Payment system design

Payment system design — orchestration first, providers underneath.

A modern payments stack puts the orchestration layer above the acquirers, processors and methods — not below them. topropay is that layer: one unified API, vault tokens, routing engine, unified dispute queue and a single reconciliation feed. Provider choice becomes configuration; the system-design decision happens once.

topropay · system layers
  1. L1 Surface · hosted / SDK checkout, fields, mobile
  2. L2 Authorisation engine routing · cascade · vault
  3. L3 Provider panel acquirers · PSPs · gateways
  4. L4 Settlement & ledger normalised across providers
  5. L5 Events & operator portal signed webhooks · dashboard
Decisions made once at the top, swappable underneath.
One API
in front of every provider
Vault
tokens replace PAN downstream
<200ms
routing decision
1 ledger
across every connected provider

Key benefits

What changes when payment system design starts from orchestration

Four outcomes that show up consistently once the orchestration layer sits at the top of the merchant's payments architecture instead of an acquirer at the bottom.

  1. 01

    Payment system design that starts from orchestration

    A modern payment system design puts orchestration above acquirers, processors and methods — not below them. topropay is the orchestration layer: one unified API, a routing engine, a PCI Level 1 vault, a unified dispute queue and one reconciliation feed. Adding providers is configuration; the integration shape doesn't change.

  2. 02

    Vault tokens as the data model — PAN out of merchant systems

    Card data captures into the vault before it touches the merchant origin. Every downstream operation — refund, partial capture, retry, recurring debit, reconciliation row — references the vault token, not the PAN. The merchant's data model never has a PAN column, and PCI scope shrinks to SAQ A or A-EP.

  3. 03

    Routing engine and cascade as first-class primitives

    The routing engine scores every authorisation in under 200ms across the connected provider portfolio; soft declines cascade to the next ranked acquirer inside the same request. Routing policy and cascade behaviour are dashboard configuration; engineering ships once and tunes afterwards.

  4. 04

    Unified ledger and dispute queue across providers

    Settlements, fees, refunds and chargebacks across every connected provider normalise into one ledger keyed off vault tokens. The dispute queue surfaces every case across every provider in one place; evidence-pack templates per vertical accelerate response. Finance and ops both run from one surface.

How it works

Payment system design architecture in five layers

The orchestration model breaks down into five concrete layers — surface, authorisation, cascade, settlement, events. Each layer is independent; each is instrumented in the operator portal.

  1. 01 Surface

    Checkout / SDK / API surface

    Hosted page, embedded fields or low-level SDK on the merchant side. Captures card or method data into the platform's PCI L1 vault.

  2. 02 Auth

    Authorisation engine

    Every authorisation runs through the routing engine; per-transaction scoring on BIN, scheme, currency, country pair and risk picks the route.

  3. 03 Cascade

    Cascade & retry

    Soft declines cascade to the next ranked acquirer inside the same authorisation request; renewal traffic retries decline-reason-aware.

  4. 04 Settle

    Settlement & ledger

    Each provider settles on its own schedule; the ledger normalises across the panel, tagged with provider ID, scheme and policy.

  5. 05 Events

    Webhook event stream

    Signed, replay-safe webhook delivery for authorised / captured / refunded / disputed events into the merchant's SIEM or warehouse.

Main use cases

Where orchestration-first payment system design earns its keep

Six merchant shapes that benefit most from making the orchestration layer the foundation of their payment stack — greenfield, re-platform, marketplace, SaaS, PSP, global.

  • Greenfield

    Greenfield payment-system builds

    Teams designing a payment system from scratch use the orchestration layer as the foundation rather than picking one acquirer and accreting providers around it. The architecture decision is made once at the top of the stack.

  • Re-platform

    Re-platforming legacy payments stacks

    Legacy payment stacks that accumulated providers per method or per region collapse onto the orchestration layer. Migrations run in parallel; existing acquirer contracts can stay in place; the merchant cuts traffic over on a schedule that finance and engineering agree on.

  • Marketplace

    Marketplaces and multi-seller platforms

    Per-seller sub-merchant onboarding, split payments and per-tenant reporting on the same orchestration layer. The marketplace handles its sellers; the platform handles the per-provider acquiring relationships.

  • SaaS

    SaaS and subscription system design

    Vault tokens drive renewals; smart retries cascade across acquirers; scheme account updaters refresh credentials in the background. The renewal recovery loop becomes a routing policy rather than a per-provider retry script.

