GiganPay API Documentation
Accept cryptocurrency payments with ease using our simple REST API.
Version 1.3.0
Released: July 29, 2025
Released: July 29, 2025
Welcome to GiganPay! This documentation will help you integrate our payment gateway into your application quickly and securely.
What is GiganPay?
GiganPay is a cryptocurrency payment gateway that allows businesses to accept digital payments from customers worldwide. Our API provides a simple way to create payments, track transactions, and receive real-time notifications.
Key Features
- ✅ Accept multiple cryptocurrencies (USDT, USDC, ETH, BTC)
- ✅ Real-time payment notifications via webhooks
- ✅ Secure HMAC-SHA256 authentication
- ✅ Custom checkout pages with white-label domains
- ✅ Comprehensive transaction tracking
- ✅ Blockchain verification with explorer links
- ✅ Payment links for easy integration
- ✅ Multi-currency support
- ✅ No maximum transaction limits
Changelog
Track all changes and updates to the GiganPay API.
Version 1.3.0 Current
Released: July 29, 2025- New: Payment links functionality
- New: Enhanced webhook security with signature verification
- New: Customer country field support
- Updated: Minimum amount increased to $1.00 USD
- Updated: Rate limit increased to 10,000 requests/hour
- Removed: Maximum transaction limit (now unlimited)
- Improved: Error messages are more descriptive
- Improved: Response times optimized by 25%
- Fixed: Webhook retries now work correctly
Version 1.1.0
Released: July 1, 2025- New: Custom success/cancel URLs
- New: Payment description field
- Improved: Blockchain transaction tracking
- Fixed: Currency validation edge cases
Version 1.0.0
Released: June 15, 2025- New: Initial API release
- New: Payment creation and status checking
- New: Webhook notifications
- New: HMAC authentication
Getting Started
Follow these steps to start accepting payments with GiganPay:
1. Get API Credentials
Contact our team to get your merchant account and API credentials.
2. Test Integration
Use our sandbox environment to test your integration safely.
3. Go Live
Deploy your integration and start accepting real payments.
4. Monitor & Scale
Use our dashboard to monitor transactions and scale your business.
Base URLs
- API Base URL:
https://giganpay.com - Checkout Base URL:
https://checkout.giganpay.com
Note: All endpoints include the
.php extension (e.g., /api/create-payment.php). Omitting it will result in a 404 error.
API Limits
| Limit Type | Value | Notes |
|---|---|---|
| Rate Limit | 10,000 requests/hour | Per merchant API key |
| Minimum Order Amount | $1.00 USD | Equivalent in other currencies |
| Maximum Amount | No limit | Process payments of any size |
| Payment Expiry | 1 hour | From creation time |
| Concurrent Requests | 50 per merchant | Simultaneous API calls |
Supported Currencies & Minimum Amounts
GiganPay accepts any currency that conforms to the ISO 4217 standard. The minimum payment amount is the equivalent of $1.00 USD.
Hosted Page Integration
Use our hosted checkout page for the following providers:
- moonpay
- banxa
- transak
- particle
- guardarian
- rampnetwork
- mercuryo
- utorg
- transfi
- stripe
- alchemypay
- topper
- sardine
- upi
- robinhood
- coinbase
- unlimit
- bitnovo
- simpleswap
- simplex
- interac
- swipelux
- revolut
- finchpay
Send customers to a hosted payment page and redirect them using the returned checkout_url.
Authentication
Create an HMAC-SHA256 signature of the request body using your secret key.
<?php
$data = [
'amount' => 100.00,
'currency' => 'USD',
'provider' => 'moonpay'
];
$signature = hash_hmac('sha256', json_encode($data), 'YOUR_SECRET_KEY');
?>const crypto = require('crypto');
const data = {
amount: 100.00,
currency: 'USD',
provider: 'moonpay'
};
const signature = crypto
.createHmac('sha256', 'YOUR_SECRET_KEY')
.update(JSON.stringify(data))
.digest('hex');Create Payment
{
"amount": 100.00,
"currency": "USD",
"provider": "moonpay",
"customer_first_name": "John",
"customer_last_name": "Doe",
"customer_email": "[email protected]",
"customer_ip": "203.0.113.42"
}Parameters
amount– Payment amount.currency– Three-letter ISO 4217 currency code.provider– Payment provider.customer_first_name– Customer's first name.customer_last_name– Customer's last name.customer_email– Customer's email address.customer_ip– End user's IP address (not your server's), e.g.203.0.113.42.
