Runnable server-side example for creating USDT checkout sessions with XPayr while keeping merchant API keys out of the browser.
Status: Runnable test-key-first example
Show the shortest secure path from a product page to an XPayr-hosted USDT checkout.
- Dependency-free Node.js server
- Server-side payment-session creation
- Responsive checkout launcher with no client-side secret
cp .env.example .env
npm test
npm startOpen http://127.0.0.1:3000. The example defaults to a test credential placeholder and will not create a session until you provide your own XPayr key.
XPAYR_NETWORK selects the USDT rail enabled for your merchant account. Confirm the exact network key in GET /me/networks; the sample value is not a recommendation to use mainnet during development.
- The browser calls this example server.
- The server creates an XPayr payment session using its private API key.
- The browser receives only the payment ID, hosted checkout URL, and initial status.
- Your backend fulfills the order only after a verified webhook or API reconciliation confirms completion.
Use an XPayr test key before live credentials. Never expose sk_test_*, sk_live_*, agent keys, webhook secrets, or wallet private keys in browser code or commits.
Read SECURITY.md before reporting a vulnerability. Payment completion must be based on verified XPayr webhook/API state and canonical on-chain evidence, not browser callbacks alone.
MIT. See LICENSE.