Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.momentco.io/llms.txt

Use this file to discover all available pages before exploring further.

Overview

The Moment JavaScript SDK enables seamless payment integration into any web application. Whether you need a modal overlay or inline embedded checkout — the SDK handles it all with a simple, unified API. Built with vanilla JavaScript (no dependencies), the SDK works with any frontend framework or plain HTML pages.

Embedded Modal :

Key Features

  • Zero Dependencies – Pure vanilla JavaScript, works everywhere
  • Flexible Display Options – Choose between modal overlay or inline embedded checkout
  • Flexible Callbacks – Handle payment success, failure, cancellation, retry, and expiry events
  • Cross-Origin Safe – Secure iframe communication via postMessage
  • Environment Detection – Automatic sandbox / production switching based on client key
  • PCI Compliant – All sensitive payment data handled in Moment’s secure iframe

Display Variants

VariantAvailabilityDescription
modalAvailableOpens checkout in a centered modal overlay (default)
inlineComing SoonRenders checkout inside a specified container element

How It Works

  1. Page loadsMoment(clientKey) creates an SDK instance; moment.checkout() is called to create a checkout instance with your fetchClientToken, fetchSessionStatus, and event callbacks (onSuccess, onFailure, etc.)
  2. Customer clicks Paycheckout.launch() is called
  3. SDK calls fetchClientToken — your callback creates a session on your backend (with a success_url) and returns the client_token
  4. Checkout opens in your chosen variant (modal or inline)
  5. Customer submits payment — Moment takes over the full page and redirects to the authentication page
  6. Customer completes authentication on the external page
  7. Customer is redirected back to your success_url with ?session_id=abc123 appended
  8. Page loads againmoment.checkout() detects the session_id in the URL automatically and calls your fetchSessionStatus('abc123') callback
  9. Your callback fetches the status from your backend, which queries Moment API
  10. SDK routes to the right handleronSuccess, onFailure, onExpired, or onCancel — and removes session_id from the URL silently
  11. Webhooks are delivered to your backend regardless of outcome

Installation

<script src="https://dy7o1iqfiixsw.cloudfront.net/moment-sdk/js/moment.js"></script>

Self-Hosted

Download moment.js and include it in your project: 
<script src="/path/to/moment.js"></script>

Module Import (Coming Soon)

import Moment from '@momentpay';

Quick Start

1. Initialize the SDK

Call Moment(clientKey) once when your page loads to create an SDK instance. Then call moment.checkout() with your fetch callbacks and event handlers — it returns a checkout instance, and the SDK calls your callbacks automatically at the right moments, so you never manage tokens or session IDs manually. Backend endpoints:
server.js
// Called by fetchClientToken when checkout.launch() is triggered
app.post('/api/create-payment-session', async (req, res) => {
  const response = await fetch('https://api.momentpay.net/collect/payment_sessions', {
    method: 'POST',
    headers: {
      'Authorization': 'Bearer sk_test_your_secret_key',
      'Content-Type': 'application/json',
    },
    body: JSON.stringify({
      amount: 10000, // Amount in cents (e.g., R100.00)
      currency: 'ZAR',
      type: 'one_time',
      options: {
        checkout_options: {
          presentation_mode: { mode: 'embedded' },
          success_url: 'https://yoursite.com/checkout?session_id={SESSION_ID}', // required for redirect payments
        },
      },
    }),
  });
  const { client_token } = await response.json();
  res.json({ client_token });
});

// Called by fetchSessionStatus after customer returns from a redirect payment.
// The SDK extracts session_id from the URL (?session_id=abc123) and passes it here.
app.get('/api/session-status', async (req, res) => {
  const sessionId = req.query.session_id;
  const response = await fetch(
    `https://api.momentpay.net/collect/payment_sessions/${sessionId}`,
    { headers: { 'Authorization': 'Bearer sk_test_your_secret_key' } }
  );
  const session = await response.json();
  res.json({ status: session.status, ...session });
});
Frontend — initialize once on page load:
app.js
const moment = Moment('pk_your_key_here');

const checkout = moment.checkout({
  // SDK calls this when checkout.launch() is invoked to get a fresh session token
  fetchClientToken: async () => {
    const response = await fetch('/api/create-payment-session', { method: 'POST' });
    const data = await response.json();
    return data.client_token;
  },

