quotation bff

2025-12-09 16:29:29 +01:00
parent cecaebfc5e
commit ce59cb1b26
61 changed files with 2204 additions and 632 deletions
--- a/api/server/config.yml
+++ b/api/server/config.yml
@@ -90,6 +90,12 @@ api:
    dial_timeout_seconds: 5
    call_timeout_seconds: 5
    insecure: true
+  payment_orchestrator:
+    address: sendico_payment_orchestrator:50062
+    address_env: PAYMENT_ORCHESTRATOR_ADDRESS
+    dial_timeout_seconds: 5
+    call_timeout_seconds: 5
+    insecure: true

 app:

--- a/api/server/go.mod
+++ b/api/server/go.mod
@@ -6,13 +6,15 @@ replace github.com/tech/sendico/pkg => ../pkg

 replace github.com/tech/sendico/ledger => ../ledger

+replace github.com/tech/sendico/payments/orchestrator => ../payments/orchestrator
+
 replace github.com/tech/sendico/gateway/chain => ../gateway/chain

 require (
-	github.com/aws/aws-sdk-go-v2 v1.40.1
-	github.com/aws/aws-sdk-go-v2/config v1.32.3
-	github.com/aws/aws-sdk-go-v2/credentials v1.19.3
-	github.com/aws/aws-sdk-go-v2/service/s3 v1.93.0
+	github.com/aws/aws-sdk-go-v2 v1.41.0
+	github.com/aws/aws-sdk-go-v2/config v1.32.4
+	github.com/aws/aws-sdk-go-v2/credentials v1.19.4
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.93.1
 	github.com/go-chi/chi/v5 v5.2.3
 	github.com/go-chi/cors v1.2.2
 	github.com/go-chi/jwtauth/v5 v5.3.3
@@ -22,12 +24,13 @@ require (
 	github.com/stretchr/testify v1.11.1
 	github.com/tech/sendico/gateway/chain v0.1.0
 	github.com/tech/sendico/ledger v0.0.0-00010101000000-000000000000
+	github.com/tech/sendico/payments/orchestrator v0.0.0-00010101000000-000000000000
 	github.com/tech/sendico/pkg v0.1.0
 	github.com/testcontainers/testcontainers-go v0.33.0
 	github.com/testcontainers/testcontainers-go/modules/mongodb v0.33.0
 	go.mongodb.org/mongo-driver v1.17.6
 	go.uber.org/zap v1.27.1
-	golang.org/x/net v0.47.0
+	golang.org/x/net v0.48.0
 	google.golang.org/protobuf v1.36.10
 	gopkg.in/yaml.v3 v3.0.1
 	moul.io/chizap v1.0.3
@@ -44,19 +47,19 @@ require (
 	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.4 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.15 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.15 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.15 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.16 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.16 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.16 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.15 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.16 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.6 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.15 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.15 // indirect
-	github.com/aws/aws-sdk-go-v2/service/signin v1.0.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.30.6 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.11 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.41.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.16 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.16 // indirect
+	github.com/aws/aws-sdk-go-v2/service/signin v1.0.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.30.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.12 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.41.4 // indirect
 	github.com/aws/smithy-go v1.24.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/casbin/mongodb-adapter/v3 v3.7.0 // indirect
@@ -131,7 +134,7 @@ require (
 	go.opentelemetry.io/proto/otlp v1.7.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.yaml.in/yaml/v2 v2.4.3 // indirect
-	golang.org/x/crypto v0.45.0 // indirect
+	golang.org/x/crypto v0.46.0 // indirect
 	golang.org/x/sync v0.19.0 // indirect
 	golang.org/x/sys v0.39.0 // indirect
 	golang.org/x/text v0.32.0 // indirect
--- a/api/server/go.sum
+++ b/api/server/go.sum
@@ -6,42 +6,42 @@ github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
 github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
-github.com/aws/aws-sdk-go-v2 v1.40.1 h1:difXb4maDZkRH0x//Qkwcfpdg1XQVXEAEs2DdXldFFc=
-github.com/aws/aws-sdk-go-v2 v1.40.1/go.mod h1:MayyLB8y+buD9hZqkCW3kX1AKq07Y5pXxtgB+rRFhz0=
+github.com/aws/aws-sdk-go-v2 v1.41.0 h1:tNvqh1s+v0vFYdA1xq0aOJH+Y5cRyZ5upu6roPgPKd4=
+github.com/aws/aws-sdk-go-v2 v1.41.0/go.mod h1:MayyLB8y+buD9hZqkCW3kX1AKq07Y5pXxtgB+rRFhz0=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.4 h1:489krEF9xIGkOaaX3CE/Be2uWjiXrkCH6gUX+bZA/BU=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.4/go.mod h1:IOAPF6oT9KCsceNTvvYMNHy0+kMF8akOjeDvPENWxp4=
