Hosted checkout pages
Describe 0Base hosted checkout pages as review-bound browser surfaces.
Hosted checkout pages let a merchant send the customer to a controlled payment surface while keeping the merchant backend responsible for creation, status, fulfillment, and reconciliation. The hosted page is a UX surface; it is not the system of record for whether the order is paid.
0Base availability is account-gated. Build against capabilities, merchant status, environment mode, and settlement settings instead of assuming that every payment method, asset, network, cadence, or refund path is enabled for every merchant.
0Base product docs and API details
These pages are public product guidance for merchant and platform developers. 0Base endpoint-level API pages are not published for partners yet; use this product documentation to understand the workflow, records, and launch boundaries.
End-to-end picture
This flow is intentionally shown as product infrastructure: Merchant order -> Create checkout -> Hosted page -> Customer action -> Status event -> Merchant fulfillment. The merchant application can make the customer experience simple, but the backend should keep each step visible enough for retries, support, and finance closeout.
Production contract
| Boundary | What to build | Why it matters |
|---|---|---|
| Checkout creation | Backend creates checkout with amount, currency, crypto currency, client reference, and idempotency key. | The merchant owns the order context. |
| Customer redirect | Browser receives a checkout URL or client secret where enabled. | The user can pay without exposing secret credentials. |
| Return handling | Success or cancel redirects are treated as UI hints. | Avoids fulfillment from spoofable browser state. |
| Backend status | Webhook or API read decides paid, failed, or expired. | Keeps fulfillment deterministic. |
| Closeout | Ledger/report joins checkout to payment intent and order. | Finance can audit the checkout later. |
Status and state handling
| State | What it means | Developer action |
|---|---|---|
| Created/open | Object exists and the merchant can show the customer a payment path. | Do not fulfill from creation alone. |
| Payment detected | A customer payment signal exists but final state is not complete. | Show pending and preserve evidence. |
| Processing/confirming | 0Base is still moving through confirmation or settlement logic where enabled. | Keep the merchant order locked. |
| Succeeded/completed | Terminal success for the payment object. | Fulfill, ledger, and export. |
Status handling should be strict even when the customer UI is friendly. Store raw 0Base statuses, map them to customer-safe labels at the edge, and keep the merchant order state separate from the payment object state. That separation lets you change customer copy without corrupting reconciliation.
Example implementation record
This is an application-side record shape for hosted checkout pages. Keep exact request and response fields aligned with your enabled account contract when 0Base API access is released for your partner account; the point of this record is to keep product, support, and finance joined in your system.
{
"checkout_id": "chk_live_123",
"client_reference": "cart_8841",
"amount": "129.00",
"currency": "GBP",
"crypto_currency": "USDC",
"checkout_url": "https://checkout.0bit.app/...",
"status": "open",
"expires_at": "2026-06-28T21:00:00Z"
}Operational scenario
A storefront creates a checkout after the customer confirms shipping and totals. The page can show a spinner or hosted URL immediately, but the store keeps the order in pending payment until a trusted backend state changes.
In practice, production 0Base integrations make the happy path fast while keeping exceptions predictable: retries return the same object, delayed notifications can be repaired, expired sessions do not become mystery payments, and finance exports can be traced back to the original merchant order.
Before and after
| Before 0Base | With 0Base |
|---|---|
| A hosted page redirect marked the order paid. | Backend status marks the order paid. |
| Cart totals changed after checkout creation. | Create a new checkout for changed totals and expire the old one. |
| Checkout URL was reused for a cancelled cart. | Expire checkout objects when the merchant order is cancelled. |
| Customer support saw only a browser session id. | Support sees checkout id, intent id, order id, and event id. |
Evidence to keep
| Evidence | What to store |
|---|---|
| Checkout row | Checkout id, client reference, amount, currency, crypto currency, status, expiry. |
| Order row | Cart hash, tax/shipping total, order status, checkout id. |
| Return log | Redirect result, timestamp, user session, no fulfillment side effect. |
| Event log | Status event id, signature result, processed timestamp. |
| Closeout row | Intent id, ledger id, settlement status, export reference. |
This evidence is what makes the integration supportable at institutional scale. A developer should not need private operational knowledge to answer basic questions such as what the customer saw, which object owns the state, which event announced the change, and which ledger or report row closed the money movement.
