API Documentation.
Integrate the Risksless gateway directly into any stack — WordPress, custom Node/Python backends, mobile apps. The API is open access with no keys. Pass your USDC wallet address in each request and the response contains a hosted checkout URL your customer can pay through.
https://api.risksless.com for all server-side calls, and https://checkout.risksless.com for hosted checkout pages. Both are CORS-enabled for client-side use.
Build a checkout URL.
Card checkouts are a two-step flow. First generate a tracking address bound to your payout wallet, then send the customer to the hosted checkout URL.
Step 1 — Generate a tracking address
GEThttps://api.risksless.com/control/wallet.php ?address=0xYourPolygonWalletAddress &callback=https%3A%2F%2Fyoursite.com%2Fwebhook%3Forder%3D42
| PARAMETER | REQUIRED | DESCRIPTION |
|---|---|---|
address | Yes | Merchant USDC Polygon wallet (0x…). All settlements are delivered here. |
callback | Yes | URL-encoded HTTPS URL. Called on payment success with transaction details. Embed your order ID as a query param so you can correlate. |
Response
{
"address_in": "0x8f2a91c84e3d…", # the tracking address — use this in step 2
"address_out": "0xYourPolygonWalletAddress",
"callback_url": "https://yoursite.com/webhook?order=42"
}
Step 2 — Redirect the customer to checkout
For the recommended hosted flow (provider=hosted) use /pay.php. For every other provider use /process-payment.php.
GEThttps://checkout.risksless.com/pay.php ?address=0x8f2a91c84e3d… # address_in from step 1 &amount=99.00 ¤cy=USD &provider=hosted &email=customer@example.com # optional
| PARAMETER | REQUIRED | DESCRIPTION |
|---|---|---|
address | Yes | The address_in returned by step 1 — NOT your main wallet. |
amount | Yes | Amount to charge. Provider-specific minimums apply (query /control/provider-status/). |
currency | Yes | USD, EUR, CAD, or INR. Several providers are currency-locked (see constraints below). |
provider | Yes | One of the ids returned by /control/provider-status/ — e.g. hosted, stripe, wert, transfi, robinhood, upi, interac, ideal. |
email | No | Customer email for receipts. If omitted, the checkout page will prompt. |
stripe, wert, transfi, robinhood accept USD only · upi accepts INR only · interac accepts CAD only · ideal accepts EUR only. The hosted flow accepts all four currencies.
JavaScript example
// 1. Generate the tracking address const callback = encodeURIComponent('https://yoursite.com/webhook?order=42'); const res = await fetch( `https://api.risksless.com/control/wallet.php?address=0xYourWallet&callback=${callback}` ); const { address_in } = await res.json(); // 2. Redirect the customer — embed address_in RAW (it's already URL-safe). // Using URLSearchParams would double-encode it and break /process-payment.php. const email = encodeURIComponent('customer@example.com'); window.location.href = `https://checkout.risksless.com/pay.php?address=${address_in}` + `&amount=99.00¤cy=USD&provider=hosted&email=${email}`;
address_in. When your API is white-labeled, address_in is an encrypted token containing %2F and %3D characters. Passing it through encodeURIComponent or URLSearchParams will produce %252F / %253D and the checkout will silently fail once the customer picks a provider.
Generate a receiving address.
Mints a one-time address that forwards any incoming crypto to your destination wallet. Every endpoint is namespaced by ticker (e.g. polygon/usdc, trc20/usdt, btc, sol/usdc).
