DocsQuickstart

Quickstart

Take a payment in five minutes. No install required: Skiro is a plain REST API. Use any language.

Get an API key

Open API keys in your dashboard. You'll see two keys:

  • Test (sk_test_...): fake transactions, no real money.
  • Live (sk_live_...): real charges. Only use server-side.
Live keys are secrets
Never commit them, never put them in browser code. Use environment variables on the server.

Create a checkout session

One POST from your server. The response contains a URL you redirect the customer to.

curl https://api.skiro.io/v1/checkout \
  -H "Authorization: Bearer $SKIRO_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "amount": 49.99,
    "currency": "USD",
    "payout_currency": "USDT",
    "metadata": { "order_id": "ORD-2847" },
    "webhook_url": "https://yoursite.com/api/skiro-webhook",
    "redirect_url": "https://yoursite.com/order/success"
  }'

You get back a session id and a hosted checkout URL.

{
  "id": "cs_8f2a91c...",
  "url": "https://pay.skiro.io/cs_8f2a91c...",
  "amount": 49.99,
  "currency": "USD",
  "status": "pending",
  "expires_at": "2026-05-30T18:42:00Z"
}

Send the customer to the URL

Redirect the browser to session.url. We render a hosted page that handles the card form, 3-D Secure, and fraud checks. When they finish, we send them to your redirect_url.

Receive the webhook

We POST a signed JSON body to your webhook_url when the payment completes or fails. Verify the HMAC-SHA256 signature, then act on the event.

// /api/skiro-webhook (Node, Express, Next, Hono: any framework)
import { createHmac, timingSafeEqual } from 'crypto'

export async function POST(req) {
  const raw = await req.text()
  const sig = req.headers.get('x-skiro-signature') // 't=<unix>,v1=<hex>'
  const [, t, v1] = sig.match(/t=(\d+),v1=([a-f0-9]+)/) || []

  const expected = createHmac('sha256', process.env.SKIRO_WEBHOOK_SECRET)
    .update(`${t}.${raw}`)
    .digest('hex')

  const ok = timingSafeEqual(Buffer.from(expected), Buffer.from(v1))
  if (!ok) return new Response('bad signature', { status: 401 })

  const event = JSON.parse(raw)

  if (event.type === 'checkout.completed') {
    await fulfillOrder(event.data.metadata.order_id)
  }

  return new Response('ok')
}

Each webhook endpoint has its own secret. You see it once when the endpoint is created in the dashboard.

Go live

  1. Add your payout wallet in Settings. Funds land here on every successful transaction.
  2. Swap the test key for the live key in your env.
  3. Process a small real charge to confirm the payout arrives.

That's the whole loop. No SDK, no install, no infrastructure on your end. API reference · webhooks · error codes.

← PreviousIntroductionNext →Core concepts
Last updated: May 30, 2026