Accepting cryptocurrency payments directly on your own domain gives you full control over your revenue stream. Unlike third-party processors like Stripe or PayPal that charge 2.9% + fees, require extensive KYC, and can freeze accounts arbitrarily, a self-hosted USDT TRC-20 gateway costs pennies per transaction and puts you in complete control.
This guide walks through deploying a production-ready payment gateway using Cloudflare Workers. The complete package is available as the Self-Hosted USDT Payment Gateway product on automoney-store.
Architecture Overview
The gateway consists of three components: a Cloudflare Worker that handles payment verification, a static frontend for the checkout interface, and the Tron blockchain for transaction processing. The Worker uses the Tronscan API to verify transaction status without running a full Tron node. This keeps infrastructure costs near zero.
Before deploying, generate your wallet address using a TRC-20 compatible wallet (Trust Wallet, TronLink, or MetaMask with Tron network). Fund it with ~50 TRX for transaction fees. Use the USDT TX Verifier tool to test transaction verification before deploying your production system.
Step 1: Deploy the Verification Worker
Create a new Cloudflare Worker with the following endpoint structure. The Worker listens for POST requests to /api/verify-payment. When a customer submits a transaction ID (TXID), the Worker queries Tronscan API to confirm: the transaction hash exists, the amount matches the product price, the destination address is correct, and the transaction has sufficient confirmations. On successful verification, the Worker generates a time-limited download URL and returns it to the customer.
Step 2: Create the Checkout Frontend
Build a simple HTML page for each product. Include: your wallet address displayed prominently, the exact USDT price (TRC-20 only), a text input for the TXID, and a submit button that posts to your Worker. Add clear instructions showing users how to find their TXID in Trust Wallet or TronLink. Include FAQPage schema markup to help AI search engines understand your payment process.
Step 3: Implement Delivery Automation
When payment is verified, your Worker should: generate a cryptographically signed download token (valid for 24 hours), store the token-product mapping in KV, send a confirmation email with the download link, and log the transaction for your records. Use Workers KV for token storage — it is fast, globally distributed, and costs virtually nothing for this use case.
Step 4: Security Hardening
Rate limit your verification endpoint to 10 requests per minute per IP. Validate all inputs server-side — never trust client-side price checks. Use environment variables for your wallet address and API keys. Implement a webhook endpoint for zero-confirmation payment detection. Add CORS headers only for your own domain. Monitor Tronscan for unexpected transactions to your wallet.
Test the complete flow with a small test payment from a second wallet. Verify the Worker detects the transaction, generates the token, and delivers the download. Use the SSL Checker to confirm your domain has valid HTTPS before going live.
Operational Costs
Cloudflare Workers free plan includes 100,000 requests/day, more than enough for most stores. Tronscan API is free with rate limits. TRX transaction fees are ~$0.30 per payment received. Total monthly cost for a small store: approximately $1-2 in TRX fees. Compare this to 2.9% + $0.30 per transaction with Stripe, and the savings become obvious. For a $50 product, Stripe charges $1.75 while the self-hosted gateway costs $0.30.