unitpayHandler from @unitpay/react/next lets you route SDK calls through your Next.js backend instead of calling the UnitPay API directly. The secret key stays server-side, and requests never leave your domain.
Usage
Add a catch-all route handler:Parameters
Your UnitPay secret key. Read it from a server-only environment variable — never expose it to the browser.
Resolve the authenticated customer for the incoming request (from your session/auth). Return
null for an unauthenticated request — the handler responds 401.UnitPay API base URL. Defaults to
https://api.useunitpay.com/v1.Origins permitted to call the proxy. Requests with an
Origin outside this list are rejected with 403. Pass '*' to disable the check (not recommended in production). When omitted, the Origin check is skipped.Maximum request body size. Defaults to 1 MB; larger bodies are rejected with
413.Security defaults: disallowed methods →
405; off-allowlist Origin → 403; oversized
bodies → 413. Only GET, POST, PUT, PATCH, and DELETE are forwarded.