ExamplesOverview

Examples — Overview

End-to-end runnable integrations. Each language page is a self-contained walkthrough covering the same flow:

  1. Place a purchase for a Steam end-user via POST /api/v1/merchant/buy using the API key (Authorization: Bearer mer_live_…).
  2. Handle idempotency — what a retry of the same custom_id returns and how to tell a replay from a brand-new order.
  3. Poll for the terminal status via GET /api/v1/merchant/purchases/{id} so you can drive your own UI even before the webhook arrives.
  4. Receive a webhook — minimal HTTP server with HMAC-SHA256 signature verification, timestamp window check, and X-Event-Id deduplication. The verifier matches the algorithm documented in Webhooks → Signature Verification.

The examples deliberately stay small: a single file you can drop into a sandbox, edit the env vars, and run. They are not a framework — adapt the patterns to your own HTTP client, queue, and persistence layer.

What you need before starting

  • An API key (mer_live_…) — issued or rotated in the merchant cabinet at merchant.tradeon.market (Settings → API key). Shown once at issue; store it in your secrets manager.
  • A webhook URL and webhook secret — registered in the cabinet (Settings → Webhook). The secret is shown once when you regenerate. For local development expose your receiver with a public tunnel — ngrok or cloudflared tunnel --url.
  • A funded merchant balance — top up via the deposit address shown in GET /merchant/balance before you call /buy, otherwise expect 402 MERCHANT_INSUFFICIENT_BALANCE.

See Authentication for the API key contract.

Operational NotesNode.js