Logo
Home Documentation Pricing Plan Resellers
Login Register
Getting Started

Introduction to VSSPay

VSSPay is a premium cryptocurrency gateway designed to automate Binance C2C billing operations on your platform. It offers instant checkout, auto-conversion routing, and seamless notifications. This guide details how to securely connect and integrate VSSPay.

Note: All API requests to VSSPay must be made over secure HTTPS protocols. Standard HTTP calls are automatically blocked to prevent eavesdropping and data interception.

Authentication

API Authentication

Every request to the VSSPay gateway requires a secure API Key associated with your merchant account. Authenticate your calls by passing the token inside the standard header attribute: 

Authorization: Bearer vss_sec_key_live_xxxxxxxxxxxxxxxxxxxxxxxx

Important Security Warning:

Never place your secret API keys in front-end client code (such as raw JavaScript, public web forms, or GitHub repositories). All credentials should be stored securely on your server backend via environment variables.

Dhru Fusion

Module Installation

Integrating VSSPay with Dhru Fusion requires minimal configuration. Standard installation steps:

  1. Download the VSSPay module archive from your verified merchant portal.
  2. Upload the files to your Dhru Fusion installation under the /includes/gateways/ directory.
  3. Navigate to your Admin Control Panel -> Settings -> Payment Gateways.
  4. Locate the VSSPay Binance C2C module and click Activate.
Configuration

API Module Setup

Enter your merchant credentials to link invoices:

Field Description Requirement
API Key Unique credential token from dashboard settings. Required
Secret Token Used to sign webhook signature checks. Required
Developer Reference

Create Invoice Endpoint

Initiate standard crypto payment checkouts using the request template below.

POST /api/v1/invoices/create
JSON Request Payload Example 
{
  "amount": 50.00,
  "currency": "USDT",
  "order_id": "ORDER_10254",
  "redirect_url": "https://yourdomain.com/success.php",
  "cancel_url": "https://yourdomain.com/cancel.php"
}
JSON Response Payload Example 
{
  "status": "success",
  "invoice_id": "INV_865421",
  "checkout_url": "https://checkout.vsspay.com/invoice/INV_865421",
  "expiry": "2026-06-03 10:15:30"
}
Integrations

IPN Callback (Webhook)

When a customer settles their Binance C2C payment, VSSPay pushes a secure POST request to the Callback IPN endpoint URL defined in your settings portal.

Security Rule (Callback Verification):

To protect your backend order fulfillment from spoofing attacks, never trust callback payloads blindly. Secure implementations must query our verification service directly to validate if the transaction ID is legit:

Secure Webhook Verification Routine (PHP) 
<?php
// Secure Webhook Verification Code
$invoice_id = filter_input(INPUT_POST, 'invoice_id', FILTER_SANITIZE_STRING);
$signature  = $_SERVER['HTTP_X_VSSPAY_SIGNATURE'] ?? '';

// Check with VSSPay gateway server to verify invoice status
$ch = curl_init("https://api.vsspay.com/v1/invoices/verify/" . urlencode($invoice_id));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    "Authorization: Bearer vss_sec_key_live_xxxxxxxxxxxxxxxxxxxxxxxx"
]);
$response = json_decode(curl_exec($ch), true);

if ($response && $response['payment_status'] === 'completed') {
    // Invoice verified securely from the source. Fulfill order.
    echo "Fulfillment completed.";
} else {
    // Reject request
    http_response_code(400);
    echo "Fulfillment validation failed.";
}
curl_close($ch);
?>
Security

Security Best Practices

  • Implement HMAC Validation: Verify payloads against the secret token using SHA256 signatures.
  • Verify Order Amounts: Ensure the paid USDT amount matches the exact order database records before releasing licenses.
  • Avoid SQL Injection: Sanitize and bind variables inside billing routines using PDO structures.
  • IP Restrictions: Whitelist the official VSSPay outgoing servers IP list for incoming IPN endpoints.