Service Design Specification
clonesahibinden-payment-service documentation
Version: 1.0.2
Scope
This document provides a structured architectural overview of the
payment microservice, detailing its configuration, data
model, authorization logic, business rules, and API design. It has
been automatically generated based on the service definition within
Mindbricks, ensuring that the information reflects the source of truth
used during code generation and deployment.
The document is intended to serve multiple audiences:
- Service architects can use it to validate design decisions and ensure alignment with broader architectural goals.
- Developers and maintainers will find it useful for understanding the structure and behavior of the service, facilitating easier debugging, feature extension, and integration with other systems.
- Stakeholders and reviewers can use it to gain a clear understanding of the service’s capabilities and domain logic.
Note for Frontend Developers: While this document is valuable for understanding business logic and data interactions, please refer to the Service API Documentation for endpoint-level specifications and integration details.
Note for Backend Developers: Since the code for this service is automatically generated by Mindbricks, you typically won’t need to implement or modify it manually. However, this document is especially valuable when you’re building other services—whether within Mindbricks or externally—that need to interact with or depend on this service. It provides a clear reference to the service’s data contracts, business rules, and API structure, helping ensure compatibility and correct integration.
Payment Service Settings
Handles Stripe payment flow for one-time premium upgrades on classified listings. Creates and tracks payment transactions, manages Stripe Checkout session and webhooks, and notifies the listing service to update premium status. Exposes payment history endpoints for users and reconciliation for admin.
Service Overview
This service is configured to listen for HTTP requests on port
3002, serving both the main API interface and default
administrative endpoints.
The following routes are available by default:
-
API Test Interface (API Face):
/ - Swagger Documentation:
/swagger -
Postman Collection Download:
/getPostmanCollection -
Health Checks:
/healthand/admin/health -
Current Session Info:
/currentuser - Favicon:
/favicon.ico
The service uses a PostgreSQL database for data
storage, with the database name set to
clonesahibinden-payment-service.
This service is accessible via the following environment-specific URLs:
-
Preview:
https://clonesahibinden.prw.mindbricks.com/payment-api -
Staging:
https://clonesahibinden-stage.mindbricks.co/payment-api -
Production:
https://clonesahibinden.mindbricks.co/payment-api
Authentication & Security
- Login Required: Yes
This service requires user authentication for access. It supports both JWT and RSA-based authentication mechanisms, ensuring secure user sessions and data integrity. If a crud route also is configured to require login, it will check a valid JWT token in the request query/header/bearer/cookie. If the token is valid, it will extract the user information from the token and make the fetched session data available in the request context.
Service Data Objects
The service uses a PostgreSQL database for data
storage, with the database name set to
clonesahibinden-payment-service.
Data deletion is managed using a
soft delete strategy. Instead of removing records
from the database, they are flagged as inactive by setting the
isActive field to false.
| Object Name | Description | Public Access |
|---|---|---|
paymentTransaction |
Represents a Stripe-based payment for a one-time premium listing upgrade. Linked to user and listing, with payment metadata, premium details, status, and Stripe reconciliation fields. Immutable except for webhook-driven status updates. | accessPrivate |
paymentTransaction Data Object
Object Overview
Description: Represents a Stripe-based payment for a one-time premium listing upgrade. Linked to user and listing, with payment metadata, premium details, status, and Stripe reconciliation fields. Immutable except for webhook-driven status updates.
This object represents a core data structure within the service and
acts as the blueprint for database interaction, API generation, and
business logic enforcement. It is defined using the
ObjectSettings pattern, which governs its behavior,
access control, caching strategy, and integration points with other
systems such as Stripe and Redis.
Core Configuration
-
Soft Delete: Disabled — Determines whether records
are marked inactive (
isActive = false) instead of being physically deleted. - Public Access: accessPrivate — If enabled, anonymous users may access this object’s data depending on API-level rules.
