API Documentation v1.0
Complete integration guide for secure.checkout.best - a white-label checkout platform with Stripe Connect payments, real-time inventory management, and overlay cart widgets.
Overview
secure.checkout.best provides a complete checkout infrastructure for e-commerce platforms. It handles payment processing via Stripe Connect, inventory management with row-level locking, and provides embeddable widgets for any website.
Base URL
https://secure.checkout.bestIntegration Flow
Authentication
Internal API (app.buildmyonlinestore.com)
All internal API endpoints require the X-Internal-Secret header:
X-Internal-Secret: your_internal_api_secretConsumer Authentication
Consumer endpoints use JWT Bearer tokens:
Authorization: Bearer eyJhbGciOiJIUzI1NiIs...GFAVIP SSO (Merchants)
Merchant authentication flows through GFAVIP Simple SSO. Include the token in internal API calls:
X-GFAVIP-Token: gfavip_token_hereQuick Start Guide
For app.buildmyonlinestore.com
When a merchant creates a store, provision it in secure.checkout.best:
POST /api/internal/stores
Content-Type: application/json
X-Internal-Secret: your_secret
{
"name": "My Store",
"catalog_id": "550e8400-e29b-41d4-a716-446655440000",
"gfavip_user_id": "user_123",
"email": "merchant@example.com",
"webhook_url": "https://app.buildmyonlinestore.com/webhooks/checkout"
}For db.51exports.com
secure.checkout.best proxies product data from your catalog API:
GET /api/v1/products/{catalog_id}/{sku}
# Proxies to: db.51exports.com/api/products/{catalog_id}/{sku}Store Management
Create a new store in the checkout system. Called by app.buildmyonlinestore.com when a merchant creates a store.
Headers
| Name | Value |
|---|---|
| X-Internal-Secret | Your internal API secret Required |
| X-GFAVIP-Token | GFAVIP auth token Optional |
Request Body
| Field | Type | Description |
|---|---|---|
| name | string | Store name Required |
| catalog_id | uuid | Catalog ID from db.51exports.com Required |
| gfavip_user_id | string | GFAVIP user ID for merchant |
| string | Merchant email | |
| stripe_account_id | string | Stripe Connect account ID |
| statement_descriptor | string | Appears on customer statements |
| logo_url | string | Store logo URL |
| brand_color | string | Hex color (default: #3b82f6) |
| webhook_url | string | URL for order notifications |
Response (201 Created)
{
"id": "550e8400-e29b-41d4-a716-446655440001",
"merchant_id": "550e8400-e29b-41d4-a716-446655440002",
"name": "My Store",
"catalog_id": "550e8400-e29b-41d4-a716-446655440000",
"stripe_account_id": "acct_1234567890",
"brand_color": "#3b82f6",
"created_at": "2025-11-25T12:00:00Z"
}Update an existing store's configuration.
Allowed Fields
| Field | Type | Description |
|---|---|---|
| name | string | Store name |
| stripe_account_id | string | Stripe Connect account |
| statement_descriptor | string | Statement text |
| logo_url | string | Logo URL |
| brand_color | string | Brand color hex |
| webhook_url | string | Webhook URL |
Retrieve store details by ID.
Widget Integration
Add the checkout widget to any website with a single script tag:
<script src="https://secure.checkout.best/widget.js" data-store="YOUR_STORE_ID"></script>Add to Cart Buttons
Opens the cart overlay and adds the product:
<button class="checkout-best-add"
data-sku="PROD-001"
data-name="Product Name"
data-price="19.99">
Add to Cart
</button>Buy Now Buttons
Adds the product and immediately proceeds to checkout:
<button class="checkout-best-buy"
data-sku="PROD-001"
data-name="Product Name"
data-price="19.99">
Buy Now
</button>Button Classes
| Class | Behavior |
|---|---|
| checkout-best-add | Adds item to cart and opens the cart overlay |
| checkout-best-buy | Adds item to cart and immediately proceeds to checkout |
| checkout-best-btn | Same as checkout-best-add (legacy support) |
Button Data Attributes
| Attribute | Description |
|---|---|
| data-sku | Product SKU Required |
| data-name | Product name Required |
| data-price | Price in dollars (19.99 = $19.99) Required* |
| data-price-cents | Price in cents (1999 = $19.99) - alternative to data-price |
| data-image | Product image URL |
| data-quantity | Default quantity (default: 1) |
data-price (dollars) or data-price-cents (cents).
Examples: data-price="40" or data-price-cents="4000" both equal $40.00.
JavaScript API
// Add item programmatically
CheckoutBest.addToCart({
sku: 'PROD-001',
name: 'Product Name',
price_cents: 1999,
quantity: 1,
image_url: 'https://example.com/image.jpg'
});
// Open cart overlay
CheckoutBest.openCart();
// Get cart contents
const cart = CheckoutBest.getCart();
// Clear cart
CheckoutBest.clearCart();Checkout Sessions
Create a checkout session with encrypted token. Rate limited to 10 requests per minute per IP.
