# Payment Session

A payment session is a single-use, time-boxed flow that lets one of your contractors add or update their credit card on a secure page hosted by 1099Policy, then return to a URL you control. The contractor reaches the page via a one-time link that 1099Policy issues from your `POST` — the link expires and becomes invalid after the flow completes. Card data never touches your servers; tokenization happens client-side against our PCI-compliant payment provider.

You create a session on your server with the contractor's ID and a `return_url` of your choosing. We return a single-use URL that you redirect the contractor to. When they complete (or cancel) the flow, we redirect them back to your `return_url` and emit a signed `payment.session.completed` (or `.cancelled`, `.expired`) webhook event to the endpoint you have configured for 1099Policy webhooks.

Before using this endpoint, 1099Policy must have configured your organization's allowed `return_url` hostnames. Contact support to onboard.

Query parameters appended to the `return_url` on redirect (`hps_id`, `status`) are for your UX only and must not be the basis for any entitlement decision. The signed webhook is the source of truth for outcome.


## Operations

[Powered by Bump.sh](https://bump.sh)