{"id":15968876,"url":"https://github.com/ashtishad/xpay","last_synced_at":"2026-04-09T10:38:00.914Z","repository":{"id":258196675,"uuid":"868614643","full_name":"ashtishad/xpay","owner":"ashtishad","description":"xPay is a digital wallet backend built with Go. It provides a secure foundation for digital financial transactions, including user-auth service, wallet service, card service and multiple payment gateway integrations.","archived":false,"fork":false,"pushed_at":"2025-03-01T17:22:41.000Z","size":222,"stargazers_count":4,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-22T04:31:42.518Z","etag":null,"topics":["aws","docker","domain-driven-design","go","golang","postgresql"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ashtishad.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-10-06T20:30:39.000Z","updated_at":"2025-03-01T17:22:45.000Z","dependencies_parsed_at":"2024-10-18T00:48:27.700Z","dependency_job_id":"243b04ec-a191-4bd1-927c-107aaa19d413","html_url":"https://github.com/ashtishad/xpay","commit_stats":null,"previous_names":["ashtishad/xpay"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ashtishad%2Fxpay","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ashtishad%2Fxpay/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ashtishad%2Fxpay/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ashtishad%2Fxpay/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ashtishad","download_url":"https://codeload.github.com/ashtishad/xpay/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245702590,"owners_count":20658642,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","docker","domain-driven-design","go","golang","postgresql"],"created_at":"2024-10-07T19:04:21.874Z","updated_at":"2026-04-09T10:37:55.864Z","avatar_url":"https://github.com/ashtishad.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"## xPay: Digital Wallet\n\u003ca name=\"top\"\u003e\u003c/a\u003e\n\n## Table of Contents\n- [Quick Start](#quick-start)\n- [Tech Stack](#tech-stack)\n- [Progress](#progress)\n- [Architecture and Request Flow](#architecture-and-request-flow)\n- [Directory Structure](#directory-structure)\n- [API Documentation](#api-documentation)\n\n## Quick Start\n\nThis project supports two environments: Production and Development. Docker Desktop is required to run the application.\n\nClone the repository:\n```bash\ngit clone git@github.com:ashtishad/xpay.git \u0026\u0026 cd xpay\n```\n\n### Production\nFor users who want to run the project and interact with the API (no code changes):\n```bash\nmake setup-prod-env # Set up the environment\nmake up # Run the application\n\n### More Commands\nmake down # Stop the application\nmake down-data # Stop and remove postgres data\n```\n\n### Development\nFor developers who intend to modify the code and contribute to the project:\n```bash\nmake setup-dev-env # Set up the environment\nmake up # Required for starting the postgres docker service\nmake watch # Run with live reload\n\n### More Commands\nmake run # Run normally\nmake down # Stop the application\nmake down-data # Stop and remove postgres data\nmake test # Run tests\nmake lint # Run linter\nmake swagger # Generate Swagger docs\nmake migrate-create name=your_migration_name # Create a new migration\n```\n\n\u003e **Note:** `setup-prod-env` and `setup-dev-env` copy appropriate configurations and set up necessary tools for each environment.