Hosted redirect flow
Use a top-level hosted 0Gate redirect when iframe embedding is not the right fit.
Hosted redirect sends the user to a top-level 0Gate-hosted page instead of embedding the iframe inside your page. Use it for restrictive content-security policies, mobile WebViews, in-app browsers, checkout pages that prefer navigation, or any environment where iframe handling is brittle.
Redirect model
SDK redirect
import { GateRamp } from '@0bit/gate/browser';
GateRamp.redirectToCheckout({
publishableKey: import.meta.env.VITE_GATE_PUBLISHABLE_KEY,
clientSecret,
environment: 'sandbox',
theme: 'light',
});Hosted redirect is always session-bound. Create the session server-side first, then redirect with the returned client_secret. Do not manually build long-lived public URLs with secret keys, customer PII, or internal state.
Return handling
| Return path | Use it for | Do not use it for |
|---|---|---|
return_url | Send the user back to a confirmation or pending page. | Final fulfillment. |
cancel_url | Send the user back to a retry, cart, or closed-attempt page. | Proving cancellation without server state. |
| Webhook event | Update durable order, withdrawal, or ledger state. | Browser-only navigation. |
| Server read | Confirm current session state during support or recovery. | Polling every browser render without need. |
When to choose redirect
- Native mobile app launches a hosted WebView or browser session.
- Partner site cannot embed iframes because of CSP, platform, or marketplace rules.
- Checkout flow should leave the merchant page and return after completion.
- You need a session-bound link opened from an email, QR code, or app notification.
Use universal HTTPS return URLs for mobile
0Gate session return URLs are HTTPS-oriented, with loopback allowed for development. For native apps, route through an HTTPS universal link or app link that your mobile app handles after the hosted page returns.