js-stronghold-sdk
Stronghold Pay JS SDK & REST API
Stronghold Pay is a payment infrastructure platform enabling online and in-store payment acceptance via ACH/bank debit. Two integration paths exist:
- Stronghold.Pay.JS SDK — Frontend drop-in UI components for payment source linking, charges, and tips
- REST API v2 — Server-side API for full control over customers, charges, payment sources, and PayLinks
Integration Architecture
┌─────────────┐ ┌──────────────────┐ ┌──────────────────┐
│ Frontend │────▶│ Your Backend │────▶│ Stronghold API │
│ (Pay.JS) │ │ (Secret Key) │ │ api.stronghold │
│ │ │ │ │ pay.com │
│ publishable │ │ SH-SECRET-KEY │ │ │
│ key only │ │ header │ │ │
└─────────────┘ └──────────────────┘ └──────────────────┘
- Frontend uses the publishable key (
pk_sandbox_.../pk_live_...) and customer tokens - Backend uses the secret key (
sk_sandbox_.../sk_live_...) viaSH-SECRET-KEYheader - Customer tokens are generated server-side, passed to frontend, and expire after 12 hours
Quick Start
1. Include the SDK
<head>
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
<script src="https://api.strongholdpay.com/v2/js"></script>
</head>
2. Initialize the client
const strongholdPay = Stronghold.Pay({
publishableKey: "pk_sandbox_...",
environment: "sandbox", // 'sandbox' or 'live'
integrationId: "integration_...",
});
3. Generate a customer token (server-side)
curl --request GET \
--url https://api.strongholdpay.com/v2/customers/{customer_id}/token \
--header 'SH-SECRET-KEY: sk_sandbox_...' \
--header 'Accept: application/json'
Response:
{
"response_id": "resp_...",
"time": "2024-01-15T12:00:00Z",
"status_code": 200,
"result": {
"token": "<jwt>",
"expiry": "2024-01-16T00:00:00Z"
}
}
4. Use SDK methods with the token
// Link a bank account
strongholdPay.addPaymentSource(customerToken, {
onSuccess: (paymentSource) => {
/* save paymentSource.id */
},
onExit: () => {
/* user cancelled */
},
onError: (err) => {
/* handle error */
},
});
// Create a charge
strongholdPay.charge(customerToken, {
charge: {
amount: 4995, // $49.95 in cents
currency: "usd",
paymentSourceId: "payment_source_...",
externalId: "order_123", // optional
},
authorizeOnly: false,
onSuccess: (charge) => {
/* charge.id */
},
onExit: () => {},
onError: (err) => {},
});
Environments
| Environment | Publishable Key | Secret Key | API Base |
|---|---|---|---|
| Sandbox | pk_sandbox_... |
sk_sandbox_... |
https://api.strongholdpay.com |
| Live | pk_live_... |
sk_live_... |
https://api.strongholdpay.com |
Keys are found on the Developers page of the Stronghold Dashboard.
Sandbox Testing
Use fake bank accounts in sandbox. Test credentials for aggregators:
| Aggregator | Username | Password |
|---|---|---|
| Plaid | user_good |
pass_good |
| Yodlee | YodTest.site16441.2 |
site16441.2 |
Refer to Plaid sandbox docs for additional test credentials and institutions (e.g., First Platypus Bank).
Fraud Prevention
Include the Stronghold.Pay.JS script on every page of the site (not just checkout) to enable real-time transaction intelligence for fraud detection and chargeback prevention.
Core Concepts
- Customer — End user making payments. Created via API, identified by
customer_id - Customer Token — JWT (12-hour TTL) authorizing frontend SDK calls for a specific customer
- Payment Source — A linked bank account. Created via
addPaymentSourceorbank_linkPayLink - Charge — A payment from customer to merchant. Amounts in cents (e.g.,
4995= $49.95) - Tip — An additional payment associated with a charge
- PayLink — A hosted URL for payment flows without frontend SDK integration
- authorizeOnly — When
true, charges/tips reachauthorizedstate without immediate capture; use the Capture Charge API to capture later
Detailed References
- JS SDK methods, callbacks, arguments: See references/sdk-reference.md
- REST API v2 endpoints and authentication: See references/rest-api.md
- PayLink hosted payment pages: See references/paylink.md
- Error types and codes: See references/errors.md
SHx Token (Stellar Blockchain)
SHx is Stronghold's utility token on the Stellar blockchain. It connects to the payment ecosystem as a rewards mechanism — merchants and customers earn SHx through the Stronghold Rewards Program based on transaction volume processed through the payment network. SHx is also used for governance voting and merchant financing liquidity. There are no direct SDK/API methods for SHx interaction; it operates as a background incentive layer on top of the payment infrastructure.
