iroh for payments

by okdistribute

When people think about next generation payment infrastructure, they usually think fancy iPads, flashy apps, Bluetooth, and paperless receipts. But the reality for most of the world is more humble. You're more likely to be presented with Windows 7, proprietary printers, and ethernet cables.

In this post we look at Paycode, a team deploying iroh in remote environments in Mexico. Their most recent project: connecting payment terminals and point of sale systems to bring tap-to-pay to highway toll booths.

DIRECT P2Pstart_txntxn_resultirohPCI flowno local server neededPoint of SalePayment TerminalPayment Backend

Why peer-to-peer payments?

Paying for things can be frustrating when the tech breaks. Slow or inoperable point of sale systems cause massive delays, lines, and lost revenue. Connectivity isn't always guaranteed — especially for mobile devices that move out of range, or when the cloud service goes down. Every second saved at the point of sale is a second where people can get on with their lives instead of staring at a loading spinner.

There are plenty of ways to solve connectivity issues: you can add a server to the local WiFi network, use a classic HTTP server, or run an MQTT broker. But these server-based approaches come with costs. More on-site hardware means more technicians to service that hardware. And the original problem never fully goes away, because the single point of failure just shifts from the cloud to the local server.

PUBLISHstart_txnSUBSCRIBEstart_txntxn_resulttxn_resultPCI flow⚠ single point of failurePoint of SaleMQTT Broker(local server)Payment TerminalPayment Backend

With peer-to-peer connectivity, no server is needed. The payment terminal syncs encrypted payloads directly with the point of sale device.

One of the most critical requirements for PCI-compliant payment systems is that raw payment data can never flow through anything other than the official compliant software. Peer-to-peer connections act as a blind command and control channel between devices: raw payment data stays on the payment terminal, and any resulting transaction data is encrypted into a secure payload before leaving the device. This separation ensures that even as connectivity improves, compliance and security boundaries remain intact.

Legacy hardware, modern protocols

Paycode chose iroh to implement peer-to-peer connectivity between devices in the field — payment terminals, point of sale systems, and highway toll software. Existing constraints on hardware and budget made server-based options impossible, so a peer-to-peer approach was the only way forward.

The environment is far from modern:

  • Touch-based Windows 7 machines
  • Dual-core Intel CPUs with up to 8GB of RAM
  • A mix of Ethernet (on terminals) and Wi-Fi (across the tollway system)

Despite these constraints, the team integrated iroh by bundling the Rust library inside a .NET 6 SDK.

"iroh was super easy to use… I started hacking and was able to integrate it into our Kotlin PoS app and have a published .NET NuGet package for our client to use in that month." - Carlos Diez, Head of mobile and front-end development at Paycode

How it works

Each QR code encodes an iroh ticket, which contains the endpoint information needed to connect to a remote node. A terminal scans the QR code, registers the remote node as a static provider, and establishes a connection through gossip-based discovery.

Point of SaleQR CodePayment TerminalDiscoverygossipencode(iroh_ticket)NodeID + Addrs + RelayURLscanadd_node_addrresolve(NodeID)endpointsconnected

From there, the terminal can receive commands and send information back through the gossip channel. One such command is the start transaction request: the terminal receives the data needed to charge the user, executes the transaction within the PCI-compliant flow, and sends the outcome back.

DIRECT P2Pstart_txntxn_resultirohPCI flowno local server neededPoint of SalePayment TerminalPayment Backend

Because the communication is direct between devices, transactions avoid unnecessary intermediaries. This reduces latency and makes the process reliable. And since all data is end-to-end encrypted, sensitive data stays protected throughout the entire transaction lifecycle.

What makes this interesting

This deployment highlights something we think is important: innovation doesn't always happen in greenfield environments. In many cases, the most impactful work happens when you can modernize legacy systems without replacing old hardware: reducing cloud costs and improving connectivity and reliability at the same time.

The Paycode team needed something that could run on constrained devices, handle unreliable networks, and meet strict compliance requirements. iroh fit because it's designed to work on any device and adapt to the network conditions it finds. If you're working on something similar, let's talk!

Iroh is a dial-any-device networking library that just works. Compose from an ecosystem of ready-made protocols to get the features you need, or go fully custom on a clean abstraction over dumb pipes. Iroh is open source, and already running in production on hundreds of thousands of devices.
To get started, take a look at our docs, dive directly into the code, or chat with us in our discord channel.