Card Checkout - Direct Settlement to Merchant

Setup

Account Setup

You MUST complete the account setup section before you start integrating!

1 Register a sandbox merchant account or Login to your sandbox merchant account

2 Create sandbox API Key

3 Add Team Members to your sandbox account

4 Add chargeback protection script to every page of your app

Configure settlement settings - Select where to receive revenue:

Your Own Merchant Wallet

Developer Resources

Quick Links:

Authorization Headers:

Authorization is your API Key. You can generate this from the merchant dashboard
x-coinflow-auth-user-id is a unique customer ID you use within your systems to identify the user withdrawing funds
x-coinflow-auth-blockchain should always be solana if your settlement location is the Coinflow in-app wallet
x-coinflow-auth-session-key is a JWT that authorizes the payer. This is valid for 24 hours and must be refreshed anytime after

API Implementation

Share payer events with Coinflow Sharing major events that a payer makes throughout their lifecycle on your website prior to them making a purchase will allow us to collect more information about them and improve your approval rates.

SignUpEvent

1 curl --request POST \
2      --url https://api-sandbox.coinflow.cash/api/events \
3      --header 'Authorization: YOUR_API_KEY' \
4      --header 'content-type: application/json' \
5      --data '
6 {
7   "eventType": "SignUp",
8   "customerId": "user-123-abc",
9   "country": "US",
10   "username": "therock72",
11   "email": "dwaynejohnson@gmail.com",
12   "firstName": "Dwayne",
13   "lastName": "Johnson"
14 }
15 '

SignInEvent

1 curl --request POST \
2      --url https://api-sandbox.coinflow.cash/api/events \
3      --header 'Authorization: YOU_API_KEY' \
4      --header 'content-type: application/json' \
5      --data '
6 {
7   "eventType": "SignIn",
8   "customerId": "user-123-abc",
9   "country": "US",
10   "email": "dwaynejohnson@gmail.com"
11 }
12 '

SignInFailureEvent

1 curl --request POST \
2      --url https://api-sandbox.coinflow.cash/api/events \
3      --header 'Authorization: YOUR_API_KEY' \
4      --header 'content-type: application/json' \
5      --data '
6 {
7   "eventType": "SignInFailure",
8   "customerId": "user-123-abc",
9   "country": "US",
10   "email": "dwaynejohnson@gmail.com",
11   "failureReason": "Password Failed"
12 }
13 '

BuyerChallengeEvent

1 curl --request POST \
2      --url https://api-sandbox.coinflow.cash/api/events \
3      --header 'Authorization: YOUR_API_KEY' \
4      --header 'content-type: application/json' \
5      --data '
6 {
7   "eventType": "BuyerChallenge",
8   "type": "thirdPartyKyc",
9   "status": "successfullyFulfilled",
10   "customerId": "user-123-abc",
11   "country": "US",
12   "email": "dwaynejohnson@gmail.com"
13 }
14 '

Fetch a session key This creates a JWT token for the customer, and authorizes the user to call these endpoints. You will pass the returned session key as x-coinflow-auth-session-key header.

Request

1 curl --request GET \
2      --url https://api-sandbox.coinflow.cash/api/auth/session-key \
3      --header 'Authorization: YOUR_API_KEY' \
4      --header 'accept: application/json' \
5      --header 'x-coinflow-auth-user-id: customer123'

Response

{
  "key": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjdXN0b21lcklkIjoiY3VzdG9tZXIxMjMiLCJtZXJjaGFudElkIjoidHlsZWUiLCJpYXQiOjE3MzQzNjY4NDksImV4cCI6MTczNDQ1MzI0OX0.rxyzFgSZNtIR7KguHyb7MFq2xeDNKH2-3NA49eHH-7Y"
}

Get the Totals for the checkout to show the customer a quote inclusive of all fees.

Request

1 curl --request POST \
2      --url https://api-sandbox.coinflow.cash/api/checkout/totals/merchantId \
3      --header 'accept: application/json' \
4      --header 'content-type: application/json' \
5      --header 'x-coinflow-auth-session-key: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjdXN0b21lcklkIjoiY3VzdG9tZXIxMjMiLCJtZXJjaGFudElkIjoidHlsZWUiLCJpYXQiOjE3MzQzNjY4NDksImV4cCI6MTczNDQ1MzI0OX0.rxyzFgSZNtIR7KguHyb7MFq2xeDNKH2-3NA49eHH-7Y' \
6      --data '
7 {
8   "subtotal": {
9     "cents": 100
10   },
11   "settlementType": "USDC"
12 }
13 '

Response

{
  "card": {
    "subtotal": {
      "cents": 100
    },
    "creditCardFees": {
      "cents": 40
    },
    "chargebackProtectionFees": {
      "cents": 0
    },
    "gasFees": {
      "cents": 0
    },
    "total": {
      "cents": 140
    }
  },
  "ach": {
    "subtotal": {
      "cents": 100
    },
    "creditCardFees": {
      "cents": 100
    },
    "chargebackProtectionFees": {
      "cents": 0
    },
    "gasFees": {
      "cents": 0
    },
    "total": {
      "cents": 200
    }
  }
}

Tokenize the Credit Card Number. See tab: Tokenize New Card

Tokenize the checkout parameters. This encrypts the checkout parameters so bad actors cannot tamper with the checkout args.

