Back to Gateway Index
Payhip logo
Payment Gateway

Payhip

Simple creator storefront with low fees and a partial-MoR for EU/UK VAT only

Builder Verdict

Pick Payhip if you want the cheapest beginner-friendly storefront for digital products, courses, or memberships — especially outside the US/UK/EU Stripe belt. Not the right pick if you need a full global Merchant of Record, a first-class REST API, or a white-label checkout.

Complexity

◆ Simple

Region

Global via 13 processors

Fees

5% Free · 2% Plus ($29/mo) · 0% Pro ($99/mo)

Payhip is a UK-based e-commerce platform (founded 2011) for selling digital downloads, online courses, memberships, coaching, and physical goods. It acts as a storefront + checkout layer on top of the seller's own payment-processor accounts (Stripe, PayPal, Mollie, Paystack, Razorpay, Flutterwave, and 7 others) rather than holding funds centrally. Its Merchant-of-Record status is partial — Payhip collects and remits digital EU VAT and UK VAT automatically, but US, Canadian, and Australian sales tax remain the seller's responsibility. Pricing is plan-based with platform fees that step down from 5% (Free) to 2% (Plus, $29/mo) to 0% (Pro, $99/mo).

Last full audit: April 15, 2026

01

Trust Score Breakdown

Account Stability

60/100

Trustpilot and Sitejabber include recurring reports of sudden store removals and account closures, typically cited as copyright-infringement enforcement against resold or AI-generated content. Appeals are email-only and slow. Severity is lower than Gumroad's Iffy-style sweeps, and many sellers report years of uneventful use, but the copyright-policy blast radius is opaque enough to warrant caution.

Developer Experience

55/100

Public REST API at payhip.com/api/v2 covers only coupons and license keys — no subscription, customer, or sale-export endpoints. Webhooks expose 4 event types (paid, refunded, subscription.created, subscription.deleted) with a weak signature scheme (sha256 of the API key appended to the payload rather than a true HMAC over the body). No official SDKs. Docs are short and adequate for simple integrations but thin next to Stripe, Paddle, or Lemon Squeezy.

Payout Reliability

80/100

Payouts flow directly into the seller's own Stripe, PayPal, or regional processor account — Payhip is not a funds-holder. This structurally limits payout-delay risk: whatever Payhip pulls through your processor settles on that processor's own schedule. The trade-off is that payout timing and fees are governed by the chosen processor, not by Payhip, and account holds at that processor layer are outside Payhip's control.

Support Quality

65/100

Mixed but net-positive. Multiple independent review sites and Trustpilot pages praise fast, human email responses and detailed screenshot-led guides. The counter-narrative: support is email-only (no live chat or phone), and accounts flagged for policy enforcement report silence or chatbot-like replies when escalated.

Track Record

78/100

Operating since 2011 from London as a bootstrapped, quietly profitable creator platform. No major outages, data breaches, or regulatory incidents reported over its 14-year run. Steady feature cadence through 2025 (content editor, collaborations, 11 new regional gateways, public API expansion). Lower brand visibility than Gumroad or Lemon Squeezy, but also less volatility.

Transparency

70/100

Plan pricing and per-tier platform fees are published cleanly on a single page. Merchant-of-Record scope (EU/UK VAT only, not US/CA/AU) is clearly documented in the help center rather than hidden. Demerits: chargeback fees, refund fees, and any FX spread are not publicly listed — those are effectively pass-through to the chosen processor, but Payhip doesn't say so explicitly. No formal public changelog beyond the annual blog round-up.

