Payment system design
Payment system design — orchestration first, providers underneath.
A modern payments stack puts the orchestration layer above the acquirers, processors and methods — not below them. topropay is that layer: one unified API, vault tokens, routing engine, unified dispute queue and a single reconciliation feed. Provider choice becomes configuration; the system-design decision happens once.
- L1 Surface · hosted / SDK checkout, fields, mobile
- L2 Authorisation engine routing · cascade · vault
- L3 Provider panel acquirers · PSPs · gateways
- L4 Settlement & ledger normalised across providers
- L5 Events & operator portal signed webhooks · dashboard
- One API
- in front of every provider
- Vault
- tokens replace PAN downstream
- <200ms
- routing decision
- 1 ledger
- across every connected provider
Key benefits
What changes when payment system design starts from orchestration
Four outcomes that show up consistently once the orchestration layer sits at the top of the merchant's payments architecture instead of an acquirer at the bottom.
- 01
Payment system design that starts from orchestration
A modern payment system design puts orchestration above acquirers, processors and methods — not below them. topropay is the orchestration layer: one unified API, a routing engine, a PCI Level 1 vault, a unified dispute queue and one reconciliation feed. Adding providers is configuration; the integration shape doesn't change.
- 02
Vault tokens as the data model — PAN out of merchant systems
Card data captures into the vault before it touches the merchant origin. Every downstream operation — refund, partial capture, retry, recurring debit, reconciliation row — references the vault token, not the PAN. The merchant's data model never has a PAN column, and PCI scope shrinks to SAQ A or A-EP.
- 03
Routing engine and cascade as first-class primitives
The routing engine scores every authorisation in under 200ms across the connected provider portfolio; soft declines cascade to the next ranked acquirer inside the same request. Routing policy and cascade behaviour are dashboard configuration; engineering ships once and tunes afterwards.
- 04
Unified ledger and dispute queue across providers
Settlements, fees, refunds and chargebacks across every connected provider normalise into one ledger keyed off vault tokens. The dispute queue surfaces every case across every provider in one place; evidence-pack templates per vertical accelerate response. Finance and ops both run from one surface.
How it works
Payment system design architecture in five layers
The orchestration model breaks down into five concrete layers — surface, authorisation, cascade, settlement, events. Each layer is independent; each is instrumented in the operator portal.
-
Checkout / SDK / API surface
Hosted page, embedded fields or low-level SDK on the merchant side. Captures card or method data into the platform's PCI L1 vault.
-
Authorisation engine
Every authorisation runs through the routing engine; per-transaction scoring on BIN, scheme, currency, country pair and risk picks the route.
-
Cascade & retry
Soft declines cascade to the next ranked acquirer inside the same authorisation request; renewal traffic retries decline-reason-aware.
-
Settlement & ledger
Each provider settles on its own schedule; the ledger normalises across the panel, tagged with provider ID, scheme and policy.
-
Webhook event stream
Signed, replay-safe webhook delivery for authorised / captured / refunded / disputed events into the merchant's SIEM or warehouse.
Main use cases
Where orchestration-first payment system design earns its keep
Six merchant shapes that benefit most from making the orchestration layer the foundation of their payment stack — greenfield, re-platform, marketplace, SaaS, PSP, global.
- Greenfield
Greenfield payment-system builds
Teams designing a payment system from scratch use the orchestration layer as the foundation rather than picking one acquirer and accreting providers around it. The architecture decision is made once at the top of the stack.
- Re-platform
Re-platforming legacy payments stacks
Legacy payment stacks that accumulated providers per method or per region collapse onto the orchestration layer. Migrations run in parallel; existing acquirer contracts can stay in place; the merchant cuts traffic over on a schedule that finance and engineering agree on.
- Marketplace
Marketplaces and multi-seller platforms
Per-seller sub-merchant onboarding, split payments and per-tenant reporting on the same orchestration layer. The marketplace handles its sellers; the platform handles the per-provider acquiring relationships.
- SaaS
SaaS and subscription system design
Vault tokens drive renewals; smart retries cascade across acquirers; scheme account updaters refresh credentials in the background. The renewal recovery loop becomes a routing policy rather than a per-provider retry script.
- PSP
PSPs and ISVs building processing businesses
Reseller-style integration lets a PSP or ISV ride the platform's connected portfolio downstream. Their merchants inherit routing, method coverage and reconciliation; the PSP keeps the relationship and pricing.
- Global
Global online payment platforms
Cross-border merchants with shoppers across EU, UK, US, APAC and LATAM use the orchestration layer to keep cards intra-region and surface local rails per market (iDEAL, PIX, BLIK, PayID) on the same checkout.
