stellar · JiahuiWho · Dec 9, 2025 · Nov 17, 2025 · Dec 4, 2025 · Dec 8, 2025
diff --git a/internal/data/embedded_wallet.go b/internal/data/embedded_wallet.go
@@ -127,6 +127,65 @@ func (ew *EmbeddedWalletModel) GetByCredentialID(ctx context.Context, sqlExec db
 	return &wallet, nil
 }
 
+// GetPendingDisbursementAsset returns the asset associated with the pending disbursement for the
+// embedded wallet identified by the provided contract address. Pending disbursements are
+// determined by payments in progress (ready, pending or paused) for disbursement payments.
+func (ew *EmbeddedWalletModel) GetPendingDisbursementAsset(ctx context.Context, sqlExec db.SQLExecuter, contractAddress string) (*Asset, error) {
+	if strings.TrimSpace(contractAddress) == "" {
+		return nil, ErrMissingInput
+	}
+
+	query := fmt.Sprintf(`
+		SELECT
+			%s
+		FROM embedded_wallets ew
+		JOIN receiver_wallets rw ON rw.id = ew.receiver_wallet_id
+		JOIN payments p ON p.receiver_wallet_id = rw.id
+		JOIN disbursements d ON d.id = p.disbursement_id
+		JOIN assets a ON a.id = d.asset_id
+		WHERE ew.contract_address = $1
+			AND p.type = $2
+			AND p.status = ANY($3)
+		ORDER BY p.updated_at DESC
+		LIMIT 1
+	`, AssetColumnNames("a", "", false))
+
+	var asset Asset
+	if err := sqlExec.GetContext(ctx, &asset, query, contractAddress, PaymentTypeDisbursement, pq.Array(PaymentInProgressStatuses())); err != nil {
+		if errors.Is(err, sql.ErrNoRows) {
+			return nil, ErrRecordNotFound
+		}
+		return nil, fmt.Errorf("querying pending disbursement asset for contract %s: %w", contractAddress, err)
+	}
+
+	return &asset, nil
+}
+
+// GetReceiverWallet fetches the receiver wallet linked to the embedded wallet contract address.
+func (ew *EmbeddedWalletModel) GetReceiverWallet(ctx context.Context, sqlExec db.SQLExecuter, contractAddress string) (*ReceiverWallet, error) {
+	if strings.TrimSpace(contractAddress) == "" {
+		return nil, ErrMissingInput
+	}
+
+	query := fmt.Sprintf(`
+		SELECT %s
+		FROM receiver_wallets rw
+		JOIN embedded_wallets ew ON ew.receiver_wallet_id = rw.id
+		WHERE ew.contract_address = $1
+		LIMIT 1
+	`, ReceiverWalletColumnNames("rw", ""))
+
+	var wallet ReceiverWallet
+	if err := sqlExec.GetContext(ctx, &wallet, query, contractAddress); err != nil {
+		if errors.Is(err, sql.ErrNoRows) {
+			return nil, ErrRecordNotFound
+		}
+		return nil, fmt.Errorf("querying receiver wallet by contract address: %w", err)
+	}
+
+	return &wallet, nil
+}
+
 type EmbeddedWalletInsert struct {
 	Token                string               `db:"token"`
 	WasmHash             string               `db:"wasm_hash"`

diff --git a/internal/data/embedded_wallet_test.go b/internal/data/embedded_wallet_test.go
@@ -400,3 +400,93 @@ func Test_EmbeddedWalletModel_GetPendingForSubmission(t *testing.T) {
 	assert.Contains(t, ids, pending1.Token)
 	assert.Contains(t, ids, pending2.Token)
 }
+
+func Test_EmbeddedWalletModel_GetReceiverWallet(t *testing.T) {
+	dbt := dbtest.Open(t)
+	defer dbt.Close()
+
+	dbConnectionPool, err := db.OpenDBConnectionPool(dbt.DSN)
+	require.NoError(t, err)
+	defer dbConnectionPool.Close()
+
+	ctx := context.Background()
+	embeddedWalletModel := EmbeddedWalletModel{dbConnectionPool: dbConnectionPool}
+
+	DeleteAllEmbeddedWalletsFixtures(t, ctx, dbConnectionPool)
+	defer DeleteAllEmbeddedWalletsFixtures(t, ctx, dbConnectionPool)
+