\n\n\u003e **For all available commands, see the `Makefile` in the project root.**\n\n\u003e **For detailed guide on various aspects of the project, refer to the [wiki](https://github.com/ashtishad/xpay/wiki)**\n\n\n## Tech Stack\n\n\u003cp align=\"left\"\u003e\n \u003ca href=\"https://www.linkedin.com/in/ashef/\"\u003e\n \u003cimg src=\"https://skillicons.dev/icons?i=go,docker,kubernetes,postgresql,aws,kafka\u0026theme=light\" alt=\"Skills\" /\u003e\n \u003c/a\u003e\n\u003c/p\u003e\n\n**Core Libraries:** [Gin](https://github.com/gin-gonic/gin), [pgx](https://github.com/jackc/pgx), [golang-migrate](https://github.com/golang-migrate/migrate), [golang-jwt](https://github.com/golang-jwt/jwt/), [viper](https://github.com/spf13/viper), [swaggo/swag](https://github.com/swaggo/swag), [golangci-lint](https://golangci-lint.run/), and [testify](https://github.com/stretchr/testify).\n\n## Progress\n\nβœ… Implemented | πŸ”„ In Progress/Planned\n\n| Area | Features and Best Practices | Status |\n|------|------------------------------|--------|\n| API Design \u0026 Architecture | β€’ Domain Driven Design, Clean Architecure \u003cbr\u003eβ€’ RESTful API\u003cbr\u003eβ€’ Event streaming with Apache Kafka\u003cbr\u003eβ€’ OpenAPI 2.0 specifications | βœ…\u003cbr\u003eβœ…\u003cbr\u003eπŸ”„\u003cbr\u003eβœ… |\n| Security | β€’ JWT-ES256 with ECDSA asymmetric key pairs\u003cbr\u003eβ€’ AES-256-GCM for card data encryption\u003cbr\u003eβ€’ SQL injection prevention with parameterized sql queries\u003cbr\u003eβ€’ Role based access control (RBAC) \u003cbr\u003eβ€’ DTO for controlled data to the client\u003cbr\u003eβ€’ User input and query param validation\u003cbr\u003eβ€’ IP-Based Rate limiting with Token Bucket algorithm | βœ…\u003cbr\u003eβœ…\u003cbr\u003eβœ…\u003cbr\u003eβœ…\u003cbr\u003eβœ…\u003cbr\u003eβœ…\u003cbr\u003eβœ… |\n| Database | β€’ ACID transactions with appropriate isolation levels\u003cbr\u003eβ€’ Raw SQL for performance\u003cbr\u003eβ€’ Connection pooling with pgx, exposing standard *sql.DB\u003cbr\u003eβ€’ Optimized indexing and unique constraints\u003cbr\u003eβ€’ Version-controlled schema changes with migrations | βœ…\u003cbr\u003eβœ…\u003cbr\u003eβœ…\u003cbr\u003eβœ…\u003cbr\u003eβœ… |\n| Core Operations \u0026 Observability | β€’ Custom AppError interface for error handling\u003cbr\u003eβ€’ Centralized configuration management with Viper\u003cbr\u003eβ€’ Structured logging with slog\u003cbr\u003eβ€’ Context with timeout for each request \u003cbr\u003eβ€’ Comprehensive test coverage\u003cbr\u003eβ€’ Code quality with golangci-lint | βœ…\u003cbr\u003eβœ…\u003cbr\u003eβœ…\u003cbr\u003eβœ…\u003cbr\u003eβœ…\u003cbr\u003eβœ… |\n| Payment Gateways | β€’ Idempotent payment processing\u003cbr\u003eβ€’ Stripe integration\u003cbr\u003eβ€’ PayPal integration\u003cbr\u003eβ€’ Webhook handling for asynchronous events | πŸ”„\u003cbr\u003eπŸ”„\u003cbr\u003eπŸ”„\u003cbr\u003eπŸ”„ |\n| Deployment \u0026 Monitoring | β€’ Multi-stage Docker builds for minimal image size \u003cbr\u003eβ€’ GitHub Actions CI pipeline\u003cbr\u003eβ€’ AWS RDS with PostgreSQL\u003cbr\u003eβ€’ ECS Fargate for serverless container deployment\u003cbr\u003eβ€’ Prometheus metrics and Grafana dashboards | βœ…\u003cbr\u003eβœ…\u003cbr\u003eπŸ”„\u003cbr\u003eπŸ”„\u003cbr\u003eπŸ”„ |\n\n\u003ca href=\"#top\"\u003eBack to Top\u003c/a\u003e\n\n## Architecture and Request Flow:\n\nThe project follows domain-driven design, loosely coupled clean architecture, suited for large codebase.\n\n```\n\nβ”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β” JSON β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” Domain β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”\nβ”‚ Client β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β–Ίβ”‚ Handlers β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β–Ίβ”‚ Repositoriesβ”‚\nβ””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ (DTO) β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ Models β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜\n β”‚ β”‚\n β”‚ β”‚\n β”‚ Domain β”‚\n β”‚ Models β”‚\n β”‚ β”‚\nβ”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β” JSON β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” Domain β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”\nβ”‚ Client ◄──────────── Handlers ◄────────────Repositories β”‚\nβ””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ (DTO) β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ Models β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜\n\n```\nExample: Create a wallet\n\nwallet.go (model) -\u003e wallet_repository.go -\u003e wallet_handlers.go (using DTOs)\n\n1. Domain Models: `internal/domain/*.go`\n2. Repositories: `internal/domain/*_repository.go`\n3. HTTP Handlers: `internal/server/handlers/*.go`\n4. DTOs: `internal/server/dto/*.go`\n5. Routes: `internal/server/routes/*.go`\n\n\u003ca href=\"#top\"\u003eBack to Top\u003c/a\u003e\n\n## Directory Structure\n\ncommand: `tree -a -I '.git|.DS_Store|.gitignore|.idea|.vscode|docs'`\n\n```bash\nβ”œβ”€β”€ .github\nβ”‚ └── workflows\nβ”‚ └── test.yaml # CI/CD pipeline for running tests\nβ”œβ”€β”€ internal\nβ”‚ β”œβ”€β”€ domain\nβ”‚ β”‚ β”œβ”€β”€ card.go # Card domain model\nβ”‚ β”‚ β”œβ”€β”€ card_repository.go # Card repository interface, database interactions\nβ”‚ β”‚ β”œβ”€β”€ helpers.go # Domain-specific helper functions\nβ”‚ β”‚ β”œβ”€β”€ user.go # User domain model\nβ”‚ β”‚ β”œβ”€β”€ user_repository.go # User repository interface, database interactions\nβ”‚ β”‚ β”œβ”€β”€ wallet.go # Wallet domain model\nβ”‚ β”‚ └── wallet_repository.go # Wallet repository interface, database interactions\nβ”‚ β”œβ”€β”€ secure\nβ”‚ β”‚ β”œβ”€β”€ card_aes.go # Card AES-256 with GCM mode, Validate, Encrypt and Decrypt\nβ”‚ β”‚ β”œβ”€β”€ jwt.go # JWT token handling, generate and validate tokens\nβ”‚ β”‚ β”œβ”€β”€ password.go # Password hashing and verification with bcrypt\nβ”‚ β”‚ └── password_test.go # Password utility tests\nβ”‚ β”‚ β”œβ”€β”€ rbac\nβ”‚ β”‚ β”‚ β”œβ”€β”€ policy.json # RBAC policies for the API\nβ”‚ β”‚ β”‚ β”œβ”€β”€ policy.go # Loading policy from policy.json\nβ”‚ β”‚ β”‚ β”œβ”€β”€ rbac.go # Core logic of RBAC\nβ”‚ β”‚ β”‚ └── rbac_test.go # Unit tests\nβ”‚ β”œβ”€β”€ server\nβ”‚ β”‚ β”œβ”€β”€ handlers\nβ”‚ β”‚ β”‚ β”œβ”€β”€ auth.go # Login, Register handlers\nβ”‚ β”‚ β”‚ β”œβ”€β”€ card.go # Card http handlers\nβ”‚ β”‚ β”‚ β”œβ”€β”€ helpers.go # Handlers helper functions\nβ”‚ β”‚ β”‚ β”œβ”€β”€ user.go # User HTTP handlers\nβ”‚ β”‚ β”‚ └── wallet.go # Wallet HTTP handlers\nβ”‚ β”‚ β”œβ”€β”€ middlewares\nβ”‚ β”‚ β”‚ β”œβ”€β”€ auth.go # Auth middleware (Validate token, Set Authorized user in req context)\nβ”‚ β”‚ β”‚ β”œβ”€β”€ cors.go # CORS middleware\nβ”‚ β”‚ β”‚ β”œβ”€β”€ gin_logger.go # Custom Logging middleware for gin\nβ”‚ β”‚ β”‚ β”œβ”€β”€ middlewares.go # Core Middleware setup\nβ”‚ β”‚ β”‚ β”œβ”€β”€ rate_limiter.go # IP-Based rate limiter with token bucket algorithm\nβ”‚ β”‚ β”‚ └── request_id.go # Request ID middleware, sets X-Request-ID header\nβ”‚ β”‚ β”œβ”€β”€ routes\nβ”‚ β”‚ β”‚ β”œβ”€β”€ auth.go # Authentication routes\nβ”‚ β”‚ β”‚ β”œβ”€β”€ card.go # Card routes\nβ”‚ β”‚ β”‚ β”œβ”€β”€ routes.go # Core routes setup\nβ”‚ β”‚ β”‚ β”œβ”€β”€ user.go # User routes\nβ”‚ β”‚ β”‚ └── wallet.go # Wallet routes\nβ”‚ β”‚ β”œβ”€β”€ dto\nβ”‚ β”‚ β”‚ β”œβ”€β”€ auth.go # Authentication-related DTOs/REST API Request Response Structurers\nβ”‚ β”‚ β”‚ β”œβ”€β”€ card.go # Card dto\nβ”‚ β”‚ β”‚ β”œβ”€β”€ shared.go # Shared dto\nβ”‚ β”‚ β”‚ β”œβ”€β”€ user.go # User dto\nβ”‚ β”‚ β”‚ └── wallet.go # Wallet routes\nβ”‚ β”‚ └── server.go # HTTP server setup with gin\nβ”‚ β”œβ”€β”€ infra\nβ”‚ β”‚ β”œβ”€β”€ postgres\nβ”‚ β”‚ β”‚ β”œβ”€β”€ postgres_connection.go # Postgres connection setup with pgx, returns *sql.DB\nβ”‚ β”‚ β”‚ └── postgres_migrations.go # Database migration handling with golang-migrate/v4\nβ”‚ β”‚ β”œβ”€β”€ kafka\nβ”‚ β”‚ β”‚ └── sample.md # Placeholder for Kafka integration\nβ”‚ β”œβ”€β”€ common\nβ”‚ β”‚ β”œβ”€β”€ app_errs.go # Custom error types\nβ”‚ β”‚ β”œβ”€β”€ config.go # Configuration management\nβ”‚ β”‚ β”œβ”€β”€ constants.go # Global constants\nβ”‚ β”‚ β”œβ”€β”€ context_keys.go # Context key definitions\nβ”‚ β”‚ β”œβ”€β”€ custom_err_messages.go # Error message definitions\nβ”‚ β”‚ β”œβ”€β”€ slog_config.go # Structured logging configuration\nβ”‚ β”‚ └── timeouts.go # Context timeout constants\nβ”œβ”€β”€ migrations\nβ”‚ β”œβ”€β”€ 000001_create_users_table.down.sql # User table rollback\nβ”‚ β”œβ”€β”€ 000001_create_users_table.up.sql # User table creation\nβ”‚ β”œβ”€β”€ 000002_create_wallets_table.down.sql # Wallet table rollback\nβ”‚ └── 000002_create_wallets_table.up.sql # Wallet table creation\nβ”‚ β”œβ”€β”€ 000003_create_cards_table.down.sql # Cards table rollback\nβ”‚ └── 000003_create_cards_table.up.sql # Cards table creation\nβ”œβ”€β”€ scripts/\nβ”‚ β”œβ”€β”€ pre-push # Git pre-push hook (runs tests and lint before every push)\nβ”‚ β”œβ”€β”€ setup-dev-env.sh # Script to set up development environment\nβ”‚ └── setup-prod-env.sh # Script to set up production environment\nβ”œβ”€β”€ env-configs/\nβ”‚ β”œβ”€β”€ dev.Makefile # Makefile for development environment\nβ”‚ β”œβ”€β”€ prod.Makefile # Makefile