Introduction

ArionPay provides a powerful REST API for accepting decentralized cryptocurrency payments. Whether you want a hosted checkout page or a completely custom white-label integration, our API handles the complexity.

Base URL:

https://api.arionpay.com/api/v1

Authentication

All API requests must be authenticated using HMAC-SHA256. This guarantees that requests cannot be tampered with during transit.

Required Headers

Header	Example	Description
`x-api-key`	`pk_test_123...`	Your Store's Public Key ID.
`x-signature`	`a1b2c3d4...`	HMAC signature of the request JSON body.
`Content-Type`	`application/json`	Format of the payload.

Create Invoice

Generate a payment request. By default, this returns a secure URL to our hosted checkout page.

POST /invoices

Request Parameters

Field	Type	Required	Description
`storeId`	String	Yes	Your Store ID (from Dashboard).
`amount`	Number	Yes	Fiat amount (e.g. `100.00`).
`currency`	String	No	Fiat currency (Default: `USD`).
`orderId`	String	No	Your internal Order ID.
`successUrl`	String	No	Where to redirect the customer after payment. Overrides store defaults.
`cancelUrl`	String	No	Where to redirect if the invoice expires. Overrides store defaults.
`allowedAssets`	Array	No	Restrict coins for this specific invoice (e.g. `["BTC", "USDT_TRC20"]`).

Code Examples

<?php
$apiKey = "YOUR_PUBLIC_KEY";
$apiSecret = "YOUR_SECRET_KEY";
$url = "https://api.arionpay.com/api/v1/invoices";

$data = [
    "storeId" => "6969821...",
    "amount" => 25.50,
    "currency" => "USD",
    "orderId" => "ORD-" . time(),
    
    // Optional: Redirect customer back to your store
    "successUrl" => "https://your-site.com/checkout/success",
    "cancelUrl" => "https://your-site.com/cart",
    
    // Optional: Restrict allowed coins
    "allowedAssets" => ["BTC", "USDT_TRC20", "LTC"]
];

$payloadJson = json_encode($data, JSON_UNESCAPED_SLASHES);
$signature = hash_hmac('sha256', $payloadJson, $apiSecret);

$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $payloadJson);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    "x-api-key: $apiKey",
    "x-signature: $signature",
    "Content-Type: application/json"
]);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$response = curl_exec($ch);
print_r(json_decode($response));
?>

const crypto = require('crypto');
const axios = require('axios');

const apiKey = "YOUR_PUBLIC_KEY";
const secret = "YOUR_SECRET_KEY";
const url = "https://api.arionpay.com/api/v1/invoices";

const payload = {
    storeId: "6969821...",
    amount: 25.50,
    currency: "USD",
    orderId: `ORD-${Date.now()}`,
    successUrl: "https://your-site.com/checkout/success",
    cancelUrl: "https://your-site.com/cart",
    allowedAssets: ["BTC", "USDT_TRC20", "LTC"]
};

const payloadString = JSON.stringify(payload);
const signature = crypto.createHmac('sha256', secret)
    .update(payloadString)
    .digest('hex');

axios.post(url, payloadString, {
    headers: {
        'x-api-key': apiKey,
        'x-signature': signature,
        'Content-Type': 'application/json'
    }
}).then(res => console.log(res.data)).catch(err => console.error(err.response.data));

import hmac
import hashlib
import json
import requests
import time

api_key = "YOUR_PUBLIC_KEY"
secret = "YOUR_SECRET_KEY"
url = "https://api.arionpay.com/api/v1/invoices"

payload = {
    "storeId": "6969821...",
    "amount": 25.50,
    "currency": "USD",
    "orderId": f"ORD-{int(time.time())}",
    "successUrl": "https://your-site.com/checkout/success",
    "cancelUrl": "https://your-site.com/cart",
    "allowedAssets": ["BTC", "USDT_TRC20", "LTC"]
}

# IMPORTANT: Encode without spaces to match server signature
body = json.dumps(payload, separators=(',', ':'))
signature = hmac.new(secret.encode(), body.encode(), hashlib.sha256).hexdigest()

headers = {
    "x-api-key": api_key,
    "x-signature": signature,
    "Content-Type": "application/json"
}

response = requests.post(url, data=body, headers=headers)
print(response.json())

curl -X POST https://api.arionpay.com/api/v1/invoices \
  -H "Content-Type: application/json" \
  -H "x-api-key: YOUR_PUBLIC_KEY" \
  -H "x-signature: GENERATED_HMAC_SIGNATURE" \
  -d '{
    "storeId": "6969821...",
    "amount": 25.50,
    "currency": "USD",
    "orderId": "ORD-1001",
    "successUrl": "https://your-site.com/checkout/success",
    "cancelUrl": "https://your-site.com/cart"
  }'

Response (Standard)

{
  "status": "success",
  "data": {
    "id": "69e66c9...",
    "invoice_url": "https://checkout.arionpay.com/pay/69e66c9...",
    "amount_fiat": 25.50,
    "currency": "USD"
  }
}

Customer Redirects

ArionPay can automatically return customers to your website after they interact with the checkout page.

If you enable "Auto-Redirect to Store" in your ArionPay dashboard, the gateway will automatically redirect the customer 5 seconds after a payment confirms. This 5-second delay ensures the customer has time to screenshot their receipt and save their Transaction Hash.

You can define default Redirect URLs in your Store Settings, or pass successUrl and cancelUrl directly in your API payload to override the defaults dynamically per order.

White Label Service

If White Label Mode is enabled in your Store Settings, the API will return raw payment data instead of a hosted link. This allows you to build the checkout UI entirely on your own domain.

Response (White Label)

{
  "status": "success",
  "data": {
    "id": "69e66c9...",
    "order_id": "ORD-1001",
    "address": "TXYZ123456789...",
    "amount": "25.500000",
    "currency": "USDT_TRC20",
    "network": "TRX",
    "available_currencies": ["BTC", "USDT_TRC20", "LTC"],
    "payment_uri": "tron:TXYZ123456789...?amount=25.500000",
    "qr_code": "https://api.qrserver.com/v1/create-qr-code/...",
    "expire_at": "2026-05-01T12:00:00.000Z"
  }
}

Webhooks & Security

When a payment is successfully confirmed on the blockchain, ArionPay sends a POST request to your configured callbackUrl.

Webhook Payload

{
  "_id": "69e66c9...",
  "status": "paid",
  "amountFiat": 25.50,
  "amountCrypto": "25.500000",
  "chain": "TRX",
  "asset": "USDT_TRC20",
  "txHash": "a1075db...",
  "orderId": "ORD-1001"
}

Verifying the Webhook

To ensure the webhook was genuinely sent by ArionPay and not a malicious third party, you must verify the signature. ArionPay includes an x-signature header with every webhook, generated using your Store's Secret Key.

PHP Verification Example:

<?php
$secret = "YOUR_SECRET_KEY";
$payload = file_get_contents('php://input');
$signatureHeader = $_SERVER['HTTP_X_SIGNATURE'] ?? '';

// Calculate the expected signature
$expectedSignature = hash_hmac('sha256', $payload, $secret);

if (hash_equals($expectedSignature, $signatureHeader)) {
    // Valid! Process the order
    $data = json_decode($payload, true);
    echo "Order " . $data['orderId'] . " paid successfully.";
    http_response_code(200);
} else {
    // Invalid signature! Do not process.
    http_response_code(403);
    echo "Invalid signature.";
}
?>

Plugins & Integrations

Don't want to write custom code? Download our official modules for instant integration into popular platforms.

Download WHMCS Module Download WordPress Plugin