  • PSP

    PSPs and ISVs building processing businesses

    Reseller-style integration lets a PSP or ISV ride the platform's connected portfolio downstream. Their merchants inherit routing, method coverage and reconciliation; the PSP keeps the relationship and pricing.

  • Global

    Global online payment platforms

    Cross-border merchants with shoppers across EU, UK, US, APAC and LATAM use the orchestration layer to keep cards intra-region and surface local rails per market (iDEAL, PIX, BLIK, PayID) on the same checkout.

Platform features

Capabilities behind the payment-system design on topropay

What the platform actually ships at each layer of the architecture — the API contract, the routing engine, the vault, the dispute queue and the reconciliation feed.

  • Unified payments API

    JSON-over-HTTPS REST surface with idempotency, signed webhooks and OpenAPI specs; SDKs for web, mobile and server.

  • Hosted / embedded / SDK

    Drop-in hosted checkout for fast launch; hosted fields for inline integrations; low-level SDK for full UI control.

  • Routing engine

    Per-transaction scoring on BIN, scheme, currency, country pair, risk and merchant policy across the connected provider portfolio.

  • Cascade & retry

    Soft declines cascade inside the same authorisation; renewal traffic retries decline-reason-aware.

  • PCI DSS Level 1 vault

    Card data captures into the platform's vault before it touches the merchant origin; refunds and recurring run on vault tokens.

  • Network tokens & updaters

    Network tokens by default; scheme account updaters keep saved cards alive across re-issuance events.

  • 3DS2 / SCA orchestration

    Selective challenges per transaction; PSD2 / SCA-compliant in Europe without breaking conversion.

  • Chargeback queue & evidence

    Unified dispute queue across providers; evidence-pack templates per vertical; automated representment for select scheme types.

  • Unified reconciliation

    Settlements, fees, refunds and chargebacks across every connected provider normalised into one ledger.

  • Method catalogue

    Cards, wallets, bank rails (SEPA, Bacs, iDEAL, PIX, OXXO, PayID), BNPL and (via partner gateways) crypto on one API.

  • Operator portal

    One dashboard for authorisations, refunds, disputes and chargebacks across every connected provider.

  • Sandbox parity

    Per-environment sandbox that mirrors production — routing, cascade, 3DS, settlement and chargeback scenarios.

Trust & compliance

Compliance posture inside the system design

Every authorisation runs through a single audited environment. Merchants inherit the platform's posture rather than carrying separate certifications per provider.

PCI DSS Level 1
Annual on-site assessment plus quarterly ASV scans; sub-merchants inherit the posture regardless of method mix.
SCA & PSD2
Selective 3DS2 on the authorisation path keeps approval high in Europe without skipping the compliance bar.
Sanctions & AML alignment
Sanctions screening on onboarding; AML monitoring scaled to merchant vertical, volume and geography mix.
Scheme programme tracking
Visa VDMP / VAMP and Mastercard ECP / EFMP thresholds tracked per acquirer relationship.
Data residency
Regional data-residency options for merchants under regulators that require it; EU-resident traffic stays in-region by default.
Licensed verticals only
Licensed gaming, regulated financial services and other compliance-bound verticals supported only where current operating licences exist. Grey and black-market verticals are out of scope regardless of integration shape.

Ready to design

Make the orchestration layer the foundation of your payments stack.

A 30-minute architecture review walks through the five-layer model, the API surface that fits your stack, the routing policy that suits your traffic, and a sandbox to test against before any commercial commitment.

Frequently asked

Buyer questions about payment system design on topropay

Architecture, wallets, online-payment pages, chargeback handling, website-builder and government-tax-portal questions — plus what topropay does and doesn't do.

  1. 01

    What does payment system design mean on topropay?

    Payment system design on topropay means choosing the orchestration layer as the foundation of the merchant's payments architecture: one API, one vault, one routing engine, one dispute queue and one ledger above the underlying acquirers, processors and methods. The system-design decision is made once at the top; acquirers and methods become configuration underneath.

  2. 02

    How is system design payment system framed differently from picking a single PSP?

    System design payment system thinking starts with the data model (vault tokens, unified events, normalised ledger) and the control surfaces (routing engine, dispute queue, operator portal) — not with the underlying acquirer. Picking a single PSP collapses both into one vendor's choices; orchestration keeps the data model under the merchant's control while the providers underneath stay interchangeable.

  3. 03

    What is payment system design architecture in practice?

    Payment system design architecture on topropay is a layered model: surface (hosted page / SDK), authorisation engine (routing), cascade & retry, settlement & ledger, webhook event stream. Each layer is independent — the merchant can rebuild the surface without touching the back-end, swap acquirers without changing the surface, or migrate ledger consumers without re-issuing webhooks.

