Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.algovoi.co.uk/llms.txt

Use this file to discover all available pages before exploring further.

The AlgoVoi merchant dashboard is the primary web interface for tenants managing their payment operations. It is a React single-page application accessible at dash.algovoi.co.uk. All payment logic remains in the control plane; the dashboard is a display and configuration surface that operates exclusively through authenticated REST API calls to the control plane at api.algovoi.co.uk. The dashboard is mobile-responsive and tested on desktop (1920×1080 and 1440×900) and tablet (768×1024) form factors.

Authentication and Session Management

Login

Tenants authenticate with email address and password. Multi-factor authentication (TOTP) is required at login. TOTP seeds are encrypted at rest using the platform’s document encryption key.

Session Model

ParameterValue
Session token typeJWT (signed HS256 by default; configurable to HS384 or HS512 per tenant tier)
Token lifetimeConfigurable; default 8 hours
Refresh mechanismSilent automatic refresh when token has less than 15 minutes remaining
Inactivity timeout30 minutes of inactivity triggers session expiry
Concurrent sessionsPermitted; each device receives an independent JWT

Password Reset

Password reset is available via a time-limited email token. Token lifetime is 30 minutes. Token is single-use: it is invalidated on first use regardless of whether the password change completes. Password reset requires MFA confirmation if MFA is already enrolled. Resets are recorded in the audit_log chain.

MFA

TOTP-based MFA using RFC 6238 (TOTP) and RFC 4226 (HOTP). Compatible with Google Authenticator, Authy, Microsoft Authenticator, and any RFC 6238-compliant authenticator application. Setup generates a QR code encoding the provisioning URI. Recovery codes are generated at setup and are displayable once; they are hashed before storage.
The dashboard is divided into eight primary sections accessible from the left navigation panel:
SectionPurpose
PaymentsFull payment history across all chains and protocols
Checkout LinksHosted payment link management
MandatesRecurring mandate management
Recurring AuthoritiesTier 2 standing authority management
WebhooksWebhook endpoint configuration and delivery logs
API KeysAPI key lifecycle management
KYC / KYBIdentity verification and compliance status
SettingsAccount settings, security, and GDPR controls
A Compliance panel is accessible from the footer and from the KYC section. It exposes live audit chain heads and links to the public attestation endpoint.

Payments Section

The payments section provides a full searchable, filterable history of all payments received by the tenant across all chains, assets, and protocols.

Filters

FilterTypeValues
chainenum multi-selectalgorand, voi, hedera, stellar, base, solana, tempo
assetstringCAIP-19 asset identifier or display ticker (e.g. USDC)
date_fromdateISO 8601 date
date_todateISO 8601 date
statusenumverified, reversed, disputed, pending
protocolenum multi-selectcheckout, x402, mpp, ap2, a2a, recurr
min_amountdecimalMinimum amount in display currency (GBP equivalent)
max_amountdecimalMaximum amount in display currency (GBP equivalent)

Payment List Fields

Each row in the payments list displays:
FieldDescription
payment_idTruncated UUID with copy-to-clipboard
tx_idOn-chain transaction ID, truncated, links to chain explorer
chainChain badge with chain icon
assetAsset ticker
amountDisplay amount with currency symbol
payer_addressMasked: first 6 and last 4 characters visible; full address available on expand
verified_atHuman-readable relative timestamp with ISO 8601 on hover
protocolProtocol badge
statusStatus badge (verified / reversed / disputed)
audit_chain_linkLink to the corresponding payment_ledger row in the audit bundle viewer

Payment Detail Panel

Clicking any payment row opens a side panel with:
FieldDescription
Full payment_idFull UUID, copyable
Full tx_idFull on-chain transaction ID, copyable, with chain explorer link
Full payer_addressFull wallet address, copyable
chain_positionThe chain_position of this row in the payment_ledger audit chain
content_hashThe SHA-256 content hash of this row, copyable
Settlement attestationLink to the draft-hopley-x402-settlement-attestation receipt for this payment
Compliance receiptLink to the compliance receipt (ALLOW / REFER / DENY) for this payment
Refund receiptPresent only if a refund was issued
Cancellation receiptPresent only if this payment was part of a cancelled mandate

CSV Export

The full filtered payment history is exportable as CSV. The export includes all fields visible in the payment detail panel. Payer addresses are included in full in exports (not masked). Exports are recorded in the audit_log chain.