Handle Response
{
"success": true,
"checkout_url": "https://checkout.giganpay.com/pay/abc123"
}SDKs & Code Libraries
<?php
$apiKey = 'YOUR_API_KEY';
$secretKey = 'YOUR_SECRET_KEY';
$data = [
'amount' => 100.00,
'currency' => 'USD',
'provider' => 'moonpay',
'customer_first_name' => 'John',
'customer_last_name' => 'Doe',
'customer_email' => '[email protected]'
];
$signature = hash_hmac('sha256', json_encode($data), $secretKey);
$ch = curl_init();
curl_setopt_array($ch, [
CURLOPT_URL => 'https://giganpay.com/api/create-payment.php',
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => json_encode($data),
CURLOPT_HTTPHEADER => [
'Content-Type: application/json',
'X-API-Key: ' . $apiKey,
'X-Signature: ' . $signature
],
CURLOPT_RETURNTRANSFER => true
]);
$response = curl_exec($ch);
curl_close($ch);
$result = json_decode($response, true);
echo $result['checkout_url'];
?>const crypto = require('crypto');
const apiKey = 'YOUR_API_KEY';
const secretKey = 'YOUR_SECRET_KEY';
const data = {
amount: 100.00,
currency: 'USD',
provider: 'moonpay',
customer_first_name: 'John',
customer_last_name: 'Doe',
customer_email: '[email protected]'
};
const signature = crypto
.createHmac('sha256', secretKey)
.update(JSON.stringify(data))
.digest('hex');
fetch('https://giganpay.com/api/create-payment.php', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'X-API-Key': apiKey,
'X-Signature': signature
},
body: JSON.stringify(data)
})
.then(r => r.json())
.then(res => console.log(res.checkout_url));DATA='{"amount":100.00,"currency":"USD","provider":"moonpay","customer_first_name":"John","customer_last_name":"Doe","customer_email":"[email protected]"}'
SIGNATURE=$(echo -n $DATA | openssl dgst -sha256 -hmac 'YOUR_SECRET_KEY' -binary | xxd -p -c 256)
curl -X POST https://giganpay.com/api/create-payment.php \
-H "Content-Type: application/json" \
-H "X-API-Key: YOUR_API_KEY" \
-H "X-Signature: $SIGNATURE" \
-d "$DATA"const crypto = require('crypto');
const axios = require('axios');
const apiKey = 'YOUR_API_KEY';
const secretKey = 'YOUR_SECRET_KEY';
const data = {
amount: 100.00,
currency: 'USD',
provider: 'moonpay',
customer_first_name: 'John',
customer_last_name: 'Doe',
customer_email: '[email protected]'
};
const signature = crypto
.createHmac('sha256', secretKey)
.update(JSON.stringify(data))
.digest('hex');
axios.post('https://giganpay.com/api/create-payment.php', data, {
headers: {
'X-API-Key': apiKey,
'X-Signature': signature
}
}).then(res => console.log(res.data.checkout_url));import requests, hashlib, hmac, json
api_key = 'YOUR_API_KEY'
secret_key = 'YOUR_SECRET_KEY'
data = {
"amount": 100.00,
"currency": "USD",
"provider": "moonpay",
"customer_first_name": "John",
"customer_last_name": "Doe",
"customer_email": "[email protected]"
}
signature = hmac.new(secret_key.encode(), json.dumps(data).encode(), hashlib.sha256).hexdigest()
res = requests.post('https://giganpay.com/api/create-payment.php', json=data, headers={
"X-API-Key": api_key,
"X-Signature": signature
})
print(res.json()["checkout_url"])import java.net.http.*;
import java.net.URI;
import java.util.*;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;
import com.fasterxml.jackson.databind.ObjectMapper;
String apiKey = "YOUR_API_KEY";
String secretKey = "YOUR_SECRET_KEY";
Map data = new HashMap<>();
data.put("amount", 100.00);
data.put("currency", "USD");
data.put("provider", "moonpay");
data.put("customer_first_name", "John");
data.put("customer_last_name", "Doe");
data.put("customer_email", "[email protected]");
ObjectMapper mapper = new ObjectMapper();
String body = mapper.writeValueAsString(data);
Mac mac = Mac.getInstance("HmacSHA256");
mac.init(new SecretKeySpec(secretKey.getBytes(), "HmacSHA256"));
String signature = DatatypeConverter.printHexBinary(mac.doFinal(body.getBytes())).toLowerCase();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create("https://giganpay.com/api/create-payment.php"))
.header("Content-Type", "application/json")
.header("X-API-Key", apiKey)
.header("X-Signature", signature)
.POST(HttpRequest.BodyPublishers.ofString(body))
.build();
HttpClient client = HttpClient.newHttpClient();
HttpResponse response = client.send(request, HttpResponse.BodyHandlers.ofString());
System.out.println(response.body()); Check Payment Status
Use the status endpoint to retrieve the latest state of a hosted page payment.
