Integrations

Use this guide when connecting Hilt to another merchant tool such as Zapier, WooCommerce, Shopify, or your own site. The flow is straightforward:
  1. choose or create a Hilt product
  2. send the buyer to hosted Hilt checkout
  3. listen for signed Hilt events
  4. update the merchant’s order, customer, access, or support record in the connected tool
This works well for digital products, paid communities, memberships, gated downloads, courses, and creator access flows.

API key scopes

Use an API key with the minimum permissions needed:
  • read to list products, memberships, events, and health
  • execute to create hosted checkout handoff links or subscribe integration webhooks
Do not give plugins or automation tools admin or billing permission unless your own integration truly manages account settings or billing.

Connection health

Use the products list endpoint after a merchant enters their API key: 
curl "https://api.hilt.so/v1/products?limit=1" \
  -H "X-Hilt-Key: hilt_live_..."
This confirms:
  • the API base is reachable
  • the key is valid
  • the key has read permission
  • the integration can load Hilt checkouts for mapping
Treat 429 as a retryable rate-limit state and show it in the host platform. For WooCommerce, Shopify, Zapier, and custom tools, create a buyer-facing checkout URL rather than handling a payment inside the host platform. 
curl -X POST https://api.hilt.so/v1/products/PRODUCT_ID/handoff-link \
  -H "X-Hilt-Key: hilt_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "identity_value": "buyer@example.com",
    "identity_display": "buyer@example.com",
    "identity_type": "email",
    "expires_in_minutes": 30
  }'
The response includes checkout_url. Redirect the buyer there and store the handoff or order reference in your platform.

Zapier REST Hooks

Zapier integrations can subscribe to real-time Hilt events through integration-owned hook endpoints. 
curl -X POST https://api.hilt.so/v1/integrations/zapier/hooks \
  -H "X-Hilt-Key: hilt_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "target_url": "https://hooks.zapier.com/hooks/standard/...",
    "event_type": "payment.confirmed",
    "label": "Payment confirmed"
  }'
Unsubscribe when Zapier disables the trigger: 
curl -X DELETE https://api.hilt.so/v1/integrations/zapier/hooks/WEBHOOK_ENDPOINT_ID \
  -H "X-Hilt-Key: hilt_live_..."

Event polling fallback

Use polling only when the host platform cannot receive REST Hooks. 
curl "https://api.hilt.so/v1/integrations/events?event_type=membership.activated&limit=20" \
  -H "X-Hilt-Key: hilt_live_..."
Every event includes a stable id. Store and deduplicate it before changing order status, access state, customer records, or external automations. Merchant setup guidance lives at Zapier.

Embed button

The Hilt dashboard generates a complete embed snippet for each template. 
<script async src="https://www.hilt.so/embed.js"></script>
<div data-hilt-checkout="your-product-slug" data-theme="auto"></div>
The embed opens the same hosted checkout URL as the public /p/{slug} link. By default it renders a Pay with USDC button with the Hilt mark and a subtle Checkout by Hilt.so line. The data-theme value can be:
  • auto — follows the buyer’s system light or dark preference
  • light — white button, dark text
  • dark — dark button, white text
The dashboard-generated snippet uses auto. Change only the theme value when the host page needs a fixed light or dark button. Merchant setup guidance lives at Embed checkout.

WooCommerce

The WooCommerce plugin maps WooCommerce products and variations to Hilt checkouts. Buyers choose Hilt Pay, complete hosted Hilt checkout with USDC on Solana, and return to the WooCommerce order confirmation page. Use the plugin for:
  • digital products
  • memberships
  • gated downloads
  • paid community access
  • course or private-page access
Merchant setup guidance lives at WooCommerce.

Rate limits

Hilt returns standard rate-limit headers on /v1 requests:
  • X-RateLimit-Limit
  • X-RateLimit-Remaining
  • X-RateLimit-Reset
  • Retry-After
Integrations should back off when they receive 429 and show the failure in the merchant’s existing tool. Silent checkout creation failures are harder to support than explicit order notes, admin notices, or task errors.

Webhook receiver rules

When your integration receives Hilt events:
  • verify X-Hilt-Signature against the raw request body
  • reject stale timestamps from X-Hilt-Timestamp
  • deduplicate with X-Hilt-Event-Id or the event payload id
  • update the host platform only after verification and deduplication
  • log failures where the merchant already works

Marketplace launch gate

Before submitting a Zapier, WooCommerce, or Shopify integration:
  • complete a real low-value merchant transaction
  • record the merchant activation flow from install to confirmed payment
  • verify webhook delivery and replay behavior
  • confirm failure states are visible inside the host platform
  • confirm screenshots use a real merchant workspace

Common questions

What is the safest way to integrate Hilt into another platform?

Create or choose a Hilt product, send the buyer to hosted Hilt checkout, verify signed Hilt webhooks, and update the host platform only after deduplication.

Does Hilt process payments inside WooCommerce, Shopify, or Zapier?

No. The safe pattern is hosted Hilt checkout. The external platform keeps its own order or workflow state, while Hilt keeps the payment, receipt, membership, renewal, and support trail.

What should every marketplace integration prove before launch?

Prove one real low-value transaction, webhook delivery and replay, visible failure states, and a complete merchant setup path from install to confirmed payment.