Pay by Link lets you generate a secure, shareable payment URL and send it to your customers — independently from any checkout page integration. When the customer clicks the link, they are presented with a Hosted Page to complete the payment.
This guide walks you through the full Pay by Link flow, step by step:
- Create a payment link via the Purse API
- Send the link to your customer by email, SMS, or any messaging channel
- Track the payment lifecycle through status transitions and webhooks
- Handle the customer redirection after the payment
- Send a payment request by email or SMS
- MOTO (Mail Order / Telephone Order) payments
- Invoice payments
- Customer support refund-replacement flows
How it works
The diagram below walks through the full Pay by Link lifecycle — from link creation on your backend to the customer's final redirect.
A few things worth noting:
- The link is reusable — if a payment attempt fails, the status reverts to
OPENED and the customer can retry with the same URL.
- 3DS is handled transparently — the Hosted Page manages the redirect to the PSP's authentication page; no extra work needed on your side.
- Two webhook streams — you get separate notifications for the payment link status and for each underlying payment attempt, giving you fine-grained visibility.
- The link becomes single-use once paid — as soon as one payment reaches
AUTHORIZED, the link is locked to PAID and any further attempts are rejected.
Before you start
1. Authentication - Retrieve Access Token
Before making any API calls, you must authenticate by obtaining an OAuth2 Access Token.
See Authentication Guide for details on generating your token.
Never expose your CLIENT_SECRET on the client side. All API calls must be made from your backend server.
2. Create the Payment Link
Call the /payment/v2/payment-links endpoint to generate a new payment link.
The entity_id, amount, currency, shopper_redirection_url, and order fields are required.
Providing detailed order data (shipments, customer info, billing address) improves acceptance rates and ensures compatibility with all PSPs. Check each partner's page for required fields.
Example Request
curl -X POST 'https://api.purse-sandbox.com/payment/v2/payment-links'
--header 'Content-Type: application/json'
--header "x-api-key: ${API_KEY}"
--header "Authorization: Bearer ${ACCESS_TOKEN}"
--data-raw '{
"entity_id": "your-entity-id",
"amount": 10000,
"currency": "EUR",
"shopper_redirection_url": "https://www.your-shop.com/order/confirmation",
"order": {
"reference": "ORD-12345"
},
"webhook": {
"url": "https://www.your-shop.com/webhooks/purse"
}
}'
Example Response
{
"payment_link_id": "plink_abc123",
"entity_id": "your-entity-id",
"amount": 10000,
"currency": "EUR",
"status": "CREATED",
"expires_at": "2026-04-26T12:00:00.000Z",
"links": [
{
"customer_url": {
"method": "GET",
"href": "https://pay.purse-sandbox.com/payment-links/plink_abc123"
}
}
]
}
The payment link status is now CREATED.
3. Send the Payment Link to Your Customer
Retrieve the customer_url from the links array in the response and send it to your customer via email, SMS, or any messaging channel.
https://pay.purse-sandbox.com/payment-links/plink_abc123
When the customer opens this URL, a Client Session is automatically created to track the payment attempt.
4. Customer Opens the Link
When the customer navigates to the customer_url, the payment link status transitions from CREATED → OPENED.
You will receive an asynchronous webhook notification for this status change.
The customer is presented with the standard Hosted Page experience: a PCI-DSS compliant payment form served by Purse.
5. Customer Submits Payment
Once the customer enters their payment details and submits the form, the payment process begins.
Depending on the PSP or payment method, the payment link may transition to PAYMENT_IN_PROGRESS. This occurs when:
- The associated payment has an
authorization_status of PENDING or UNCERTAIN
- A 3DS Strong Authentication challenge is in progress
- The PSP does not return a final authorization status immediately
You will receive webhook notifications for both the payment link and the underlying payment attempt.
If the payment is ultimately REFUSED or ABORTED, the payment link status reverts to OPENED. The customer can retry using the same link until it expires or a successful payment is made.
6. Successful Payment
When one of the associated payments reaches an authorization_status of AUTHORIZED, the payment link transitions to PAID and can no longer be used.
You will receive webhook notifications for:
- The payment link (
status: PAID)
- The payment (
authorization_status: AUTHORIZED)
The customer is then redirected to the shopper_redirection_url you specified at creation, with a purse-redirection-data query parameter containing context about the payment result.
Once the payment is authorized, you can perform standard operations (capture, void, refund) via the Payment Operations guide.
Webhook Events Summary
| Event | Payment Link Status | Webhook sent |
|---|
| Link created | CREATED | No |
| Customer opens link | OPENED | ✅ Payment Link |
| Payment in progress (3DS / pending) | PAYMENT_IN_PROGRESS | ✅ Payment Link + Payment |
| Payment refused or aborted | Back to OPENED | ✅ Payment Link + Payment |
| Payment authorized | PAID | ✅ Payment Link + Payment |
| Link reaches expiry date | EXPIRED | ✅ Payment Link |
See the Webhooks & Notifications guide for full payload details and signature verification.
FAQ
Can a customer retry after a failed payment attempt?
Yes. As long as the payment link status is OPENED, the customer can retry. The link only becomes permanently unavailable when it reaches PAID or EXPIRED status.
How do I set an expiry date on the link?
Pass an expires_at field (ISO 8601 datetime) in the creation payload. If omitted, a default expiry configured at the entity level applies.
Is the Hosted Page PCI-DSS compliant?
Yes. The payment form presented to the customer is served by Purse and is fully PCI-DSS compliant. Sensitive card data never passes through your servers.
Can I use Pay by Link for MOTO payments?
Yes. Pay by Link is one of the recommended integration patterns for MOTO (Mail Order / Telephone Order) use cases, along with the standard Hosted Page.