npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

paynotify-node

v1.0.7

Published

Official Node.js SDK for PayNotify Webhook Engine

Readme

PayNotify Node.js SDK

The official Node.js Server SDK for PayNotify — the zero-MDR, automated, lifetime-free UPI payment gateway engine.

Designed for enterprise reliability, this SDK provides seamless integration with the PayNotify architecture, enabling Dynamic Cent Masking for payment concurrency management and Cryptographic HMAC-SHA256 Webhook Verification using stable string formatting to guarantee bank-grade security against replay and JSON mutation attacks.


✨ Features

Dynamic Cent Masking (Penny Drop)

Automatically resolves payment concurrency (for example, multiple users checking out with ₹49 simultaneously) by generating unique fractional amounts through an atomic database lock.

Cryptographic Webhook Security (Stable String)

Built-in Express middleware validates X-PayNotify-Signature using HMAC-SHA256. It securely signs a fixed string template:

orderId:amount:status:timestamp

This completely prevents JSON parsing drift vulnerabilities and replay attacks.

Client-Side Idempotency

Automatically handles network retries by generating and sending deterministic idempotency keys, preventing duplicate or orphaned orders.

Bi-Directional Reconciliation

Supports Just-In-Time (JIT) verification for fast-paying customers and improved payment confirmation reliability.

First-Class TypeScript Support

Fully typed APIs for excellent developer experience, editor autocomplete, and static analysis.


Installation

Using npm:

npm install paynotify-node

Using Yarn:

yarn add paynotify-node

Using pnpm:

pnpm add paynotify-node

Quick Start

Initialization

Initialize the PayNotify client using your secret API key.

Security Warning: Never expose your API key in frontend or client-side code.

import { PayNotify } from 'paynotify-node';

const paynotify = new PayNotify({
  apiKey: process.env.PAYNOTIFY_API_KEY || 'your-secure-api-key'
});

Creating a Payment Order

When a user initiates checkout, create an order on your backend. The SDK communicates with the PayNotify Engine to lock in a concurrency-safe amount.

app.post('/api/checkout', async (req, res) => {
  try {
    const { baseAmount, userName } = req.body;

    const orderData = await paynotify.createOrder({
      baseAmount,
      customerName: userName,
      // ⚠️ IMPORTANT: You must provide a stable idempotencyKey (e.g., your DB cart ID or session UUID).
      // This prevents duplicate orders and double-charging if a network timeout causes a retry.
      idempotencyKey: 'unique-transaction-id-123'
    });

    // Save orderId and assigned amount in your database.
    res.json(orderData);

  } catch (error) {
    console.error(
      'PayNotify Checkout Error:',
      error.message
    );

    res.status(503).json({
      error:
        'Payment Gateway is warming up. Please try again.'
    });
  }
});

Securing Webhooks (Express Middleware)

PayNotify sends real-time webhooks whenever a payment is verified. Every incoming request must be authenticated before processing.

The SDK provides plug-and-play middleware that automatically verifies the X-PayNotify-Signature header using HMAC-SHA256 against a stable string payload.

Invalid signatures are immediately rejected with 401 Unauthorized.

import express from 'express';

const app = express();

app.use(express.json());

app.post(
  '/api/webhook',
  paynotify.verifyWebhook(),
  async (req, res) => {
    const {
      orderId,
      amount,
      status,
      sender_name,
      sender_upi,
      timestamp
    } = req.paynotify;

    if (status === 'VERIFIED') {
      console.log(
        `Payment of ${amount} received from ${sender_name}`
      );

      return res.status(200).json({
        success: true,
        message: 'Order processed successfully.'
      });
    }

    return res.status(200).json({
      message: 'Ignored.'
    });
  }
);

API Reference

new PayNotify(options)

Creates a new PayNotify client instance.

Options

| Property | Type | Required | Description | | -------- | -------- | -------- | ----------------------------- | | apiKey | string | ✅ | Your secret PayNotify API key |


createOrder(payload)

Creates a new payment order atomically.

Request Payload

| Property | Type | Required | Description | | ---------------- | -------- | -------- | ----------------------------------------------------------------------------------------- | | baseAmount | number | ✅ | Original payment amount | | customerName | string | ❌ | Customer name shown in dashboards | | idempotencyKey | string | ✅ | Prevents duplicate orders during retries. Must be a unique string per transaction. |

Response

{
  success: boolean;
  orderId: string;
  amount: number;
  status: string;
}

verifyWebhook()

Returns Express middleware that validates webhook signatures using the following stable string format:

orderId:amount:status:timestamp

The middleware automatically:

  • Verifies X-PayNotify-Signature
  • Rejects invalid requests with 401 Unauthorized
  • Attaches validated payload data to req.paynotify

Security Best Practices

  • Never expose API keys in frontend applications.
  • Always verify webhook signatures using the provided middleware.
  • Store orderId and assigned payment amounts in your database.
  • Process only payments with status VERIFIED.
  • Use HTTPS in all production environments.
  • Implement proper logging and reconciliation workflows.
  • Rotate API credentials periodically.

TypeScript Support

The SDK ships with built-in TypeScript definitions.

import { PayNotify } from 'paynotify-node';

const client = new PayNotify({
  apiKey: process.env.PAYNOTIFY_API_KEY!
});

No additional typings are required.


License

MIT License.

Copyright (c) PayNotify.