Developer Guidance
XelPay provides a modern, RESTful API designed for rapid integration. Whether you are building a custom checkout, a headless storefront, or an automated reconciliation pipeline, our documentation guides you from first API key to production in minutes.
Getting Started
Create a merchant account and navigate to Settings → API Keys in your dashboard to generate your credentials. All API requests are authenticated using Bearer token authorization. We recommend storing your API key in environment variables and never exposing it client-side.
Supported Frameworks & SDKs
Official SDKs are available for Node.js, PHP, Python, and Laravel. Community-maintained libraries exist for Go and Ruby. All SDKs handle authentication, request signing, and webhook verification out of the box. Code examples are provided in the API Reference for plain HTTP, cURL, and each SDK.
Webhook Integration
XelPay dispatches real-time webhook events for every payment state change: payment.verified, payment.failed, payment.pending, and refund.issued. Register your endpoint URL in the dashboard. All payloads are signed with HMAC-SHA256 using your webhook secret — always verify the X-XelPay-Signature header before processing.
Sandbox & Testing
A full-fidelity sandbox environment mirrors production behavior with isolated test credentials. Simulate successful payments, failures, partial payments, and timeouts using the test mode toggle in your dashboard. Sandbox events trigger real webhook deliveries to your configured test endpoint.
Idempotency & Reliability
All mutation endpoints support idempotency keys via the Idempotency-Key header. This prevents duplicate payments in the event of network retries. We recommend generating a UUID per transaction and storing it alongside your order record.