/B2B2C Platform Architecture
🏢

B2B2C Platform Architecture

Day 2 · Architecture · 45 min

What is B2B2C?: Gnosis Pay already operates as both B2C (direct Gnosis Pay card) and B2B2C. Per their docs: "Gnosis Pay provides the API and card-program infrastructure that enables wallets, fintechs, and businesses to issue stablecoin-powered payment cards and create custom payment flows."

The actual Gnosis Pay B2B2C model: 

┌──────────────────────┐
                    │   Gnosis Pay         │
                    │   Core Platform      │
                    │   (APIs + Card Infra)│
                    └──────┬───────────────┘
              ┌────────────┼────────────┐
              ▼            ▼            ▼
        ┌──────────┐ ┌──────────┐ ┌──────────┐
        │ Gnosis   │ │ Wallet X │ │ Fintech Y│
        │ Pay Card │ │ (partner)│ │ (partner)│
        │ (B2C)    │ │          │ │          │
        └──────────┘ └──────────┘ └──────────┘
              │            │            │
           Direct       Users X      Users Y
           Users     (white-label)  (white-label)

Actual API Capabilities (from Gnosis Pay docs):

  • Account Management: Deploy Safe accounts, manage owners, set daily spending limits (1-8000 EUR, EIP-712 signed)
  • Card Issuance: Virtual (free, instant, max 5 active) and physical (requires KYC, shipping)
  • Card Management: Activate, freeze/unfreeze, report lost/stolen, void virtual cards
  • Transactions: Query payments, refunds, reversals. Cursor-based pagination. Dispute mechanism
  • Balance Queries: Total balance, spendable balance, pending holds
  • Withdrawals: ERC20 or native xDAI, EIP-712 signed, 3-minute delay relay
  • KYC: Sumsub integration with token sharing between partners
  • Webhooks: Real-time event notifications for partners
Partner Integration Models:
  • Permissionless: Direct API access for developers
  • Partnership: Whitelisted, branded solutions with shared KYC (Sumsub tokens)
  • mTLS Authentication: For PCI-sensitive card operations, ephemeral tokens via mTLS where the CN field contains the partner app ID
Partner Isolation: Each partner gets:
  • Isolated data (tenant-scoped API keys, partner certificate validation)
  • Separate settlement wallets (distinct Safe per partner for clean accounting)
  • Independent rate limits and quotas
  • Isolated webhook subscriptions (partner-specific event streams)
  • Separate reconciliation runs
Config-Driven Behavior: 
type TenantConfig struct {
    TenantID         string
    Name             string
    FeeStructure     FeeConfig     // per-tx fee, cashback tiers (GNO-based)
    SpendingLimits   LimitConfig   // daily cap up to €8,000
    SupportedTokens  []string      // EURe, USDC (2026 expansion)
    SettlementWallet common.Address // Partner's Safe
    WebhookURL       string
    BrandingConfig   BrandConfig
    KYCProvider      string        // Sumsub with token sharing
    OnRampPartners   []string      // Noah, Monerium, Avenia
}

Key Points

  • Multi-tenancy with tenant_id on every DB row + RLS policies
  • Partner isolation: separate wallets, rate limits, event streams
  • Config-driven white-labeling — no code changes per partner
  • Tenant context from JWT or API key, threaded through all services
  • Separate reconciliation per partner for clean accounting

Navigate