Skip to main contentOverview
Payor APIs are used by the checkout experience to display available tokens, create payment addresses, and poll payment status. These endpoints are safe for browser or mobile clients because they use short-lived session headers generated when you create an invoice.
Authentication
Payor requests use session headers returned when you create an invoice:
x-session-token: pst_...x-signature: sig_...
Do not send merchant or commerce API keys in client-side code.
Common endpoints
/api/v1/payments/session-details/api/v1/payments/available-tokens/api/v1/payments/payment-status/api/v1/payments/payment-addresses/api/v1/payments/customer-email
- Merchant APIs use
x-api-key for server-side merchant operations.
- Commerce APIs use
x-commerce-api-key for checkout and order flows.
Next: Available tokens 
