01
Prompt
Design a payment gateway like Stripe. Charge cards, handle refunds, webhooks to merchants, idempotent, ~100 TPS peak, PCI-DSS compliant.
Time budget: 45 min whiteboard. Draw architecture, estimate numbers, discuss tradeoffs.
Exercise ยท Financial & Trading
Payment Gateway
Whiteboard exercise. Try the problem cold, then reveal the rubric to self-score.
02
Hints (progressive โ click to reveal)
Hint 1
Never store card numbers. Tokenize via the card network; store only the token + last-4 + exp.
Hint 2
Every API call has an Idempotency-Key. Critical for retry safety.
Hint 3
Double-entry ledger. All value movements are atomic accounting transactions.
03
Rubric โ 10 points
- +2 Idempotency-Key required on POST /charges; stored with response; duplicate = return stored response
- +2 PCI tokenization: raw card โ token via card network; never touch raw PAN; scope PCI to a narrow vault
- +2 Double-entry ledger: each charge/refund is balanced debit/credit; all fund movement is atomic
- +1 Auth vs capture: separate external calls; hold funds on auth; capture within 7 days
- +1 Webhook delivery: at-least-once with exp-backoff retries over 3 days; signed payloads
- +1 Fraud scoring on every charge โ separate ML service; decision in <100ms budget
- +1 Saga for multi-step flows: auth โ risk check โ capture โ notify; each step idempotent
Self-score: tally the points you would have mentioned unprompted. 7+ is interview-ready on this problem.
04
Red flags (things that tank the interview)
- Stores raw card numbers in DB
- No idempotency mechanism (double-charges on retry)
- Synchronous webhooks blocking the API response
- Single DB transaction across external card-network call (blocks too long)
- No double-entry ledger; uses row-update for balances