Monri Integration

QODY → Monri Integration — Archive Summary

Date: 2026-06-24
Archived by: Skillforge (ALAI Knowledge Management)
Purpose: Consolidate all Monri payment integration materials for QODY project

---

1. Monri Contact

Account Manager:

• Name: Mahir Mulaomerović
• Phone: +387 66 284 773
• Email: [email protected]

SnowIT Contact for Monri:

• Entity: SnowIT d.o.o. Sarajevo
• Contact: Enis Merdžanović (CTO, [email protected])
• Business Email: [email protected]
• Phone: +387 62 329 076

---

2. Monri Response Summary

Date Received: 2026-06-24 (from CEO)

Available Acquirer Banks (BiH):

1. Raiffeisen Bank BiH
2. Atos Bank
3. UniCredit Bank
4. Intesa Sanpaolo Bank

Process Confirmed:

• Pick bank → access documentation → test environment → contract → production
• Sandbox available for testing before merchant contract

Packages/Services:

• Standard merchant gateway integration
• Transaction API
• Webhook support
• 3D Secure (3DS2) compliance

---

3. Architecture Decision

Recommended Model: Model B — Per-Venue Merchant Accounts

Rationale:

• QODY remains software service provider (no Payment Institution license needed)
• Bank-agnostic: each restaurant uses its own bank + Monri merchant account
• Regulatory safety: money flows restaurant-bank → restaurant (bypasses QODY)
• Scalable: parallel restaurant onboarding without platform-level approvals

QODY Platform Fee Collection:

• Monthly invoice: 29-49 KM base + 0.5% of venue revenue through QODY
• Invoiced separately (not deducted from card settlements)

Full Details:

• See /tmp/qody-prd/monri-architecture-decision.md (25 pages, 667 lines)
• Author: Finverge (Markos Zachariadis)

---

4. Test Environment Form

Status: FILLED — Draft for CEO/Asmir confirmation

File: /tmp/monri/Podaci_za_testno_okruzenje_POPUNJENO.xlsx

Key Data:

• Company: SnowIT d.o.o. Sarajevo
• JIB: 4203069040007
• Contact: Enis Merdžanović ([email protected], +387 62 329 076)
• Test Bank: Raiffeisen (sandbox)
• Notification Emails: [email protected], [email protected], [email protected]

Note: Requires CEO/Asmir confirmation of:

• Responsible person (Enis vs Asmir)
• Phone number verification

---

5. Clarifying Questions Sent to Monri

Status: Sent 2026-06-24

8 Priority Questions:

1. Merchant-of-record model (platform vs per-venue) — CRITICAL
2. Platform fee auto-deduction support
3. Apple Pay / Google Pay availability for BiH
4. Refund, void, authorize+capture API operations
5. Webhook signatures, retry policy, idempotency
6. Test environment access timeline
7. Multi-venue reporting / reconciliation
8. PCI-DSS SAQ-A confirmation for Monri.js hosted checkout

Full Question Text: See monri-architecture-decision.md §5

---

6. Next Steps

Immediate (blocking)

• ✓ Fill test environment form (DONE — pending CEO confirmation)
• ⏳ Await Monri test credentials (sandbox merchant_id, auth_token, webhook_secret)
• ⏳ Confirm Model B with BiH payment lawyer (1-hour consult, ~500 EUR)

Build Phase (after test credentials)

• Implement per-venue payment config vault (encrypted Monri credentials)
• Monri Transaction API client (Kotlin/Ktor)
• Webhook handler with signature verification
• E2E test: guest checkout → Monri test charge → staff board update

Pre-Production

• Onboard 2-3 pilot restaurants through Monri merchant application
• Complete PCI-DSS SAQ-A (Securion)
• Privacy policy + Terms (Lexicon)
• BiH fiscal integration research (Phase 2)

---

7. Archived Files

File	Description	Size
Podaci_za_testno_okruženje.xls	Blank Monri test environment form (original)	35 KB
Podaci_za_testno_okruzenje_POPUNJENO.xlsx	Filled form (DRAFT)	5.8 KB
monri-architecture-decision.md	Full architecture analysis + recommendation	667 lines
image001.png	Monri logo (from email)	8.5 KB
image002.jpg	Monri branding (from email)	17 KB

---

8. Compliance Notes

Regulatory:

• Model B avoids BiH Payment Institution (PI) license requirement
• QODY = software service, not payment intermediary
• Legal confirmation still recommended (BiH lawyer)

Security:

• PCI-DSS scope: SAQ-A (Monri.js hosted checkout, no card data on QODY servers)
• Monri credentials: encrypted vault storage (libsodium or Azure Key Vault)
• Webhook: HMAC SHA512 signature verification mandatory

Data Privacy:

• BiH Data Protection Law + GDPR compliance
• Privacy policy required before production launch
• Cookie consent (if analytics)

Fiscal:

• BiH requires fiscal cash registers for retail/hospitality
• Phase 1 (MVP): QODY order = pre-payment; restaurant issues fiscal receipt from POS
• Phase 2: Integrate cloud fiscal service (e.g., eFiskalizacija.ba)

---

Archive URL: https://docs.alai.no/books/qody-architecture/page/monri-integration
Paperless Archive ID: [will be added after upload]

---

Document Owner: ALAI Holding AS → SnowIT BA (partner tenant)
Project: QODY.ba — Scan-Order-Pay Platform for BiH Hospitality