Product Documentation
Start typing to search…

🚨 Integration Update – Mandatory Migration to API based Transak Widget URL

All partners are required to migrate their integration to use the Create Widget URL API to generate widgetUrl.

Previous methods of embedding query parameter configuration directly in the widget URL are deprecated and will no longer be supported.

The API allows you to generate a widgetUrl, which must be used to load the Transak widget. This ensures secure, validated, and consistent integrations across all integrations options

Widget URL Generation

Partners must first generate a widgetUrl using the Create Widget URL.

🚧

Create Widget URL API must always be called from the partner’s backend server. Transak validates requests by whitelisting partner server IPs. Direct calls from the client are not supported.

To create a widgetUrl, your API request must include:

Headers

Description

Access Token (required)

Your Partner Access Token, you can generate one using our Refresh Access Token endpoint.

This token should be stored and used until it expires. When the Refresh Access Token is invoked again, the previously generated token is automatically invalidated.

User Authorization Token (optional)

This token represents the end-user’s identity and only required in Whitelabel Integrations.

Body Params

Description

Widget Params (required)

All integration parameters previously used across different products are now supported through the widgetParams object.

apiKey is a mandatory param inside widgetParams object(value should be fetched from Transak Partner Dashboard)

referrerDomain is a mandatory param inside widgetParams object (value should be passed as domain URL for web integrations and the application package name for mobile integrations).

All query parameters are supported : On/Off Ramp, NFT Checkout, Transak One

Landing Page (optional)

This parameter defines the initial entry point of the widget experience and only required in Whitelabel Integrations.

Request

curl --request POST \
     --url https://api-gateway-stg.transak.com/api/v2/auth/session \
     --header 'accept: application/json' \
     --header 'access-token: YOUR_ACCESS_TOKEN' \
     --header 'authorization: YOUR_USER_AUTH_TOKEN' \
     --header 'content-type: application/json' \
     --data '
{
  "widgetParams": {
    "apiKey": "YOUR_API_KEY",
    "referrerDomain": "yourdomain.com",
    "fiatAmount": 300,
    "fiatCurrency": "EUR",
    "cryptoCurrencyCode": "ETH"
  },
  "landingPage": "HomePage"
}
'

Response

{
    "data": {
        "widgetUrl": "https://global-stg.transak.com?apiKey=YOUR_API_KEY&sessionId=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJvdHQiOiI2YzgxMDFiMjlhMzg0YWE2YmRjM2JjMmFkODA1M2YzMyIsImlhdCI6MTc1NzMyNTkwNywiZXhwIjoxNzU3MzI2MjA3fQ.zooQ07sGOnI_2dwtIzYL5sOD-Z0wQZoahPxZqZcCVCI"
    }
}

On success, the response will include widgetUrl. This URL must be used to load the Transak Widget. The widgetUrl is valid only for 5 minutes from the time of creation.

Click here for more information on Create Widget URL API.

Deprecation Notice

The old method of passing parameters directly in the widget URL is deprecated. Partners must transition to the api based widget URL approach.

Deprecated

https://global.transak.com?apiKey=YOUR_API_KEY&productsAvailed=BUY,SELL&fiatAmount=300&fiatCurrency=GBP&network=ethereum&paymentMethod=credit_debit_card&cryptoCurrencyCode=ETH&hideExchangeScreen=true&walletAddress=0xE99B71B9a035102432e30F47843746e646737b79&disableWalletAddressForm=true

New

https://global.transak.com?apiKey=YOUR_API_KEY&sessionId=YOUR_SESSION_ID

Additional Required Changes for Partners

Mandatory Referer header in Web Integration

Transak widget relies on the browser’s Referer header as an additional runtime signal about where the widget is being launched. This header provides a direct verification of the actual source domain.

Redirect-based integrations (Redirect Link)

For opening widget , use following snippet:

<a href="https://global.transak.com?apiKey=YOUR_API_KEY&sessionId=YOUR_SESSION_ID" target="_blank" rel="noopener"> 
Buy/Sell Crypto with Transak
</a>
<script>
  window.open('https://global.transak.com/?apiKey=YOUR_API_KEY&sessionId=YOUR_SESSION_ID', '_blank', 'noopener');
</script>
⚠️

Do not use rel="noreferrer" as it prevents the Referer header from being sent and breaks runtime domain validation.


iframe-based integrations (Embed/Double embed)

The recommended setting is referrerpolicy="strict-origin-when-cross-origin", while "origin" is also acceptable.

<iframe
  src="https://global.transak.com?apiKey=YOUR_API_KEY&sessionId=YOUR_SESSION_ID"
  width="100%"
  height="625"
  style="border: none;"
  allow="clipboard-write"
  referrerpolicy="strict-origin-when-cross-origin"
/>
⚠️

Do not use referrerpolicy="no-referrer", as this strips the Referer header and prevents domain validation.

❗️

Nesting the Transak iframe inside a third-party iframe is not permitted unless the parent site has received explicit approval from Transak

ℹ️

If you need assistance with migration, please click here and you will be directed to the partner dashboard where you can log in to discuss your query.

Updated 2 days ago