02

Availability Matrix

Region Countries Currencies Payout Timing
Global (creator / seller) Seller country support is determined by which of the 13 connected payment processors you can use — Stripe, PayPal, Mollie, Square, Mercado Pago, Flutterwave, Paystack, Xendit, Midtrans, PayU, Razorpay, Iyzico, PayTabs. After creating an account, Payhip auto-filters the available gateways by the country you select in Account Settings → Payment Details. Buyers can be charged in any currency supported by the seller's chosen processor. USD, EUR, GBP, CAD, AUD, JPY, INR, and 20+ local currencies via regional processors. Payouts settle directly in the seller's own processor account on that processor's schedule (Stripe: 2-7 days rolling; PayPal: near-instant; Mollie/Paystack/etc.: per-processor).
Stripe-supported countries Austria, Australia, Belgium, Brazil, Bulgaria, Canada, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Gibraltar, Greece, Hong Kong, Hungary, Ireland, Italy, Japan, Latvia, Liechtenstein, Lithuania, Luxembourg, Malaysia, Malta, Mexico, Netherlands, New Zealand, Norway, Poland, Portugal, Romania, Singapore, Slovenia, Slovakia, Spain, Sweden, Switzerland, Thailand, UAE, UK, US (40+ countries) Processor-dependent; typically local currency with display conversion Stripe's rolling 2-7 day schedule
Regional processors (non-Stripe markets) Paystack: Côte d'Ivoire, Ghana, Kenya, Nigeria, South Africa. Flutterwave: Ghana, Kenya, Nigeria, South Africa, Uganda, Rwanda, Zambia, Tanzania, Cameroon. Mercado Pago: Argentina, Brazil, Chile, Colombia, Mexico, Peru, Uruguay. PayTabs: Egypt, Iraq, Jordan, Kuwait, Oman, Saudi Arabia, UAE. Razorpay: India. Iyzico: Turkey. Midtrans: Indonesia. Xendit: Indonesia, Philippines. PayU: multi-region. Local-currency charging via the regional processor; payouts in that processor's native currency Per regional processor policy
NOT available Any country without a supported processor — US-sanctioned jurisdictions (Cuba, Iran, North Korea, Syria, Crimea/Donetsk/Luhansk) and regions blocked by Stripe, PayPal, and each regional provider. Sellers whose country appears in no processor's support list cannot onboard.
03

Feature Snapshot

Digital downloads / instant file delivery

Core product — instant post-purchase download link, automatic file delivery, watermarked-PDF option for ebooks

Online courses

Built-in course hosting with videos, files, quizzes, assignments, drip-feed scheduling, and completion certificates — no Teachable/Kajabi add-on needed

Memberships / subscriptions

Recurring monthly or annual plans gating access to content; subscription.created and subscription.deleted webhook events available

Coaching bookings

Sell 1:1 or group sessions with integrations to Zoom, Skype, and Calendly for scheduling

~

Physical products

Supported for simple catalogs, but no shipping-rate calculator, no multi-warehouse inventory, and no fulfillment integrations — not suitable for serious physical e-commerce

Software license keys

New license system auto-generates per-sale keys OR accepts your pre-generated key pool; verify/enable/disable via GET /api/v2/license/verify using a product-secret-key header — no API key required for the new system

~

Affiliate program

Built-in affiliate tracking and recruitment, but affiliate payouts are manual — seller is responsible for paying affiliates outside the platform (admin burden scales linearly)

Coupons / discount codes

Percentage or fixed-amount discounts; bulk-create up to 50 unique codes at once (2025); API supports coupon CRUD for non-subscription products; no stacking of multiple codes per order

Tax handling (EU VAT / UK VAT)

Payhip is Merchant of Record for digital EU VAT and UK VAT only — collects and remits on the seller's behalf automatically

Tax handling (US / CA / AU sales tax)

Outside the EU/UK, tax compliance is the seller's responsibility — Payhip does NOT register, collect, or remit US sales tax, Canadian GST/HST, or Australian GST

Webhooks

4 events (paid, refunded, subscription.created, subscription.deleted); retries up to 3 times at 1-hour intervals on non-200; signature sent inside payload, computed as sha256($apiKey) — NOT HMAC of the payload body

~

Public REST API (v2)

Covers coupons and license keys only. No subscription, customer, or sales export endpoints. Form-encoded request bodies, JSON responses. Authentication via payhip-api-key header.