for production environment\nβ”‚ β”œβ”€β”€ compose.dev.yaml # Docker Compose file for development\nβ”‚ β”œβ”€β”€ compose.prod.yaml # Docker Compose file for production\nβ”‚ └── config.example.yaml # Example configuration file\nβ”œβ”€β”€ config.yaml # Application configuration\nβ”œβ”€β”€ main.go # Application entry point\nβ”œβ”€β”€ Makefile # Development commands and shortcuts\nβ”œβ”€β”€ Dockerfile # Docker file with multi stage builds\nβ”œβ”€β”€ .dockerignore # Directories to ignore in the Docker builds\nβ”œβ”€β”€ README.md # Project documentation\nβ”œβ”€β”€ compose.yaml # Docker Compose configuration\nβ”œβ”€β”€ go.mod # Go module definition\nβ”œβ”€β”€ go.sum # Go module checksums\n└── .air.toml # Live reload configuration with air\n```\n\n\u003ca href=\"#top\"\u003eBack to Top\u003c/a\u003e\n\n## API Documentation\n\n### Authentication Endpoints\n\n#### Register User\n- **URL**: `/api/v1/register`\n- **Method**: `POST`\n- **Description**: Registers a new user with hashed password, generates JWT tokens, sets an HTTP-only cookie and X-Request-Id header.\n- **Access**: Public\n- **Request Body**:\n ```json\n {\n \"fullName\": \"John Doe\",\n \"email\": \"someone@example.com\",\n \"password\": \"samplepass\"\n }\n ```\n- **Success Response**: `201 Created`\n- **Error Responses**: `400 Bad Request`, `409 Conflict`, `500 Internal Server Error`\n\n#### Login\n- **URL**: `/api/v1/login`\n- **Method**: `POST`\n- **Description**: Authenticate a user, verifies password, generates JWT token, sets an HTTP-only cookie and X-Request-Id header.\n- **Access**: Public\n- **Request Body**:\n ```json\n {\n \"email\": \"someone@example.com\",\n \"password\": \"samplepass\"\n }\n ```\n- **Success Response**: `200 OK`\n- **Error Responses**: `400 Bad Request`, `401 Unauthorized`, `404 Not Found`, `500 Internal Server Error`\n\n### User Management Endpoints\n\n#### Create User with Specific Role\n- **URL**: `/api/v1/users`\n- **Method**: `POST`\n- **Description**: Creates a new user with a specific role.\n- **Access**: Admin (can create any role), Agent (can create user or merchant roles)\n- **Authentication**: Required (Bearer Token)\n- **Request Body**:\n ```json\n {\n \"fullName\": \"Keanu Reeves\",\n \"email\": \"keanu@example.com\",\n \"password\": \"keanupass\",\n \"role\": \"admin\"\n }\n ```\n- **Success Response**: `201 Created`\n- **Error Responses**: `400 Bad Request`, `401 Unauthorized`, `403 Forbidden`, `409 Conflict`, `500 Internal Server Error`\n\n### Wallet Endpoints\n\n#### Create a New Wallet\n- **URL**: `/api/v1/users/{user_uuid}/wallets`\n- **Method**: `POST`\n- **Access**: Admin, Merchant, User\n- **Authentication**: Required (Bearer Token)\n- **Request Body**:\n ```json\n {\n \"currency\": \"USD\"\n }\n ```\n- **Success Response**: `201 Created`\n- **Error Responses**: `400 Bad Request`, `401 Unauthorized`, `403 Forbidden`, `409 Conflict`, `500 Internal Server Error`\n\n#### Get Wallet Balance\n- **URL**: `/api/v1/users/{user_uuid}/wallets/{wallet_uuid}/balance`\n- **Method**: `GET`\n- **Access**: Admin, Agent, Merchant, User (own wallet only)\n- **Authentication**: Required (Bearer Token)\n- **Success