### Install Dependencies and Run Server (Bash)
Source: https://ironixpay.com/blog/accept-usdt-payments
This Bash command installs the necessary Node.js packages, `express` and `dotenv`, using npm. Following the installation, it shows how to start the server by running the `server.js` file.
```bash
npm install express dotenv
node server.js
```
--------------------------------
### Full Server Example: Create Checkout and Receive Webhook (JavaScript)
Source: https://ironixpay.com/blog/accept-usdt-payments
This comprehensive JavaScript example integrates IronixPay checkout session creation and webhook handling within a single Express.js server. It requires `dotenv` for environment variables and `express` for server setup. The code defines routes for creating checkout sessions and processing incoming webhooks, including signature verification.
```javascript
require('dotenv').config();
const express = require('express');
const crypto = require('crypto');
const app = express();
const SECRET_KEY = process.env.IRONIXPAY_SECRET_KEY;
const WEBHOOK_SECRET = process.env.IRONIXPAY_WEBHOOK_SECRET;
const API_BASE = 'https://sandbox.ironixpay.com';
// --- Create Checkout Session ---
app.use('/public', express.static('public'));
app.use(express.json());
app.post('/create-checkout', async (req, res) => {
const response = await fetch(`${API_BASE}/v1/checkout/sessions`, {
method: 'POST',
headers: {
Authorization: `Bearer ${SECRET_KEY}`,
'Content-Type': 'application/json',
},
body: JSON.stringify({
amount: req.body.amount || 10000000,
currency: 'USDT',
network: 'TRON',
success_url: `http://localhost:3000/public/success.html`,
cancel_url: `http://localhost:3000/public/cancel.html`,
client_reference_id: req.body.orderId,
}),
});
const session = await response.json();
res.json({ id: session.id, url: session.url });
});
// --- Webhook Receiver ---
app.post('/webhook', express.raw({ type: 'application/json' }), (req, res) => {
const sig = req.headers['x-signature'];
const ts = req.headers['x-timestamp'];
const body = req.body.toString();
const expected = crypto.createHmac('sha256', WEBHOOK_SECRET)
.update(`${ts}.${body}`).digest('hex');
if (!crypto.timingSafeEqual(Buffer.from(sig), Buffer.from(expected))) {
return res.status(401).send('Bad signature');
}
const event = JSON.parse(body);
console.log(`[Webhook] ${event.event_type}:`, JSON.stringify(event.data, null, 2));
if (event.event_type === 'session.completed') {
// ✅ Payment confirmed — fulfill the order
console.log(`💰 Order paid: ${event.data.amount_received / 1e6} USDT`);
}
res.sendStatus(200);
});
app.listen(3000, () => console.log('🚀 http://localhost:3000'));
```
--------------------------------
### Create Checkout Session Example
Source: https://ironixpay.com/guide/networks
An example cURL command demonstrating how to create a checkout session, specifying the amount, currency, and network.
```APIDOC
## POST /v1/checkout/sessions
### Description
Creates a new checkout session for processing payments.
### Method
`POST`
### Endpoint
`/v1/checkout/sessions`
### Request Body
- **amount** (integer) - Required - The amount to be paid in the smallest currency unit (e.g., cents for USD, or the smallest unit for USDT).
- **currency** (string) - Required - The currency of the payment (e.g., "USDT").
- **network** (string) - Required - The blockchain network to use for the payment (e.g., "BSC", "TRON").
### Request Example
```bash
curl -X POST https://api.ironixpay.com/v1/checkout/sessions \
-H "Authorization: Bearer sk_live_..." \
-H "Content-Type: application/json" \
-d '{"amount": 10500000, "currency": "USDT", "network": "BSC", ...}'
```
### Response
#### Success Response (200)
- **id** (string) - The unique identifier for the checkout session.
- **amount** (integer) - The amount of the session.
- **currency** (string) - The currency of the session.
- **network** (string) - The network used for the session.
- **status** (string) - The current status of the session (e.g., "pending", "paid").
#### Response Example
```json
{
"id": "sess_12345abcde",
"amount": 10500000,
"currency": "USDT",
"network": "BSC",
"status": "pending"
}
```
```
--------------------------------
### Install IronixPay SDK (npm/CDN)
Source: https://ironixpay.com/guide/integration
Commands and HTML snippet to install the IronixPay SDK. Use 'npm install @ironix-pay/sdk' for Node.js projects or include the provided script tag for CDN usage.
```bash
npm install @ironix-pay/sdk
```
```html
```
--------------------------------
### Create Checkout Session (API)
Source: https://ironixpay.com/guide/quickstart
Initiates a payment session by making a POST request to the IronixPay API. Requires an API key for authentication and specifies payment details like amount, currency, network, and redirect URLs. Returns a session object containing a unique URL for customer redirection.
