Documentación para clientes API PRO

Integra RiskPayGo con datos completos del comprador.

Esta guía explica la integración PRO: cómo usar tus credenciales, qué datos debes enviar, cómo crear una transacción, cómo redirigir al comprador al checkout y cómo validar la notificación de pago en tu sistema.

API PROrequiere datos completos del comprador

US obligatorioestado y código postal si el comprador es de Estados Unidos

API + Webhookcrea pagos y confirma el estado automáticamente

🔌

Integración directa

Usa la API desde WooCommerce, Laravel, PHP, Node.js o cualquier sistema propio capaz de enviar peticiones HTTPS.

🧾

Checkout alojado

Tu web crea el pago y RiskPayGo devuelve un checkout_url. El comprador se redirige a esa URL para completar el pago.

🔐

Firma de webhooks

RiskPayGo firma las notificaciones con HMAC SHA-256 para que puedas verificar que el evento es legítimo.

1. Credenciales necesarias

Entra en tu panel de RiskPayGo y abre la pestaña API. Allí encontrarás los datos que debes copiar en tu integración.

API Base URLURL base para las peticiones. En producción suele ser https://riskpaygo.com/portal/api/plugin.

Merchant IDIdentificador de tu comercio. Se envía en la cabecera X-RPG-Merchant.

API TokenToken privado de autorización. Se envía como Authorization: Bearer TU_API_TOKEN.

Webhook SecretClave usada para comprobar la cabecera X-RPG-Signature de las notificaciones entrantes.

Importante: nunca expongas el API Token ni el Webhook Secret en JavaScript público del navegador. Deben quedar en tu servidor, plugin o backend.

2. Flujo recomendado de cobro

La integración PRO crea el pago desde tu servidor, redirige al comprador al checkout seguro y confirma el resultado mediante webhook.

Pedido creadoTu web crea el pedido con importe, divisa y datos del comprador.

Datos PROEnvías nombre, apellido, email, teléfono, país y fecha de nacimiento.

RiskPayGo APIMandas la petición a /payments/create con tus credenciales.

Checkout URLRiskPayGo devuelve una URL segura de pago.

WebhookTu web recibe la confirmación y actualiza el pedido.

Dominio aprobado: antes de vender en real, añade tu web en Proyectos dentro del panel. RiskPayGo validará que el dominio enviado en site.url pertenece a un proyecto aprobado.

3. Datos obligatorios para API PRO

En API PRO debes enviar datos completos del comprador. El país debe ir en formato ISO de 2 letras, el teléfono en formato internacional y la fecha de nacimiento en formato YYYY-MM-DD.

Objeto `customer`

customer.first_nameNombre del comprador.

customer.last_nameApellido del comprador.

customer.emailEmail válido del comprador.

customer.phoneTeléfono en formato internacional, por ejemplo +34600111222.

customer.countryPaís ISO 2 letras, por ejemplo ES, US o MX.

customer.date_of_birthFecha de nacimiento en formato YYYY-MM-DD.

Objeto `customer_details`

customer_details.first_nameNombre del comprador.

customer_details.last_nameApellido del comprador.

customer_details.country_of_residencePaís de residencia ISO 2 letras.

customer_details.phoneTeléfono en formato internacional.

customer_details.date_of_birthFecha de nacimiento en formato YYYY-MM-DD.

customer_details.state_of_residenceObligatorio si el comprador es de Estados Unidos. Código de 2 letras, por ejemplo FL, CA o NY.

customer_details.post_codeObligatorio si el comprador es de Estados Unidos. ZIP/postal code.

Regla especial para Estados Unidos: si customer_details.country_of_residence es US, envía siempre customer_details.state_of_residence y customer_details.post_code.

4. Comprobar conexión con ping

Este endpoint sirve para comprobar que las credenciales son correctas y que la cuenta está usando el perfil PRO.

