Start with the full payment flow

Complete the common setup, create a payment, configure IPN, test the full flow, then choose how incoming payments should work for your business.

Set up account

→

Create payment

→

Set up IPN

→

Test flow

→

Choose logic

→

Payouts

For developers

Use API snippets and IPN validation examples to connect your backend.

For product teams

Choose the right payment logic: fixed-price payments, balance top-ups, or payouts.

For launch

Use dashboard settings and the go-live checklist before production.

1. Set up your account

Configure the account settings required before creating and processing payments.

Generate API key

Your API key is generated automatically and is required for API integration.

Open API keys

Set base currency

Base currency is the currency in which the price is displayed.

Dashboard > Settings > Payments > Payment details > Base currencyOpen Payment details

Generate IPN secret key

Generate and save the IPN Secret key in Payment Settings tab at the Dashboard.

Dashboard > Settings > Payments > Instant payment notificationsOpen IPN settings

Whitelist NOWPayments IP addresses

Make sure firewall software on your server allows NOWPayments requests. It may be required to whitelist NOWPayments IP addresses on your side. For assistance contact support@nowpayments.io. Don't forget to add IPv-4 and IPv-6 addresses, if you have both. It's important.

2. Create your first payment

Use the Create Payment request and include your IPN callback URL.

You can also accept payments using invoices instead of API payments.

Create Payment API request

Insert your URL address where you want to get callbacks in the create_payment request. The parameter name is ipn_callback_url.

Open API documentation

API documentation snippet

import requests
import json

url = "https://api.nowpayments.io/v1/payment"

payload = json.dumps({
  "price_amount": 3999.5,
  "price_currency": "usd",
  "pay_currency": "btc",
  "ipn_callback_url": "https://nowpayments.io",
  "order_id": "RGDBP-21314",
  "order_description": "Apple Macbook Pro 2019 x 1"
})
headers = {
  'x-api-key': '{{api-key}}',
  'Content-Type': 'application/json'
}

response = requests.request("POST", url, headers=headers, data=payload)

print(response.text)

Payment address

In response, you get pay_address. This is the deposit address where the user should send the money.

3. Set up IPN

IPN sends payment updates to the callback URL specified in your Create Payment request.

IPN flow

Status changes

→

POST to callback URL

→

x-nowpayments-sig

→

Validate signature

Requirement	Details
Endpoint	Set up an endpoint which can receive POST requests from NOWPayments server.
Header	The POST request contains the `x-nowpayments-sig` parameter in the header.
Body	The body is similar to a get payment status response body.
Before production	Make a test request to this endpoint to ensure it works properly.

We can't send POST requests to localhost. Do not use localhost (127.0.0.1) for IPN callbacks.

Server configuration

Check	Requirement
Firewall	A firewall should not prevent NOWPayments POST requests from passing through to the address specified as the IPN callback URL. There can be more than one firewall in the system.
Notification server IPs	Whitelist 51.89.194.21, 51.75.77.69, 138.201.172.58, 65.21.158.36.
Endpoint access	Endpoint must not be closed by authorisation, or other such requirements.
Response time	The endpoint shall respond within 3000 ms.
Hosting / Cloudflare	NOWPayments does not recommend shared-based hosting services. Be extremely careful when setting up Cloudflare if it is an external firewall.

Rate limits

Endpoint	Limit	If exceeded
GET estimate	7 requests per second from one outgoing IP address	429 error code
POST payment	3 requests per second from one outgoing IP address	429 error code
GET /payment/:id	10 requests per second	429 error code

Signature validation steps

Sort the POST request by keys

Convert it to string using JSON.stringify(params, Object.keys(params).sort()) or the same function.

Sign the string

Sign a string with an IPN-secret key with HMAC and sha-512 key.

Compare signatures

Compare the signed string with x-nowpayments-sig, stored in the callback request header.

IPN validation examples

Webhook example: Payments

Payments webhook example

{
"payment_id":123456789,
"parent_payment_id":987654321,
"invoice_id":null,
"payment_status":"finished",
"pay_address":"address",
"payin_extra_id":null,
"price_amount":1,
"price_currency":"usd",
"pay_amount":15,
"actually_paid":15,
"actually_paid_at_fiat":0,
"pay_currency":"trx",
"order_id":null,
"order_description":null,
"purchase_id":"123456789",
"outcome_amount":14.8106,
"outcome_currency":"trx",
"payment_extra_ids":null,
"fee": {
"currency":"btc",
"depositFee":0.09853637216235617,
"withdrawalFee":0,
"serviceFee":0
}
}

Parameter	Use
payment_status	Use payment status when processing payment updates.
outcome_amount	Check the actual amount received.
outcome_currency	Check the currency actually received.
x-nowpayments-sig	Validate the callback signature.
fee	Review fee details when present in the webhook body.