Composite Indexes
- uniq_listing_user_premiumtype_pending: [listingId, userId, premiumType, status] This composite index is defined to optimize query performance for complex queries involving multiple fields.
The index also defines a conflict resolution strategy for duplicate key violations.
When a new record would violate this composite index, the following action will be taken:
On Duplicate: throwError
An error will be thrown, preventing the insertion of conflicting data.
Properties Schema
| Property | Type | Required | Description |
|---|---|---|---|
amount |
Double | Yes | Payment amount for selected premiumType, in target currency. |
currency |
String | Yes | Currency in ISO-4217 format (e.g., 'TRY','USD') used for Stripe checkout. |
listingId |
ID | Yes | Target classified listing being upgraded to premium. |
paymentConfirmedAt |
Date | No | Date/time when payment was confirmed and premium was granted. Null if never successful/aborted. |
premiumType |
Enum | Yes | Premium upgrade package: bronze, silver, gold (matches frontend/listing options). |
status |
Enum | Yes | Status of payment: pending, awaiting_confirmation (stripe checkout created, awaiting webhook), success (confirmed), failed (declined or errored), canceled (user canceled). |
stripeEventId |
String | No | Last Stripe event webhook ID processed for this payment (used for double-spend/deduplication of webhook). |
stripeSessionId |
String | No | Stripe Checkout Session ID associated with this payment (used for reconciling gateway callbacks). |
userId |
ID | Yes | User (buyer) who made the payment (auth:user) |
- Required properties are mandatory for creating objects and must be provided in the request body if no default value is set.
Default Values
Default values are automatically assigned to properties when a new object is created, if no value is provided in the request body. Since default values are applied on db level, they should be literal values, not expressions.If you want to use expressions, you can use transposed parameters in any business API to set default values dynamically.
- amount: 0.0
- currency: TRY
- listingId: ‘00000000-0000-0000-0000-000000000000’
- premiumType: “bronze”
- status: pending
- userId: ‘00000000-0000-0000-0000-000000000000’
Constant Properties
amount currency listingId
premiumType userId
Constant properties are defined to be immutable after creation,
meaning they cannot be updated or changed once set. They are typically
used for properties that should remain constant throughout the
object’s lifecycle. A property is set to be constant if the
Allow Update option is set to false.
Auto Update Properties
amount currency listingId
paymentConfirmedAt premiumType
status stripeEventId
stripeSessionId userId
An update crud API created with the option
Auto Params enabled will automatically update these
properties with the provided values in the request body. If you want
to update any property in your own business logic not by user input,
you can set the Allow Auto Update option to false. These
properties will be added to the update API’s body parameters and can
be updated by the user if any value is provided in the request body.
Enum Properties
Enum properties are defined with a set of allowed values, ensuring that only valid options can be assigned to them. The enum options value will be stored as strings in the database, but when a data object is created an addtional property with the same name plus an idx suffix will be created, which will hold the index of the selected enum option. You can use the index property to sort by the enum value or when your enum options represent a sequence of values.
-
premiumType: [bronze, silver, gold]
-
status: [pending, awaiting_confirmation, success, failed, canceled]
Elastic Search Indexing
listingId paymentConfirmedAt
premiumType status userId
Properties that are indexed in Elastic Search will be searchable via the Elastic Search API. While all properties are stored in the elastic search index of the data object, only those marked for Elastic Search indexing will be available for search queries.
Database Indexing
listingId premiumType status
stripeEventId stripeSessionId
userId
Properties that are indexed in the database will be optimized for query performance, allowing for faster data retrieval. Make a property indexed in the database if you want to use it frequently in query filters or sorting.
Relation Properties
listingId userId
Mindbricks supports relations between data objects, allowing you to define how objects are linked together. You can define relations in the data object properties, which will be used to create foreign key constraints in the database. For complex joins operations, Mindbricks supportsa BFF pattern, where you can view dynamic and static views based on Elastic Search Indexes. Use db level relations for simple one-to-one or one-to-many relationships, and use BFF views for complex joins that require multiple data objects to be joined together.