GEThttps://riskpaygo.com/portal/api/plugin/ping

Ejemplo cURL

curl -X GET 'https://riskpaygo.com/portal/api/plugin/ping' \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer TU_API_TOKEN' \
  -H 'X-RPG-Merchant: TU_MERCHANT_ID'

Respuesta orientativa

{
  "success": true,
  "merchant_id": "mer_xxxxxxxx",
  "api_profile": "pro",
  "account_status": "approved",
  "currency": "USD",
  "required_customer_fields": [
    "customer.first_name",
    "customer.last_name",
    "customer.email",
    "customer.phone",
    "customer.country",
    "customer.date_of_birth",
    "customer_details.country_of_residence",
    "customer_details.phone",
    "customer_details.date_of_birth"
  ]
}

5. Crear un pago

Envía una petición POST con el pedido y los datos completos del comprador.

POSThttps://riskpaygo.com/portal/api/plugin/payments/create

Campos base obligatorios

merchant_order_idID único del pedido en tu sistema.

amountImporte en USD según los límites activos de tu cuenta PRO.

currencyUsa USD.

site.urlDominio de la tienda o web aprobada en RiskPayGo.

Campos recomendados

notify_urlURL donde recibirás el webhook de confirmación.

return_urlURL para volver después de un pago completado.

cancel_urlURL para volver si el comprador cancela.

site.platformEjemplo: woocommerce, shopify, custom.

Crear pago con cURL

curl -X POST 'https://riskpaygo.com/portal/api/plugin/payments/create' \
  -H 'Accept: application/json' \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer TU_API_TOKEN' \
  -H 'X-RPG-Merchant: TU_MERCHANT_ID' \
  -d '{
    "merchant_order_id": "PED-1001",
    "order_id": 1001,
    "order_key": "wc_order_abc123",
    "amount": "149.99",
    "currency": "USD",
    "customer": {
      "first_name": "Nombre",
      "last_name": "Apellido",
      "email": "cliente@ejemplo.com",
      "phone": "+34600111222",
      "country": "US",
      "date_of_birth": "1990-05-20"
    },
    "customer_details": {
      "first_name": "Nombre",
      "last_name": "Apellido",
      "country_of_residence": "US",
      "state_of_residence": "FL",
      "post_code": "33101",
      "phone": "+34600111222",
      "date_of_birth": "1990-05-20"
    },
    "site": {
      "url": "https://tu-dominio.com/",
      "name": "Mi tienda",
      "platform": "woocommerce",
      "plugin": "riskpaygo-wc"
    },
    "notify_url": "https://tu-dominio.com/wp-json/riskpaygo/v1/webhook",
    "return_url": "https://tu-dominio.com/pago/completado",
    "cancel_url": "https://tu-dominio.com/pago/cancelado"
  }'

Crear pago con PHP

$payload = [
    'merchant_order_id' => 'PED-1001',
    'amount' => '149.99',
    'currency' => 'USD',
    'customer' => [
        'first_name' => 'Nombre',
        'last_name' => 'Apellido',
        'email' => 'cliente@ejemplo.com',
        'phone' => '+34600111222',
        'country' => 'US',
        'date_of_birth' => '1990-05-20',
    ],
    'customer_details' => [
        'first_name' => 'Nombre',
        'last_name' => 'Apellido',
        'country_of_residence' => 'US',
        'state_of_residence' => 'FL',
        'post_code' => '33101',
        'phone' => '+34600111222',
        'date_of_birth' => '1990-05-20',
    ],
    'site' => [
        'url' => 'https://tu-dominio.com/',
        'name' => 'Mi tienda',
        'platform' => 'woocommerce',
    ],
    'notify_url' => 'https://tu-dominio.com/wp-json/riskpaygo/v1/webhook',
    'return_url' => 'https://tu-dominio.com/pago/completado',
    'cancel_url' => 'https://tu-dominio.com/pago/cancelado',
];

$ch = curl_init('https://riskpaygo.com/portal/api/plugin/payments/create');
curl_setopt_array($ch, [
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_POST => true,
    CURLOPT_HTTPHEADER => [
        'Accept: application/json',
        'Content-Type: application/json',
        'Authorization: Bearer TU_API_TOKEN',
        'X-RPG-Merchant: TU_MERCHANT_ID',
    ],
    CURLOPT_POSTFIELDS => json_encode($payload, JSON_UNESCAPED_SLASHES),
]);

