Hosted Checkout is a standardized payment integration solution provided by Infini. Merchants only need to call one API to create an order and redirect users to the Infini-hosted payment page to complete the entire process from currency selection, payment guidance to on-chain transaction monitoring.
In this mode, Infini will be responsible for:
- UI display of the payment page (supporting multiple languages)
- Currency, network, and multiple payment method selection logic (including on-chain payments, Binance Pay, Onramp purchase, and other expandable capabilities)
- Generation and display of payment guidance, QR codes, payment addresses, or third-party payment links
- On-chain transaction monitoring, payment confirmation, and status synchronization
- Order status updates and Webhook callback push
- Exception scenario handling (timeout, partial payment, duplicate payment, late payment, etc.)
Hosted Checkout mode supports future expansion of more payment methods, and merchants do not need to modify front-end logic additionally.
The typical flow of Hosted Checkout mode is as follows:
- Merchant system initiates order creation request
- Call POST /v1/acquiring/order
- Provide order amount, currency, expiration time, merchant display name (optional)
- Returns order_id and checkout_url
- Merchant front-end redirects user to checkout_url
- User enters hosted checkout page
- Displays currency, network, payment amount, countdown, and other information
- User completes on-chain payment
- Select token and network
- Make on-chain transfer
- Infini automatically detects the transaction and starts confirmation
- Infini processes payment status
- Update order status based on on-chain confirmations (processing/paid/expired, etc.)
- User views payment result
- Hosted checkout displays payment success page
- Infini pushes Webhook to merchant
- Webhook notifies order status changes
- Merchant executes business actions such as shipping and granting permissions based on events
Hosted Checkout mode only requires implementing the following three items to go live:
- Call Create Order API
- Redirect user to checkout_url
- Handle Webhook callback events
Infini API uses an authentication mechanism based on HMAC-SHA256 signature to ensure secure, reliable, unforgeable, and tamper-proof communication between merchants and Infini.
The authorization mechanism mainly includes the following elements:
- API Key (keyId): Unique merchant identity identifier, used to identify the caller's identity in the request header.
- Secret Key (Private Key): Used for HMAC-SHA256 signature of request content, only displayed once and must be properly saved.
- Signing String: Composed of keyId, HTTP method, request path, and GMT time.
- Authorization Header: The final signature header, used for server-side verification of request legitimacy.
- Timestamp Requirement: Client time must be within ±300 seconds of server time.
Secret Key must be stored in a secure backend environment (such as KMS) and must not be exposed to front-end or mobile clients.