Developer Documentation

Payment API Reference

Integrate crypto payments into your application in minutes. Create payments, check status, and receive real-time webhook notifications.

Get API Keys

Base URL:https://api.cryptoapiauto.com/v1

Quick Start

1. Get Your API Keys

2. Create a Payment

Call the Create Payment endpoint with the amount, network, and your store ID. You'll receive a wallet address and QR code.

3. Receive Webhooks

When payment is confirmed on-chain, we send a signed webhook to your callback URL with the transaction details.

Authentication

All API requests must include three authentication headers. Your API Key identifies your account, the timestamp prevents replay attacks, and the HMAC-SHA256 signature ensures request integrity.

X-API-Key

Your unique API key from dashboard

X-Timestamp

Current Unix timestamp in milliseconds

X-Signature

HMAC-SHA256(body + timestamp, apiSecret)

Generating the Signature

const crypto = require('crypto');

const body = JSON.stringify({ storeId: "...", amount: 100, network: "trc20" });
const timestamp = Date.now().toString();
const payload = body + timestamp;

const signature = crypto
  .createHmac('sha256', YOUR_API_SECRET)
  .update(payload)
  .digest('hex');

// Include in headers:
// X-API-Key: YOUR_API_KEY
// X-Timestamp: 1708300000000
// X-Signature: a1b2c3d4e5f6...

API Endpoints

Webhooks

When a payment is confirmed on the blockchain, we send an HTTP POST request to your callbackUrl. The webhook includes a signature header so you can verify authenticity.

Webhook Headers

X-Webhook-Signature

HMAC-SHA256 of the body using your Webhook Secret

X-Webhook-Timestamp

Unix timestamp when the webhook was sent

Verify Signature

const signature = req.headers['x-webhook-signature'];
const body = JSON.stringify(req.body);

const expected = crypto
  .createHmac('sha256', WEBHOOK_SECRET)
  .update(body)
  .digest('hex');

if (signature !== expected) {
  return res.status(401).send('Invalid signature');
}

// Process the webhook...

Webhook Payload Example

{
  "event": "payment.completed",
  "paymentId": "a1b2c3d4-...",
  "orderCode": "ORDER-001",
  "status": "completed",
  "amount": 50.000123,
  "currency": "USDT",
  "network": "trc20",
  "txHash": "0xabc123def456...",
  "walletAddress": "TXyz...abc",
  "confirmedAt": "2026-02-18T13:05:30.000Z",
  "metadata": { "userId": "123", "plan": "premium" }
}

Important: Your endpoint must respond with HTTP 200 within 10 seconds. Failed webhooks are retried up to 5 times with exponential backoff. Always verify the signature before processing.

Payment Statuses

pendingWaiting for customer to send funds

confirmingTransaction detected, awaiting confirmation

completedPayment confirmed on blockchain

expiredPayment window expired without funds

cancelledPayment cancelled by merchant

Supported Networks

trc20TRON (TRC20)

USDT

bep20BSC (BEP20)

USDT / USDC

erc20Ethereum (ERC20)

USDT / USDC

polygonPolygon

USDT / USDC

solanaSolana

USDT / USDC

arbitrumArbitrum

USDT / USDC

baseBase

USDC

optimismOptimism

USDT / USDC

avalancheAvalanche

USDT / USDC

Error Responses

All errors follow a consistent format:

{
  "success": false,
  "statusCode": 400,
  "message": "Invalid request",
  "timestamp": "2026-02-18T13:00:00.000Z"
}

Status Code	Meaning
`400`	Invalid request parameters
`401`	Missing or invalid authentication
`403`	Request blocked (rate limit or security)
`404`	Resource not found
`429`	Too many requests — slow down
`500`	Server error — contact support

Ready to Integrate?

Create your free account and start accepting crypto payments in minutes.

Get Your API Keys