A payment session is a single-use, time-boxed flow that lets one of your contractors add or update their credit card on a secure page hosted by 1099Policy, then return to a URL you control. The contractor reaches the page via a one-time link that 1099Policy issues from your POST — the link expires and becomes invalid after the flow completes. Card data never touches your servers; tokenization happens client-side against our PCI-compliant payment provider.
You create a session on your server with the contractor's ID and a return_url of your choosing. We return a single-use URL that you redirect the contractor to. When they complete (or cancel) the flow, we redirect them back to your return_url and emit a signed payment.session.completed (or .cancelled, .expired) webhook event to the endpoint you have configured for 1099Policy webhooks.
Before using this endpoint, 1099Policy must have configured your organization's allowed return_url hostnames. Contact support to onboard.
Query parameters appended to the return_url on redirect (hps_id, status) are for your UX only and must not be the basis for any entitlement decision. The signed webhook is the source of truth for outcome.