0Bit Documentation
0Pools

Quickstart

Choose the right 0Bit product, set up credentials safely, and build the first server-led integration loop.

0Bit is a product suite for crypto payment, liquidity, routing, merchant checkout, and protocol-activity visibility. The safest first integration is not to call every product at once. Start with the surface that owns your workflow, build one server-led loop, then add product-specific depth.

This page is for all 0Bit products. It gives you the shared integration model first, then points you into 0Gate, 0Pools, 0Base, 0Link, or 0Pools Scan depending on what you are building. 0Gate appears as the most concrete starter example because it is the default hosted path for many external integrations, not because Get Started is only about 0Gate.

Start with product ownership

Use 0Gate for hosted buy, sell, swap, and checkout-style flows. Use 0Pools only when your organization has approved headless liquidity access. Use 0Base for merchant payment objects and settlement records where enabled. Use 0Link for routed or connected workflow review where enabled.

Choose the product surface

Start here0GateHosted buy, sell, swap, checkout, and payment flows with server-created sessions.Open quickstart Approved partners0PoolsHeadless liquidity, quotes, routes, trades, fees, and pool activity.Open quickstart Review gated0BasePayment objects, ledgers, reports, protocol records, and normalized data.Open quickstart Connected apps0LinkLinks for app, account, payment, asset, invoice, and integration workflows.Open quickstart Visibility0Pools ScanExplorer-style status, swaps, pool movement, mint/burn, assets, and analytics.Open quickstart
You are buildingStart withWhy
A wallet, neobank, exchange, marketplace, card app, or consumer app that needs hosted crypto buy/sell/swap0Gate0Bit owns the hosted flow, KYC/payment UX where applicable, session state, and signed webhooks.
A licensed partner with its own native UX and approved liquidity access0PoolsThe partner reads entitled pools, locks quotes, executes once, and reconciles trade status without exposing liquidity internals.
Merchant checkout, invoice, payment-link, payment-intent, settlement, or report objects0BaseThe product shape is payment-object first, with settlement/reporting records rather than a consumer ramp session.
Smart-routing, fallback review, venue abstraction, or connected workflow state0LinkThe product explains routed execution boundaries without making provider-specific details part of the public contract.
Explorer/status pages, support investigation, protocol activity, or dashboard visibility0Pools ScanScan is read visibility and investigation context, not a replacement for signed webhooks.

The first production-shaped loop

The important part is ownership. Your server owns your order, user reference, internal workflow id, idempotency key, fulfillment rule, and reconciliation state. 0Bit owns the product object and emits signed status. The browser is allowed to show progress, but it must not be your final accounting source.

Product starter paths

Each product has a different first object and a different completion signal:

ProductFirst object or readServer actionClient/user actionDurable state
0GateGate sessionCreate a session with sk_* and an idempotency key.Mount hosted/embed flow or redirect the user.Signed webhook plus trusted session/transaction read.
0PoolsEntitled pool or quoteRead entitled pools, create quote, execute once when approved.Usually no hosted 0Bit UI; your app owns the native UX.Trade status, quote/trade ids, events or trusted reads where enabled.
0BaseCheckout, payment intent, invoice, or payment linkCreate the payment object and store your order/invoice reference.Customer completes hosted or product-specific payment flow where enabled.Payment status, settlement/report records, webhook delivery records.
0LinkRoute or connected workflow recordCreate or review route/workflow context where enabled.Show public-safe route state, not provider internals.Route confirmation, status, fallback result, settlement-handling record.
0Pools ScanTransaction/activity queryRead public-safe activity by id, asset, status, or product filter.Show explorer/support visibility.Indexed activity; not a webhook replacement.

Setup values

Use sandbox/test values while building. Secret values stay server-side; publishable and session-scoped values are the only browser-safe values.

OBIT_GATE_API_BASE_URL=https://gate-api-sandbox.0bit.app/v1
OBIT_SECRET_KEY=sk_test_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
NEXT_PUBLIC_OBIT_PUBLISHABLE_KEY=pk_test_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
OBIT_WEBHOOK_SECRET=whsec_test_xxxxxxxxxxxxxxxxxxxxxxxx
Secret keysk_test_*Server only. Create sessions, read protected records, and execute privileged writes.
Publishable keypk_test_*Browser only where allowed. Bootstrap approved hosted or embedded flows.
Client secretsession scopedBrowser-safe for one server-created session. Do not reuse across sessions.
Webhook secretwhsec_*Server only. Verify inbound event signatures before applying business state.
Idempotency keyper writeServer-generated and stored. Retry one logical write without creating duplicates.

