Greetings from Mozambique My name is Carlos and i would like to participate in the build challenge by submitting a server side payment processing implementation written in java and python . For online payments where a merchant expects to receive a certain amount from a buyer, making the payment confirmation client side is very risk, because the buyer have the power to tamper with the transaction by reducing the amount before submitting it. I suggest that instead of dealing directly with amount, the amount should be calculated and saved server side , so instead of submitting an amount to the server the buyer would be submitting the appId(used to identify the app or website), hash and the quantity of the item he would like to purchase. When I say hash I am suggesting that a merchant stores the product information in the stellar network by sending a transaction from his account A to his Account B, sending the product price in the amount and the product name and details in the memo . So when a user wants to buy a certain item he would be sending the hash to server and the server would know what the amount should be by looking for that specific transaction in the ledger signed only by a specific merchant. This way only the merchant can alter the products price and not the user because in order to that he would need the merchant’s private key (when I say alter I mean send a new transaction with another price to the ledger ). The server would use to appId to retrieve the public key used to sign the transaction, the address where the buyer should send the payment, and then it would generate a transaction id. The transaction id would be used as a key in the server database to store the expected amount and destination. Finally in the client side, a QR code containing the amount(which was calculated and saved in the server),destination and transaction Id would be generated. The user wallet would scan the QR code and make the payment, after submitting the transaction, Stellar sends back the transaction Hash , the user wallet would than send this hash and transaction id to the server, and then the server would check to see if the details match with the ones already in the database and confirm or not the payment. For sending the notification that the payment was confirmed and then redirect the user, there are two choices use Pusher or Stellar, in the demo website the user can choose which one he wants to use before clicking the generate QR code button. If the merchant decides to use stellar to notify the browser he would need to create multiple accounts that would send payments to one account that the browsers would be listening to and looking for a specific memo text. Let's do some basic math: 1 transaction takes, let’s say 5 seconds so 1 Account can make 12 transactions per minute(TPM) this would mean that - If he had 10 accounts, then he could make 120 TPM or 2 transactions per second(TPS) - If he had 100 accounts, then he could make 1200 TPM or 20 TPS With 20 TPS he would have a decent payment gateway, capable of confirming payments to his website and would only be paying 0.0036 USD at the time of writing (1200TPM times 0.00001 XLM, which is 0.012 XLM ), to notify 1200 clients that the payment was successful . In this payment gateway can process 2 transactions per second if the client selects stellar as the notification method, and 100 transactions per second if it the client selects pusher .With customization this number can go up since aws lambda by default can run 1000 simultaneous containers . Here are the links: Android demo wallet (it will generate and fund test account for you, you can only send XLM in the test net ) https://play.google.com/store/apps/details?id=hakela.hakelawallet Demo eCommerce website (here you can test the payment gateway in the live or main net) https://carlosmucuho.github.io/ Interface used to store the product details in the ledger: https://carlosmucuho.github.io/saveProducts.html Simple interface for saving products in the Stellar network: https://carlosmucuho.github.io/saveProducts.html Server side code(I use AWS lambda to run the code.) java This project was compiled using eclipse maven, you can find all the code and project files necessary in the link bellow https://github.com/CarlosMucuho/SPGServerSideCodeJava Python The packages where installed in a docker compatible with amazon linux python 3.6 you can find all the code and project files necessary in the link bellow https://github.com/CarlosMucuho/SPGServerSideCodePython Those who don’t want to download the app or don’t have an android device can do the transaction manually and then send the transaction hash and transaction id(the one in the QR code) in a get request the code can be found here https://github.com/CarlosMucuho/SPGServerSideCodeJava In this payment gateway if the client decides to use the test net, he can pay using XLM, if he decides to use the live net he can choose between paying with XLM, MOBI, SLT or RMT. PS: AWS Lambda functions written in java have a cold start issue, but once they are warm they can run faster then the functions written in python that have an almost non existent cold start. This is my open source contribution to the stellar community: A server side payment processing implementation in java and python with the following features: - multi asset support - notify method choice - server-less ( pay for what you use) Thanks for reading

[unknown] Storing data in the stellar blockchain would be cheap, 1 transaction = 0.00001 XLM, so in order to save 10000 products you would need 0.1 XLM which is pretty cheap, you would just need to create an asset that would be sent in the amount field as the price of the project, as the asset issuer you can issue as much as you need .It would be complicated but it would also be worth the trouble, let's day a merchant wants to use a third party payment gateway to confirm transactions but don't want the payment gateway to have acces to his database, this is where this implementation would come in, But if the merchant already have is own server he wouldn't need the trouble. I understand the fact that you want to keep the plug-in standalone, my idea was to also provide the code for a server side verification to those who don't have time to create for themselves and those that maybe just don't know how, so in this way you would be providing them with both client side and server side code. You wouldn't need to mantain a server.

SPG - A Stellar payment gateway implementation

brewaa

Hi Carlos,

Nice! Thanks for the interest and your contribution. I haven't had a chance to try your function yet.

I get the idea about server side verification of transactions but I'm not too sure about the inventory stored on the blockchain idea. That could get quite expensive just to manage product data on-chain and also add many technical challenges on top of basic CMS integration for a regular product catalogue.

Additional transaction verification is a good idea at some point in the online order process. This is something that should probably happen at the end of the transaction process and/or in the CMS/Cart back-end to show admins which orders have valid payments.

Currently, StellarCheckout just dumps the transaction / payment result as the payload for the submit handler. This is supposed to be saved with the order item on the server so additional verification can happen as part of a greater process. So currently, the server will just know about a transaction but this may have to be extended to include for example, lumen price at time of transaction, and any other additional data that will make server side verification easier.

One of the goals of StellarCheckout is trying to make it standalone as much as possible so I didn't want to have a dependency on any server side verification code I controlled.

I do run a basic and pretty verbose transaction verification client side. This is run in response to receiving a message from a server sent event in the payment stream so I'm not sure if this can be tampered with by a rogue actor or not.

So I like the idea Carlos, but I'm not too sure if the StellarCheckout plugin-in needs to handle this. I'm leaning towards this being a job for the server side devs to write in their language of choice in their chosen environment.

What are your thoughts?