Skip to main content

Developer Settings

The Developers page provides tools for integrating Waffo Pancake with your applications.

API Keys

Overview

API keys authenticate server-to-server requests to the Waffo Pancake API.

Test Keys

  • Created for test environment
  • Use for development
  • No real charges
  • Separate from production data

Live Keys

  • Created for prod environment
  • Use for production
  • Process real payments
  • Keep private key secure

Key Types

Key TypeUse CaseDescription
API KeyServer-side onlySigned requests for full API access

API Key Authentication

API Key authentication is handled automatically by the SDK. Install @waffo/pancake-ts, provide your Merchant ID and private key, and the SDK will handle request signing automatically.
import { WaffoPancake } from "@waffo/pancake-ts";

const client = new WaffoPancake({
  merchantId: process.env.WAFFO_MERCHANT_ID!,
  privateKey: process.env.WAFFO_PRIVATE_KEY!,
});
Never expose your private key in client-side code, version control, or public repositories.

Creating API Keys

1

Navigate to Developers

Go to Dashboard —> Developers —> API Keys
2

Click 'Create API Key'

The API Key Generator opens.
3

Generate Key Pair

Click “Generate” to create a key pair.
  • Public key is sent to the server
  • Private key stays with you
4

Name Your Key

Give it a descriptive nickname (e.g., “Production Server”).
5

Select Environment

Choose Test or Production environment.
6

Download Private Key

Critical: Download and securely store your private key.
Your private key is only shown once. Store it securely — you will need it for API authentication.

Managing Keys

ActionDescription
ViewSee key nickname, creation date, environment
DeletePermanently remove the key

Webhooks

What Are Webhooks?

Webhooks notify your server when events occur in Waffo Pancake.

Available Events

EventTrigger
order.completedOrder completed
subscription.activatedSubscription activated
subscription.payment_succeededSubscription payment succeeded
subscription.updatedSubscription updated
subscription.cancelingSubscription cancellation scheduled
subscription.canceledSubscription ended
subscription.uncanceledSubscription cancellation reversed
subscription.past_dueSubscription payment past due
refund.succeededRefund processed successfully
refund.failedRefund processing failed

Setting Up Webhooks

1

Add Endpoint

Enter your webhook URL (must be HTTPS).
2

Select Events

Choose which events to receive.
3

Save Configuration

Save your webhook endpoint.

Webhook Payload Example

{
  "event": "order.completed",
  "data": {
    "id": "550e8400-e29b-41d4-a716-446655440000",
    "orderId": "660e8400-e29b-41d4-a716-446655440001",
    "amount": 2900,
    "currency": "USD",
    "status": "completed",
    "createdAt": "2026-01-15T10:30:00.000Z"
  }
}
All IDs are UUID v4 format. Amounts are in the smallest currency unit. Timestamps are ISO 8601 UTC.

Webhook Best Practices

Return 2xx status within 30 seconds. Process heavy work asynchronously.
Events may be sent multiple times. Use event IDs for deduplication.
Failed webhooks retry up to 5 times with increasing delays (5min, 30min, 2h, 24h).
Check webhook delivery logs in the Dashboard for failures.

API Documentation

Base URL

https://waffo-pancake-auth-service.vercel.app/v1

Architecture

Waffo Pancake uses a hybrid API:
  • REST (POST) for all write operations via /v1/actions/...
  • GraphQL for all read operations via /v1/graphql

Authentication Example

API Key (Server-to-Server) using SDK: 
import { WaffoPancake } from "@waffo/pancake-ts";

const client = new WaffoPancake({
  merchantId: process.env.WAFFO_MERCHANT_ID!,
  privateKey: process.env.WAFFO_PRIVATE_KEY!,
});

const { store } = await client.stores.create({ name: "My Store" });

Common Endpoints

EndpointMethodDescription
/v1/actions/onetime-product/create-productPOSTCreate one-time product
/v1/actions/subscription-product/create-productPOSTCreate subscription product
/v1/actions/onetime-order/create-orderPOSTCreate checkout session
/v1/actions/subscription-order/create-orderPOSTCreate subscription checkout
/v1/graphqlPOSTQuery data (GraphQL)

Full API Reference

Complete endpoint documentation with request/response examples.

Security Best Practices

Environment Variables

Store private keys in environment variables, never in code.

Key Rotation

Regularly rotate keys, especially after team changes.

Separate Keys

Use different API keys for test and production environments.

Secure Storage

Store private keys using your platform’s secret management.

Testing

Test Mode

Use test mode for development:
  • All endpoints work identically
  • No real charges processed
  • Test card numbers available
  • Full webhook testing

Test Cards

Card NumberBehavior
4242 4242 4242 4242Success
4000 0000 0000 0002Declined
4000 0000 0000 9995Insufficient funds

Logs and Debugging

Webhook Logs

Track webhook deliveries:
  • Event type
  • Delivery status (success/failed)
  • HTTP response from your endpoint
  • Retry attempts and timestamps