Failure modes and recovery
| Failure mode | Recovery |
|---|---|
| Customer pays after order changed | Expire old checkout and create a new object with new amount. |
| Checkout URL is opened twice | Use object status and idempotency to prevent duplicate fulfillment. |
| Page fails to load | Let the user retry creation with the same order flow and support id. |
| Checkout expires while customer is paying | Show recovery copy and create a fresh checkout only from the backend. |
Recovery should be idempotent and explainable. When the system is uncertain, preserve the current raw status, read the latest object state, attach a support reference, and avoid changing fulfillment or finance state until a trusted terminal condition is present.
API adjacency
| API area | Use it for |
|---|---|
POST /checkouts | Create hosted checkout. |
POST /checkouts/{id}/expire | Expire checkout. |
GET /payment_intents/{intentId} | Read payment state. |
GET /webhooks/deliveries | Debug async status delivery. |
For endpoint-level implementation, use the API reference as the source of truth for fields, enums, authentication, idempotency behavior, pagination, and response examples.
Why this matters for merchants and customers
Hosted checkout pages let merchants outsource the payment surface without outsourcing responsibility for order state. The customer gets a focused payment page; the merchant keeps backend authority over fulfillment and reconciliation.
At scale, the value of 0Base is not only that a payment can be created. The value is that the payment can be explained later: what the customer saw, which account capabilities allowed it, which backend state changed, which notification delivered it, and which ledger or report row closed it.
Worked API path
The example below shows the implementation shape for this page. Use merchant-specific capabilities, account settings, and API responses in production; the ids and values here are illustrative.
curl -X POST https://base-api-sandbox.0bit.app/v1/checkouts \
-H "Authorization: Bearer $OBIT_SECRET_KEY" \
-H "Content-Type: application/json" \
-H "Idempotency-Key: ord_100045:base:v1" \
-d '
{
"amount": "129.00",
"currency": "EUR",
"cryptoCurrency": "USDT",
"clientReference": "ord_100045"
}'Example response shape:
{
"checkout_id": "chk_test_123",
"status": "open",
"amount": "129.00",
"currency": "EUR",
"crypto_currency": "USDT",
"payment_intent_id": "pi_test_456",
"checkout_url": "https://checkout.0bit.app/c/chk_test_123",
"expires_at": "2026-06-28T21:00:00Z"
}Implementation checkpoints:
- Store your merchant reference before calling 0Base.
- Attach the returned object id to the same business record.
- Record the request id, idempotency key, raw status, and environment.
- Use webhook and report reads to repair delayed or missed state changes.
Data join map
This join map is the reason 0Base is infrastructure rather than a payment button. A merchant can change checkout UX, support tooling, or finance exports without losing the chain from customer action to backend state and settlement evidence.
Operator runbook
| Signal | Check first | Action |
|---|---|---|
| Customer reports payment not updating | Look up merchant order id, 0Base object id, raw status, and latest webhook delivery. | Read current object state before changing fulfillment. |
| Webhook delivery failed | Check delivery id, event id, attempts, last error, and handler logs. | Fix the handler, replay once, and dedupe by event id. |
| Finance cannot match a row | Compare client reference, intent id, settlement id, report period, and export row. | Move the item to reconciliation queue instead of closing by amount/date. |
| Customer paid but order is still pending | Check raw intent status, deposit-address status, confirmations, and latest report row. | Keep fulfillment pending until terminal success or documented manual review. |
The runbook should be available to support and finance teams before launch. A developer integration is not complete if only engineering can explain the state of a customer payment.
Developer checklist
- Create hosted checkout from the server.
- Never use redirect success alone as paid state.
- Expire stale checkouts on cart/order cancellation.
- Store expiry and raw checkout status.
- Connect checkout to payment intent when provided.
- Test browser close, back button, and expired sessions.