-github.com/aws/aws-sdk-go-v2/config v1.32.3 h1:cpz7H2uMNTDa0h/5CYL5dLUEzPSLo2g0NkbxTRJtSSU=
-github.com/aws/aws-sdk-go-v2/config v1.32.3/go.mod h1:srtPKaJJe3McW6T/+GMBZyIPc+SeqJsNPJsd4mOYZ6s=
-github.com/aws/aws-sdk-go-v2/credentials v1.19.3 h1:01Ym72hK43hjwDeJUfi1l2oYLXBAOR8gNSZNmXmvuas=
-github.com/aws/aws-sdk-go-v2/credentials v1.19.3/go.mod h1:55nWF/Sr9Zvls0bGnWkRxUdhzKqj9uRNlPvgV1vgxKc=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.15 h1:utxLraaifrSBkeyII9mIbVwXXWrZdlPO7FIKmyLCEcY=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.15/go.mod h1:hW6zjYUDQwfz3icf4g2O41PHi77u10oAzJ84iSzR/lo=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.15 h1:Y5YXgygXwDI5P4RkteB5yF7v35neH7LfJKBG+hzIons=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.15/go.mod h1:K+/1EpG42dFSY7CBj+Fruzm8PsCGWTXJ3jdeJ659oGQ=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.15 h1:AvltKnW9ewxX2hFmQS0FyJH93aSvJVUEFvXfU+HWtSE=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.15/go.mod h1:3I4oCdZdmgrREhU74qS1dK9yZ62yumob+58AbFR4cQA=
+github.com/aws/aws-sdk-go-v2/config v1.32.4 h1:gl+DxVuadpkYoaDcWllZqLkhGEbvwyqgNVRTmlaf5PI=
+github.com/aws/aws-sdk-go-v2/config v1.32.4/go.mod h1:MBUp9Og/bzMmQHjMwace4aJfyvJeadzXjoTcR/SxLV0=
+github.com/aws/aws-sdk-go-v2/credentials v1.19.4 h1:KeIZxHVbGWRLhPvhdPbbi/DtFBHNKm6OsVDuiuFefdQ=
+github.com/aws/aws-sdk-go-v2/credentials v1.19.4/go.mod h1:Smw5n0nCZE9PeFEguofdXyt8kUC4JNrkDTfBOioPhFA=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.16 h1:80+uETIWS1BqjnN9uJ0dBUaETh+P1XwFy5vwHwK5r9k=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.16/go.mod h1:wOOsYuxYuB/7FlnVtzeBYRcjSRtQpAW0hCP7tIULMwo=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.16 h1:rgGwPzb82iBYSvHMHXc8h9mRoOUBZIGFgKb9qniaZZc=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.16/go.mod h1:L/UxsGeKpGoIj6DxfhOWHWQ/kGKcd4I1VncE4++IyKA=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.16 h1:1jtGzuV7c82xnqOVfx2F0xmJcOw5374L7N6juGW6x6U=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.16/go.mod h1:M2E5OQf+XLe+SZGmmpaI2yy+J326aFf6/+54PoxSANc=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 h1:WKuaxf++XKWlHWu9ECbMlha8WOEGm0OUEZqm4K/Gcfk=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4/go.mod h1:ZWy7j6v1vWGmPReu0iSGvRiise4YI5SkR3OHKTZ6Wuc=
-github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.15 h1:NLYTEyZmVZo0Qh183sC8nC+ydJXOOeIL/qI/sS3PdLY=
-github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.15/go.mod h1:Z803iB3B0bc8oJV8zH2PERLRfQUJ2n2BXISpsA4+O1M=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.16 h1:CjMzUs78RDDv4ROu3JnJn/Ig1r6ZD7/T2DXLLRpejic=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.16/go.mod h1:uVW4OLBqbJXSHJYA9svT9BluSvvwbzLQ2Crf6UPzR3c=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4 h1:0ryTNEdJbzUCEWkVXEXoqlXV72J5keC1GvILMOuD00E=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4/go.mod h1:HQ4qwNZh32C3CBeO6iJLQlgtMzqeG17ziAA/3KDJFow=
-github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.6 h1:P1MU/SuhadGvg2jtviDXPEejU3jBNhoeeAlRadHzvHI=
-github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.6/go.mod h1:5KYaMG6wmVKMFBSfWoyG/zH8pWwzQFnKgpoSRlXHKdQ=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.15 h1:3/u/4yZOffg5jdNk1sDpOQ4Y+R6Xbh+GzpDrSZjuy3U=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.15/go.mod h1:4Zkjq0FKjE78NKjabuM4tRXKFzUJWXgP0ItEZK8l7JU=
-github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.15 h1:wsSQ4SVz5YE1crz0Ap7VBZrV4nNqZt4CIBBT8mnwoNc=
-github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.15/go.mod h1:I7sditnFGtYMIqPRU1QoHZAUrXkGp4SczmlLwrNPlD0=
-github.com/aws/aws-sdk-go-v2/service/s3 v1.93.0 h1:IrbE3B8O9pm3lsg96AXIN5MXX4pECEuExh/A0Du3AuI=
-github.com/aws/aws-sdk-go-v2/service/s3 v1.93.0/go.mod h1:/sJLzHtiiZvs6C1RbxS/anSAFwZD6oC6M/kotQzOiLw=
-github.com/aws/aws-sdk-go-v2/service/signin v1.0.3 h1:d/6xOGIllc/XW1lzG9a4AUBMmpLA9PXcQnVPTuHHcik=
-github.com/aws/aws-sdk-go-v2/service/signin v1.0.3/go.mod h1:fQ7E7Qj9GiW8y0ClD7cUJk3Bz5Iw8wZkWDHsTe8vDKs=
-github.com/aws/aws-sdk-go-v2/service/sso v1.30.6 h1:8sTTiw+9yuNXcfWeqKF2x01GqCF49CpP4Z9nKrrk/ts=
-github.com/aws/aws-sdk-go-v2/service/sso v1.30.6/go.mod h1:8WYg+Y40Sn3X2hioaaWAAIngndR8n1XFdRPPX+7QBaM=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.11 h1:E+KqWoVsSrj1tJ6I/fjDIu5xoS2Zacuu1zT+H7KtiIk=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.11/go.mod h1:qyWHz+4lvkXcr3+PoGlGHEI+3DLLiU6/GdrFfMaAhB0=
