For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
RegisterLoginSandbox Login
GuidesRecipesAPI Reference
GuidesRecipesAPI Reference
  • API Reference
      • POSTACH Checkout
      • POSTApple Pay Checkout
      • GETApple Pay Validate Merchant
      • POSTCapture Payment
      • POSTCard Checkout
      • POSTCard on File Authorized
      • POSTCard On File Checkout
      • POSTCash App Checkout
      • POSTCreate Pix Payment
      • POSTCrypto Payin
      • POSTGet Checkout Jwt Token
      • POSTGet Checkout Link
      • POSTGet Destination Auth Key
      • POSTGet Interchange Fees
      • GETGet supported chains and tokens
      • POSTGet Totals
      • POSTGet USDC Authorization Message (EVM only)
      • POSTGoogle Pay Checkout
      • POSTMerchant Initiated Transaction
      • POSTRain Checkout
      • PUTReview Payment Protection
      • POSTSaved Card Checkout
      • POSTSepa/Faster Payments Checkout (New Account)
      • POSTSepa/Faster Payments Checkout (Saved Account)
      • POSTUS Wire Domestic Payments Checkout (New Account)
      • POSTUS Wire Domestic Payments Checkout (Saved Account)
      • POSTVoid Payment
      • POSTZero Authorization
    • POSTGets USDC/SBC/EuroE on testnets
LogoLogo
RegisterLoginSandbox Login
API ReferenceCheckout

Get Checkout Jwt Token

POST
https://api-sandbox.coinflow.cash/api/checkout/jwt-token
POST
/api/checkout/jwt-token
$curl -X POST https://api-sandbox.coinflow.cash/api/checkout/jwt-token \
>     -H "Authorization: <apiKey>" \
>     -H "Content-Type: application/json" \
>     -d '{}'
200Successful
1{}
Gets a Checkout Jwt Token for a purchase Checkout JWT tokens ensure: 1. The arguments of the purchase cannot be manipulated 2. The checkout JWT is only valid for a single purchase 3. The arguments of the purchase are encrypted to be hidden from the user (webhook info, chargebackProtectionData, etc...)
Was this page helpful?
Previous

Get Checkout Link

Next
Built with

Gets a Checkout Jwt Token for a purchase

Checkout JWT tokens ensure:

  1. The arguments of the purchase cannot be manipulated
  2. The checkout JWT is only valid for a single purchase
  3. The arguments of the purchase are encrypted to be hidden from the user (webhook info, chargebackProtectionData, etc…)

Authentication

Authorizationstring
The API key of the merchant - see https://docs.coinflow.cash/api-reference/api-reference/authentication/get-session-key

Request

This endpoint expects an object.
emailstringOptional
customerInfoobjectOptional
webhookInfoobjectOptional
chargebackProtectionDatalist of objectsOptional
Cart item details required for Coinflow Chargeback Protection. Required if the merchant uses chargeback protection.
subtotalobjectOptional
accountFundingTransactionobjectOptional
Used for Account Funding Transactions
authOnlybooleanOptional

Only authorize the purchase. This will not actually capture the payment.(default: false)

allowedPaymentMethodslist of enumsOptional
The payment methods displayed on the UI. If omitted, all available payment methods will be displayed.
blockchainenumOptional

Coinflow Types *

presentmentenumOptional
chargebackProtectionAccountTypeenumOptional
Allowed values:
settlementTypeenumOptional
Allowed values:
threeDsChallengePreferenceenumOptional
Allowed values:
planCodestringOptional
sessionKeystringOptional
zeroAuthorizationConfigobjectOptional

Configuration for zero authorization flow. The presence of this object indicates the checkout is in zero auth mode.

Two mutually exclusive modes:

  • Saved payment methods: { disableSavedPaymentMethods: boolean } - show or hide saved methods
  • Verify card: { cardToken: "token" } - verify a specific saved card
partialUsdcCheckedbooleanOptional

If true, pre-checks the partial USDC payment checkbox when USDC balance is available. If false or undefined, maintains default behavior (unchecked).

deviceIdstringOptional

The DeviceID gotten from the Coinflow SDK: https://docs.coinflow.cash/guides/checkout/fraud-protection/chargeback-protection/implement-chargeback-protection#how-to-add-chargeback-protection

nSureSDK.getDeviceId()

supportEmailstringOptional
Your company email address that the customer can contact.
originslist of stringsOptional

If rendering the Coinflow component within multiple nested iframes, all ancestors in the chain must be provided as a comma-separated list.

Example: Primary origin that will be interacting with the Coinflow iFrame: foo.com Subsequent origins that will render foo.com: bar.com The origin array would then be: [https://foo.com,https://bar.com]

themeobjectOptional
customPayInFeeslist of objectsOptional
feePercentagedoubleOptional0-100

If this purchase is for a seller/submerchant where the marketplace takes a fee, this is the % fee which is taken from the subtotal amount.

fixedFeeobjectOptional
rentobjectOptional

(Solana only) if your transaction requires a known amount of Rent to be paid, you can pass it here.

transactionDataobjectOptional

(EVM only) if you want to execute an EVM transaction on a successful purchase, you can pass a transaction request here.

Gas fees for the transaction will be automatically calculated and added to the total charged to the customer. Optionally the merchant can opt to pay for these gas fees.

stellarTransactionstringOptional

(Stellar only) Base64 XDR transaction string for executing a merchant contract call on a successful purchase.

For transaction purchases, pass the base64 XDR string created using .toXDR() on a transaction built with generated TypeScript bindings (e.g., NftClientWrapper.buildNftPurchaseTx).

For direct USDC transfers (no merchant transaction), omit this field or pass undefined.

Gas fees for the transaction will be automatically calculated and added to the total charged to the customer.

authentication3DSobjectOptional

3DS Card Authorization Data

On initial payment submission - Device3DSInfo needed: 3DS device information - required if 3DS is enabled

After card challenge complete: 3DS challenge transaction id - required after prompted for challenge

redemptionCheckbooleanOptional

(Solana only) If a transaction involved in the purchase, should payment be checked for redemption

destinationAuthKeystringOptional
If utilizing USDC settlement to addresses other than your main merchant settlement address. Utilize this destinationAuthKey which is a JWT encoded with the information for which address to send the USDC to.
customerUsdcTransferDataobjectOptional

Customer signed USDC transferWithAuthorization data for dual-source payments Used for combined USDC + Credit Card payments on EVM chains

customerUsdcTransferDataV2objectOptional

V2 of CustomerUsdcTransferData — replaces the (v, r, s) triple with a single signature bytes string, matching USDC FiatTokenV2_2’s bytes-overload transferWithAuthorization. All other fields unchanged from V1.

userLocationobjectOptional

End-user geographic coordinates captured at the moment of the withdrawal request. Consumed by BlockingRuleMethod.GEOLOCATION enforcement.

Replay-of-different-coords bypass is prevented server-side: the first resolved {country, state} for a given (merchant, user) pair is pinned in Redis, and subsequent requests are evaluated against that pinned value regardless of the lat/lng they submit.

destinationstringOptional
If utilizing USDC settlement to addresses other than your main merchant settlement address. Utilize this destination which is the address to send the USDC to.
idempotencyKeystringOptional

(Optional) Idemptotency Key to pass to prevent multiple purchases with the same checkout link. If not passed, a random one will be generated for you automatically.

standaloneLinkConfigobjectOptional
isZeroAuthorizationbooleanOptionalDeprecated

Response

Ok
checkoutJwtTokenany

The API key of the merchant - see https://docs.coinflow.cash/api-reference/api-reference/authentication/get-session-key