  // SDK calls this automatically when ?session_id=... is detected in the URL.
  // Happens after a customer returns from a redirect-based payment (3DS, bank redirect, EFT).
  // Must return: { status: 'completed' | 'failed' | 'expired' | 'cancelled', ... }
  fetchSessionStatus: async (sessionId) => {
    const response = await fetch('/api/session-status?session_id=' + sessionId);
    return response.json();
  },

  onSuccess: (result) => {
    console.log('Payment successful!', result);
    // Redirect to success page or update UI
  },
  onFailure: (result) => {
    console.log('Payment failed', result);
    // Show error message
  },
  onCancel: (result) => {
    console.log('Payment cancelled', result);
    // Allow user to retry
  },
  onAttemptFailed: (result) => {
    console.log('Payment attempt failed', result);
    // User can retry within the checkout
  },
  onExpired: (result) => {
    console.log('Payment session expired', result);
    // Request a new session and retry
  },
});

2. Open Checkout

app.js
// SDK calls fetchClientToken, gets a fresh token, then opens checkout
checkout.launch();

API Reference

Moment(clientKey)

Factory function — creates an isolated SDK instance scoped to your publishable key. Returns an object with product namespaces (checkout, and more in the future).
ParameterTypeRequiredDescription
clientKeystringYesYour publishable key (pk_test_... or pk_live_...). Determines sandbox vs. production environment.
Throws immediately if clientKey is invalid. 
const moment = Moment('pk_test_abc123');

moment.checkout(config)

Creates and returns a checkout instance for this SDK. Detects any ?session_id= in the current URL and automatically calls fetchSessionStatus if provided. Returns a checkout object with launch, close, and submit methods.
ParameterTypeRequiredDescription
fetchClientTokenfunctionYesAsync function returning Promise<string> — a fresh client token. Called by the SDK when checkout.launch() is invoked.
fetchSessionStatusfunctionNoAsync function receiving a sessionId string, returning Promise<{ status: string, ... }>. Called when a session_id is found in the URL after a redirect-based payment. Required only if you use redirect mode.
onSuccessfunctionNoCallback fired when payment succeeds (both embedded and redirect flows)
onFailurefunctionNoCallback fired when payment fails
onCancelfunctionNoCallback fired when user cancels
onAttemptFailedfunctionNoCallback fired when a payment attempt fails (user can retry)
onExpiredfunctionNoCallback fired when the payment session expires
Example: 
const moment = Moment('pk_test_abc123');

const checkout = moment.checkout({
  fetchClientToken: async () => {
    const res = await fetch('/api/create-payment-session', { method: 'POST' });
    const data = await res.json();
    return data.client_token;
  },
  // Only needed if using redirect mode
  fetchSessionStatus: async (sessionId) => {
    const res = await fetch('/api/session-status?session_id=' + sessionId);
    return res.json();
    // Must return: { status: 'completed' | 'failed' | 'expired' | 'cancelled', ... }
  },
  onSuccess: (result) => console.log('Success:', result),
  onFailure: (result) => console.log('Failed:', result),
  onCancel: (result) => console.log('Cancelled:', result),
  onAttemptFailed: (result) => console.log('Attempt failed:', result),
  onExpired: (result) => console.log('Expired:', result),
});

checkout.launch(options)

Opens the payment checkout. Internally calls your fetchClientToken function to retrieve a fresh token, then opens checkout. The display variant (modal or inline) is determined from the JWT payload variant claim, which is set when creating the session on your backend.
ParameterTypeRequiredDescription
options.containerstring or ElementNoCSS selector or DOM element — for inline variant only
Returns a Promise that resolves with { checkoutUrl, variant } once the checkout is open. Examples: 
// Open checkout — SDK fetches token via your fetchClientToken callback
checkout.launch();

// Inline checkout with custom container
checkout.launch({ container: '#checkout-container' });

checkout.close()

Manually closes the modal or inline checkout. 
checkout.close();

checkout.submit() Coming soon

Triggers payment submission from outside the iframe — useful when you want an external “Pay” button rather than relying on the checkout UI’s built-in submit. Only available for the inline variant. 
// Wire up an external Pay button
document.getElementById('payBtn').addEventListener('click', () => {
  checkout.submit();
});

Security Best Practices

  1. Never expose your secret key (sk_...) in frontend code
  2. Always create sessions server-side using your secret key
  3. Validate webhooks to confirm payment status server-side
  4. Use HTTPS for all pages that include the SDK
  5. Handle token expiry by requesting a new token if needed

Next Steps