Docs / Migration guide / CryptoMus

This migration guide helps you replace CryptoMus's volume-discount fee model and form-style API with Payvra's flat 0.5% fee and a typed REST contract.

Use this page to run a controlled provider cutover: confirm the fee-model change, map the payment lifecycle to Payvra payments, replace the webhook handler with HMAC-SHA256 verification, and only then move live traffic.

Create free sandbox Review webhook docs

The safe rollout: leave existing CryptoMus payments draining, point new payment creation at Payvra in sandbox, prove the signed webhook path, and then swap only the credential prefix when you promote to live.

What to prove before cutover

Fee transparency

CryptoMus's effective rate climbs with conversion spread on top of advertised processing. Payvra is a flat 0.5% with no spread and no withdrawal markup beyond network gas.

Auto-conversion coverage

CryptoMus conversion happens through their internal book at variable spread. Payvra auto-converts every payment to your preferred stablecoin across all chains with the executed rate visible.

Cutover reversibility

You can leave existing CryptoMus payments running to completion and route only new traffic through Payvra until the new path is boring.

Cutover facts

Auth change

Replace the merchant + sign header pair with a single Payvra secret key (sk_test_ in sandbox, live secret-key prefix in production).

Signing change

CryptoMus uses MD5-of-base64 request signing. Payvra uses HMAC-SHA256 over a timestamped payload, with replay protection.

Settlement change

Withdrawals are no longer gated by manual approval queues, once KYB is on file, payouts execute on-demand to any wallet address.

Promotion rule

Swap the sandbox secret for a live secret only after the webhook signature path is verified end-to-end.

Overview

Treat this page as a migration brief for operators and developers. Confirm the commercial gap, map the API contract, prove the webhook path, and only then switch live volume.

CryptoMus and Payvra both process crypto payments, but the fee economics and developer surface are different. CryptoMus advertises a low headline rate and recovers margin through conversion spreads and withdrawal fees. Payvra is a flat 0.5% with no spread and no platform-side markups.

Treat this migration as both a fee-model and a developer-experience upgrade. You are replacing the request signing scheme, the webhook contract, and the settlement assumptions reconciliation depends on.

Why switch now

This should read like a production decision, not a feature wish list. Each row below explains the practical reason to move traffic away from the old provider.

Flat 0.5% with no conversion spread

CryptoMus's effective rate fluctuates with internal exchange spreads. Payvra publishes a flat 0.5% and quotes the executed conversion rate before settlement.

Modern signing and replay protection

Move from MD5-style request signing to HMAC-SHA256 with timestamp-bound payloads and webhook IDs.

Typed SDKs and OpenAPI

First-party TypeScript and Python SDKs, an OpenAPI specification, and consistent JSON request/response shapes replace the form-style ergonomics.

On-demand withdrawals

Skip the manual-review queue for routine withdrawals. Payvra settles on demand to any address on any supported chain.

API mapping

Every CryptoMus endpoint you depend on has a Payvra equivalent. The main rewrite is replacing the form-style request signing with a single typed bearer secret and switching POST-everywhere into proper REST verbs.

CryptoMus	Payvra	Notes
`POST` `/v1/payment`	`POST` `/v1/payments`	Replace CryptoMus's form-style payment creation with Payvra's typed JSON payload. `amount` and `currency` map directly.
`POST` `/v1/payment/info`	`GET` `/v1/payments/{id}`	CryptoMus uses POST for payment lookup; Payvra uses idiomatic GET with path parameter.
`POST` `/v1/payment/list`	`GET` `/v1/payments`	Payvra returns cursor-paginated results with status, date-range, and chain filters.
`POST` `/v1/payout`	`POST` `/v1/withdrawals`	On-demand payout to any wallet address. Payvra removes the manual-review delay on the first withdrawal once KYB is on file.
`POST` `/v1/exchange/rate`	`POST` `/v1/conversions`	Auto-conversion is built into the payment flow on Payvra. Use the conversions endpoint only for explicit ad-hoc conversions.
`POST` `/v1/balance`	`GET` `/v1/balances`	Per-asset balance with last-settled timestamps.

Code examples

Show the old and new contract side by side so the implementation team can replace the integration without hunting through multiple docs surfaces.

Create a payment

Replace the payment-creation call first. This proves auth, request shape, hosted checkout, and the first state transition without touching the rest of the system.