Request

1 curl --location 'https://api-sandbox.coinflow.cash/api/checkout/jwt-token' \
2 --header 'Authorization: YOUR_API_KEY' \
3 --header 'accept: application/json' \
4 --header 'content-type: application/json' \
5 --data-raw '
6 {
7   "webhookInfo": {
8     "example": "{\"productId\":\"123abc\"}"
9   },
10   "subtotal": {
11     "currency": "USD",
12     "cents": 500
13   },
14   "email": "iamabuyer@gmail.com",
15   "blockchain": "solana",
16   "settlementType": "USDC",
17   "standaloneLinkConfig": {
18     "callbackUrl": "yourapp://checkout-complete",
19     "endUserDeviceIpAddress": "127.0.0.1"
20   }, // Only pass if implementing for your  mobile app
21   "chargebackProtectionData": [
22     {
23       "productName": "shield",
24       "quantity": 1,
25       "productType": "inGameProduct",
26       "rawProductData": {
27         "example": "{\"description\":\"a shield that can be used for a game on my website\", \"gameType\": \"action\", \"minUse\": \"once\", \"validDate\": \"one time use\"}"
28       }
29     }
30   ],
31   "supportEmail": "mysupportemail@mycompany.com"
32 }
33 '

Response

{
    "checkoutJwtToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjoi456C4oKW26LXgsmg4LiC44Cg6bCF5pWB6LCE7ICz55CX5ICW0ITjgIjsvLjUsOG2j-aLtOuypO6ngeGAgeqEhuiDrOuAgueAie6AgeyAi-i0uETsrovijIQ24aiU6YaR6qq46JSA7LC67Kej7K6C66i246G15YWE6qyc4rGY6ZSp46qH5bC84KaJXHVkYmE45JqZ55uoM1x1ZDg1MO6Lme2MkO6loOKBkOWPu-GKoO6Bo-qDkO6kouGHkOKDqeSomeOAoeqEouqToOWGk--jq-qDqOOvo-GHgO6OhuKMueKmoemZo-SemO2IseaBm-GHkeaBkeaHoOSUq-qHleWUoeyKueifu--kq-GEoO6EqemFouSyueWvpOOIkOWEkOuttO6FouqHoOWBle6UkOWMkeSzk-y3kuqHkOWKolx1ZGUxOeyFneuIhe6Bl-qNjO2Fo-GYkeaHkO6vue6HreuRjOOwv-i5r-6GouqGoueRlOmKn-y6g-eOkOuAkO2InuiTgeaHge2DqOylosuW7ISN3ZnvkYjgooLhqq3qnoXtg4jksKjlmKLhqabqh4zpkazlvJ7pg4DgqYDjlLHtkLzhmKfknoLkg5zqi77mkJfooqroiaLqgJzpkr7lqoLonIPtiqjgsZ3ihpRcdWRmYzbkmKXigabuoLrhjKnkpbLlgr3suIjnurHgoaXkgYPgq7rmtafil4HgpbHsg5DpibvnobnguafrhInuro3ngbbPguGOo-qLhOG4iOG8neC4huSMoeWzpuS8jem_geCuhOqdtOekoO2Sn-2Jp-2Pg-KNhlx1ZDgwY-CmjuCoi-ickO6YjuqmkeGng-aThualkOShlOOukOG9oOimkOyqpOiDs-ykg-SHmuiMse-5lOKUgOKcgOGUoO6zmOqrkeW0h-aes-GXisaz5ruL4Kap2LDsq7_mkJ3pjK_vkpron6XlmLjlsJvksavrmJjso4jeieWuv-OQn-Syj-63vMuBXHVkOGU57IaU5biY76WD3Yrki6jjp6XgoJzjppfmuoztnoruqovsjJvusL3jgavri6jrmKnqrIvhgo7Ng-SLhOWEm-66oOOCjuKUpOaPmO6Ct-SMsOuzsuu9puWLvuGgpuqKk-mQoeC6g-WhhO-4h-K4iO6Cjeq0k-qqkuisnuSEkOSIv-KBjeqCguaotOK-o-ywn-C4quOItuiWtuq8ieuDoeGJhOunpuGGu-itheu6seOVruiDlOqgmuqYhuezvuG5oeavkOaoleyKkeaJuOChi-OMhNCT27vvq6LqmojmgKnroYzklJHikpHijqXljoLloLrguoLlgovhqqnqh4rvqbvmvpHupKBcdTAwMGLukIAiLCJtZXJjaGFudElkIjoidGVzdHRlc3QiLCJpZGVtcG90ZW5jeUtleSI6IklLODZjMDdkM2MtMWRmZi00YTY1LTg0YWYtYThjNTkxNmQyYTZiIiwic3VidG90YWwiOnsiY3VycmVuY3kiOiJVU0QiLCJjZW50cyI6NTAwfSwiaWF0IjoxNzQ2MTQ1NzQ3LCJleHAiOjE3NDYyMzIxNDd9.iCl3jxVihLH6Z2Oq6i1jiKtcyJ3j9kyjT676NzF7Zqs"
}

Enable a New Card Checkout This endpoint will enable a new user who has never made a purchase to complete their purchase with a credit card. Below is an example of how you’d call the card checkout endpoint:

