Platform Architecture

Payment Technology Infrastructure

High-performance, secure and scalable payment orchestration platform

Apply Now Explore Solutions

Platform Architecture

Technology infrastructure that orchestrates all banks and payment institutions through a single integration

Merchant E-Commerce / SaaS Mobile / Web ONLA API Gateway Authentication Rate Limiting Request Validation Idempotency Smart Router BIN Analysis Success Rate Scoring Cost Optimization Failover Logic Bank A Virtual POS Bank B Virtual POS PSP / Payment Institution API Integration Real-Time Monitoring & Logging & Alerting

API Gateway

Entry layer providing authentication, rate limiting, request validation and idempotency control.

Smart Router

Selects the optimal provider through BIN analysis, success rate optimization and cost-based routing.

Provider Connectors

Dedicated adapter layer for each bank and payment institution. Add new providers within minutes.

Monitoring

Real-time transaction monitoring, performance metrics, anomaly detection and automated alerting.

Payment Flow

Explore the steps a transaction goes through from initiation to completion

1

Transaction Initiation

The merchant sends a transaction request to the ONLA API. The request is validated, the idempotency key is checked and a transaction session is created.

REST API Idempotency
2

Risk Analysis

Fraud checks, velocity limits, blacklist queries and risk scoring are performed. Suspicious transactions are automatically flagged or blocked.

Fraud Detection Velocity Control
3

Smart Routing

BIN analysis, historical success rates and cost parameters are evaluated to route the transaction to the most suitable bank or payment institution.

BIN Lookup Success Rate Cost Optimization
4

Provider Communication

Communication is established with the selected bank or payment institution's API. If 3D Secure is required, the verification flow is initiated. Timeout and retry mechanisms are in place.

3D Secure Timeout Handling
5

Result & Notification

The transaction result is instantly delivered to the merchant. Real-time notifications are sent via webhooks. Transaction details are stored in logs and reflected in reports.

Webhook Real-time

Smart Routing Engine

Multi-layered decision mechanism that routes each transaction to the optimal provider

BIN-Based Routing

The first 6-8 digits (BIN) of the card are analyzed to determine the card family, country and issuing bank. This data is used to select the optimal provider.

Success Rate Optimization

Historical transaction data is analyzed to calculate success rates for each provider. Transactions are routed to the provider with the highest success rate.

Cost-Based Routing

Provider commission rates and transaction fees are evaluated. Among providers with equal success rates, the one with lower cost is preferred.

Failover & Retry

When a provider returns an error or fails to respond, the transaction is automatically routed to the next provider. Seamless payment experience.

Load Balancing

Distribute transaction traffic evenly across providers. Ensure stable performance even during high-volume periods by preventing timeouts.

Rule Engine

Define custom routing rules per merchant. Set specific routing rules based on parameters such as amount, card type, country and timezone.

Security Layers

Your data is under the highest level of protection with multi-layered security architecture

Fraud Detection
Tokenization
3D Secure
ISO 27001
PCI DSS Level 1
SSL/TLS
256-bit

SSL/TLS 256-bit Encryption

All data communication is encrypted end-to-end. Industry-standard security at the communication layer.

PCI DSS Level 1

The highest level of card data security certification. Card information is stored and processed in accordance with the strictest standards.

ISO 27001

Information security management system certification. Independent audit of process-based security controls.

3D Secure Integration

3DS 1.0 and 3DS 2.0 support. Prevents unauthorized transactions with an additional identity verification layer.

Tokenization

Sensitive card data is tokenized before storage. Actual card numbers are never stored in the system; tokens are used for back-referencing.

Fraud Detection

AI-powered fraud detection, velocity controls, blacklist/whitelist management and behavioral analysis.

Performance Metrics

Infrastructure focused on high performance and reliability

0

Uptime

High availability guarantee

0

Avg. Response Time

API response time

0

Integrations

Bank & PSP connections

0

Transaction Capacity

Monthly transaction capacity

24/7

Monitoring

Non-stop system monitoring

API-First Approach

Integrate within minutes with our modern, RESTful API

RESTful API

Consistent and predictable API design with standard HTTP methods (GET, POST, PUT, DELETE). JSON request/response format.

Webhook Support

Instant notifications on transaction status changes. Secure communication with HMAC-SHA256 signed webhooks.

Idempotency

Assign a unique idempotency key to each request to prevent the same transaction from being processed multiple times in case of network retries.

Comprehensive Documentation

Detailed API documentation, code examples, SDKs and a test environment (sandbox) for quick integration.

payment.js 
const response = await fetch("https://api.onla.com.tr/v1/payments", {
  method: "POST",
  headers: {
    "Authorization": "Bearer pk_live_...",
    "Content-Type": "application/json",
    "Idempotency-Key": "order_12345"
  },
  body: JSON.stringify({
    amount: 1500.00,
    currency: "TRY",
    card: tokenizedCard,
    installment: 3,
    callbackUrl: "https://merchant.com/callback"
  })
});

const data = await response.json();
// data.status: "APPROVED"
// data.transactionId: "txn_a1b2c3..."
// data.providerRef: "POS-78901234"

Discover Our Technology

Integrate our high-performance payment orchestration platform into your business

Apply Now Contact Us