Thiết kế hệ thống Payment như Stripe. Đảm bảo tính chính xác và idempotency? (Design a payment system like Stripe. Ensuring correctness and idempotency?)

Requirements: process payments, prevent double charges, handle failures gracefully, PCI compliance, audit trail đầy đủ.

Idempotency (quan trọng nhất): client gửi Idempotency-Key (UUID) theo mỗi request; server lưu {idempotency_key → response} trong DB; nếu cùng key gửi lại (do retry), trả về cached response mà không xử lý lại – ngăn double charge tuyệt đối.
Payment flow: Create PaymentIntent (created) → Client collect card info (Stripe.js không gửi card data đến server – PCI scope reduction) → Confirm payment → Server gọi payment processor → Update trạng thái.
State machine: created → processing → succeeded/failed/refunded – mọi transition được log với Event Sourcing.
Outbox Pattern: ghi payment record và outbox event trong cùng DB transaction; worker đọc outbox và gọi external API, update status khi xong.
Reconciliation: hàng đêm so sánh internal records với statement từ bank/processor để phát hiện discrepancy.
Security: TLS everywhere, no log card data, tokenization (lưu token thay vì raw card number), fraud detection ML model.
Retry strategy: exponential backoff với jitter cho transient failures; không retry idempotent operations mà không có idempotency key.

Compliance: PCI-DSS, SOC2, GDPR data retention policies.

Requirements: process payments, prevent double charges, handle failures gracefully, PCI compliance, full audit trail.

Idempotency (most critical): the client sends an Idempotency-Key (UUID) with every request; the server stores {idempotency_key → response} in the DB; if the same key is sent again (due to a retry), return the cached response without reprocessing — absolutely preventing double charges.
Payment flow: Create PaymentIntent (created) → Client collects card info (Stripe.js does not send card data to your server — reducing PCI scope) → Confirm payment → Server calls the payment processor → Update status.
State machine: created → processing → succeeded/failed/refunded — every transition is logged using Event Sourcing.
Outbox Pattern: write the payment record and an outbox event in the same DB transaction; a worker reads the outbox and calls the external API, updating status when complete.
Reconciliation: nightly comparison of internal records against bank/processor statements to detect discrepancies.
Security: TLS everywhere, never log card data, tokenization (store tokens instead of raw card numbers), fraud detection ML model.
Retry strategy: exponential backoff with jitter for transient failures; never retry operations without an idempotency key.

Compliance: PCI-DSS, SOC2, GDPR data retention policies.

Xem toàn bộ System Design cùng filter theo level & chủ đề con.

Mở danh sách System Design

Thiết kế hệ thống Payment như Stripe. Đảm bảo tính chính xác và idempotency? (Design a payment system like Stripe. Ensuring correctness and idempotency?)

Requirements: process payments, prevent double charges, handle failures gracefully, PCI compliance, audit trail đầy đủ.

Idempotency (quan trọng nhất): client gửi Idempotency-Key (UUID) theo mỗi request; server lưu {idempotency_key → response} trong DB; nếu cùng key gửi lại (do retry), trả về cached response mà không xử lý lại – ngăn double charge tuyệt đối.
Payment flow: Create PaymentIntent (created) → Client collect card info (Stripe.js không gửi card data đến server – PCI scope reduction) → Confirm payment → Server gọi payment processor → Update trạng thái.
State machine: created → processing → succeeded/failed/refunded – mọi transition được log với Event Sourcing.
Outbox Pattern: ghi payment record và outbox event trong cùng DB transaction; worker đọc outbox và gọi external API, update status khi xong.
Reconciliation: hàng đêm so sánh internal records với statement từ bank/processor để phát hiện discrepancy.
Security: TLS everywhere, no log card data, tokenization (lưu token thay vì raw card number), fraud detection ML model.
Retry strategy: exponential backoff với jitter cho transient failures; không retry idempotent operations mà không có idempotency key.

Compliance: PCI-DSS, SOC2, GDPR data retention policies.

Requirements: process payments, prevent double charges, handle failures gracefully, PCI compliance, full audit trail.

Idempotency (most critical): the client sends an Idempotency-Key (UUID) with every request; the server stores {idempotency_key → response} in the DB; if the same key is sent again (due to a retry), return the cached response without reprocessing — absolutely preventing double charges.
Payment flow: Create PaymentIntent (created) → Client collects card info (Stripe.js does not send card data to your server — reducing PCI scope) → Confirm payment → Server calls the payment processor → Update status.
State machine: created → processing → succeeded/failed/refunded — every transition is logged using Event Sourcing.
Outbox Pattern: write the payment record and an outbox event in the same DB transaction; a worker reads the outbox and calls the external API, updating status when complete.
Reconciliation: nightly comparison of internal records against bank/processor statements to detect discrepancies.
Security: TLS everywhere, never log card data, tokenization (store tokens instead of raw card numbers), fraud detection ML model.
Retry strategy: exponential backoff with jitter for transient failures; never retry operations without an idempotency key.

Compliance: PCI-DSS, SOC2, GDPR data retention policies.

Xem toàn bộ System Design cùng filter theo level & chủ đề con.

Mở danh sách System Design