```bash
curl -X POST https://api.ironixpay.com/v1/checkout/sessions \
-H "Authorization: Bearer sk_test_..." \
-H "Content-Type: application/json" \
-d '{
"amount": 10500000,
"currency": "USDT",
"network": "TRON",
"success_url": "https://example.com/success",
"cancel_url": "https://example.com/cancel"
}'
```
--------------------------------
### Example: Create Checkout Session with Idempotency
Source: https://ironixpay.com/guide/idempotency
This example demonstrates how to create a checkout session using `curl`. The first request includes an `Idempotency-Key`. A subsequent retry with the exact same key and body will return the cached response, preventing a duplicate session.
```bash
# First request — creates the session
curl -X POST https://api.ironixpay.com/v1/checkout/sessions \
-H "Authorization: Bearer sk_test_..." \
-H "Content-Type: application/json" \
-H "Idempotency-Key: order_12345_v1" \
-d '{"amount": 10500000, "currency": "USDT", "network": "TRON", "success_url": "https://example.com/success", "cancel_url": "https://example.com/cancel"}'
# Retry with same key — returns the same session (no duplicate created)
curl -X POST https://api.ironixpay.com/v1/checkout/sessions \
-H "Authorization: Bearer sk_test_..." \
-H "Content-Type: application/json" \
-H "Idempotency-Key: order_12345_v1" \
-d '{"amount": 10500000, "currency": "USDT", "network": "TRON", "success_url": "https://example.com/success", "cancel_url": "https://example.com/cancel"}'
```
--------------------------------
### Webhook: session.completed
Source: https://ironixpay.com/guide/quickstart
Handles the webhook notification sent by IronixPay when a payment session is completed on-chain. This event allows you to verify payment and fulfill customer orders.
```APIDOC
## Webhook: session.completed
### Description
Handles the webhook notification sent by IronixPay when a payment session is completed on-chain. This event allows you to verify payment and fulfill customer orders.
### Method
POST (typically, to your webhook endpoint)
### Endpoint
Your configured webhook URL
### Parameters
#### Request Body
- **id** (string) - The unique identifier for the webhook event.
- **event_type** (string) - The type of event, which will be "session.completed".
- **created** (integer) - The Unix timestamp when the event was created.
- **data** (object) - Contains details about the completed session:
- **session_id** (string) - The ID of the completed checkout session.
- **livemode** (boolean) - Indicates if the session was in live mode.
- **status** (string) - The final status of the session (e.g., "Paid").
- **amount_expected** (integer) - The total amount expected for the payment.
- **amount_received** (integer) - The total amount received for the payment.
- **currency** (string) - The currency of the transaction.
- **pay_address** (string) - The payment address used for the transaction.
- **tx_count** (integer) - The number of transactions associated with this payment.
### Request Example
```json
{
"id": "evt_abc123...",
"event_type": "session.completed",
"created": 1739246160,
"data": {
"session_id": "cs_abc123def456",
"livemode": false,
"status": "Paid",
"amount_expected": 10500000,
"amount_received": 10500000,
"currency": "USDT",
"pay_address": "TQFEyGNzHZAJmebJUvsoZvJghHm2yNhXAD",
"tx_count": 1
}
}
```
### Response
#### Success Response (200)
Typically, a 200 OK response is expected to acknowledge receipt of the webhook. No specific JSON body is mandated by IronixPay for acknowledgment, but returning an empty object or a simple success message is common.
#### Response Example
```json
{}
```
```
--------------------------------
### POST /v1/checkout/sessions with Idempotency-Key
Source: https://ironixpay.com/guide/idempotency
This example demonstrates how to use the `Idempotency-Key` header with a POST request to create a checkout session. It shows both the initial request and a subsequent retry with the same key, illustrating how idempotency prevents duplicate creations.
```APIDOC
## POST /v1/checkout/sessions
### Description
Creates a checkout session. By including an `Idempotency-Key` header, you can safely retry this request without creating duplicate sessions.
### Method
POST
### Endpoint
/v1/checkout/sessions
### Parameters
#### Headers
- **Idempotency-Key** (string) - Required - A unique key to ensure the request is processed only once.
- **Authorization** (string) - Required - Bearer token for authentication.
- **Content-Type** (string) - Required - Specifies the request body format, typically `application/json`.
#### Request Body
- **amount** (integer) - Required - The amount for the checkout session.
- **currency** (string) - Required - The currency for the transaction (e.g., "USDT").
- **network** (string) - Required - The blockchain network for the transaction (e.g., "TRON").
- **success_url** (string) - Required - The URL to redirect to upon successful payment.
- **cancel_url** (string) - Required - The URL to redirect to if the payment is canceled.
