Skip to main content
Full working client implementations are available in our merchant-api-test-suite repository for Python, Node.js, Java, PHP, and C#. Below are the key operations in each language.

Create a Payment

const crypto = require('crypto');
const https = require('https');

const API_KEY = 'pk_test_YOUR_PUBLIC_KEY';
const API_SECRET = 'sk_test_YOUR_SECRET_KEY';
const BASE_URL = 'https://test-merchant.ebioro.com';

function generateHeaders(method, path, body = '') {
  const timestamp = Math.floor(Date.now() / 1000).toString();
  const signature = crypto
    .createHmac('sha256', API_SECRET)
    .update(path + timestamp + method + body)
    .digest('hex');

  return {
    'Content-Type': 'application/json',
    'X-Digest-Key': API_KEY,
    'X-Digest-Timestamp': timestamp,
    'X-Digest-Signature': signature,
  };
}

async function createPayment() {
  const path = '/payments';
  const body = JSON.stringify({
    amount: { currency: 'USD', value: 1500 },
    description: 'Order #1234',
    redirectUrl: 'https://yoursite.com/success',
    webhookUrl: 'https://yoursite.com/webhook',
    name: 'Your Store',
  });

  const headers = generateHeaders('POST', path, body);
  const url = new URL(BASE_URL + path);

  return new Promise((resolve, reject) => {
    const req = https.request(
      { hostname: url.hostname, path: url.pathname, method: 'POST', headers },
      (res) => {
        let data = '';
        res.on('data', (chunk) => (data += chunk));
        res.on('end', () => resolve(JSON.parse(data)));
      }
    );
    req.on('error', reject);
    req.write(body);
    req.end();
  });
}

createPayment().then((payment) => {
  console.log('Payment ID:', payment.checkout_id);
  console.log('Payment URL:', payment.hostedUrl);
});

Get a Payment

const path = `/payments/${paymentId}`;
const headers = generateHeaders('GET', path);

https.get({ hostname: 'test-merchant.ebioro.com', path, headers }, (res) => {
  let data = '';
  res.on('data', (chunk) => (data += chunk));
  res.on('end', () => console.log(JSON.parse(data)));
});

Verify a Webhook

const crypto = require('crypto');

function verifyWebhook(body, signature, secretKey) {
  const expected = crypto
    .createHmac('sha256', secretKey)
    .update(JSON.stringify(body))
    .digest('hex');

  return crypto.timingSafeEqual(
    Buffer.from(expected),
    Buffer.from(signature)
  );
}

// Express.js example
app.post('/webhook', (req, res) => {
  const signature = req.headers['x-webhook-auth'];

  if (!verifyWebhook(req.body, signature, API_SECRET)) {
    return res.status(401).send('Invalid signature');
  }

  const { type, status, id } = req.body.data;
  console.log(`Payment ${id}: ${type} -> ${status}`);

  res.status(200).send('OK');
});

Full Client Libraries

Complete client implementations with all API operations (payments, refunds, balances) are available in our test suite repository:

merchant-api-test-suite

Working client implementations in Python, Node.js, Java, PHP, and C# with authentication, error handling, and all API operations.