-
listingId: ID Relation to
listing.id
The target object is a parent object, meaning that the relation is a one-to-many relationship from target to this object.
On Delete: Set Null Required: Yes
- userId: ID Relation to
user.id
The target object is a parent object, meaning that the relation is a one-to-many relationship from target to this object.
On Delete: Set Null Required: Yes
Session Data Properties
userId
Session data properties are used to store data that is specific to the user session, allowing for personalized experiences and temporary data storage. If a property is configured as session data, it will be automatically mapped to the related field in the user session during CRUD operations. Note that session data properties can not be mutated by the user, but only by the system.
-
userId: ID property will be mapped to the session
parameter
userId.
This property is also used to store the owner of the session data, allowing for ownership checks and access control.
Filter Properties
listingId paymentConfirmedAt
premiumType status userId
Filter properties are used to define parameters that can be used in query filters, allowing for dynamic data retrieval based on user input or predefined criteria. These properties are automatically mapped as API parameters in the listing API’s that have “Auto Params” enabled.
-
listingId: ID has a filter named
listingId -
paymentConfirmedAt: Date has a filter named
paymentConfirmedAt -
premiumType: Enum has a filter named
premiumType -
status: Enum has a filter named
status -
userId: ID has a filter named
userId
Business Logic
payment has got 5 Business APIs to manage its internal and crud logic. For the details of each business API refer to its chapter.
Edge Controllers
m2mCreatePaymentTransaction
Configuration:
-
Function Name:
m2mCreatePaymentTransaction - Login Required: No
REST Settings:
-
Path:
/m2m/paymenttransaction/create - Method:
m2mBulkCreatePaymentTransaction
Configuration:
-
Function Name:
m2mBulkCreatePaymentTransaction - Login Required: No
REST Settings:
-
Path:
/m2m/paymenttransaction/bulk-create - Method:
m2mUpdatePaymentTransactionById
Configuration:
-
Function Name:
m2mUpdatePaymentTransactionById - Login Required: No
REST Settings:
-
Path:
/m2m/paymenttransaction/update/:id - Method:
m2mDeletePaymentTransactionById
Configuration:
-
Function Name:
m2mDeletePaymentTransactionById - Login Required: No
REST Settings:
-
Path:
/m2m/paymenttransaction/delete/:id - Method:
m2mUpdatePaymentTransactionByQuery
Configuration:
-
Function Name:
m2mUpdatePaymentTransactionByQuery - Login Required: No
REST Settings:
-
Path:
/m2m/paymenttransaction/update-by-query - Method:
m2mDeletePaymentTransactionByQuery
Configuration:
-
Function Name:
m2mDeletePaymentTransactionByQuery - Login Required: No
REST Settings:
-
Path:
/m2m/paymenttransaction/delete-by-query - Method:
m2mUpdatePaymentTransactionByIdList
Configuration:
-
Function Name:
m2mUpdatePaymentTransactionByIdList - Login Required: No
REST Settings:
-
Path:
/m2m/paymenttransaction/update-by-id-list - Method:
Service Library
Functions
getPremiumPrice.js
// Returns an object with .amount (Double) and .currency (String) for a given premiumType
// You can swap out the switch below for config/db lookup for real apps
module.exports = function getPremiumPrice(premiumType) {
switch (premiumType) {
case 'bronze': return { amount: 59.0, currency: 'TRY' };
case 'silver': return { amount: 129.0, currency: 'TRY' };
case 'gold': return { amount: 249.0, currency: 'TRY' };
default: throw new Error('Unknown premiumType: '+premiumType);
}
};
getPremiumDuration.js
// Returns duration in days (integer) for each premium type (example: bronze - 7 days, silver - 15, gold - 30)
module.exports = function getPremiumDuration(premiumType) {
switch (premiumType) {
case 'bronze': return 7;
case 'silver': return 15;
case 'gold': return 30;
default: return 7;
}
};
verifyStripeSignature.js
// Use Stripe SDK to validate webhook signature
// You must set process.env.STRIPE_WEBHOOK_SECRET in your environment