Request Body
{
"store_id": "550e8400-e29b-41d4-a716-446655440001",
"cart": [
{
"sku": "PROD-001",
"name": "Product Name",
"price_cents": 1999,
"quantity": 2,
"image_url": "https://example.com/image.jpg",
"catalog_id": "cat_001",
"catalog_owner_id": "user_xyz",
"product_cost_cents": 1200
}
],
"metadata": {
"source": "chatgpt",
"conversation_id": "conv_abc123",
"agent_type": "acp"
}
}Cart Item Fields
| Field | Type | Description |
|---|---|---|
| sku | string | Product SKU Required |
| name | string | Product name |
| price_cents | integer | Price in cents (1999 = $19.99) |
| quantity | integer | Quantity Required |
| image_url | string | Product image URL |
| catalog_id | string | Catalog ID for multi-catalog attribution |
| catalog_owner_id | string | Catalog owner ID for payouts |
| product_cost_cents | integer | Wholesale cost in cents (for margin calculation) |
Metadata Fields (ACP Integration)
| Field | Type | Description |
|---|---|---|
| source | string | Purchase source: direct, widget, api, chatgpt, acp, claude, gemini |
| conversation_id | string | AI conversation ID for attribution tracking |
| agent_type | string | Type of AI agent (e.g., acp, plugin) |
Response (201 Created)
{
"session_id": "550e8400-e29b-41d4-a716-446655440003",
"checkout_url": "https://secure.checkout.best/checkout/gAAAAABk...",
"expires_at": "2025-11-26T12:00:00Z",
"source": "chatgpt"
}Process a checkout session, create order, and optionally create consumer account.
Request Body
{
"token": "gAAAAABk...",
"email": "customer@example.com",
"shipping_address": {
"name": "John Doe",
"line1": "123 Main St",
"city": "New York",
"state": "NY",
"postal_code": "10001",
"country": "US"
},
"create_account": true,
"password": "securepassword123"
}Response (201 Created)
{
"order_id": "550e8400-e29b-41d4-a716-446655440004",
"total_cents": 3998,
"currency": "usd",
"status": "pending",
"requires_payment": true,
"consumer_token": "eyJhbGciOiJIUzI1NiIs..."
}Products API
Product data is proxied from db.51exports.com with 60-second caching.
Get a single product by SKU from the specified catalog.
Get all products in a catalog.
Inventory Management
Inventory operations use row-level database locking to prevent overselling.
Reserve inventory for a checkout session. Uses SELECT FOR UPDATE to prevent race conditions.
Request Body
{
"session_id": "550e8400-e29b-41d4-a716-446655440003",
"catalog_id": "550e8400-e29b-41d4-a716-446655440000",
"items": [
{ "sku": "PROD-001", "quantity": 2 },
{ "sku": "PROD-002", "quantity": 1 }
]
}Response
{
"success": true,
"reservations": [
{
"id": "550e8400-e29b-41d4-a716-446655440005",
"sku": "PROD-001",
"quantity": 2,
"status": "reserved"
}
]
}Confirm inventory reservations after successful payment.
{ "session_id": "550e8400-e29b-41d4-a716-446655440003" }Release inventory reservations (e.g., abandoned cart, failed payment).
{ "session_id": "550e8400-e29b-41d4-a716-446655440003" }Payments
Create a Stripe PaymentIntent for an order. Uses the store's Stripe Connect account.
Request Body
{ "order_id": "550e8400-e29b-41d4-a716-446655440004" }Response
{
"client_secret": "pi_xxx_secret_xxx",
"payment_intent_id": "pi_xxx",
"amount": 3998,
"currency": "usd"
}Webhooks
Stripe Webhook
Receives Stripe webhook events. Handles payment_intent.succeeded and payment_intent.payment_failed.
Order Sync Webhook (to app.buildmyonlinestore.com)
When an order is paid, we POST to the store's webhook_url:
POST {store.webhook_url}
Content-Type: application/json
X-Webhook-Source: checkout.best
{
"event": "order.paid",
"order_id": "550e8400-e29b-41d4-a716-446655440004",
"store_id": "550e8400-e29b-41d4-a716-446655440001",
"total_cents": 3998,
"currency": "usd",
"customer_email": "customer@example.com",
"items": [
{
"sku": "PROD-001",
"name": "Product Name",
"quantity": 2,
"price_cents": 1999,
"catalog_id": "cat_001",
"catalog_owner_id": "user_xyz",
"product_cost_cents": 1200
}
],
"shipping_address": { ... },
"source": "chatgpt",
"conversation_id": "conv_abc123",
"created_at": "2025-11-25T12:30:00Z"
}Webhook Item Fields
| Field | Description |
|---|---|
| catalog_id | Catalog ID for multi-catalog order attribution |
| catalog_owner_id | Owner of the catalog (for payout calculations) |
| product_cost_cents | Wholesale cost for margin/profit calculation |
Webhook Metadata Fields
| Field | Description |
|---|---|
| source | Purchase source (direct, widget, chatgpt, acp, etc.) |
| conversation_id | AI conversation ID for attribution (ACP purchases) |
Error Handling
All errors return JSON with consistent format:
{
"error": "Human-readable error message",
"error_code": "MACHINE_READABLE_CODE"
}Common Error Codes
| Code | HTTP Status | Description |
|---|---|---|
| VALIDATION_ERROR | 400 | Invalid request data |
| UNAUTHORIZED | 401 | Missing or invalid authentication |
| NOT_FOUND | 404 | Resource not found |
| RATE_LIMITED | 429 | Too many requests |
| INTERNAL_ERROR | 500 | Server error |
Rate Limits
| Endpoint | Limit |
|---|---|
| POST /api/v1/sessions | 10 requests per minute per IP |
| All other endpoints | 100 requests per minute per IP |