Base URLs
| Environment | Base URL | Description |
|---|---|---|
| Sandbox | https://api-sandbox.hedgepayments.com | Testing and development |
| Production | https://api.hedgepayments.com | Live transactions |
Important: Always use the sandbox environment for testing. Sandbox and production API keys are not interchangeable.
Authentication
Hedge Payments uses two authentication methods depending on the context:
API Key (Server-side)
Use your API secret key in the Authorization header for all server-side requests:
Authorization: Bearer sk_live_your_api_secret_keyJWT (Client-side)
For client-side SDK operations, use a short-lived JWT obtained from your server. JWTs are scoped to a specific customer and expire after 15 minutes.
// Server-side: generate a client token
const token = await hedge.clientTokens.create({
customerId: 'cust_abc123',
scopes: ['checkout', 'payment_methods']
})
// Client-side: pass the token to the SDK
<HedgeProvider clientToken={token.jwt}>
<CheckoutForm />
</HedgeProvider>Never expose your API secret key in client-side code. Use publishable keys or JWTs for browser and mobile applications.
Request / Response Format
- All request bodies must be JSON with
Content-Type: application/json - All responses are JSON encoded in UTF-8
- Monetary amounts are in cents (e.g.,
9999= $99.99) - Timestamps are ISO 8601 format in UTC
- IDs use prefixed strings (e.g.,
pay_,cust_,evt_)
// Example request
curl -X POST https://api.hedgepayments.com/v1/payments \
-H "Authorization: Bearer sk_live_your_api_key" \
-H "Content-Type: application/json" \
-d '{
"amount": 9999,
"currency": "USD",
"customer_email": "customer@example.com"
}'
// Example response
{
"id": "pay_abc123",
"amount": 9999,
"currency": "USD",
"status": "pending",
"created_at": "2024-06-15T10:30:00Z"
}Rate Limits
API requests are limited to 100 requests per minute per API key. Rate limit headers are included in every response:
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 87
X-RateLimit-Reset: 1718450460If you exceed the limit, you will receive a 429 Too Many Requests response. Wait until the X-RateLimit-Reset timestamp before retrying.
Versioning
The current API version is v1. The version is included in the URL path:
https://api.hedgepayments.com/v1/paymentsBreaking changes will be introduced in new versions. Non-breaking additions (new fields, new endpoints) may be added to the current version without notice.
Endpoints
Auth
| Method | Path | Description |
|---|---|---|
POST | /v1/auth/client-token | Generate a client-side JWT |
GET | /v1/auth/api-keys | List API keys for your account |
Payments
| Method | Path | Description |
|---|---|---|
POST | /v1/payments | Create a new payment |
GET | /v1/payments/:id | Retrieve a payment |
GET | /v1/payments | List all payments |
POST | /v1/payments/:id/cancel | Cancel a pending payment |
POST | /v1/payments/:id/refund | Refund a payment (full or partial) |
Checkout
| Method | Path | Description |
|---|---|---|
POST | /v1/checkout/sessions | Create a checkout session |
GET | /v1/checkout/sessions/:id | Retrieve a checkout session |
POST | /v1/checkout/sessions/:id/expire | Expire a checkout session |
Merchants
| Method | Path | Description |
|---|---|---|
POST | /v1/merchants | Create a merchant account |
GET | /v1/merchants/:id | Retrieve a merchant |
PATCH | /v1/merchants/:id | Update merchant settings |
GET | /v1/merchants/:id/balance | Get merchant balance |
Round-Ups
| Method | Path | Description |
|---|---|---|
POST | /v1/roundups/configure | Configure round-up settings |
GET | /v1/roundups | List round-up transactions |
GET | /v1/roundups/summary | Get round-up summary and totals |
Webhooks
| Method | Path | Description |
|---|---|---|
POST | /v1/webhooks/endpoints | Register a webhook endpoint |
GET | /v1/webhooks/endpoints | List webhook endpoints |
DELETE | /v1/webhooks/endpoints/:id | Delete a webhook endpoint |
POST | /v1/webhooks/test | Send a test webhook event |