How to Accept Crypto Payments on Your Website in 2026

Crypto payments are not a niche experiment anymore

Three data points. The stablecoin market cap crossed $350 billion in May 2026 — nearly tripling in two years. United Wholesale Mortgage, the second-largest US mortgage lender, announced it will accept crypto for loan payments by end of year. Mastercard now gives merchants the option to settle in crypto. This isn't "coming soon." It's here.

For any online business, accepting crypto payments is moving from "should we?" to "how do we?" Your customers — especially in cross-border and freelancer scenarios — hold USDT, USDC, and BTC and want to spend it. If your checkout only does PayPal and credit cards, you're filtering out a whole segment of paying users who don't route through the banking system.

The good news: adding crypto payments to a website in 2026 is dramatically simpler than it was three years ago. You don't need to write a blockchain indexer, run full nodes, or wrestle with RPC endpoints across a dozen chains. You pick the right approach, integrate an API, and let the payment gateway handle the rest.

Three approaches: pick the one that fits

There are three ways to let your website accept cryptocurrency. They differ fundamentally in who holds the keys and what it costs over time. Start with the table, then we'll unpack each one.

Approach 1: Hosted gateways. Easy now, expensive later

CoinGate, OpenNode, and Coinbase Commerce are sign-up-and-go services. You create an account, pass KYC, grab an API key, write a few lines of code — and customers can pay with crypto. The platform handles exchange rates, on-chain confirmations, and settlement to your bank or wallet.

The tradeoff: 1% per transaction. Doesn't sound like much, but at $50,000 monthly volume that's $6,000 a year. Before factoring in spread on exchange rates. And here's the bigger issue — the money isn't yours until they send it to you. Funds hit the platform's custodial wallet first, then settle to you. If the platform freezes your account due to compliance reviews — Coinbase Commerce and OpenNode have both done this — you can't do anything. They hold the private keys.

Good for: early-stage operations with minimal volume where short-term convenience beats long-term cost. Bad for: anyone doing five figures a month, anyone in cross-border payments, anyone who needs absolute control over their funds.

Approach 2: Self-hosted gateways. One extra step, zero fees forever

This is where Xcash and BTCPay Server live. You run the payment gateway on your own server. You hold the private keys. Every API endpoint is yours to call. No platform takes a cut. No KYC application. No approval queue. Customer crypto goes directly into your wallet.

Deployment cost: a 1-core, 2 GB VPS at ~$20/month. See our Docker deployment guide — three minutes, three commands. About the same as installing WordPress. Xcash doesn't require a full node. No 600 GB disk sync.

Once deployed, your website talks to the gateway through a REST API. Create invoices, check payment status, configure webhooks, generate deposit addresses — all standard JSON. We'll walk through the integration next.

Approach 3: Pasting a wallet address. Simple, until it's not

Just put your USDT or Bitcoin address on the checkout page and ask customers to send funds. No middleman, no API, no code. Sounds Web3-native.

But real operations break this model fast. A customer pays — you don't know unless you manually check the block explorer and update the order status yourself. They send 0.001 USDT short — the chain won't flag "amount mismatch," you have to catch it. Accept 5 coins across 10 chains and address management becomes a full-time job. No webhooks means your backend never knows funds arrived, so fulfillment stays manual.

Pasting an address works for "accept a tip once in a while" — a blog donation button, an open-source sponsor link. It does not work for any business that needs automation.

Integration: wiring crypto payments into your website with the Xcash API

Assume you've deployed Xcash following the deployment guide and it's running at https://pay.yourdomain.com. Here are the four steps to accept crypto from your website.

Step 1: Create an API token

Log into the admin panel, navigate to API Tokens, and create one. Save it — this authenticates every API call.

Step 2: Create an invoice at checkout

When a customer clicks "Pay with crypto," your backend sends a POST to Xcash to create an invoice. Put the payload in a JSON file to keep the curl readable:

curl -X POST https://pay.yourdomain.com/api/v1/invoices/ \
  -H "Authorization: Token YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d @invoice_payload.json

The invoice_payload.json includes amount, currency, chain, order ID, and callback URL fields. The response JSON contains a payment_url — the link your customer uses to pay.

