Developer-first
payment API
Create checkout sessions, process payments, handle webhooks, and manage refunds with a clean RESTful API. Integrate in minutes, not weeks.
Quick Start
Accept payments in three steps
From API key to live payments in under 30 minutes.
Get your API keys
Sign up for a CevGate account, navigate to Settings > API Keys in your merchant dashboard. You will get a sandbox key for testing and a live key for production.
# Sandbox (testing) CEVGATE_API_KEY=sk_sandbox_your_key_here # Production (live) CEVGATE_API_KEY=sk_live_your_key_here
Create a checkout session
Make a POST request to create a checkout session. You will receive a URL to redirect your customer to our hosted payment page.
curl -X POST https://api.cevgate.com/v1/checkout/sessions \ -H "Authorization: Bearer sk_sandbox_your_key_here" \ -H "Content-Type: application/json" \ -d '{ "amount": 14999, "currency": "usd", "description": "BPC-157 Research Peptide 5mg", "success_url": "https://yoursite.com/success", "cancel_url": "https://yoursite.com/cancel", "metadata": { "order_id": "ORD-12345" } }'
{
"id": "cs_1a2b3c4d5e6f",
"object": "checkout.session",
"status": "open",
"amount": 14999,
"currency": "usd",
"checkout_url": "https://checkout.cevgate.com/cs_1a2b3c4d5e6f",
"success_url": "https://yoursite.com/success",
"cancel_url": "https://yoursite.com/cancel",
"expires_at": "2026-03-20T13:30:00Z",
"metadata": {
"order_id": "ORD-12345"
}
}
Handle the webhook
When your customer completes payment, we send a webhook to your server. Verify the signature and fulfill the order.
{
"id": "evt_9z8y7x6w5v",
"type": "checkout.session.completed",
"data": {
"session_id": "cs_1a2b3c4d5e6f",
"amount": 14999,
"currency": "usd",
"payment_status": "paid",
"customer_email": "customer@example.com",
"metadata": {
"order_id": "ORD-12345"
}
},
"created_at": "2026-03-20T12:05:33Z"
}
API Overview
Clean, predictable, well-documented
Everything you need to know about the CevGate API at a glance.
Base URL
https://api.cevgate.com/v1
Authentication
Bearer token in the Authorization header.
JSON Responses
All responses are JSON with consistent error formatting and pagination.
Rate Limiting
100 requests/min per key. Headers include X-RateLimit-Remaining.
API Reference
Code examples ready to copy
Each endpoint with cURL request and JSON response.
Create Checkout Session
Creates a new checkout session and returns a URL to redirect your customer to the hosted payment page.
/v1/checkout/sessions
curl -X POST https://api.cevgate.com/v1/checkout/sessions \ -H "Authorization: Bearer sk_live_your_key_here" \ -H "Content-Type: application/json" \ -H "Idempotency-Key: unique_request_id_123" \ -d '{ "amount": 14999, "currency": "usd", "description": "BPC-157 Research Peptide 5mg", "customer_email": "customer@example.com", "success_url": "https://yoursite.com/success?session={CHECKOUT_SESSION_ID}", "cancel_url": "https://yoursite.com/cancel", "metadata": { "order_id": "ORD-12345", "sku": "BPC157-5MG" } }'
{
"id": "cs_1a2b3c4d5e6f",
"object": "checkout.session",
"status": "open",
"amount": 14999,
"currency": "usd",
"description": "BPC-157 Research Peptide 5mg",
"customer_email": "customer@example.com",
"checkout_url": "https://checkout.cevgate.com/cs_1a2b3c4d5e6f",
"success_url": "https://yoursite.com/success?session=cs_1a2b3c4d5e6f",
"cancel_url": "https://yoursite.com/cancel",
"expires_at": "2026-03-20T13:30:00Z",
"metadata": {
"order_id": "ORD-12345",
"sku": "BPC157-5MG"
},
"created_at": "2026-03-20T12:00:00Z"
}
Get Session Status
Retrieves the current status of a checkout session including payment details.
/v1/checkout/sessions/:id
curl https://api.cevgate.com/v1/checkout/sessions/cs_1a2b3c4d5e6f \ -H "Authorization: Bearer sk_live_your_key_here"
{
"id": "cs_1a2b3c4d5e6f",
"object": "checkout.session",
"status": "complete",
"payment_status": "paid",
"amount": 14999,
"currency": "usd",
"description": "BPC-157 Research Peptide 5mg",
"customer_email": "customer@example.com",
"payment_intent": "pi_7g8h9i0j1k",
"gateway": "square",
"metadata": {
"order_id": "ORD-12345",
"sku": "BPC157-5MG"
},
"completed_at": "2026-03-20T12:05:33Z",
"created_at": "2026-03-20T12:00:00Z"
}
Process Refund
Issue a full or partial refund on a completed payment. Amount is in cents.
/v1/refunds
curl -X POST https://api.cevgate.com/v1/refunds \ -H "Authorization: Bearer sk_live_your_key_here" \ -H "Content-Type: application/json" \ -d '{ "payment_intent": "pi_7g8h9i0j1k", "amount": 14999, "reason": "customer_request", "metadata": { "refund_ticket": "TKT-9876" } }'
{
"id": "rf_4m5n6o7p8q",
"object": "refund",
"status": "pending",
"amount": 14999,
"currency": "usd",
"payment_intent": "pi_7g8h9i0j1k",
"reason": "customer_request",
"metadata": {
"refund_ticket": "TKT-9876"
},
"created_at": "2026-03-20T14:22:10Z"
}
Register Webhook Endpoint
Register a URL to receive real-time event notifications. You can subscribe to specific events or receive all events.