-github.com/aws/aws-sdk-go-v2/service/sts v1.41.3 h1:tzMkjh0yTChUqJDgGkcDdxvZDSrJ/WB6R6ymI5ehqJI=
-github.com/aws/aws-sdk-go-v2/service/sts v1.41.3/go.mod h1:T270C0R5sZNLbWUe8ueiAF42XSZxxPocTaGSgs5c/60=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.7 h1:DIBqIrJ7hv+e4CmIk2z3pyKT+3B6qVMgRsawHiR3qso=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.7/go.mod h1:vLm00xmBke75UmpNvOcZQ/Q30ZFjbczeLFqGx5urmGo=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.16 h1:oHjJHeUy0ImIV0bsrX0X91GkV5nJAyv1l1CC9lnO0TI=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.16/go.mod h1:iRSNGgOYmiYwSCXxXaKb9HfOEj40+oTKn8pTxMlYkRM=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.16 h1:NSbvS17MlI2lurYgXnCOLvCFX38sBW4eiVER7+kkgsU=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.16/go.mod h1:SwT8Tmqd4sA6G1qaGdzWCJN99bUmPGHfRwwq3G5Qb+A=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.93.1 h1:5FhzzN6JmlGQF6c04kDIb5KNGm6KnNdLISNrfivIhHg=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.93.1/go.mod h1:79S2BdqCJpScXZA2y+cpZuocWsjGjJINyXnOsf5DTz8=
+github.com/aws/aws-sdk-go-v2/service/signin v1.0.4 h1:HpI7aMmJ+mm1wkSHIA2t5EaFFv5EFYXePW30p1EIrbQ=
+github.com/aws/aws-sdk-go-v2/service/signin v1.0.4/go.mod h1:C5RdGMYGlfM0gYq/tifqgn4EbyX99V15P2V3R+VHbQU=
+github.com/aws/aws-sdk-go-v2/service/sso v1.30.7 h1:eYnlt6QxnFINKzwxP5/Ucs1vkG7VT3Iezmvfgc2waUw=
+github.com/aws/aws-sdk-go-v2/service/sso v1.30.7/go.mod h1:+fWt2UHSb4kS7Pu8y+BMBvJF0EWx+4H0hzNwtDNRTrg=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.12 h1:AHDr0DaHIAo8c9t1emrzAlVDFp+iMMKnPdYy6XO4MCE=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.12/go.mod h1:GQ73XawFFiWxyWXMHWfhiomvP3tXtdNar/fi8z18sx0=
+github.com/aws/aws-sdk-go-v2/service/sts v1.41.4 h1:YCu/iAhQer8WZ66lldyKkpvMyv+HkPufMa4dyT6wils=
+github.com/aws/aws-sdk-go-v2/service/sts v1.41.4/go.mod h1:iW40X4QBmUxdP+fZNOpfmkdMZqsovezbAeO+Ubiv2pk=
 github.com/aws/smithy-go v1.24.0 h1:LpilSUItNPFr1eY85RYgTIg5eIEPtvFbskaFcmmIUnk=
 github.com/aws/smithy-go v1.24.0/go.mod h1:LEj2LM3rBRQJxPZTB4KuzZkaZYnZPnvgIhb4pu07mx0=
 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
@@ -288,8 +288,8 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q=
-golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4=
+golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU=
+golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0=
 golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
@@ -304,8 +304,8 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY=
-golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
+golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU=
+golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -332,8 +332,8 @@ golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk=
 golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU=
-golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254=
+golang.org/x/term v0.38.0 h1:PQ5pkm/rLO6HnxFR7N2lJHOZX6Kez5Y1gDSJla6jo7Q=
+golang.org/x/term v0.38.0/go.mod h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
--- a/api/server/interface/api/config.go
+++ b/api/server/interface/api/config.go
@@ -6,10 +6,11 @@ import (
 )

 type Config struct {
-	Mw           *mwa.Config         `yaml:"middleware"`
-	Storage      *fsc.Config         `yaml:"storage"`
-	ChainGateway *ChainGatewayConfig `yaml:"chain_gateway"`
-	Ledger       *LedgerConfig       `yaml:"ledger"`
+	Mw                  *mwa.Config                `yaml:"middleware"`
+	Storage             *fsc.Config                `yaml:"storage"`
+	ChainGateway        *ChainGatewayConfig        `yaml:"chain_gateway"`
+	Ledger              *LedgerConfig              `yaml:"ledger"`
+	PaymentOrchestrator *PaymentOrchestratorConfig `yaml:"payment_orchestrator"`
 }

 type ChainGatewayConfig struct {
@@ -34,3 +35,11 @@ type LedgerConfig struct {
 	CallTimeoutSeconds int    `yaml:"call_timeout_seconds"`
 	Insecure           bool   `yaml:"insecure"`
 }
+
+type PaymentOrchestratorConfig struct {
+	Address            string `yaml:"address"`
+	AddressEnv         string `yaml:"address_env"`
+	DialTimeoutSeconds int    `yaml:"dial_timeout_seconds"`
+	CallTimeoutSeconds int    `yaml:"call_timeout_seconds"`
+	Insecure           bool   `yaml:"insecure"`
+}
