Fundolar Developers — API, SDK & WordPress integration

Getting started

Introduction

Fundolar APIs help you collect donations and payments seamlessly in your application. Integrate using our WordPress plugin, JavaScript SDK, payment links, or build custom flows with our REST API.

Create a Fundolar Central account to start integrating payment solutions into your application.

Quickstart

Start building right away with these essential steps.

Authentication

Understand HMAC signing and secure API requests.

Integrations

WordPress, SDK, payment links, and hosted checkout.

Accept a donation

Explore how to collect donations via hosted checkout or direct API reporting.

Hosted checkout

Redirect donors to a secure Fundolar payment page — no PCI scope on your servers.

Donations API

Create and update donation records programmatically with idempotency support.

Create a payment link

Publish shareable hosted pages or generate links via the SDK.

Payment links

No-code hosted pages at /p/{code} or programmatic creation via API.

WordPress plugin

Install the plugin, connect with a Site key, and embed campaign shortcodes.

Architecture: Fundolar Central is the system of record for donations, fees, settlement, and payouts. Your integration reports payment events; Central handles reconciliation and owner dashboards.

Getting started

Quickstart

Get your first integration live in minutes.

Create a Fundolar Central owner account.
Ask your platform admin to enable Developer SDK (Platform Settings → Payments).
Go to Sites → Add integration and choose SDK / custom app.
Copy your API key and signing secret from the integration details page.
Download the SDK and make your first authenticated request.

Store credentials as environment variables on your server. Never commit secrets to Git or expose them in frontend code.

Your first request

const { FundolarClient } = require('./fundolar-sdk.js');

const client = new FundolarClient({
  baseUrl: 'https://app.fundolar.com',
  apiKey: process.env.FUNDOLAR_API_KEY,
  signingSecret: process.env.FUNDOLAR_SIGNING_SECRET,
});

const config = await client.getConfig();
console.log('Connected to', config.platform.name);

# Use the SDK for signing, or implement HMAC manually.
# See Authentication for the canonical string format.
curl https://app.fundolar.com/api/sdk

Accept your first payment

Create a checkout session and redirect the donor:

const session = await client.createCheckoutSession({
  amount: 25.00,
  currency: 'USD',
  title: 'Support our mission',
  success_url: 'https://yourapp.com/thank-you',
  cancel_url: 'https://yourapp.com/donate',
});

// Redirect donor to session.checkout_url

Getting started

Authentication

Learn how to authenticate your API requests.

You'll need to retrieve your API credentials from Fundolar Central before using this guide. Register an SDK integration under Sites.

Fundolar uses HMAC-SHA256 request signing. Each integration receives an API key (fk_live_…) and a signing secret. Include four headers on every request:

Header	Description
`X-Fundolar-Api-Key`	Your site API key
`X-Fundolar-Timestamp`	Unix timestamp (±5 minute skew)
`X-Fundolar-Nonce`	Unique value per request (replay protected)
`X-Fundolar-Signature`	HMAC-SHA256 of the canonical string

Canonical string

METHOD + "\n" + PATH + "\n" + TIMESTAMP + "\n" + NONCE + "\n" + SHA256(body)

signature = HMAC-SHA256(canonical, signing_secret)

Example request

const session = await client.createCheckoutSession({
  amount: 50,
  currency: 'USD',
  title: 'Donation',
  success_url: 'https://example.com/success',
  cancel_url: 'https://example.com/cancel',
});

// Use fundolar-sdk.js via Node, or implement signing in PHP:
$method = 'POST';
$path = '/api/sdk/checkout-sessions';
$timestamp = (string) time();
$nonce = bin2hex(random_bytes(10));
$body = json_encode(['amount' => 50, 'currency' => 'USD']);
$hash = hash('sha256', $body);
$canonical = "$method\n$path\n$timestamp\n$nonce\n$hash";
$signature = hash_hmac('sha256', $canonical, $signingSecret);

Managing your credentials: Your signing secret grants access to your Fundolar account. Keep it confidential and store it securely on your server, ideally as an environment variable. Do not expose it in frontend code.

Integrations

WordPress plugin

GPL-2.0+ · WP 7.0

Installation

Download from fundolar.com/plugin/fundolar.zip.
In WordPress: Plugins → Add New → Upload, then activate Fundolar.
In Central: Sites → Add integration → WordPress. Copy the Site key.
In WordPress: Fundolar → Settings → Payments, paste the Site key and connect.

Campaign shortcodes

[fundolar_campaign id="42" style="card"]

Connection flow

The plugin calls POST /api/plugin/activate with your Site key. Central returns an API key and signing secret stored encrypted in WordPress. All sync uses HMAC-authenticated requests to /api/plugin/*.

See Administrator documentation and the changelog for release notes.

Integrations

JavaScript SDK

v1.0.0 · Node 18+

The SDK is for server-side use only. Mobile and browser apps should call your backend, which signs requests to Fundolar.

