HomeGuidesAPI ReferenceChangelog
Guides

Backend API

Use the Nana APIs to connect your MiniApp backend to our ecosystem, allowing you to manage payments and order lifecycles. The following sections outline the available APIs and the architectural rules you must follow when integrating them.

1. Payments

The Payments API handles the financial transactions between the user and your MiniApp. All payment sessions must be securely initiated and managed from your backend.

A. Create Payment Session

Initiates a secure payment transaction for a user. This endpoint generates and returns the necessary session credentials required by your frontend SDK to natively render the payment interface.

B. List Payment Sessions

Retrieves a paginated list of all payment sessions associated with a specific user. This is useful for displaying transaction history within your MiniApp.

C. Get Payment Session

Fetches the current status and full payload details of a specific payment session. Use this to verify the definitive payment status (e.g., pending, success, or refunded) before fulfilling an order.

D. Refund Payment Session

Initiates a refund for a previously completed and captured payment session. The payment must be in a closed/successful state for this to execute.

2. Orders (Order Activities)

The Order Activities API tracks the lifecycle of an order within the Nana app.

A. Get Order Activities

Retrieves a list of order activities linked to the user.

B. Create or Update an Order

Creates a new order activity or updates an existing one using the same endpoint.

C. Get Order by ID

Retrieves the detailed, complete state of a specific order activity using its unique identifier, including its current item list, delivery information, and chronological event history.

3. Authenticate User

Once a user session is initiated via the ft.getUserToken() method, your MiniApp is responsible for actively verifying the token's authenticity.

⚠️ Security Warning: You cannot rely purely on the token residing in the client-side SDK. Frontend data can be manipulated or expire. You must perform a secure server-to-server verification to definitively confirm the user's identity before granting access to your backend resources or taking any further actions.

Step 1: Handle the SDK Callback

After initialization, your frontend will invoke the SDK's token method ft.getUserToken(). When the SDK returns the token to the client, you will receive the authentication string you need.

Extract the token string from the frontend. Use this client-side event as a trigger to pass the token to your backend to begin the secure verification process.

Step 2: Retrieve Verified User Profile

To verify the user securely, your backend must pass the token to the Verify User Token endpoint. You must pass the token obtained from the SDK in Step 1 within the miniapp-user-token header to verify the user directly with the server.

Please refer to the Verify User Token API Reference for the exact endpoint URLs and complete cURL examples.

Step 3: Evaluate the Response Payload

Upon receiving the response from the server-to-server call, your backend must evaluate the success and data.id fields within the payload to confirm the token's validity.

A fully verified and authenticated token will return the following in its payload:

Server API Response Snippet:

{
  "status_code": 200,
  "result": "Operation Completed Successfully",
  "success": true,
  "data": {
    "id": "[email protected]"
  }
}

Updated 26 days ago