Create Payment Invoice

post

https://checkout-server.transfi.com/checkout/payment-link/invoice

Creates a dynamic invoice tied to a specific payment link template, allowing merchants to pass customer and product details.

Authentication - HMAC-SHA256

All requests MUST include custom headers for security and verification:

Required Headers:

Content-Type: Must be application/json
x-api-key: Merchant's Public Key (pk_...)
x-timestamp: Current time in milliseconds (e.g., 1758957600000)
x-signature: HMAC-SHA256 hash
X-Api-Version: API version (v1)

Optional Headers:

x-trace-id: Request trace ID for logging

HMAC Signature Calculation

const method = 'POST';
const path = '/checkout/payment-link/invoice';
const timestamp = Date.now().toString();
const body = JSON.stringify(requestBody);
const message = method + path + timestamp + body;
const signature = crypto.createHmac('sha256', SECRET_KEY).update(message).digest('hex');

Environment & Security

Organizations with status !== 'live' can only use sandbox API keys
Live organizations can use both sandbox and live API keys
Production requests must come from whitelisted IPs

Recent Requests

Time	Status	User Agent
Retrieving recent requests…

Loading…

Body Params

Invoice details with customer and product information

paymentLinkId

string

required

Unique ID of the payment link template created in the Merchant Dashboard

amount

string

required

Payment amount (passed as string to avoid floating-point precision errors)

currency

string

enum

required

Three-letter currency code (ISO 4217)

productDetails

object

required

individual

object

required

successRedirectUrl

uri

required

URL to redirect the user to after a successful payment

failureRedirectUrl

uri

required

URL to redirect the user to after a failed payment

customerOrderId

string

required

length between 1 and 100

Unique order identifier from the merchant's system. Highly recommended to use a unique identifier like order-{{timestamp}}

Headers

x-api-key

string

required

The Merchant's Public Key (pk_...) for identification

x-timestamp

string

required

Current time in milliseconds since Unix epoch - Used to prevent replay attacks

x-signature

string

required

HMAC-SHA256 hash calculated as: crypto.createHmac('sha256', secretKey).update(method + path + timestamp + body).digest('hex')

X-Api-Version

string

enum

required

API version, currently fixed at v1

Allowed:

x-trace-id

string

Optional trace ID for request tracking and debugging

Responses

200Invoice created successfully - Returns payment URL for customer checkout

400Bad Request - Invalid request data, missing required fields, or validation errors

401Unauthorized - Invalid API key, missing/invalid timestamp, or invalid HMAC signature

403Forbidden - API key inactive/expired, IP not whitelisted, or environment not authorized

404Not Found - Payment link ID does not exist or has been deleted

500Internal Server Error - Unexpected server error during invoice creation