+	wallet := CreateWalletFixture(t, ctx, dbConnectionPool, "token", "https://example.com", "wallet.example.com", "embedded://")
+	receiver := CreateReceiverFixture(t, ctx, dbConnectionPool, &Receiver{})
+	receiverWallet := CreateReceiverWalletFixture(t, ctx, dbConnectionPool, receiver.ID, wallet.ID, ReadyReceiversWalletStatus)
+	contractAddress := "CBGTG3VGUMVDZE6O4CRZ2LBCFP7O5XY2VQQQU7AVXLVDQHZLVQFRMHKX"
+	embedded := CreateEmbeddedWalletFixture(t, ctx, dbConnectionPool, "token-2", "hash", contractAddress, "cred-id", "pub", PendingWalletStatus)
+	update := EmbeddedWalletUpdate{ReceiverWalletID: receiverWallet.ID}
+	require.NoError(t, embeddedWalletModel.Update(ctx, dbConnectionPool, embedded.Token, update))
+
+	t.Run("success", func(t *testing.T) {
+		wallet, err := embeddedWalletModel.GetReceiverWallet(ctx, dbConnectionPool, contractAddress)
+		require.NoError(t, err)
+		require.NotNil(t, wallet)
+		assert.Equal(t, receiverWallet.ID, wallet.ID)
+	})
+
+	t.Run("not found", func(t *testing.T) {
+		wallet, err := embeddedWalletModel.GetReceiverWallet(ctx, dbConnectionPool, "CDZMG22Z66UUW3Q7X7XZV3CNPAQWT7DAVBBFZTCTRAESJ5AZAVOMHFXC")
+		require.Error(t, err)
+		assert.ErrorIs(t, err, ErrRecordNotFound)
+		assert.Nil(t, wallet)
+	})
+}
+
+func Test_EmbeddedWalletModel_GetPendingDisbursementAsset(t *testing.T) {
+	dbt := dbtest.Open(t)
+	defer dbt.Close()
+
+	dbConnectionPool, err := db.OpenDBConnectionPool(dbt.DSN)
+	require.NoError(t, err)
+	defer dbConnectionPool.Close()
+
+	ctx := context.Background()
+	embeddedWalletModel := EmbeddedWalletModel{dbConnectionPool: dbConnectionPool}
+
+	DeleteAllEmbeddedWalletsFixtures(t, ctx, dbConnectionPool)
+	defer DeleteAllEmbeddedWalletsFixtures(t, ctx, dbConnectionPool)
+
+	wallet := CreateWalletFixture(t, ctx, dbConnectionPool, "fixture-wallet", "https://example.com", "wallet.example.com", "embedded://")
+	receiver := CreateReceiverFixture(t, ctx, dbConnectionPool, &Receiver{})
+	receiverWallet := CreateReceiverWalletFixture(t, ctx, dbConnectionPool, receiver.ID, wallet.ID, ReadyReceiversWalletStatus)
+	asset := CreateAssetFixture(t, ctx, dbConnectionPool, "USDC", "GA5ZSEJYB37JRC5AVCIA5MOP4RHTM335X2KGX3IHOJAPP5RE34K4KZVV")
+	contractAddress := "CBGTG3VGUMVDZE6O4CRZ2LBCFP7O5XY2VQQQU7AVXLVDQHZLVQFRMHKX"
+	embedded := CreateEmbeddedWalletFixture(t, ctx, dbConnectionPool, "token-asset", "hash", contractAddress, "cred", "pub", PendingWalletStatus)
+	require.NoError(t, embeddedWalletModel.Update(ctx, dbConnectionPool, embedded.Token, EmbeddedWalletUpdate{ReceiverWalletID: receiverWallet.ID}))
+
+	disbursementModel := &DisbursementModel{dbConnectionPool: dbConnectionPool}
+	disbursement := CreateDisbursementFixture(t, ctx, dbConnectionPool, disbursementModel, &Disbursement{
+		Wallet: wallet,
+		Asset:  asset,
+		Status: StartedDisbursementStatus,
+	})
+
+	paymentModel := &PaymentModel{dbConnectionPool: dbConnectionPool}
+	CreatePaymentFixture(t, ctx, dbConnectionPool, paymentModel, &Payment{
+		ReceiverWallet: receiverWallet,
+		Disbursement:   disbursement,
+		Asset:          *asset,
+		Status:         PendingPaymentStatus,
+		Amount:         "15",
+	})
+
+	t.Run("success", func(t *testing.T) {
+		result, err := embeddedWalletModel.GetPendingDisbursementAsset(ctx, dbConnectionPool, contractAddress)
+		require.NoError(t, err)
+		require.NotNil(t, result)
+		assert.Equal(t, asset.ID, result.ID)
+	})
+
