API developed in Ruby on Rails to process payments through two gateways (Mercado Pago and PagSeguro) with automatic fallback system.
This API was developed as part of a technical challenge, offering:
- Integration with two payment gateways
- Automatic fallback system
- User authentication
- Role-based access control (admin/user)
- Complete payment lifecycle tracking
- Ruby 3.x
- Rails 7.1.0
- PostgreSQL
- Devise + JWT (authentication)
- RSpec (testing)
- Active Model Serializers
- Mercado Pago SDK
- HTTParty
- Rack CORS
- Dotenv Rails
POST /signup # User registration
POST /login # User login
DELETE /logout # User logout
POST /api/v1/payments # Create payment
GET /api/v1/payments # List payments (requires admin)
{
"payment": {
"amount": 100.0,
"card_number": "4929291898380766",
"card_holder": "TESTE",
"expiry_date": "12/30",
"cvv": "123",
"cpf": "12345678909"
}
}{
"status": "success",
"message": "Payment approved via PagSeguro",
"payment": {
"id": null,
"amount": "100.0",
"status": "pending",
"gateway_used": "pag_seguro",
"last_four_digits": "2097",
"created_at": "2025-01-11T10:00:00.000Z",
"card_holder": "T***E",
"expiry_date": "12/**",
"cpf": "12345678909"
}
}Use the following credentials to test the integration with payment gateways.
Important: The application makes the request first to PagSeguro, if the transaction fails it will attempt with Mercado Pago as fallback.
- Card number:
4539620659922097 - Cardholder name:
TESTE - Expiry date:
12/30 - CVV:
123 - CPF:
12345678909
- Card number:
4929291898380766 - Cardholder name:
APRO - Expiry date:
12/30 - CVV:
123 - CPF:
12345678909
- Card number:
4929291898380766 - Cardholder name:
OTHE - Expiry date:
12/30 - CVV:
123 - CPF:
12345678909
Make sure to configure the test environment in the code so that transactions use this test data.
Use the credentials below to access the API with different permission levels:
- Email:
admin@test.com - Password:
password123
- Email:
user@test.com - Password:
password123
Make sure to create the users in the test environment or configure the data to match your database.
- Clone the repository:
git clone https://github.com/isaaclvs/payment-system-api.git
cd payment-system-api- Install dependencies:
bundle install- Configure environment variables:
Create a
.envfile in the project root:
# Mercado Pago Credentials
MercadoPago_ACCESS_TOKEN=your_access_token_here
MercadoPago_PUBLIC_KEY=your_public_key_here
# PagSeguro Credentials
PagSeguro_Email=your_email
PagSeguro_ACCESS_TOKEN=your_access_token_here
- Configure the database:
rails db:create
rails db:migrateattributes:
- email (string, unique)
- role (string: 'admin'/'user')
- encrypted_password (string)
- jti (string, for JWT)
relationships:
- has_many :paymentsattributes:
- amount (decimal)
- card_number (string, masked)
- card_holder (string)
- expiry_date (string)
- cvv (string)
- status (string: pending/approved/failed)
- gateway_used (string)
- transaction_id (string)
- cpf (string)
- user_id (foreign key)
relationships:
- belongs_to :user- Sensitive card data masking
- JWT authentication
- Role-based access control
- CORS protection
- Model-level validations
- Parameter sanitization
The project uses RSpec for testing. To run:
bundle exec rspec # All tests
bundle exec rspec spec/models # Model tests
bundle exec rspec spec/requests # Endpoint tests
bundle exec rspec spec/services # Service testsThe API uses standard HTTP status codes:
- 200: Success
- 201: Created
- 400: Bad Request
- 401: Unauthorized
- 403: Forbidden
- 422: Unprocessable Entity
- 500: Internal Server Error
Error response example:
{
"status": "failed",
"message": "Payment processing failed"
}- Payment request received
- Card data validation
- Payment attempt on Mercado Pago
- In case of failure, automatic attempt on PagSeguro
- Transaction result recording
- Status return to client
The system logs important events:
- Payment attempts
- Gateway transitions
- Authentication events
- System errors
This project is under the MIT license. See the LICENSE file for more details.