© 2026 Della Group. All Rights Reserved.
Okay, so most people jump straight into generating a QR code for Solana Pay and think, "Cool, payment's done when they scan it." But nah. That's where it all goes wrong. You gotta verify it on chain first, or you're basically trusting a stranger's wallet screenshot. Happened to me once-lost track of a 5 SOL payment 'cause I didn't check the blockchain. Why does this matter? 'Cause Solana's fast, like sub second finality, but without verification, you might ship goods before the tx even lands.
The right way? Use Solana Pay's built in tools to hunt down the transaction with a unique reference, then validate it matches your expected amount and recipient. It's dead simple once you set it up. In my experience, this saves headaches 90% of the time.
Solana Pay lets you create these magic URLs or QR codes that wallets like Phantom or Backpack can scan and pay instantly-no wallet connect BS. It's for SOL or SPL tokens like USDC. Fees? Tiny, around 0.000005 SOL per tx. Super cheap compared to Ethereum's gas wars.
But here's the thing: it's not just payments. You can add memos, labels, messages-stuff to track orders. And verification? That's the secret sauce. We'll get into code that polls the chain every 250ms till it confirms. Pretty much instant feedback.
Look, if you're new, grab Node.js, then hit npm for the essentials. I usually start with a Next.js app 'cause it's quick for QR display. But you can do vanilla JS too.
Install these:
npm init -y
npm i @solana/web3.js @solana/pay qrcode react qr code
npm i -D typescript @types/nodeConnect to a RPC like Helius or QuickNode-devnet for testing, mainnet later. Grab a free endpoint. In my experience, QuickNode's solid, like 99.9% uptime. Set commitment to 'confirmed' for verification-finalized if you're paranoid, but confirmed's fast enough, lands in ~1-2 seconds.
const url = encodeURL({ recipient, amount, reference, label: 'Your Store', message: encodeURI('Order #123'), memo: 'Coffee payment' });url.toString(). Boom, scan ready.What's next? User scans with Phantom, approves. Tx flies to Solana. But don't celebrate yet.
Pro tip: Always generate reference on backend. Frontend can be tampered with. Sound familiar? Yeah, me too early on.
This is where noobs fail. After QR shows, kick off a loop. Use findReference(connection, reference, { finality: 'confirmed' }). It queries signatures for that reference. Promise with setInterval(250ms) till it hits.
Once found? Validate. validateTransfer(connection, signature, { recipient, amount, splToken? }). Checks: right amount to right wallet, memo matches if you set one. If it throws, payment's bunk-wrong amount or duped.
Here's a snippet I copy paste everywhere:
async function checkPayment() { setPaymentStatus('pending'); let signatureInfo; const interval = setInterval(async () => { try { signatureInfo = await findReference(connection, reference, { finality: 'confirmed' }); clearInterval(interval); // Now validate await validateTransfer(connection, signatureInfo.signature, { recipient, amount }); setPaymentStatus('validated'); // Show green check! } catch (e) { if (!(e instanceof FindReferenceError)) console.error(e); } }, 250);
}Short ones fail fast. Long ones? Add timeout after 30s. Solana tx expire quick anyway, ~60s blockhash life.
Tx not found? Check reference is PDA or random, not reused. Wallets like Phantom must support Solana Pay-most do now.
Validation fails? Memo order matters: Put memo before transfer instruction. Solana Pay spec demands transfer last.
SPL tokens? Add splToken: new PublicKey('EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v') // USDC. Get associated token accounts first.
Okay, let's compare. Seller generates, buyer pays, seller verifies.
| Step | Seller (You) | Buyer |
|---|---|---|
| 1. Prep | Input amount, your wallet, gen reference | Scan QR or click link |
| 2. Tx | Show QR | Wallet parses URL, signs, sends |
| 3. Verify | Poll findReference + validateTransfer | Sees tx on explorer |
| Time | ms-2s | Instant |
| Fee | You pay ~0.000005 SOL | Buyer pays tx fee |
See? Seller does the heavy lift on verify. Buyer just vibes.
SOL's easy, but tokens? Step up. For USDC (mint EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v), add spl token to URL.
Buyer side: Wallet auto gets/creates ATA (associated token account). Use createTransferCheckedInstruction instead of SystemProgram.transfer.
getOrCreateAssociatedTokenAccount for payer/recipient.Issue? No ATA? Wallet handles, but verify catches if recipient didn't get it. Fees still ~0.000005 SOL + token ATA rent if new (~0.002 SOL refundable).
I usually slap this in React/Next.js. Inputs for address/amount, blue button "Create QR". Below: QR or "Pending.." spinner, then green "Validated!"
Styles? Tailwind: flex center, bg blue-500 hover:bg blue-700. Add status text: pending yellow, confirmed green.
Don't forget: Hide QR on validate. Show explorer link: solana.fm/tx/{signature}?cluster=mainnet.
Scaling it? Backend with Express. Webhook from Helius for instant notifies-no polling. But polling's fine for small stuff, costs zilch.
Honest talk: References must be unique per payment. Reuse? findReference grabs wrong tx. Generate fresh: Keypair.generate().publicKey.
Blockhash expires ~90s. If buyer sleeps, tx drops. Retry? New URL.
Multi sig? Validate checks owner sigs implicitly via on chain.
Fraud? Always validate amount/recipient. Don't trust wallet pops.
In my experience, 1% payments fail validation-usually wrong decimals. Log errors, refund if needed.
Don't burn real SOL. Switch connection to devnet: new Connection('https://api.devnet.solana.com'). Airdrop 2 SOL to test wallets: solana airdrop 2.
Run buyer sim in another terminal: Parse URL, fake payer Keypair, sendAndConfirmTransaction. Verify fires green.
Pro move: Two tabs, one seller UI, one buyer console. Feels real.
Merchants? Integrate checkout: Cart total → gen URL → QR. Post verify, email receipt, fulfill order.
High volume? Batch references, use durable nonces for retries (advanceNonce ix first).
Mobile? QR shines. Desktop? "Pay with Solana" button opens phantom:// url.
Tokens beyond USDC? Bonk? Same deal, grab mint addr from solscan.io.
That's the flow. Been running this for months, processed hundreds of tx. Tweak for your app, test hard. Questions? Hit me up, we'll debug.
Sometimes plain transfer ain't enough. Say, escrow release? After validateTransfer, parse tx instructions. Check custom programs called.
Code: getTransaction(signature, {commitment: 'confirmed'}).then(tx => tx.transaction.message.instructions). Introspect for your prog ID.
Why? Payments + actions, like NFT mint on pay. Solana Pay URLs support any tx type.
Mix short. Boom.
One more: Expiry. Add timestamp to message, reject old refs in validate.
© 2026 Della Group. All Rights Reserved.