List View

Each checkout link displays:
FieldDescription
tokenThe short token used in the hosted checkout URL (dash.algovoi.co.uk/pay/)
amountDisplay amount
chainTarget chain
assetAsset ticker
statuspending, paid, expired, or cancelled
created_atCreation timestamp
paid_atPayment timestamp (null if unpaid)
redirect_urlDestination after successful payment (masked to domain only in list view)
The link creation form accepts:
FieldTypeRequiredDescription
amountdecimalYesPayment amount
asset_idstringYesCAIP-19 asset identifier
chainenumYesTarget chain
redirect_urlstringYesPost-payment redirect destination. Validated against URL threat-intelligence feeds at creation time.
descriptionstringNoShown to payer on hosted checkout page
expires_attimestampNoLink expiry. If null, link does not expire.
metadataobjectNoArbitrary key-value pairs attached to the payment on completion

QR Code

Every checkout link has a QR code available on the detail view. The QR code encodes the full hosted checkout URL. It is downloadable as SVG or PNG at 512×512 pixels.

Re-Use

The re-use button on any existing link opens the create form pre-populated with the same amount, asset, chain, and description. redirect_url and expiry must be re-entered.

Mandates Section

The mandates section shows all recurring mandates associated with the tenant, across all lifecycle states.

Mandate List Fields

FieldDescription
mandate_idTruncated UUID
payer_addressMasked wallet address
chainChain badge
assetAsset ticker
cap_displayCap amount in display currency
periodHuman-readable period (e.g. “every 30 days”)
statusStatus badge: pending, active, paused, revoked, expired, cancelled
next_due_atNext scheduled pull timestamp
last_pull_atMost recent successful pull timestamp

Mandate Detail Panel

FieldDescription
Full mandate_idFull UUID
Full payer_addressFull wallet address
activated_atActivation timestamp
cancel_atScheduled cancellation date (if set)
cancel_reasonCancellation reason (user_requested, merchant_requested, compliance_terminated, expired)
Pull historyOrdered list of all pull attempts with tx_id, amount, status, and timestamp
Cancellation receiptLink to draft-hopley-x402-cancellation-receipt (present once cancelled)

Safeguard Indicators

The mandate detail panel displays the three platform-wide safeguards as status indicators:
  • Per-mandate cap: £100 maximum (enforced at control plane level)
  • Per-account cap: £300 maximum across all active mandates for this payer account
  • Maximum concurrent mandates: 3 per account
These limits are not configurable at tenant level. They are EMR 2011-aligned safeguards.

Cancel Mandate

Tenants can cancel an active or paused mandate via the dashboard. Cancellation records cancel_reason as merchant_requested. A cancellation receipt (per draft-hopley-x402-cancellation-receipt) is emitted automatically. The receipt is linked from the mandate detail panel and is also dispatched via the mandate.cancelled webhook event.

Recurring Authorities Section

Tier 2 standing authorities are higher-autonomy recurring arrangements where an AI agent or automated system pulls payments on a schedule against a pre-authorised cap, without re-requesting authorisation per pull.

Authority List Fields

FieldDescription
authority_idTruncated UUID
payer_addressMasked wallet address
chainChain badge
assetAsset ticker
cap_displayLifetime or period cap in display currency
per_cycle_displayPer-pull maximum in display currency
periodHuman-readable period
statusactive, paused, revoked, or expired
next_due_atNext scheduled pull
last_pull_atMost recent successful pull

Manual Pull

For catch-up or proration scenarios, a manual pull can be triggered from the authority detail panel. Manual pulls are subject to the same per_cycle_microunits cap as scheduled pulls. Manual pull events are recorded in the payment_ledger and negotiation_trace_events chains.

Pause and Resume

An active authority can be paused (no further scheduled pulls until resumed). A paused authority can be resumed. Both transitions are recorded in the compliance_events chain with actor and timestamp.

Webhooks Section

Webhook List Fields

FieldDescription
webhook_idUUID
urlDestination URL (domain only visible in list; full URL visible on detail)
eventsArray of subscribed event types
statusactive or disabled
success_rate_7dPercentage of successful deliveries in the past 7 days
last_delivery_atTimestamp of most recent delivery attempt
last_delivery_statussuccess or failed

Webhook Events

Tenants subscribe to specific event types. Available event types:
CategoryEvent Types
Paymentspayment.verified, payment.reversed, payment.disputed
Compliancescreening.hit, screening.flagged, kyc.approved, kyc.rejected, mainnet.activated, mainnet.suspended
Mandatesmandate.activated, mandate.charged, mandate.charge_failed, mandate.paused, mandate.revoked, mandate.expired, mandate.cancelled
Subscriptionsmpp_subscription.activated, mpp_subscription.charged, mpp_subscription.charge_failed, mpp_subscription.revoked, mpp_subscription.expired
Webhookswebhook.delivery_failed (meta-event; always fires regardless of subscription)