Key Links
More from padparadscho/skills
rs-ratatui-crate
Build terminal user interfaces (TUIs) in Rust with Ratatui (v0.30). Use this skill whenever working with the ratatui crate for creating interactive terminal applications, including: (1) Setting up a new Ratatui project, (2) Creating or modifying terminal UI layouts, (3) Implementing widgets (lists, tables, charts, text, gauges, etc.), (4) Handling keyboard/mouse input and events, (5) Structuring TUI application architecture (TEA, component-based, or monolithic patterns), (6) Writing custom widgets, (7) Managing application state in a TUI context, (8) Terminal setup/teardown and panic handling, (9) Testing TUI rendering with TestBackend. Also triggers for questions about crossterm event handling in a Ratatui context, tui-input, tui-textarea, or any ratatui-* ecosystem crate.
22js-gnome-extensions
Build, debug, and maintain GNOME Shell extensions using GJS (GNOME JavaScript). Covers extension anatomy (metadata.json, extension.js, prefs.js, stylesheet.css), ESModule imports, GSettings preferences, popup menus, quick settings, panel indicators, dialogs, notifications, search providers, translations, and session modes. Use when the user wants to: (1) Create a new GNOME Shell extension, (2) Add UI elements like panel buttons, popup menus, quick settings toggles/sliders, or modal dialogs, (3) Implement extension preferences with GTK4/Adwaita, (4) Debug or test an extension, (5) Port an extension to a newer GNOME Shell version (45-49+), (6) Prepare an extension for submission to extensions.gnome.org, (7) Work with GNOME Shell internal APIs (Clutter, St, Meta, Shell, Main).
7js-gnome-apps
Build native GNOME desktop applications using JavaScript (GJS) with GTK 4, Libadwaita, and the GNOME platform. Use when the user wants to create, modify, or debug a GNOME app written in JavaScript/GJS, including UI design with XML or Blueprint, GObject subclassing, Meson build setup, Flatpak packaging, or any task involving GJS bindings for GLib/GIO/GTK4/Adw libraries. Also use when working with `.ui` files, `meson.build`, GResource XML, GSettings schemas, `.desktop` files, or Flatpak manifests in a GJS project context.
6js-stellar-sdk
Guide for building applications with the Stellar JS SDK (@stellar/stellar-sdk). Use when working with the Stellar blockchain in JavaScript/TypeScript — including sending payments, creating accounts, issuing assets, managing trustlines, trading on the DEX, querying Horizon, interacting with Stellar RPC, streaming events, building and signing transactions, multisig, claimable balances, sponsored reserves, SEP-10 auth, federation, fee-bump transactions, and interacting with Soroban smart contracts via the JS SDK. Covers all @stellar/stellar-sdk usage patterns (Horizon module, rpc module, contract module, TransactionBuilder, Keypair, Operation, Asset, etc.).
5rs-soroban-sdk
Expert guidance for building smart contracts on Stellar using the Soroban Rust SDK. Use this skill when working with Soroban smart contracts for tasks including (1) creating new contracts with [contract] and [contractimpl] attributes, (2) implementing storage with Persistent, Temporary, or Instance storage types, (3) working with auth contexts and authorization, (4) handling tokens and Stellar Asset Contracts, (5) writing tests with testutils, (6) deploying contracts, (7) working with events and logging, (8) using crypto functions, (9) debugging contract errors, (10) security best practices and vulnerability prevention, (11) avoiding common security pitfalls like missing authorization, integer overflow, or reinitialization attacks.
5rs-yew-crate
Expert guidance for building Rust + WebAssembly frontend web applications using the Yew framework (v0.22). Use when creating, modifying, debugging, or architecting Yew applications — including function components, hooks, props, routing, contexts, events, server-side rendering, agents, and Suspense. Covers project setup with Trunk, the html! macro, state management, data fetching, and integration with the broader Yew/WASM ecosystem (yew-router, gloo, wasm-bindgen, web-sys, stylist, yewdux).
2