Stripe API Design Evaluation and Latency Budget

As we have seen, Stripe plays an important role in the payment ecosystem and makes the payment process smooth via the API endpoints we provided in the previous lesson. While we achieved different functional requirements through these endpoints, we still have to focus on the non-functional requirements we identified in the initial lesson. This lesson will describe how we achieve the non-functional requirements and different optimization strategies to improve the efficiency and response time of our service. Toward the end, we will also compute the response time of the Stripe API.

Non-functional requirements

The following section discusses how Stripe API meets the non-functional requirements.

Strong consistency

Due to the nature of the API that involves operations on critical data and financial data, strong consistency is paramount for the Stripe API. The Stripe API is strongly consistent and provides consistent data at every level by adopting the following measures:

• Exactly once semantics: Idempotency keys are used in the API call where the non-idempotent method needs to be used, such as the POST HTTP method. This way, we avoid multiple operations where only one operation needs to be performed.

• Reconciliation: The internal system's services periodically communicate with each other to compare their statuses to confirm that they are in agreement. According to some studies, this is the last line of defense in the payment system. Reconciliation not only improves the security of the payment system but also makes the system internally consistent.

Security

To ensure secure communication and data transfer, we use a number of techniques. Firstly, we use the HSTS (HTTP strict transport security)HSTSsecurityPolicy mechanism to avoid man-in-the-middle attacks and ensure that the applications or browsers use HTTP protocol over TLS to comply with PCI standards. Secondly, the credit or debit card numbers are encrypted with advanced encryption algorithms such as AES-256 during storage (or in transit). Similarly, a session is created with Stripe to process the payment securely when a user aims to pay for a product.

Note: Stripe uses a number of machine learning systems known as radars that use hundreds of signals and heuristics to detect and prevent fraud.

Reliability

Data is replicated along multiple databases to increase reliability and durability. For this purpose, we use a mix of SQL and NoSQL databases for storing various types of data. We need an SQL database for storing customers' and accounts' ...