Step 1: Onboarding flow

Any seller who wants to sell with credit card is required to KYC with Paper. To start, embed the following page as an iframe in your application:

<iframe src=""></iframe>

Upon successful login and KYC, this page calls postMessage to the parent window. If the user already KYC’d, this should only be a login flow which will generate a renewed auth token:

window.opener.postMessage({ // or window.parent if in iframe
	eventType: 'sellerOnboardingEmailVerified',
	authToken: 'eyJhbGciOiJIUzI1N...' // JWT

Be sure to handle this message in your page that opens or embeds the link

☝️ The authToken JWT has a 30 day expiration. You should exchange this authToken for a developer key. The developer key is then used to make any necessary API calls (backend only) on behalf of the user’s Paper account.

Step 2: Exchanging authToken for a developerKey

You can only exchange authTokens for users that went through the KYC flow from the link that contained your public key.


Authorization: Bearer <Partner's developer secret key>

  authToken: 'eyJhbGciOiJIUzI1N...' // (from above)

200 OK
	"developerKey": '...'

Step 3: Use Paper’s regular API functions using the developerKey

For example, if you would like to enable credit card NFT checkouts for your customers:

  1. You’ll need to register a contract. (API Docs:
  2. Once a contract is created, you can either generate a checkout link (, a one-time checkout link (, or use our embedded checkout SDK (

If you would like to enable embedded wallets for your customers, follow the integration guide for embedded wallets.