Request

1 curl --location 'https://api-sandbox.coinflow.cash/api/checkout/card/testtest' \
2 --header 'accept: application/json' \
3 --header 'content-type: application/json' \
4 --header 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36' \
5 --header 'x-coinflow-auth-session-key: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjdXN0b21lcklkIjoiY3VzdG9tZXIxMjMiLCJtZXJjaGFudElkIjoidGVzdHRlc3QiLCJpYXQiOjE3NDYxNDU4MTEsImV4cCI6MTc0NjIzMjIxMX0.uJsjBHVnQ8wg5jSjqJUh8mz6IAqcy9lZuIknZCgINNo' \
6 --header 'x-coinflow-client-ip: 64.227.3.71' \
7 --header 'x-device-id: 123456789' \
8 --data-raw '
9 {
10   "subtotal": {
11     "currency": "USD",
12     "cents": 500
13   },
14   "card": {
15     "cardToken": "411111YJM5TX1111",
16     "expYear": "30",
17     "expMonth": "10",
18     "email": "iamapayer@gmail.com",
19     "firstName": "Dwayne",
20     "lastName": "Johnson",
21     "address1": "380 Prospect Ave",
22     "city": "Brooklyn",
23     "zip": "11215",
24     "state": "NY",
25     "country": "US"
26   },
27   "jwtToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjoi456C4oKW26LXgsmg4LiC44Cg6bCF5pWB6LCE7ICz55CX5ICW0ITjgIjsvLjUsOG2j-aLtOuypO6ngeGAgeqEhuiDrOuAgueAie6AgeyAi-i0uETsrovijIQ24aiU6YaR6qq46JSA7LC67Kej7K6C66i246G15YWE6qyc4rGY6ZSp46qH5bC84KaJXHVkYmE45JqZ55uoM1x1ZDg1MO6Lme2MkO6loOKBkOWPu-GKoO6Bo-qDkO6kouGHkOKDqeSomeOAoeqEouqToOWGk--jq-qDqOOvo-GHgO6OhuKMueKmoemZo-SemO2IseaBm-GHkeaBkeaHoOSUq-qHleWUoeyKueifu--kq-GEoO6EqemFouSyueWvpOOIkOWEkOuttO6FouqHoOWBle6UkOWMkeSzk-y3kuqHkOWKolx1ZGUxOeyFneuIhe6Bl-qNjO2Fo-GYkeaHkO6vue6HreuRjOOwv-i5r-6GouqGoueRlOmKn-y6g-eOkOuAkO2InuiTgeaHge2DqOylosuW7ISN3ZnvkYjgooLhqq3qnoXtg4jksKjlmKLhqabqh4zpkazlvJ7pg4DgqYDjlLHtkLzhmKfknoLkg5zqi77mkJfooqroiaLqgJzpkr7lqoLonIPtiqjgsZ3ihpRcdWRmYzbkmKXigabuoLrhjKnkpbLlgr3suIjnurHgoaXkgYPgq7rmtafil4HgpbHsg5DpibvnobnguafrhInuro3ngbbPguGOo-qLhOG4iOG8neC4huSMoeWzpuS8jem_geCuhOqdtOekoO2Sn-2Jp-2Pg-KNhlx1ZDgwY-CmjuCoi-ickO6YjuqmkeGng-aThualkOShlOOukOG9oOimkOyqpOiDs-ykg-SHmuiMse-5lOKUgOKcgOGUoO6zmOqrkeW0h-aes-GXisaz5ruL4Kap2LDsq7_mkJ3pjK_vkpron6XlmLjlsJvksavrmJjso4jeieWuv-OQn-Syj-63vMuBXHVkOGU57IaU5biY76WD3Yrki6jjp6XgoJzjppfmuoztnoruqovsjJvusL3jgavri6jrmKnqrIvhgo7Ng-SLhOWEm-66oOOCjuKUpOaPmO6Ct-SMsOuzsuu9puWLvuGgpuqKk-mQoeC6g-WhhO-4h-K4iO6Cjeq0k-qqkuisnuSEkOSIv-KBjeqCguaotOK-o-ywn-C4quOItuiWtuq8ieuDoeGJhOunpuGGu-itheu6seOVruiDlOqgmuqYhuezvuG5oeavkOaoleyKkeaJuOChi-OMhNCT27vvq6LqmojmgKnroYzklJHikpHijqXljoLloLrguoLlgovhqqnqh4rvqbvmvpHupKBcdTAwMGLukIAiLCJtZXJjaGFudElkIjoidGVzdHRlc3QiLCJpZGVtcG90ZW5jeUtleSI6IklLODZjMDdkM2MtMWRmZi00YTY1LTg0YWYtYThjNTkxNmQyYTZiIiwic3VidG90YWwiOnsiY3VycmVuY3kiOiJVU0QiLCJjZW50cyI6NTAwfSwiaWF0IjoxNzQ2MTQ1NzQ3LCJleHAiOjE3NDYyMzIxNDd9.iCl3jxVihLH6Z2Oq6i1jiKtcyJ3j9kyjT676NzF7Zqs"
28 }
29 '

Response

{
  "paymentId": "f3fc8a34-680b-4b91-905b-1db5628bbb0e"
}

Re-tokenize a saved card number. See tab: Refresh Token w/ CVV
Enable a Saved Card Checkout This endpoint will enable a returning user to complete a purchase with a previously saved card. The returning user will need to enter their CVV before confirming the purchase. Once you’ve retrieved the refreshed card token, pass it into the Saved Card Checkout endpoint. Below is an example request:

Request

1 curl --location 'https://api-sandbox.coinflow.cash/api/checkout/token/testtest' \
2 --header 'accept: application/json' \
3 --header 'content-type: application/json' \
4 --header 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36' \
5 --header 'x-coinflow-auth-session-key: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjdXN0b21lcklkIjoiY3VzdG9tZXIxMjMiLCJtZXJjaGFudElkIjoidHlsZWUiLCJpYXQiOjE3MzQzNjY4NDksImV4cCI6MTczNDQ1MzI0OX0.rxyzFgSZNtIR7KguHyb7MFq2xeDNKH2-3NA49eHH-7Y' \
6 --header 'x-coinflow-client-ip: 64.227.3.71' \
7 --header 'x-device-id: 123456789' \
8 --data '
9 {
10   "subtotal": {
11     "currency": "USD",
12     "cents": 500
13   },
14   "jwtToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjoi456C4oKW26LXgsmg4LiC44Cg6bCF5pWB6LCE7ICz55CX5ICW0ITjgIjsvLjUsOG2j-aLtOuypO6ngeGAgeqEhuiDrOuAgueAie6AgeyAi-i0uETsrovijIQ24aiU6YaR6qq46JSA7LC67Kej7K6C66i246G15YWE6qyc4rGY6ZSp46qH5bC84KaJXHVkYmE45JqZ55uoM1x1ZDg1MO6Lme2MkO6loOKBkOWPu-GKoO6Bo-qDkO6kouGHkOKDqeSomeOAoeqEouqToOWGk--jq-qDqOOvo-GHgO6OhuKMueKmoemZo-SemO2IseaBm-GHkeaBkeaHoOSUq-qHleWUoeyKueifu--kq-GEoO6EqemFouSyueWvpOOIkOWEkOuttO6FouqHoOWBle6UkOWMkeSzk-y3kuqHkOWKolx1ZGUxOeyFneuIhe6Bl-qNjO2Fo-GYkeaHkO6vue6HreuRjOOwv-i5r-6GouqGoueRlOmKn-y6g-eOkOuAkO2InuiTgeaHge2DqOylosuW7ISN3ZnvkYjgooLhqq3qnoXtg4jksKjlmKLhqabqh4zpkazlvJ7pg4DgqYDjlLHtkLzhmKfknoLkg5zqi77mkJfooqroiaLqgJzpkr7lqoLonIPtiqjgsZ3ihpRcdWRmYzbkmKXigabuoLrhjKnkpbLlgr3suIjnurHgoaXkgYPgq7rmtafil4HgpbHsg5DpibvnobnguafrhInuro3ngbbPguGOo-qLhOG4iOG8neC4huSMoeWzpuS8jem_geCuhOqdtOekoO2Sn-2Jp-2Pg-KNhlx1ZDgwY-CmjuCoi-ickO6YjuqmkeGng-aThualkOShlOOukOG9oOimkOyqpOiDs-ykg-SHmuiMse-5lOKUgOKcgOGUoO6zmOqrkeW0h-aes-GXisaz5ruL4Kap2LDsq7_mkJ3pjK_vkpron6XlmLjlsJvksavrmJjso4jeieWuv-OQn-Syj-63vMuBXHVkOGU57IaU5biY76WD3Yrki6jjp6XgoJzjppfmuoztnoruqovsjJvusL3jgavri6jrmKnqrIvhgo7Ng-SLhOWEm-66oOOCjuKUpOaPmO6Ct-SMsOuzsuu9puWLvuGgpuqKk-mQoeC6g-WhhO-4h-K4iO6Cjeq0k-qqkuisnuSEkOSIv-KBjeqCguaotOK-o-ywn-C4quOItuiWtuq8ieuDoeGJhOunpuGGu-itheu6seOVruiDlOqgmuqYhuezvuG5oeavkOaoleyKkeaJuOChi-OMhNCT27vvq6LqmojmgKnroYzklJHikpHijqXljoLloLrguoLlgovhqqnqh4rvqbvmvpHupKBcdTAwMGLukIAiLCJtZXJjaGFudElkIjoidGVzdHRlc3QiLCJpZGVtcG90ZW5jeUtleSI6IklLODZjMDdkM2MtMWRmZi00YTY1LTg0YWYtYThjNTkxNmQyYTZiIiwic3VidG90YWwiOnsiY3VycmVuY3kiOiJVU0QiLCJjZW50cyI6NTAwfSwiaWF0IjoxNzQ2MTQ1NzQ3LCJleHAiOjE3NDYyMzIxNDd9.iCl3jxVihLH6Z2Oq6i1jiKtcyJ3j9kyjT676NzF7Zqs",
15   "token": "411111YJM5TX1111"
16 }
17 '

Response

{
  "paymentId": "0090c04b-1ae8-4672-a108-32874df36f11"
}

Optional Implementation: Get payment by id This endpoint allows your to get details about the payment.