--- a/api/server/interface/api/srequest/payment.go
+++ b/api/server/interface/api/srequest/payment.go
@@ -0,0 +1,19 @@
+package srequest
+
+import orchestratorv1 "github.com/tech/sendico/pkg/proto/payments/orchestrator/v1"
+
+type QuotePaymentPayload struct {
+	IdempotencyKey string                        `json:"idempotencyKey"`
+	Intent         *orchestratorv1.PaymentIntent `json:"intent"`
+	PreviewOnly    bool                          `json:"previewOnly"`
+	Metadata       map[string]string             `json:"metadata,omitempty"`
+}
+
+type InitiatePaymentPayload struct {
+	IdempotencyKey string                        `json:"idempotencyKey"`
+	Intent         *orchestratorv1.PaymentIntent `json:"intent"`
+	Metadata       map[string]string             `json:"metadata,omitempty"`
+	FeeQuoteToken  string                        `json:"feeQuoteToken,omitempty"`
+	FxQuoteRef     string                        `json:"fxQuoteRef,omitempty"`
+	QuoteRef       string                        `json:"quoteRef,omitempty"`
+}
--- a/api/server/interface/api/sresponse/money.go
+++ b/api/server/interface/api/sresponse/money.go
@@ -0,0 +1,18 @@
+package sresponse
+
+import moneyv1 "github.com/tech/sendico/pkg/proto/common/money/v1"
+
+type Money struct {
+	Amount   string `json:"amount"`
+	Currency string `json:"currency"`
+}
+
+func toMoney(m *moneyv1.Money) *Money {
+	if m == nil {
+		return nil
+	}
+	return &Money{
+		Amount:   m.GetAmount(),
+		Currency: m.GetCurrency(),
+	}
+}
--- a/api/server/interface/api/sresponse/payment.go
+++ b/api/server/interface/api/sresponse/payment.go
@@ -0,0 +1,174 @@
+package sresponse
+
+import (
+	"net/http"
+
+	"github.com/tech/sendico/pkg/api/http/response"
+	"github.com/tech/sendico/pkg/mlogger"
+	feesv1 "github.com/tech/sendico/pkg/proto/billing/fees/v1"
+	chainv1 "github.com/tech/sendico/pkg/proto/gateway/chain/v1"
+	oraclev1 "github.com/tech/sendico/pkg/proto/oracle/v1"
+	orchestratorv1 "github.com/tech/sendico/pkg/proto/payments/orchestrator/v1"
+)
+
+type FeeLine struct {
+	LedgerAccountRef string            `json:"ledgerAccountRef,omitempty"`
+	Amount           *Money            `json:"amount,omitempty"`
+	LineType         string            `json:"lineType,omitempty"`
+	Side             string            `json:"side,omitempty"`
+	Meta             map[string]string `json:"meta,omitempty"`
+}
+
+type NetworkFee struct {
+	NetworkFee        *Money `json:"networkFee,omitempty"`
+	EstimationContext string `json:"estimationContext,omitempty"`
+}
+
+type FxQuote struct {
+	QuoteRef        string `json:"quoteRef,omitempty"`
+	BaseCurrency    string `json:"baseCurrency,omitempty"`
+	QuoteCurrency   string `json:"quoteCurrency,omitempty"`
+	Side            string `json:"side,omitempty"`
+	Price           string `json:"price,omitempty"`
+	BaseAmount      *Money `json:"baseAmount,omitempty"`
+	QuoteAmount     *Money `json:"quoteAmount,omitempty"`
+	ExpiresAtUnixMs int64  `json:"expiresAtUnixMs,omitempty"`
+	Provider        string `json:"provider,omitempty"`
+	RateRef         string `json:"rateRef,omitempty"`
+	Firm            bool   `json:"firm,omitempty"`
+}
+
+type PaymentQuote struct {
+	QuoteRef                 string      `json:"quoteRef,omitempty"`
+	DebitAmount              *Money      `json:"debitAmount,omitempty"`
+	ExpectedSettlementAmount *Money      `json:"expectedSettlementAmount,omitempty"`
+	ExpectedFeeTotal         *Money      `json:"expectedFeeTotal,omitempty"`
+	FeeQuoteToken            string      `json:"feeQuoteToken,omitempty"`
+	FeeLines                 []FeeLine   `json:"feeLines,omitempty"`
+	NetworkFee               *NetworkFee `json:"networkFee,omitempty"`
+	FxQuote                  *FxQuote    `json:"fxQuote,omitempty"`
+}
+
+type Payment struct {
+	PaymentRef     string        `json:"paymentRef,omitempty"`
+	IdempotencyKey string        `json:"idempotencyKey,omitempty"`
+	State          string        `json:"state,omitempty"`
+	FailureCode    string        `json:"failureCode,omitempty"`
+	FailureReason  string        `json:"failureReason,omitempty"`
+	LastQuote      *PaymentQuote `json:"lastQuote,omitempty"`
+}
+
+type paymentQuoteResponse struct {
+	authResponse `json:",inline"`
+	Quote        *PaymentQuote `json:"quote"`
+}
+
+type paymentResponse struct {
+	authResponse `json:",inline"`
+	Payment      *Payment `json:"payment"`
+}
+
+// PaymentQuote wraps a payment quote with refreshed access token.