$response = curl_exec($ch);
curl_close($ch);

$data = json_decode($response, true);
if (!empty($data['success']) && !empty($data['data']['checkout_url'])) {
    header('Location: ' . $data['data']['checkout_url']);
    exit;
}

Crear pago con Node.js

const response = await fetch('https://riskpaygo.com/portal/api/plugin/payments/create', {
  method: 'POST',
  headers: {
    'Accept': 'application/json',
    'Content-Type': 'application/json',
    'Authorization': 'Bearer TU_API_TOKEN',
    'X-RPG-Merchant': 'TU_MERCHANT_ID'
  },
  body: JSON.stringify({
    merchant_order_id: 'PED-1001',
    amount: '149.99',
    currency: 'USD',
    customer: {
      first_name: 'Nombre',
      last_name: 'Apellido',
      email: 'cliente@ejemplo.com',
      phone: '+34600111222',
      country: 'US',
      date_of_birth: '1990-05-20'
    },
    customer_details: {
      first_name: 'Nombre',
      last_name: 'Apellido',
      country_of_residence: 'US',
      state_of_residence: 'FL',
      post_code: '33101',
      phone: '+34600111222',
      date_of_birth: '1990-05-20'
    },
    site: {
      url: 'https://tu-dominio.com/',
      name: 'Mi tienda',
      platform: 'custom'
    },
    notify_url: 'https://tu-dominio.com/webhook/riskpaygo',
    return_url: 'https://tu-dominio.com/pago/completado',
    cancel_url: 'https://tu-dominio.com/pago/cancelado'
  })
});

const data = await response.json();
if (data.success && data.data.checkout_url) {
  window.location.href = data.data.checkout_url;
}

6. Respuesta esperada

Si el pago se crea correctamente, RiskPayGo devolverá una referencia interna y la URL de checkout.

JSON de ejemplo

{
  "success": true,
  "data": {
    "payment_ref": "RPG-20260313-ABC12345",
    "checkout_url": "https://riskpaygo.com/portal/checkout.php?ref=RPG-20260313-ABC12345",
    "fee_percent": 15,
    "checkout_flow": "secure_checkout",
    "status": "pending"
  }
}

7. Validar webhooks

Cuando el estado del pago cambie, RiskPayGo enviará una notificación a tu notify_url. Valida siempre la firma antes de marcar un pedido como pagado.

X-RPG-SignatureFirma HMAC SHA-256 calculada con tu Webhook Secret.

payment_refReferencia interna devuelta al crear el pago.

merchant_order_idID del pedido en tu sistema.

statusEstado habitual: pending, paid, failed o cancelled.

Validación PHP

$rawBody = file_get_contents('php://input');
$signature = $_SERVER['HTTP_X_RPG_SIGNATURE'] ?? '';
$secret = 'TU_WEBHOOK_SECRET';

$expected = hash_hmac('sha256', $rawBody, $secret);

if (!hash_equals($expected, $signature)) {
    http_response_code(401);
    exit('invalid signature');
}

$event = json_decode($rawBody, true);

if (($event['status'] ?? '') === 'paid') {
    // Marca el pedido como pagado usando merchant_order_id o payment_ref.
}

http_response_code(200);
echo 'ok';

Validación Node.js

import crypto from 'crypto';

function validateRiskPayGoWebhook(rawBody, signature, secret) {
  const expected = crypto
    .createHmac('sha256', secret)
    .update(rawBody)
    .digest('hex');

  return crypto.timingSafeEqual(
    Buffer.from(expected),
    Buffer.from(signature || '')
  );
}

Consejo: procesa los webhooks de forma idempotente. Si recibes dos veces el mismo payment_ref o transaction_id, no dupliques el pedido ni el saldo.

