Architecture Overview - Core Concepts

🧩 System Components

🎮

Client Application

Your game or application that integrates with Merso via iframe modal or direct API calls.

🔧

Merso API

REST API for authentication, transaction management, and configuration.

📝

Smart Contracts

On-chain contracts for payment processing, escrow, and PNPL management.

🔔

Webhook Service

Event notification system for real-time updates on transaction status.

🔄 Data Flow

1

Auth

JWT Token

→

2

Request

API Call

→

3

Prepare

Build TX

→

4

Sign

User Wallet

→

5

Execute

On-Chain

🔧 API Layer

The Merso API provides a unified interface for all blockchain operations, abstracting away chain-specific complexities.

Endpoint Category	Purpose	Authentication
`/auth`	Obtain JWT tokens for API access	API Key
`/transactions`	Create and manage payment transactions	JWT
`/approvals`	Token approval for smart contract interaction	JWT
`/collections`	NFT collection management	JWT
`/webhooks`	Configure webhook endpoints	JWT

🔐 Security Model

✓

JWT Authentication

Short-lived tokens (12 hours) for API access, refreshed as needed.
✓

Server-Side API Keys

API keys never exposed to client-side code.
✓

Wallet Signatures

All transactions require explicit user approval via wallet.
✓

HTTPS Only

All API communication over TLS 1.3.

⚠️ Security Best Practice

Never expose your API Key in client-side code. Always proxy API calls through your backend server.

⛓️ Multi-Chain Architecture

Merso provides a unified API that works across multiple blockchains. The system automatically handles chain-specific transaction formatting and gas estimation.

Chain Configuration

// Same API call works across chains
// Just change the chain_id parameter

// Polygon
{ "chain_id": "137", ... }

// Ethereum
{ "chain_id": "1", ... }

// Solana (uses different address format)
{ "chain": "solana", ... }