Full API Reference

API Version 1.0

API Credentials & Endpoints

This page gives game and merchant backends the credentials, base URL, authentication header, IP whitelist rules, webhook signing secret, and production endpoints needed to integrate with MaxPayU.

Critical Security NoticeYour live secret key has access to payment creation and payout requests. Keep it server-side only.

Auth Header

x-api-key

Base URL

https://maxpayu.com

Webhook Signature

x-maxpay-signature

Authentication

Generate a live API key in the merchant Developer Portal. Send that key in the `x-api-key` header or as `Authorization: Bearer sk_live_...` for every server-to-server request, and include a unique `merchantOrderId` when creating pay-ins or payouts.

headers: {
  "x-api-key": "sk_live_xxx",
  "Content-Type": "application/json"
}

Production Endpoints

Use These URLs From Your Backend

Create Pay-InPOST https://maxpayu.com /api/v1/payin/create
Submit UTRPOST https://maxpayu.com /api/v1/payin/submit-utr
Pay-In StatusPOST https://maxpayu.com /api/v1/payin/status
Create PayoutPOST https://maxpayu.com /api/v1/payout/create
Payout StatusPOST https://maxpayu.com /api/v1/payout/status
Webhook CallbackPOST your configured webhook URL

IP Whitelisting

If allowed IPs are configured for a merchant, MaxPayU rejects API requests from unlisted public IP addresses. Add your production game backend public IP addresses before going live.

Backend OnlyDo not call payment APIs directly from React, Android, iOS, Unity, or browser JavaScript.