# FractalPay AaaS

**The post-quantum, AI-verified, multi-chain payment gateway as a service.**

A Stripe alternative built on **9 blockchains** (8 EVM + Stellar), signed
with **CRYSTALS-Dilithium** post-quantum cryptography, and producing a
**VAID-1 cryptographic attestation** for every confirmed payment.

Version: 1.0.0 · Public beta · Apache-2.0 · 2026-05-25

---

## Why this exists

Every payment processor in production today (Stripe, PayPal, Adyen, Square,
Coinbase Commerce, BitPay) shares three structural weaknesses:

1. **ECDSA signatures** — quantum-vulnerable. Best estimates put practical
   quantum decryption between 2030 and 2035. The card networks have no
   migration path.
2. **Centralized verification** — merchants get a PDF receipt, not
   cryptographic proof. Disputes are arbitrated by humans inside the
   processor, opaque to both sides.
3. **Single-rail settlement** — Stripe routes through Visa/Mastercard,
   Coinbase Commerce through 3-4 chains. Merchants have no choice of rail
   per payment.

FractalPay AaaS removes all three. Same developer experience, four to eight
times cheaper, with structural properties no incumbent can copy without
rewriting from scratch.

| | Stripe | Coinbase Commerce | FractalPay |
|---|---|---|---|
| Fee per tx | 2.9% + 30¢ | 1.0% | **0.618%** (φ⁻¹) |
| Chains | 0 (cards only) | 4 | **9** (8 EVM + Stellar) |
| Post-quantum signatures | ❌ | ❌ | ✅ CRYSTALS-Dilithium |
| Proof per payment | PDF receipt | None | **VAID-1 attestation** |
| Open source | ❌ | ❌ | ✅ Apache-2.0 |
| Settlement | T+2 to bank | T+0 to crypto | T+0 to crypto, T+1 to bank (roadmap) |

---

## Quickstart

### Python

```bash
pip install fractalpay
```

```python
from fractalpay import FractalPay

fp = FractalPay()

intent = fp.intents.create(
    amount="100.00",
    currency="USDC",
    recipient_address="0xYourWalletOnBase",
    recipient_chain="base",
    description="Pro plan — monthly",
    callback_url="https://your-app.com/webhooks/fractalpay",
)

print(f"Send your customer to: {intent.web_url}")
```

### TypeScript / JavaScript

```bash
npm install @fractalai/pay
```

```typescript
import { FractalPay } from '@fractalai/pay';

const fp = new FractalPay();

const intent = await fp.intents.create({
  amount: '100.00',
  currency: 'USDC',
  recipientAddress: '0xYourWalletOnBase',
  recipientChain: 'base',
  description: 'Pro plan — monthly',
  callbackUrl: 'https://your-app.com/webhooks/fractalpay',
});

console.log(`Send your customer to: ${intent.webUrl}`);
```

### Raw HTTP

```bash
curl -X POST https://fractalai.net.co/api/pay \
  -H "Content-Type: application/json" \
  -d '{
    "amount": "100.00",
    "currency": "USDC",
    "recipientAddress": "0xYourWalletOnBase",
    "recipientChain": "base"
  }'
```

All three forms hit the same endpoint and return the same intent shape.

---

## Architecture

### Payment intent lifecycle

```
created  →  detecting  →  confirming  →  bridging?  →  completed
                                                    ↘  failed
                                                    ↘  expired
                                                    ↘  refunded
```

| Status | Meaning |
|---|---|
| `created` | Intent exists; awaiting customer payment |
| `detecting` | A transaction has been observed on-chain matching this intent |
| `confirming` | Transaction included; awaiting confirmations |
| `bridging` | Cross-chain settlement in progress (only if payer chain ≠ recipient chain) |
| `completed` | Funds settled to the recipient address |
| `expired` | TTL elapsed without payment |
| `failed` | Verification mismatch (wrong amount, wrong recipient, etc.) |
| `refunded` | Merchant issued a refund |

### Supported chains

| Chain | Confirm time | Best for |
|---|---|---|
| `stellar` | ~3-5 s | Microtransactions, low-fee remittances |
| `fractalai` | ~3 s | Native FRAC payments, lowest fee |
| `base` | ~10 s | EVM standard, low gas |
| `avalanche` | ~3 s | Fast finality EVM |
| `polygon` | ~15 s | Common stablecoin chain |
| `arbitrum` | ~15 s | L2 EVM, low gas |
| `optimism` | ~15 s | L2 EVM, low gas |
| `bsc` | ~15 s | Asian market reach |
| `ethereum` | ~3 min | High-value, deep liquidity |

### Supported currencies

`FRAC`, `wFRAC`, `USDC`, `USDT`, `ETH` — same set on every chain (with native
restrictions, e.g. ETH only on EVM chains).