+func PaymentQuoteResponse(logger mlogger.Logger, quote *orchestratorv1.PaymentQuote, token *TokenData) http.HandlerFunc {
+	return response.Ok(logger, paymentQuoteResponse{
+		Quote:        toPaymentQuote(quote),
+		authResponse: authResponse{AccessToken: *token},
+	})
+}
+
+// Payment wraps a payment with refreshed access token.
+func PaymentResponse(logger mlogger.Logger, payment *orchestratorv1.Payment, token *TokenData) http.HandlerFunc {
+	return response.Ok(logger, paymentResponse{
+		Payment:      toPayment(payment),
+		authResponse: authResponse{AccessToken: *token},
+	})
+}
+
+func toFeeLines(lines []*feesv1.DerivedPostingLine) []FeeLine {
+	if len(lines) == 0 {
+		return nil
+	}
+	result := make([]FeeLine, 0, len(lines))
+	for _, line := range lines {
+		if line == nil {
+			continue
+		}
+		result = append(result, FeeLine{
+			LedgerAccountRef: line.GetLedgerAccountRef(),
+			Amount:           toMoney(line.GetMoney()),
+			LineType:         line.GetLineType().String(),
+			Side:             line.GetSide().String(),
+			Meta:             line.GetMeta(),
+		})
+	}
+	if len(result) == 0 {
+		return nil
+	}
+	return result
+}
+
+func toNetworkFee(n *chainv1.EstimateTransferFeeResponse) *NetworkFee {
+	if n == nil {
+		return nil
+	}
+	return &NetworkFee{
+		NetworkFee:        toMoney(n.GetNetworkFee()),
+		EstimationContext: n.GetEstimationContext(),
+	}
+}
+
+func toFxQuote(q *oraclev1.Quote) *FxQuote {
+	if q == nil {
+		return nil
+	}
+	pair := q.GetPair()
+	base := ""
+	quote := ""
+	if pair != nil {
+		base = pair.GetBase()
+		quote = pair.GetQuote()
+	}
+	return &FxQuote{
+		QuoteRef:        q.GetQuoteRef(),
+		BaseCurrency:    base,
+		QuoteCurrency:   quote,
+		Side:            q.GetSide().String(),
+		Price:           q.GetPrice().GetValue(),
+		BaseAmount:      toMoney(q.GetBaseAmount()),
+		QuoteAmount:     toMoney(q.GetQuoteAmount()),
+		ExpiresAtUnixMs: q.GetExpiresAtUnixMs(),
+		Provider:        q.GetProvider(),
+		RateRef:         q.GetRateRef(),
+		Firm:            q.GetFirm(),
+	}
+}
+
+func toPaymentQuote(q *orchestratorv1.PaymentQuote) *PaymentQuote {
+	if q == nil {
+		return nil
+	}
+	return &PaymentQuote{
+		QuoteRef:                 q.GetQuoteRef(),
+		DebitAmount:              toMoney(q.GetDebitAmount()),
+		ExpectedSettlementAmount: toMoney(q.GetExpectedSettlementAmount()),
+		ExpectedFeeTotal:         toMoney(q.GetExpectedFeeTotal()),
+		FeeQuoteToken:            q.GetFeeQuoteToken(),
+		FeeLines:                 toFeeLines(q.GetFeeLines()),
+		NetworkFee:               toNetworkFee(q.GetNetworkFee()),
+		FxQuote:                  toFxQuote(q.GetFxQuote()),
+	}
+}
+
+func toPayment(p *orchestratorv1.Payment) *Payment {
+	if p == nil {
+		return nil
+	}
+	return &Payment{
+		PaymentRef:     p.GetPaymentRef(),
+		IdempotencyKey: p.GetIdempotencyKey(),
+		State:          p.GetState().String(),
+		FailureCode:    p.GetFailureCode().String(),
+		FailureReason:  p.GetFailureReason(),
+		LastQuote:      toPaymentQuote(p.GetLastQuote()),
+	}
+}
--- a/api/server/interface/api/sresponse/wallet.go
+++ b/api/server/interface/api/sresponse/wallet.go
@@ -6,7 +6,6 @@ import (

 	"github.com/tech/sendico/pkg/api/http/response"
 	"github.com/tech/sendico/pkg/mlogger"
-	moneyv1 "github.com/tech/sendico/pkg/proto/common/money/v1"
 	paginationv1 "github.com/tech/sendico/pkg/proto/common/pagination/v1"
 	chainv1 "github.com/tech/sendico/pkg/proto/gateway/chain/v1"
 	"google.golang.org/protobuf/types/known/timestamppb"
@@ -36,16 +35,11 @@ type walletsResponse struct {
 	Page         *paginationv1.CursorPageResponse `json:"page,omitempty"`
 }

-type walletMoney struct {
-	Amount   string `json:"amount"`
-	Currency string `json:"currency"`
-}
-
 type walletBalance struct {
-	Available       *walletMoney `json:"available,omitempty"`
-	PendingInbound  *walletMoney `json:"pendingInbound,omitempty"`
-	PendingOutbound *walletMoney `json:"pendingOutbound,omitempty"`
-	CalculatedAt    string       `json:"calculatedAt,omitempty"`
+	Available       *Money `json:"available,omitempty"`
+	PendingInbound  *Money `json:"pendingInbound,omitempty"`