8. Errores frecuentes y cómo resolverlos

Código	Mensaje habitual	Solución
`403`	Merchant no autorizado	Revisa `Merchant ID`, `API Token` y cabecera `Authorization: Bearer`.
`403`	Dominio no aprobado	Añade el dominio en Proyectos y espera aprobación antes de vender en real.
`422`	Datos del comprador incompletos	En API PRO envía nombre, apellido, email, teléfono, país y fecha de nacimiento.
`422`	Faltan datos para comprador de Estados Unidos	Si el país es `US`, envía `customer_details.state_of_residence` y `customer_details.post_code`.
`422`	Importe no permitido	El importe debe respetar los límites activos de tu cuenta.
`500`	Error interno al crear la transacción	Reintenta y contacta con soporte si persiste, incluyendo hora, dominio y `merchant_order_id`.

9. Buenas prácticas de seguridad

Protege tus claves

Guarda el API Token y el Webhook Secret en variables de entorno, ajustes privados del plugin o configuración segura del servidor.

Valida siempre el webhook

No marques pedidos como pagados solo porque llegue una petición a tu endpoint. Comprueba X-RPG-Signature.

Usa HTTPS

Tus URLs notify_url, return_url y cancel_url deben usar HTTPS en producción.

No muestres detalles internos

Al comprador solo debes mostrar el checkout seguro de RiskPayGo y mensajes claros. No expongas tokens ni rutas internas.

10. Checklist antes de activar pagos reales

Credenciales copiadasAPI Base URL, Merchant ID, API Token y Webhook Secret están configurados en tu servidor o plugin.

Dominio aprobadoLa URL enviada en site.url aparece como proyecto aprobado en RiskPayGo.

Datos PRO completosEl comprador incluye nombre, apellido, email, teléfono, país y fecha de nacimiento.

Regla US aplicadaSi el comprador es de Estados Unidos, se envía estado y código postal dentro de customer_details.

Ping correctoEl endpoint /ping responde con success: true y muestra API PRO.

Pago de pruebaLa petición a /payments/create devuelve checkout_url y el comprador puede abrirla.

Webhook validadoTu web valida la firma y marca el pedido como pagado solo cuando recibe status: paid.

Listo: si todos los puntos están correctos, la integración PRO ya está preparada para operar con RiskPayGo.

Documentation for API PRO clients

Integrate RiskPayGo with full customer details.

This guide explains the PRO integration: how to use your credentials, which customer details are required, how to create a transaction, redirect the buyer to checkout and validate the payment notification in your own system.

API PROrequires full customer details

US requiredstate and postal code when the buyer is from the United States

API + Webhookcreate payments and confirm status automatically

🔌

Direct integration

Use the API from WooCommerce, Laravel, PHP, Node.js or any custom system that can send HTTPS requests.

🧾

Hosted checkout

Your website creates the payment and RiskPayGo returns a checkout_url. The buyer is redirected to that URL to pay.

🔐

Webhook signature

RiskPayGo signs notifications with HMAC SHA-256 so you can verify that the event is legitimate.

1. Required credentials

Log in to your RiskPayGo dashboard and open the API tab. You will find the details you need to copy into your integration.

API Base URLBase URL for API requests. In production it is usually https://riskpaygo.com/portal/api/plugin.

Merchant IDYour merchant identifier. Send it in the X-RPG-Merchant header.

API TokenPrivate authorization token. Send it as Authorization: Bearer YOUR_API_TOKEN.

Webhook SecretSecret used to verify the X-RPG-Signature header on incoming notifications.

Important: never expose the API Token or Webhook Secret in public browser JavaScript. They must remain on your server, plugin or backend.

2. Recommended payment flow

The PRO integration creates the payment from your server, redirects the buyer to secure checkout and confirms the result through a webhook.

Order createdYour website creates the order with amount, currency and buyer details.

PRO dataYou send first name, last name, email, phone, country and date of birth.

RiskPayGo APIYou send a request to /payments/create with your credentials.

Checkout URLRiskPayGo returns a secure payment URL.

WebhookYour website receives confirmation and updates the order.

