Coindirectly • Developer Docs

Quickstart

Create an account and grab an API key from Dashboard.
Add a webhook endpoint (e.g. https://your-site.com/webhooks/coindirectly) and copy the secret.
Generate an invoice via POST /v1/invoices and redirect the buyer to the payment page.
We notify your webhook on invoice.pending and invoice.confirmed.

If your origin server calls Toolfuz directly (payouts), make sure its IP is whitelisted on your Toolfuz gateway.

Authentication & Headers

Header	Value	Notes
`Authorization`	`Bearer <YOUR_API_KEY>`	Required on all merchant API calls.
`Idempotency-Key`	UUID v4	Optional but recommended for POSTs.
`Content-Type`	`application/json`	JSON request bodies.

Create an invoice

Request a fresh deposit address + QR for your customer.

POST /v1/invoices


curl -sX POST "https://coindirectly.org/v1/invoices" \
  -H "Authorization: Bearer sk_live_xxx" \
  -H "Content-Type: application/json" \
  -d '{
    "amount_ltc": "0.01000000",
    "metadata": { "order_id": "ORD-1001" },
    "redirect_url": "https://your-site.com/thank-you"
  }'

Response (200)

{
  "ok": true,
  "data": {
    "invoice_uid": "INV-8Q2A1N",
    "amount_ltc": "0.01000000",
    "payment_address": "ltc1qxyz…",
    "qr_uri": "litecoin:ltc1qxyz...?amount=0.01000000",
    "status": "pending",
    "created_at": "2025-09-01T12:00:00Z"
  }
}

Node / PHP snippets


// Node / browser (server-side recommended)
await fetch('https://coindirectly.org/v1/invoices', {
  method: 'POST',
  headers: {
    Authorization: 'Bearer sk_live_xxx',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({ amount_ltc: '0.01000000', metadata: { order_id: 'ORD-1001' } })
}).then(r => r.json());


// PHP (server-side)
$ch = curl_init("https://coindirectly.org/v1/invoices");
curl_setopt_array($ch, [
  CURLOPT_POST => 1,
  CURLOPT_RETURNTRANSFER => 1,
  CURLOPT_HTTPHEADER => [
    "Authorization: Bearer sk_live_xxx",
    "Content-Type: application/json"
  ],
  CURLOPT_POSTFIELDS => json_encode([
    "amount_ltc" => "0.01000000",
    "metadata"   => ["order_id" => "ORD-1001"]
  ])
]);
$res = curl_exec($ch);

Retrieve an invoice

GET /v1/invoices/{invoice_uid}


curl -s "https://coindirectly.org/v1/invoices/INV-8Q2A1N" \
  -H "Authorization: Bearer sk_live_xxx"

Status values: pending, confirmed, expired.

Webhooks

Add your endpoint in the dashboard. We deliver JSON events and sign each payload.

Signature

We send X-Coindirectly-Signature header: t=<unix>,v1=<hex hmac sha256>
where v1 = HMAC_SHA256(secret, t + "." + raw_body)


// PHP verify example
function valid(string $secret, string $raw, string $header): bool {
  parse_str(str_replace([',',' '], ['&',''], $header), $p); // t=...,v1=...
  $sig = $p['v1'] ?? ''; $t = $p['t'] ?? '';
  $calc = hash_hmac('sha256', $t.'.'.$raw, $secret);
  return hash_equals($calc, $sig);
}

Event schema

{
  "id": "evt_abc123",
  "type": "invoice.confirmed",
  "created": "2025-09-01T12:34:56Z",
  "data": {
    "invoice_uid": "INV-8Q2A1N",
    "amount_ltc": "0.01000000",
    "payment_address": "ltc1qxyz…",
    "confirmations": 1,
    "metadata": { "order_id": "ORD-1001" }
  }
}

Respond with HTTP 2xx. Non-2xx responses will be retried with backoff.

Payouts (optional)

Send LTC from your merchant wallet (requires your server IP to be whitelisted on Toolfuz).

POST /v1/payouts


curl -sX POST "https://coindirectly.org/v1/payouts" \
  -H "Authorization: Bearer sk_live_xxx" \
  -H "Content-Type: application/json" \
  -d '{ "to_address":"ltc1q...", "amount_ltc":"0.01000000" }'

Errors

All responses are HTTP 200 with a stable JSON envelope.

{
  "ok": false,
  "error": { "code": "INVALID_INPUT", "message": "amount_ltc is required" }
}

Code	Meaning
`AUTH_FAILED`	Bad or missing API key
`RATE_LIMITED`	Too many requests; back off and retry
`INVALID_INPUT`	Malformed or missing field
`INSUFFICIENT_FUNDS`	For payouts: wallet balance too low