Accept payments with hosted checkout pages
The OVGC Checkout Sessions API lets you create secure, hosted payment pages. Create a session from your server, redirect your customer to the checkout URL, and we handle the rest.
Hosted Checkout
No payment UI to build
Secure by Default
PCI compliant, encrypted
Multi-Gateway
SellHub, Stripe, and more
Get your API key
Go to Integrations > API Keys and copy your secret key.
Create a checkout session
POST to /api/checkout-sessions with amount, currency, and redirect URLs.
Redirect your customer
Send the customer to the checkout_url returned in the response.
Handle the result
Customer is redirected to your success_url or cancel_url. Verify server-side.
Include your API key in the Authorization header.
Authorization: Bearer ovgc_live_your_api_key_hereNever expose your secret API key in client-side code. Always make API calls from your backend server.
/api/checkout-sessionsCreates a new checkout session and returns a hosted checkout URL.
| Parameter | Type | Required | Description |
|---|---|---|---|
| amount | integer | required | Amount in smallest currency unit (e.g. cents) |
| currency | string | optional | Three-letter ISO currency code. Defaults to USD |
| string | required | Customer email address | |
| product_title | string | optional | Product name shown on checkout page |
| success_url | string | required | Redirect URL after successful payment |
| cancel_url | string | required | Redirect URL after failed/cancelled payment |
| metadata | object | optional | Custom key-value pairs for your reference |
Sessions expire after 30 minutes. This is fixed and cannot be changed.
curl -X POST https://dashboard.ovgcpayments.com/api/checkout-sessions \
-H "Authorization: Bearer ovgc_live_your_api_key" \
-H "Content-Type: application/json" \
-d '{
"amount": 2500,
"currency": "USD",
"email": "customer@example.com",
"product_title": "Premium Plan",
"success_url": "https://yoursite.com/success",
"cancel_url": "https://yoursite.com/cancel"
}'{
"data": {
"session": {
"id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"amount": 2500,
"currency": "USD",
"status": "pending",
"expires_at": "2026-04-14 12:30:00"
},
"checkout_url": "https://billing.ovgcpayments.com/checkout/a1b2c3d4..."
}
}Redirect the customer to checkout_url. This is a fully hosted page.
/api/checkout-sessions/:idVerify the payment server-side before fulfilling the order.
curl https://dashboard.ovgcpayments.com/api/checkout-sessions/SESSION_ID \
-H "Authorization: Bearer ovgc_live_your_api_key"{
"data": {
"id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"amount": 2500,
"currency": "USD",
"status": "completed"
}
}Always verify payment server-side. Never trust client-side redirects alone.
Configure webhooks in your dashboard to receive real-time notifications.
| Event | Description |
|---|---|
| payment.succeeded | Payment was successfully processed |
| payment.declined | Payment was declined |
| refund.created | A refund was initiated |
| payout.completed | Payout was sent to merchant |
const crypto = require('crypto');
function verifyWebhook(payload, signature, secret) {
const timestamp = req.headers['x-webhook-timestamp'];
const expected = crypto
.createHmac('sha256', secret)
.update(`${timestamp}.${payload}`)
.digest('hex');
return `sha256=${expected}` === signature;
}| Status | Description |
|---|---|
| pending | Session created, awaiting payment |
| completed | Payment successful |
| declined | Payment was declined |
| expired | Session expired (30 min timeout) |
| paid | Transaction captured, awaiting settlement |
| settled | Funds moved to available balance |
| Code | Status | Description |
|---|---|---|
| BAD_REQUEST | 400 | Missing or invalid parameters |
| UNAUTHORIZED | 401 | Invalid or missing API key |
| NOT_FOUND | 404 | Session not found |
| SESSION_EXPIRED | 400 | Checkout session has expired |
| INTERNAL_ERROR | 500 | Unexpected server error |
Need help? Email support@ovgcpayments.com