System Design: Online Donation Platform for a 3-Day Campaign

Context

You are designing a donation platform for a time-bounded, high-traffic, three-day campaign. Users provide minimal personal information and donate arbitrary amounts split across multiple organizations. The platform's payment scope is limited to charging donors and depositing funds into the company’s account. No real-time fund-splitting to organizations is required; allocation is recorded for later internal distribution.

Assume:

• High burst traffic around campaign marketing pushes.
• Use of a third-party payment processor (PSP) that supports idempotent charges and webhooks.
• PCI scope is minimized via tokenization/hosted fields.

Requirements

Design an end-to-end architecture and data model. Address:

1. Synchronous vs asynchronous payment flows; justify when to use async.
2. Detailed async workflow: API layer, idempotency keys, queue, workers, retries with exponential backoff and jitter, dead-letter handling.
3. How to guarantee idempotent charges across network retries.
4. Failure handling, reconciliation/reporting, duplicate submission prevention.
5. Security/PII and payment compliance, rate limiting, observability, and scaling for bursty traffic.
6. API contracts, database schema, and a strategy for partial failures and eventual consistency.