+	t.Run("not found", func(t *testing.T) {
+		result, err := embeddedWalletModel.GetPendingDisbursementAsset(ctx, dbConnectionPool, "CDZMG22Z66UUW3Q7X7XZV3CNPAQWT7DAVBBFZTCTRAESJ5AZAVOMHFXC")
+		require.Error(t, err)
+		assert.ErrorIs(t, err, ErrRecordNotFound)
+		assert.Nil(t, result)
+	})
+}
diff --git a/internal/serve/httphandler/embedded_wallet_profile_handler.go b/internal/serve/httphandler/embedded_wallet_profile_handler.go
@@ -0,0 +1,51 @@
+package httphandler
+
+import (
+	"errors"
+	"net/http"
+
+	"github.com/stellar/go-stellar-sdk/support/render/httpjson"
+
+	"github.com/stellar/stellar-disbursement-platform-backend/internal/data"
+	"github.com/stellar/stellar-disbursement-platform-backend/internal/sdpcontext"
+	"github.com/stellar/stellar-disbursement-platform-backend/internal/serve/httperror"
+	"github.com/stellar/stellar-disbursement-platform-backend/internal/services"
+)
+
+type EmbeddedWalletProfileHandler struct {
+	EmbeddedWalletService services.EmbeddedWalletServiceInterface
+}
+
+type EmbeddedWalletProfileResponse struct {
+	IsVerificationPending bool        `json:"is_verification_pending"`
+	PendingAsset          *data.Asset `json:"pending_asset,omitempty"`
+}
+
+func (h EmbeddedWalletProfileHandler) GetProfile(rw http.ResponseWriter, req *http.Request) {
+	ctx := req.Context()
+
+	contractAddress, err := sdpcontext.GetWalletContractAddressFromContext(ctx)
+	if err != nil {
+		httperror.Unauthorized("", err, nil).Render(rw)
+		return
+	}
+
+	isPending, err := h.EmbeddedWalletService.IsVerificationPending(ctx, contractAddress)
+	if err != nil {
+		if errors.Is(err, services.ErrInvalidContractAddress) {
+			httperror.Unauthorized("", err, nil).Render(rw)
+		} else {
+			httperror.InternalError(ctx, "Failed to evaluate verification requirement", err, nil).Render(rw)
+		}
+		return
+	}
+
+	asset, err := h.EmbeddedWalletService.GetPendingDisbursementAsset(ctx, contractAddress)
+	if err != nil {
+		httperror.InternalError(ctx, "Failed to retrieve pending disbursement asset", err, nil).Render(rw)
+		return
+	}
+
+	resp := EmbeddedWalletProfileResponse{IsVerificationPending: isPending, PendingAsset: asset}
+	httpjson.Render(rw, resp, httpjson.JSON)
+}
diff --git a/internal/serve/httphandler/embedded_wallet_profile_handler_test.go b/internal/serve/httphandler/embedded_wallet_profile_handler_test.go
@@ -0,0 +1,90 @@
+package httphandler
+
+import (
+	"encoding/json"
+	"errors"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/mock"
+	"github.com/stretchr/testify/require"
+
+	"github.com/stellar/stellar-disbursement-platform-backend/internal/data"
+	"github.com/stellar/stellar-disbursement-platform-backend/internal/sdpcontext"
+	"github.com/stellar/stellar-disbursement-platform-backend/internal/services"
+	"github.com/stellar/stellar-disbursement-platform-backend/internal/services/mocks"
+)
+
+func TestEmbeddedWalletProfileHandler_GetProfile(t *testing.T) {
+	contractAddress := "CCYU2FUIMK23K34U3SWCN2O2JVI6JBGUGQUILYK7GRPCIDABVVTCS7R4"
+
+	t.Run("success", func(t *testing.T) {
+		t.Parallel()
+
+		mockSvc := mocks.NewMockEmbeddedWalletService(t)
+		handler := EmbeddedWalletProfileHandler{EmbeddedWalletService: mockSvc}
+
+		asset := &data.Asset{Code: "USDC"}
+
+		mockSvc.On("IsVerificationPending", mock.Anything, contractAddress).
+			Return(true, nil).Once()
+		mockSvc.On("GetPendingDisbursementAsset", mock.Anything, contractAddress).