+	PendingOutbound *Money `json:"pendingOutbound,omitempty"`
+	CalculatedAt    string `json:"calculatedAt,omitempty"`
 }

 type walletBalanceResponse struct {
@@ -114,16 +108,6 @@ func toWalletBalance(b *chainv1.WalletBalance) walletBalance {
 	}
 }

-func toMoney(m *moneyv1.Money) *walletMoney {
-	if m == nil {
-		return nil
-	}
-	return &walletMoney{
-		Amount:   m.GetAmount(),
-		Currency: m.GetCurrency(),
-	}
-}
-
 func tsToString(ts *timestamppb.Timestamp) string {
 	if ts == nil {
 		return ""
--- a/api/server/interface/services/payment/payment.go
+++ b/api/server/interface/services/payment/payment.go
@@ -0,0 +1,12 @@
+package payment
+
+import (
+	"github.com/tech/sendico/pkg/mservice"
+	"github.com/tech/sendico/server/interface/api"
+	"github.com/tech/sendico/server/internal/server/paymentapiimp"
+)
+
+// Create wires payment orchestrator BFF API.
+func Create(a api.API) (mservice.MicroService, error) {
+	return paymentapiimp.CreateAPI(a)
+}
--- a/api/server/internal/api/api.go
+++ b/api/server/internal/api/api.go
@@ -17,6 +17,7 @@ import (
 	"github.com/tech/sendico/server/interface/services/ledger"
 	"github.com/tech/sendico/server/interface/services/logo"
 	"github.com/tech/sendico/server/interface/services/organization"
+	"github.com/tech/sendico/server/interface/services/payment"
 	"github.com/tech/sendico/server/interface/services/paymethod"
 	"github.com/tech/sendico/server/interface/services/permission"
 	"github.com/tech/sendico/server/interface/services/recipient"
@@ -91,6 +92,7 @@ func (a *APIImp) installServices() error {
 	srvf = append(srvf, ledger.Create)
 	srvf = append(srvf, recipient.Create)
 	srvf = append(srvf, paymethod.Create)
+	srvf = append(srvf, payment.Create)

 	for _, v := range srvf {
 		if err := a.addMicroservice(v); err != nil {
--- a/api/server/internal/server/paymentapiimp/pay.go
+++ b/api/server/internal/server/paymentapiimp/pay.go
@@ -0,0 +1,84 @@
+package paymentapiimp
+
+import (
+	"encoding/json"
+	"net/http"
+	"strings"
+
+	"github.com/tech/sendico/pkg/api/http/response"
+	"github.com/tech/sendico/pkg/merrors"
+	"github.com/tech/sendico/pkg/model"
+	orchestratorv1 "github.com/tech/sendico/pkg/proto/payments/orchestrator/v1"
+	"github.com/tech/sendico/server/interface/api/srequest"
+	"github.com/tech/sendico/server/interface/api/sresponse"
+	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.uber.org/zap"
+)
+
+// shared initiation pipeline
+func (a *PaymentAPI) initiatePayment(r *http.Request, account *model.Account, token *sresponse.TokenData, expectQuote bool) http.HandlerFunc {
+	orgRef, err := a.oph.GetRef(r)
+	if err != nil {
+		a.logger.Warn("Failed to parse organization reference for payment initiation", zap.Error(err), zap.String(a.oph.Name(), a.oph.GetID(r)))
+		return response.BadReference(a.logger, a.Name(), a.oph.Name(), a.oph.GetID(r), err)
+	}
+
+	ctx := r.Context()
+	allowed, err := a.enf.Enforce(ctx, a.permissionRef, account.ID, orgRef, primitive.NilObjectID, model.ActionCreate)
+	if err != nil {
+		a.logger.Warn("Failed to check payments access permissions", zap.Error(err), zap.String(a.oph.Name(), orgRef.Hex()))
+		return response.Auto(a.logger, a.Name(), err)
+	}
+	if !allowed {
+		a.logger.Debug("Access denied when initiating payment", zap.String(a.oph.Name(), orgRef.Hex()))
+		return response.AccessDenied(a.logger, a.Name(), "payments write permission denied")
+	}
+
+	payload, err := decodeInitiatePayload(r)
+	if err != nil {
+		return response.BadPayload(a.logger, a.Name(), err)
+	}
+	if expectQuote && strings.TrimSpace(payload.QuoteRef) == "" {
+		return response.BadPayload(a.logger, a.Name(), merrors.InvalidArgument("quote_ref is required"))
+	}
+	if !expectQuote {
+		payload.QuoteRef = ""
+	}
+
+	req := &orchestratorv1.InitiatePaymentRequest{
+		Meta: &orchestratorv1.RequestMeta{
+			OrganizationRef: orgRef.Hex(),
+		},
+		IdempotencyKey: strings.TrimSpace(payload.IdempotencyKey),
+		Intent:         payload.Intent,
+		FeeQuoteToken:  strings.TrimSpace(payload.FeeQuoteToken),
+		FxQuoteRef:     strings.TrimSpace(payload.FxQuoteRef),
+		QuoteRef:       strings.TrimSpace(payload.QuoteRef),
+		Metadata:       payload.Metadata,