CryptoMus

1// CryptoMus
2const body = {
3  amount: "49.99",
4  currency: "USD",
5  order_id: "order_123",
6  url_callback: "https://yoursite.com/webhooks/cryptomus",
7};
8
9const sign = crypto
10  .createHash("md5")
11  .update(Buffer.from(JSON.stringify(body)).toString("base64") + API_KEY)
12  .digest("hex");
13
14const response = await fetch("https://api.cryptomus.com/v1/payment", {
15  method: "POST",
16  headers: {
17    merchant: MERCHANT_ID,
18    sign,
19    "Content-Type": "application/json",
20  },
21  body: JSON.stringify(body),
22});
23
24const { result } = await response.json();
25// Redirect to: result.url

Payvra

1// Payvra
2import Payvra from "payvra";
3
4const payvraSecretKey = process.env.PAYVRA_SECRET_KEY;
5if (!payvraSecretKey) {
6  throw new Error("Set PAYVRA_SECRET_KEY before running this example.");
7}
8
9const payvra = new Payvra(payvraSecretKey);
10
11const payment = await payvra.payments.create({
12  amount: "49.99",
13  currency: "USDC",
14  metadata: { orderId: "order_123" },
15});
16
17// Redirect to: payment.checkoutUrl

Verify webhooks

Move from MD5-of-base64 request signing to HMAC-SHA256 with timestamp and webhook ID verification. The signature header, timestamp header, and webhook ID header must all be checked together.

CryptoMus webhook

1// CryptoMus webhook handler
2app.post("/webhooks/cryptomus", (req, res) => {
3  const { sign, ...payload } = req.body;
4  const expected = crypto
5    .createHash("md5")
6    .update(Buffer.from(JSON.stringify(payload)).toString("base64") + API_KEY)
7    .digest("hex");
8
9  if (sign !== expected) {
10    return res.status(401).send("Invalid");
11  }
12
13  if (payload.status === "paid") {
14    // Mark order paid, payload.order_id
15  }
16
17  res.sendStatus(200);
18});

Payvra webhook

1// Payvra webhook handler
2app.post("/webhooks", (req, res) => {
3  const signature = req.headers["webhook-signature"];
4  const timestamp = req.headers["webhook-timestamp"];
5  const webhookId = req.headers["webhook-id"];
6
7  const signedContent = `${webhookId}.${timestamp}.${req.rawBody}`;
8  const expected = crypto
9    .createHmac("sha256", WEBHOOK_SECRET)
10    .update(signedContent)
11    .digest("base64");
12
13  if (signature !== `v1,${expected}`) {
14    return res.status(401).send("Invalid");
15  }
16
17  const { type, data } = req.body;
18  if (type === "payment.completed") {
19    // Mark order paid, data.metadata.orderId
20  }
21
22  res.sendStatus(200);
23});

Webhook mapping

CryptoMus webhooks use a status-driven dispatch on a single endpoint. Payvra emits typed payment. events so your handler can branch on the event name directly rather than parsing a status string.

CryptoMus event	Payvra	Notes
`Webhook` `payment.process`	`Webhook` `payment.created`	Payment created and awaiting deposit.
`Webhook` `payment.confirming`	`Webhook` `payment.confirming`	Deposit detected, waiting for confirmations.
`Webhook` `payment.confirmed`	`Webhook` `payment.confirmed`	Confirmed on-chain.
`Webhook` `payment.paid`	`Webhook` `payment.completed`	Final settled state, order should advance to paid here.
`Webhook` `payment.cancel`	`Webhook` `payment.failed`	Cancellation maps to a terminal failed state on Payvra.
`Webhook` `payment.fail`	`Webhook` `payment.failed`	Same terminal failed state.

Migration steps

Run this as a controlled cutover, not a blind rewrite. Keep the old provider draining existing payments while the new Payvra path proves itself in sandbox first.

Create sandbox credentials and keep live traffic where it is

Start with sk_test_... and leave existing CryptoMus payments running to completion. The first milestone is proving the new Payvra path, not forcing an all-at-once cutover.

Install the Payvra SDK and replace payment creation

Point one environment at Payvra payment creation while preserving your existing order metadata. The CryptoMus order_id field maps cleanly to Payvra metadata.orderId.

Terminal

1npm install payvra

Replace the webhook handler before trusting paid-state updates

Do not treat the cutover as done until the signed webhook path is live in sandbox. The order should only move to paid after the Payvra signature is accepted, the timestamp is within tolerance, and the event type is handled.

Run one full sandbox order to completion

Confirm payment creation, hosted checkout, confirmation, and the final order update in one pass. Watch the webhook log and your application log together while the payment settles.

Promote to live by swapping only the credential prefix

Once the sandbox flow is stable, generate a live key, update the webhook secret, and keep the rest of the request shape unchanged. Configure your preferred settlement coin and withdrawal address.

Operator FAQ

Use these answers when the rollout owner wants to know what happens to existing traffic, settlement assumptions, and store-side behavior during the cutover.

Can I run both providers in parallel?

Yes. Let outstanding CryptoMus payments settle normally and route only new payment creation through Payvra until the new path is verified.

What happens to my volume-tier discount?

Payvra is a flat 0.5% rate that already beats most CryptoMus volume tiers once conversion spread is accounted for. There is no negotiation step before launch.

