Base URLs & Request Format
Base URLs
| Environment | URL | Use Case |
|---|---|---|
| Production | https://api.inflowpay.xyz | Live transactions |
| Card Payments | https://api-card.inflowpay.com | Server-to-server card payments (send card data here) |
When processing card data server-to-server, always use
api-card.inflowpay.cominstead of the standard API URL. This ensures PCI-compliant handling of card information.
Heads up — no sandbox yet. Inflow currently only ships a production API, so every request you make hits real-money infrastructure with the keys from your dashboard. A separate sandbox / test environment with its own base URL and dedicated test keys is on the roadmap and will be released soon. Until then, integrate carefully against production using small test amounts.
URL Prefixes by Resource
Note: Subscription endpoints use a different path prefix than payment endpoints.
| Resource | Example Path |
|---|---|
| Payments | https://api.inflowpay.xyz/api/payment |
| Checkout payments | https://api.inflowpay.xyz/api/checkout/payment |
| Webhooks | https://api.inflowpay.xyz/api/webhook |
| Subscriptions | https://api.inflowpay.xyz/subscription/... (no /api/ prefix) |
| Payment links | https://api.inflowpay.xyz/api/link |
Request Format
All API requests use JSON for both request and response bodies.
Headers
| Header | Required | Description |
|---|---|---|
Content-Type | Yes (for POST/PUT/PATCH) | Always application/json |
Accept | Recommended | application/json |
X-Inflow-Api-Key | Yes | Your private API key |
Example Request
curl -X POST https://api.inflowpay.xyz/api/checkout/payment \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-H "X-Inflow-Api-Key: inflow_prod_your_key" \
-d '{
"products": [{ "name": "Product", "price": 4999, "quantity": 1 }],
"currency": "EUR",
"customerEmail": "[email protected]",
"successUrl": "https://yoursite.com/success"
}'Example Response
{
"paymentId": "pay_abc123",
"purchaseUrl": "https://checkout.inflowpay.com/pay/pay_abc123"
}HTTP Methods
| Method | Usage |
|---|---|
GET | Retrieve resources (payments, subscriptions, links) |
POST | Create resources or perform actions |
PATCH | Partially update a resource |
PUT | Fully update a resource |
DELETE | Delete a resource or cancel a subscription |
HTTP Status Codes
| Code | Meaning |
|---|---|
200 | Success (GET, PATCH, PUT, DELETE) |
201 | Created (POST) |
400 | Bad Request — Invalid parameters |
401 | Unauthorized — Invalid or missing API key |
404 | Not Found — Resource doesn't exist |
500 | Internal Server Error — Something went wrong on our side |
Error Response Format
All errors return a consistent JSON structure:
{
"statusCode": 400,
"message": "Validation failed",
"error": "Bad Request"
}For validation errors, message may be an array of error strings:
{
"statusCode": 400,
"message": [
"currency must be one of the following values: EUR, USD",
"customerEmail must be an email"
],
"error": "Bad Request"
}Updated 7 days ago