Talking about the basic process of payment system development

foreword

Hi, long time no see, I'm CrazyCodes, today we'll talk about the payment system.

The payment system is one of the necessary modules for every system, and it is also the core function of many modules. If there is a problem with the payment, it means that it will directly affect the product revenue and the severity of the accident is high.

In this article, we will talk about the basic processes of the payment system, which are payment, notification (including synchronous notification and asynchronous notification), query, refund and reconciliation. The following is the process interaction diagram that will be used in this article.

Payment

Let’s talk about what needs to be done before initiating payment

1. After the user selects the central product, we first create an order, and create the basic information of the order, such as the name, price, quantity of the product, and the user's delivery address, followed by the parameters we need later.
2. Secondly, if multiple payment methods are integrated in the system, we will have a cashier page for users to choose a payment method to complete the payment, such as Alipay, WeChat, UnionPay, etc.
3. After the user completes the selection, we assemble it according to the parameters required by the third-party payment system, and initiate a payment request to the third party. The information generally required generally includes the order number, product name, price, synchronous & asynchronous notification address, and some payment methods also require The user's delivery address, the user's bank card information (card number, cvv, date) of course, the user's privacy information needs to be encrypted and transmitted. In a word, we will pass what the three-party payment system needs.
4. When everything is ready, we initiate the payment via PayUrl provided by the 3-party payment system.

Notice

Regardless of whether the user's payment is successful or not, the three parties will give us at least one synchronization notification, so let's first understand what is a synchronization notification

1. As shown in the figure above, when the three-party system confirms that the user has completed the payment, it will initiate a POST or GET request to us to directly jump back to this site according to the notification address we provided during payment, and the request will be accompanied by the three-party transmission to us some key transactions Information, if it is a mobile terminal, the notification will be in the callback result of the Callback that calls the payment
2. The approximate parameters of the notification include most of the information we transmit, transaction status, third-party transaction number, signature (used to verify the source of both systems) and some information that may not be used temporarily.
3. When we receive the returned data, we first perform verification to ensure that it is not a fraudulent request. The verification content is nothing more than the signature algorithm determined by the two systems, and some key fields, such as whether the amount matches.
4. We cannot fully trust the information sent by the third-party system. After we receive the notification, if the third-party system provides a query interface, we still need to check the key information of the third-party order transaction through the query method to ensure that the payment is indeed successfully completed.
5. When the verification is completed, the order will be subsequently circulated according to its own system logic

After understanding the synchronous notification, let's look at the asynchronous notification. Some friends are more confused. There is a synchronous notification, so why do you need the asynchronous notification? You can temporarily understand that the synchronous notification actually completes the payment process, which is an instant The third-party system also temporarily considers that the payment has been completed, but if there is an abnormality or the user refunds or appeals in the third-party seconds, then our process will be affected.

As shown in the figure above, the three-party system also generally needs to be archived, that is, after the system completes all verifications and ensures that the transaction is completed safely, the transaction is added to the database. At this time, the entire payment process is completely completed. At this time, the three parties will notify us that the payment has indeed been completed through the asynchronous notification address we provided (sometimes asynchronous and synchronous notifications are one address).

After we receive the third party, we still check first to prevent request fraud, and then ensure the correctness of the information. We still go to the request query interface. The biggest difference between asynchronous notification and synchronous notification is that after we ensure that the information is complete and correct, we need to report to the third party. The system returns a value agreed by the two systems, which may be HTTPCODE = 200, or write 200 in the Document or complete, etc. Different three-party systems have different requirements.

Refund

If there is a purchase, there will be a refund. The refund accounts for half of the logic of the payment module. The general process is not much different from the payment, as shown in the figure above.

Only in most three-party systems, refunds usually return results through HTTP Reponse, and there will be no synchronous notification. We create a refund form based on the amount of the product that the user initiates the refund, and after assembling the necessary parameters, request the RefundUrl provided by the third party to complete the refund. Pay attention, it is a refund application , why is it a refund application instead of a refund? This is actually a timeliness issue. Generally, refunds are not real-time, because the three-party system may have a lower link (such as a bank that may be connected below), so the refund requires automatic approval of a link or manual approval. , the refund can only be completed when the full link confirms that the refund can be made.

Because it is non-real-time, there is no synchronous notification, but there are asynchronous notifications in most systems. When the three-party system confirms that the refund is completed, it will notify us that the refund is completed according to the asynchronous notification address transmitted when we initiate the payment, and Carry the necessary parameters.

After we receive it, we still check it first to prevent fraud, and then we still need to query the refund situation through the query interface provided by the third party, and complete the marking of the refund according to our own system logic, and notify the user.

Of course, if there is no asynchronous notification, we can use the query interface to request the refund result from the third party from time to time through the delay queue, failure queue retry or timed script.

reconciliation

After the payment or refund is completed, it is not over yet. We should pull the bill regularly. Most third-party systems will provide an interface such as bill. After obtaining the bill, we need to compare the data of our system with the data of the third-party system to ensure that each transaction The amount, transaction time, and transaction status are all correct. When you encounter a wrong place, you should go to the problem point.

Only after the reconciliation is completed, the entire transaction is completed correctly , otherwise your company's finances will find you sooner or later, and then this matter is not just as simple as program implementation.

Thanks

Thank you for being here, I hope this article can help you, thank you.