+	}
+
+	resp, err := a.client.InitiatePayment(ctx, req)
+	if err != nil {
+		a.logger.Warn("Failed to initiate payment", zap.Error(err), zap.String("organization_ref", orgRef.Hex()))
+		return response.Auto(a.logger, a.Name(), err)
+	}
+
+	return sresponse.PaymentResponse(a.logger, resp.GetPayment(), token)
+}
+
+func decodeInitiatePayload(r *http.Request) (*srequest.InitiatePaymentPayload, error) {
+	defer r.Body.Close()
+
+	payload := &srequest.InitiatePaymentPayload{}
+	if err := json.NewDecoder(r.Body).Decode(payload); err != nil {
+		return nil, merrors.InvalidArgument("invalid payload: " + err.Error())
+	}
+	payload.IdempotencyKey = strings.TrimSpace(payload.IdempotencyKey)
+	if payload.IdempotencyKey == "" {
+		return nil, merrors.InvalidArgument("idempotencyKey is required")
+	}
+	if payload.Intent == nil {
+		return nil, merrors.InvalidArgument("intent is required")
+	}
+	return payload, nil
+}
--- a/api/server/internal/server/paymentapiimp/payimmediate.go
+++ b/api/server/internal/server/paymentapiimp/payimmediate.go
@@ -0,0 +1,13 @@
+package paymentapiimp
+
+import (
+	"net/http"
+
+	"github.com/tech/sendico/pkg/model"
+	"github.com/tech/sendico/server/interface/api/sresponse"
+)
+
+// initiateImmediate runs a one-shot payment using a fresh quote.
+func (a *PaymentAPI) initiateImmediate(r *http.Request, account *model.Account, token *sresponse.TokenData) http.HandlerFunc {
+	return a.initiatePayment(r, account, token, false)
+}
--- a/api/server/internal/server/paymentapiimp/payquote.go
+++ b/api/server/internal/server/paymentapiimp/payquote.go
@@ -0,0 +1,13 @@
+package paymentapiimp
+
+import (
+	"net/http"
+
+	"github.com/tech/sendico/pkg/model"
+	"github.com/tech/sendico/server/interface/api/sresponse"
+)
+
+// initiateByQuote executes a payment using a previously issued quote_ref.
+func (a *PaymentAPI) initiateByQuote(r *http.Request, account *model.Account, token *sresponse.TokenData) http.HandlerFunc {
+	return a.initiatePayment(r, account, token, true)
+}
--- a/api/server/internal/server/paymentapiimp/quote.go
+++ b/api/server/internal/server/paymentapiimp/quote.go
@@ -0,0 +1,74 @@
+package paymentapiimp
+
+import (
+	"encoding/json"
+	"net/http"
+	"strings"
+
+	"github.com/tech/sendico/pkg/api/http/response"
+	"github.com/tech/sendico/pkg/merrors"
+	"github.com/tech/sendico/pkg/model"
+	orchestratorv1 "github.com/tech/sendico/pkg/proto/payments/orchestrator/v1"
+	"github.com/tech/sendico/server/interface/api/srequest"
+	"github.com/tech/sendico/server/interface/api/sresponse"
+	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.uber.org/zap"
+)
+
+func (a *PaymentAPI) quotePayment(r *http.Request, account *model.Account, token *sresponse.TokenData) http.HandlerFunc {
+	orgRef, err := a.oph.GetRef(r)
+	if err != nil {
+		a.logger.Warn("Failed to parse organization reference for quote", zap.Error(err), zap.String(a.oph.Name(), a.oph.GetID(r)))
+		return response.BadReference(a.logger, a.Name(), a.oph.Name(), a.oph.GetID(r), err)
+	}
+
+	ctx := r.Context()
+	allowed, err := a.enf.Enforce(ctx, a.permissionRef, account.ID, orgRef, primitive.NilObjectID, model.ActionCreate)
+	if err != nil {
+		a.logger.Warn("Failed to check payments access permissions", zap.Error(err), zap.String(a.oph.Name(), orgRef.Hex()))
+		return response.Auto(a.logger, a.Name(), err)
+	}
+	if !allowed {
+		a.logger.Debug("Access denied when quoting payment", zap.String(a.oph.Name(), orgRef.Hex()))
+		return response.AccessDenied(a.logger, a.Name(), "payments write permission denied")
+	}
+
+	payload, err := decodeQuotePayload(r)
+	if err != nil {
+		return response.BadPayload(a.logger, a.Name(), err)
+	}
+
+	req := &orchestratorv1.QuotePaymentRequest{
+		Meta: &orchestratorv1.RequestMeta{
+			OrganizationRef: orgRef.Hex(),
+		},
+		IdempotencyKey: payload.IdempotencyKey,
+		Intent:         payload.Intent,
+		PreviewOnly:    payload.PreviewOnly,
+	}
+
+	resp, err := a.client.QuotePayment(ctx, req)
+	if err != nil {
+		a.logger.Warn("Failed to quote payment", zap.Error(err), zap.String("organization_ref", orgRef.Hex()))
+		return response.Auto(a.logger, a.Name(), err)
+	}
+