### Request Example
```bash
curl -X POST https://api.ironixpay.com/v1/checkout/sessions \
-H "Authorization: Bearer sk_test_..." \
-H "Content-Type: application/json" \
-H "Idempotency-Key: order_12345_v1" \
-d '{
"amount": 10500000,
"currency": "USDT",
"network": "TRON",
"success_url": "https://example.com/success",
"cancel_url": "https://example.com/cancel"
}'
```
### Response
#### Success Response (200)
- **session_id** (string) - The unique identifier for the created checkout session.
- **status** (string) - The current status of the session.
- **... (other session details)**
#### Response Example
```json
{
"session_id": "sess_abc123",
"status": "pending",
"amount": 10500000,
"currency": "USDT",
"network": "TRON",
"success_url": "https://example.com/success",
"cancel_url": "https://example.com/cancel"
}
```
#### Error Response (409 Conflict)
- **error_code** (string) - Indicates `idempotency_conflict` if the key is reused with a different body.
### How It Works
- **Same key + same body**: Returns the cached response from the original request.
- **Same key + different body**: Returns `409 Conflict` with error code `idempotency_conflict`.
- **Keys expire after 24 hours**
```
--------------------------------
### Create Checkout Session with BSC Network (Bash)
Source: https://ironixpay.com/guide/networks
Example cURL command to create a checkout session using IronixPay API. It specifies the amount, currency (USDT), and the BSC network. Ensure to replace 'sk_live_...' with your actual live API key.
```bash
curl -X POST https://api.ironixpay.com/v1/checkout/sessions \
-H "Authorization: Bearer sk_live_..." \
-H "Content-Type: application/json" \
-d '{"amount": 10500000, "currency": "USDT", "network": "BSC", ...}'
```
--------------------------------
### POST /v1/checkout/sessions
Source: https://ironixpay.com/demo
Creates a checkout session for redirecting customers to IronixPay's hosted checkout page. This is used in Redirect Mode.
```APIDOC
## POST /v1/checkout/sessions
### Description
Creates a checkout session to initiate a payment process via redirect. This endpoint is part of the Redirect Mode integration.
### Method
POST
### Endpoint
/v1/checkout/sessions
### Parameters
#### Query Parameters
None
#### Request Body
- **amount** (integer) - Required - The amount to be paid in the smallest currency unit (e.g., satoshis for BTC, cents for USD). For USDT, this would be the smallest divisible unit.
- **currency** (string) - Required - The currency code (e.g., 'USDT').
- **network** (string) - Required - The blockchain network to use for the payment (e.g., 'TRON').
- **success_url** (string) - Required - The URL to redirect the customer to upon successful payment.
- **cancel_url** (string) - Required - The URL to redirect the customer to if they cancel the payment.
### Request Example
```json
{
"amount": 5000000,
"currency": "USDT",
"network": "TRON",
"success_url": "https://yoursite.com/success",
"cancel_url": "https://yoursite.com/cancel"
}
```
### Response
#### Success Response (200)
- **id** (string) - The unique identifier for the checkout session.
- **url** (string) - The URL to redirect the customer to for completing the payment.
#### Response Example
```json
{
"id": "cs_test_...".
"url": "https://checkout.ironixpay.com/pay/cs_test_..."
}
```
```
--------------------------------
### Retrieve Payout Details using cURL
Source: https://ironixpay.com/guide/payouts
This example shows how to fetch the details of a specific payout using its unique ID via the IronixPay API. It utilizes a GET request with the payout ID appended to the endpoint and requires an Authorization header for authentication. This is useful for monitoring the status and details of a past transaction.
```bash
curl https://api.ironixpay.com/v1/payouts/po_a1b2c3d4e5f6 \
-H "Authorization: Bearer sk_test_..."
```
--------------------------------
### IronixPay SDK - Embed Mode
Source: https://ironixpay.com/demo
Integrates the IronixPay payment UI directly into your webpage using the provided SDK. This is used in Embed Mode.
```APIDOC
## IronixPay SDK - Embed Mode
### Description
Use the IronixPay SDK to embed the payment interface directly within your website, providing a seamless user experience. This is part of the Embed Mode integration.
### Method
N/A (Client-side JavaScript SDK)
### Endpoint
N/A (Client-side SDK)
### Parameters
#### Initialization Options
- **environment** (string) - Required - Specifies the environment ('sandbox' or 'production').
#### `createPaymentElement` Options
- **sessionId** (string) - Required - The ID of the checkout session created via the API.
- **theme** (string) - Optional - The visual theme for the payment element ('light' or 'dark'). Defaults to 'light'.
- **locale** (string) - Optional - The language for the payment element (e.g., 'en'). Defaults to 'en'.