/v1/webhooks
curl -X POST https://api.cevgate.com/v1/webhooks \ -H "Authorization: Bearer sk_live_your_key_here" \ -H "Content-Type: application/json" \ -d '{ "url": "https://yoursite.com/webhooks/cevgate", "events": [ "checkout.session.completed", "payment.succeeded", "payment.failed", "refund.succeeded" ] }'
{
"id": "wh_2r3s4t5u6v",
"object": "webhook_endpoint",
"url": "https://yoursite.com/webhooks/cevgate",
"events": [
"checkout.session.completed",
"payment.succeeded",
"payment.failed",
"refund.succeeded"
],
"signing_secret": "whsec_a1b2c3d4e5f6g7h8i9j0",
"status": "active",
"created_at": "2026-03-20T10:00:00Z"
}
Webhooks
Real-time event notifications
Subscribe to the events you care about. We deliver them to your endpoint with guaranteed at-least-once delivery.
| Event | Description |
|---|---|
checkout.session.completed |
Customer completed payment on the checkout page |
checkout.session.expired |
Checkout session expired before customer completed payment |
payment.succeeded |
Payment was successfully captured by the gateway |
payment.failed |
Payment attempt failed (declined, insufficient funds, etc.) |
refund.succeeded |
Refund was successfully processed and returned to customer |
refund.failed |
Refund could not be processed |
dispute.created |
A chargeback or dispute was filed on a payment |
dispute.resolved |
A dispute was resolved (won or lost) |
payout.completed |
Funds were deposited to your bank account |
Security
Webhook signature verification
Every webhook includes an HMAC-SHA256 signature so you can verify it came from CevGate and was not tampered with.
How signature verification works
-
1
We include a
X-CevGate-Signatureheader with each webhook delivery. -
2
Compute an HMAC-SHA256 hash of the raw request body using your webhook signing secret.
-
3
Compare your computed hash with the signature in the header. If they match, the webhook is authentic.
const crypto = require('crypto'); function verifyWebhookSignature(payload, signature, secret) { const expected = crypto .createHmac('sha256', secret) .update(payload, 'utf8') .digest('hex'); return crypto.timingSafeEqual( Buffer.from(expected, 'hex'), Buffer.from(signature, 'hex') ); } // Express.js example app.post('/webhooks/cevgate', express.raw({ type: 'application/json' }), (req, res) => { const signature = req.headers['x-cevgate-signature']; const secret = process.env.CEVGATE_WEBHOOK_SECRET; if (!verifyWebhookSignature(req.body, signature, secret)) { return res.status(401).json({ error: 'Invalid signature' }); } const event = JSON.parse(req.body); switch (event.type) { case 'checkout.session.completed': // Fulfill the order fulfillOrder(event.data.metadata.order_id); break; case 'payment.failed': // Notify customer notifyPaymentFailure(event.data.customer_email); break; } res.status(200).json({ received: true }); });
import hmac import hashlib def verify_webhook_signature(payload, signature, secret): expected = hmac.new( secret.encode('utf-8'), payload.encode('utf-8'), hashlib.sha256 ).hexdigest() return hmac.compare_digest(expected, signature) # Flask example @app.route('/webhooks/cevgate', methods=['POST']) def handle_webhook(): payload = request.get_data(as_text=True) signature = request.headers.get('X-CevGate-Signature') secret = os.environ['CEVGATE_WEBHOOK_SECRET'] if not verify_webhook_signature(payload, signature, secret): return jsonify(error='Invalid signature'), 401 event = request.get_json() # Process the event... return jsonify(received=True), 200
Integrations
Works with any platform
Our REST API integrates with any language or platform. Official SDKs and plugins are on the way.
REST API
Works with any programming language. Node.js, Python, PHP, Ruby, Go, Java — if it can make HTTP requests, it can use CevGate.
Available NowWooCommerce Plugin
One-click installation for WordPress/WooCommerce stores. Enter your API key and start accepting payments immediately.
Coming SoonCustom Platforms
Use our REST API to integrate with Shopify, BigCommerce, custom carts, or any platform that supports external payment gateways.
Available via APITesting
Sandbox test mode
Build and test your integration without processing real payments. Our sandbox mirrors the production API exactly.
Test Card Numbers
- Success:
4242 4242 4242 4242 - Declined:
4000 0000 0000 0002 - 3D Secure:
4000 0000 0000 3220
Sandbox Features
- Identical API to production
- Webhook testing with retry simulation
- Simulated checkout page rendering
- No rate limits during testing
# Sandbox — no real charges curl -X POST https://api.cevgate.com/v1/checkout/sessions \ -H "Authorization: Bearer sk_sandbox_your_key_here" # Production — real charges curl -X POST https://api.cevgate.com/v1/checkout/sessions \ -H "Authorization: Bearer sk_live_your_key_here"
Ready to start building?
Create an account to get your API keys. Start in sandbox mode, go live when you are ready. No credit card required to test.