Platform features
Capabilities behind the payment-system design on topropay
What the platform actually ships at each layer of the architecture — the API contract, the routing engine, the vault, the dispute queue and the reconciliation feed.
-
Unified payments API
JSON-over-HTTPS REST surface with idempotency, signed webhooks and OpenAPI specs; SDKs for web, mobile and server.
-
Hosted / embedded / SDK
Drop-in hosted checkout for fast launch; hosted fields for inline integrations; low-level SDK for full UI control.
-
Routing engine
Per-transaction scoring on BIN, scheme, currency, country pair, risk and merchant policy across the connected provider portfolio.
-
Cascade & retry
Soft declines cascade inside the same authorisation; renewal traffic retries decline-reason-aware.
-
PCI DSS Level 1 vault
Card data captures into the platform's vault before it touches the merchant origin; refunds and recurring run on vault tokens.
-
Network tokens & updaters
Network tokens by default; scheme account updaters keep saved cards alive across re-issuance events.
-
3DS2 / SCA orchestration
Selective challenges per transaction; PSD2 / SCA-compliant in Europe without breaking conversion.
-
Chargeback queue & evidence
Unified dispute queue across providers; evidence-pack templates per vertical; automated representment for select scheme types.
-
Unified reconciliation
Settlements, fees, refunds and chargebacks across every connected provider normalised into one ledger.
-
Method catalogue
Cards, wallets, bank rails (SEPA, Bacs, iDEAL, PIX, OXXO, PayID), BNPL and (via partner gateways) crypto on one API.
-
Operator portal
One dashboard for authorisations, refunds, disputes and chargebacks across every connected provider.
-
Sandbox parity
Per-environment sandbox that mirrors production — routing, cascade, 3DS, settlement and chargeback scenarios.
Trust & compliance
Compliance posture inside the system design
Every authorisation runs through a single audited environment. Merchants inherit the platform's posture rather than carrying separate certifications per provider.
- PCI DSS Level 1
- Annual on-site assessment plus quarterly ASV scans; sub-merchants inherit the posture regardless of method mix.
- SCA & PSD2
- Selective 3DS2 on the authorisation path keeps approval high in Europe without skipping the compliance bar.
- Sanctions & AML alignment
- Sanctions screening on onboarding; AML monitoring scaled to merchant vertical, volume and geography mix.
- Scheme programme tracking
- Visa VDMP / VAMP and Mastercard ECP / EFMP thresholds tracked per acquirer relationship.
- Data residency
- Regional data-residency options for merchants under regulators that require it; EU-resident traffic stays in-region by default.
- Licensed verticals only
- Licensed gaming, regulated financial services and other compliance-bound verticals supported only where current operating licences exist. Grey and black-market verticals are out of scope regardless of integration shape.
Ready to design
Make the orchestration layer the foundation of your payments stack.
A 30-minute architecture review walks through the five-layer model, the API surface that fits your stack, the routing policy that suits your traffic, and a sandbox to test against before any commercial commitment.
Frequently asked
Buyer questions about payment system design on topropay
Architecture, wallets, online-payment pages, chargeback handling, website-builder and government-tax-portal questions — plus what topropay does and doesn't do.
- 01
What does payment system design mean on topropay?
Payment system design on topropay means choosing the orchestration layer as the foundation of the merchant's payments architecture: one API, one vault, one routing engine, one dispute queue and one ledger above the underlying acquirers, processors and methods. The system-design decision is made once at the top; acquirers and methods become configuration underneath.
- 02
How is system design payment system framed differently from picking a single PSP?
System design payment system thinking starts with the data model (vault tokens, unified events, normalised ledger) and the control surfaces (routing engine, dispute queue, operator portal) — not with the underlying acquirer. Picking a single PSP collapses both into one vendor's choices; orchestration keeps the data model under the merchant's control while the providers underneath stay interchangeable.
- 03
What is payment system design architecture in practice?
Payment system design architecture on topropay is a layered model: surface (hosted page / SDK), authorisation engine (routing), cascade & retry, settlement & ledger, webhook event stream. Each layer is independent — the merchant can rebuild the surface without touching the back-end, swap acquirers without changing the surface, or migrate ledger consumers without re-issuing webhooks.
- 04
What is the process of online payment system end-to-end?
The process of online payment system on topropay: (1) buyer enters card / picks method on the checkout surface; (2) data captures into the PCI L1 vault; (3) authorisation runs through the routing engine and lands on the chosen acquirer; (4) soft declines cascade; (5) capture, refund and chargeback events flow through signed webhooks; (6) settlements and fees normalise into the unified ledger. Each step is observable in the operator portal.