GET
/api/status.php?transaction_id={id}
{
"transaction_id": "txn_abc123def456",
"status": "paid",
"message": "Approved",
"amount": 100.00,
"currency": "USD"
}Webhooks
Configure a webhook URL to receive asynchronous updates for hosted page transactions.
{
"transaction_id": "txn_abc123def456",
"status": "declined",
"message": "insufficient_funds",
"amount": 100.00,
"currency": "USD",
"customer_email": "[email protected]",
"customer_name": "John Doe",
"payment_method": null,
"client_ip": "203.0.113.42",
"timestamp": "2025-08-19T10:30:37+00:00"
}Error Handling
| Code | Description |
|---|---|
| 200 | OK - Request successful |
| 201 | Created - Payment created successfully |
| 400 | Bad Request - Missing or invalid parameters |
| 401 | Unauthorized - Invalid API key or signature |
| 403 | Forbidden - Access denied |
| 404 | Not Found - Endpoint does not exist |
| 429 | Too Many Requests - Rate limit exceeded |
| 500 | Server Error - Try again later |
Testing
Hosted pages have no sandbox. Use the form below to send a request and view the response.
Request
Response
H2H Integration (Host-to-Host)
Use host-to-host integration only with this provider:
- H2HPAY
You may pass either h2hpay or the friendly name of one
of your configured gates in the provider field. Friendly
names are resolved to the correct gate internally.
Authentication
Sign the entire request payload, including card and billing details, with your secret key.
Generate the signature on your server over HTTPS. Card data is used only for the HMAC calculation and is never logged or stored.
<?php
$data = [
'amount' => 100.00,
'currency' => 'USD',
'provider' => 'My H2H Gate',
'customer_first_name' => 'John',
'customer_last_name' => 'Doe',
'customer_email' => '[email protected]',
'card_number' => '4917484589897107',
'card_exp_month' => '12',
'card_exp_year' => '2030',
'card_cvv' => '123',
'billing_address' => '123 Main St',
'billing_city' => 'New York',
'billing_state' => 'NY',
'billing_zip' => '10001',
'billing_country' => 'US'
];
$signature = hash_hmac('sha256', json_encode($data), 'YOUR_SECRET_KEY');
?>const crypto = require('crypto');
const data = {
amount: 100.00,
currency: 'USD',
provider: 'My H2H Gate',
customer_first_name: 'John',
customer_last_name: 'Doe',
customer_email: '[email protected]',
card_number: '4917484589897107',
card_exp_month: '12',
card_exp_year: '2030',
card_cvv: '123',
billing_address: '123 Main St',
billing_city: 'New York',
billing_state: 'NY',
billing_zip: '10001',
billing_country: 'US'
};
const signature = crypto
.createHmac('sha256', 'YOUR_SECRET_KEY')
.update(JSON.stringify(data))
.digest('hex');Create Payment
{
"amount": 100.00,
"currency": "USD",
"provider": "My H2H Gate",
"customer_first_name": "John",
"customer_last_name": "Doe",
"customer_email": "[email protected]",
"card_number": "4917484589897107",
"card_exp_month": "12",
"card_exp_year": "2030",
"card_cvv": "123",
"billing_address": "123 Main St",
"billing_city": "New York",
"billing_state": "NY",
"billing_zip": "10001",
"billing_country": "US",
"customer_ip": "203.0.113.42"
}Handle Response
{
"success": false,
"transaction_id": "abc123",
"status": "declined",
"reason": "insufficient_funds"
}In this example the provider was set to the friendly name My H2H Gate. The system maps that name to the appropriate gate before processing.
H2H responses do not include a checkout_url; you receive the transaction result directly.
3D Secure Authentication
If the response includes status "pending" with reason "3ds_required", redirect the customer to the provided redirect_url for additional verification.
{
"success": true,
"transaction_id": "abc123",
"status": "pending",
"reason": "3ds_required",
"redirect_url": "https://3ds.example.com/auth/xyz"
}After completion, check the transaction status or wait for the webhook to confirm the final result.