const stripe = require('stripe')(process.env.STRIPE_SECRET_KEY);
module.exports = function verifyStripeSignature(rawBody, stripeSignature) {
try {
stripe.webhooks.constructEvent(rawBody, stripeSignature, process.env.STRIPE_WEBHOOK_SECRET);
return true;
} catch (err) {
return false;
}
};
getStripeEventType.js
// Extract event type from Stripe webhook payload (raw JSON string)
module.exports = function getStripeEventType(rawBody) {
const obj = typeof rawBody === 'string' ? JSON.parse(rawBody) : rawBody;
return obj.type;
};
getStripeSessionId.js
// Extract session ID from webhook payload (for 'checkout.session.completed' event)
module.exports = function getStripeSessionId(rawBody) {
const obj = typeof rawBody === 'string' ? JSON.parse(rawBody) : rawBody;
return obj.data && obj.data.object && obj.data.object.id ? obj.data.object.id : null;
};
getStripeEventId.js
module.exports = function getStripeEventId(rawBody) { const obj = typeof rawBody === 'string' ? JSON.parse(rawBody) : rawBody; return obj.id; };
findPaymentByStripeSessionId.js
const { getPaymentTransactionByQuery } = require('dbLayer');
module.exports = async function findPaymentByStripeSessionId(sessionId) {
// status checks left to workflow
return await getPaymentTransactionByQuery({ stripeSessionId: sessionId });
};
Hook Functions
No hook functions defined.
Edge Functions
m2mCreatePaymentTransaction.js
module.exports = async (request) => {
const { createPaymentTransaction } = require("dbLayer");
const context = { session: request.session, requestId: request.requestId };
const data = request.body?.data || request.data || request;
const result = await createPaymentTransaction(data, context);
return { status: 200, content: result };
}
m2mBulkCreatePaymentTransaction.js
module.exports = async (request) => {
const { createBulkPaymentTransaction } = require("dbLayer");
const context = { session: request.session, requestId: request.requestId };
const dataList = request.body?.dataList || request.dataList || (Array.isArray(request.body) ? request.body : [request.body]);
if (!Array.isArray(dataList) || dataList.length === 0) {
return { status: 400, message: "dataList must be a non-empty array" };
}
const result = await createBulkPaymentTransaction(dataList, context);
return { status: 200, content: result };
}
m2mUpdatePaymentTransactionById.js
module.exports = async (request) => {
const { updatePaymentTransactionById } = require("dbLayer");
const context = { session: request.session, requestId: request.requestId };
const id = request.body?.id || request.params?.id || request.id;
const dataClause = request.body?.dataClause || request.dataClause || request.body;
if (dataClause && dataClause.id) delete dataClause.id;
if (!id) {
return { status: 400, message: "ID is required" };
}
const result = await updatePaymentTransactionById(id, dataClause, context);
return { status: 200, content: result };
}
m2mDeletePaymentTransactionById.js
module.exports = async (request) => {
const { deletePaymentTransactionById } = require("dbLayer");
const context = { session: request.session, requestId: request.requestId };
const id = request.body?.id || request.params?.id || request.id;
if (!id) {
return { status: 400, message: "ID is required" };
}
const result = await deletePaymentTransactionById(id, context);
return { status: 200, content: result };
}
m2mUpdatePaymentTransactionByQuery.js
module.exports = async (request) => {
const { updatePaymentTransactionByQuery } = require("dbLayer");
const context = { session: request.session, requestId: request.requestId };
const dataClause = request.body?.dataClause || request.dataClause || request.body;
const query = request.body?.query || request.query || {};
if (!query || typeof query !== "object" || Object.keys(query).length === 0) {
return { status: 400, message: "Query is required and must be a non-empty object" };
}
const result = await updatePaymentTransactionByQuery(dataClause, query, context);
return { status: 200, content: result };
}
