Embedded payments
Use the dashboard URL when you are looking at the flow you want to embed:
https://dashboard.sticky.to/me/flows/[UUID_IS_HERE]
Your Base URL is https://sticky.to/go/flow/[UUID_IS_HERE].
Introduction
Add URL parameters to the end of your Base URL.
The only required URL parameter is total.
total: Total (Integer, mandatory, 155 = 1 dollar and 55 cents)currency: Currency (String, optional,USD,GBP,EURetc)userPaymentId: External reference (String, optional, can be duplicated)redirectUrl: Custom URL to go to on a successful or not successful payment
redirectUrl takes precedence over “Redirect URL when the consumer has paid” set in your dashboard. “Append with query parameters” setting still applies.
Recurring payments
Add more URL parameters to the end of your Base URL.
totalCpa: Recurring amount (Integer, optional, 155 = 1 dollar and 55 cents)cpaPeriod: Recurring frequency (String, optional,DAY/WEEK/MONTH/YEAR)
Security
To prevent your customers from editing the URL parameters, SHA512 hash the total, currency and userPaymentId URL parameters in this order with your private key:
sha512_in_my_language('total=1¤cy=USD&userPaymentId=REF_123', 'private-abc-def')Add this hash to the end of your URL as &hash=....
Example: Node.js
const crypto = require('crypto')
const total = '500'
const currency = 'GBP'
const userPaymentId = '293'
const flow = 'https://sticky.to/go/flow/123'
const privateKey = 'private-456'
function getSignature(what, privateKey) {
return crypto.createHmac('sha512', privateKey)
.update(what)
.digest('hex')
}
const url = `${flow}?total=${total}¤cy=${currency}&userPaymentId=${userPaymentId}&hash=${getSignature(`total=${total}¤cy=${currency}&userPaymentId=${userPaymentId}`, privateKey)}`
console.log(url)Example: PHP
<?php
$total = '500';
$currency = 'GBP';
$userPaymentId = '293';
$flow = 'https://sticky.to/go/flow/123';
$privateKey = 'private-456';
function get_signature($what, $privateKey) {
return hash_hmac(
'sha512',
$what,
$privateKey,
false
);
}
$url = $flow . '?total=' . $total . '¤cy=' . $currency . '&userPaymentId=' . $userPaymentId . '&hash=' . get_signature('total=' . $total . '¤cy=' . $currency . '&userPaymentId=' . $userPaymentId, $privateKey);
echo $url;
?>How do I know when my payment is successful?
Listen for STICKY_PAYMENT_SUCCESS and STICKY_PAYMENT_FAILURE events in JavaScript:
<!DOCTYPE html>
<html>
<head>
<style>
iframe {
display: block;
width: 480px;
height: 640px;
}
</style>
</head>
<body>
<iframe src="https://sticky.to/go/flow/123?total=1&userPaymentId=REF1"></iframe>
<script>
window.addEventListener(
'message',
event => {
const { data } = event;
if (typeof data !== 'object' || !data.type || !data.paymentId) {
return;
}
switch (data.type) {
case 'STICKY_PAYMENT_SUCCESS':
alert('Payment succeeded! ID: ' + data.paymentId);
break;
case 'STICKY_PAYMENT_FAILURE':
alert('Payment failed. ID: ' + data.paymentId);
break;
}
},
false
);
</script>
</body>
</html>How can I be sure the payment ID is valid?
There is a simple API route to get the status of a payment:
GET https://sticky.to/v1/payments/[PAYMENT_ID_HERE]. Call this route with your private key as a bearer token in the Authorization header:
curl --request GET \
--url https://sticky.to/v1/payments/[PAYMENT_ID_HERE] \
--header 'Authorization: Bearer [YOUR_PRIVATE_KEY]';You will receive a JSON object. The important key is sessionPaidAt. When this is an integer, the payment was successful and sessionPaidAt is the unix timetamp of the payment. When this is null and sessionFailedAt is an integer, the payment was not successful. We recommend a simple assert such as:
assert(typeof jsonResponse.sessionPaidAt === 'number', 'Your payment was not successful.')