Gateway API
Create a checkout session, redirect to checkout_url, verify payment via webhook or GET.
Credentials
Dashboard → Merchants → Integration: payment API key (outbound) and webhook secret (verify inbound POSTs).
Authentication
Authorization: Bearer YOUR_PAYMENT_API_KEY Content-Type: application/json Accept: application/json
Or header X-Merchant-Key. Optional merchant_id must match the key’s merchant.
Create checkout session
POST https://gatenoc.com/api/v1/merchant/checkout-session
Authorization: Bearer YOUR_PAYMENT_API_KEY
Content-Type: application/json
{
"amount": 10.50,
"note": "order_123",
"notify_url": "https://yoursite.com/webhooks/paid",
"success_url": "https://yoursite.com/thanks",
"return_url": "https://yoursite.com/cancel"
}
amount in USD (USDT 1:1).
Response includes checkout_url, expires_at, merchant_id.
Optional Idempotency-Key header replays the same response for 24h.
Webhooks
JSON POST to your notify_url when paid. Verify HMAC with the webhook secret (not the API key).
Headers: X-Gateway-Timestamp,
X-Gateway-Signature as t=<ts>,v1=<hex>
— HMAC-SHA256 of <timestamp>.<raw_body>.
{
"event": "payment.completed",
"success": true,
"status": "completed",
"merchant_id": 1,
"amount": "10.50",
"total_amount": "10.50",
"currency": "USD",
"reference": "…",
"merchant_trade_no": "550e8400-e29b-41d4-a716-446655440000",
"note": "order_123",
"payment_id": 42,
"paid_at": "2026-03-24T12:00:00+00:00"
}
Other endpoints
Same auth. ~300 requests/min per merchant.
- GET https://gatenoc.com/api/v1/merchant/payments/{id}
- GET https://gatenoc.com/api/v1/merchant/payments ?status, from, to, per_page
- GET https://gatenoc.com/api/v1/merchant/balance
- POST https://gatenoc.com/api/v1/merchant/payments/{id}/refund { "amount", "reason?" }
GET payment returns the same fields as the webhook payload.
HTTP errors
| 401 | Invalid or missing key |
| 404 | Not found |
| 422 | Validation error |
| 429 | Rate limited |