Upsells / cross-sells

Cross-sell pop-ups and circular cross-sell discounts available (expanded in 2025) to raise average order value

Email marketing to customers

Broadcast emails and per-product updates to the buyer mailing list from within Payhip

~

Custom checkout / self-hosted storefront

Storefront branding (colors, logo, layout) is customizable; can also embed a buy button on an external site. The actual checkout page and receipt emails remain Payhip-branded — no fully white-label checkout.

Collaborations / revenue split

2025 feature — split revenue with other creators at configurable percentages; payments are distributed automatically

04

Pricing Breakdown

Free plan monthly cost $0 /mo
Free plan platform fee per sale 5% (on top of processor fees)
Plus plan monthly cost $29 /mo
Plus plan platform fee per sale 2% (on top of processor fees)
Pro plan monthly cost $99 /mo
Pro plan platform fee per sale 0% (processor fees only)
Payment processor fees Pass-through — Stripe/PayPal/Mollie/etc. charge at their own standard rates (e.g. Stripe 2.9% + $0.30 in the US) on every plan
EU VAT / UK VAT handling Included — Payhip collects and remits digital EU/UK VAT automatically on all plans
US / CA / AU sales tax Not handled — seller is responsible for registration, collection, and remittance
Refund processing fee Refunds are issued via Stripe/PayPal directly; Payhip reflects the refund but the platform fee and processor fee retention policy is not publicly documented
Chargeback / dispute fee Not publicly listed on Payhip's pricing page — chargeback fees are effectively pass-through to the connected processor (Stripe $15, PayPal $20 typical)
Payout fee None from Payhip — funds settle directly in your processor account on its schedule; processor payout fees (if any) apply
Currency conversion Handled at the processor level (Stripe / PayPal FX spread) — Payhip adds no separate FX fee
05

Security & Compliance

PCI DSS compliance Inherited via payment processors (Stripe, PayPal, Mollie, etc.) — Payhip does not store raw card data; checkout tokenization happens at the processor
Merchant of Record status Partial — Payhip is MoR for EU VAT and UK VAT on digital goods only; for US, Canada, Australia, and other jurisdictions the seller remains the merchant of record and is liable for their own sales-tax registration and remittance
Transport encryption Free SSL/TLS on all storefronts and connected custom domains; all checkout traffic served over HTTPS
3D Secure / SCA Handled at the processor layer (Stripe 3DS2, PayPal) — Payhip inherits whatever strong-authentication support the connected processor enforces; no Payhip-side configuration
Fraud prevention Relies on the connected processor's fraud tools (Stripe Radar, PayPal risk scoring). Payhip-side controls: refund-policy acceptance at checkout to strengthen chargeback defense.
Webhook signature Signature is included as a property inside the JSON payload and is computed as sha256(API_KEY) — a static per-store digest, NOT an HMAC over the payload body. An attacker with the API key could replay arbitrary payloads; keep the key secret and prefer out-of-band lookups (GET /api/v2/license/verify etc.) after every notification.
Account authentication Email/password login for seller accounts. No documented 2FA option as of April 2026 — a gap relative to Stripe, Paddle, and Lemon Squeezy.
06

Integration Prompt

Copy & use this 6053-char integration prompt

Production-ready prompt for Claude / GPT / Cursor — handles setup, security, webhooks & gotchas

 
You are integrating Payhip as the payment / storefront layer for a [Django / Next.js / FastAPI / etc.] app selling [digital downloads / online courses / memberships / licensed software]. Payhip is NOT a full Merchant of Record — it is MoR for digital EU VAT and UK VAT only. For US, Canadian, and Australian sales tax the seller remains liable. Payhip also does not hold funds centrally: money settles directly into your connected Stripe/PayPal/Mollie/Paystack/etc. account on that processor's own schedule. Your job is to (1) let customers reach Payhip's hosted checkout, (2) receive webhook notifications for paid / refunded / subscription events, and (3) grant or revoke access (including verifying software license keys) on your side.

