One API. Every provider you sell through.
Unified payment layer with routing, fallback, and reconciliation. Proven at a $1B+ unicorn across 15+ markets with 40+ providers integrated.
Who this is for
E-commerce or SaaS CTO whose business has outgrown a single payment provider — routing logic, compliance (PCI-DSS, SCA, 3DS), and reconciliation are all manual today.
The pain today
- One provider failing during peak traffic with no fallback
- Each new market requiring a new provider, each with a different API
- Reconciliation between providers, ledger, and bank taking days
- Compliance audits finding gaps in 3DS or SCA handling
- No unified view of payment performance across providers
The outcome you get
- Single payment API your product code talks to, regardless of provider
- Smart routing based on geography, currency, success rate, cost
- Automatic fallback when a provider fails mid-transaction
- PCI-DSS-compliant architecture (tokenization, never raw card data)
- Unified reconciliation — provider vs ledger vs bank statement
Payment orchestration architecture
The core pattern: your product talks to your orchestration layer, never directly to a provider. The orchestration layer knows which provider to route to based on rules (country, currency, amount, customer profile, recent failures). If the primary provider declines or times out, the orchestration layer retries on the next provider without the product code knowing. A single tokenization surface means cards are stored once, under your control, and replayable across providers. This pattern is what lets a business integrate 40+ providers without 40+ product-level integrations — and it's what I built at bolttech across 15+ markets.
Compliance: PCI-DSS, SCA, 3DS
Card data compliance is the part that kills DIY payment work. PCI-DSS: never touch raw card numbers in your infrastructure — use the provider's hosted fields or tokenization API (Stripe Elements, Adyen Components, etc). Your servers see tokens, not PANs. SCA (Strong Customer Authentication, EU): required on every EU transaction above €30 — 3DS2 flow handled by the provider, but your UX has to support the challenge redirect. 3DS: Visa/Mastercard require it in most regions now — the orchestration layer applies 3DS based on region, amount, merchant risk score. I build with PCI-DSS SAQ A scope (lowest compliance surface) as the default — keeps audit effort manageable.
Reconciliation and ledger design
Every transaction lives in three places: the provider's dashboard, your internal ledger, and eventually the bank statement. Reconciliation is proving these match, every day, across every currency. Common failure modes: partial captures not reflected in the ledger, chargeback timing gaps, currency conversion differences, provider fees not allocated correctly. I build a double-entry ledger with explicit reconciliation jobs running daily per provider, with alerts when numbers drift beyond threshold. Finance teams love this because month-close goes from a multi-day spreadsheet exercise to a verified dashboard. It's boring engineering work and it's where payment platforms earn their cost.
Case study: bolttech 40+ providers
At bolttech I led the Payment Service that integrated 40+ payment providers across 15+ international markets — a $1B+ unicorn's core infrastructure. 99.9% platform uptime. Zero post-launch critical bugs on the Payment Service. Provider-by-provider onboarding through a standardized interface meant adding a new market was a 2-week job, not a 2-quarter rewrite. The architectural patterns — orchestration layer, unified tokenization, per-provider adapters with shared interface, double-entry ledger, daily reconciliation — are the same ones I apply to smaller-scale payment builds. The difference is tenant count and transaction volume, not design.
Pricing
Payment integration work fits the Applications Pro tier at $4,500/mo because the work sits on the critical money-path and needs tight engineering discipline. Typical first-version timeline: 6–8 weeks for 2 providers plus reconciliation, longer for each additional provider. After initial integrations, the subscription continues through expansion to new markets and new providers — most clients integrate a new provider every 1–2 months once the framework is in place. 14-day money-back, cancel anytime. Work Made for Hire. I do not maintain standing PCI compliance on your behalf; you own the audit, I provide architecture and evidence.
What I don't do
I don't custody funds. I don't operate as a payment facilitator. I don't hold PCI certification on your behalf — my work lets you pass SAQ A scope (the lowest compliance surface). I don't replace your internal finance function; the reconciliation tools I build get operated by your finance team. I don't integrate providers without a clear business case — each new provider has ongoing maintenance cost, and the right answer is often 'three providers done well' not 'ten providers done mediocre.' Drawing these lines honestly keeps the project scoped against real value, not feature creep.
Recent proof
A comparable engagement, delivered and documented.
Unified payment orchestration across Asia and Europe
Delivered the payment orchestration platform at bolttech, a $1B+ unicorn, with 40+ integrations across multiple regions.
Frequently asked questions
The questions prospects ask before they book.
- Which providers have you already integrated?
- At bolttech: 40+ across Asia and Europe (Stripe, Adyen, regional providers per market). Outside that: Stripe, Adyen, Square, PayPal, Braintree, Razorpay, regional LatAm providers. New providers follow the same adapter pattern — typically 2 weeks per new provider once the orchestration layer exists.
- How do you handle PCI compliance?
- I architect for SAQ A scope (the lowest compliance surface) by keeping all card data in provider-hosted fields or tokenization APIs. Your servers see tokens only. This is the standard modern pattern and keeps your annual PCI audit to a short questionnaire rather than a full SAQ D assessment.
- Can we route by cost as well as geography?
- Yes — the routing engine supports multi-dimensional rules. Primary routing by geography/currency (required for local acquiring), secondary by provider success rate (real-time, last 24 hours), tertiary by cost (interchange+ vs blended pricing differences). Rules are configurable without a deploy.
- What about crypto and alternative payments?
- Supported when business need is real. USDC/USDT via Stripe or dedicated crypto providers (Coinbase Commerce, BitPay). APMs (Klarna, Afterpay, BNPL via provider) work through the same orchestration interface. I scope these per actual transaction volume — a $10k/mo crypto line isn't worth a custom integration; $1M/mo is.
- How do you handle chargebacks and disputes?
- Every provider's dispute webhook feeds the internal ledger with dispute state. Evidence submission goes through a standardized admin workflow. Chargeback-ratio monitoring per provider warns when approaching thresholds that trigger penalty tiers. The unified view is what finance and ops teams actually operate from.
Ready to start?
Tell me what you need in 60 seconds. Tailored proposal in your inbox within 6 hours.