Request

1 curl --request GET \
2      --url https://api-sandbox.coinflow.cash/api/merchant/payments/enhanced/21d842d0-564b-4957-961e-d91ad98aa04b \
3      --header 'Authorization: YOUR_API_KEY' \
4      --header 'accept: application/json'

Response

{
  "info": {
    "firstName": "Dwayne",
    "lastName": "Johnson",
    "email": "customer@email.com",
    "streetAddress": "385 Prospect Ave",
    "city": "Brooklyn",
    "state": "NY",
    "zip": "11215",
    "country": "US",
    "bin": "411111",
    "ip": "35.160.120.126",
    "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36",
    "expMonth": "10",
    "expYear": "30",
    "ipLocation": {
      "lat": "45.5235",
      "lon": "-122.676",
      "country": "United States",
      "region": "OR",
      "isp": "Amazon.com, Inc.",
      "city": "Portland",
      "zip": "97207"
    },
    "deviceInfo": {
      "ua": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36",
      "browser": {
        "name": "Chrome",
        "version": "131.0.0.0",
        "major": "131"
      },
      "engine": {
        "name": "Blink",
        "version": "131.0.0.0"
      },
      "os": {
        "name": "Mac OS",
        "version": "10.15.7"
      },
      "device": {
        "vendor": "Apple",
        "model": "Macintosh"
      },
      "cpu": {}
    }
  }
}

At this point, you’ve successfully made a purchase with a new card and with a saved card. Next, lets add 3DS for card purchases. Please reach out to the Coinflow team when you’ve reached this step so we can configure 3DS on your account.

Adding 3DS to Card Checkout

Follow the below recipe to learn how to add 3DS to your new card and saved card requests.

Complete Checkout with 3DS Challenge

Adding Chargeback Protection

SignUpEvent

1 curl --request POST \
2      --url https://api-sandbox.coinflow.cash/api/events \
3      --header 'Authorization: YOUR_API_KEY' \
4      --header 'content-type: application/json' \
5      --data '
6 {
7   "eventType": "SignUp",
8   "customerId": "user-123-abc",
9   "country": "US",
10   "username": "therock72",
11   "email": "dwaynejohnson@gmail.com",
12   "firstName": "Dwayne",
13   "lastName": "Johnson"
14 }
15 '

SignInEvent

1 curl --request POST \
2      --url https://api-sandbox.coinflow.cash/api/events \
3      --header 'Authorization: YOU_API_KEY' \
4      --header 'content-type: application/json' \
5      --data '
6 {
7   "eventType": "SignIn",
8   "customerId": "user-123-abc",
9   "country": "US",
10   "email": "dwaynejohnson@gmail.com"
11 }
12 '

SignInFailureEvent

1 curl --request POST \
2      --url https://api-sandbox.coinflow.cash/api/events \
3      --header 'Authorization: YOUR_API_KEY' \
4      --header 'content-type: application/json' \
5      --data '
6 {
7   "eventType": "SignInFailure",
8   "customerId": "user-123-abc",
9   "country": "US",
10   "email": "dwaynejohnson@gmail.com",
11   "failureReason": "Password Failed"
12 }
13 '

BuyerChallengeEvent

1 curl --request POST \
2      --url https://api-sandbox.coinflow.cash/api/events \
3      --header 'Authorization: YOUR_API_KEY' \
4      --header 'content-type: application/json' \
5      --data '
6 {
7   "eventType": "BuyerChallenge",
8   "type": "thirdPartyKyc",
9   "status": "successfullyFulfilled",
10   "customerId": "user-123-abc",
11   "country": "US",
12   "email": "dwaynejohnson@gmail.com"
13 }
14 '

Add the chargeback protection script to every page of your app. This script allows our provider to analyze user behavior and determine if the behavior could lead to fraud.
- On sandbox, partnerId = COINFTEST
Pass the chargebackProtectionData object to the new and saved card checkout as well as the below headers. See an example of what the request will look like when you pass chargeback protection data to the new card checkout endpoint.
- x-device-id - Get this after adding the script in step 1
- x-coinflow-client-ip- the payer’s ip address
- user-agent - the payer’s User Agent

Checkout Link Implementation

SignUpEvent

1 curl --request POST \
2      --url https://api-sandbox.coinflow.cash/api/events \
3      --header 'Authorization: YOUR_API_KEY' \
4      --header 'content-type: application/json' \
5      --data '
6 {
7   "eventType": "SignUp",
8   "customerId": "user-123-abc",
9   "country": "US",
10   "username": "therock72",
11   "email": "dwaynejohnson@gmail.com",
12   "firstName": "Dwayne",
13   "lastName": "Johnson"
14 }
15 '

SignInEvent

1 curl --request POST \
2      --url https://api-sandbox.coinflow.cash/api/events \
3      --header 'Authorization: YOU_API_KEY' \
4      --header 'content-type: application/json' \
5      --data '
6 {
7   "eventType": "SignIn",
8   "customerId": "user-123-abc",
9   "country": "US",
10   "email": "dwaynejohnson@gmail.com"
11 }
12 '

SignInFailureEvent

1 curl --request POST \
2      --url https://api-sandbox.coinflow.cash/api/events \
3      --header 'Authorization: YOUR_API_KEY' \
4      --header 'content-type: application/json' \
5      --data '
6 {
7   "eventType": "SignInFailure",
8   "customerId": "user-123-abc",
9   "country": "US",
10   "email": "dwaynejohnson@gmail.com",
11   "failureReason": "Password Failed"
12 }
13 '

BuyerChallengeEvent

1 curl --request POST \
2      --url https://api-sandbox.coinflow.cash/api/events \
3      --header 'Authorization: YOUR_API_KEY' \
4      --header 'content-type: application/json' \
5      --data '
6 {
7   "eventType": "BuyerChallenge",
8   "type": "thirdPartyKyc",
9   "status": "successfullyFulfilled",
10   "customerId": "user-123-abc",
11   "country": "US",
12   "email": "dwaynejohnson@gmail.com"
13 }
14 '

Call the Get Checkout Link endpoint This endpoint creates a checkout link which you can redirect a user to or embed in an iframe within your application.