Approved domain: before selling live, add your website under Projects in the dashboard. RiskPayGo will verify that the domain sent in site.url belongs to an approved project.

3. Required data for API PRO

API PRO requires full customer details. The country must use the 2-letter ISO format, phone numbers should use international format and date of birth must use YYYY-MM-DD.

`customer` object

customer.first_nameBuyer first name.

customer.last_nameBuyer last name.

customer.emailValid buyer email address.

customer.phoneInternational phone format, for example +34600111222.

customer.country2-letter ISO country, for example ES, US or MX.

customer.date_of_birthDate of birth in YYYY-MM-DD format.

`customer_details` object

customer_details.first_nameBuyer first name.

customer_details.last_nameBuyer last name.

customer_details.country_of_residence2-letter ISO country of residence.

customer_details.phoneInternational phone format.

customer_details.date_of_birthDate of birth in YYYY-MM-DD format.

customer_details.state_of_residenceRequired when the buyer is from the United States. 2-letter state code, for example FL, CA or NY.

customer_details.post_codeRequired when the buyer is from the United States. ZIP/postal code.

Special rule for the United States: if customer_details.country_of_residence is US, always send customer_details.state_of_residence and customer_details.post_code.

4. Check connection with ping

This endpoint checks that your credentials are correct and that the account is using the PRO profile.

GEThttps://riskpaygo.com/portal/api/plugin/ping

cURL example

curl -X GET 'https://riskpaygo.com/portal/api/plugin/ping' \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer YOUR_API_TOKEN' \
  -H 'X-RPG-Merchant: YOUR_MERCHANT_ID'

Example response

{
  "success": true,
  "merchant_id": "mer_xxxxxxxx",
  "api_profile": "pro",
  "account_status": "approved",
  "currency": "USD",
  "required_customer_fields": [
    "customer.first_name",
    "customer.last_name",
    "customer.email",
    "customer.phone",
    "customer.country",
    "customer.date_of_birth",
    "customer_details.country_of_residence",
    "customer_details.phone",
    "customer_details.date_of_birth"
  ]
}

5. Create a payment

Send a POST request with the order and full customer details.

POSThttps://riskpaygo.com/portal/api/plugin/payments/create

Required base fields

merchant_order_idUnique order ID in your system.

amountAmount in USD according to the active limits of your PRO account.

currencyUse USD.

site.urlStore or website domain approved in RiskPayGo.

Recommended fields

notify_urlURL where you will receive the confirmation webhook.

return_urlURL to return to after a completed payment.

cancel_urlURL to return to if the buyer cancels.

site.platformExample: woocommerce, shopify, custom.

Create payment with cURL

curl -X POST 'https://riskpaygo.com/portal/api/plugin/payments/create' \
  -H 'Accept: application/json' \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer YOUR_API_TOKEN' \
  -H 'X-RPG-Merchant: YOUR_MERCHANT_ID' \
  -d '{
    "merchant_order_id": "ORD-1001",
    "order_id": 1001,
    "order_key": "wc_order_abc123",
    "amount": "149.99",
    "currency": "USD",
    "customer": {
      "first_name": "John",
      "last_name": "Doe",
      "email": "customer@example.com",
      "phone": "+13055550123",
      "country": "US",
      "date_of_birth": "1990-05-20"
    },
    "customer_details": {
      "first_name": "John",
      "last_name": "Doe",
      "country_of_residence": "US",
      "state_of_residence": "FL",
      "post_code": "33101",
      "phone": "+13055550123",
      "date_of_birth": "1990-05-20"
    },
    "site": {
      "url": "https://your-domain.com/",
      "name": "My store",
      "platform": "woocommerce",
      "plugin": "riskpaygo-wc"
    },
    "notify_url": "https://your-domain.com/wp-json/riskpaygo/v1/webhook",
    "return_url": "https://your-domain.com/payment/completed",
    "cancel_url": "https://your-domain.com/payment/cancelled"
  }'

