/ INTRO

NYC-X REST API.

One POST creates a hosted UPI checkout page. Customers pay to your FamApp UPI directly. NYC-X detects the payment via Gmail IMAP and fires a signed webhook to your server. No PCI scope, no chargebacks, no fees.

Bearer auth ~15s avg verification Signed webhooks Zero-config
/ QUICKSTART

Ship in 60 seconds.

  1. 01Sign up and complete onboarding (business name, FamApp UPI, Gmail App Password).
  2. 02Go to Dashboard → Developers → create a secret API key (starts with nycx_sk_).
  3. 03POST an order below → send checkout_url to your customer.
  4. 04Register a webhook → receive signed payment.success events.
/ AUTH

Authentication.

All requests use Bearer token authentication with your secret key.

Authorization: Bearer nycx_sk_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Never expose your secret key in client-side code. Rotate immediately from the dashboard if leaked.

POST/api/v1/orders

Create an order.

Creates a payment order and returns a hosted checkout URL that expires in 5 minutes.

Request body

amount
required
numberPayment amount in INR. Positive number, up to 2 decimals.
descriptionstringShort human-readable label shown on checkout.
customer_namestringOptional. Attached to the order record.
customer_emailstringOptional. Attached to the order record.
success_redirect_urlstringOptional. If set, the checkout page auto-redirects here 5s after payment.

Response 201

{
  "order": {
    "id": "8b3e1d24-…",
    "amount": 499,
    "status": "pending",
    "expires_at": "2026-07-08T14:30:00Z",
    "success_redirect_url": "https://…"
  },
  "checkout_url": "https://nyc-x.example.com/checkout/8b3e1d24-…",
  "expires_at": "2026-07-08T14:30:00Z"
}
Create order
curl -X POST https://nyc-x.example.com/api/v1/orders \
  -H "Authorization: Bearer nycx_sk_YOUR_SECRET_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "amount": 499,
    "description": "Pro plan",
    "customer_name": "Jane Doe",
    "customer_email": "jane@example.com",
    "success_redirect_url": "https://yoursite.com/thank-you"
  }'
GET/api/v1/orders/{id}

Get order status.

Poll to check if an order is paid, pending, awaiting_utr, or expired. Prefer webhooks over polling in production.

Get order
curl https://nyc-x.example.com/api/v1/orders/ORDER_ID \
  -H "Authorization: Bearer nycx_sk_YOUR_SECRET_KEY"
/ WEBHOOKS

Webhooks.

NYC-X POSTs a JSON payload to your configured URL when payment state changes. Every request is signed with HMAC-SHA256.

Events

  • payment.success — payment verified. Fulfill the order.
  • payment.awaiting_utr — multiple pending orders with same amount, waiting on customer UTR.
  • payment.expired — 5-minute timer elapsed without payment.

Payload

{
  "event": "payment.success",
  "created_at": "2026-07-08T14:32:15.123Z",
  "data": {
    "order": {
      "id": "8b3e1d24-…",
      "amount": 499,
      "status": "paid",
      "utr": "121273691637",
      "transaction_id": "FMPIB6081306209",
      "paid_at": "2026-07-08T14:32:14.900Z",
      "description": "Pro plan"
    }
  }
}

Signature verification

Compute HMAC-SHA256 of the raw request body using your webhook secret. Compare to the X-NYCX-Signature header in constant time.

Verify webhook signature
import hmac, hashlib

def verify(raw_body: bytes, signature_header: str, secret: str) -> bool:
    expected = hmac.new(secret.encode(), raw_body, hashlib.sha256).hexdigest()
    return hmac.compare_digest(expected, signature_header)

# In your webhook handler:
# raw = request.body
# sig = request.headers.get("X-NYCX-Signature")
# if not verify(raw, sig, "whsec_xxx"): abort(400)
# event = json.loads(raw)
/ USE CASES

Where NYC-X fits.

Telegram / Discord bots

Bot user types /pay 499 → you POST an order → send checkout URL to the chat → unlock content on webhook.

E-commerce sites

On “Buy Now”, create an order server-side, redirect to checkout_url. Set success_redirect_url to your thank-you page.

Invoices & quotes

Generate a checkout link, paste into an email/PDF invoice. Customer pays UPI directly. Webhook marks invoice paid.

Courses / digital products

Create an order per student, deliver the download link only after payment.success webhook fires.

/ ERRORS

Error codes.

CodeMeaning
400Invalid amount or malformed body.
401Missing or invalid Bearer token.
403Merchant hasn’t completed onboarding.
404Order not found.
500Server error — safe to retry with same idempotency key.
/ SUPPORT

Need help?

Ping @DebjitFr on Telegram — usually replies within a few hours.