Skip to main content
This page describes the architectural principles to follow for a robust and secure LigdiCash integration. It targets developers designing the infrastructure around the API.

Core principle: everything goes through the backend

Your LigdiCash credentials (Apikey and Auth Token) must never appear in your frontend, mobile app, or public source code. All requests to the LigdiCash API leave from your server.
An exposed Apikey or Auth Token lets anyone create invoices or trigger payouts on your behalf. Store these secrets in server-side environment variables only.

Transactions table structure

Your database must hold enough information to trace every transaction, handle the callback idempotently, and run a fallback poll.
The ligdicash_token field must be stored as soon as the invoice is created. This is the token you’ll use to call the confirm endpoint, both in the callback and in the fallback poll. Do not rely on the token received in the callback — it’s a different token.

Endpoints to expose on the backend

Your backend acts as a proxy between your frontend and the LigdiCash API. At a minimum, expose these three routes:
RouteMethodRole
/api/payment/initiatePOSTCreates the LigdiCash invoice, stores the token, returns the payment URL
/api/payment/:id/statusGETReturns the transaction status (polls LigdiCash if still pending)
/api/ligdicash/callbackPOSTReceives LigdiCash notifications, re-verifies, updates the database

Initiation route

Node.js (Express)

Callback route

Node.js (Express)

Polling fallback

LigdiCash does not enforce a retry policy for callbacks. If your endpoint was unavailable or a callback was missed, a transaction can stay pending indefinitely. Set up periodic polling on the backend.
Polling fallback (cron)
LigdiCash never automatically flips a transaction to notcompleted. A transaction stays pending indefinitely if the customer never finalizes the payment. After 24h, you can consider the transaction expired and close it yourself.

Logging and audit

Keep a trace of every interaction with LigdiCash to make troubleshooting easier in case of a dispute.
Log both outgoing requests to LigdiCash and incoming callbacks. If a transaction is disputed, you’ll be able to present a full timestamped history.

Environment variables

.env

Summary diagram