PSPaySmart
System Architecture

Security and settlement decisions stay server-authoritative.

PaySmart uses an offline-first Kotlin client and a modular Functions Gen2 API. Critical verification and payment settlement decisions are enforced server-side and mirrored to client state through deterministic sync.

Operating company: VoltService Ltd

System context

Core platform nodes and responsibilities.

Android App

Compose screens, ViewModels, Room cache, feature gating and local continuity.

Functions API

Auth-guarded endpoints, policy checks, payment and verification orchestration.

Firestore/Storage

Session documents, wallet records, encrypted payload object lifecycle.

KMS + Integrity

Envelope key handling and attestation verification boundaries.

Stripe

Payment rail with webhook-settled wallet mutation.

Review Worker

Decrypt-processing and final identity status transitions.

Primary flows

Extracted from active implementation docs.

Identity verification flow

  1. Create upload session with nonce and AAD.
  2. Encrypt document on device and upload ciphertext.
  3. Commit with attestation proof and digest.
  4. Worker verifies and sets verified or rejected.

Add money flow

  1. Client requests PaymentSheet session from API.
  2. User completes Stripe flow.
  3. Webhook event finalizes ledger and wallet state.
  4. Client refreshes status and syncs local wallet mirror.

FX quote flow

  1. Client requests quote from /api/quotes.
  2. Server uses cache or upstream source with fallback.
  3. Client stores quote snapshot in Room.
  4. UI degrades gracefully when upstream unavailable.

Phone verification evolution

  1. Legacy OTP remains stable baseline.
  2. Pluggable verifier chooses preview/stable provider.
  3. PNV path can be enabled by feature flag.
  4. UI contract remains unchanged during provider swap.