Step 3: Present the payment page

Three ways to show the payment page to your customer:

• Redirect mode: A button on checkout that sends them to payment_url. They pick a chain, pick a wallet, pay, and get redirected back to your redirect_url. Simplest option. Works great on mobile
• Embedded iframe: Load payment_url in an iframe inside your checkout page. Customer never leaves your site. Good for desktop
• Headless API mode: Build your own frontend UI. Fetch addresses and payment status via API, render everything custom. For sites with strong brand requirements

Step 4: Set up webhooks for automatic confirmation

After the customer pays, Xcash notifies your backend through a webhook. Configure a webhook URL in the admin panel — e.g., https://yourdomain.com/api/payment-webhook/. When payment is confirmed, Xcash POSTs a JSON payload with the order ID, transaction hash, and confirmation count. Your backend updates the order status, triggers fulfillment, and sends the confirmation email.

Full API docs at docs.xca.sh.

Handling exchange rate volatility

One unavoidable reality: crypto prices move. A customer orders when BTC is $74,800 and by the time their transaction confirms it's $74,200 or $75,200. How do you handle it?

Two strategies, pick one:

• Lock the fiat amount: At checkout, lock $100 = 0.00134 BTC (at current rate). The customer must pay within a time window — usually 15-30 minutes. You receive a fixed BTC amount and bear the exchange rate risk
• Lock the crypto amount: Display "Pay 0.00134 BTC" at checkout without pegging to fiat. Customer can pay anytime, but the fiat value you receive fluctuates. Customer bears the risk

For most e-commerce, locking the fiat amount with a 15-minute window is the practical choice. Xcash's API supports both — set the amount_currency parameter when creating the invoice.

Security checklist

• Keep API tokens server-side. Never put API tokens in frontend code or commit them to git. Invoice creation must originate from your backend
• Validate webhook signatures. Verify the signature in incoming webhook request headers. Prevents forged callbacks
• Use HD wallet derived addresses. Generate a unique deposit address per transaction. Improves privacy and makes reconciliation easy. Xcash handles this automatically with its built-in HD wallet
• Test with small amounts first. Before going live, run a $1 payment through the full flow. Confirm webhooks fire, order status updates, and fulfillment triggers correctly

What kind of businesses benefit most from crypto payments

Not every business needs this. The biggest wins come in these scenarios:

• Cross-border services / freelancing: Clients in LATAM, Southeast Asia, Africa may not have international credit cards but definitely have USDT. Crypto bypasses the banking system entirely — fast settlement, low cost
• SaaS / subscriptions: Add crypto as an option on your pricing page. Stripe won't penalize you for offering alternatives
• Digital goods / memberships: API keys, ebooks, online courses — no shipping needed, so automated delivery on payment confirmation is straightforward
• VPNs / hosting / privacy services: Your users already value privacy and self-hosting. Crypto is a natural fit
• GameFi / blockchain gaming: Users are already crypto-native. Let them pay with the tokens they already hold

FAQ

Do I need a license to accept crypto payments on my website?

Depends on your jurisdiction. Most countries do not currently require merchants receiving crypto to hold a license — as long as you aren't holding customer funds in custody. That's one advantage of self-hosted payment gateways: the keys are yours, you're just receiving your own payments. Consult a local lawyer to confirm. For AML, Xcash integrates MistTrack risk screening to flag suspicious addresses.

Is a self-hosted gateway as reliable as a hosted one?

A self-hosted gateway's reliability depends on your server. A Ubuntu 22.04 VPS running Docker Compose can go months without issues — that's the norm. Hosted gateways also run on servers; the difference is when something breaks, you can fix your own. With a hosted gateway, you wait.

Can my website accept both fiat and crypto?

Absolutely. A crypto payment gateway is an independent layer — you still run Stripe or PayPal for fiat. Add a "Pay with crypto" option at checkout and route the two payment paths separately in your backend. Xcash's API is designed to slot into existing payment systems.

What if my customers don't use crypto?

Ask yourself: do they not use crypto, or have they never had the option? The numbers tell the story — stablecoin monthly active addresses exceeded 30 million in Q1 2026. Crypto payments aren't a replacement for fiat. They're an additional option. More payment options don't lower conversion rates — they raise them.