API Reference
The Prism Gateway API is a REST API for creating charges, verifying payments, managing webhooks, and querying transactions. For most integrations, the server-side SDKs are recommended — they handle authentication, protocol flow, and error handling automatically. The API is available for custom integrations or when you need direct control.
Base URL
Prism uses a single gateway URL. Testnet vs. mainnet is determined by the chain specified in your requests, not by the URL.
Authentication
Authenticate requests by including your API key in the X-API-Key header:
curl https://prism-gw.fd.xyz/v1/charges \
-H "X-API-Key: your-api-key" \
-H "Content-Type: application/json"
Keep your API key secret. Never expose it in client-side code, browser
requests, or public repositories.
- Content-Type:
application/json
- All request bodies are JSON
- Use standard HTTP methods:
GET, POST, DELETE
Successful responses:
{
"success": true,
"data": {
"id": "ch_abc123def456",
"amount": "10000",
"token": "USDC",
"chain": "base",
"status": "pending"
}
}
{
"success": false,
"error": {
"code": "INVALID_AMOUNT",
"message": "Amount must be greater than 0"
}
}
| HTTP Status | Error Code | Description |
|---|
| 400 | INVALID_REQUEST | Malformed request body |
| 401 | UNAUTHORIZED | Missing or invalid API key |
| 404 | NOT_FOUND | Resource not found |
| 422 | INVALID_AMOUNT | Invalid amount or token |
| 429 | RATE_LIMITED | Too many requests |
| 500 | INTERNAL_ERROR | Server error — retry with backoff |
Endpoints Overview
| Method | Endpoint | Description |
|---|
POST | /v1/charges | Create a new payment charge |
GET | /v1/charges/:id | Get charge details |
DELETE | /v1/charges/:id | Cancel a pending charge |
POST | /v1/webhooks | Register a webhook endpoint |
GET | /v1/transactions | List transactions |
Rate Limits
The API enforces rate limits to ensure stability. Rate limit info is returned in response headers:
| Header | Description |
|---|
X-RateLimit-Limit | Maximum requests per window |
X-RateLimit-Remaining | Remaining requests in current window |
X-RateLimit-Reset | Unix timestamp when the window resets |
SDKs
For most integrations, use a server-side SDK instead of calling the API directly. The SDKs handle authentication, x402 protocol flow, payment verification, and type safety:
