What Are Checkout Sessions?
Checkout Sessions are short-lived, single-use sessions that direct a specific user to dhmad.tn to perform a critical escrow action. The user is authenticated on DHMAD, completes the action (e.g., signing a contract, accepting payment, completing delivery), and is then redirected back to your application with the result. Which checkout actions apply depends on the escrow mode — see Escrow Modes. In standard mode, buyers may need to sign a contract before paying; in quick mode there is no contract but the buyer still confirms after delivery; in instant mode onlyaccept_pay is used and completion happens when you call the deliver endpoint.
When to Use Checkout Sessions
Use Checkout Sessions when your integration needs a user to perform one of these critical actions:Sign Contract
Redirect the buyer or seller to sign the escrow contract on dhmad.tn. Standard mode only.
Accept & Pay
Redirect the buyer to accept the contract and complete payment.
Complete
Redirect the buyer to mark the escrow as complete and release funds to the seller. Standard and quick modes (not instant).
Dispute
Redirect either party to open a dispute on the escrow.
Request Cancellation
Redirect the buyer to request cancellation of a paid or delivered escrow. Requires seller acceptance before funds are returned.
Cancel Escrow
Redirect the seller to cancel a paid or delivered escrow immediately. Refunds the buyer when applicable — no counterparty approval needed.
Reject Cancellation
Redirect the seller to reject a pending buyer cancellation request.
Accept Cancellation
Redirect the seller to accept a pending buyer cancellation request and finalize the refund.
How the Flow Works
-
Create a session via API — Call
POST /api/v1/escrows/:id/sessionswith the action type, target user email, and your redirect URL. You receive asessionIdandurl. -
Redirect the user — Send the user to
https://dhmad.tn/checkout/:sessionId(or your sandbox URL for testing). - User performs the action — The user logs in (if needed), sees the escrow context, and completes the action on dhmad.tn.
-
User is redirected back — DHMAD redirects the user to your
redirectUrlwith query parameters:session_idandstatus(e.g.,completed,expired,cancelled).
The redirect URL parameters (
session_id, status) are informational. Treat webhooks as the source of truth for escrow state changes. Use the redirect to update your UI and optionally call GET /api/v1/sessions/:sessionId to verify the session status.Security
30-Minute Expiry
Sessions expire 30 minutes after creation. Expired sessions cannot be used.
Single-Use
Each session can only be completed once. After completion, the session is marked as used.
User Email Validation
Only the user whose email matches
targetUserEmail can complete the session.HTTPS Enforcement
Redirect URLs must use HTTPS in production.
http://localhost is allowed for development.Redirect URL Validation
Redirect URLs must be pre-configured in your developer dashboard. No arbitrary URLs are accepted.
Webhook as Source of Truth
When a user completes an action via a Checkout Session, DHMAD emits webhooks for the underlying escrow events (e.g.,contract.signed, escrow.paid, escrow.completed). Always process webhooks to update your backend state. The redirect parameters are useful for immediate UI feedback but should not be the sole basis for state changes.