Documentation

Payment Engine API Documentation

Introduction

Payment Engine is a centralized payment gateway service that lets you process payments through SSLCommerz, bKash, and Stripe from a single REST API. Instead of integrating each gateway inside every project, you create a project in Payment Engine, configure one or more gateways, and use the API to initiate and track payments.

Base URL: https://payment.progedify.com/api/v1
Server URL: Set SERVER_URL in your environment so gateway callbacks (SSLCommerz/bKash) and Stripe webhooks work correctly.

Authentication

All payment API requests are authenticated using Client Key and Secret Key pair. These keys are generated when you create a project.

HeaderDescription
x-client-keyYour project's public client key (e.g., ck_abc123...)
x-secret-keyYour project's secret key (e.g., sk_xyz789...)
Important: The secret key is shown only once when the project is created. Store it securely. It is hashed (SHA-256) in our database and cannot be recovered.

Create Payment

Initiate a new payment by calling the create payment endpoint.

POST /api/v1/payment/create
Request Body
FieldTypeRequiredDescription
amountnumberYesPayment amount (positive number)
currencystringNoCurrency code (default: BDT). For bKash/Stripe it is uppercased internally.
customerNamestringYesCustomer's full name
customerEmailstringYesCustomer's email address
customerPhonestringYesCustomer's phone number
gatewaystringNoChoose sslcommerz, bkash, or stripe. If omitted, customer selects from enabled gateways on checkout.
transactionIdstringNoOptional idempotency key. If omitted, Payment Engine generates one.
Tip: If you generate your own transactionId, re-trying the same request is safer and easier to reconcile.

Gateway Selection

You can use Payment Engine in two ways:

  1. Per request: send gateway in the request body.
  2. Checkout selection: omit gateway and let the customer choose from enabled gateways on checkout.
Supported values
  • sslcommerz — redirects are finalized through Payment Engine callbacks (/success, /fail, /cancel).
  • bkash — uses bKash callback (/bkash/callback) to finalize status.
  • stripe — uses Stripe Checkout + webhook (/stripe/webhook) to finalize status.

Required Headers

Content-Type: application/json
x-client-key: ck_your_client_key_here
x-secret-key: sk_your_secret_key_here

Example Request

curl -X POST https://payment.progedify.com/api/v1/payment/create \
  -H "Content-Type: application/json" \
  -H "x-client-key: ck_a1b2c3d4e5f6g7h8i9j0" \
  -H "x-secret-key: sk_k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6" \
  -d '{
    "gateway": "sslcommerz",
    "amount": 500,
    "currency": "BDT",
    "customerName": "John Doe",
    "customerEmail": "john@example.com",
    "customerPhone": "01700000000"
  }'
To force a gateway, change gateway to bkash or stripe. If you omit it, customer chooses on checkout.

Example Response

Success (200)
{
  "success": true,
  "statusCode": 200,
  "message": "Payment initiated successfully",
  "data": {
    "transactionId": "txn_1709912345_a1b2c3d4e5f6",
    "gatewayUrl": "https://..."
  }
}

Redirect the user to gatewayUrl to complete the payment on the selected gateway.

Payment Flow

  1. Your app calls POST /api/v1/payment/create with customer info.
  2. Payment Engine initiates a transaction with the chosen gateway (sslcommerz, bkash, or stripe) and returns a gatewayUrl.
  3. Your app redirects the user to the gatewayUrl.
  4. The user completes payment on the gateway.
  5. The gateway notifies Payment Engine (callback/webhook), and Payment Engine finalizes the transaction status.
  6. The user is redirected to your project's successUrl, failUrl, or cancelUrl (behavior varies per gateway).

Redirect Flow

After payment, the user is redirected to the URLs configured in your project. Redirect query parameters vary by gateway.

SSLCommerz / bKash

Payment Engine finalizes the status and redirects with status (and sometimes amount):

https://your-app.com/payment/success?transactionId=txn_xxx&status=success&amount=500
https://your-app.com/payment/fail?transactionId=txn_xxx&status=failed
https://your-app.com/payment/cancel?transactionId=txn_xxx&status=cancelled
Stripe

Stripe redirect URLs include transactionId. Final payment status is confirmed via webhook + status query:

https://your-app.com/payment/success?transactionId=txn_xxx
https://your-app.com/payment/cancel?transactionId=txn_xxx
Stripe tip: After redirect, call GET /api/v1/payment/status/:transactionId from your backend to confirm success.

Stripe Webhook

Stripe payments are finalized through a webhook event. Configure Stripe to send events to:

https://payment.progedify.com/api/v1/payment/stripe/webhook
Payment Engine verifies webhook signatures using your project's Stripe webhook secret (or STRIPE_WEBHOOK_SECRET as a fallback).
Stripe sends the signature in the stripe-signature header. Payment Engine expects raw JSON body for verification.