Status Codes & Reasons
| Status | Reason Examples | Description |
|---|---|---|
approved |
null |
Payment completed successfully. |
declined |
insufficient_funds, card_expired, invalid_cvv, do_not_honour, blocked, card_not_supported |
Issuer rejected the transaction. |
pending |
review, 3ds_required, transaction_to_be_confirmed |
Awaiting further action or review. |
error |
processor_error |
Technical issue prevented processing. |
Testing
Use the form below to send a host-to-host payment request and view the response.
Request
Response
SDKs & Code Libraries
<?php
$apiKey = 'YOUR_API_KEY';
$secretKey = 'YOUR_SECRET_KEY';
$data = [
'amount' => 100.00,
'currency' => 'USD',
'provider' => 'My H2H Gate',
'customer_first_name' => 'John',
'customer_last_name' => 'Doe',
'customer_email' => '[email protected]',
'card_number' => '4917484589897107',
'card_exp_month' => '12',
'card_exp_year' => '2030',
'card_cvv' => '123',
'billing_address' => '123 Main St',
'billing_city' => 'New York',
'billing_state' => 'NY',
'billing_zip' => '10001',
'billing_country' => 'US'
];
$signature = hash_hmac('sha256', json_encode($data), $secretKey);
$ch = curl_init();
curl_setopt_array($ch, [
CURLOPT_URL => 'https://giganpay.com/api/create-payment.php',
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => json_encode($data),
CURLOPT_HTTPHEADER => [
'Content-Type: application/json',
'X-API-Key: ' . $apiKey,
'X-Signature: ' . $signature
],
CURLOPT_RETURNTRANSFER => true
]);
$response = curl_exec($ch);
curl_close($ch);
$result = json_decode($response, true);
echo $result['status'] . ':' . $result['reason'];
?>const crypto = require('crypto');
const apiKey = 'YOUR_API_KEY';
const secretKey = 'YOUR_SECRET_KEY';
const data = {
amount: 100.00,
currency: 'USD',
provider: 'My H2H Gate',
customer_first_name: 'John',
customer_last_name: 'Doe',
customer_email: '[email protected]',
card_number: '4917484589897107',
card_exp_month: '12',
card_exp_year: '2030',
card_cvv: '123',
billing_address: '123 Main St',
billing_city: 'New York',
billing_state: 'NY',
billing_zip: '10001',
billing_country: 'US'
};
const signature = crypto
.createHmac('sha256', secretKey)
.update(JSON.stringify(data))
.digest('hex');
fetch('https://giganpay.com/api/create-payment.php', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'X-API-Key': apiKey,
'X-Signature': signature
},
body: JSON.stringify(data)
})
.then(r => r.json())
.then(res => console.log(res.status, res.reason));DATA='{"amount":100.00,"currency":"USD","provider":"My H2H Gate","customer_first_name":"John","customer_last_name":"Doe","customer_email":"[email protected]","card_number":"4917484589897107","card_exp_month":"12","card_exp_year":"2030","card_cvv":"123","billing_address":"123 Main St","billing_city":"New York","billing_state":"NY","billing_zip":"10001","billing_country":"US"}'
SIGNATURE=$(echo -n $DATA | openssl dgst -sha256 -hmac 'YOUR_SECRET_KEY' -binary | xxd -p -c 256)
curl -X POST https://giganpay.com/api/create-payment.php \\
-H "Content-Type: application/json" \\
-H "X-API-Key: YOUR_API_KEY" \\
-H "X-Signature: $SIGNATURE" \\
-d "$DATA"const crypto = require('crypto');
const axios = require('axios');
const apiKey = 'YOUR_API_KEY';
const secretKey = 'YOUR_SECRET_KEY';
const data = {
amount: 100.00,
currency: 'USD',
provider: 'My H2H Gate',
customer_first_name: 'John',
customer_last_name: 'Doe',
customer_email: '[email protected]',
card_number: '4917484589897107',
card_exp_month: '12',
card_exp_year: '2030',
card_cvv: '123',
billing_address: '123 Main St',
billing_city: 'New York',
billing_state: 'NY',
billing_zip: '10001',
billing_country: 'US'
};
const signature = crypto
.createHmac('sha256', secretKey)
.update(JSON.stringify(data))
.digest('hex');
axios.post('https://giganpay.com/api/create-payment.php', data, {
headers: {
'X-API-Key': apiKey,
'X-Signature': signature
}
}).then(res => console.log(res.data.status, res.data.reason));import requests, hashlib, hmac, json
api_key = 'YOUR_API_KEY'
secret_key = 'YOUR_SECRET_KEY'
data = {
"amount": 100.00,
"currency": "USD",
"provider": "My H2H Gate",
"customer_first_name": "John",
"customer_last_name": "Doe",
"customer_email": "[email protected]",
"card_number": "4917484589897107",