Requirements:

1. **Checkout flow.** Do NOT build a custom card form. Use either the hosted product link (e.g. https://payhip.com/b/{short_id}) as a redirect target or embed Payhip's buy button / overlay on your site. PCI liability stays with the underlying processor (Stripe, PayPal, Mollie, etc.). Never attempt to collect raw card data yourself.

2. **Webhook receiver.** In Settings → Developer, register your webhook endpoint and subscribe to the 4 events you need: `paid`, `refunded`, `subscription.created`, `subscription.deleted`. Your handler (e.g. `/webhooks/payhip/`) must:
   - Parse the JSON body.
   - Compare the `signature` property inside the payload against `hashlib.sha256(API_KEY.encode()).hexdigest()` using `hmac.compare_digest` for constant-time comparison. IMPORTANT: Payhip's 'signature' is a static sha256 of the API key and does NOT include the payload body — treat it as a shared-secret gate, not a tamper-proof HMAC. For high-value actions (license activation, access grants) also re-verify out of band via `GET /api/v2/license/verify` before granting access.
   - Persist the transaction: `id` (transaction ID — your idempotency key), `email`, `currency`, `price` (in cents), `items[]`, `payment_type`, `date`. Prices are always in cents — 10 USD arrives as 1000.
   - Return HTTP 200 only AFTER the DB write commits. Non-200 responses trigger retries at 1-hour intervals for up to 3 hours, then the event is dropped permanently — do not rely on retries for correctness.
   - Idempotency: key on the `id` field; ignore duplicates.

3. **License verification (for software / paid APIs).** Use the v2 license system (the legacy one is deprecated). On activation, call `GET https://payhip.com/api/v2/license/verify?product_id={id}&license_key={key}` with the `product-secret-key` header set to your product's secret key (NOT your account API key). Check that the response indicates the key is enabled and unrevoked; optionally increment uses via the enable/disable endpoints. Cache successful verifications for a bounded window (e.g. 24h) — don't hit the API on every request.

4. **Subscription / membership state.** React to `subscription.created` by granting access and to `subscription.deleted` by revoking it. Payhip does NOT currently expose a subscription read endpoint in the public API (v2 covers only coupons and licenses) — you cannot poll for expiry. Persist the `date_subscription_deleted` field from the `subscription.deleted` payload as your authoritative end-of-access timestamp, and rely on the event stream rather than polling.

5. **Security best practices for Payhip specifically:**
   - Store the API key, product secret key, and webhook secret in environment variables — never in client code.
   - Because the webhook signature is a static digest of the API key, treat key leakage as 'all previously-sent webhooks are spoofable' — rotate immediately in the Developer settings if you suspect exposure.
   - Do NOT trust `email` from webhook alone for account linking — Payhip does not authenticate the buyer. Use the transaction `id` or a cryptographic claim code you mint yourself.
   - Log all webhook payloads with PII (email, name) redacted for audit.

6. **Edge cases to handle (all are real and community-reported):**
   - **Partial MoR.** Payhip collects EU/UK VAT for you but NOT US state, Canadian GST/HST, or Australian GST. If you have US nexus, integrate a separate tax-remittance service (TaxJar, Avalara) or migrate to a full MoR (Paddle, Lemon Squeezy, FastSpring, Polar).
   - **Refunds via processor.** A refund is issued in Stripe or PayPal first and then reflected in Payhip — your `refunded` webhook handler should downgrade access regardless of whether you initiated the refund from Payhip or the processor.
   - **Chargebacks.** Treat a chargeback as a full revoke plus flag-for-review. The underlying processor handles the dispute; Payhip does not shield you from chargeback liability (it is NOT a full MoR).
   - **Account closure for copyright.** Payhip enforces its acceptable-use policy aggressively on resold/derivative/AI-generated content. Keep a customer communication fallback (email list) outside Payhip so you can reach buyers if your store is taken down mid-flight.
   - **Affiliate payouts are manual.** If you run affiliates, Payhip tracks but does not pay — budget for bookkeeping effort.