### Usage Example
```javascript
import { IronixPay } from '@ironix-pay/sdk'
const ip = new IronixPay({ environment: 'sandbox' })
const el = ip.createPaymentElement({
sessionId: 'cs_...',
theme: 'light',
locale: 'en'
})
el.mount('#checkout') // Mounts the payment element to an HTML element with id 'checkout'
el.on('payment_success', (result) => {
console.log('Paid!', result.transactionHash)
})
```
### Events
- **payment_success**: Triggered when a payment is successfully completed. The event handler receives a `result` object containing details like `transactionHash`.
```
--------------------------------
### Webhook Signature Verification
Source: https://ironixpay.com/guide/webhooks
This section details the process of verifying webhook signatures using the provided headers and secret. It includes the algorithm, verification steps, and examples in multiple programming languages.
```APIDOC
## Webhook Signature Verification
Every webhook includes two headers:
```
X-Signature:
X-Timestamp:
```
### Algorithm
```
signed_message = "{X-Timestamp}.{request_body_json}"
expected_sig = HMAC-SHA256(webhook_secret, signed_message)
```
1. Check that `X-Timestamp` is within **5 minutes** of your server time (replay protection)
2. Concatenate `timestamp.body` as the signed message
3. Compute HMAC-SHA256 using your `whsec_...` secret
4. Compare the hex-encoded result against `X-Signature` using a **constant-time** comparison
### Verification Examples
**Node.js**
```javascript
const crypto = require('crypto');
function verifyWebhook(payload, signature, timestamp, secret) {
// 1. Replay protection: reject timestamps older than 5 minutes
const now = Math.floor(Date.now() / 1000);
if (Math.abs(now - parseInt(timestamp)) > 300) {
throw new Error('Timestamp too old — possible replay attack');
}
// 2. Reconstruct the signed message
const message = `${timestamp}.${payload}`;
// 3. Compute expected signature
const expected = crypto
.createHmac('sha256', secret)
.update(message)
.digest('hex');
// 4. Constant-time comparison
return crypto.timingSafeEqual(
Buffer.from(signature),
Buffer.from(expected)
);
}
// Express middleware example
app.post('/webhook', express.raw({ type: 'application/json' }), (req, res) => {
const signature = req.headers['x-signature'];
const timestamp = req.headers['x-timestamp'];
const payload = req.body.toString();
if (!verifyWebhook(payload, signature, timestamp, WEBHOOK_SECRET)) {
return res.status(401).send('Invalid signature');
}
const event = JSON.parse(payload);
// Handle event...
res.status(200).send('OK');
});
```
**Python**
```python
import hmac
import hashlib
import time
def verify_webhook(payload: str, signature: str, timestamp: str, secret: str) -> bool:
# 1. Replay protection: reject timestamps older than 5 minutes
now = int(time.time())
if abs(now - int(timestamp)) > 300:
raise ValueError("Timestamp too old — possible replay attack")
# 2. Reconstruct the signed message
message = f"{timestamp}.{payload}"
# 3. Compute expected signature
expected = hmac.new(
secret.encode("utf-8"),
message.encode("utf-8"),
hashlib.sha256,
).hexdigest()
# 4. Constant-time comparison
return hmac.compare_digest(signature, expected)
```
```
--------------------------------
### Initialize Payment Element (Embed Mode - JavaScript)
Source: https://ironixpay.com/demo
This snippet shows how to initialize and mount the IronixPay payment element for embeddable checkout. It uses the IronixPay SDK and requires a session ID. The element can be mounted to a specified DOM element and listens for payment success events.
```javascript
import { IronixPay } from '@ironix-pay/sdk'
const ip = new IronixPay({ environment: 'sandbox' })
const el = ip.createPaymentElement({
sessionId: 'cs_...',
theme: 'light',
locale: 'en'
})
el.mount('#checkout')
el.on('payment_success', (result) => {
console.log('Paid!', result.transactionHash)
})
```
--------------------------------
### Create Checkout Session (Redirect Mode - JavaScript)
Source: https://ironixpay.com/demo
This snippet demonstrates how to create a checkout session on the server-side using the IronixPay API. It requires an API key for authorization and specifies payment details like amount, currency, network, and return URLs. The response contains a URL to redirect the customer to.
```javascript
const res = await fetch('https://api.ironixpay.com/v1/checkout/sessions', {
method: 'POST',
headers: {
'Authorization': 'Bearer sk_live_...',
'Content-Type': 'application/json'
},
body: JSON.stringify({
amount: 5000000,
currency: 'USDT',
network: 'TRON',
success_url: 'https://yoursite.com/success',
cancel_url: 'https://yoursite.com/cancel'
})
})
const session = await res.json()
window.location = session.url
```
--------------------------------
### Environment Variables Configuration (Bash)
Source: https://ironixpay.com/blog/accept-usdt-payments
This Bash snippet shows the format for setting up environment variables required by the IronixPay integration. It includes placeholders for your secret API key and webhook signing secret, which should be stored securely.