Request

1 curl --request POST \
2      --url https://api-sandbox.coinflow.cash/api/checkout/link \
3      --header 'Authorization: YOUR_API_KEY' \
4      --header 'accept: application/json' \
5      --header 'content-type: application/json' \
6      --header 'x-coinflow-auth-user-id: user123' \
7      --data '
8 {
9   "subtotal": {
10     "currency": "USD",
11     "cents": 500
12   },
13   "email": "payer@gmail.com",
14   "blockchain": "solana",
15   "settlementType": "USDC"
16 }
17 '

Response

1 {
2   "link": "https://sandbox.coinflow.cash/solana/purchase-v2/testtest?sessionKey=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjdXN0b21lcklkIjoidXNlcjEyMyIsIm1lcmNoYW50SWQiOiJ0ZXN0dGVzdCIsImlhdCI6MTc0MTgwNTczNCwiZXhwIjoxNzQxODkyMTM0fQ.ycTnKxQKF4Q__HOK3WGJDt0E2ZpfbAgK9B_Gjmp0_dY&cents=500&currency=USD&email=payer%40gmail.com&useHeightChange=true&jwtToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjoi456C4oKW26LXgtGg45iC64CD6IKM06DgrJbjmqXqooDgsIPjgaDjrIDimZjpkYrkkaDogabEs-mWk8iY6ICN4KCC6aCD64CM5oCJ7ICn6ICHLu-0qMSU7rS76rCM4qKx4oOE6KSJ5ait4qilXHVkOTQ16IiE7Iy46Zic4qy_5LuC7YyK4rmFxLTvtoTpnK_slr7RheOkkeqCsuePqOaMiuWEoOuBoueAuueOk-Ctq-aFk--Bo--CoOiUseaOkeKJsOKCoOqJkOugouWPseyFoOadhumvseKFu-mAoOWisuqHgOqAouOdleGCseaCoeyCkOuEsOuUk--QoO-UkOKGoOiYueOJke2Hg-SUsOmCoueuheyCltmy5YyI6oGj75-x66ya46qX7Jak6ryK6aOk5oO46Z2V6p2U4Zmv6YeB6oCw56Si46KM6YOH74Cg7oaZ4o285byV5rK04ZCmXHVkZmEz5JOB4oGW5qC0452R6oqC5o6R46Gd0LnHqOiuqOa2rOCht-GYie6ThuKhheOiiOS6i-CoouyEo-SIhuegrOG9kuiGteuMmeaZnOS-lOyGje2esuKItO-kutiN5Iem4YW467qO4oKv5K-l4Zen5YeC5qSM4pSM7LaE7oqw5KCo6omm5LSu65ax45eS0ajqpJnsp4TthLjpgqPitL7ruq_ulKPjhLTkq4HpkZnEkuyMiumBtO6hjem-hOSaqu6OhOi1gei1kOKWkOSdvOWArOKZk-GdpOajqeGAkueBkeiBkOa4kOuGoOSjvOaTlemerOKCu-q3iOWNneiek-iukuyEkeKIqOecouCtj-mfoeWBmuaViuGhn-GJgeWlpOmzge-ql-yFn-yLq-utku-puOmeqVx1ZGViNeaElO6Ciu66r-KGgeiTseGBrOS6p-mImuqmg-iMueirn-OMiuO5ruaSoeKLkOGEqeiwpuKim-iKk-iYrOedluGsneCys-aGo-qitOOMgcWI47Wl54mw55OizoHqg47joLrlsa3pjJrji4frgJDqmJrXkO6hv-OPrO-rluagk-CimO2DqOO8iuyIoO6MuuywoeOChemUjeiFoOO0huCsseyCs-GupuOFkOSQtOybgu2CuOiOi-ymvuaYuVx1MDAwYuaLnFx1MDAwYu6QgCIsIm1lcmNoYW50SWQiOiJ0ZXN0dGVzdCIsImlkZW1wb3RlbmN5S2V5IjoiSUtjOTc2MWM4Yi1mM2FjLTRhYjktOWU0My1lMGM5Yjk0ZmQwMzUiLCJzdWJ0b3RhbCI6eyJjdXJyZW5jeSI6IlVTRCIsImNlbnRzIjo1MDB9LCJpYXQiOjE3NDE4MDU3MzQsImV4cCI6MTc0MTg5MjEzNH0.76VvN_lJI777IcdU7cUMLz-vYdiC8jX1cOMynU3X8tI"
3 }

👍 Want to trigger your own on success events?

You can listen to success event messages and get the payment id or pass your own function!

<iframe
        allow="payment"
        src="COINFLOW_CHECKOUT_URL"
        onLoad={() => {
          window.addEventListener('message', event => {
            if (typeof event.data === 'string' ) {
              const data = JSON.parse(event.data);
            if (data.data === 'success') {
              console.log('payment id', data.info.paymentId)
            }
          }
          });
        }}
      />

Customize the UI colors and branding from your dashboard

Whitelist your url By whitelisting your domain, checkout can only be completed on your domain. This protects against bad actors trying to take your checkout link and injecting it onto their site.

React SDK Implementation

SignUpEvent

1 curl --request POST \
2      --url https://api-sandbox.coinflow.cash/api/events \
3      --header 'Authorization: YOUR_API_KEY' \
4      --header 'content-type: application/json' \
5      --data '
6 {
7   "eventType": "SignUp",
8   "customerId": "user-123-abc",
9   "country": "US",
10   "username": "therock72",
11   "email": "dwaynejohnson@gmail.com",
12   "firstName": "Dwayne",
13   "lastName": "Johnson"
14 }
15 '

SignInEvent

1 curl --request POST \
2      --url https://api-sandbox.coinflow.cash/api/events \
3      --header 'Authorization: YOU_API_KEY' \
4      --header 'content-type: application/json' \
5      --data '
6 {
7   "eventType": "SignIn",
8   "customerId": "user-123-abc",
9   "country": "US",
10   "email": "dwaynejohnson@gmail.com"
11 }
12 '

SignInFailureEvent

1 curl --request POST \
2      --url https://api-sandbox.coinflow.cash/api/events \
3      --header 'Authorization: YOUR_API_KEY' \
4      --header 'content-type: application/json' \
5      --data '
6 {
7   "eventType": "SignInFailure",
8   "customerId": "user-123-abc",
9   "country": "US",
10   "email": "dwaynejohnson@gmail.com",
11   "failureReason": "Password Failed"
12 }
13 '

BuyerChallengeEvent

1 curl --request POST \
2      --url https://api-sandbox.coinflow.cash/api/events \
3      --header 'Authorization: YOUR_API_KEY' \
4      --header 'content-type: application/json' \
5      --data '
6 {
7   "eventType": "BuyerChallenge",
8   "type": "thirdPartyKyc",
9   "status": "successfullyFulfilled",
10   "customerId": "user-123-abc",
11   "country": "US",
12   "email": "dwaynejohnson@gmail.com"
13 }
14 '

Install Coinflow package

npm i @coinflowlabs/react

Generate a session key for the payer.

Request

1 curl --request GET \
2      --url https://api-sandbox.coinflow.cash/api/auth/session-key \
3      --header 'Authorization: YOUR_API_KEY' \
4      --header 'accept: application/json' \
5      --header 'x-coinflow-auth-user-id: user123'

Response

1 {
2   "key": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjdXN0b21lcklkIjoidXNlcjEyMyIsIm1lcmNoYW50SWQiOiJ0ZXN0dGVzdCIsImlhdCI6MTc0MTgwNTk3MywiZXhwIjoxNzQxODkyMzczfQ.mau9HPQXZQ040-bkQ0tMg57N9IVTbEQZMtV4O9kgkjg"
3 }

🚧 Session keys are valid for 30 minutes and must be refreshed afterwards.

Tokenize the checkout parameters. This encrypts the checkout parameters so bad actors cannot tamper with the checkout args.

Request

1 curl --request POST \
2         --url https://api-sandbox.coinflow.cash/api/checkout/jwt-token \
3         --header 'Authorization: YOUR_API_KEY' \
4         --header 'accept: application/json' \
5         --header 'content-type: application/json' \
6         --data '
7    {
8      "webhookInfo": {
9        "example": "{\"description\":\"asdF\"}"
10      },
11      "subtotal": {
12        "currency": "USD",
13        "cents": 500
14      },
15      "email": "iamapayer@gmail.com",
16      "blockchain": "solana",
17      "chargebackProtectionData": [
18        {
19          "productType": "inGameProduct",
20          "rawProductData": {
21            "example": "{\"deposit amount\": 5}"
22          },
23          "productName": "deposit",
24          "quantity": 1
25        }
26      ],
27      "settlementType": "USDC"
28    }
29    '

Response

 {
     "checkoutJwtToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjoi456C4oKW26LXguCjgOKYgueAleiAnN2j5IGM4LGn46CD5oOb4LCF44CQ7Iqy4YCF6KSz4KCI7KaczLDGkOuhgNqE44iA7rWwybDgp6DHgOCumeawgOSQqeSio0LgsJ3njaPmoYXItOa1ku6AjOyFieKmlOiTke67iOWCguWxiOmroOSNuO65suOou-mUremsreWZqOSytueBrOeBpOGgqOSZiOaxrOKhiOiRpOmitOGxiOG7vuuYnOeDmOeBjOChhuCglOuTiOunuOyYlOawmOqXtuujvuSyuuuSnOy7mOqglOSZqOahpOeVrOiwmOShsOKglOaphuGhjOuXjeiRhuaStOSZjFx1ZGQxY-K7k-uQlFx1ZDg2NO-kqOmUq-qHg-6Xqu-pmuySoeGxhuSVhueDquqYiOmHlOShmuGzmOKgnOaikeSuuFx1ZGExOOebvuKisuuguOiSqdOD4LCy4Y6B7IqZ5LO045Cb6qeM4o2D6Iyc7KOR4ZKt4ZyC6I2h6oCy44SMzZPSheyHmeixmOOyhsyE5IWC7oCo5LCO46uJ0rfvg6Dos6jMmOWqguiMi-qSjOu4nOqdkuivsuerpeWljOGmlemCi-6ZmeyFsOuItOCouuKDpeqCoeuAnOiImeGciuyNqeaIiuSxseWkrtek64S4XHVkODRi4YiN6LqnwqDngLjojJrhnIzsrYLpm43rqI3jjKbotoztmJjigYLlkoTihILoloXpi5HtkafijJHolZTogYLosoHnlZvmmonohYDnhbHooLTrjIXcr-mWou2GsOSwsuGchOm6g-qrmOGBmeieoOyfoemhiOWBsOGSqeWohOyzkO6rm-yhmeOQrOaAq-STqeGnpuSxteCoquWSgO6JkuqwnuGBmtys6Yax4rGQ5JS46rSH6ICF74iAIiwibWVyY2hhbnRJZCI6InRlc3R0ZXN0IiwiaWRlbXBvdGVuY3lLZXkiOiJJSzVlZWE3YzI3LWEyMjgtNDcyMC1iYTVkLWI1ZDA0ZDUzMzA3MCIsInN1YnRvdGFsIjp7ImN1cnJlbmN5IjoiVVNEIiwiY2VudHMiOjUwMH0sImlhdCI6MTc0Mjg1NTY3OCwiZXhwIjoxNzQyOTQyMDc4fQ.2dGfWnazfyHaz_uEWKM9RU-jh-tXUSMPFZJdNvmMPwo"
   }