Create payment with PHP

$payload = [
    'merchant_order_id' => 'ORD-1001',
    'amount' => '149.99',
    'currency' => 'USD',
    'customer' => [
        'first_name' => 'John',
        'last_name' => 'Doe',
        'email' => 'customer@example.com',
        'phone' => '+13055550123',
        'country' => 'US',
        'date_of_birth' => '1990-05-20',
    ],
    'customer_details' => [
        'first_name' => 'John',
        'last_name' => 'Doe',
        'country_of_residence' => 'US',
        'state_of_residence' => 'FL',
        'post_code' => '33101',
        'phone' => '+13055550123',
        'date_of_birth' => '1990-05-20',
    ],
    'site' => [
        'url' => 'https://your-domain.com/',
        'name' => 'My store',
        'platform' => 'woocommerce',
    ],
    'notify_url' => 'https://your-domain.com/wp-json/riskpaygo/v1/webhook',
    'return_url' => 'https://your-domain.com/payment/completed',
    'cancel_url' => 'https://your-domain.com/payment/cancelled',
];

$ch = curl_init('https://riskpaygo.com/portal/api/plugin/payments/create');
curl_setopt_array($ch, [
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_POST => true,
    CURLOPT_HTTPHEADER => [
        'Accept: application/json',
        'Content-Type: application/json',
        'Authorization: Bearer YOUR_API_TOKEN',
        'X-RPG-Merchant: YOUR_MERCHANT_ID',
    ],
    CURLOPT_POSTFIELDS => json_encode($payload, JSON_UNESCAPED_SLASHES),
]);

$response = curl_exec($ch);
curl_close($ch);

$data = json_decode($response, true);
if (!empty($data['success']) && !empty($data['data']['checkout_url'])) {
    header('Location: ' . $data['data']['checkout_url']);
    exit;
}

Create payment with Node.js

const response = await fetch('https://riskpaygo.com/portal/api/plugin/payments/create', {
  method: 'POST',
  headers: {
    'Accept': 'application/json',
    'Content-Type': 'application/json',
    'Authorization': 'Bearer YOUR_API_TOKEN',
    'X-RPG-Merchant': 'YOUR_MERCHANT_ID'
  },
  body: JSON.stringify({
    merchant_order_id: 'ORD-1001',
    amount: '149.99',
    currency: 'USD',
    customer: {
      first_name: 'John',
      last_name: 'Doe',
      email: 'customer@example.com',
      phone: '+13055550123',
      country: 'US',
      date_of_birth: '1990-05-20'
    },
    customer_details: {
      first_name: 'John',
      last_name: 'Doe',
      country_of_residence: 'US',
      state_of_residence: 'FL',
      post_code: '33101',
      phone: '+13055550123',
      date_of_birth: '1990-05-20'
    },
    site: {
      url: 'https://your-domain.com/',
      name: 'My store',
      platform: 'custom'
    },
    notify_url: 'https://your-domain.com/webhook/riskpaygo',
    return_url: 'https://your-domain.com/payment/completed',
    cancel_url: 'https://your-domain.com/payment/cancelled'
  })
});

const data = await response.json();
if (data.success && data.data.checkout_url) {
  window.location.href = data.data.checkout_url;
}

6. Expected response

If the payment is created successfully, RiskPayGo will return an internal reference and the checkout URL.

Example JSON

{
  "success": true,
  "data": {
    "payment_ref": "RPG-20260313-ABC12345",
    "checkout_url": "https://riskpaygo.com/portal/checkout.php?ref=RPG-20260313-ABC12345",
    "fee_percent": 15,
    "checkout_flow": "secure_checkout",
    "status": "pending"
  }
}

7. Validate webhooks

When the payment status changes, RiskPayGo sends a notification to your notify_url. Always validate the signature before marking an order as paid.

X-RPG-SignatureHMAC SHA-256 signature calculated with your Webhook Secret.

payment_refInternal reference returned when creating the payment.

merchant_order_idOrder ID in your system.

statusCommon status: pending, paid, failed or cancelled.