```bash
# .env
IRONIXPAY_SECRET_KEY=sk_test_your_key_here
IRONIXPAY_WEBHOOK_SECRET=whsec_your_secret_here
```
--------------------------------
### Redirect Customer to Checkout URL (Server-side)
Source: https://ironixpay.com/guide/quickstart
Redirects the customer to the IronixPay checkout page using the URL obtained from the session creation response. This is typically done in a server-side handler after a successful API request.
```javascript
// Example: redirect in your server-side handler
res.redirect(303, session.url);
```
--------------------------------
### Handle Session Completed Webhook (API)
Source: https://ironixpay.com/guide/quickstart
Processes the 'session.completed' webhook sent by IronixPay when a payment is received on-chain. This event data includes session details and payment status, which should be verified and used to fulfill customer orders.
```json
{
"id": "evt_abc123...",
"event_type": "session.completed",
"created": 1739246160,
"data": {
"session_id": "cs_abc123def456",
"livemode": false,
"status": "Paid",
"amount_expected": 10500000,
"amount_received": 10500000,
"currency": "USDT",
"pay_address": "TQFEyGNzHZAJmebJUvsoZvJghHm2yNhXAD",
"tx_count": 1
}
}
```
--------------------------------
### Initialize IronixPay SDK
Source: https://ironixpay.com/guide/integration
Instantiate the IronixPay SDK with configuration options. The `environment` option specifies whether to use production or sandbox API endpoints. The `publicKey` is reserved for future use, and `checkoutUrl` allows for custom self-hosted checkout pages.
```javascript
const ironixPay = new IronixPay({
environment: 'sandbox',
// publicKey: 'YOUR_PUBLIC_KEY',
// checkoutUrl: 'https://your-custom-checkout.com'
});
```
--------------------------------
### IronixPay Initialization
Source: https://ironixpay.com/guide/integration
Initialize the IronixPay SDK with your desired options. The environment and public key are crucial for connecting to the correct API.
```APIDOC
## `new IronixPay(options)`
### Description
Initializes the IronixPay SDK. This is the first step to using the library.
### Method
`new`
### Parameters
#### Options
- **environment** (`'production' | 'sandbox'`) - Optional - Specifies the API environment. Defaults to `'production'`.
- **publicKey** (`string`) - Optional - Your public API key. Currently reserved for future use.
- **checkoutUrl** (`string`) - Optional - A custom URL for self-hosted checkout deployments.
```
--------------------------------
### Create Test Checkout Session (Bash)
Source: https://ironixpay.com/guide/testing
Creates a new checkout session in the IronixPay sandbox environment. Requires a test API key and specifies amount, currency, network, and return URLs.
```bash
curl -X POST https://api.ironixpay.com/v1/checkout/sessions \
-H "Authorization: Bearer sk_test_..." \
-H "Content-Type: application/json" \
-d '{
"amount": 1000000,
"currency": "USDT",
"network": "TRON",
"success_url": "https://example.com/success",
"cancel_url": "https://example.com/cancel"
}'
```
--------------------------------
### Expose Local Server for Webhook Testing (Bash)
Source: https://ironixpay.com/guide/testing
Uses ngrok to create a secure tunnel to a local server, allowing external services like IronixPay to send webhooks to your local development environment. Assumes your server is running on port 3000.
```bash
# Using ngrok
ngrok http 3000
# Set your webhook URL to the ngrok URL
# https://abc123.ngrok.io/webhooks/ironixpay
```
--------------------------------
### Create Checkout Session API
Source: https://ironixpay.com/blog/accept-usdt-payments
This endpoint creates a checkout session, which generates a unique payment address and a hosted checkout URL for your customers.
```APIDOC
## POST /v1/checkout/sessions
### Description
Creates a checkout session to facilitate USDT payments. This endpoint generates a unique payment address and a hosted checkout page URL.
### Method
POST
### Endpoint
`https://sandbox.ironixpay.com/v1/checkout/sessions`
### Parameters
#### Headers
- **Authorization** (string) - Required - `Bearer YOUR_SECRET_KEY`
- **Content-Type** (string) - Required - `application/json`
#### Request Body
- **amount** (integer) - Required - The payment amount in micro-units (e.g., 10000000 for 10.00 USDT).
- **currency** (string) - Required - The currency of the payment, typically 'USDT'.
- **network** (string) - Required - The blockchain network for the payment (e.g., 'TRON', 'BSC', 'ETH').
- **success_url** (string) - Required - The URL to redirect the customer to after a successful payment.