Installation

curl -O https://app.fundolar.com/sdk/fundolar-sdk.js
# or
curl -O https://fundolar.com/assets/js/fundolar-sdk.js

Initialize the client

const { FundolarClient } = require('./fundolar-sdk.js');

const client = new FundolarClient({
  baseUrl: 'https://app.fundolar.com',
  apiKey: process.env.FUNDOLAR_API_KEY,
  signingSecret: process.env.FUNDOLAR_SIGNING_SECRET,
});

Available methods

Method	Description
`getConfig()`	Site profile, fees, gateways
`createCheckoutSession(payload)`	Hosted checkout URL
`createDonation(payload)`	Report a pending donation
`updateDonationStatus(payload)`	Update payment status
`createPaymentLink(payload)`	Create a payment link
`listDonations(params)`	Paginated donation list
`getDonationStatus(id)`	Poll after checkout

CORS & allowed domains

Configure allowed domains in Central → Sites → your integration. Browser-origin requests require a matching Origin header and valid HMAC signatures.

Integrations

Payment links

Share hosted checkout pages without writing payment UI code.

No-code setup

Sign in to Fundolar Central → Payment links.
Create a link with title, amount mode, and currency.
Share: https://app.fundolar.com/p/{shortCode}

Create via SDK

const link = await client.createPaymentLink({
  title: 'Event ticket',
  amount_mode: 'fixed',
  fixed_amount: 49.99,
  default_currency: 'USD',
  link_type: 'payment',
});

console.log(link.url); // https://app.fundolar.com/p/…

Amount modes

open — donor chooses the amount on the hosted page.
fixed — preset amount for tickets and product payments.

Integrations

Hosted checkout

Redirect donors to a Fundolar-hosted payment page from your app or website.

How it works

Your server calls POST /api/sdk/checkout-sessions.
Fundolar creates a pending donation and returns checkout_url.
Redirect the donor to the hosted page.
After payment, donor returns to your success_url.
Poll GET /api/sdk/donations/{id}/status or rely on the redirect query params.

Full example

const session = await client.createCheckoutSession({
  amount: 25.00,
  currency: 'USD',
  title: 'Monthly support',
  donor_name: 'Jane Doe',
  donor_email: 'jane@example.com',
  success_url: 'https://yourapp.com/thank-you',
  cancel_url: 'https://yourapp.com/donate',
  idempotency_key: 'donation-' + Date.now(),
});

res.redirect(session.checkout_url);

{
  "donation_id": 123,
  "uuid": "a1b2c3d4-…",
  "checkout_url": "https://app.fundolar.com/sdk/checkout/…",
  "expires_at": "2026-06-09T14:00:00+00:00",
  "status": "pending"
}

Supported gateways on hosted checkout: Stripe, PayPal, Paystack, Flutterwave, and Pesapal (as configured in Platform Settings).

API Reference

API overview

REST · JSON · HMAC

Base URL: https://app.fundolar.com · SDK namespace: /api/sdk/*

Discover available endpoints:

GET https://app.fundolar.com/api/sdk

Errors

JSON responses include a message field. Common codes:

Code	Meaning
`401`	Invalid or missing HMAC headers
`403`	SDK disabled, inactive account, or KYC required
`422`	Validation error in request body

WordPress sites also use /api/plugin/* with the same HMAC scheme — the plugin handles signing automatically.

API Reference

Donations API

Create, update, and query donation records.

POST /api/sdk/donations/create

Create a pending donation. Supports idempotency_key for safe retries.

POST /api/sdk/donations/update-status

Update payment_status (completed, failed, etc.).

GET /api/sdk/donations/{id}

Fetch full donation details.

GET /api/sdk/donations/{id}/status

Poll payment status after checkout.

Request body

{
  "gross_amount": 100,
  "currency": "USD",
  "donor_name": "Jane Doe",
  "donor_email": "jane@example.com",
  "payment_gateway": "stripe",
  "source_channel": "sdk",
  "idempotency_key": "order-2026-001"
}

API Reference

Payment links API

Programmatically create and manage hosted payment links.

POST /api/sdk/payment-links

Create a link. Response includes url and short_code.

GET /api/sdk/payment-links

List links for the authenticated owner.

PATCH /api/sdk/payment-links/{id}

Update title, amounts, or status (active / paused).

DELETE /api/sdk/payment-links/{id}

Soft-delete a payment link.

API Reference

Checkout sessions API

Create time-limited hosted checkout URLs.

POST /api/sdk/checkout-sessions

Returns checkout_url, donation_id, and expires_at.

Parameters

Field	Required	Description
`amount`	Yes	Donation amount (decimal)
`currency`	Yes	ISO-4217 code (e.g. USD)
`title`	No	Shown on checkout page
`success_url`	No	Redirect after successful payment
`cancel_url`	No	Redirect if donor cancels
`idempotency_key`	No	Prevent duplicate donations
`expires_in`	No	Session TTL in seconds (default 3600)