Implement the Coinflow Checkout Component.

1 <CoinflowPurchase
2       sessionKey={'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjdXN0b21lcklkIjoidXNlcjEyMyIsIm1lcmNoYW50SWQiOiJ0ZXN0dGVzdCIsImlhdCI6MTc0MTgwNTk3MywiZXhwIjoxNzQxODkyMzczfQ.mau9HPQXZQ040-bkQ0tMg57N9IVTbEQZMtV4O9kgkjg'}
3       merchantId={'testtest'} // Replace with your merchantId
4       env={'sandbox'}
5       onSuccess={(...args) => {
6         console.log('Purchase Success', args); // Redirect the user
7       }}
8       settlementType={SettlementType.USDC}
9       subtotal={{cents: 300, currency: Currency.USD}} // Amount purchase is in (exclude prop if user is to choose a custom amount)
10       webhookInfo={{
11         itemName: "sword",
12         price: "10.99"
13       }} // Pass the webhook data you want to receive
14       email={'user@email.com'} // User's email address
15       chargebackProtectionData={[{
16         productName: 'Sword',
17         productType: "inGameProduct", // Get this value directly from Coinflow
18         quantity: 1,
19         rawProductData: { // Adjust based on the available product data
20           productID: "sword12345",
21           productDescription: "A legendary sword with magical powers.",
22           productCategory: "Weapon",
23           weight: "15 lbs",
24           dimensions: "40 in x 5 in",
25           origin: "Ancient Kingdom",
26           craftedBy: "Master Blacksmith",
27           craftingDate: "2024-06-19",
28         },
29       }]}
30 		jwtToken = {'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjoi456C4oKW26LXguCjgOKYgueAleiAnN2j5IGM4LGn46CD5oOb4LCF44CQ7Iqy4YCF6KSz4KCI7KaczLDGkOuhgNqE44iA7rWwybDgp6DHgOCumeawgOSQqeSio0LgsJ3njaPmoYXItOa1ku6AjOyFieKmlOiTke67iOWCguWxiOmroOSNuO65suOou-mUremsreWZqOSytueBrOeBpOGgqOSZiOaxrOKhiOiRpOmitOGxiOG7vuuYnOeDmOeBjOChhuCglOuTiOunuOyYlOawmOqXtuujvuSyuuuSnOy7mOqglOSZqOahpOeVrOiwmOShsOKglOaphuGhjOuXjeiRhuaStOSZjFx1ZGQxY-K7k-uQlFx1ZDg2NO-kqOmUq-qHg-6Xqu-pmuySoeGxhuSVhueDquqYiOmHlOShmuGzmOKgnOaikeSuuFx1ZGExOOebvuKisuuguOiSqdOD4LCy4Y6B7IqZ5LO045Cb6qeM4o2D6Iyc7KOR4ZKt4ZyC6I2h6oCy44SMzZPSheyHmeixmOOyhsyE5IWC7oCo5LCO46uJ0rfvg6Dos6jMmOWqguiMi-qSjOu4nOqdkuivsuerpeWljOGmlemCi-6ZmeyFsOuItOCouuKDpeqCoeuAnOiImeGciuyNqeaIiuSxseWkrtek64S4XHVkODRi4YiN6LqnwqDngLjojJrhnIzsrYLpm43rqI3jjKbotoztmJjigYLlkoTihILoloXpi5HtkafijJHolZTogYLosoHnlZvmmonohYDnhbHooLTrjIXcr-mWou2GsOSwsuGchOm6g-qrmOGBmeieoOyfoemhiOWBsOGSqeWohOyzkO6rm-yhmeOQrOaAq-STqeGnpuSxteCoquWSgO6JkuqwnuGBmtys6Yax4rGQ5JS46rSH6ICF74iAIiwibWVyY2hhbnRJZCI6InRlc3R0ZXN0IiwiaWRlbXBvdGVuY3lLZXkiOiJJSzVlZWE3YzI3LWEyMjgtNDcyMC1iYTVkLWI1ZDA0ZDUzMzA3MCIsInN1YnRvdGFsIjp7ImN1cnJlbmN5IjoiVVNEIiwiY2VudHMiOjUwMH0sImlhdCI6MTc0Mjg1NTY3OCwiZXhwIjoxNzQyOTQyMDc4fQ.2dGfWnazfyHaz_uEWKM9RU-jh-tXUSMPFZJdNvmMPwo'}
31     />

Customize the UI on your dashboard
Whitelist your url By whitelisting your domain, checkout can only be completed on your domain. This protects against bad actors trying to take your checkout link and injecting it onto their site.