Skip to main content

Overview

A Hosted Payment Page (HPP) is a secure, customizable checkout page hosted by Hubpay.
It allows your customers to pay using cards, crypto, or bank transfers—without your platform ever touching sensitive payment data.

With HPP, you can generate a payment link via our API and simply redirect your customer to the hosted page.
After payment (or cancellation), we’ll redirect them back to your site.

New to Hubpay payments?
See the Accepting Payments overview for a summary of payment types, supported methods, and key benefits.

Why use the Hosted Payment Page?

  • Security:
    Customer payment data never hits your servers—Hubpay handles PCI and crypto compliance.
  • Flexibility:
    Easily support multiple payment methods, currencies, and customer journeys.
  • Simplicity:
    No need to build or maintain complex checkout forms, handle card vaulting, or manage KYC logic.
  • Branding:
    Customize your payment experience with your logo and colors.

How it works

1. Create a payer (if needed)
If you don’t already have a payerId, create one using the API.

2. Upload a document
Upload a supporting document (e.g. invoice) for compliance and transaction clarity.

3. Generate a payment link
Use the Hubpay API to create a payment link, specifying the execution mode as HOSTED_PAGE along with amount, currency, and payment methods.

Session security:
When you create a payment request in HOSTED_PAGE mode, the generated payment URL now includes a sessionToken (a signed JWT).
This session token is valid for 1 hour and is required to access the hosted page.
If the session expires before payment is completed, you can refresh it using the refresh payment session endpoint.

4. Redirect your customer
Send your customer to the payment link. The Hubpay page will guide them through the payment.

5. Receive updates
After payment or cancellation, Hubpay redirects the customer back to your site using the URLs you provided.
You’ll also receive real-time updates via webhooks or by querying the API.

Flow example

For details on confirming payment completion and integrating webhooks, see Confirming payments and Webhooks.

Session management and expiry

The payment URL contains a sessionToken, which is a short-lived, signed JWT required to access the Hosted Payment Page. This provides an extra layer of security—ensuring each session is authenticated, time-limited, and cannot be reused or tampered with by third parties.

  • The sessionToken is valid for 1 hour.
  • If the session expires before payment is completed, you can refresh it using the refresh payment session API.
    This returns a new payment URL with the latest sessionToken, granting the user an additional 1 hour to complete payment.

Ready to integrate?

See the Getting Started Guide for step-by-step instructions and sample code.