Payment Flow Architecture
Understanding how OwnPay processes payments from start to finish.
The Complete Payment Flow
Customer OwnPay Gateway Customer
Bank
│ │ │ │
│─ Click "Pay" ─>│ │ │
│ │ │ │
│ │─ Create Payment│ │
│ │ Intent │ │
│ │<─ Return URL ──│ │
│ │ │ │
│<─ Redirect to ─│ │ │
│ Checkout │ │ │
│ │ │ │
│─ Enter Card ──>│ │ │
│ │─ Validate ────>│ │
│ │ │─ Check ──────>│
│ │ │<─ Approve ────│
│ │<─ Success ─────│ │
│<─ Success Page │ │ │
│ │─ Record Payment│ │
│ │ in Database │ │
│ │ │ │
│ │─ Send Webhook ─>
│ │ (if registered)
│ │ │ │
│<─ Confirmation │ │ │
│ Email │ │ │Payment States
Every payment goes through these states:
1. Pending
- Payment created
- Awaiting customer action
- Link sent or form displayed
- No funds charged yet
2. Processing
- Customer submitting payment
- Gateway validating
- No result yet from gateway
- Customer sees loading spinner
3. Success
- Gateway approved payment
- Funds authorized
- Transaction recorded
- Webhook sent (if configured)
- Customer sees success page
4. Failed
- Gateway declined payment
- Could be:
- Insufficient funds
- Invalid card
- Fraud detection
- Temporary network error
- Webhook sent (if configured)
- Customer can retry
5. Refunded
- Payment was successful
- Funds returned to customer
- Initiated by merchant
- Recorded in transaction history
6. Disputed/Chargeback
- Customer disputed payment
- Gateway initiated reversal
- Funds returned
- Recorded as chargeback
Payment Methods
OwnPay supports multiple payment methods:
Card Payments
- Credit Cards (Visa, Mastercard, AmEx)
- Debit Cards
- Processed by payment gateway (Stripe, PayPal, etc.)
Digital Wallets
- Apple Pay
- Google Pay
- PayPal
Local Payment Methods
- Bank Transfer
- Mobile Money (bKash, Nagad, GCash, etc.)
- Cash on Delivery
- Manual Invoice
Bank-Level Integration
- ACH Transfers (US)
- SEPA Transfers (EU)
- Direct Debit
Payment Creation
Via Payment Link
- Admin creates payment link
- System generates unique URL
- Customer visits URL
- Checkout form displayed
- Customer enters payment details
- Payment processed
Via Invoice
- Admin creates invoice
- System sends invoice via email
- Customer clicks payment link
- Checkout form displayed
- Customer enters payment details
- Payment processed
Via API
- Application creates payment intent
- OwnPay returns checkout URL or token
- Application displays payment form
- Customer enters payment details
- Payment processed
- Webhook notifies application
Via Hosted Checkout
- Application redirects to OwnPay
- Customer completes checkout on OwnPay
- OwnPay redirects back to application
- Application verifies payment
- Confirms with customer
Payment Processing
Validation
- Amount validation - Must be > 0
- Currency validation - Supported currency
- Customer validation - Email or ID
- Gateway validation - Gateway available
- Card validation - Checksum verification
Authorization
- Send to gateway - Format and encrypt
- Gateway processes - Real payment attempt
- Bank approves/declines - Authorization response
- Record result - Success or failure
Confirmation
- Record transaction - In database
- Generate receipt - For customer
- Send webhook - To configured URL
- Send email - Confirmation to customer
- Update inventory - If applicable
Webhooks
Webhooks notify your application of payment events in real-time.
Setup
- Go to Developers → Webhooks
- Enter your webhook URL
- OwnPay sends POST requests to this URL
Events
OwnPay sends webhooks for:
- payment.created - Payment initiated
- payment.completed - Payment successful
- payment.failed - Payment declined
- payment.refunded - Payment refunded
- payment.disputed - Chargeback filed
Webhook Data
json
{
"type": "payment.completed",
"data": {
"id": "pay_abc123",
"amount": 5000,
"currency": "USD",
"status": "completed",
"customer_email": "[email protected]",
"created_at": "2024-01-15T10:30:00Z"
}
}Verification
Every webhook includes a signature:
- Header:
X-OwnPay-Signature - Value: HMAC-SHA256 of payload
- Verify: Confirm signature matches
- Purpose: Ensure webhook authenticity
Best Practices
- ✅ Verify webhook signatures
- ✅ Idempotent processing (handle duplicates)
- ✅ Return 2xx status quickly
- ✅ Process async (don't block response)
- ✅ Log all webhooks
- ✅ Retry on failure
Error Handling
Common Errors
| Error | Reason | Solution |
|---|---|---|
| Insufficient Funds | Account doesn't have balance | Use different card |
| Expired Card | Card past expiration | Use valid card |
| Invalid CVV | CVV doesn't match card | Enter correct CVV |
| Fraud Detected | Payment flagged as suspicious | Contact bank or retry |
| Gateway Unavailable | Payment processor down | Retry later |
| Network Timeout | Connection issue | Retry payment |
Handling Failures
- Check error message - Understand why failed
- Notify customer - Show clear message
- Log error - For debugging
- Allow retry - Customer can try again
- Contact support - If persistent
Security
Data Protection
- Encrypted in transit - HTTPS/TLS
- Encrypted at rest - In database
- No storage - Card data never stored
- PCI compliant - Meets security standards
Best Practices
- ✅ Always use HTTPS
- ✅ Never log sensitive data
- ✅ Verify webhooks
- ✅ Use API keys securely
- ✅ Rotate API keys regularly
- ✅ Monitor suspicious activity
Payment Status Checks
Via Admin Panel
- Go to Payments → Transactions
- Find payment by ID or customer
- View current status
- See payment details
Via API
GET /api/v1/payments/{id}Returns:
- Payment status
- Amount and currency
- Customer information
- Payment method
- Timestamps
- Error messages (if failed)
Reconciliation
Daily Reconciliation
- Compare OwnPay transactions with gateway
- Verify amounts match
- Check for discrepancies
- Report any mismatches
Monthly Reconciliation
- Run financial reports
- Compare with bank statements
- Verify settlement amounts
- Reconcile fees and charges
Performance Considerations
Response Times
- Payment creation: <100ms
- Gateway authorization: 1-5 seconds
- Webhook delivery: <1 second
- Database recording: <50ms
Optimization
- Use connection pooling
- Enable caching for lookups
- Process webhooks asynchronously
- Use batch operations when possible
- Monitor database performance
Summary
The payment flow in OwnPay:
- Customer initiates payment
- OwnPay creates transaction
- Gateway processes payment
- Bank authorizes or declines
- OwnPay records result
- Webhook notifies application
- Customer receives confirmation
Ready to process your first payment? → Payment Links