Endpoints
POST /v2/secure-paymentsβ Create a secure payment (incoming, single or batch on EVM; single only on Tron)POST /v2/secure-payments/payoutsβ Create a hosted secure payout link (outgoing payment to a recipient)GET /v2/secure-paymentsβ Lookup by request IDGET /v2/secure-payments/:tokenβ Get payment metadataGET /v2/secure-payments/:token/payβ Get payment calldataPOST /v2/secure-payments/:token/intentβ Record crosschain payment intentPOST /v2/secure-payments/multicall-payoutsβ Combine multiple existing payout links into one multicall linkGET /v2/secure-payments/multicall-payouts/:tokenβ Get multicall payout details (operator/session auth)
Authentication
| Endpoint | Supported auth |
|---|---|
POST /v2/secure-payments | x-api-key, x-client-id + Origin, session, or orchestrator pair |
GET /v2/secure-payments | Session only |
GET /v2/secure-payments/:token | x-client-id (+ Origin) |
GET /v2/secure-payments/:token/pay | x-client-id (+ Origin) |
POST /v2/secure-payments/:token/intent | x-client-id (+ Origin) |
POST /v2/secure-payments/multicall-payouts | x-api-key, x-client-id + Origin, session, or orchestrator pair |
GET /v2/secure-payments/multicall-payouts/:token | Session only |
POST /v2/secure-payments
Create a secure payment entry and return a hosted payment URL.Request fields
Array of payment requests. One item creates a single payment. Multiple items create a batch payment.
ERC-7828 composite destination ID encoding payee wallet, chain, and token. Format:
{interopAddress}:{tokenAddress}. Optional when the authenticated client ID has a bound payee destination.Human-readable payment amount (e.g.,
"10.50"). Must be greater than 0.Optional fee percentage from
0 to 100 (e.g., "2.5" for 2.5%).Optional fee recipient address. Required when
feePercentage is set.Optional merchant reference for reconciliation (max 255 chars).
Optional payer identifier (max 255 chars).
Optional
http(s) URL displayed as a button on the success screen. After a successful payment the payer can click the button to return to your site β there is no auto-redirect. Only safe URLs are accepted: scheme must be http or https, and the value must not contain HTML/script payload characters (<, >, ", ', `, whitespace).Optional button label for the redirect (1β255 chars). Defaults to βGo Back and Closeβ when omitted. Cannot include HTML control characters (
<, >, &, ", ', `). Cannot be set without redirectUrl β the API rejects with 400 redirectLabel cannot be provided without redirectUrl.Error responses
400: invalid body or unsupported secure payment configuration401: unauthorized429: rate limited
POST /v2/secure-payments/payouts
Create a hosted secure payout link β an outgoing single-recipient payment URL the payer (you) opens to sign and broadcast the transaction. Useful for sending payments to contractors, vendors, or any external recipient when you want a hosted UI instead of executing calldata yourself.Request fields
Recipient wallet address. EVM
0x... or Tron T... format.Wallet that created the payout (typically the payer wallet).
Destination network. Values:
mainnet, arbitrum-one, optimism, base, matic, bsc, tron, sepolia.Payment currency in
<symbol>-<network> form, e.g. USDC-base, USDT-tron, FAU-sepolia.Human-readable amount (e.g.,
"100").Optional merchant reference (max 255 chars).
Optional recipient identifier (max 255 chars).
Optional fee percentage from
0 to 100.Optional fee recipient address. Required when
feePercentage is set.Optional
http(s) URL rendered as a button on the success screen for the signer to return to your app. Same validation rules as on POST /v2/secure-payments β see above.Optional button label (1β255 chars). Defaults to βGo Back and Closeβ. Cannot be set without
redirectUrl.Error responses
400: invalid body, unsupported network/currency, or batch attempt on Tron401: unauthorized429: rate limited
GET /v2/secure-payments
Lookup a secure payment by request ID. Requires a SIWE wallet session.Query parameters
The request ID to look up.
Error responses
404: secure payment not found for the given request ID
GET /v2/secure-payments/:token
Retrieve payment metadata and display information. Returns amounts, destination info, status, and optionally crosschain payment options β but not executable transaction calldata. Use/pay for calldata.
Path parameters
Secure payment token returned from
POST /v2/secure-payments.Query parameters
Payer wallet address. When provided, the response includes
paymentOptions with balance information across supported chains. Optional for Tron payments (the API uses a fallback address if omitted).Error responses
403: token expired or not payable404: token not found409: secure payment already completed423: a Safe multisig payment is in progress β keep polling (see Safe multisig payments)429: rate limited
GET /v2/secure-payments/:token/pay
Retrieve executable transaction calldata for the secure payment. For crosschain payments, providechain and token query parameters to select the source route.