m2mDeletePaymentTransactionByQuery.js
module.exports = async (request) => {
const { deletePaymentTransactionByQuery } = require("dbLayer");
const context = { session: request.session, requestId: request.requestId };
const query = request.body?.query || request.query || {};
if (!query || typeof query !== "object" || Object.keys(query).length === 0) {
return { status: 400, message: "Query is required and must be a non-empty object" };
}
const result = await deletePaymentTransactionByQuery(query, context);
return { status: 200, content: result };
}
m2mUpdatePaymentTransactionByIdList.js
module.exports = async (request) => {
const { updatePaymentTransactionByIdList } = require("dbLayer");
const context = { session: request.session, requestId: request.requestId };
const idList = request.body?.idList || request.idList || [];
const dataClause = request.body?.dataClause || request.dataClause || request.body;
if (dataClause && dataClause.idList) delete dataClause.idList;
if (!Array.isArray(idList) || idList.length === 0) {
return { status: 400, message: "idList must be a non-empty array" };
}
const result = await updatePaymentTransactionByIdList(idList, dataClause, context);
return { status: 200, content: result };
}
Templates
No templates defined.
Assets
No assets defined.
Public Assets
No public assets defined.
Event Emission
Integration Patterns
Deployment Considerations
Environment Configuration
- HTTP Port:
3002 - Database Type: MongoDB
- Global Soft Delete: Enabled
Implementation Guidelines
Development Workflow
- Data Model Implementation: Generate database schema from data object definitions
- CRUD Route Generation: Implement auto-generated routes with custom logic
- Custom Logic Integration: Implement hook functions and edge functions
- Authentication Integration: Configure with project-level authentication
- Testing: Unit and integration testing for all components
Code Generation Expectations
- Database Schema: Auto-generated from data objects and relationships
- API Routes: REST endpoints with customizable behavior
- Validation Logic: Input validation from property definitions
- Access Control: Authentication and authorization middleware
Custom Code Integration Points
- Hook Functions: Lifecycle-specific custom logic
- Edge Functions: Full request/response control
- Library Functions: Reusable business logic
- Templates: Dynamic content rendering
Testing Strategy
Unit Testing
- Test all custom library functions
- Test validation logic and business rules
- Test hook function implementations
Integration Testing
- Test API endpoints with authentication scenarios
- Test database operations and transactions
- Test external integrations
- Test event emission and Kafka integration
Performance Testing
- Load test high-traffic endpoints
- Test caching effectiveness
- Monitor database query performance
- Test scalability under load
Appendices
Data Type Reference
| Type | Description | Storage |
|---|---|---|
| ID | Unique identifier | UUID (SQL) / ObjectID (NoSQL) |
| String | Short text (≤255 chars) | VARCHAR |
| Text | Long-form text | TEXT |
| Integer | 32-bit whole numbers | INT |
| Boolean | True/false values | BOOLEAN |
| Double | 64-bit floating point | DOUBLE |
| Float | 32-bit floating point | FLOAT |
| Short | 16-bit integers | SMALLINT |
| Object | JSON object | JSONB (PostgreSQL) / Object (MongoDB) |
| Date | ISO 8601 timestamp | TIMESTAMP |
| Enum | Fixed numeric values | SMALLINT with lookup |
Enum Value Mappings
Request Locations
0: Bearer token in Authorization header1: Cookie value2: Custom HTTP header3: Query parameter4: Request body property5: URL path parameter6: Session data7: Root request object
HTTP Methods
0: GET1: POST2: PUT3: PATCH4: DELETE
Edge Function Signature
async function edgeFunction(request) {
// Custom request processing
// Return response object or throw error
return {
data: {},
status: 200,
message: "Success"
};
}
This document was generated from the service architecture definition and should be kept in sync with implementation changes.