Prerequisite: Please ensure you have an account in our test environment and thoroughly debug before deploying to production.
Our test environment uses a different domain and API key. Do not use real data in the test environment.

Dashboard

Our dashboard manages daily operations for your account. The following resources can be managed through the dashboard:

Merchant

The business operating unit.

User

A dashboard account owner.

Product & Price

The selling unit and pricing configuration.

Balances

Understand account balances and fees.

API Keys

We provide secure and easy-to-use APIs. API integration is authenticated using a secret key generated through the dashboard.

Initialize API Key

Navigate to the Developers tab. Click Initialize Key, and be sure to copy and securely store the secret key, as it will only be displayed once.

Key Types

  • Secret Key: Used to authenticate requests with Clink. By default, this key can perform any API request without restrictions.
    • Test environment key format: sk_test_********************
    • Prod environment key format: sk_prod_********************
  • Publishable Key: Used in client-side code with embedded payment forms. Clink is currently working on supporting this use case.
    • Test environment key format: pk_test_********************
    • Prod environment key format: pk_prod_********************

Key Rotation

Rolling a key revokes it and automatically generates a replacement key. You can set the old key to expire immediately or schedule it to expire after a specified time. To roll an API key:
  • Open the API keys page.
  • Click the overflow button (⋮) in the row of the key you want to roll, then select Roll Key.
  • Select an expiration date from the Expiration dropdown.
  • Click Roll Key.
  • Copy the new key value displayed in the dialog.
  • Save the key value, as you won’t be able to retrieve it later.

Delete a Secret Key

Deleting a key immediately prevents it from making API calls. You cannot delete the standard key if it is the last valid key remaining. To delete an API key:
  • Open the API keys page.
  • Roll the key you want to delete.
  • Update your code to use the new key.
  • Click the overflow button (⋮) on the old key, then select delete.

Restrict Secret Key with IP Addresses

Only secret keys can be restricted to specific IP addresses. You can limit API requests to one or more IP addresses or to an IP range using CIDR.
  • Open the API keys page.
  • Click the overflow button (⋮) in the row of the key you want to restrict, then select Manage IP Restrictions.
  • Toggle Restrict usage to a set of IP addresses.
  • Click the Add button.
  • Enter a single IP address or CIDR range.
  • Clink the Save button.

Webhooks

Webhooks enable applications to provide real-time information to other applications. They deliver data immediately as events occur, ensuring you receive information instantly. Create an event destination to receive events at an HTTPS webhook endpoint. Once you register a webhook endpoint, Clink will push real-time event data to your application’s webhook endpoint when events occur.

Registration

To register a webhook endpoint, go to the Developers tab and select the Webhooks tab:
  • Click the Add button.
  • Enter your HTTPS endpoint.
  • Select the event types you want to monitor. We recommend monitoring all events.
For details about event types and their associated data, please refer to Webhook Reference

Verify Signature

Clink uses HMAC SHA-256 to generate a signature for each event. The signature key becomes available after webhook endpoint registration. To generate your signature:
  • Extract the timestamp and signature from the header:
    • Timestamp is available in the X-Clink-Timestamp field
    • Clink-generated signature is available in the X-Clink-Signature field
  • Prepare the payload string by concatenating:
    • The timestamp (as a string)
    • The character .
    • The event body (JSON payload)
  • Generate your signature by computing an HMAC with the SHA256 hash function.
  • Compare the signatures and process the event only if they match.

Event Delivery

Clink attempts to deliver events to your destination up to 10 times with exponential backoff. All retries complete within approximately one day. Please note that we do not guarantee events will be delivered in the order they were generated. Ensure your application does not depend on receiving events in a specific order.

Best Practices

Credit to Stripe for their detailed guide: Best practices for using webhooks