Introduction - Suby Documentation

What is Suby.fi?

Suby.fi is a payment platform for one-time and subscription payments. Accept credit/debit card payments and cryptocurrency payments — with pricing in USD or EUR. Whether you’re running a SaaS business, online community, or digital product service, Suby provides the infrastructure to handle payments, manage subscriptions, and grant access to your customers automatically.

Payment Methods

Suby.fi supports three payment configurations depending on your needs:

Configuration	Description	Use Case
Card only	Accept credit/debit card payments via Inflow	Traditional SaaS, digital products
Crypto only	Accept on-chain payments (USDC, USDT, ETH, SOL, and more)	Web3-native products, global payments without banking
Card + Crypto	Accept both payment methods on the same product	Maximum reach — let customers choose how to pay

You configure payment methods per product using the paymentMethods field: ["CARD"], ["CRYPTO"], or ["CARD", "CRYPTO"].

Supported Currencies

Products can be priced in USD or EUR. The currency is set at product creation via the currency field.

Card payments: Charged in the product’s currency (USD or EUR)
Crypto payments: Converted automatically using real-time oracle rates (Pyth)

Supported Chains & Assets

Chain	Chain ID	Assets
Ethereum	1	USDC, USDT, ETH
Base	8453	USDC, ETH
Arbitrum	42161	USDC, ETH
BSC	56	USDC, USDT, BNB
Solana	101	USDC, SOL

You can restrict accepted chains and assets per product, or leave them open to accept all available options. Need a different EVM-compatible chain or token? Additional chains and assets can be added on request — [contact us](https://discord.com/invite/C8dxBm3hpj).

Who is this API for?

This API is intended for merchants who want to:

Accept fiat and/or crypto payments for one-time purchases & subscriptions
Automate subscription management and renewals
Integrate payments into their existing web applications
Receive real-time notifications about payment events via webhooks
Build custom checkout flows with payment intents

Getting Started

Before you begin integrating the API, you’ll need:

Create a Suby.fi Account: Sign up at https://app.suby.fi
Generate Your API Key:
- Navigate to Dashboard Settings
- Generate your merchant API key
- Store it securely — it will only be shown once
- Use this key in the X-Suby-Api-Key header for all API requests
Create a Product:
- Set up your one-time or subscription products from the dashboard or via the API
- Configure pricing, currency, payment methods, and accepted assets
- Note your product IDs for API integration
Set Up Webhooks (recommended):
- Configure your webhook URL in the dashboard settings
- Store your webhook secret securely for signature verification
- Implement handlers for the events relevant to your use case
**Get Approved for Card Payments **(if using card):
- Navigate to Card Request
- Submit your proof of business (website, description, expected volume)
- Once approved, you can enable "CARD" as a payment method on your products

Integration Flow

Create a product (dashboard or API)
Initiate a payment → receive a paymentUrl
Redirect your customer to the paymentUrl
Receive webhooks as the payment progresses
Grant access based on webhook events

Webhook Events

Suby.fi sends signed webhooks to notify your server about payment lifecycle events. Configure your webhook URL in the dashboard settings.

Event	When It’s Sent	Use Case
`CHECKOUT_INITIATED`	When a customer starts the payment process (selects a payment method)	Track checkout conversions, send analytics
`CHECKOUT_SUCCESS`	After a successful card checkout and payment authorization. Card payments only — never sent for crypto.	Grant access for card payments, update order status, send confirmation emails
`TX_SUCCESS`	When a crypto transaction is confirmed on-chain. Crypto payments only — never sent for card.	Grant access for crypto payments, update order status
`PAYMENT_SUCCESS`	When a card payment is fully settled by the payment provider. Sent after `CHECKOUT_SUCCESS`. Card payments only.	Final confirmation for card payments, reconciliation
`PAYMENT_FAILED`	When a payment fails. For crypto: on-chain failure. For card: settlement failure (can occur after `CHECKOUT_SUCCESS`).	Notify the customer, handle retries, revoke access if needed
`PAYMENT_REFUNDED`	When a card payment has been refunded. Card payments only.	Revoke access, update order status, notify customer

Recommended Access Granting Strategy

Payment Method	Grant access on	Revoke access on
Card	`CHECKOUT_SUCCESS`	`PAYMENT_FAILED` or `PAYMENT_REFUNDED`
Crypto	`TX_SUCCESS`	`PAYMENT_FAILED`

Webhook Payload

Every webhook is signed with HMAC-SHA256 for security. The signature is sent in the X-Webhook-Signature header.

interface WebhookEvent {
  id: string;                    // Unique event ID (evt_xxx)
  type: string;                  // CHECKOUT_INITIATED, CHECKOUT_SUCCESS, TX_SUCCESS, PAYMENT_SUCCESS, PAYMENT_FAILED, PAYMENT_REFUNDED
  createdAt: string;             // ISO 8601 timestamp
  data: {
    payment: {
      id: string;                // Payment ID
      status: string;            // Current payment status
      subscriptionId: string | null;
      productId: string | null;
      valueUsd: string | null;   // Amount in cents
      txHash: string | null;     // Blockchain transaction hash (crypto only, null for card)
      source: string | null;     // "CRYPTO" or "FIAT"