- 05
What online payment softwares does the platform compare to?
Online payment softwares typically refer to either gateway products (Stripe, Adyen, Checkout) or orchestration layers (BR-DC, Primer, Spreedly, topropay). topropay sits in the orchestration category — designed to integrate with many gateways behind one API rather than be one gateway.
- 06
Are online payment wallets supported as methods?
Online payment wallets — Apple Pay, Google Pay, Click to Pay, Alipay+, WeChat Pay and regional wallets — are supported as methods on the checkout. The merchant doesn't pick a separate SDK per wallet; the platform surfaces them on the hosted page and inside the SDK pay-sheets, and authorisations roll up into the same ledger as cards.
- 07
Where do online payment pages fit in the design?
Online payment pages are the merchant-facing surface — typically the hosted checkout dropped in via redirect or iframe, or hosted-fields embedded inside the merchant's own page. The system-design decision is which surface fits the merchant's UX requirements; the back-end shape (vault, routing, ledger) is the same across all three options.
- 08
How is payment chargeback handled in the system design?
Payment chargeback is a first-class flow in the design. Disputes surface in the unified queue across every connected provider; evidence-pack templates per vertical accelerate response; automated representment is supported for select scheme types. Chargeback rows tag the original authorisation, the connected provider that handled it, and the dispute reason code.
- 09
What does checkout online payment design look like for a new merchant?
Checkout online payment design for a new merchant typically starts with the hosted page (fastest to live, minimum PCI scope), wires one webhook handler, configures methods per market from the dashboard. The full integration ships in days; iterating on the checkout surface afterwards happens against the same back-end without further provider work.
- 10
Is topropay among the global online payment platforms a multi-region merchant should consider?
topropay sits among the global online payment platforms for merchants that need cards plus local rails across EU, UK, APAC and LATAM under one contract. Single-region merchants often pick a direct gateway; multi-region merchants find the orchestration layer's design more durable as their market mix grows.
- 11
What about cheapest online payment processing — is topropay positioned there?
Cheapest online payment processing is rarely a single rate card — it's a routing policy decision. topropay's composite routing scores landed cost per BIN / scheme / country pair and picks the cheapest route per transaction across the connected portfolio. The platform fee is a separate line on the invoice; interchange and scheme fees pass through where the underlying acquirer supports it.
- 12
What does setting up payment on website typically involve?
Setting up payment on website with topropay involves: install the server SDK (or call the REST API directly), drop in the hosted checkout, configure methods and routing from the dashboard, wire one webhook handler. Most merchants reach a live integration in days; embedded builds take weeks. The architecture is the same across both paths.
- 13
Is topropay a website builder with payment system, like Shopify or Wix?
No. topropay is not a website builder — it is a payments orchestration layer that plugs into the merchant's existing site (whether built on Shopify, WooCommerce, a custom Next.js stack or a headless ecommerce platform). Merchants searching for 'website builder with payment system' or 'website builder with booking and payment system' usually want a Shopify / Wix / Squarespace-style hosted store builder; topropay integrates with stores built on those platforms, but doesn't build the store itself.
- 14
What about service tax online payment — is that something topropay handles?
Service tax online payment usually refers to government / tax-portal payment flows (in markets like India where the service-tax / GST payment is made through the relevant government portal). topropay is not a tax-portal operator and doesn't handle government tax-collection flows — that's a different regulatory domain. Merchants accepting card payments for their own services use topropay; the merchant's own tax remittance happens through the local tax authority's portal separately.
- 15
How does the payment-system design handle high-traffic spikes?
High-traffic spikes absorb cleanly on the orchestration layer: routing spreads load across the connected acquirer portfolio, cascade rotates around any provider that degrades, and platform-side capacity is horizontally sized for peaks. The merchant doesn't need to provision per-provider capacity buffers individually; the architecture handles it at the orchestration layer.
Related
Related on the topropay platform
- API Web payment systems on one API The web-payment-API framing of the same orchestration layer.
- Aggregation Payment aggregator overview The aggregation pattern at the heart of the system-design model.
- Checkout Modern e-commerce payment system The e-commerce framing of the same system design — drop-in checkout, methods, routing.
- Routing Smart routing & cascading The routing engine at layer 2 of the architecture.
- Finance Reconciliation & reporting The settlement-and-ledger layer in detail.
- Compliance PCI compliant payments The PCI L1 vault layer that anchors the data model.