- **cancel_url** (string) - Required - The URL to redirect the customer to if they cancel the payment.
- **client_reference_id** (string) - Optional - Your internal order ID for tracking purposes.
### Request Example
```json
{
"amount": 10000000,
"currency": "USDT",
"network": "TRON",
"success_url": "https://yoursite.com/success",
"cancel_url": "https://yoursite.com/cancel",
"client_reference_id": "order_001"
}
```
### Response
#### Success Response (200)
- **id** (string) - The unique ID of the checkout session.
- **url** (string) - The URL of the hosted checkout page.
#### Response Example
```json
{
"id": "cs_abc123...",
"url": "https://checkout.ironixpay.com/pay/cs_abc123..."
}
```
```
--------------------------------
### How `network` Works
Source: https://ironixpay.com/guide/networks
Explains how the `network` parameter functions when creating a session and how it interacts with the API key to determine mainnet or testnet usage.
```APIDOC
## How `network` Works
The `network` parameter is used when creating a session to specify the desired blockchain. The API automatically selects between mainnet and testnet based on your provided API key:
* `sk_live_` + `network: "TRON"` → TRON Mainnet
* `sk_test_` + `network: "TRON"` → TRON Nile (testnet)
* `sk_live_` + `network: "BSC"` → BSC Mainnet
```
--------------------------------
### Payout Webhook Payload Example
Source: https://ironixpay.com/guide/webhooks
This JSON payload represents a 'payout.completed' event. It contains details about the payout, including status, amounts, currency, network, and transaction hash. This is crucial for merchants to track successful fund disbursements.
```json
{
"id": "evt_xyz789...",
"event_type": "payout.completed",
"created": 1739246200,
"data": {
"object": "payout",
"id": "po_abc123def456",
"merchant_id": "mer_abc123",
"livemode": true,
"status": "Completed",
"amount": "5000000",
"fee": "1500000",
"net_amount": "3500000",
"currency": "USDT",
"decimals": 6,
"network": "TRON",
"to_address": "TNPeeaaFB7K9cmo4uQpcU32zGK8G1NYqeL",
"tx_hash": "7c72c45f...",
"idempotency_key": "order_123",
"description": "Vendor payment #1234",
"metadata": { "internal_ref": "inv-2025-001" },
"created_at": 1739246100,
"completed_at": 1739246200
}
}
```
--------------------------------
### Checkout Session Webhook Payload Example
Source: https://ironixpay.com/guide/webhooks
This JSON payload represents a 'session.completed' event for a checkout session. It includes details about the session, payment status, and transaction information. This is useful for backend systems to track payment confirmations.
```json
{
"id": "evt_abc123...",
"event_type": "session.completed",
"created": 1739246160,
"data": {
"object": "checkout_session",
"id": "cs_abc123def456",
"merchant_id": "mer_abc123",
"amount_expected": "10500000",
"amount_received": "10500000",
"currency": "USDT",
"decimals": 6,
"token_contract": "TR7NHqjeKQxGTCi8q8ZY4pL8otSzgjLj6t",
"network": "TRON",
"livemode": false,
"status": "Paid",
"pay_address": "TQFEyGNzHZAJmebJUvsoZvJghHm2yNhXAD",
"client_reference_id": "order_20250227_001",
"created_at": 1739246100,
"paid_at": 1739246160,
"tx_count": 1,
"transactions": [
{
"tx_hash": "7c72c45f...",
"amount": "10500000",
"confirmations": 20,
"from_address": "TNPeeaaFB7K9cmo4uQpcU32zGK8G1NYqeL",
"detected_at": 1739246140
}
]
}
}
```
--------------------------------
### Create Telegram Bot Payment Session (JavaScript)
Source: https://ironixpay.com/blog/accept-usdt-payments
This JavaScript code snippet illustrates how to create an IronixPay checkout session specifically for a Telegram bot. It uses the `fetch` API to make a POST request to the IronixPay API and then constructs an inline keyboard message with a payment URL to send to the user via the bot.
```javascript
bot.onText(//pay/, async (msg) => {
const res = await fetch(`${API_BASE}/v1/checkout/sessions`, {
method: 'POST',
headers: {
Authorization: `Bearer ${SECRET_KEY}`,
'Content-Type': 'application/json',
},
body: JSON.stringify({
amount: 5000000, // 5 USDT
currency: 'USDT',
network: 'TRON',
success_url: 'https://t.me/your_bot',
cancel_url: 'https://t.me/your_bot',
}),
});
const session = await res.json();
bot.sendMessage(msg.chat.id, `💳 Pay 5 USDT to complete your order:`, {
reply_markup: {
inline_keyboard: [[{ text: '🔗 Pay Now', url: session.url }]],
},
});
});
```
--------------------------------
### Example IronixPay Error JSON Response
Source: https://ironixpay.com/guide/errors
This JSON structure represents a typical error response from the IronixPay API. It includes the error type, a specific error code, a human-readable message, the parameter that caused the error (if applicable), and a URL to relevant documentation.
