What Alchemy Provides
Blockchain RPC
Read wallet balances, query transaction receipts, check confirmation counts, and broadcast transactions across all supported EVM chains, Solana, and Bitcoin.
Alchemy Notify
Push-based address activity webhooks — when a transfer arrives at a session’s deposit address, Alchemy sends an immediate HTTP notification instead of waiting for the next polling cycle.
Two Separate Credentials
Alchemy uses two distinct credentials, and confusing them is the most common setup mistake. You need both.| Credential | Where to find it in Alchemy | Purpose |
|---|---|---|
| API Key | Apps → your app → API Key | Authenticates RPC and data requests (reading balances, transactions, etc.) |
| Notify Auth Token | Account menu → Auth Token (top bar) | Authenticates webhook management requests (creating, listing, and deleting Notify webhooks) |
Setup
Sign in to your Crypto Checkout dashboard and go to Integrations
From the main navigation, open the Integrations section. You will see a tile grid of available integrations.
Enter your credentials
Fill in all three fields:
- API Key — your Alchemy app’s API key. Copy it from Apps → your app → API Key in the Alchemy dashboard. Stored encrypted; never displayed after saving.
- Notify Auth Token — the
X-Alchemy-Tokenused to manage webhooks. Copy it from your Account menu → Auth Token in the top bar. Stored encrypted; never displayed after saving. - Webhook Public URL — the publicly reachable HTTPS base URL of your Crypto Checkout instance (e.g.
https://checkout.example.com). This is where Alchemy will POST webhook events.
The Webhook Public URL must be reachable over public HTTPS. If you are developing locally, use a tunnel such as ngrok or Cloudflare Tunnel to expose your local server before provisioning.
Toggle Enabled and save
Switch the integration to Enabled and click Save. Your credentials are encrypted and persisted to the database at this point.
Click Provision webhooks
Click the Provision webhooks button. This action calls the Alchemy webhook API to create one Notify webhook per supported chain and stores each webhook’s ID and HMAC signing key in the database.You can safely run this multiple times — it is idempotent. Re-provision if you rotate credentials, change your public URL, or add new supported chains.
After Provisioning
Once webhooks are provisioned, no further manual configuration is needed. Every new checkout session automatically registers its assigned deposit address with the appropriate chain’s Alchemy webhook. When that address receives a transfer, Alchemy pushes a notification to your instance in near real-time. When the session terminates (paid, expired, or failed), the address is removed from the webhook to keep the watchlist lean. The following webhook receiver endpoints are registered on your instance:| Chain type | Endpoint path |
|---|---|
| EVM (Ethereum, Base, Arbitrum, Optimism, Polygon) | /api/webhooks/alchemy |
| Solana | /api/webhooks/alchemy/solana |
| Bitcoin | /api/webhooks/alchemy/btc |
| Network | Mainnet chain ID | Testnet chain ID |
|---|---|---|
| Ethereum | 1 | 11155111 (Sepolia) |
| Base | 8453 | 84532 |
| Arbitrum | 42161 | 421614 |
| Optimism | 10 | 11155420 |
| Polygon | 137 | 80002 |
| Solana | 101 | 103 |
| Bitcoin | 8333 | 38333 |
Without Alchemy
If Alchemy is not configured or is toggled off, Crypto Checkout falls back to polling for all chains. Polling is slower — detection can take anywhere from several seconds to a few minutes depending on polling frequency — but the system remains fully functional. You can still accept payments; you just lose the near-instant detection that Notify provides. The fallback is also used automatically for any chain that Alchemy Notify does not support.Security
- Credential storage: both the API Key and the Notify Auth Token are encrypted at rest using AES-256-GCM. The encryption key is derived from your instance’s secret configuration and is never stored alongside the ciphertext.
- Frontend exposure: the dashboard never returns raw credential values to the browser. API responses only include a boolean (
hasApiKey,hasAuthToken) indicating whether a secret has been set. - Webhook verification: each inbound Alchemy webhook is verified against the per-chain signing key stored during provisioning. Requests with an invalid or missing signature are rejected before any payment logic runs.
Troubleshooting
| Error / symptom | Cause | Fix |
|---|---|---|
| ”Alchemy API key not configured” | API Key field is blank | Set the API Key under Integrations → Alchemy |
| ”Alchemy auth token not set” | Notify Auth Token field is blank | Set the Notify Auth Token under Integrations → Alchemy |
Provisioning fails with 401 | API Key pasted in Auth Token field (or vice versa) | Double-check which field maps to which Alchemy dashboard location (see table above) |
| Provisioning says public URL missing | Webhook Public URL is blank or not HTTPS | Enter a valid https:// URL; use a tunnel for local development |
401 errors in webhook delivery logs | Signing-key mismatch (e.g. after re-provisioning) | Click Provision webhooks again to refresh signing keys |
| Webhooks not firing at all | Instance URL not publicly reachable | Verify the URL responds to external HTTPS traffic and check Alchemy’s delivery logs in their dashboard |