Delivery Statistics

The webhook detail panel shows:
MetricDescription
Total deliveriesLifetime count
Success countHTTP 2xx responses
Failure countNon-2xx responses or connection failures
Success rate (7d)Rolling 7-day percentage
Average response time (7d)Rolling 7-day average in milliseconds

Delivery Log

The live delivery log shows the 100 most recent delivery attempts for each webhook endpoint:
ColumnDescription
event_typeThe event type that triggered this delivery
event_idUUID of the specific event instance
attempted_atTimestamp
http_statusResponse status code (or connection_error / timeout)
response_bodyFirst 512 characters of the response body
duration_msRound-trip time in milliseconds

Test Delivery

The test delivery button sends a synthetic event of the selected event type to the webhook endpoint. Test deliveries are distinguishable by the event_id prefix test_. They are recorded in the delivery log but not in the audit chain.

Secret Rotation

Webhook payloads are signed with HMAC-SHA256 using a per-webhook secret. The dashboard provides:
  • Generate new secret: immediately valid; old secret remains valid for a configurable grace period (default 24 hours) to allow recipient systems to rotate
  • Grace period indicator: countdown to old secret expiry
  • Revoke old secret immediately: terminates the grace period
The signing header format is: X-AlgoVoi-Signature: algvw_

API Keys Section

Key List Fields

FieldDescription
key_idUUID
nameHuman-assigned label
prefixFirst 12 characters of the key (displayed permanently; full key shown once at creation only)
scopesArray of authorised scopes
created_atCreation timestamp
last_used_atTimestamp of most recent authenticated request
statusactive or revoked

Scopes

At key creation, the tenant selects the minimum set of scopes required for the intended use. Available scopes include (but are not limited to):
ScopeAccess Granted
payments:readRead payment history
payment_links:writeCreate and manage checkout links
webhooks:writeRegister and manage webhook endpoints
mandates:readRead mandate state
mandates:writeCreate and manage mandates
recurring:writeManage standing authorities and trigger manual pulls
compliance:readRead compliance and screening status
kyc:readRead KYC/KYB status

Key Lifecycle

Keys are shown in full only at creation. After the creation modal is dismissed, only the prefix is visible. Tenants should store keys in a secrets manager at creation time. Key revocation is immediate. All requests authenticated with a revoked key are rejected with HTTP 401. Revocation is recorded in the audit_log chain.

KYC and KYB Section

KYC Status Tracker

The KYC section displays the current verification state as a progress indicator:
StateDisplayDescription
not_startedGreyNo documents submitted
pendingYellowDocuments in upload queue
submittedBlueDocuments submitted; awaiting review
approvedGreenKYC approved; mainnet access granted (subject to mainnet_active flag)
rejectedRedKYC rejected; reason displayed; re-submission available
expiredOrangePeriodic re-verification required

Document Upload

Accepted document types:
  • Passport (any ICAO-compliant jurisdiction)
  • National identity card (EU, EEA, and other accepted jurisdictions)
  • Driving licence (UK, EU, and other accepted jurisdictions)
Document requirements:
  • JPEG, PNG, or PDF
  • Maximum 10 MB per file
  • All four corners must be visible
  • No glare, obstruction, or cropping
Liveness check:
  • Selfie video capture in-browser
  • Anti-spoofing: printed photo, screen replay, and 3D mask detection
  • Face-match against uploaded document photo
All documents are encrypted at rest immediately on receipt. Uploaded documents are not viewable in the dashboard after submission. The dashboard shows a submission receipt only.

KYB (Company)

Company applicants complete the KYB form with the following structure: Section 1 — Company Details: company_name, registered_number, jurisdiction_of_incorporation, registered_address (object: line1, line2, city, postcode, country), trading_name (if different), business_description, industry_sector (enum), years_in_operation, company_website Section 2 — Beneficial Owners: Array of UBO objects, one per beneficial owner with ownership exceeding 25%. UBO object fields: full_name, date_of_birth, nationality, country_of_residence, ownership_percentage, is_director (boolean), is_pep (boolean, self-declared), document_type, document_reference Section 3 — Financial Profile: source_of_funds (enum: trading_revenue, investment_income, sale_of_assets, loan_proceeds, other), source_of_funds_description, anticipated_monthly_volume_gbp (enum: under_1000, 1000_to_10000, 10000_to_100000, over_100000), anticipated_payment_types (multi-select enum) Section 4 — Documents: certificate_of_incorporation, latest_filed_accounts (most recent full-year accounts), proof_of_trading_address (utility bill or bank statement dated within 3 months), ultimate_beneficial_owner_register_extract (where jurisdiction requires public UBO register)

Rejection and Re-Submission

If KYC or KYB is rejected, the rejection reason is displayed in generic form (consistent with SAMLA s.20 and GDPR data minimisation). Re-submission is permitted. Previous submissions are archived in the encrypted documents store.

