API Reference
Complete documentation of all TransX402 REST API endpoints — authentication, merchant management, payment facilitation, sandbox, and more.
Base URL
The environment is determined automatically from the API key prefix:
| Key Prefix | Environment | URL |
|---|---|---|
ipk_sandbox_ | Sandbox (Anvil fork) | https://sandbox.transx402.com |
ipk_live_ | Production (Base mainnet) | https://api.transx402.com |
Authentication
| Endpoint Group | Auth | Method |
|---|---|---|
/facilitate | API Key | X-API-Key header |
/payments/* | API Key | X-API-Key header |
/tokens/* | None (public) | — |
/health | None (public) | — |
/verify/:txHash | None (public) | — |
/auth/* | Wallet signature | SIWE |
/merchant/* | Session cookie | Set after /auth/login |
/sandbox/* | Sandbox API Key | X-API-Key header |
Authentication and Registration
POST /auth/register
Register a new merchant account. Requires a SIWE signature to prove wallet ownership.
Request:
Response:
On registration, a sandbox API key is automatically created. Production keys are created separately from the dashboard.
POST /auth/login
Login with wallet signature. Sets a session cookie for dashboard access.
POST /auth/logout
Clear session.
Payment Facilitation
POST /facilitate
Process a signed payment authorization. This is the core endpoint called by x402 clients.
Auth: API Key (X-API-Key header)
Processing pipeline:
- Parse and validate request schema
- Authenticate API key, resolve merchant and environment
- Route to correct chain (sandbox Anvil or production Base)
- Verify token is in the registry
- Verify Permit2 signature
- Check deadline has not passed
- Check nonce has not been used
- Check payer's IDRX balance
- Check payer's Permit2 allowance
- Simulate transaction
- Submit transaction on-chain
- Wait for confirmation
- Record payment in database
- Fire webhook (async)
- Return transaction hash
Payment Status
GET /payments/:txHash
Get the status of a payment by transaction hash.
Auth: API Key
Response:
Status values: pending, confirmed, failed
GET /payments
List payments for the authenticated merchant.
Auth: API Key
Query parameters:
| Param | Type | Description |
|---|---|---|
page | number | Page number (default: 1) |
limit | number | Items per page (default: 20, max: 100) |
status | string | Filter by status |
from | string | Filter by payer address |
since | ISO date | Filter payments after this date |
until | ISO date | Filter payments before this date |
Response:
Merchant Profile
GET /merchant/me
Get the current merchant profile.
Auth: Session cookie
PATCH /merchant/me
Update merchant profile.
Auth: Session cookie
Request:
GET /merchant/stats
Get payment statistics.
Auth: Session cookie
Response:
API Key Management
POST /merchant/api-keys
Create a new API key.
Auth: Session cookie
Request:
Response:
Important: The full key field is only returned once at creation. Store it securely.
GET /merchant/api-keys
List all API keys (shows prefix, label, environment, last used — never the full key).
Auth: Session cookie
DELETE /merchant/api-keys/:id
Revoke an API key.
Auth: Session cookie
Sandbox Utilities
These endpoints are only accessible with sandbox API keys.
POST /sandbox/fund
Fund a test wallet with IDRX on the sandbox chain.
Auth: Sandbox API Key
Request:
Response:
POST /sandbox/reset
Reset sandbox chain state (re-fork from latest Base mainnet block).
Auth: Sandbox API Key
GET /sandbox/wallets
List pre-funded test wallets with IDRX and ETH balances.
Auth: Sandbox API Key
Response:
These are Anvil's deterministic accounts — safe to expose in sandbox only.
Token Information
GET /tokens
List all supported tokens.
Auth: None
GET /tokens/:symbol/price
Get current price information for a token.
Auth: None
Response:
Payment Verification
GET /verify/:txHash
Public endpoint to verify a payment was processed by TransX402. Useful for server-side verification without an API key.
Auth: None
Response:
Health Check
GET /health
Auth: None
Response:
Error Format
All errors follow a consistent format:
Error Codes
| Code | HTTP Status | Description |
|---|---|---|
invalid_signature | 400 | Permit2 signature verification failed |
insufficient_balance | 400 | Payer doesn't have enough tokens |
no_permit2_approval | 400 | Payer hasn't approved Permit2 contract |
expired_deadline | 400 | Payment authorization has expired |
unsupported_token | 400 | Token not in registry |
unsupported_network | 400 | Network not supported for this token |
simulation_failed | 400 | Transaction simulation reverted |
tx_failed | 500 | On-chain transaction reverted |
rate_limited | 429 | Too many requests |
unauthorized | 401 | Invalid or missing API key |
Rate Limits
| Endpoint | Limit |
|---|---|
POST /facilitate | 60/min per IP |
GET /payments/* | 120/min per API key |
POST /merchants/* | 10/min per IP |
| All others | 120/min per IP |