```json
{
"error": {
"type": "invalid_request_error",
"code": "parameter_invalid",
"message": "Amount must be at least 1 USDT (1000000 microunits)",
"param": "amount",
"doc_url": "https://ironixpay.com/guide/errors#parameter_invalid"
}
}
```
--------------------------------
### Security Best Practices
Source: https://ironixpay.com/guide/authentication
Follow these security best practices to protect your IronixPay API keys and ensure the security of your account.
```APIDOC
## Security Best Practices
### Description
Adhering to these security guidelines is crucial for safeguarding your IronixPay API keys and maintaining the integrity of your account and transactions.
### Best Practices
1. **Keep keys secret**: Store your API keys securely in environment variables. Avoid committing them directly into your version control system.
2. **Use test keys for development**: Always use `sk_test_` keys for development and testing purposes. Only use `sk_live_` keys in your production environment.
3. **Rotate regularly**: Periodically rotate your API keys. It is especially important to rotate them immediately if you suspect any compromise.
4. **Restrict access**: Limit the number of team members who have access to view and manage API keys within your IronixPay account.
```
--------------------------------
### Verify IronixPay Webhook Signature - PHP (Laravel)
Source: https://ironixpay.com/guide/webhooks
Verifies the signature of an incoming IronixPay webhook request using PHP and Laravel. It includes replay protection by checking the timestamp and uses hash_hmac for signature calculation. The example shows how to integrate this into a Laravel route.
```php
300) {
throw new Exception('Timestamp too old — possible replay attack');
}
// 2. Reconstruct the signed message
$message = $timestamp . '.' . $payload;
// 3. Compute expected signature
$expected = hash_hmac('sha256', $message, $secret);
// 4. Constant-time comparison
return hash_equals($expected, $signature);
}
// Laravel example
Route::post('/webhook', function (Request $request) {
$payload = $request->getContent();
$signature = $request->header('X-Signature', '');
$timestamp = $request->header('X-Timestamp', '');
if (!verifyWebhook($payload, $signature, $timestamp, config('services.ironixpay.webhook_secret'))) {
abort(401, 'Invalid signature');
}
$event = json_decode($payload, true);
// Handle event...
return response('OK', 200);
});
```
--------------------------------
### Create Payout using cURL
Source: https://ironixpay.com/guide/payouts
This snippet demonstrates how to initiate a USDT payout using the IronixPay API with a cURL command. It includes necessary headers like Authorization and Idempotency-Key, and a JSON payload specifying amount, currency, network, destination address, and an optional description. Ensure the 'Idempotency-Key' header is unique for each request to prevent duplicates.
```bash
curl -X POST https://api.ironixpay.com/v1/payouts \
-H "Authorization: Bearer sk_test_..." \
-H "Content-Type: application/json" \
-H "Idempotency-Key: payout_order_123" \
-d '{
"amount": "10000000",
"currency": "USDT",
"network": "TRON",
"to_address": "TJn9bXhJMVn1Do3PfFHg5J3YNYN9hPQBqA",
"description": "Affiliate commission for January"
}'
```
--------------------------------
### Create Checkout Session API
Source: https://ironixpay.com/blog/accept-usdt-payments
This API endpoint allows you to create a new checkout session for processing payments. It can be used in web applications or Telegram bots.
```APIDOC
## POST /v1/checkout/sessions
### Description
Creates a new checkout session for a payment. This endpoint returns a URL that the customer can use to complete the payment.
### Method
POST
### Endpoint
`/v1/checkout/sessions`
### Parameters
#### Request Body
- **amount** (integer) - Required - The amount to charge in the smallest currency unit (e.g., for USDT, 1,000,000 represents 1 USDT).
- **currency** (string) - Required - The currency of the payment (e.g., 'USDT').
- **network** (string) - Required - The blockchain network for the transaction (e.g., 'TRON').
- **success_url** (string) - Required - The URL to redirect the user to after a successful payment.
- **cancel_url** (string) - Required - The URL to redirect the user to if they cancel the payment.
- **client_reference_id** (string) - Optional - A unique identifier for the order or transaction on your platform.
### Request Example
```json
{
"amount": 10000000,
"currency": "USDT",
"network": "TRON",
"success_url": "http://localhost:3000/public/success.html",
"cancel_url": "http://localhost:3000/public/cancel.html",
"client_reference_id": "order_12345"
}
```
### Response
#### Success Response (200)
- **id** (string) - The unique identifier for the checkout session.
