fetch and crypto modules with built-in retries and webhook signature verification.
npm
Install via npm, yarn, or pnpm.
GitHub
View source code, report bugs, or contribute.
Prerequisites
- Node.js 18 or higher
- An OwnPay API key from Admin > Developer Hub
Installation
- npm
- yarn
- pnpm
Initialize the client
- ESM
- CommonJS
Store your API key in environment variables. Never commit it to version control.
Creating payments
Parameters
Return type
Checking payment status
Payment flow
A typical checkout flow looks like this:Complete example
Webhook handling
Verify webhook signatures
Always verify webhook signatures to ensure payloads are from OwnPay.Webhook event structure
Transactions
Transaction reporting
Refunds
Customers
API key management
Webhook utilities
Health check
Error handling
The SDK provides a comprehensive error hierarchy for precise error handling.Error reference
Error reference
Validation error details
Common error properties
All errors expose these properties:Request options
All resource methods accept an optionalRequestOptions parameter:
Idempotency
Use idempotency keys for POST requests to safely retry without creating duplicates:Request cancellation
UseAbortSignal to cancel long-running requests:
Retry behavior
The SDK automatically retries failed requests for transient errors:Configure retries
Tree-shaking
Import only what you need for smaller bundle sizes:Custom configuration
For self-hosted or white-label deployments:Troubleshooting
Invalid API key format
Invalid API key format
Ensure your API key starts with
op_ and is at least 12 characters long.Authentication failed
Authentication failed
- Check that your API key is active and not revoked
- Ensure you’re using the correct key for your environment (test/live)
Insufficient scope
Insufficient scope
Your API key doesn’t have the required permissions:
readscope: GET requestswritescope: POST/PUT/PATCH/DELETE requestsadminscope: API key management operations
Webhook verification failed
Webhook verification failed
- Ensure you’re using the raw request body (not parsed JSON)
- Check that the webhook secret matches your configuration
- Verify the timestamp is within the tolerance window