### Cross-chain settlement

Your customer can pay from ANY chain in `intent.suggestedChains`; FractalPay
bridges to your `recipientChain` automatically. Bridge fee is 0.16% (φ-derived),
deducted from the settled amount.

```python
intent = fp.intents.create(
    amount="500.00",
    currency="USDC",
    recipient_address="0xMyBaseWallet",
    recipient_chain="base",  # I want USDC on Base
)
# Customer can pay from: ethereum, polygon, arbitrum, stellar, etc.
# FractalPay handles the bridging.
```

---

## Webhook verification

When a payment completes, FractalPay POSTs to your `callback_url` with the
event body signed by HMAC-SHA256 in the `X-FractalPay-Signature` header.

The signature format is `sha256=<hex>`, following GitHub/Stripe convention.

```python
from fractalpay import verify_webhook, SignatureVerificationError

@app.post("/webhooks/fractalpay")
def handle():
    try:
        event = verify_webhook(
            payload=request.get_data(),  # RAW bytes, not parsed JSON
            signature=request.headers["X-FractalPay-Signature"],
            secret=os.environ["FRACTALPAY_WEBHOOK_SECRET"],
        )
    except SignatureVerificationError:
        return "", 401

    if event.type == "payment.completed":
        fulfill_order(event.intent.metadata["order_id"])
    return "", 200
```

The verifier uses constant-time comparison (`hmac.compare_digest` in Python,
`timingSafeEqual` in TypeScript) to prevent timing attacks.

---

## VAID-1 cryptographic attestation

Every confirmed payment will produce a **VAID-1 attestation** — a
CRYSTALS-Dilithium-signed record that any third party can verify against the
payment processor's public key, proving:

- That FractalPay's payment-verifier agent observed the transaction
- The intent ID, payer address, recipient, amount, and chain
- The exact timestamp of verification

This is unique in the payment industry. Stripe gives you a PDF receipt
backed by their lawyers. FractalPay gives you cryptographic proof backed
by mathematics — auditable in perpetuity by anyone with the public key.

VAID-1 attestation hooks are coming online incrementally; see the
[VAID-1 specification](/docs/VAID_1_SPEC.md) and the
[`vaid` Python package](https://pypi.org/project/vaid/) for the standard.

---

## Pricing

| Tier | Monthly volume | Fee per TX | Margin vs Stripe |
|---|---|---|---|
| **Starter** | < $10K | 0.618% (φ⁻¹) | ~4.7× cheaper |
| **Growth** | $10K - $100K | 0.500% | ~5.8× cheaper |
| **Scale** | $100K - $1M | 0.450% | ~6.4× cheaper |
| **Enterprise** | > $1M | 0.382% (φ⁻²) | ~7.6× cheaper |

Stablecoin-to-stablecoin payments on the same chain are **0% fee** during
public beta.

---

## Anti-replay and integrity

Each intent carries an HMAC (`intent.hmac`) signed over `id : amount :
recipient_address : expires_at : nonce`. On every retrieve, the API
re-validates the HMAC and rejects the response if it doesn't match. This
means the recipient address and amount **cannot be tampered with in
transit** — even if an attacker intercepts the intent payload, modifying
any field invalidates the signature.

Nonces are tracked in a server-side replay cache; intents cannot be
double-spent.

---

## What's not yet shipped

This is a beta. Honest disclosure:

- **VAID-1 attestation hook** for payments — capability exists in the `vaid`
  package; the hook in `/api/pay/webhook` lands in v1.1
- **Per-merchant signing secrets** — v1.0 uses a shared webhook signing
  secret across all merchants; v1.1 introduces per-merchant secrets for
  isolation
- **Fiat off-ramp** — v1.0 settles to crypto only; integration with
  Bridge.xyz / Circle for direct-to-bank settlement targeted Q3 2026
- **Card payment fallback** — for customers who don't have crypto,
  Circle / Bridge passthrough planned post-launch
- **AaaS agents** (compliance / dispute / support) — vision documented,
  implementation post-launch

---

## Status of dogfooding

FractalPay AaaS is currently processing our own seed-round presale payments
on `presale.fractalai.net.co/presale`. We eat our own dog food. If you find
a bug, you've found it in our raise too.

---

## Resources

- **Python SDK**: `pip install fractalpay`
- **TypeScript SDK**: `npm install @fractalai/pay`
- **API reference**: this document
- **Open-source code**: github.com/johnInarti/FRACTAL-AI
- **VAID-1 spec**: [/docs/VAID_1_SPEC.md](/docs/VAID_1_SPEC.md)
- **Issues**: github.com/johnInarti/FRACTAL-AI/issues (label `fractalpay`)
- **Status / uptime**: status.fractalai.net.co (coming)

---

*FractalPay AaaS is part of the FractalAI ecosystem of 7 open standards.
See [STANDARDS_OVERVIEW.md](/docs/STANDARDS_OVERVIEW.md) for the full set.*