Query Payments

GET List Payments
GET /api/v1/payment/list
Headers: x-client-key, x-secret-key
GET Get Payment Status
GET /api/v1/payment/status/:transactionId
Headers: x-client-key, x-secret-key

Security Best Practices

  • Never expose your Secret Key in client-side code.
  • Always call the payment API from your backend server.
  • Verify payment status from your backend using GET /api/v1/payment/status/:transactionId before fulfilling orders.
  • Use HTTPS for all API communication.
  • Store your keys in environment variables, never in source code.
  • Rotate keys if you suspect a breach — create a new project and migrate.

Gateway Setup Guide (Step by Step)

This tutorial is designed for beginners. Follow each step and add your screenshot inside every placeholder box.

Follow this flow for all gateways:

1. Create Account
Register and verify your business profile.
2. Get Credentials
Copy API key, secret, and webhook key.
3. Configure URLs
Set callback/webhook URL exactly.

Prerequisites

Business Information
  • Business email, name, and address
  • Owner or authorized person ID documents
  • Bank account details for settlement
Technical Information
  • Public HTTPS server domain
  • Frontend success/fail/cancel URLs
  • Payment Engine project access
For local testing, use a tunnel (for example ngrok) so gateways can reach your callback and webhook URLs.

Callback and Webhook URL Reference

Replace https://YOUR_SERVER_DOMAIN with your real public server URL.

GatewayPurposeURL
SSLCommerzSuccesshttps://YOUR_SERVER_DOMAIN/api/v1/payment/success
SSLCommerzFailhttps://YOUR_SERVER_DOMAIN/api/v1/payment/fail
SSLCommerzCancelhttps://YOUR_SERVER_DOMAIN/api/v1/payment/cancel
bKashCallbackhttps://YOUR_SERVER_DOMAIN/api/v1/payment/bkash/callback
StripeWebhookhttps://YOUR_SERVER_DOMAIN/api/v1/payment/stripe/webhook
NOWPaymentsWebhook/IPNhttps://YOUR_SERVER_DOMAIN/api/v1/payment/webhook/nowpayments

Stripe Account Setup

Stripe
Step 1
Create Stripe Account

Go to dashboard.stripe.com, sign up, verify email, and log in.

Step URL: https://dashboard.stripe.com/register

Stripe signup and email verification
Step 2
Complete Business Verification

Complete business profile, payout details, and any requested identity verification.

Step 3
Get API Secret Key

Open Developers → API keys and copy your secret key (sk_test_... in test mode).

Step URL: https://dashboard.stripe.com/apikeys

Stripe API keys
Step 4
Create Webhook Endpoint

Set webhook URL to https://YOUR_SERVER_DOMAIN/api/v1/payment/stripe/webhook. Enable checkout and payment_intent success/failure events, then copy whsec_....

Dashboard URL: https://dashboard.stripe.com/webhooks

Endpoint URL to paste: https://YOUR_SERVER_DOMAIN/api/v1/payment/stripe/webhook

Stripe webhook endpoint and selected events
Step 5
Switch Test to Live

Test first with sk_test_.... For production, replace with sk_live_... and live webhook secret.

Payment Engine Field Mapping
  • gateways.stripe.secretKey = Stripe secret key
  • gateways.stripe.webhookSecret = Stripe webhook signing secret

SSLCommerz Account Setup

SSLCommerz
Step 1
Create Merchant Account

Register from developer.sslcommerz.com.

Step URL: https://developer.sslcommerz.com/registration/

SSLCommerz merchant registration form
Step 2
Submit KYC and Wait for Credential Email

Complete merchant onboarding and wait for approval. SSLCommerz sends sandbox access details and credentials to the same email address used during registration.

Check: Inbox, Spam, and Promotions folders of your registered email.

Step 3
Collect Store Credentials

Open the SSLCommerz email and copy Store ID, Store Password, Payment API URL, and Validation API URL. If your account is also visible in portal, cross-check values there.

Sandbox Payment API: https://sandbox.sslcommerz.com/gwprocess/v4/api.php
Sandbox Validation API: https://sandbox.sslcommerz.com/validator/api/validationserverAPI.php

Portal URL: https://developer.sslcommerz.com

Step 4
Configure Callback URLs
  • https://YOUR_SERVER_DOMAIN/api/v1/payment/success
  • https://YOUR_SERVER_DOMAIN/api/v1/payment/fail
  • https://YOUR_SERVER_DOMAIN/api/v1/payment/cancel

URLs to paste: success, fail, and cancel endpoints above.

Step 5
Move Sandbox to Live

After successful sandbox test, replace all credentials and API URLs with live values provided by SSLCommerz (usually shared to the registered business email after production approval).