  4. 04

    What is the process of online payment system end-to-end?

    The process of online payment system on topropay: (1) buyer enters card / picks method on the checkout surface; (2) data captures into the PCI L1 vault; (3) authorisation runs through the routing engine and lands on the chosen acquirer; (4) soft declines cascade; (5) capture, refund and chargeback events flow through signed webhooks; (6) settlements and fees normalise into the unified ledger. Each step is observable in the operator portal.

  5. 05

    What online payment softwares does the platform compare to?

    Online payment softwares typically refer to either gateway products (Stripe, Adyen, Checkout) or orchestration layers (BR-DC, Primer, Spreedly, topropay). topropay sits in the orchestration category — designed to integrate with many gateways behind one API rather than be one gateway.

  6. 06

    Are online payment wallets supported as methods?

    Online payment wallets — Apple Pay, Google Pay, Click to Pay, Alipay+, WeChat Pay and regional wallets — are supported as methods on the checkout. The merchant doesn't pick a separate SDK per wallet; the platform surfaces them on the hosted page and inside the SDK pay-sheets, and authorisations roll up into the same ledger as cards.

  7. 07

    Where do online payment pages fit in the design?

    Online payment pages are the merchant-facing surface — typically the hosted checkout dropped in via redirect or iframe, or hosted-fields embedded inside the merchant's own page. The system-design decision is which surface fits the merchant's UX requirements; the back-end shape (vault, routing, ledger) is the same across all three options.

  8. 08

    How is payment chargeback handled in the system design?

    Payment chargeback is a first-class flow in the design. Disputes surface in the unified queue across every connected provider; evidence-pack templates per vertical accelerate response; automated representment is supported for select scheme types. Chargeback rows tag the original authorisation, the connected provider that handled it, and the dispute reason code.

  9. 09

    What does checkout online payment design look like for a new merchant?

    Checkout online payment design for a new merchant typically starts with the hosted page (fastest to live, minimum PCI scope), wires one webhook handler, configures methods per market from the dashboard. The full integration ships in days; iterating on the checkout surface afterwards happens against the same back-end without further provider work.

  10. 10

    Is topropay among the global online payment platforms a multi-region merchant should consider?

    topropay sits among the global online payment platforms for merchants that need cards plus local rails across EU, UK, APAC and LATAM under one contract. Single-region merchants often pick a direct gateway; multi-region merchants find the orchestration layer's design more durable as their market mix grows.

  11. 11

    What about cheapest online payment processing — is topropay positioned there?

    Cheapest online payment processing is rarely a single rate card — it's a routing policy decision. topropay's composite routing scores landed cost per BIN / scheme / country pair and picks the cheapest route per transaction across the connected portfolio. The platform fee is a separate line on the invoice; interchange and scheme fees pass through where the underlying acquirer supports it.

  12. 12

    What does setting up payment on website typically involve?

    Setting up payment on website with topropay involves: install the server SDK (or call the REST API directly), drop in the hosted checkout, configure methods and routing from the dashboard, wire one webhook handler. Most merchants reach a live integration in days; embedded builds take weeks. The architecture is the same across both paths.

  13. 13

    Is topropay a website builder with payment system, like Shopify or Wix?

    No. topropay is not a website builder — it is a payments orchestration layer that plugs into the merchant's existing site (whether built on Shopify, WooCommerce, a custom Next.js stack or a headless ecommerce platform). Merchants searching for 'website builder with payment system' or 'website builder with booking and payment system' usually want a Shopify / Wix / Squarespace-style hosted store builder; topropay integrates with stores built on those platforms, but doesn't build the store itself.

  14. 14

    What about service tax online payment — is that something topropay handles?

    Service tax online payment usually refers to government / tax-portal payment flows (in markets like India where the service-tax / GST payment is made through the relevant government portal). topropay is not a tax-portal operator and doesn't handle government tax-collection flows — that's a different regulatory domain. Merchants accepting card payments for their own services use topropay; the merchant's own tax remittance happens through the local tax authority's portal separately.

  15. 15

    How does the payment-system design handle high-traffic spikes?

    High-traffic spikes absorb cleanly on the orchestration layer: routing spreads load across the connected acquirer portfolio, cascade rotates around any provider that degrades, and platform-side capacity is horizontally sized for peaks. The merchant doesn't need to provision per-provider capacity buffers individually; the architecture handles it at the orchestration layer.