PHP validation

$rawBody = file_get_contents('php://input');
$signature = $_SERVER['HTTP_X_RPG_SIGNATURE'] ?? '';
$secret = 'YOUR_WEBHOOK_SECRET';

$expected = hash_hmac('sha256', $rawBody, $secret);

if (!hash_equals($expected, $signature)) {
    http_response_code(401);
    exit('invalid signature');
}

$event = json_decode($rawBody, true);

if (($event['status'] ?? '') === 'paid') {
    // Mark the order as paid using merchant_order_id or payment_ref.
}

http_response_code(200);
echo 'ok';

Node.js validation

import crypto from 'crypto';

function validateRiskPayGoWebhook(rawBody, signature, secret) {
  const expected = crypto
    .createHmac('sha256', secret)
    .update(rawBody)
    .digest('hex');

  return crypto.timingSafeEqual(
    Buffer.from(expected),
    Buffer.from(signature || '')
  );
}

Tip: process webhooks idempotently. If you receive the same payment_ref or transaction_id twice, do not duplicate the order or balance.

8. Common errors and how to fix them

Code	Common message	Solution
`403`	Unauthorized merchant	Check `Merchant ID`, `API Token` and `Authorization: Bearer` header.
`403`	Domain not approved	Add the domain under Projects and wait for approval before selling live.
`422`	Incomplete customer details	For API PRO, send first name, last name, email, phone, country and date of birth.
`422`	Missing details for a United States buyer	If the country is `US`, send `customer_details.state_of_residence` and `customer_details.post_code`.
`422`	Amount not allowed	The amount must respect the active limits of your account.
`500`	Internal error creating the transaction	Retry and contact support if it persists, including time, domain and `merchant_order_id`.

9. Security best practices

Protect your keys

Store the API Token and Webhook Secret in environment variables, private plugin settings or secure server configuration.

Always validate the webhook

Do not mark orders as paid just because a request reaches your endpoint. Verify X-RPG-Signature.

Use HTTPS

Your notify_url, return_url and cancel_url must use HTTPS in production.

Do not expose internal details

The buyer should only see the secure RiskPayGo checkout and clear messages. Do not expose tokens or internal routes.

10. Checklist before enabling live payments

Credentials copiedAPI Base URL, Merchant ID, API Token and Webhook Secret are configured on your server or plugin.

Domain approvedThe URL sent in site.url appears as an approved project in RiskPayGo.

Full PRO detailsThe buyer includes first name, last name, email, phone, country and date of birth.

US rule appliedIf the buyer is from the United States, state and postal code are sent inside customer_details.

Ping successfulThe /ping endpoint responds with success: true and shows API PRO.

Test paymentThe request to /payments/create returns checkout_url and the buyer can open it.

Webhook validatedYour website validates the signature and marks the order as paid only when it receives status: paid.

Ready: if all points are correct, the PRO integration is ready to operate with RiskPayGo.

Integra RiskPayGo con datos completos del comprador.

Integración directa

Checkout alojado

Firma de webhooks

1. Credenciales necesarias

2. Flujo recomendado de cobro

3. Datos obligatorios para API PRO

Objeto customer

Objeto customer_details

4. Comprobar conexión con ping

5. Crear un pago

Campos base obligatorios

Campos recomendados

6. Respuesta esperada

7. Validar webhooks

8. Errores frecuentes y cómo resolverlos

9. Buenas prácticas de seguridad

Protege tus claves

Valida siempre el webhook

Usa HTTPS

No muestres detalles internos

10. Checklist antes de activar pagos reales

Integrate RiskPayGo with full customer details.

Direct integration

Hosted checkout

Webhook signature

1. Required credentials

2. Recommended payment flow

3. Required data for API PRO

customer object

customer_details object

4. Check connection with ping

5. Create a payment

Required base fields

Recommended fields

6. Expected response

7. Validate webhooks

8. Common errors and how to fix them

9. Security best practices

Protect your keys

Always validate the webhook

Use HTTPS

Do not expose internal details

10. Checklist before enabling live payments

Objeto `customer`

Objeto `customer_details`

`customer` object

`customer_details` object