Design of a Payment System
Understand the design of a payment system, its key APIs, database schemas, and evaluation against different requirements.
We'll cover the following...
In the previous lesson, we explored the working of the payment system, defined key requirements, and estimated different resources. Now, let’s expand our discussion by starting with the high-level design of the payment system.
High-level design
Let’s understand the high-level design of the payment system with the following illustration:
When a customer pushes the payment button on the merchant’s online store, an event is generated, which triggers the payment service.
The payment service processes the customer’s necessary information and sends the transaction details to the risk check system for fraud detection and risk assessment.
If the transaction passes the risk checks, the payment service forwards the request to the payment gateway.
The payment gateway verifies the payment details and checks for correctness. Once validated, the request is forwarded to the issuer’s bank.
The issuer bank processes the request and sends the required payment to the payment service, which deposits it into the merchant’s account.
The merchant’s account is updated to reflect the credited amount on successful transactions.
How does decoupling fraud checks from the payment gateway improve scalability and security?
Use the AI assessment widget below to submit your solution and get an interactive response.
We have explored the payment system’s high-level design. Before moving to the detailed design, let’s discuss some essential APIs, which define users’ entry points to the system:
API design
The following are the essential APIs that meet our functional requirements.
User registration and authentication
The user registration and authentication consist of the following two APIs.
User registration: We have the following API for user registration.
registerUser(username, email, password)
Under the hood, the registerUser API protects the password by hashing it before saving it to the database. The parameters in the API call are explained in the following table:
Parameter | Description |
| A unique user name opted for by the customer. |
| Customer’s email id to be used later in the authentication phase. |
| The customer’s password is used for authentication later. |
User authentication: To authenticate users, we use the following API, which we assume is the basic authentication mechanism.
authenticateUser(username, password)
Payment processing
In payment processing, we have the following APIs, which perform different task’s including the following:
Payment authorization: This API requests authorization for a payment transaction. It verifies whether the customer has sufficient funds or credit to cover the transaction amount and associates the transaction with the intended merchant. Upon successful verification, it returns an authorization code for the specified payment details.
authorizePayment(amount, card_number, expiration_date, CVV, merchant_id)
Let’s describe the parameters in the following table:
Parameter | Description |
| The amount to be paid by the customer for a purchase. |
| 16-digit customer’s payment card number. |
| The expiry date of the payment card. |
| A 3-digit card verification value of the payment card. |
| A unique identifier for the merchant receiving the payment. Used to route the transaction and reserve funds for the correct merchant account. |
Payment capture: This API enables us to capture authorized funds after successful payment authorization, complete the transaction, and transfer the funds to the ...