Developers
Hosted Checkout
PCI-friendly hosted payment page with customizable branding and supported methods.
Overview
Overview
Hosted Checkout offloads PAN entry to a BoxCharge-hosted page, reducing PCI scope on the merchant side while supporting cards, APMs, and tokenized flows.
Integration
Integration Flow
1. Create Session
Create a checkout session via API with amount, currency, and methods.
2. Redirect Customer
Send the customer to the returned hosted URL.
3. Receive Result
Customer returns to your return_url and you receive a webhook.
Sample
Request / Response
POST /v1/checkout/sessions
POST https://api.boxchrge.com/v1/checkout/sessions
Authorization: Bearer sk_live_***
Content-Type: application/json
{
"amount": 19900,
"currency": "EUR",
"methods": ["card", "ideal", "sepa"],
"branding": { "logo_url": "https://merchant.com/logo.svg" },
"return_url": "https://merchant.com/return"
}
// 200 OK
{
"id": "cs_a1b2...",
"url": "https://checkout.boxchrge.com/cs_a1b2..."
}Authentication
Sessions are created server-side with the bearer key. The session URL is short-lived.
Security Notes
- • Hosted Checkout reduces PCI scope significantly.
- • All sensitive entry happens on BoxCharge infrastructure.
- • Session URLs expire and are single-use.
Notes
Implementation Notes
- • Always trust the webhook for final state — not the return_url query.
- • Customize branding through session parameters.
- • Use one session per checkout attempt.
FAQ
Developer FAQ
Yes. Branding parameters and supported methods can be configured per session.