Hosted Checkout Page

The hosted checkout page is accessible at dash.algovoi.co.uk/pay/ and is the payment surface shown to end customers.

Page Fields Displayed to Payer

FieldDescription
merchant_nameThe tenant’s display name
amountDisplay amount with asset ticker
chainTarget chain with chain icon
descriptionOptional description set by merchant at link creation
expires_atCountdown timer if link has an expiry

Wallet Connection Options

Connection options are presented per target chain:
ChainWallet Options
AlgorandPera Wallet, Defly, WalletConnect generic
VOIKibisis, WalletConnect generic
SolanaPhantom, Solflare, Backpack
HederaHashPack, Blade Wallet
StellarFreighter, LOBSTR
BaseMetaMask, WalletConnect generic, Coinbase Wallet
TempoMetaMask, WalletConnect generic

xChain Option

A separate xChain tab allows the payer to pay from any supported EVM chain, routing settlement to the merchant’s target chain via Allbridge or CCTP V2 (Solana-destination). The payer selects their source chain and connects their source-chain wallet. The xChain flow:
  1. Payer selects source chain and connects source wallet
  2. Platform displays the bridged amount required on the source chain (accounting for bridge fees)
  3. Payer approves and signs the bridge transaction in their source wallet
  4. Platform monitors the bridge settlement and confirms receipt on the destination chain
  5. Payment is marked verified on the destination chain; redirect fires

Payment Status Polling

The hosted checkout page polls the payment status endpoint every 3 seconds after transaction submission. Status progression:
StatusDisplay
pendingSpinner with “Waiting for confirmation…“
confirmingSpinner with “Transaction detected, confirming…“
verifiedGreen tick with “Payment confirmed” followed by redirect
failedRed X with error message and retry option
expiredOrange clock with “This payment link has expired”
On verification, the page waits 2 seconds to display the success state, then redirects to redirect_url with query parameters appended: ?payment_id=&status=verified&tx_id=.

Compliance Panel

The Compliance panel is accessible from the dashboard footer and from the KYC section.

Displayed Information

ItemDescription
Current risk_tierBadge with tier label and description
kyc_statusCurrent KYC status badge
mainnet_activeBoolean indicator
Audit chain headsLive chain_position and content_hash for all five audit chains, refreshed every 60 seconds
Sanctions screening statusLast screening timestamp; flag if any pending MLRO review
Feed refresh timestampsLast refresh time for each of the seven threat-intel feeds and three sanctions lists
Link to GET /compliance/attestationOpens the raw JSON attestation in a new tab

Audit Bundle Download

Tenants can download a scoped audit bundle directly from the Compliance panel. The download form accepts:
FieldTypeDescription
chainenumWhich audit chain to bundle (or all)
date_fromdateStart of the requested window
date_todateEnd of the requested window
include_bridging_rowsbooleanInclude rows needed to prove chain continuity (recommended: true)
The downloaded bundle is a JSON file conforming to the selective-disclosure audit bundle schema. It can be submitted directly to verify.algovoi.co.uk for independent verification.

Settings Section

Account Settings

SettingDescription
Display nameTenant display name shown on hosted checkout pages and receipts
Email addressPrimary contact email. Change requires re-verification via email link.
Notification preferencesWhich dashboard-side email notifications to receive
TimezoneDisplay timezone for timestamps throughout the dashboard
Tenant IDNon-editable UUID (needed for MCP server configuration)
Tenant short IDNon-editable short identifier (used in MPP resource URLs)

Security Settings

SettingDescription
PasswordChange password; requires current password + MFA confirmation
MFAView TOTP setup; regenerate recovery codes; reset MFA (requires re-authentication)
Active sessionsList of all active JWT sessions with device hint and last activity; individual sessions can be revoked
Revoke all sessionsRevokes all active JWTs across all devices

GDPR Controls

ControlDescription
Subject Access RequestDownload a machine-readable copy of all personal data held about this account, excluding identity documents in encrypted document storage (covered separately by the document retention policy)
Erasure RequestRequest deletion of personal data from live systems. Processed within 30 days. UK MLRs Reg 40 data retained in B2 Object Lock is outside erasure scope; this is documented in the request confirmation.
All GDPR control actions are recorded in the audit_log chain with actor, action, and timestamp.