Node.JS signed string example

function sortObject(obj) {
  return Object.keys(obj).sort().reduce(
    (result, key) => {
      result[key] = (obj[key] && typeof obj[key] === 'object') ? sortObject(obj[key]) : obj[key]
      return result
    },
    {}
  )
}
const hmac = crypto.createHmac('sha512', notificationsKey);
hmac.update(JSON.stringify(sortObject(params)));
const signature = hmac.digest('hex');

PHP signed strings comparison example

function tksort(&$array)
  {
  ksort($array);
  foreach(array_keys($array) as $k)
    {
    if(gettype($array[$k])=="array")
      {
      tksort($array[$k]);
      }
    }
  }
function check_ipn_request_is_valid()
    {
        $error_msg = "Unknown error";
        $auth_ok = false;
        $request_data = null;
        if (isset($_SERVER['HTTP_X_NOWPAYMENTS_SIG']) && !empty($_SERVER['HTTP_X_NOWPAYMENTS_SIG'])) {
            $recived_hmac = $_SERVER['HTTP_X_NOWPAYMENTS_SIG'];
            $request_json = file_get_contents('php://input');
            $request_data = json_decode($request_json, true);
            tksort($request_data);
            $sorted_request_json = json_encode($request_data, JSON_UNESCAPED_SLASHES);
            if ($request_json !== false && !empty($request_json)) {
                $hmac = hash_hmac("sha512", $sorted_request_json, trim($this->ipn_secret));
                if ($hmac == $recived_hmac) {
                    $auth_ok = true;
                } else {
                    $error_msg = 'HMAC signature does not match';
                }
            } else {
                $error_msg = 'Error reading POST data';
            }
        } else {
            $error_msg = 'No HMAC signature sent.';
        }
    }

Python signed signatures comparison example

import json 
import hmac 
import hashlib

def np_signature_check(np_secret_key, np_x_signature, message):
    sorted_msg = json.dumps(message, separators=(',', ':'), sort_keys=True)
    digest = hmac.new(
    str(np_secret_key).encode(), 
    f'{sorted_msg}'.encode(),
    hashlib.sha512)
    signature = digest.hexdigest()
    if signature == np_x_signature:
        return
    else:
        print("HMAC signature does not match")

4. Test the full payment flow

Create a payment, receive payment status updates through IPN, and verify the final payment data before granting goods or crediting a balance.

Test checklist

Payment created through API ipn_callback_url included in Create Payment request Server endpoint receives POST requests x-nowpayments-sig is validated Payment status is checked outcome_amount and outcome_currency are checked

Payment statuses

Status	Meaning
`waiting`	Waiting for the customer to send the payment.
`confirming`	The transaction is being processed on the blockchain.
`confirmed`	The process is confirmed by the blockchain.
`sending`	The funds are being sent to your personal address or custody balance.
`finished`	The funds have reached your personal address or custody balance and the payment is finished.
`partially_paid`	A completed payment. This status means you've already received your funds, but the amount sent by your customer was less than the settled price.
`failed`	The payment was not completed due to an error.
`expired`	The user did not send funds within the payment window.

Do not grant goods or services when the payment is in confirming or confirmed statuses.

5. Choose incoming payment logic

Select how incoming payments should be handled. Only the selected logic is shown.

Fixed-price payments

User pays for a product or service with a fixed price.

E-commerceServicesFixed-price items

Balance top-ups

User deposits funds to credit an internal balance.

CasinoBalance top-ups

Fixed-price payments

Aspect	Implementation
Trigger to deliver	`payment.status === 'finished'` only.
Final amount check	Verify that `outcome_amount` in your settlement currency is greater than or equal to the expected price. Payment covering can be used here.
Handling `partially_paid`	Do not deliver unless it fits your model. You can finish this manually.
Repeated Payments Default	`Partially Paid`
Wrong-asset deposits status	`Partially Paid`

Balance top-ups

Aspect	Implementation
Trigger to credit	`payment.status === 'finished'` or `'partially_paid'`.
Final amount check	Not needed for comparison. Credit the user’s balance with `outcome_amount` in `outcome_currency`.
Handling `partially_paid`	Accept it. You can set up a covering percentage to make most of these finished. Credit the amount received.
Repeated Payments Default	`Finished`
Wrong-asset deposits status	`Finished`

In this scenario, you accept the financial risks of underpayments and exchange rate fluctuations in exchange for full automation.

6. Configure dashboard features

Use dashboard features to solve payment processing cases before going live.

Repeated Payments

Set the default payment status for repeated payments made by your user to the same deposit address.

Partially Paid / FinishedOpen Payment details

Wrong-asset deposits auto processing

Process or do not process wrong-asset deposits automatically. Payment status can be set to Partially Paid or Finished.

Open Payment details

Payment Covering

Set the percentage of the payment that needs to be paid for it to be considered completed.

Open Payment details

Network Fee Optimization

Among your wallets, a payment picks the most suitable one and undergoes a conversion resulting in the lowest network fee in total.

Open Payment details

Payment Markup

Allows setting a markup percentage over the initial price, from 0% to 10%.

Open Payment details

My Team

Add team members and customize their access to the main account. Team members need to have a NOWPayments account.

Dashboard > Settings > Account > My Team

7. Send payouts

Choose how you want to send funds: to users by email with ChangeNOW Pro, or to crypto wallets through payouts.

