Skip to main content
This command is essential for applications that need to facilitate payments directly within the app, enabling seamless transactions for users. At launch, WLD and USDC will be supported. Example: Enabling an e-commerce platform to allow users to purchase digital goods using cryptocurrencies, providing a smooth checkout experience. Payments are easy to use and only have three simple steps.
  1. Creating the transaction
  2. Sending the command
  3. Verifying the payment
For legal reasons, payments are not available in Indonesia and Philippines.

Setup

Payments are executed on-chain, so you’ll need an Ethereum compatible wallet. Next, whitelist the address in the Developer Portal. Whitelisting adds security to your mini app to prevent payments from being sent to an unauthorized addresses. Optionally you can disable this check in the Developer Portal. Whitelist an Address

Initiating the payment

For security, it’s important you initialize and store your payment operation in the backend.
app/api/initiate-pay/route.ts
import { NextRequest, NextResponse } from 'next/server'

export async function POST(req: NextRequest) {
	const uuid = crypto.randomUUID().replace(/-/g, '')

	// TODO: Store the ID field in your database so you can verify the payment later

	return NextResponse.json({ id: uuid })
}

Using the command

Sending the command & handling the response

We currently support WLD and USDC payments on Worldchain. Below is the expected input for the Pay command. Since World App sponsors the gas fee, there is a minimum transfer amount of $0.1 for all tokens.
PayCommandInput
// Represents tokens you allow the user to pay with and amount for each
export type TokensPayload = {
  symbol: Tokens;
  token_amount: string;
};

export type PayCommandInput = {
  reference: string;
  to: string;
  tokens: TokensPayload[];
  network?: Network; // Optional
  description: string;
};
For convenience, we offer a public endpoint to query the current price of WLD in various currencies detailed here.
app/page.tsx
import { MiniKit, tokenToDecimals, Tokens, PayCommandInput } from '@worldcoin/minikit-js'

const sendPayment = async () => {
  const res = await fetch('/api/initiate-payment', {
    method: 'POST',
  })
  const { id } = await res.json()

  const payload: PayCommandInput = {
    reference: id,
    to: '0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045', // Test address
    tokens: [
      {
        symbol: Tokens.WLD,
        token_amount: tokenToDecimals(1, Tokens.WLD).toString(),
      },
      {
        symbol: Tokens.USDC,
        token_amount: tokenToDecimals(3, Tokens.USDC).toString(),
      },
    ],
    description: 'Test example payment for minikit',
  }

  if (!MiniKit.isInstalled()) {
    return
  }

  const { finalPayload } = await MiniKit.commandsAsync.pay(payload)

  if (finalPayload.status == 'success') {
    const res = await fetch(`/api/confirm-payment`, {
      method: 'POST',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify(finalPayload),
    })
    const payment = await res.json()
    if (payment.success) {
      // Congrats your payment was successful!
    }
  }
}

Verifying the payment

You should always verify the payment in your backend. Users can manipulate information in the frontend, so the response must be verified in a trusted environment.
There are two ways to verify a payment:
  • Developer Portal API: Call our API to get the current status of the transaction. Since payments are executed on-chain, it can take up to a few minutes to confirm. You can choose to optimistically accept the payments once they’ve landed on-chain, or poll the endpoint to wait until it’s successfully mined.
  • On-chain verification (advanced): Verify payments by inspecting the ERC-4337 UserOperationEvent emitted during the pay operation.

Developer Portal API

Use the Get Transaction endpoint to get the current status of the transaction. When the transaction has landed on-chain, the transaction_status will be mined.
app/confirm-payment/route.ts
import { NextRequest, NextResponse } from 'next/server'
import { MiniAppPaymentSuccessPayload } from '@worldcoin/minikit-js'

interface IRequestPayload {
	payload: MiniAppPaymentSuccessPayload
}

export async function POST(req: NextRequest) {
	const { payload } = (await req.json()) as IRequestPayload

	// IMPORTANT: Here we should fetch the reference you created in /initiate-payment to ensure the transaction we are verifying is the same one we initiated
	const reference = await getReferenceFromDB()

	// 1. Check that the transaction we received from the mini app is the same one we sent
	if (payload.reference === reference) {
		const response = await fetch(
			`https://developer.worldcoin.org/api/v2/minikit/transaction/${payload.transaction_id}?app_id=${process.env.APP_ID}&type=payment`,
			{
				method: 'GET',
				headers: {
					Authorization: `Bearer ${process.env.DEV_PORTAL_API_KEY}`,
				},
			}
		)
		const transaction = await response.json()

		// 2. Here we optimistically confirm the transaction.
		// Otherwise, you can poll until the status == mined
		if (transaction.reference == reference && transaction.status != 'failed') {
			return NextResponse.json({ success: true })
		} else {
			return NextResponse.json({ success: false })
		}
	}
}

On-chain verification (advanced)

Verify payments by inspecting the ERC-4337 UserOperationEvent emitted during the pay operation.
The TransferReference event will no longer be emitted. Instead, the reference string is encoded in the nonceKey of the UserOperationEvent as described below.
World App encodes your reference and miniappId into the nonceKey of the UserOperationEvent, allowing you to verify the payment on-chain.

