How to open the LigdiCash payment link: same tab, new tab, popup, or native WebView. Constraints and recommended patterns.
After the invoice is created, the response_text field of the response contains the URL of the LigdiCash payment page. This is the URL you must open so the customer can choose their operator and complete the payment. The opening mode depends on your context: web application, native mobile, or hybrid.
LigdiCash blocks the loading of its payment page in an <iframe>. Never embed the URL in an iframe — the page will not display.Always open the link in a real navigation context: same tab, new tab, popup, or native WebView.
This block is enforced server-side through the X-Frame-Options and Content-Security-Policy headers. It is not a bug — it is a deliberate security measure against clickjacking.
Triggering a window.open() after a network request is systematically blocked by modern browsers: it is not considered a direct user action.The two-step solution:
Open about:blanksynchronously on click, before any await
Navigate to the payment URL after receiving the API response
This pattern works on all modern browsers (Chrome, Firefox, Safari, Edge). The key is that window.open() must be called in the same synchronous execution flow as the click handler.
On iOS and Android, open the payment URL in a native WebView rather than in the system browser. This lets you detect the end of the flow and close the WebView automatically.Principle: intercept every navigation in the WebView and compare the URL with your return_url and cancel_url.
When LigdiCash redirects the customer to your return_url or cancel_url, it indicates that the payment flow on the LigdiCash side is finished. This is not proof of a successful payment.
Never consider a payment validated based on the redirect to return_url alone. A customer can modify the URL manually, or the redirect can occur following a timeout.Always verify the status through the confirm endpoint, or wait for the callback notification.
Recommended behavior on receiving return_url:
Display an intermediate screen “Verifying payment…”
Call your backend, which calls confirm with the token stored at creation
Display the final result (success / failure / pending)