embedUrl for the checkout iframe.
Endpoint
Authentication
Pass your API key as a Bearer token in theAuthorization header.
Request Body
The creator’s wallet address, SNS handle (e.g.
alice.sol), or Tip Stack user ID. The API resolves all three formats automatically.The full origin of the site embedding the widget — for example,
https://myblog.com. This value is checked against the list of domains you have whitelisted in your creator dashboard. localhost and 127.0.0.1 origins are allowed automatically for local development.Visual theme for the rendered iframe. Accepted values:
dark or light.Response
true when the session was created successfully.A short-lived session token in the format
sdk_sess_<uuid>. Pass this as the Bearer token on subsequent calls to POST /sdk/tip.Origin Security
When you call/sdk/init, the server checks the originUrl you provide against the whitelisted domains stored in your creator account. If the origin is not found, the request is rejected with 403 Unauthorized Origin. Add domains in your Creator Dashboard → Embed Settings → Allowed Origins.
The checkout widget is served with clickjacking protections scoped to your whitelisted originUrl, so only your approved domains can frame it.
Example
Request
Response
Error Responses
| Status | Error | Cause |
|---|---|---|
400 Bad Request | "creatorId and originUrl are required" | One or both required body fields are missing. |
401 Unauthorized | "Missing or invalid API key" | The Authorization header is absent or malformed. |
403 Forbidden | "Unauthorized Origin" | originUrl is not on your creator whitelist. |
404 Not Found | "Creator not found" | No creator matches the provided creatorId. |
500 Server Error | "Failed to initialize SDK session" | An unexpected server error occurred. |
