Skip to main content
The official OwnPay Node.js SDK is a zero-dependency, TypeScript-first package for integrating payments into your backend. It uses native fetch and crypto modules with built-in retries and webhook signature verification.

npm

Install via npm, yarn, or pnpm.

GitHub

View source code, report bugs, or contribute.

Prerequisites

  • Node.js 18 or higher
  • An OwnPay API key from Admin > Developer Hub

Installation

Initialize the client

Store your API key in environment variables. Never commit it to version control.

Creating payments

Parameters

Return type

Checking payment status

Payment flow

A typical checkout flow looks like this:

Complete example

Webhook handling

Verify webhook signatures

Always verify webhook signatures to ensure payloads are from OwnPay.
You must use the raw request body (not parsed JSON) for webhook signature verification. In Express, use express.raw({ type: 'application/json' }) middleware.

Webhook event structure

Transactions

Transaction reporting

Refunds

Customers

API key management

API key operations require an API key with both write and admin scopes, and must include the X-Super-Admin-Email header.

Webhook utilities

Health check

Error handling

The SDK provides a comprehensive error hierarchy for precise error handling.

Validation error details

Common error properties

All errors expose these properties:

Request options

All resource methods accept an optional RequestOptions parameter:

Idempotency

Use idempotency keys for POST requests to safely retry without creating duplicates:

Request cancellation

Use AbortSignal to cancel long-running requests:

Retry behavior

The SDK automatically retries failed requests for transient errors:

Configure retries

Tree-shaking

Import only what you need for smaller bundle sizes:

Custom configuration

For self-hosted or white-label deployments:

Troubleshooting

Ensure your API key starts with op_ and is at least 12 characters long.
  • Check that your API key is active and not revoked
  • Ensure you’re using the correct key for your environment (test/live)
Your API key doesn’t have the required permissions:
  • read scope: GET requests
  • write scope: POST/PUT/PATCH/DELETE requests
  • admin scope: API key management operations
  • Ensure you’re using the raw request body (not parsed JSON)
  • Check that the webhook secret matches your configuration
  • Verify the timestamp is within the tolerance window

API reference summary

Last modified on July 16, 2026