Payment Engine Field Mapping
  • gateways.sslcommerz.storeId = Store ID
  • gateways.sslcommerz.storePass = Store Password
  • gateways.sslcommerz.paymentApi = Payment API URL
  • gateways.sslcommerz.validationApi = Validation API URL

bKash Account Setup

bKash
Step 1
Create Merchant/Developer Account

Open the bKash developer portal and create your merchant/developer account using your business email and phone.

Step URL: https://developer.bka.sh

Step 2
Complete Merchant KYC

Submit required business/KYC information and wait for activation/approval:

  • Business name, address, and contact details
  • Trade license or relevant registration information
  • Authorized person identity details
  • Settlement bank account details
Step 3
Collect API Credentials

After onboarding/approval, collect these values from the bKash dashboard or official credential communication:

  • App Key
  • App Secret
  • Username
  • Password
  • API Base URL (sandbox or production)
Step 4
Set Callback URL

Set callback URL in bKash configuration to https://YOUR_SERVER_DOMAIN/api/v1/payment/bkash/callback.

URL to paste: https://YOUR_SERVER_DOMAIN/api/v1/payment/bkash/callback

Step 5
Test and Go Live

Use sandbox first, then move to live:

  • Test complete payment flow with sandbox credentials and sandbox base URL
  • Confirm callback returns properly to Payment Engine
  • Replace with production credentials and production base URL for live
  • Run one low-value live verification payment before full rollout
Payment Engine Field Mapping
  • gateways.bkash.appKey = App Key
  • gateways.bkash.appSecret = App Secret
  • gateways.bkash.username = Username
  • gateways.bkash.password = Password
  • gateways.bkash.callbackUrl = Optional callback override

NOWPayments Account Setup (Crypto)

NOWPayments
Step 1
Create NOWPayments Account

Sign up at nowpayments.io and verify email.

Step URL: https://nowpayments.io

NOWPayments signup and email verification
Step 2
Open API Settings

Open API settings section where API key and IPN options are available.

NOWPayments API settings dashboard
Step 3
Generate API Key and IPN Key

Generate/copy API key and IPN secret key; store them securely.

NOWPayments API and IPN keys
Step 4
Configure Webhook/IPN URL

Set webhook URL to https://YOUR_SERVER_DOMAIN/api/v1/payment/webhook/nowpayments.

URL to paste: https://YOUR_SERVER_DOMAIN/api/v1/payment/webhook/nowpayments

NOWPayments webhook URL setting
Step 5
Validate Payment Status Flow

Run a low-value test and confirm webhook updates status in Payment Engine correctly.

Payment Engine Field Mapping
  • gateways.crypto.apiKey = NOWPayments API key
  • gateways.crypto.ipnKey = NOWPayments IPN key
  • gateways.crypto.publicKey = Optional public key
  • gateways.crypto.apiUrl = Optional API URL override

Configure in Payment Engine Project

Step 1
Set Redirect URLs

Set these fields in project configuration: successUrl, failUrl, cancelUrl.

Payment Engine project redirect URL configuration
Step 2
Enable Gateways and Save Keys

Enable required gateways and add credentials for each one.

Payment Engine project gateway configuration form
Example Payload
{
  "projectName": "My Shop",
  "successUrl": "https://merchant.example.com/payment/success",
  "failUrl": "https://merchant.example.com/payment/fail",
  "cancelUrl": "https://merchant.example.com/payment/cancel",
  "gateways": {
    "stripe": {
      "enabled": true,
      "secretKey": "sk_test_xxx",
      "webhookSecret": "whsec_xxx"
    },
    "sslcommerz": {
      "enabled": true,
      "storeId": "your_store_id",
      "storePass": "your_store_pass",
      "paymentApi": "https://sandbox.sslcommerz.com/gwprocess/v4/api.php",
      "validationApi": "https://sandbox.sslcommerz.com/validator/api/validationserverAPI.php"
    },
    "bkash": {
      "enabled": true,
      "appKey": "your_app_key",
      "appSecret": "your_app_secret",
      "username": "your_username",
      "password": "your_password",
      "callbackUrl": "https://pay.example.com/api/v1/payment/bkash/callback"
    },
    "crypto": {
      "enabled": true,
      "apiKey": "your_nowpayments_api_key",
      "ipnKey": "your_nowpayments_ipn_key",
      "apiUrl": "https://api.nowpayments.io/v1"
    }
  }
}

Troubleshooting

Webhook/Callback Not Received
  • Ensure URL is public and HTTPS.
  • Confirm route path is exact.
  • Check delivery logs in gateway dashboard.
Signature Verification Failed
  • Check Stripe webhookSecret.
  • Check NOWPayments ipnKey.
  • Do not alter raw webhook body.
Payment Stuck in Pending
  • Avoid mixing test and live credentials.
  • Check callback/webhook logs.
  • Confirm using payment status endpoint.
Go-Live Checklist
  • Keep test and live credentials separate.
  • Store all secrets in backend only.
  • Test both success and failure flows.