One modern API.
Anything your client needs.
Tokenize a card, charge it, store it, refund it, settle it, route it across processors, schedule recurring billing, and webhook every event — in REST calls written for developers, not enterprise architects.
# Charge a tokenized card curl -X POST https://api.xraypayment.com/v1/charges \ -H "Authorization: Bearer xrk_live_..." \ -H "Idempotency-Key: a3f2..." \ -d '{ "amount": 2480, "currency": "usd", "source": "tok_1NxYz...", "capture": true, "metadata": { "order_id": "ord_8821" } }' # Response { "id": "ch_3A8z...", "status": "succeeded", "amount": 2480, "network": "visa", "avs_result": "Y", "created": 1714502400 }
The API your incumbents wish they had.
Most processor APIs are SOAP-flavored relics with 30-page integration guides. Ours reads like Stripe, settles like a bank, and supports legacy hardware Stripe never will.
Idempotent by default
Pass an Idempotency-Key on every mutating call. Network glitches don't double-charge customers.
Signed webhooks
Every event is HMAC-signed with your secret. Replay-safe, and we'll re-fire failed deliveries for 72 hours.
Sandbox in 30 seconds
Sign up, copy your test keys, and POST your first charge before your coffee gets cold. Real card-network simulation.
Hosted fields
Drop-in PCI-safe iframe for cards, ACH, and wallet pay. Reduce PCI scope to SAQ-A in one component.
Multi-rail routing
One API surface, three back-end gateways. Smart-route by BIN, amount, or fail-over for max approval rates.
Real-time payouts
Instant funding to debit cards, same-day ACH, or RTP rails — initiated from a single /payouts call.
From card-tap to settled bank in <48 hours.
Every payment traverses the same battle-tested rails. Tokenize, authorize, capture, settle — instrumented end-to-end.
Tokenize
Hosted iframe captures the card. PAN never touches your servers — PCI scope drops to SAQ-A.
Authorize
POST /charges with the token. Routed across NMI, Auth.Net, or XRay rails. 412ms median response.
Capture
Auto-capture on auth or capture-later for fulfillment workflows. Partial captures supported.
Webhook
Signed event fires for every state change. Re-fired up to 72h on failure with exponential backoff.
Settle
Daily batch. Same-day ACH or RTP available. Funds land next business day on standard accounts.
Reconcile
GET /reports/transactions with filters, paginate, export to CSV. Or stream via /events.
The whole product, one resource graph.
All endpoints rooted at https://api.xraypayment.com/v1
/tokens/charges/charges/{id}/capture/refunds/customers/payment_methods/subscriptions/invoices/payouts/disputes/{id}/evidence/balance/reports/transactions/webhooks/terminals/connect100+ endpoints total. Get full API access →
Six official libraries, plus everything else.
Maintained, typed, semver-versioned, and published to your language's package manager. Or use the OpenAPI spec to generate your own.
Three lines to your first charge.
import XRay from '@xraypayment/node'; const xray = new XRay(process.env.XRAY_SECRET_KEY); const charge = await xray.charges.create({ amount: 2480, currency: 'usd', source: 'tok_1NxYz...', capture: true, }); console.log(charge.id, charge.status);
use XRay\Client; $xray = new Client($_ENV['XRAY_SECRET_KEY']); $charge = $xray->charges->create([ 'amount' => 2480, 'currency' => 'usd', 'source' => 'tok_1NxYz...', 'capture' => true, ]); echo $charge->id;
import xray xray.api_key = os.environ["XRAY_SECRET_KEY"] charge = xray.Charge.create( amount=2480, currency="usd", source="tok_1NxYz...", capture=True, ) print(charge.id, charge.status)
# Verify signed webhook in any language app.post('/webhooks/xray', (req, res) => { const sig = req.headers['xray-signature']; const event = xray.webhooks.construct( req.body, sig, process.env.WEBHOOK_SECRET ); switch (event.type) { case 'charge.succeeded': /* fulfill */ case 'subscription.payment_failed': /* email */ case 'dispute.opened': /* alert ops */ } res.sendStatus(200); });
Take care of anything your client throws at you.
Card-present
Drive a Clover, PAX, or Dejavoo terminal from your app via Cloud Pay-API. EMV, contactless, signature, PIN debit.
Card-not-present
Hosted fields, hosted pay page, virtual terminal, click-to-pay invoices. Apple Pay, Google Pay, Click to Pay.
Recurring & subscriptions
Plans, prorations, dunning, smart retries, account updater, mid-cycle upgrades, cancel-at-period-end.
ACH & eCheck
NACHA-compliant debits and credits at 0.50% + $0.25. Returns, NOC, prenotes, same-day origination.
Marketplace & split-pay
Connect-style multi-party payments, automated transfers to sub-merchants, 1099-K reporting included.
Fraud & chargebacks
Velocity rules, 3DS2, BIN block-lists, customizable scoring engine, automated dispute submission.