Example track: build the first 0Gate flow

The rest of this quickstart uses 0Gate as a concrete example because it exercises the shared 0Bit pattern: server-created object, browser-safe value, hosted user flow, signed webhook, and reconciliation record. If you are integrating 0Pools, 0Base, or 0Link, use the same ownership model and continue into the product quickstart instead of copying the Gate session payload.

1Create recordPartner serverStore your order, amount, currency, user reference, and idempotency key first.
2Create session0Gate APICall POST /gate_sessions with your secret key and idempotency key.
3Mount hosted flowBrowserSend only the publishable key and session client secret to the client.
4Verify eventWebhookVerify the raw-body signature, dedupe by event id, then update your record.

1. Create your own record first

Before calling 0Bit, create an order, checkout, account action, or workflow record in your system. Store:

FieldWhy it matters
Your reference idLets support and finance join your state to the 0Bit object.
Amount and currencyPrevents the browser from becoming the source of payment terms.
User or account idGives your backend a stable owner for fulfillment and support.
Idempotency keyLets you retry a create call without creating duplicate work.
Desired product/flowKeeps the integration from accidentally drifting between 0Gate, 0Pools, 0Base, or 0Link semantics.

2. Create the session server-side

curl -X POST https://gate-api-sandbox.0bit.app/v1/gate_sessions \
  -H "Authorization: Bearer $OBIT_SECRET_KEY" \
  -H "Content-Type: application/json" \
  -H "Idempotency-Key: 00000000-0000-4000-8000-000000000123" \
  -d '{
    "amount": "100.00",
    "currency": "EUR",
    "return_url": "https://app.partner.example/checkout/done",
    "metadata": {
      "order_id": "order_test_123"
    }
  }'

The response includes a session id and client_secret. Store the session id on your backend. Send only the browser-safe client_secret to the client.

3. Mount the hosted experience

import { GateRamp } from '@0bit/gate/browser';

const ramp = new GateRamp({
  publishableKey: process.env.NEXT_PUBLIC_OBIT_PUBLISHABLE_KEY!,
  clientSecret: session.client_secret,
  environment: 'sandbox',
});

await ramp.mount('#gate-container', {
  onSuccess: ({ txId, sessionId }) => {
    console.log({ txId, sessionId });
  },
  onError: ({ code, message }) => {
    console.warn(code, message);
  },
});

Use browser callbacks for UX only. Show a pending, confirming, or completed screen, but run fulfillment from verified backend state.

4. Verify webhooks

import crypto from 'node:crypto';
import express from 'express';

const app = express();

app.post('/webhooks/0bit', express.raw({ type: 'application/json' }), async (req, res) => {
  const rawBody = req.body.toString('utf8');
  const signature = req.header('Gate-Signature') ?? '';

  if (!verifyGateSignature(rawBody, signature, process.env.OBIT_WEBHOOK_SECRET!)) {
    return res.sendStatus(401);
  }

  const event = JSON.parse(rawBody);
  await storeEventOnce(event.id, event);
  await applyBusinessState(event);
  return res.sendStatus(200);
});

function verifyGateSignature(rawBody: string, header: string, secret: string) {
  const parts = Object.fromEntries(header.split(',').map((part) => part.split('=')));
  const timestamp = Number(parts.t);
  const expected = crypto.createHmac('sha256', secret).update(`${timestamp}.${rawBody}`).digest('hex');
  return crypto.timingSafeEqual(Buffer.from(expected, 'hex'), Buffer.from(parts.v1, 'hex'));
}

What good looks like

AreaMinimum production shape
Credentialssk_* and whsec_* are server-only. pk_* and client_secret are browser-safe within their limits.
Retry behaviorEvery state-changing write uses a stored Idempotency-Key.
WebhooksRaw body is verified, event ids are deduped, and duplicate events still return 2xx.
ReconciliationYour records store 0Bit ids, event ids, request ids, and your own reference ids together.
Product boundary0Gate, 0Pools, 0Base, and 0Link pages are not mixed as if they were the same contract.

Continue

What is OBit?

Learn the product map before choosing deeper docs.

Authentication

Review credential types, key placement, webhook signatures, and idempotency.

0Gate quickstart

Build the hosted ramp/session flow in product-specific detail.

0Pools quickstart

Start the approved headless liquidity path.

What is OBit?

Understand the 0Bit platform, the product surfaces, and how developers should choose the right integration path.

On this page

Choose the product surfaceThe first production-shaped loopProduct starter pathsSetup valuesExample track: build the first 0Gate flow1. Create your own record first2. Create the session server-side3. Mount the hosted experience4. Verify webhooksWhat good looks likeContinue