The
:token in the URL path is the secure payment token (a ULID identifier). The token query parameter is the source currency symbol (USDC or USDT) for crosschain route selection. These are different values.For Tron secure payments, do not pass chain or token query parameters β the calldata is generated for the Tron network directly. Tron payments are single-recipient and same-chain only.Path parameters
Secure payment token (ULID returned from
POST /v2/secure-payments).Query parameters
Payer wallet address. Used for approval and balance checks. Optional for Tron payments (the API uses a fallback address if omitted).
Source chain for crosschain payments. Values:
BASE, OPTIMISM, ARBITRUM, ETHEREUM, POLYGON, BNB. Must be provided together with the token query parameter. Crosschain swap-to-pay is EVM-source only.Source currency for crosschain payments. Values:
USDC, USDT. Must be provided together with chain.Set to
true when the payer wallet is a Gnosis Safe multisig. Returns Safe-ready calldata; wallet must be the Safe address and eoaWallet must not be set. See Safe multisig payments.Externally-owned account address used to fund a smart-account payment. Mutually exclusive with
isSafe.Error responses
400: invalid calldata request or unsupported crosschain configuration403: token expired or not payable404: token not found409: secure payment already completed429: rate limited
POST /v2/secure-payments/:token/intent
Record a crosschain payment intent after the payer broadcasts the source-chain LiFi transaction. This allows the system to track the bridge execution and trigger payment detection on the destination chain.Path parameters
Secure payment token.
Request fields
The source-chain transaction hash (66 characters:
0x + 64 hex chars). Provide either txHash or safeTxHash β exactly one.A Gnosis Safe transaction hash to track instead of an already-broadcast
txHash. Used for Safe multisig payments. Provide exactly one of txHash or safeTxHash.Unix timestamp (seconds) β the hard on-chain execution deadline for the Safe route. Only valid alongside
safeTxHash.The source chain. Values:
BASE, OPTIMISM, ARBITRUM, ETHEREUM, POLYGON, BNB.The source token. Values:
USDC, USDT.Optional address of the wallet making the payment. Echoed back on the response.
Error responses
400: invalid or unsupported crosschain payload403: token expired or not payable404: token not found409: secure payment already completed429: rate limited
POST /v2/secure-payments/multicall-payouts
Combine multiple existing outgoing payout secure-payment links into a single multicall link the payer settles as one bundle. You pass the child secure-payment tokens; the API returns a parent token and hosted URL. This is a distinct mechanism from a batch payment (multiplerequests[] in one create call). Multicall composes already-created payout links and supports cross-chain and Tron execution.
Request fields
Ordered list of existing secure-payment tokens to combine. Minimum 2, maximum 1000 (the deployed default cap is 150 children). Duplicates are rejected.
How the bundle executes:
evm_same_chain, evm_cross_chain, or tron_batch. When omitted, the execution kind is derived at payment time from the payerβs source selection (Tron-only children β tron_batch; a chosen source chain/token β evm_cross_chain; otherwise evm_same_chain).expiresAt is the earliest expiry among its children.
Execution kinds
| Kind | When | Behavior |
|---|---|---|
evm_same_chain | All children on one network and one currency | Settled as a single bundled batch transaction (plus any ERC-20 approvals) |
evm_cross_chain | Children span chains/currencies, or the payer pays from a different source | One cross-chain (Li.Fi) route is fetched per child and aggregated into one bundle (default cap 20 children) |
tron_batch | All children on Tron (same token) | Settled via the Tron batch payment contract |
BASE, OPTIMISM, ARBITRUM, ETHEREUM, POLYGON, BNB. Supported source tokens: USDC, USDT.
Validation errors
Eligibility failures return a structured envelope:400 Bad Request
failures[].reason includes values such as already_paid, secure_payment_expired, not_outgoing, compliance_failed, and not_payable_child. Each failures[] entry also carries messageKey, context, and recoveryAction to help you present and resolve the failure. When a count limit is exceeded, the envelope instead carries a cap object together with a failures entry whose reason is too_many_children (child-count cap) or cap_exceeded:
400 Bad Request (cap exceeded)
Paying a multicall link
The payer settles the parent token through the standard payer routes:GET /v2/secure-payments/:tokenreturns the multicall details (children, totals, per-child eligibility).GET /v2/secure-payments/:token/payreturns multicall calldata, includingexecutionKind, thechildren[](each with its ownpaymentReference), the top-levelreferences[]array (one per child, in order), and β for cross-chain β a per-childdestinationCall.
GET /v2/secure-payments/multicall-payouts/:token
Retrieve passive details for a multicall payout parent β children, totals, and per-child eligibility. This endpoint does not return quotes, calldata, or execution data; useGET /v2/secure-payments/:token/pay for calldata. Requires a SIWE wallet session (operator/Dashboard-facing).
Path parameters
Multicall parent token returned from
POST /v2/secure-payments/multicall-payouts.The example is abbreviated. Each child also carries
messageKey, context, recoveryAction, and feePlan, and totals also includes byDestinationCurrency and amountSummary.Error responses
403: not authorized for this multicall parent404: token not found429: rate limited