      // Customer identification
      customerEmail: string | null;
      customerDiscordId: string | null;
      customerTelegramId: string | null;
      customerDiscordUsername: string | null;
      customerTelegramUsername: string | null;
    };
    context: {
      externalRef: string | null;       // Your internal reference
      metadata: Record<string, any> | null;  // Custom metadata you passed at payment creation
      successUrl: string | null;
      cancelUrl: string | null;
    };
  };
}

Webhook Headers

Header	Description
`X-Webhook-Event`	Event type (e.g. `TX_SUCCESS`)
`X-Webhook-Timestamp`	Unix timestamp (seconds)
`X-Webhook-Signature`	`v1=<HMAC-SHA256 hex digest>`

Verifying Webhook Signatures

const signedPayload = `${timestamp}.${rawBody}`;
const expected = crypto
  .createHmac("sha256", webhookSecret)
  .update(signedPayload)
  .digest("hex");

const isValid = signature === `v1=${expected}`;

Reject webhooks with a timestamp older than 5 minutes to prevent replay attacks.

Sample Webhook Server

We provide a complete example server that demonstrates webhook reception and signature verification: Repository: https://github.com/hunterlabs-fi/suby-test-server This example includes:

Webhook signature verification
Event handling for all webhook types
Payment intent creation
Product management via API
Express.js + TypeScript implementation

API Endpoints Overview

Method	Endpoint	Description
`POST`	`/api/product/create`	Create a product
`PATCH`	`/api/product/:productId`	Update a product
`GET`	`/api/product/all`	List all products
`GET`	`/api/product/:productId`	Get product by ID
`POST`	`/api/payment/initiate`	Create a payment intent
`GET`	`/api/payment/`	List payments
`GET`	`/api/payment/:paymentId`	Get payment by ID
`GET`	`/api/subscription/:subscriptionId`	Get subscription by ID
`GET`	`/api/customer`	List customers
`GET`	`/api/customer/search?email=`	Find customer by email
`GET`	`/api/customer/:customerId`	Get customer by ID

All endpoints require the X-Suby-Api-Key header.

Quick Example: Create a Payment

# 1. Create a product
curl -X POST https://api.suby.fi/api/product/create \
  -H "Content-Type: application/json" \
  -H "X-Suby-Api-Key: sk_live_your_key" \
  -d '{
    "name": "Pro Plan",
    "priceCents": "999",
    "currency": "EUR",
    "frequencyInDays": 30,
    "platform": "WEB",
    "paymentMethods": ["CARD", "CRYPTO"],
    "acceptedChains": [8453, 42161]
  }'

# 2. Create a payment intent
curl -X POST https://api.suby.fi/api/payment/initiate \
  -H "Content-Type: application/json" \
  -H "X-Suby-Api-Key: sk_live_your_key" \
  -d '{
    "planId": "your_product_id",
    "customerEmail": "customer@example.com",
    "externalRef": "order_123",
    "metadata": { "userId": "usr_456" },
    "successUrl": "https://your-app.com/success",
    "cancelUrl": "https://your-app.com/cancel"
  }'

# Response:
# {
#   "success": true,
#   "data": {
#     "paymentId": "pay_abc123",
#     "paymentUrl": "https://app.suby.fi/pay/pay_abc123"
#   }
# }

# 3. Redirect customer to paymentUrl
# 4. Receive webhooks → grant access

Key Features

Flexible Payment Methods: Card only, crypto only, or both — per product
Multi-Currency Pricing: Price in USD or EUR
Multi-Chain Crypto: Accept payments on Ethereum, Base, Arbitrum, BSC, and Solana
Multi-Asset Support: USDC, USDT, ETH, SOL, and more
One-Time & Subscriptions: Set frequencyInDays for recurring, omit for one-time
Automatic Renewals: Recurring subscriptions are handled automatically
Webhook Notifications: Signed webhooks for all payment lifecycle events
Secure Authentication: API key-based authentication with HMAC-SHA256 webhook verification
Metadata Support: Attach custom data to payments for your internal tracking
Platform Integrations: Web, Invoice, Discord and Telegram — with automatic access management

Core API

​What is Suby.fi?

​Payment Methods

​Supported Currencies

​Supported Chains & Assets

​Who is this API for?

​Getting Started

​Integration Flow

​Webhook Events

​Recommended Access Granting Strategy

​Webhook Payload

​Webhook Headers

​Verifying Webhook Signatures

​Sample Webhook Server

​API Endpoints Overview

​Quick Example: Create a Payment

​Key Features