+	return sresponse.PaymentQuoteResponse(a.logger, resp.GetQuote(), token)
+}
+
+func decodeQuotePayload(r *http.Request) (*srequest.QuotePaymentPayload, error) {
+	defer r.Body.Close()
+
+	payload := &srequest.QuotePaymentPayload{}
+	if err := json.NewDecoder(r.Body).Decode(payload); err != nil {
+		return nil, merrors.InvalidArgument("invalid payload: " + err.Error())
+	}
+	payload.IdempotencyKey = strings.TrimSpace(payload.IdempotencyKey)
+	if payload.IdempotencyKey == "" {
+		return nil, merrors.InvalidArgument("idempotencyKey is required")
+	}
+	if payload.Intent == nil {
+		return nil, merrors.InvalidArgument("intent is required")
+	}
+	return payload, nil
+}
--- a/api/server/internal/server/paymentapiimp/service.go
+++ b/api/server/internal/server/paymentapiimp/service.go
@@ -0,0 +1,102 @@
+package paymentapiimp
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"strings"
+	"time"
+
+	orchestratorclient "github.com/tech/sendico/payments/orchestrator/client"
+	api "github.com/tech/sendico/pkg/api/http"
+	"github.com/tech/sendico/pkg/auth"
+	"github.com/tech/sendico/pkg/merrors"
+	"github.com/tech/sendico/pkg/mlogger"
+	"github.com/tech/sendico/pkg/mservice"
+	orchestratorv1 "github.com/tech/sendico/pkg/proto/payments/orchestrator/v1"
+	eapi "github.com/tech/sendico/server/interface/api"
+	mutil "github.com/tech/sendico/server/internal/mutil/param"
+	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.uber.org/zap"
+)
+
+type paymentClient interface {
+	QuotePayment(ctx context.Context, req *orchestratorv1.QuotePaymentRequest) (*orchestratorv1.QuotePaymentResponse, error)
+	InitiatePayment(ctx context.Context, req *orchestratorv1.InitiatePaymentRequest) (*orchestratorv1.InitiatePaymentResponse, error)
+	Close() error
+}
+
+type PaymentAPI struct {
+	logger mlogger.Logger
+	client paymentClient
+	enf    auth.Enforcer
+	oph    mutil.ParamHelper
+
+	permissionRef primitive.ObjectID
+}
+
+func (a *PaymentAPI) Name() mservice.Type { return mservice.PaymentOrchestrator }
+
+func (a *PaymentAPI) Finish(ctx context.Context) error {
+	if a.client != nil {
+		if err := a.client.Close(); err != nil {
+			a.logger.Warn("Failed to close payment orchestrator client", zap.Error(err))
+		}
+	}
+	return nil
+}
+
+func CreateAPI(apiCtx eapi.API) (*PaymentAPI, error) {
+	p := &PaymentAPI{
+		logger: apiCtx.Logger().Named(mservice.PaymentOrchestrator),
+		enf:    apiCtx.Permissions().Enforcer(),
+		oph:    mutil.CreatePH(mservice.Organizations),
+	}
+
+	desc, err := apiCtx.Permissions().GetPolicyDescription(context.Background(), mservice.PaymentOrchestrator)
+	if err != nil {
+		p.logger.Warn("Failed to fetch payment orchestrator permission description", zap.Error(err))
+		return nil, err
+	}
+	p.permissionRef = desc.ID
+
+	if err := p.initPaymentClient(apiCtx.Config().PaymentOrchestrator); err != nil {
+		p.logger.Error("Failed to initialize payment orchestrator client", zap.Error(err))
+		return nil, err
+	}
+
+	apiCtx.Register().AccountHandler(p.Name(), p.oph.AddRef("/quote"), api.Post, p.quotePayment)
+	apiCtx.Register().AccountHandler(p.Name(), p.oph.AddRef("/immediate"), api.Post, p.initiateImmediate)
+	apiCtx.Register().AccountHandler(p.Name(), p.oph.AddRef("/by-quote"), api.Post, p.initiateByQuote)
+
+	return p, nil
+}
+
+func (a *PaymentAPI) initPaymentClient(cfg *eapi.PaymentOrchestratorConfig) error {
+	if cfg == nil {
+		return merrors.InvalidArgument("payment orchestrator configuration is not provided")
+	}
+
+	address := strings.TrimSpace(cfg.Address)
+	if address == "" {
+		address = strings.TrimSpace(os.Getenv(cfg.AddressEnv))
+	}
+	if address == "" {
+		return merrors.InvalidArgument(fmt.Sprintf("payment orchestrator address is not specified and address env %s is empty", cfg.AddressEnv))
+	}
+
+	clientCfg := orchestratorclient.Config{
+		Address:     address,
+		DialTimeout: time.Duration(cfg.DialTimeoutSeconds) * time.Second,
+		CallTimeout: time.Duration(cfg.CallTimeoutSeconds) * time.Second,
+		Insecure:    cfg.Insecure,
+	}
+
+	client, err := orchestratorclient.New(context.Background(), clientCfg)
+	if err != nil {
+		return err
+	}
+
+	a.client = client
+	return nil
+}