, merchants, and transactions.
Prerequisites
The payment process
Fintech advancements have enabled e-commerce by building trust between merchants and customers. Modern payment systems go beyond simple fund transfers, improving the customer experience and simplifying operations for merchants. An online payment appears instantaneous, but behind the scenes, it involves cardholder verification, payment processing, merchant registration, and multiple interacting entities.
The following figure illustrates the flow of a payment processing system:
The roles of the entities involved in the payment processing system are listed in the following table:
Entities Details
Entities | Description |
Customer |
|
Merchant |
|
Issuer bank |
|
Acquiring bank |
|
Merchant's online store |
|
Stripe |
|
Cards network |
|
Note: An issuer processor sometimes sits between the issuer bank and the card network, facilitating authorization, clearing, and settlement on behalf of the issuing bank. Many issuer banks run in-house processors for greater control and cost savings.
Why are multiple entities involved in the payment ecosystem?
The fund transfer process behind the scenes occurs in two phases:
The authorization phase
The settlement phase
The authorization phase
We assume that the customer holds an account at the issuing bank and the merchant holds an account at the acquiring bank, with a virtual Stripe account storing all transactions. The authorization steps are:
The customer selects goods, proceeds to checkout, and enters credit card information, creating a transaction record.
Transaction information is forwarded to Stripe, which stores the details for later fund transfer.
Stripe routes card details and transaction information to the card network.
The card network authenticates the card and passes transaction information to the issuing bank for account validation.
The issuing bank verifies account status and fund availability, placing a hold on the required amount.
The issuing bank responds with a successful
via the card network to Stripe.authorization code An authorization code is an alphanumeric value that approves a transaction. This code is later used in the settlement phase. Stripe sends the authorization code to the acquiring bank.
The acquiring bank approves the merchant's terminal, which may issue a receipt to the customer.
Stripe updates its database with the authorization codes provided by the issuing bank.
How does Stripe pass the credit card information to the card network in the authorization phase?
The authorization phase is explained in the following illustrations:
Note: Every organization that processes, stores, or transfers credit card information must be PCI compliant. The
mandates using the Secure File Transfer Protocol (SFTP) to transmit sensitive data. PCI The PCI (Payment Card Industry) Security Standards Council is an organization that administers and enforces data security standards related to online payment transactions.
The settlement phase
With authorization complete and funds locked, the settlement phase transfers the accumulated successful transaction amounts to the ...