Hosted Checkout

The fastest way to take a payment online.

MerasPay Hosted Checkout is a drop-in, branded payment page on a MerasPay-owned domain. Your customer picks a rail, completes OTP if their rail asks for it, and bounces back to your success URL. You get zero PCI scope and an integration that fits in a single afternoon.

Get started Read the docs

At a glance

Hosted page: checkout.meraspay.io
PCI scope: SAQ-A
Languages: FR · AR · EN
Rails per session: Any subset

Why teams ship Hosted Checkout first

Direct Payment gives you full control of the UI. Hosted Checkout gives you a working payment flow in an afternoon. Most teams ship Hosted Checkout first, then evolve to Direct Payment as the product matures.

Zero PCI scope

You never see a card PAN. The hosted page is on a MerasPay-owned domain, hosted in the same infra as the gateway. Your scope is SAQ-A.

Multi-rail in one UI

The customer picks Waafipay, D-Money, SabaPay, EAB, CAC, or card. The page knows which rails the merchant supports and how to confirm each.

Merchant branding

Logo, accent colour, legal name, and trade name flow from the Merchant resource. Your checkout looks like yours, not like ours.

Mobile-first design

Almost every payment in Djibouti happens on a phone. The hosted page is built mobile-first with a desktop fallback — never the other way around.

Localised to FR / AR / EN

French, Arabic (RTL-correct), and English copy out of the box. Customers see their preferred language without your team translating anything.

Server-side session model

You create the session from your backend with allowed_methods and metadata. The customer can never tamper with the amount or the merchant id.

The flow, end-to-end

Four steps. The hardest one is choosing your success_url.

1
Create a checkout session
POST /v1/checkout/sessions with amount, currency, allowed_methods, success_url, cancel_url, and metadata. Receive cs_<id> and a redirect URL.
2
Redirect the customer
Send them to https://checkout.meraspay.io/c/cs_…. The page renders the merchant's branding, the amount, and a rail selector.
3
Customer pays
They pick a rail, enter their wallet number, complete OTP (if applicable), and the page polls the session until terminal status.
4
Redirect back
On success the customer is bounced to success_url; on cancel to cancel_url. The session status is queryable from your backend and emits webhooks.

Code: create a session, ship a checkout

A merchant's backend creates a session for a 42,000 DJF cart and offers three rails. The customer is then redirected to the hosted page and reconciliation happens through webhooks.

bash

# 1. From your backend, create a session.
$ curl -X POST https://api.meraspay.io/v1/checkout/sessions \
  -u sk_live_xxx: \
  -H "Idempotency-Key: cart-2026-05-24-1024" \
  -d amount=42000 \
  -d currency=DJF \
  -d "allowed_methods[]=waafi" \
  -d "allowed_methods[]=sabapay" \
  -d "allowed_methods[]=cac" \
  -d success_url=https://shop.example.io/orders/1024/thanks \
  -d cancel_url=https://shop.example.io/orders/1024/canceled \
  -d "metadata[order_id]=1024"

{
  "id": "cs_01HZF...",
  "object": "checkout_session",
  "status": "open",
  "url": "https://checkout.meraspay.io/c/cs_01HZF...",
  "amount_minor": 42000,
  "currency": "DJF",
  "expires_at": "2026-05-24T16:30:00Z"
}

# 2. Redirect the customer to the url, then listen on webhooks.
# checkout_session.completed
# checkout_session.expired
# checkout_session.canceled

What the hosted page sees

A safe, anonymous read of the session payload. Includes merchant branding but no sensitive merchant detail.

bash

# Anonymous read of the session from the hosted-checkout page itself.
$ curl https://api.meraspay.io/v1/checkout/sessions/cs_01HZF...

{
  "id": "cs_01HZF...",
  "amount_minor": 42000,
  "currency": "DJF",
  "merchant": {
    "id": "m_01HZ...",
    "legal_name": "Cafe Lagune SARL",
    "trade_name": "Cafe Lagune",
    "branding": { "accent": "#0a7a4f", "logo_url": "https://cdn.meraspay.io/m/.../logo.png" }
  },
  "allowed_methods": ["waafi", "sabapay", "cac"],
  "status": "open",
  "expires_at": "2026-05-24T16:30:00Z"
}

Frequently asked

Can I embed the checkout instead of redirecting?▾

Yes — the same session id renders inside an iframe at /embed/<id>. For maximum control, use Direct Payment and build your own UI; for fastest time-to-market, redirect.

What does the customer see?▾

Your logo, your trade name, the amount in their currency, and a rail picker filtered to allowed_methods. No MerasPay branding above the fold.

How long does a session live?▾

Default 30 minutes. You can override with expires_in_minutes on session creation. After expiry the page shows your cancel_url copy and emits checkout_session.expired.

Can I pre-fill the customer's details?▾

Yes. Pass customer_email and customer_phone on session creation. The hosted page skips the customer info step and goes straight to rail selection.

What about refunds?▾

The underlying PaymentIntent supports refunds via /v1/refunds. The hosted page is just the data-capture surface; refunds, disputes, and reporting work identically to a Direct Payment charge.

Ready to integrate?

Get a sandbox account in minutes. Production goes live after a brief KYB review.

Get a sandbox account Browse the API reference →