QODY Architecture
Architecture documentation for QODY.ba scan-order-pay platform (SnowIT BA partner project)

Monri Integration
QODY → Monri Integration — Archive Summary 

 Date: 2026-06-24 
 Archived by: Skillforge (ALAI Knowledge Management) 
 Purpose: Consolidate all Monri payment integration materials for QODY project 

 

 1. Monri Contact 

 Account Manager: 
 
 Name: Mahir Mulaomerović 
 Phone: +387 66 284 773 
 Email: mahir.mulaomerovic@monri.com 
 

 SnowIT Contact for Monri: 
 
 Entity: SnowIT d.o.o. Sarajevo 
 Contact: Enis Merdžanović (CTO, enis@snowit.ba) 
 Business Email: info@snowit.ba 
 Phone: +387 62 329 076 
 

 

 2. Monri Response Summary 

 Date Received: 2026-06-24 (from CEO) 

 Available Acquirer Banks (BiH): 
 
 Raiffeisen Bank BiH 
 Atos Bank 
 UniCredit Bank 
 Intesa Sanpaolo Bank 
 

 Process Confirmed: 
 
 Pick bank → access documentation → test environment → contract → production 
 Sandbox available for testing before merchant contract 
 

 Packages/Services: 
 
 Standard merchant gateway integration 
 Transaction API 
 Webhook support 
 3D Secure (3DS2) compliance 
 

 

 3. Architecture Decision 

 Recommended Model: Model B — Per-Venue Merchant Accounts 

 Rationale: 
 
 QODY remains software service provider (no Payment Institution license needed) 
 Bank-agnostic: each restaurant uses its own bank + Monri merchant account 
 Regulatory safety: money flows restaurant-bank → restaurant (bypasses QODY) 
 Scalable: parallel restaurant onboarding without platform-level approvals 
 

 QODY Platform Fee Collection: 
 
 Monthly invoice: 29-49 KM base + 0.5% of venue revenue through QODY 
 Invoiced separately (not deducted from card settlements) 
 

 Full Details: 
 
 See /tmp/qody-prd/monri-architecture-decision.md (25 pages, 667 lines) 
 Author: Finverge (Markos Zachariadis) 
 

 

 4. Test Environment Form 

 Status: FILLED — Draft for CEO/Asmir confirmation 

 File: /tmp/monri/Podaci_za_testno_okruzenje_POPUNJENO.xlsx 

 Key Data: 
 
 Company: SnowIT d.o.o. Sarajevo 
 JIB: 4203069040007 
 Contact: Enis Merdžanović (info@snowit.ba, +387 62 329 076) 
 Test Bank: Raiffeisen (sandbox) 
 Notification Emails: info@snowit.ba, enis@snowit.ba, john@alai.no 
 

 Note: Requires CEO/Asmir confirmation of: 
 
 Responsible person (Enis vs Asmir) 
 Phone number verification 
 

 

 5. Clarifying Questions Sent to Monri 

 Status: Sent 2026-06-24 

 8 Priority Questions: 
 
 Merchant-of-record model (platform vs per-venue) — CRITICAL 
 Platform fee auto-deduction support 
 Apple Pay / Google Pay availability for BiH 
 Refund, void, authorize+capture API operations 
 Webhook signatures, retry policy, idempotency 
 Test environment access timeline 
 Multi-venue reporting / reconciliation 
 PCI-DSS SAQ-A confirmation for Monri.js hosted checkout 
 

 Full Question Text: See monri-architecture-decision.md §5 

 

 6. Next Steps 

 Immediate (blocking) 
 
 ✓ Fill test environment form (DONE — pending CEO confirmation) 
 ⏳ Await Monri test credentials (sandbox merchant_id, auth_token, webhook_secret) 
 ⏳ Confirm Model B with BiH payment lawyer (1-hour consult, ~500 EUR) 
 

 Build Phase (after test credentials) 
 
 Implement per-venue payment config vault (encrypted Monri credentials) 
 Monri Transaction API client (Kotlin/Ktor) 
 Webhook handler with signature verification 
 E2E test: guest checkout → Monri test charge → staff board update 
 

 Pre-Production 
 
 Onboard 2-3 pilot restaurants through Monri merchant application 
 Complete PCI-DSS SAQ-A (Securion) 
 Privacy policy + Terms (Lexicon) 
 BiH fiscal integration research (Phase 2) 
 

 

 7. Archived Files 

 
 
 
 File 
 Description 
 Size 
 
 
 
 
 Podaci_za_testno_okruženje.xls 
 Blank Monri test environment form (original) 
 35 KB 
 
 
 Podaci_za_testno_okruzenje_POPUNJENO.xlsx 
 Filled form (DRAFT) 
 5.8 KB 
 
 
 monri-architecture-decision.md 
 Full architecture analysis + recommendation 
 667 lines 
 
 
 image001.png 
 Monri logo (from email) 
 8.5 KB 
 
 
 image002.jpg 
 Monri branding (from email) 
 17 KB 
 
 
 

 

 8. Compliance Notes 

 Regulatory: 
 
 Model B avoids BiH Payment Institution (PI) license requirement 
 QODY = software service, not payment intermediary 
 Legal confirmation still recommended (BiH lawyer) 
 

 Security: 
 
 PCI-DSS scope: SAQ-A (Monri.js hosted checkout, no card data on QODY servers) 
 Monri credentials: encrypted vault storage (libsodium or Azure Key Vault) 
 Webhook: HMAC SHA512 signature verification mandatory 
 

 Data Privacy: 
 
 BiH Data Protection Law + GDPR compliance 
 Privacy policy required before production launch 
 Cookie consent (if analytics) 
 

 Fiscal: 
 
 BiH requires fiscal cash registers for retail/hospitality 
 Phase 1 (MVP): QODY order = pre-payment; restaurant issues fiscal receipt from POS 
 Phase 2: Integrate cloud fiscal service (e.g., eFiskalizacija.ba) 
 

 

 Archive URL: https://docs.alai.no/books/qody-architecture/page/monri-integration 
 Paperless Archive ID: [will be added after upload] 

 

 Document Owner: ALAI Holding AS → SnowIT BA (partner tenant) 
 Project: QODY.ba — Scan-Order-Pay Platform for BiH Hospitality