- **url** (string) - The URL for the customer to complete the payment.
#### Response Example
```json
{
"id": "cs_test_abcdef12345",
"url": "https://sandbox.ironixpay.com/pay/cs_test_abcdef12345"
}
```
```
--------------------------------
### Create Checkout Session with IronixPay (Node.js)
Source: https://ironixpay.com/blog/accept-usdt-payments
Backend code to create a checkout session with IronixPay. It sends a POST request to the IronixPay API with payment details and returns the session ID and checkout URL. Requires Node.js and the IronixPay secret key.
```javascript
// server.js
const express = require('express');
const app = express();
app.use(express.json());
const IRONIXPAY_SECRET = process.env.IRONIXPAY_SECRET_KEY; // sk_test_...
app.post('/create-checkout', async (req, res) => {
const response = await fetch(
'https://sandbox.ironixpay.com/v1/checkout/sessions',
{
method: 'POST',
headers: {
Authorization: `Bearer ${IRONIXPAY_SECRET}`,
'Content-Type': 'application/json',
},
body: JSON.stringify({
amount: 10000000, // 10.00 USDT (micro-units: 1 USDT = 1,000,000)
currency: 'USDT',
network: 'TRON',
success_url: 'https://yoursite.com/success',
cancel_url: 'https://yoursite.com/cancel',
client_reference_id: req.body.orderId, // your internal order ID
}),
}
);
const session = await response.json();
res.json({ id: session.id, url: session.url });
});
app.listen(3000, () => console.log('Server running on :3000'));
```
--------------------------------
### Retrieve Checkout Session using cURL
Source: https://ironixpay.com/guide/checkout
This snippet shows how to retrieve the current state of an existing checkout session using a cURL command. It sends a GET request to the /v1/checkout/sessions/:id endpoint, where :id is the unique identifier of the checkout session.
```bash
curl https://api.ironixpay.com/v1/checkout/sessions/cs_abc123 \
-H "Authorization: Bearer sk_test_..."
```
--------------------------------
### Payment Exception Webhook Event Example
Source: https://ironixpay.com/guide/exceptions
This JSON object represents a webhook event triggered by IronixPay when a payment exception occurs. It includes details such as the event type, exception ID, type, amount, currency, transaction hash, and associated session ID.
```json
{
"event_type": "payment.exception",
"data": {
"id": "exc_abc123...",
"exception_type": "session_expired",
"amount": 10500000,
"currency": "USDT",
"tx_hash": "abc123...",
"session_id": "cs_def456..."
}
}
```
--------------------------------
### Webhook Receiver
Source: https://ironixpay.com/blog/accept-usdt-payments
This endpoint receives and verifies webhook events from IronixPay, such as `session.completed` notifications.
```APIDOC
## POST /webhook
### Description
This endpoint is used to receive and verify webhook events sent by IronixPay. It is crucial for confirming payment status and fulfilling orders.
### Method
POST
### Endpoint
`/webhook`
### Parameters
#### Headers
- **x-signature** (string) - Required - The signature of the webhook payload for verification.
- **x-timestamp** (string) - Required - The timestamp of the webhook event for replay attack prevention.
#### Request Body
- **event_type** (string) - The type of the event (e.g., `session.completed`).
- **data** (object) - Contains details about the event, such as `session_id`, `amount_received`, and `status` for `session.completed` events.
### Request Example
```json
{
"event_type": "session.completed",
"data": {
"session_id": "cs_test_12345",
"amount_received": 10000000,
"status": "completed",
"currency": "USDT",
"network": "TRON",
"client_reference_id": "order_abc"
}
}
```
### Response
#### Success Response (200)
- **OK** - Indicates that the webhook was received and processed successfully.
#### Error Response (401)
- **Invalid signature** - Returned if the `x-signature` header does not match the computed signature.
- **Timestamp expired** - Returned if the `x-timestamp` header is outside the acceptable time window.
### Response Example
```
OK
```
```
--------------------------------
### Managing API Keys
Source: https://ironixpay.com/guide/authentication
API keys can be generated and managed through the IronixPay Merchant Dashboard. Multiple keys can be active per environment, and keys can be rotated without downtime.
```APIDOC
## Managing API Keys
### Description
Generate and manage your API keys directly within your IronixPay Merchant Dashboard. You have the flexibility to maintain multiple active keys for each environment and can seamlessly rotate them by creating a new key before revoking an old one, ensuring uninterrupted service.
### Key Management Features
* **Multiple Active Keys**: You can have several active keys simultaneously for each environment (production and sandbox).
* **Key Rotation**: Implement key rotation without causing downtime by generating a new key prior to revoking the existing one.
* **Security**: Never expose your secret API keys in client-side code.
```