Topolo Pay
Public overview of the payment worker that handles orders, refunds, and payment operations.
What It Is
Topolo Pay is the payment-processing worker that powers order creation, refunds, admin payment operations, and related operational flows.
Architecture
The system is a worker-first payment surface with admin routes, webhook handling, and payment API operations. Inbound webhook verification remains domain-local. Outbound Stripe order creation, refunds, payment-status reads, and cancellation operations now route through Nexus.
Runtime Surfaces
See /systems/topolo-pay for the runtime inventory and deployment entrypoints.
API Reference
Use /systems/topolo-pay plus the internal handbook for the current worker route inventory and the local-webhook versus Nexus-outbound payment boundary.
Auth and Permissions
Topolo Pay uses its own worker auth and admin permission checks for operational routes. Its outbound Nexus payment calls use trusted service credentials plus fixed attribution to the Auth organization with slug topolo.
Data Ownership
Topolo Pay owns order, transaction, refund, and payment-operation records. Nexus owns centralized external-service credential usage for supported outbound provider calls.
Deployments
Topolo Pay deploys as a Cloudflare worker with admin and webhook surfaces. Standardized outbound payment routes require NEXUS_SERVICE_TOKEN and NEXUS_ORGANIZATION_ID; local webhook verification still uses STRIPE_WEBHOOK_SECRET.
Failure Modes
- order, refund, status, or cancellation routes drift from the current Nexus payment standard
- webhook verification and outbound payment calls are confused as the same integration boundary
Debugging
Start with /systems/topolo-pay and distinguish inbound webhook verification from outbound payment API calls before debugging provider issues.
Change Log / Verification
- Verified the Nexus-backed Topolo Pay outbound payment boundary on 2026-03-30