Payments / Onramp·Multi-chain · EVM · Solana · Bitcoin
Mesh Connect
Embedded crypto payments network: connect a user's exchange or wallet (Coinbase, Binance, MetaMask, +200 more) and orchestrate transfers in or out of your app via a single Link UI and Transfers API.
- 01pay with Coinbase / Binance / Kraken balance
- 02wallet aggregation (read positions)
- 03direct exchange-to-wallet transfers
- 04self-custodial wallet connect
- 05stablecoin pay-ins from CEX accounts
- pnpm add @meshconnect/web-link-sdk
- pnpm add @meshconnect/node-api
| Variable | Scope | Description |
|---|---|---|
| MESH_CLIENT_ID | Server | Mesh Connect client id from the Mesh dashboard. Sent as `X-Client-Id` on all REST calls. |
| MESH_CLIENT_SECRET | Server | Mesh Connect client secret. Server-only; used to mint short-lived `linkToken` values via `POST /api/v1/linktoken`. |
| MESH_WEBHOOK_SECRET | Server | HMAC secret used to verify the `X-Mesh-Signature` header on webhook deliveries. |
Use Mesh Connect to let users pay or fund from their existing exchange / wallet. Server-side, mint a single-use link token via `POST https://integration-api.meshconnect.com/api/v1/linktoken` with the user id and the desired flow (`transfer`, `link`, or `payments`); for transfers include `transferOptions.toAddresses[]` and the asset symbol+chain. Pass the returned `linkToken` to the client and open the Link UI with `createLink({ clientId: MESH_CLIENT_ID, onSuccess, onExit }).openLink(linkToken)` from `@meshconnect/web-link-sdk`. The user authenticates inside Link, optionally MFAs, and Mesh executes the on-chain transfer on the source platform; listen for the `transfer.completed` webhook (verify `X-Mesh-Signature` HMAC) before crediting the user.
- ⚑Link tokens are single-use and short-lived (~30 minutes) — generate a fresh token each time the user opens the Link UI; reusing a token throws `LINK_TOKEN_EXPIRED`.
- ⚑Not every integration supports every flow: some exchanges allow read-only aggregation but not transfers, and some wallets cannot return cost basis. Call `/api/v1/transfers/managed/networks` to filter the integrations you surface.
- ⚑The destination `toAddress` must match the chain symbol exactly (e.g. `USDC` on `ethereum` vs `solana`); a mismatched chain causes the source platform to reject the withdrawal mid-flow.
- ⚑Many CEX integrations require the user to enable withdrawal permissions or 24h cooldowns on their exchange account first — surface a pre-flight checklist or expect ~30% drop-off.
- ⚑Sandbox is gated and uses a different base URL (`integration-api.meshconnect.com` for sandbox, `production.meshconnect.com` for prod) plus distinct credentials; flipping environments requires re-issuing tokens.
- ⚑Transfer webhooks fire multiple times (`pending`, `processing`, `succeeded`, `failed`) — credit only on `succeeded` and use the `transferId` for idempotency.
- ⚑The Link UI is iframe-based and breaks inside in-app webviews that block third-party cookies; use the deep-link / native SDK for mobile apps.