Connect the Fees Engine to Midaz

The Fees Engine runs as its own service, and it works by calculation: your application asks it to compute the fees for a transaction, and the plugin returns the result. Your application then submits the transaction — fees included — to Midaz. The Fees Engine reads from Midaz to do its job, but it never writes to the ledger; recording the transaction is your application’s step. For where this sits in the bigger picture, see Building a complete core banking.

What the Fees Engine uses Midaz for

The plugin reads from Midaz for two things — it doesn’t post anything back:

Resolving accounts — it looks up the accounts involved, by alias, through Midaz’s Onboarding API, so a fee targets real accounts.
Volume-based billing — it counts transactions per route through Midaz’s Transaction API, which feeds period and volume billing.

The fee itself is calculated and returned to the caller. Your application records it in the ledger when it submits the transaction — the Fees Engine doesn’t write to Midaz.

Connection configuration

The connection is set with environment variables when the plugin is deployed (in its ConfigMap) — not by your application. Your app only calls the Fees Engine’s own API.

Variable	Default / Required	Description
`MIDAZ_ONBOARDING_URL`	Required	Base URL of Midaz’s Onboarding API, used to resolve accounts by alias. In local setups: `http://midaz-ledger:3002/v1/`.
`MIDAZ_TRANSACTION_URL`	Required	Base URL of Midaz’s Transaction API, used to count transactions per route for volume-based billing. In local setups: `http://midaz-ledger:3002/v1/`.
`CLIENT_ID`	Used for auth	Client ID the plugin uses to authenticate to Midaz (machine-to-machine).
`CLIENT_SECRET`	Used for auth	Client secret paired with `CLIENT_ID`.
`PLUGIN_AUTH_ENABLED`	`false`	Enable authentication through Access Manager. Set to `true` in production.
`PLUGIN_AUTH_ADDRESS`	`http://plugin-auth:4000`	URL of the Access Manager (`plugin-auth`) service that issues the tokens.

Both MIDAZ_ONBOARDING_URL and MIDAZ_TRANSACTION_URL are required — the plugin won’t start without them. In local setups both point at the same Midaz host (midaz-ledger:3002); in production they point at your deployed Midaz APIs.

Authentication

The Fees Engine authenticates to Midaz through Access Manager. It exchanges its CLIENT_ID / CLIENT_SECRET for an application token and calls Midaz with that token — the same machine-to-machine pattern the other plugins use. In multi-tenant deployments, the per-tenant credentials come from AWS Secrets Manager rather than the static CLIENT_ID / CLIENT_SECRET; Access Manager then issues the token from those credentials, so each tenant’s calls reach the right ledger. Multi-tenant mode requires authentication to be enabled. → Access Manager

See it in Lerian

The full integration journey across the pieces: Building a complete core banking
What the Fees Engine does: What is Fees Engine?
Deploy the stack: Helm charts

​What the Fees Engine uses Midaz for

​Connection configuration

​Authentication

​See it in Lerian

What the Fees Engine uses Midaz for

Connection configuration

Authentication

See it in Lerian