# Web App Integration
Trigger NFC payments on the MONEI Pay app from a **browser-based POS** (a web ordering screen, a tablet POS, a back-office payment link). Your web page opens the `monei-pay://` deep link; MONEI Pay handles the tap; the result comes back to your backend via a signed webhook and to the browser via a redirect.
No SDK to install — this is a pure HTTP + URL-scheme integration. Use it when your POS is HTML/JS and you don't ship a native mobile app of your own.
## How It Works[](#how-it-works "Direct link to How It Works")
1. The browser asks **your backend** to start a payment.
2. Your backend mints a [POS auth token](https://docs.monei.com/monei-pay/app-integration/getting-started/.md#step-2-generate-a-pos-auth-token), builds the deep link with `callback_url` (your webhook) and `complete_url` (where Safari returns the user), returns it to the browser.
3. The browser opens the deep link. iOS / Android prompts the user to switch to MONEI Pay.
4. The user taps their card on the device running MONEI Pay.
5. MONEI fires a **signed webhook** to your `callback_url` — this is the authoritative result. Fulfill the order here.
6. MONEI Pay opens `complete_url` in the original browser; your page reads the result query params, then polls your backend to confirm.
The two channels are independent on purpose: the webhook is the trusted record (HMAC `MONEI-Signature`), the redirect is a UX nicety that can be spoofed. **Always confirm from the webhook or [Get Payment](https://docs.monei.com/apis/rest/payments-get/.md) before fulfilling.** See [Result Delivery](https://docs.monei.com/monei-pay/app-integration/getting-started/.md#result-delivery).
## Prerequisites[](#prerequisites "Direct link to Prerequisites")
* [MONEI account](https://dashboard.monei.com/register) and API key
* A device running MONEI Pay (the merchant's iPhone / Android — the device that physically taps the card)
* A backend that can mint POS auth tokens and host the `callback_url` webhook
* An HTTPS endpoint you control (required for `callback_url` — local IPs and `http://` are blocked)
## Step 1: Server-Side Endpoint[](#step-1-server-side-endpoint "Direct link to Step 1: Server-Side Endpoint")
Your backend exposes a small endpoint that the browser calls to start a payment. It generates the auth token, persists a payment record, and returns the deep link.
* Node.js
* Python
* PHP
server.js
```
import express from 'express';
import {Monei} from '@monei-js/node-sdk';
import {randomUUID} from 'crypto';
const app = express();
app.use(express.json());
const monei = new Monei('YOUR_API_KEY');
app.post('/create-payment', async (req, res) => {
const {amount, orderId} = req.body;
const {token} = await monei.posAuthToken.create({});
// Store a row so the webhook handler and /payment-status can find it
const paymentId = randomUUID();
await db.payments.insert({id: paymentId, orderId, status: 'PENDING'});
const params = new URLSearchParams({
amount: String(amount),
auth_token: token,
order_id: orderId,
callback_url: `https://merchant.com/webhooks/monei`,
complete_url: `https://merchant.com/checkout/done?paymentId=${paymentId}`
});
res.json({
deepLink: `monei-pay://accept-payment?${params.toString()}`,
paymentId
});
});
```
server.py
```
from flask import Flask, request, jsonify
from urllib.parse import urlencode
import Monei
import uuid
app = Flask(__name__)
monei = Monei.MoneiClient(api_key="YOUR_API_KEY")
@app.post("/create-payment")
def create_payment():
body = request.get_json()
token_result = monei.pos_auth_token.create()
payment_id = str(uuid.uuid4())
db.payments.insert(id=payment_id, order_id=body["orderId"], status="PENDING")
params = urlencode({
"amount": body["amount"],
"auth_token": token_result.token,
"order_id": body["orderId"],
"callback_url": "https://merchant.com/webhooks/monei",
"complete_url": f"https://merchant.com/checkout/done?paymentId={payment_id}"
})
return jsonify({
"deepLink": f"monei-pay://accept-payment?{params}",
"paymentId": payment_id
})
```
server.php
```
posAuthToken->create([]);
$paymentId = bin2hex(random_bytes(16));
// $db->payments->insert([...]) — persist for webhook + status lookup
$params = http_build_query([
'amount' => $body['amount'],
'auth_token' => $tokenResult->getToken(),
'order_id' => $body['orderId'],
'callback_url' => 'https://merchant.com/webhooks/monei',
'complete_url' => "https://merchant.com/checkout/done?paymentId={$paymentId}"
]);
echo json_encode([
'deepLink' => "monei-pay://accept-payment?{$params}",
'paymentId' => $paymentId
]);
?>
```
`order_id` for reconciliation
Pass your own `order_id` to surface it as the payment's `orderId` in the signed `callback_url` webhook. Skips the extra DB lookup when correlating against your POS order. If omitted, MONEI generates one. See [Reconciliation](https://docs.monei.com/monei-pay/app-integration/getting-started/.md#reconciliation-with-order_id).
## Step 2: Open the Deep Link from the Browser[](#step-2-open-the-deep-link-from-the-browser "Direct link to Step 2: Open the Deep Link from the Browser")
When the cashier clicks **Charge** in your web POS, fetch the deep link and navigate to it.
checkout.html
```
```
Trigger from a user gesture
Safari and Chrome only honor app-scheme navigation when it happens inside a real click handler (or `pointerdown` / `touchend`). Don't open the deep link from `setTimeout`, network callbacks, or page-load — the browser will block it as a popup.
### Safari quirks[](#safari-quirks "Direct link to Safari quirks")
* Safari shows a confirmation sheet ("Open in MONEI Pay?") the **first time** a domain triggers `monei-pay://`. The user must tap **Open**.
* If MONEI Pay is not installed, Safari silently stays on your page. You'll see no error event. Detect it with a fallback timer:
```
window.location.href = deepLink;
setTimeout(() => {
// Page is still visible → user dismissed the sheet or MONEI Pay isn't installed
if (!document.hidden) {
alert('MONEI Pay does not appear to be installed on this device.');
}
}, 2000);
```
* Embedded `