Mint a receiving address
GEThttps://api.risksless.com/crypto/polygon/usdc/wallet.php ?address=0xYourDestinationWallet &callback=https%3A%2F%2Fyoursite.com%2Fwebhook%3Forder%3D42
Response
{
"address_in": "0x8f2a91c84e3d…", # the receiving address — give this to the customer
"address_out": "0xYourDestinationWallet",
"callback_url": "https://yoursite.com/webhook?order=42"
}
Convert fiat to crypto amount
GEThttps://api.risksless.com/crypto/polygon/usdc/convert.php ?from=USD &value=99.00 # Response { "value_coin": "99.00", "coin": "usdc" }
Render a QR code for the receiving address
GEThttps://api.risksless.com/crypto/polygon/usdc/qrcode.php?address=0x8f2a91c84e3d… # Response — qr_code is a base64 PNG you can inline { "status": "success", "qr_code": "iVBORw0KGgoAAAANS…" }
Get ticker info & minimums
GEThttps://api.risksless.com/crypto/polygon/usdc/info.php # Response includes coin metadata and the minimum amount accepted { "minimum": "1.00", "name": "USD Coin (Polygon)", ... }
Supported tickers
Tickers are path segments. Common examples: btc, ltc, doge, eth, trx, polygon/usdc, polygon/usdt, polygon/pol, erc20/usdc, erc20/usdt, erc20/dai, bep20/usdc, bep20/usdt, bep20/bnb, trc20/usdt, sol/usdc, sol/sol, base/usdc, arbitrum/usdc, optimism/usdc, avax-c/usdc, linea/usdc. See the crypto wallet generator for the full list.
List active card providers.
Returns every routing provider, its status, display name, and per-provider minimum. Poll this at page load to render a live provider picker.
GEThttps://api.risksless.com/control/provider-status/ # Response { "providers": [ { "id": "hosted", "provider_name": "Hosted Checkout", "status": "active", "minimum_amount": 1 }, { "id": "stripe", "provider_name": "Stripe", "status": "active", "minimum_amount": 1 }, { "id": "wert", "provider_name": "Wert", "status": "active", "minimum_amount": 30 } ] }
Get notified on settlement.
The callback URL you pass to /control/wallet.php (or any /crypto/{ticker}/wallet.php) is called by GET when the corresponding address_in receives funds. This is the authoritative signal that a payment settled — tracking is event-driven, not poll-based.
# When a payment clears, we hit your callback URL as a GET with these params: GET https://yoursite.com/webhook?order=42 &address_in=0x8f2a91c84e3d… &address_out=0xYourWallet &value_coin=99.00 &coin=usdc &txid_in=0x9af2c1… # customer → address_in &txid_out=0xbc77d2… # address_in → your wallet &confirmations=3
Return a 2xx within 10 seconds or the callback will be retried. Include your own order/reference ID in the callback URL query string when you call wallet.php — it's preserved through to the callback so you can correlate on your side.
Vanilla PHP in two calls.
For PHP merchants without WooCommerce / WHMCS / OpenCart / PrestaShop, the same flow drops into a single-file SDK. Zero dependencies, no composer.
Download risksless-php-sdk.zip, drop Risksless.php into your project, and require_once it. Requires PHP 7.2+ and the curl extension.
Server-side: create a payment
// Persist $payment['address_in'] alongside your order, then redirect. require_once __DIR__ . '/Risksless.php'; $r = new Risksless('0xYourPolygonWallet'); $payment = $r->createPayment([ 'order_id' => 'INV-1042', 'amount' => 99.00, 'currency' => 'USD', 'email' => 'customer@example.com', 'callback_url' => 'https://yoursite.com/risksless-cb.php', // 'provider' => 'stripe', // optional; default is the hosted picker ]); header('Location: ' . $payment['redirect_url']); exit;
Callback endpoint: verify settlement
// risksless-cb.php — the URL you passed as callback_url above. require_once __DIR__ . '/Risksless.php'; $r = new Risksless('0xYourPolygonWallet'); $result = $r->verifyCallback($_GET, [ 'expected_amount' => 99.00, 'expected_currency' => 'USD', ]); if ($result['ok']) { // Mark the order paid; $result['txid_out'] is the on-chain payout tx. echo 'OK'; } else { http_response_code(400); echo $result['reason']; // 'underpaid', 'missing_value_coin'… }
Default settlement threshold is 60% — pass a second argument to the constructor (new Risksless($wallet, 0.95)) to require ≥ 95% of expected before accepting. Supported provider values: hosted (default), revolut, stripe, paypal, rampnetwork, transak, moonpay, banxa, utorg, transfi, sardine, topper, bitnovo, robinhood, upi, interac, simplex, binance, customprovider.
Need more detail?
The full Postman collection includes every endpoint, parameter edge case, and response schema.