7. **Local development.** Use a tunnel (ngrok, Cloudflare Tunnel) to receive webhooks. Payhip retries only 3 times at 1-hour intervals, so you cannot reproduce missed-delivery issues after the fact — instrument your endpoint and keep raw bodies for at least 7 days during integration.

Reference endpoints:
- REST API base: `https://payhip.com/api/v2`
- Coupons: `POST /coupon/create`, `GET /coupon/list`, `GET /coupon/retrieve`
- Licenses: `GET /license/verify`, `POST /license/enable`, `POST /license/disable`, `POST /license/usage/increase`, `POST /license/usage/decrease`
- Auth: `payhip-api-key` header for general endpoints, `product-secret-key` header for license operations.

Deliver: a webhook handler covering the 4 events, a license-verify helper, and a thin client for the v2 API (coupons + licenses). Include a signature-comparison test and an idempotency test keyed on transaction `id`. Do not build a custom checkout page.

Replace [Django / Next.js / etc.] with your stack. Follows PCI DSS best practices and handles common edge cases.

07

Common Pitfalls

7 items
1

Partial Merchant of Record — US/CA/AU sales tax is your problem

Payhip markets itself as handling VAT, which is true for EU and UK digital sales only. It does NOT register, collect, or remit US state sales tax, Canadian GST/HST, or Australian GST. Sellers with meaningful US revenue can end up on the hook for multi-state nexus filings the moment they cross economic thresholds. If you need a full global MoR, pick Paddle, Lemon Squeezy, FastSpring, or Polar instead.

2

Weak webhook signature scheme

Payhip's webhook 'signature' is sha256($apiKey) sent inside the payload — a static digest that doesn't include the request body in the hash. This is closer to a shared secret than a real HMAC. Rotate the key if it leaks, and don't trust a webhook's body alone for high-value actions — re-fetch via the license-verify endpoint before granting access to paid software.

3

Thin public API — no subscriptions, no sale export

The REST API at payhip.com/api/v2 covers only coupon CRUD and license-key operations. There are no endpoints to list sales, manage subscriptions programmatically, or sync customer data. All substantial back-end state must be derived from webhooks (4 event types) or pulled by hand from the dashboard, which is an awkward fit for anything beyond single-store use cases.

4

Sudden account closures for copyright enforcement

Trustpilot and Sitejabber include recurring reports of stores being removed without warning, with Payhip citing copyright infringement on resold, AI-generated, or derivative content. Legitimate sellers in adjacent spaces (prompt packs, stock-asset bundles) have been caught in the sweep. Appeal path is email-only; allow days for a response. Mitigation: only list content you clearly authored, and read the acceptable-use policy before uploading.

5

Affiliate payouts are manual

Payhip's built-in affiliate program tracks referrals and commissions, but it does not pay affiliates — you settle with each affiliate outside the platform (bank transfer, PayPal, etc.). This is fine at 5-10 affiliates; at 200+ it becomes material bookkeeping overhead.

6

Physical-product support is shallow

Payhip can list physical goods, but there is no shipping-rate calculator, no inventory-at-variant-level tracking beyond basics, and no fulfillment integrations (ShipStation, Printful in any deep sense). It is a digital-first platform — if physical SKUs are central to your business, pick Shopify or a dedicated e-commerce host.

7

Checkout remains Payhip-branded

Storefront pages, colors, and embeds are customizable, but the actual checkout page and transactional receipt emails carry Payhip branding and cannot be fully white-labeled to your own domain. If a branded end-to-end checkout flow is a requirement, use Stripe Checkout, Paddle, or Lemon Squeezy.