+			Return(asset, nil).Once()
+
+		req := httptest.NewRequest(http.MethodGet, "/embedded-wallets/profile", nil)
+		ctx := sdpcontext.SetWalletContractAddressInContext(req.Context(), contractAddress)
+		req = req.WithContext(ctx)
+		resp := httptest.NewRecorder()
+
+		handler.GetProfile(resp, req)
+
+		require.Equal(t, http.StatusOK, resp.Code)
+
+		var body EmbeddedWalletProfileResponse
+		require.NoError(t, json.Unmarshal(resp.Body.Bytes(), &body))
+		assert.True(t, body.IsVerificationPending)
+		assert.Equal(t, asset, body.PendingAsset)
+	})
+
+	t.Run("unauthorized when wallet missing", func(t *testing.T) {
+		t.Parallel()
+
+		mockSvc := mocks.NewMockEmbeddedWalletService(t)
+		handler := EmbeddedWalletProfileHandler{EmbeddedWalletService: mockSvc}
+
+		mockSvc.On("IsVerificationPending", mock.Anything, contractAddress).
+			Return(false, services.ErrInvalidContractAddress).Once()
+
+		req := httptest.NewRequest(http.MethodGet, "/embedded-wallets/profile", nil)
+		ctx := sdpcontext.SetWalletContractAddressInContext(req.Context(), contractAddress)
+		req = req.WithContext(ctx)
+		resp := httptest.NewRecorder()
+
+		handler.GetProfile(resp, req)
+
+		assert.Equal(t, http.StatusUnauthorized, resp.Code)
+	})
+
+	t.Run("internal error when verification fails", func(t *testing.T) {
+		t.Parallel()
+
+		mockSvc := mocks.NewMockEmbeddedWalletService(t)
+		handler := EmbeddedWalletProfileHandler{EmbeddedWalletService: mockSvc}
+
+		wrappedErr := errors.New("boom")
+
+		mockSvc.On("IsVerificationPending", mock.Anything, contractAddress).
+			Return(false, wrappedErr).Once()
+
+		req := httptest.NewRequest(http.MethodGet, "/embedded-wallets/profile", nil)
+		ctx := sdpcontext.SetWalletContractAddressInContext(req.Context(), contractAddress)
+		req = req.WithContext(ctx)
+		resp := httptest.NewRecorder()
+
+		handler.GetProfile(resp, req)
+
+		assert.Equal(t, http.StatusInternalServerError, resp.Code)
+	})
+}
diff --git a/internal/serve/serve.go b/internal/serve/serve.go
@@ -191,15 +191,14 @@ func (opts *ServeOptions) SetupDependencies() error {
 		}
 
 		sep45Service, sep45Err := services.NewSEP45Service(services.SEP45ServiceOptions{
-			RPCClient:                 rpcClient,
-			TOMLClient:                nil,
-			JWTManager:                sep24JWTManager,
-			NetworkPassphrase:         opts.NetworkPassphrase,
-			WebAuthVerifyContractID:   opts.Sep45ContractID,
-			ServerSigningKeypair:      signingKP,
-			BaseURL:                   opts.BaseURL,
-			ClientAttributionRequired: opts.Sep10ClientAttributionRequired,
-			AllowHTTPRetry:            allowHTTPRetry,
+			RPCClient:               rpcClient,
+			TOMLClient:              nil,
+			JWTManager:              sep24JWTManager,
+			NetworkPassphrase:       opts.NetworkPassphrase,
+			WebAuthVerifyContractID: opts.Sep45ContractID,
+			ServerSigningKeypair:    signingKP,
+			BaseURL:                 opts.BaseURL,
+			AllowHTTPRetry:          allowHTTPRetry,
 		})
 		if sep45Err != nil {
 			return fmt.Errorf("initializing SEP 45 Service: %w", sep45Err)
@@ -724,6 +723,9 @@ func handleHTTP(o ServeOptions) *chi.Mux {
 				walletCreationHandler := httphandler.WalletCreationHandler{
 					EmbeddedWalletService: o.EmbeddedWalletService,
 				}
+				embeddedWalletProfileHandler := httphandler.EmbeddedWalletProfileHandler{
+					EmbeddedWalletService: o.EmbeddedWalletService,
+				}
 				sponsoredTransactionHandler := httphandler.SponsoredTransactionHandler{
 					EmbeddedWalletService: o.EmbeddedWalletService,
 				}
@@ -738,6 +740,9 @@ func handleHTTP(o ServeOptions) *chi.Mux {
 					r.Post("/", walletCreationHandler.CreateWallet)
 					r.Get("/{credentialID}", walletCreationHandler.GetWallet)
 
+					// Wallet profile routes
+					r.With(middleware.WalletAuthMiddleware(o.walletJWTManager)).Get("/profile", embeddedWalletProfileHandler.GetProfile)
+
 					// Sponsored transactions routes
 					r.With(middleware.WalletAuthMiddleware(o.walletJWTManager)).Route("/sponsored-transactions", func(r chi.Router) {
 						r.Post("/", sponsoredTransactionHandler.CreateSponsoredTransaction)