🌐 Hosted Checkout Page Integration
Integrate with HaloPay's hosted checkout page. Customers are redirected to a HaloPay-hosted checkout page. Simplest integration with minimal front-end work.
📦 Step 1: Create Payment Order
Submit payment order and receive payment address
**POST** https://api.pay.halochat.io/api/entrust/pre-create
Return receiving address/QR code and order information
Headers
| Name | Type | Description |
|---|---|---|
| X-Sign* | String | hmacSHA256 (body (json string)+timestamp+appKey). Signature guide. |
| X-Timestamp* | String | Timestamp in seconds (10-digit). The request is valid for two minutes. |
| X-Appid* | String | Merchant's unique credential. Find it on the AppManage page. |
| content-type* | String | application/json |
Request Body
| Name | Type | Required | Description |
|---|---|---|---|
| out_trade_no | String | Yes | Order ID in Merchant's system. A unique ID for every order |
| symbol | String | Yes | Fiat currency symbol |
| amount | String | Yes | Amount (rounded to 2 decimal places) |
| name | String | No | Product name |
| image | String | No | Product image URL |
| describe | String | No | Product description |
| time_expire | String | No | Expiration time (seconds), 0 indicates default |
| callback_url | String | No | callback url |
Request Body Example
{
"out_trade_no": "uz54NEW9TVhLSIDHUSYB4aEFupKoE7I8",
"symbol": "USD",
"amount": "15",
"name": "PRODUCT_NAME",
"image": "https://callback.com/logo.png",
"describe": "CHECKOUT_DESCRIPTION",
"time_expire": 1773750780,
"callback_url": "https://callback.com/"
}
Response (Success 200)
Header
| Name | Value | Required | Type | Description |
|---|---|---|---|---|
| X-Appid | h3j6k9m2n... | Y | String | Merchant's unique credential. Find it on the AppManage page. |
| X-Timestamp | 1677152490 | Y | String | Timestamp in seconds (10-digit). The request is valid for two minutes. |
| X-Sign | e0b78d93... | Y | String | hmacSHA256 (body (json string)+timestamp+appKey). Signature guide. |
Body
{
"code": 0,
"msg": "success",
"data": {
"url": "https://checkout.pay.halochat.io/202603172021145994e1572e91672b34",
"time_expire": 1773750780,
"trade_no": "202603172021145994e1572e91672b34"
}
}
Parameters
| Name | Value | Required | Type | Description |
|---|---|---|---|---|
| code | 0 | true | Integer | |
| message | success | true | String | |
| data | true | Object | ||
| data.url | https://checkout.pay.halochat.io/202603172021145994e1572e91672b34 | true | String | The webpage address used for payment |
| data.time_expire | 1773754032 | true | Integer | Payment deadline |
| data.trade_no | 202603172021145994e1572e91672b34 | true | String | HaloPay order ID |
Response (Fail 200)
{
"code": 10003,
"msg": "Params Error: Invalid amount",
"data": null
}
| Name | Value | Required | Type | Description |
|---|---|---|---|---|
| code | 10003 | true | Number | |
| msg | Service error, please try again | true | String | |
| data | true | Object |
As a security measure, we will sign the returned data (and according to this only { code: 0 } should be signed, but it's signing all the returned body.). Additionally, it will return Appid, Sign, Timestamp in the header of the response. The signature method hmacSHA256 (body (json string)+timestamp+appKey). Please use the data with caution if the signature verification fails. It indicates that the data has been tampered with.
The body of HTTP is a json string. Add the content in body of HTTP to the signature. Ensure the body content matches the signature content. As soon as HaloPay receives the request, the body content will be read and the signature will be verified.