Do I need to change my webhook URL?

You can keep the same URL, but you must replace the handler with HMAC-SHA256 verification before trusting the paid state.

What about unsupported coins?

Payvra supports 9 chains today including Bitcoin, Ethereum, Solana, Tron, Base, and major stablecoins. Long-tail coins specific to CryptoMus's catalog should be reviewed against the supported-chains list before cutover.

Ready to move off CryptoMus?

Start in sandbox, prove the signed webhook path, and only then shift live traffic. The migration stays reversible if you treat it as a controlled cutover instead of a same-day rewrite.

Get sandbox keys Open API reference

This migration guide helps you replace CryptoMus's volume-discount fee model and form-style API with Payvra's flat 0.5% fee and a typed REST contract.

CryptoMus

Payvra

Notes

POST /v1/payment

POST /v1/payments

Replace CryptoMus's form-style payment creation with Payvra's typed JSON payload. `amount` and `currency` map directly.

POST /v1/payment/info

GET /v1/payments/{id}

CryptoMus uses POST for payment lookup; Payvra uses idiomatic GET with path parameter.

POST /v1/payment/list

GET /v1/payments

Payvra returns cursor-paginated results with status, date-range, and chain filters.

POST /v1/payout

POST /v1/withdrawals

On-demand payout to any wallet address. Payvra removes the manual-review delay on the first withdrawal once KYB is on file.

POST /v1/exchange/rate

POST /v1/conversions

Auto-conversion is built into the payment flow on Payvra. Use the conversions endpoint only for explicit ad-hoc conversions.

POST /v1/balance

GET /v1/balances

Per-asset balance with last-settled timestamps.

1// CryptoMus 2const body = { 3 amount: "49.99", 4 currency: "USD", 5 order_id: "order_123", 6 url_callback: "https://yoursite.com/webhooks/cryptomus", 7}; 8 9const sign = crypto 10 .createHash("md5") 11 .update(Buffer.from(JSON.stringify(body)).toString("base64") + API_KEY) 12 .digest("hex"); 13 14const response = await fetch("https://api.cryptomus.com/v1/payment", { 15 method: "POST", 16 headers: { 17 merchant: MERCHANT_ID, 18 sign, 19 "Content-Type": "application/json", 20 }, 21 body: JSON.stringify(body), 22}); 23 24const { result } = await response.json(); 25// Redirect to: result.url

1// Payvra 2import Payvra from "payvra"; 3 4const payvraSecretKey = process.env.PAYVRA_SECRET_KEY; 5if (!payvraSecretKey) { 6 throw new Error("Set PAYVRA_SECRET_KEY before running this example."); 7} 8 9const payvra = new Payvra(payvraSecretKey); 10 11const payment = await payvra.payments.create({ 12 amount: "49.99", 13 currency: "USDC", 14 metadata: { orderId: "order_123" }, 15}); 16 17// Redirect to: payment.checkoutUrl

1// CryptoMus webhook handler 2app.post("/webhooks/cryptomus", (req, res) => { 3 const { sign, ...payload } = req.body; 4 const expected = crypto 5 .createHash("md5") 6 .update(Buffer.from(JSON.stringify(payload)).toString("base64") + API_KEY) 7 .digest("hex"); 8 9 if (sign !== expected) { 10 return res.status(401).send("Invalid"); 11 } 12 13 if (payload.status === "paid") { 14 // Mark order paid, payload.order_id 15 } 16 17 res.sendStatus(200); 18});

1// Payvra webhook handler 2app.post("/webhooks", (req, res) => { 3 const signature = req.headers["webhook-signature"]; 4 const timestamp = req.headers["webhook-timestamp"]; 5 const webhookId = req.headers["webhook-id"]; 6 7 const signedContent = `${webhookId}.${timestamp}.${req.rawBody}`; 8 const expected = crypto 9 .createHmac("sha256", WEBHOOK_SECRET) 10 .update(signedContent) 11 .digest("base64"); 12 13 if (signature !== `v1,${expected}`) { 14 return res.status(401).send("Invalid"); 15 } 16 17 const { type, data } = req.body; 18 if (type === "payment.completed") { 19 // Mark order paid, data.metadata.orderId 20 } 21 22 res.sendStatus(200); 23});

CryptoMus event

Payvra

Notes

Webhook payment.process

Webhook payment.created

Payment created and awaiting deposit.

Webhook payment.confirming

Deposit detected, waiting for confirmations.

Webhook payment.confirmed

Confirmed on-chain.

Webhook payment.paid

Webhook payment.completed

Final settled state, order should advance to paid here.

Webhook payment.cancel

Webhook payment.failed

Cancellation maps to a terminal failed state on Payvra.

Webhook payment.fail

Webhook payment.failed

Same terminal failed state.