Overview
This document catalogues every upstream and downstream dependency of the wallet-payment-service, including external vendors, internal shared libraries, and infrastructure services.
Dependency Diagram
Dependency Catalog
External Dependencies
| Dependency | Purpose | Protocol | Failure Impact | Resilience |
|---|
| Stripe API | Payment processing (PaymentIntent, charges, refunds) | HTTPS REST | Payments fail; no fallback vendor | Circuit breaker, timeout, retry |
| Stripe Webhooks | Inbound event notifications from Stripe | HTTPS POST (inbound) | Delayed state updates | Stripe automatic retry |
Internal Dependencies
| Dependency | Purpose | Protocol | Failure Impact | Resilience |
|---|
| CCG API Gateway | Request routing, OAuth2 enforcement | HTTPS | Service unreachable | Gateway HA / load balancing |
| PostgreSQL | Payment state persistence | TCP/SQL | All operations fail | Connection pooling, read replicas |
| OAuth2 Token Service | Token validation at gateway | HTTPS | Auth failures | Token caching at gateway |
| Secret Vault | Stripe API keys, DB credentials | HTTPS / sidecar | Service cannot start | Local cache with TTL |
| Merchant Service (Webhook Delivery) | Async event dispatch to merchants via wallet-merchant-service → wallet-merchant-webhook-proxy | HTTPS POST (outbound via Event Grid) | Merchant not notified | Retry queue with exponential backoff |
API Scopes
The gateway enforces the following OAuth2 scopes before routing to the service:
| Scope | Endpoints | Description |
|---|
financial/commerce/checkout:merchant | All /v2/payments, /v2/refunds, /v2/sessions | Production merchant scope |
financial/commerce/nonprodcheckout:merchant | Same as above | Non-production (staging/dev) |
financial/commerce/checkout:user | POST /v2/payments (widget-initiated), GET /v2/payments | Widget/user scope |
financial/commerce/nonprodcheckout:user | Same as above | Non-production user scope |
financial/commerce/checkout:merchant-pci | POST /v2/token/payments | Token-based payments (restricted scope) |
financial/commerce/nonprodcheckout:merchant-pci | Same as above | Non-production token scope |
Environment Routing
The X-Upstream-Env header controls environment targeting in non-production:
| Header Value | Target Environment |
|---|
dev | Development |
stage | Staging |
test | Test / QA |
| (not set) | Production (header not required) |