08

Community Pulse

Sentiment on Payhip is quietly favourable but unevenly distributed across sources. Trustpilot and Sitejabber skew negative in raw star counts — the loudest reviews are sellers reporting sudden store removals for alleged copyright infringement, with email-only appeals that can take days. Independent review sites (EcommerceGold, Blogging Wizard, Capterra) and third-party guides (Dodo Payments, wearefounders.uk) consistently highlight the opposite: easy 10-minute setup, genuinely helpful human support, the cheapest fee structure in the creator-platform tier, and a Pro plan that zeroes out platform fees for high-volume sellers. The consensus playbook: use Payhip to validate and sell digital products cheaply, especially outside the US; accept the partial-MoR scope (EU/UK VAT only), the thin public API, and manual affiliate payouts as the price of low fees; and only upgrade to a full-MoR peer (Paddle, Lemon Squeezy, Polar) once US sales tax nexus becomes a real concern.

💬 Payhip customer reviews — sudden store closures and support silence Trustpilot · 2025
💬 PayHip Reviews — 2.3 stars across 43 reviews on Sitejabber Sitejabber · 2025
💬 Payhip Reviews 2026 — verified pros/cons from paying users Capterra · 2026
💬 Gumroad vs Payhip vs Lemon Squeezy 2026: real pricing compared wearefounders.uk · 2026
💬 Payhip Review [2026]: pricing, features & limits Dodo Payments blog · 2026

Sentiment last updated: April 2026 · We summarize — never copy — community content. Links go to original threads.

09

Changelog

  1. logo

    downloaded official Payhip wordmark SVG from payhip.com and rasterized to 400x110 transparent PNG (avg brightness 111, no dark logo_bg needed)

  2. pricing

    added initial pricing rows: Free $0/mo + 5%, Plus $29/mo + 2%, Pro $99/mo + 0%, processor pass-through, EU/UK VAT included, no US/CA/AU sales tax handling; refund/chargeback/FX marked unverified (not publicly documented)

  3. availability

    populated availability by processor: Stripe (40+ countries), regional processors (Paystack, Flutterwave, Mercado Pago, PayTabs, Razorpay, Iyzico, Midtrans, Xendit, PayU, Mollie, Square), and the NOT-available sanctioned-region row

  4. features

    populated 16 features covering digital downloads, online courses, memberships, coaching, physical products (partial), license keys v2, affiliate program (partial — manual payouts), coupons, EU/UK VAT MoR, webhooks (4 events), public API v2 (partial), upsells, email marketing, custom checkout (partial), and collaborations revenue split

  5. security

    documented PCI DSS via processor, partial MoR status (EU/UK VAT only), free TLS, 3DS at processor layer, refund-policy chargeback defense, the weak webhook signature scheme (sha256 of API key, not HMAC over payload), and the absence of documented 2FA

  6. pitfalls

    documented 7 pitfalls: partial-MoR scope, weak webhook signature, thin public API, copyright-enforcement account closures, manual affiliate payouts, shallow physical-product support, and non-white-label checkout

  7. community

    wrote community pulse summary and linked 5 sources (Trustpilot, Sitejabber, Capterra, wearefounders.uk, Dodo Payments) — no substantial Reddit thread corpus exists for Payhip specifically, so sentiment sources are review platforms and third-party guides

  8. trust_score

    initial trust score calculated: overall 68/100. Notable dimensions — payout_reliability 80 (processor pass-through structurally limits hold risk), developer_experience 55 (thin API, weak webhook signature), account_stability 60 (copyright closures), track_record 78 (14 years bootstrapped, no major incidents)

  9. integration_prompt

    generated stack-agnostic integration prompt covering hosted checkout, webhook signature verification (with the caveat that the signature is sha256 of API key, not HMAC over payload), v2 license verification via product-secret-key, subscription state handling via events (no read endpoint available), and partial-MoR edge cases

Back to Gateway Index

LearnWithHasan.com · Payment Gateway Index · No affiliate links · Builder-first