How it works

The UserOperationEvent nonce is a 32-byte value split into two parts:
  • Nonce key (top 24 bytes): contains your payment identifiers
  • Nonce sequence (bottom 8 bytes): a counter
The nonceKey is constructed as:
  • 1 byte: version
  • 13 bytes: truncated SHA-256 hash of your miniappId
  • 10 bytes: truncated SHA-256 hash of your reference (the unique ID you passed in PayCommandInput.reference)
To verify a payment, extract the nonceKey from the UserOperationEvent nonce and compare the embedded reference bytes.

Example

import { createHash } from 'crypto'
import { ethers } from 'ethers'

const MINIAPP_ID = 'app_YOUR_APP_ID'
const miniappId = MINIAPP_ID

const WORLDCHAIN_RPC_URL = 'https://worldchain-mainnet.g.alchemy.com/public'

const provider = new ethers.JsonRpcProvider(WORLDCHAIN_RPC_URL)

// Minimal ABI for the ERC-4337 v0.7 EntryPoint contract
// Only the UserOperationEvent definition is needed
const ENTRYPOINT_ABI = [
  {
    anonymous: false,
    inputs: [
      { indexed: true, internalType: 'bytes32', name: 'userOpHash', type: 'bytes32' },
      { indexed: true, internalType: 'address', name: 'sender', type: 'address' },
      { indexed: true, internalType: 'address', name: 'paymaster', type: 'address' },
      { indexed: false, internalType: 'uint256', name: 'nonce', type: 'uint256' },
      { indexed: false, internalType: 'bool', name: 'success', type: 'bool' },
      { indexed: false, internalType: 'uint256', name: 'actualGasCost', type: 'uint256' },
      { indexed: false, internalType: 'uint256', name: 'actualGasUsed', type: 'uint256' },
    ],
    name: 'UserOperationEvent',
    type: 'event',
  },
]

const ENTRYPOINT_INTERFACE = new ethers.Interface(ENTRYPOINT_ABI)

// Keccak-256 hash of the event signature — used to identify UserOperationEvent logs
// Should be 0x49628fd1471006c1482da88028e9ce4dbb080b815c9b0344d39e5a8e6ec1419f
const USER_OPERATION_EVENT_TOPIC = ENTRYPOINT_INTERFACE.getEvent('UserOperationEvent')!.topicHash

// In the EntryPoint contract, `UserOperationEvent` includes a `nonce` field.
// That nonce is structured as: [24-byte nonceKey][8-byte nonce sequence].
//
// nonceKey layout (24 bytes):
// [ 1B version ][ 13B sha256(miniappId)[0..13) ][ 10B sha256(reference)[0..10) ]

const VERSION_BYTES = 1
const MINIAPP_ID_BYTES = 13
const REFERENCE_BYTES = 10

async function verifyReferenceFromReceipt({
  transactionHash,
  senderAddress,
  reference,
}: {
  transactionHash: string // The on-chain transaction hash
  senderAddress: string
  reference: string // The reference you generated when initiating the payment
}): Promise<boolean> {

  // 1. Fetch the transaction receipt
  const receipt = await provider.getTransactionReceipt(transactionHash)
  if (!receipt) throw new Error('Transaction receipt not found')

  // 2. Find the UserOperationEvent for this sender
  //    topics[0] = event signature hash, topics[2] = sender address (zero-padded to 32 bytes)
  const senderTopic = ethers.zeroPadValue(senderAddress.toLowerCase(), 32)
  const useropEventLog = receipt.logs.find(
    (log) =>
      log.topics[0] === USER_OPERATION_EVENT_TOPIC &&
      log.topics[2]?.toLowerCase() === senderTopic,
  )
  if (!useropEventLog) throw new Error('UserOperationEvent log not found')

  // 3. Parse the UserOperationEvent to extract the nonce
  const parsedEvent = ENTRYPOINT_INTERFACE.parseLog({
    topics: useropEventLog.topics as string[],
    data: useropEventLog.data,
  })
  if (!parsedEvent) throw new Error('Failed to parse UserOperationEvent')
  const nonce = parsedEvent.args.nonce as bigint

  // 4. The nonce is structured as: [24-byte nonce key][8-byte nonce sequence]
  //    Extract the nonce key by shifting right by 64 bits
  const nonceKey = nonce >> 64n

  // 5. Convert the nonce key to bytes (24 bytes)
  const nonceKeyHex = nonceKey.toString(16).padStart(48, '0')
  const nonceKeyBytes = Buffer.from(nonceKeyHex, 'hex')

  // 6. Verify miniappId: bytes [1..14) of the nonce key
  const expectedMiniappHash = createHash('sha256')
    .update(MINIAPP_ID, 'utf8')
    .digest()
    .subarray(0, MINIAPP_ID_BYTES)
  const actualMiniappHash = nonceKeyBytes.subarray(VERSION_BYTES, VERSION_BYTES + MINIAPP_ID_BYTES)

  if (Buffer.compare(actualMiniappHash, expectedMiniappHash) !== 0) {
    return false // miniappId does not match
  }

  // 7. Verify reference: bytes [14..24) of the nonce key
  const expectedRefHash = createHash('sha256')
    .update(reference, 'utf8')
    .digest()
    .subarray(0, REFERENCE_BYTES)
  const referenceOffset = VERSION_BYTES + MINIAPP_ID_BYTES
  const actualRefHash = nonceKeyBytes.subarray(referenceOffset, referenceOffset + REFERENCE_BYTES)

  return Buffer.compare(actualRefHash, expectedRefHash) === 0
}

Success Result on World App

If implemented correctly, the user will see the following drawer on World App.