Architecture

System Architecture

The platform is built using an event-driven payment architecture.

Core Components

Payment Lifecycle Tracking

The platform tracks every stage of a payment.

Payment Status

  • requires_capture
  • succeeded
  • canceled
  • refunded
  • partially_refunded
  • disputed
  • disputed_lost

Authorization Lifecycle

  • authorized
  • captured
  • canceled

Refund Lifecycle

  • none
  • partial
  • full

Dispute Lifecycle

  • open
  • in_review
  • won
  • lost

Stripe Webhook Processing

Stripe events are processed through a centralized endpoint.

POST /webhook

Supported events include:

The system ensures idempotent processing so events are never applied twice.

Stripe → Ledger event flow

Events from Stripe are received at the webhook endpoint and translated into ledger updates in Firestore.

Stripe to Ledger event flow diagram
Stripe → Ledger event flow

Firestore Ledger Model

The platform maintains a financial ledger in Google Cloud Firestore.

Data model summary for the Firestore ledger
Ledger data model summary

Core collections:

These collections provide a complete financial audit trail.

Authentication & Access

The platform uses authentication plus Role-Based Access Control (RBAC) to enforce tenant isolation and least-privilege access across the payment lifecycle.

RBAC role and permission summary
RBAC role summary

RBAC Model

Enforcement

In practice, a merchant’s Stripe account remains isolated within Stripe Connect, while your platform provides a consistent multi-tenant view through controlled access to the ledger and APIs.

Risk & Exposure Engine

The platform includes a merchant exposure analysis engine.

Metrics include:

Example health score:

health_score = net_exposure / original_amount

API reference →   Technical details →