OVGC Payments — Card payments to bank or USDC

Overview

Accept payments with hosted checkout. Create a payment request from your server, redirect the customer to the returned URL, and OVGC handles card processing, PCI compliance, and settlement.

Hosted checkout

No payment UI to build

Secure by default

PCI Level 1, end-to-end encrypted

Global cards

Visa, Mastercard, Amex + 20 more

Base URL

All API requests are made to a single base URL:

url

https://billing.ovgcpayments.com/backend/api

Authentication

The Payments API authenticates each request with your api_key passed in the JSON request body. The key is issued per-seller and is available in your OVGC dashboard under API Keys.

jsonRequest body

{
  "api_key": "YOUR_PAYMENT_API_KEY"
}

Never expose your API key in client-side code. All API requests must originate from your backend server. If a key is leaked, rotate it immediately from the dashboard.

Quick Start

Integrate in four steps

Get your API key

Open your OVGC dashboard → API Keys and copy your payment API key.

Create a payment request

POST to /payment-request-api with api_key, total_amount, order_uuid, and redirect URLs.

Redirect the customer

Send the customer to the url returned in the response.

Verify server-side

Use the webhook delivered to your configured URL to confirm payment before fulfilling the order.

API Reference

Create a payment request

Creates a payment request and returns a hosted checkout URL. Redirect the customer to that URL to collect payment.

POST/payment-request-api

Request parameters

Parameter	Type	Description
`api_key`required	`string`	Your seller API key from the OVGC dashboard.
`order_uuid`required	`string`	Your unique identifier for this order — use it later to look up status.
`total_amount`required	`number`	Amount to charge in major currency units (e.g. `25.00` = $25.00).
`email`required	`string`	Customer email address.
`success_url`required	`string`	Where to redirect the customer after a successful payment.
`cancel_url`required	`string`	Where to redirect if the payment is cancelled or declined.
`product_title`optional	`string`	Product / order name shown on the checkout page.
`first_name`optional	`string`	Customer first name.
`last_name`optional	`string`	Customer last name.

The checkout session expires 30 minutes after the customer opens it. If it expires, create a new payment request with the same order_uuid.

Example request

curl -X POST https://billing.ovgcpayments.com/backend/api/payment-request-api \
  -H "Content-Type: application/json" \
  -d '{
    "api_key": "YOUR_PAYMENT_API_KEY",
    "order_uuid": "ORDER-2026-0001",
    "total_amount": 25.00,
    "product_title": "Premium Plan",
    "email": "customer@example.com",
    "first_name": "John",
    "last_name": "Doe",
    "success_url": "https://yoursite.com/success",
    "cancel_url": "https://yoursite.com/cancel"
  }'

Example response

json200 OK

{
  "status": true,
  "transaction_id": "invoice_67d2a3f8b12e1",
  "url": "https://billing.ovgcpayments.com/checkout/a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}

Redirect the customer to the url in the response. Store transaction_id alongside your order for reconciliation.

Error response

json200 OK (validation failure)

{
  "status": false,
  "error": "The api key field is required."
}

Webhooks

Webhook overview

Configure a webhook endpoint from your OVGC dashboard and OVGC will POST a JSON body to that URL every time a payment status changes. Webhooks are the only server-side way to reconcile orders — always wait for payment_status: "payment.succeeded" before fulfilling.

Webhook delivery retries with exponential backoff for up to 24 hours on any non-2xx response. Make sure your endpoint returns 200 quickly and does heavier work asynchronously.

Payment status values

The payment_status field tells you what happened. The boolean success is a shortcut you can check directly.

payment_status	success	Meaning
payment.succeeded	`true`	Payment succeeded — safe to fulfill the order.
payment.declined	`false`	Payment failed, was declined, or the session expired.

Webhook payload

All payment events share the same payload shape. The boolean success + the payment_status string tell you which transition triggered the webhook.

Payload — paid

jsonPOST /your-endpoint

{
  "webhook_secret": "<your webhook signing secret>",
  "success": true,
  "transaction_id": "invoice_67d2a3f8b12e1",
  "customer_email": "customer@example.com",
  "payment_status": "payment.succeeded"
}

Payload — unpaid (declined / expired / failed)

jsonPOST /your-endpoint

{
  "webhook_secret": "<your webhook signing secret>",
  "success": false,
  "transaction_id": "invoice_67d2a4219b0a8",
  "customer_email": "customer@example.com",
  "payment_status": "payment.declined"
}

Field reference

Parameter	Type	Description
`webhook_secret`required	`string`	The webhook signing secret you saved for this endpoint — check it matches before trusting the payload.
`success`required	`boolean`	`true` when payment succeeded, `false` otherwise.
`transaction_id`required	`string`	OVGC-generated transaction ID.
`customer_email`required	`string`	Email address the customer paid with.
`payment_status`required	`string`	`payment.succeeded` \| `payment.declined`

Verifying the sender

Every webhook body includes the webhook_secret you saved in the dashboard. Compare it against your stored value before trusting the payload — treat any request with a missing or mismatched secret as invalid.

// Express example — verify webhook_secret from body
app.post('/webhooks/ovgc', express.json(), (req, res) => {
  if (req.body.webhook_secret !== process.env.OVGC_WEBHOOK_SECRET) {
    return res.status(401).send('invalid webhook secret');
  }
  const { transaction_id, customer_email, payment_status, success } = req.body;
  if (payment_status === 'payment.succeeded' && success === true) {
    // fulfill the order for customer_email / transaction_id
  }
  res.sendStatus(200);
});

Keep your webhook signing secret out of version control and client-side code. Rotate it anytime from the Webhooks page — old secrets stop working the moment you save the new one.

Reference

Payment statuses

These are the possible values for payment_status in the order-status response and in webhook payloads.

Status	Description
Pending	Payment request created, customer has not completed checkout yet.
Paid	Payment was captured successfully — safe to fulfill the order.
Declined	Gateway declined the card (insufficient funds, fraud rules, 3DS failure…).
Expired	30-minute checkout window elapsed before payment.

Error responses

Errors return status: false plus an error string. The HTTP status code reflects the class of problem.

HTTP	Example	When
`200`	`status: false`	Validation failure — a required field was missing or malformed.
`400`	`Invalid amount`	Requested amount below the gateway minimum.
`400`	`Payment gateway inactive`	Your seller gateway has been disabled by the admin.
`401`	`Unauthorized`	Request hit a protected admin endpoint without a valid JWT.
`500`	`Internal server error`	Unexpected issue — retry and check logs if persistent.

Creating a payment request is safe to retry with the same order_uuid — duplicate requests are handled idempotently.

Need help integrating?

Reach an engineer at support@ovgcpayments.com — typical first response under 1 business day.

Talk to sales