🧩 CH6 - Building a Modern Payment Gateway with a Rebill Scheduler - Chapter 6 - Beyond the Gateway
Why you might want to build your own payment gateway — and how to do it safely with an external PCI-compliant vault.
🌐 From Gateway to Ecosystem
By now, your gateway:
- Processes payments securely across multiple PSPs,
- Automates rebills and subscription lifecycles,
- Scales reliably with monitoring and observability.
But a gateway isn’t an end — it’s the core of a larger ecosystem.
To unlock real business value, we need to connect it to people, systems, and insights.
This final chapter explores how to extend your gateway beyond its API.
💻 Building an Operator Dashboard
Operations and finance teams need visibility into every transaction.
A well-designed dashboard turns logs into understanding.
Goals
- Real-time monitoring of payments, rebills, and refunds.
- Visual correlation between PSP states and internal statuses.
- Searchable audit trail per tenant or customer.
- Retry and reconciliation controls for failed jobs.
Architecture
| Component | Description |
|---|---|
| Frontend | React + Tailwind dashboard (Next.js, Vite, or Remix). |
| Backend | Go REST API or GraphQL querying payments, subscriptions, and audits. |
| Auth | JWT or OAuth2 (multi-tenant support). |
| Data | PostgreSQL (main data) + Redis (caching). |
| Streaming | WebSockets or SSE for live status updates. |
Example Endpoint
GET /v1/payments?tenant=acme&status=failed
Returns all failed payments for a tenant, enriched with PSP metadata, audit entries, and timestamps.
Example React Snippet
function PaymentStatus({ intent }) {
const color = intent.status === 'succeeded' ? 'green' : 'red'
return (
<div className={`p-2 rounded bg-${color}-100`}>
<strong>{intent.id}</strong> — {intent.status}
</div>
)
}
Simple, human, and live-updating — the operator’s cockpit.
🧩 Integrating with ERP & CRM Systems
Once your gateway is stable, integration becomes the multiplier of value.
Common Integrations
| System | Integration Goal |
|---|---|
| ERP (Odoo, SAP, Netsuite) | Sync payments, invoices, and refunds for accounting |
| CRM (HubSpot, Salesforce) | Track customer payments and subscription status |
| Billing Platform (Chargebee, Zuora) | Use your gateway as the payment backend |
| Analytics Tools (Metabase, Looker) | Analyze cash flow, failure rates, and LTV |
Example Sync Job
func (s *ERPService) SyncCapturedPayments(ctx context.Context, since time.Time) {
txs := s.Store.ListPaymentsByStatus(ctx, "captured", since)
for _, tx := range txs {
_ = s.ERP.PushPayment(ctx, ERPRecord{
ExternalID: tx.PSPRef,
Amount: tx.Amount.Amount,
Currency: tx.Amount.Currency,
Date: tx.UpdatedAt,
CustomerID: tx.CustomerID,
})
}
}
This kind of integration turns your gateway from an operational tool into a financial data hub.
📈 Reporting & Insights
Your database now contains truth. Leverage it.
Examples of insights to expose:
-
Revenue per customer / region / PSP.
-
Failure rate by card type or 3DS version.
-
Subscription churn and recovery rates.
-
Rebill retry performance.
-
Settlement times by provider.
Generate reports automatically, or feed them into dashboards with tools like Grafana, Metabase, or Superset.
SELECT psp, COUNT(*) AS count, SUM(amount) AS total
FROM payments
WHERE status = 'captured'
GROUP BY psp;
Data transforms your gateway into a decision engine.
🔐 Compliance & Certification
At this stage, your system handles real financial data — you must enforce compliance to scale safely.
-
PCI-DSS: Maintain SAQ-A by delegating card handling to the vault.
-
PSD2: Respect SCA / MIT exemptions per transaction type.
-
GDPR: Manage user data and consent in vault tokens and metadata.
-
Audit Integrity: Append-only logs, encrypted backups, and tamper-proof trails.
-
Incident Response: Have a documented postmortem and escalation plan.
🧠 Lessons Learned
After building and scaling this gateway, a few truths stand out:
- Abstraction is power, not complexity.
- You can integrate five PSPs with one interface — if your abstractions are honest, not magical.
- Compliance is a design choice.
- Architecting for SAQ-A from day one saves you months of audits later.
- State is sacred.
- Every race condition or webhook mismatch starts with unclear ownership of truth. Your gateway should always know — confidently — what the last valid state is.
- Resilience > Perfection.
- Distributed payments are messy. Expect retries, duplicates, out-of-order events. The goal is not to prevent failure, but to recover gracefully and record everything.
- Observability is empathy.
- Monitoring isn’t just for engineers — it’s for finance, support, and your users’ trust.
🚀 Closing Words
The next evolution isn’t more code — it’s operational mastery:
-
FinOps and cost optimization,
-
Global PSP routing and failover,
-
Real-time fraud scoring and risk modeling,
-
And eventually, AI-assisted orchestration for payment routing and anomaly detection.
“A gateway is not a wall between systems — it’s the bridge that makes commerce flow.”
Congratulations — you’ve just architected that bridge.