Node.js
npm i @forgepay/nodeA fully idempotent payments API with native SDKs for Node, Python, Go and Rust, signed webhooks you can actually trust, and typed errors. Forged for builders who read the docs.
$ npm i @forgepay/node{ "amount": 4200, "currency": "usd", "source": "tok_visa", "capture": true}{ "id": "ch_3PFx7d2eZvKYlo2C0a9bQ1xT", "object": "charge", "amount": 4200, "currency": "usd", "status": "succeeded", "livemode": true}Pulled from production. Latency at the 99th percentile, not the median your dashboard likes to show.
us-east · edge-terminated TLS
measured at the load balancer
anycast · sub-30ms to 90% of users
tokenized at the edge · PCI-DSS L1
signed · idempotent · auto-retried
No sandbox sprawl, no 12-step onboarding. Install, authenticate, and move real money before your coffee gets cold.
One package. Typed clients for Node, Python, Go, Ruby & PHP.
npm i @forgepay/nodePOST /v1/charges with an amount, currency and source token.
fp.charges.create({ … })Read charge.status, fire a webhook, settle in T+1.
status === "succeeded"1// npm i @forgepay/node2import Forgepay from "@forgepay/node";34const fp = new Forgepay(process.env.FORGEPAY_SECRET_KEY!);56const charge = await fp.charges.create(7{8amount: 4200, // cents9currency: "usd",10source: tokenId,11description: "Forge Pro — annual",12},13{ idempotencyKey: "ch_req_8fa31c" },14);1516console.log(charge.status); // "succeeded"
Resource-oriented endpoints, predictable HTTP semantics, idempotent writes and a single dated version header. No surprises in production.
Capture funds from a payment source. Fully idempotent — replay the same Idempotency-Key and you get the original charge back, never a duplicate.
curl https://api.forgepay.dev/v1/charges \ -H "Authorization: Bearer sk_live_51Mx…" \ -H "Idempotency-Key: req_8f21c0a4" \ -d amount=4200 \ -d currency=usd \ -d source=tok_visaWatch the money move. Every payment streams through a single, idempotent path — tokenized at the edge, authorized in milliseconds, settled to you.
Tap, swipe, or a card on file.
Card data tokenized in-browser.
Idempotent authorize, risk-scored.
Visa · Mastercard · Amex.
Funds settle to your account.
Tap, swipe, or a card on file.
Card data tokenized in-browser.
Idempotent authorize, risk-scored.
Visa · Mastercard · Amex.
Funds settle to your account.
Idiomatic, fully-typed, open-source SDKs for the languages you already ship. Hand-written ergonomics on top of a generated core, so the types are always in sync with the API.
npm i @forgepay/nodepip install forgepaygo get forgepay.dev/gogem install forgepaycomposer require forgepay/forgepaymvn dev.forgepaydotnet add package Forgepaycargo add forgepay+ official plugins & integrations
100% open-source · MIT licensed · semver-stable
The fun part is shipping. The part that keeps you employed is the money never moving twice. We obsess over the second one so you don't get paged for it.
HMAC-SHA256 · constant-time
Every event ships with a signature header. Verify in one call — forged or replayed payloads never reach your handler.
// reject anything we didn't signconst event = fp.webhooks.verify(payload, // raw request bodyreq.headers["fp-signature"],process.env.FP_WEBHOOK_SECRET!,);// throws SignatureError on mismatch →// HMAC-SHA256, constant-time compare
Routing decisions in well under a frame. This is the last 32 samples from the live edge.
Retry a request a hundred times — it charges the card once. Safe POSTs by design.
Idempotency-Key: a1b2c3d4-…Transient 5xx and network blips are retried with jittered exponential backoff, capped at 5 attempts.
backoff: 1s · 2s · 4s · 8sAt-least-once delivery. Re-drive any event from the last 30 days from the dashboard or API.
POST /v1/events/{id}/replayA full parallel ledger keyed on test secrets. No real cards, identical surface.
sk_test_4eC39H…Every key, refund and config change is append-only, signed, and exportable for compliance.
audit.entry · write-once99.99% uptime · last 90 days
Every bar is a day. Hover for the daily figure.
Compliance is table stakes, not a sales call. Reports on request.
Real-time, cryptographically signed, at-least-once delivery — with automatic retries and dashboard replay. If your server hiccups, we keep knocking.
charge.succeededevt_3PF02a664 200charge.refundedevt_3PF02a659 200payout.paidevt_3PF02a64e 200charge.succeededevt_3PF02a63j 200customer.createdevt_3PF02a62o 200charge.succeededevt_3PF02a61t 200Every request carries an HMAC-SHA256 signature in the Forgepay-Signature header. Verify in one line before you trust a byte.
HMAC-SHA256At-least-once delivery with exponential backoff — up to 8 attempts over 3 days until your endpoint returns 2xx.
8 attempts · 72hRe-send any past event from the dashboard or CLI. Rebuild local state after an outage without touching production.
dashboard · CLI40+ documented event types with versioned, strongly-typed payloads. Autocomplete the whole envelope in your editor.
40+ types{ "id": "evt_3PFxQ9aL2", "type": "charge.succeeded", "api_version": "2026-04-01", "created": 1781784161, "data": { "object": { "id": "ch_3PFx8Km0", "amount": 4200, "currency": "usd", "status": "succeeded" } }}Forgepay-Signature: t=1781784161,v1=9a7f…c2e1Test mode is free forever. You only pay on a successful live charge — no monthly fee, no setup, no minimums.
One flat rate on every successful card charge. Declined and test transactions are always free.
≈ $17.40 saved vs a flat 2.9% + $0.30
668 successful charges. Estimate only.
2.9% + $0.30
Self-serve. Live in minutes.
Interchange++ / custom
For high-volume teams.
Every Forgepay account ships with the full API, all SDKs and unlimited test mode — on day one.
Create an account, grab your test keys, and POST your first charge in minutes — no sales call required.
$ export FORGEPAY_SECRET_KEY=sk_live_••••••••••••••••••••// decorative preview · click to generate a sample test key
$ curl https://api.forgepay.dev/v1/charges \-u $FORGEPAY_SECRET_KEY: \-d amount=4200 -d currency=usd \-d source=tok_visa→ 201 Created · ch_3Pk9qXr2 · succeeded