Response**: `200 OK`\n- **Error Responses**: `401 Unauthorized`, `403 Forbidden`, `404 Not Found`, `500 Internal Server Error`\n\n#### Update Wallet Status\n- **URL**: `/api/v1/users/{user_uuid}/wallets/{wallet_uuid}/status`\n- **Method**: `PATCH`\n- **Access**: Admin, Agent, Merchant, User (own wallet only)\n- **Authentication**: Required (Bearer Token)\n- **Request Body**:\n ```json\n {\n \"status\": \"inactive\"\n }\n ```\n- **Success Response**: `200 OK`\n- **Error Responses**: `400 Bad Request`, `401 Unauthorized`, `403 Forbidden`, `404 Not Found`, `500 Internal Server Error`\n\n### Card Endpoints\n\n#### Add a New Card to Wallet\n- **URL**: `/api/v1/users/{user_uuid}/wallets/{wallet_uuid}/cards`\n- **Method**: `POST`\n- **Access**: Admin, Merchant, User (own wallet only)\n- **Authentication**: Required (Bearer Token)\n- **Request Body**:\n ```json\n {\n \"cardNumber\": \"4111111111111111\",\n \"provider\": \"visa\",\n \"type\": \"credit\",\n \"expiryDate\": \"12/25\",\n \"cvv\": \"123\"\n }\n ```\n- **Success Response**: `201 Created`\n- **Error Responses**: `400 Bad Request`, `401 Unauthorized`, `403 Forbidden`, `404 Not Found`, `409 Conflict`, `500 Internal Server Error`\n\n#### Get Card Details\n- **URL**: `/api/v1/users/{user_uuid}/wallets/{wallet_uuid}/cards/{card_uuid}`\n- **Method**: `GET`\n- **Access**: Admin, Agent (read-only), Merchant, User (own cards only)\n- **Authentication**: Required (Bearer Token)\n- **Success Response**: `200 OK`\n- **Error Responses**: `401 Unauthorized`, `403 Forbidden`, `404 Not Found`, `500 Internal Server Error`\n\n#### Update Card Details\n- **URL**: `/api/v1/users/{user_uuid}/wallets/{wallet_uuid}/cards/{card_uuid}`\n- **Method**: `PATCH`\n- **Access**: Admin, Merchant, User (own cards only)\n- **Authentication**: Required (Bearer Token)\n- **Request Body**:\n ```json\n {\n \"expiryDate\": \"12/26\",\n \"status\": \"inactive\"\n }\n ```\n- **Success Response**: `200 OK`\n- **Error Responses**: `400 Bad Request`, `401 Unauthorized`, `403 Forbidden`, `404 Not Found`, `500 Internal Server Error`\n\n#### Delete Card\n- **URL**: `/api/v1/users/{user_uuid}/wallets/{wallet_uuid}/cards/{card_uuid}`\n- **Method**: `DELETE`\n- **Access**: Admin, Merchant, User (own cards only)\n- **Authentication**: Required (Bearer Token)\n- **Success Response**: `200 OK`\n- **Error Responses**: `401 Unauthorized`, `403 Forbidden`, `404 Not Found`, `500 Internal Server Error`\n\n#### List Cards\n- **URL**: `/api/v1/users/{user_uuid}/wallets/{wallet_uuid}/cards`\n- **Method**: `GET`\n- **Access**: Admin, Agent (read-only), Merchant, User (own wallet only)\n- **Authentication**: Required (Bearer Token)\n- **Query Parameters**:\n - `provider` (optional): Filter by card provider\n - `status` (optional): Filter by card status\n- **Success Response**: `200 OK`\n- **Error Responses**: `401 Unauthorized`, `403 Forbidden`, `500 Internal Server Error`\n\n[Back to Top](#top)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fashtishad%2Fxpay","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fashtishad%2Fxpay","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fashtishad%2Fxpay/lists"}