A clean REST API, HMAC-signed webhooks, and API key management — everything you need to integrate payments into any system.
Standard JSON over HTTPS. Bearer token auth with scoped API keys. No SDKs required.
Every webhook payload is signed with SHA-256. Verify the X-Webhook-Signature header in seconds.
Create multiple named keys from your dashboard. Each key hashed at rest — the raw value shown only once.
Get notified on payment.succeeded, payment.refunded, and payment.failed events instantly.
Authenticate with your API key, POST to /api/links with the amount and description, and you'll receive a hosted payment URL in the response — ready to share immediately.
// Request
Authorization: Bearer rp_a1b2c3d4...
{
"description": "Consulting invoice #042",
"amount": 2500,
"currency": "EUR",
"expiresAt": "2026-07-01T00:00:00Z"
}
// Response 201
{
"id": "lnk_xK9mT2eRq8",
"token": "xK9mT2",
"url": "https://rheopay.com/pay/xK9mT2",
"status":"ACTIVE"
}Every webhook POST includes an X-Webhook-Signature header. Compare it to an HMAC-SHA256 of the raw body using your signing secret — stored in your dashboard settings.
import { createHmac } from 'node:crypto'
function verify(req) {
const sig = req.headers[
'x-webhook-signature'
]
const expected = 'sha256=' +
createHmac('sha256', process.env.SECRET)
.update(req.rawBody)
.digest('hex')
return sig === expected
}/api/links/api/links/api/links/:id/api/links/:id/api/transactions/api/transactions/:id/refundFull reference available after signing up. API access requires the Pro plan.