"card_exp_month": "12",
"card_exp_year": "2030",
"card_cvv": "123",
"billing_address": "123 Main St",
"billing_city": "New York",
"billing_state": "NY",
"billing_zip": "10001",
"billing_country": "US"
}
signature = hmac.new(secret_key.encode(), json.dumps(data).encode(), hashlib.sha256).hexdigest()
res = requests.post('https://giganpay.com/api/create-payment.php', json=data, headers={
"X-API-Key": api_key,
"X-Signature": signature
})
print(res.json()["status"], res.json()["reason"])import java.net.http.*;
import java.net.URI;
import java.util.*;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;
import com.fasterxml.jackson.databind.ObjectMapper;
String apiKey = "YOUR_API_KEY";
String secretKey = "YOUR_SECRET_KEY";
Map data = new HashMap<>();
data.put("amount", 100.00);
data.put("currency", "USD");
data.put("provider", "My H2H Gate");
data.put("customer_first_name", "John");
data.put("customer_last_name", "Doe");
data.put("customer_email", "[email protected]");
data.put("card_number", "4917484589897107");
data.put("card_exp_month", "12");
data.put("card_exp_year", "2030");
data.put("card_cvv", "123");
data.put("billing_address", "123 Main St");
data.put("billing_city", "New York");
data.put("billing_state", "NY");
data.put("billing_zip", "10001");
data.put("billing_country", "US");
ObjectMapper mapper = new ObjectMapper();
String body = mapper.writeValueAsString(data);
Mac mac = Mac.getInstance("HmacSHA256");
mac.init(new SecretKeySpec(secretKey.getBytes(), "HmacSHA256"));
String signature = DatatypeConverter.printHexBinary(mac.doFinal(body.getBytes())).toLowerCase();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create("https://giganpay.com/api/create-payment.php"))
.header("Content-Type", "application/json")
.header("X-API-Key", apiKey)
.header("X-Signature", signature)
.POST(HttpRequest.BodyPublishers.ofString(body))
.build();
HttpClient client = HttpClient.newHttpClient();
HttpResponse response = client.send(request, HttpResponse.BodyHandlers.ofString());
System.out.println(response.body()); Check Payment Status
Verify a transaction at any time using the status endpoint.
GET
/api/status.php?transaction_id={id}
{
"transaction_id": "abc123",
"status": "approved",
"reason": null
}Webhooks
Receive asynchronous notifications for host-to-host transactions.
{
"transaction_id": "abc123",
"status": "declined",
"message": "insufficient_funds",
"amount": 100.00,
"currency": "USD",
"customer_email": "[email protected]",
"customer_name": "John Doe",
"payment_method": null,
"client_ip": "203.0.113.42",
"timestamp": "2025-08-19T10:30:37+00:00"
}Legacy webhooks may use reason instead of message.
Error Handling
| Code | Description |
|---|---|
| 200 | OK - Request successful |
| 201 | Created - Payment created successfully |
| 400 | Bad Request - Missing or invalid parameters |
| 401 | Unauthorized - Invalid API key or signature |
| 403 | Forbidden - Access denied |
| 404 | Not Found - Endpoint does not exist |
| 429 | Too Many Requests - Rate limit exceeded |
| 500 | Server Error - Try again later |
Testing
When your admin enables the H2H provider in test mode, send requests to https://giganpay.com using your test API key. The key determines whether you hit the sandbox or live environment. Use the card numbers below to simulate common outcomes.
| Card Number | Status | Reason |
|---|---|---|
| 4917484589897107 | approved | success |
| 4263982640269299 | pending | 3ds_required |
| 4000000000001976 | pending | transaction_to_be_confirmed (you will get success or failed response webhook after 1 Minutes to the webhook URL) |
| 6011000991300009 | declined | blocked |
| 6011111111111117 | declined | insufficient_funds |
| 378282246310005 | declined | do_not_honour |
| 4000000000000002 | declined | card_not_supported |
| 374245455400126 | pending | you will get success or failed response webhook after 2 Minutes to the webhook URL |
These card numbers never reach the real networks and are for sandbox use only. To try them from the command line:
export H2HPAY_API_KEY=sk_test_xxxphp tests/h2hpay_adapter_test.php 4000000000009979- Inspect the printed
statusandreasonfields. For3ds_required, follow theredirect_urlto complete the challenge.