API Documentation

Integrate safeGive.online with your web application or charity platform using our RESTful API.

Base URL

https://api.safegive.online/v1

Authentication

All API requests require an API key. You can generate an API key from your organization dashboard after registration.

Send your API key in the X-API-Key header:

X-API-Key: sk_live_1234567890abcdefghijklmnopqrstuv

API Endpoints

1. Create Payment Intent

Create a new payment intent to collect a donation.

Method: POST

Endpoint: /payments

Parameters

  • amount (integer, required) - Amount in cents (e.g., 1000 = €10.00)
  • currency (string, required) - Currency code (e.g., "EUR")
  • charity_id (string, required) - ID of the charity receiving the donation
  • donor_email (string, optional) - Donor's email address
  • donor_name (string, optional) - Donor's name
  • metadata (object, optional) - Custom key-value pairs
  • return_url (string, required) - URL to redirect after payment

Example Request

POST /v1/payments
X-API-Key: sk_live_1234567890abcdefghijklmnopqrstuv
Content-Type: application/json

{
  "amount": 5000,
  "currency": "EUR",
  "charity_id": "charity_tallinna_toidupank",
  "donor_email": "[email protected]",
  "donor_name": "Mari Maasikas",
  "metadata": {
    "campaign_id": "winter2024",
    "source": "website"
  },
  "return_url": "https://yoursite.com/thank-you"
}

Example Response

{
  "id": "pi_3NxYz1234567890",
  "object": "payment_intent",
  "amount": 5000,
  "currency": "EUR",
  "status": "pending",
  "charity_id": "charity_tallinna_toidupank",
  "donor_email": "[email protected]",
  "donor_name": "Mari Maasikas",
  "client_secret": "pi_3NxYz1234567890_secret_abc123",
  "checkout_url": "https://checkout.safegive.online/pay/pi_3NxYz1234567890",
  "risk_score": 15,
  "risk_level": "low",
  "metadata": {
    "campaign_id": "winter2024",
    "source": "website"
  },
  "created": 1699876543,
  "expires_at": 1699880143
}

Response Fields

  • id - Unique payment intent identifier
  • status - Payment status: pending, processing, succeeded, failed, canceled
  • client_secret - Secret for client-side confirmation
  • checkout_url - URL to redirect user for payment
  • risk_score - Risk score (0-100, lower is safer)
  • risk_level - Risk level: low, medium, high, critical
  • expires_at - Unix timestamp when payment intent expires (1 hour)

2. Get Payment Status

Retrieve the status and details of an existing payment.

Method: GET

Endpoint: /payments/{id}

Example Request

GET /v1/payments/pi_3NxYz1234567890
X-API-Key: sk_live_1234567890abcdefghijklmnopqrstuv

Example Response

{
  "id": "pi_3NxYz1234567890",
  "object": "payment_intent",
  "amount": 5000,
  "currency": "EUR",
  "status": "succeeded",
  "charity_id": "charity_tallinna_toidupank",
  "donor_email": "[email protected]",
  "donor_name": "Mari Maasikas",
  "payment_method": "card",
  "card_last4": "4242",
  "card_brand": "visa",
  "risk_score": 15,
  "risk_level": "low",
  "fraud_checks": {
    "ip_risk": "low",
    "velocity_check": "passed",
    "card_testing": "passed",
    "behavioral_analysis": "passed"
  },
  "metadata": {
    "campaign_id": "winter2024",
    "source": "website"
  },
  "created": 1699876543,
  "completed_at": 1699876621
}

3. List Charities

Get a list of all charities on the platform.

Method: GET

Endpoint: /charities

Parameters

  • limit (integer, optional) - Number of results (default: 20, max: 100)
  • offset (integer, optional) - Pagination offset (default: 0)
  • status (string, optional) - Filter by status: active, inactive

Example Request

GET /v1/charities?limit=10
X-API-Key: sk_live_1234567890abcdefghijklmnopqrstuv

Example Response

{
  "object": "list",
  "data": [
    {
      "id": "charity_tallinna_toidupank",
      "name": "Tallinna Toidupank MTÜ",
      "registry_code": "80234567",
      "status": "active",
      "description": "Aitame toitu vajavaid perekondi Tallinnas",
      "category": "food_bank",
      "website": "https://tallinnafoodbank.ee",
      "created": 1699876543
    },
    {
      "id": "charity_varjupaik_lootus",
      "name": "Varjupaik Lootus",
      "registry_code": "80345678",
      "status": "active",
      "description": "Shelter for those in need",
      "category": "shelter",
      "website": "https://lootus.ee",
      "created": 1699790123
    }
  ],
  "has_more": false,
  "total_count": 5
}

4. Verify IP Risk

Check the risk level of an IP address before processing payment.