ChangeNOW Pro Payouts

Payout to email with $0 fees and instant delivery.

Email-based payoutsCSV upload$0 fees

Crypto Payouts

Send payouts from Custody to crypto wallet addresses.

Mass PayoutsAPICustody

Crypto Payouts

Open Mass Payouts

Enable Custody

Accept payments to your Custody and send payouts from your Custody to external crypto wallets or wallet addresses of your users.

Open Balances and Payouts

Whitelist settings

Whitelist your IP and all wallet addresses, or request to disable these safety measures from your Dashboard.

Open Whitelist settings

Monitor balance

Use the Get Balance endpoint.

Get Balance API snippet

import requests

url = "https://api.nowpayments.io/v1/balance"

payload={}
headers = {
  'x-api-key': '{{api-key}}'
}

response = requests.request("GET", url, headers=headers, data=payload)

print(response.text)

Authentication / JWT

Get a jwt-token using the Authentification method. Specify the email and password used for signing in into dashboard. jwt-token is valid for 5 minutes.

Authentication / JWT API snippet

import requests

url = "https://api.nowpayments.io/v1/auth"

payload = "{\n    \"email\": \"your_email\",\n    \"password\": \"your_password\" \n}"
headers = {}

response = requests.request("POST", url, headers=headers, data=payload)

print(response.text)

Create payout

Request a payout and specify address, sum, and currency.

Create Payout API snippet

import requests
import json

url = "https://api.nowpayments.io/v1/payout"

payload = json.dumps({
  "ipn_callback_url": "https://nowpayments.io",
  "withdrawals": [
    {
      "address": "TEmGwPeRTPiLFLVfBxXkSP91yc5GMNQhfS",
      "currency": "trx",
      "amount": 200,
      "ipn_callback_url": "https://nowpayments.io"
    },
    {
      "address": "0x1EBAeF7Bee7B3a7B2EEfC72e86593Bf15ED37522",
      "currency": "eth",
      "amount": 0.1,
      "ipn_callback_url": "https://nowpayments.io"
    },
    {
      "address": "0x1EBAeF7Bee7B3a7B2EEfC72e86593Bf15ED37522",
      "currency": "usdc",
      "amount": 1,
      "fiat_amount": 100,
      "fiat_currency": "usd",
      "ipn_callback_url": "https://nowpayments.io"
    }
  ]
})
headers = {
  'Authorization': 'Bearer {{token}}',
  'x-api-key': '{{api-key}}',
  'Content-Type': 'application/json'
}

response = requests.request("POST", url, headers=headers, data=payload)

print(response.text)

Automate 2FA: implement the OTP generation library in your code and set it up in Dashboard → Account settings → Two step authentification → Use an app.

Verify payout

Verify your payout with 2FA using the Verify payout endpoint.

Verify Payout API snippet

import requests
import json

url = "https://api.nowpayments.io/v1/payout/5000000191/verify"

payload = json.dumps({
  "verification_code": "123456"
})
headers = {
  'Authorization': 'Bearer {{token}}',
  'x-api-key': '{{api-key}}',
  'Content-Type': 'application/json'
}

response = requests.request("POST", url, headers=headers, data=payload)

print(response.text)

Get payout status

Monitor the payout status.

Get Payout Status API snippet

import requests

url = "https://api.nowpayments.io/v1/payout/:payout_id"

payload={}
headers = {
  'x-api-key': '{{api-key}}'
}

response = requests.request("GET", url, headers=headers, data=payload)

print(response.text)

Withdrawals webhook example

{
"id":"123456789",
"batch_withdrawal_id":"987654321",
"status":"CREATING",
"error":null,
"currency":"usdttrc20",
"amount":"50",
"address":"address",
"fee":null,
"extra_id":null,
"hash":null,
"ipn_callback_url":"callback_url",
"created_at":"2023-07-27T15:29:40.803Z",
"requested_at":null,
"updated_at":null
}

Start with the full payment flow

For developers

For product teams

For launch

1. Set up your account

Generate API key

Set base currency

Generate IPN secret key

Whitelist NOWPayments IP addresses

2. Create your first payment

Create Payment API request

Payment address

3. Set up IPN

IPN flow

Server configuration

Rate limits

Signature validation steps

Sort the POST request by keys

Sign the string

Compare signatures

IPN validation examples

Webhook example: Payments

4. Test the full payment flow

Test checklist

Payment statuses

5. Choose incoming payment logic

Fixed-price payments

Balance top-ups

Fixed-price payments

Balance top-ups

6. Configure dashboard features

Repeated Payments

Wrong-asset deposits auto processing

Payment Covering

Network Fee Optimization

Payment Markup

My Team

7. Send payouts

ChangeNOW Pro Payouts

Crypto Payouts

ChangeNOW Pro Payouts

Navigate to Mass Payouts

Enter recipient emails and amounts

Send the payouts

Recipients claim funds

Crypto Payouts

Enable Custody

Whitelist settings

Monitor balance

Authentication / JWT

Create payout

Verify payout

Get payout status

8. Go live checklist