Method: POST

Endpoint: /risk/verify

Parameters

  • ip_address (string, required) - IP address to check
  • user_agent (string, optional) - User agent string
  • session_id (string, optional) - Session identifier for velocity checks

Example Request

POST /v1/risk/verify
X-API-Key: sk_live_1234567890abcdefghijklmnopqrstuv
Content-Type: application/json

{
  "ip_address": "185.141.206.123",
  "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)...",
  "session_id": "sess_abc123xyz"
}

Example Response

{
  "ip_address": "185.141.206.123",
  "risk_score": 25,
  "risk_level": "low",
  "is_vpn": false,
  "is_proxy": false,
  "is_tor": false,
  "is_hosting": false,
  "country": "EE",
  "city": "Tallinn",
  "asn": "AS3249",
  "isp": "Telia Eesti AS",
  "velocity_check": {
    "attempts_last_hour": 2,
    "status": "passed"
  },
  "recommendation": "allow",
  "checked_at": 1699876543
}

Response Fields

  • risk_score - Risk score (0-100): 0-30 low, 31-60 medium, 61-85 high, 86-100 critical
  • risk_level - low, medium, high, critical
  • recommendation - allow, review, challenge (show CAPTCHA), block

Webhooks

Configure a webhook URL to receive real-time notifications about payment events.

Webhook Events

  • payment.succeeded - Payment successful
  • payment.failed - Payment failed
  • payment.pending - Payment pending
  • fraud.detected - Fraud detected

Example Request (webhook payload)

POST https://yoursite.com/webhook-endpoint
X-Signature: sha256=abcdef123456...
Content-Type: application/json

{
  "id": "evt_1234567890",
  "type": "payment.succeeded",
  "created": 1699876621,
  "data": {
    "payment_id": "pi_3NxYz1234567890",
    "amount": 5000,
    "currency": "EUR",
    "charity_id": "charity_tallinna_toidupank",
    "donor_email": "[email protected]",
    "status": "succeeded"
  }
}

Note: Verify webhook signatures using the X-Signature header and your webhook secret.

Error Codes

  • 400 Bad Request - Missing or invalid parameters
  • 401 Unauthorized - Invalid or missing API key
  • 403 Forbidden - Access denied
  • 404 Not Found - Resource not found
  • 429 Too Many Requests - Rate limit exceeded
  • 500 Internal Server Error - Server error

Error Response Format

{
  "error": {
    "type": "invalid_request_error",
    "code": "amount_too_small",
    "message": "Amount must be at least €1.00 (100 cents)",
    "param": "amount"
  }
}

Rate Limits

API requests are limited to 100 requests per minute per IP address. If you exceed the limit, you will receive a 429 status code.

Response headers include rate limit information:

X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1699876800

Code Examples

PHP Example

<?php
$apiKey = 'sk_live_1234567890abcdefghijklmnopqrstuv';
$baseUrl = 'https://api.safegive.online/v1';

// Create payment intent
$data = [
    'amount' => 5000,
    'currency' => 'EUR',
    'charity_id' => 'charity_tallinna_toidupank',
    'donor_email' => '[email protected]',
    'return_url' => 'https://yoursite.com/thank-you'
];

$ch = curl_init($baseUrl . '/payments');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data));
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    'X-API-Key: ' . $apiKey,
    'Content-Type: application/json'
]);

$response = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);

if ($httpCode === 200) {
    $payment = json_decode($response, true);
    header('Location: ' . $payment['checkout_url']);
} else {
    die('Payment creation failed');
}
?>

JavaScript Example

const apiKey = 'sk_live_1234567890abcdefghijklmnopqrstuv';
const baseUrl = 'https://api.safegive.online/v1';

// Create payment intent
async function createPayment() {
  const response = await fetch(`${baseUrl}/payments`, {
    method: 'POST',
    headers: {
      'X-API-Key': apiKey,
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({
      amount: 5000,
      currency: 'EUR',
      charity_id: 'charity_tallinna_toidupank',
      donor_email: '[email protected]',
      return_url: 'https://yoursite.com/thank-you'
    })
  });

  if (response.ok) {
    const payment = await response.json();
    window.location.href = payment.checkout_url;
  } else {
    console.error('Payment creation failed');
  }
}

createPayment();

cURL Example

curl -X POST https://api.safegive.online/v1/payments \
  -H "X-API-Key: sk_live_1234567890abcdefghijklmnopqrstuv" \
  -H "Content-Type: application/json" \
  -d '{
    "amount": 5000,
    "currency": "EUR",
    "charity_id": "charity_tallinna_toidupank",
    "donor_email": "[email protected]",
    "return_url": "https://yoursite.com/thank-you"
  }'

Security

All API requests must use HTTPS. Never share your API key publicly or store it in client-side code.

  • All requests must use HTTPS (TLS 1.2 or higher)
  • Store API keys securely (environment variables, secrets manager)
  • Never expose API keys in client-side code or public repositories
  • Rotate API keys periodically
  • Use test mode keys (sk_test_...) for development
  • Verify webhook signatures to prevent spoofing
  • Implement proper error handling

API Support

If you have questions about the API, please contact us via the contact page.

Contact