docs(content): add use-case pages, Dashboard + Secure Payment tools pages

[rodrigopavezi]

Build out the new Use Cases tab and Tools section around the actual product
surface (Dashboard, Secure Payment, v2 API).

New use-case pages:

• quickstart.mdx — canonical end-to-end walkthrough adapted from the
  payment-destinations-and-payment-links reference; spine of the tab
• no-code-payment-links.mdx — Dashboard-only flow for freelancers/SMBs
• programmatic-payment-links.mdx — server-side flow with TS/Python/cURL
  side-by-side EVM and Tron examples
• multi-chain-checkout.mdx — Li.Fi cross-chain payer story
• batch-payouts.mdx — EVM-only mass payouts with worked examples
  (marketplace, refund, payroll) and explicit Tron exclusion
• webhook-reconciliation.mdx — production-ready handler with HMAC
  verification, idempotency, retry-aware error handling, and event routing
  for all 12 event types
• welcome.mdx rewritten as a three-card hero (Dashboard / Secure Payment /
  API) with refreshed Get Started cards

New tools/ pages:

• tools/dashboard.mdx — feature reference for dashboard.request.network
  with EVM and Tron sign-in tabs side by side, destinations, Client IDs,
  Get Paid, Pay
• tools/secure-payments.mdx — feature reference for pay.request.network
  with payer flow, wallet support (EVM + Tron columns), Li.Fi cross-chain,
  defense-in-depth, error states

docs.json:

• Added "Use Cases" group with 5 new pages
• Added "Tools" group in Resources tab
• Added tools/dashboard to API Setup group

[rodrigopavezi]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• docs(kyt): document KYT-screened payments as a use case + payee-destination field #94
• docs(secure-payments): document redirectUrl + redirectLabel #93
• docs(verify): fix broken cross-refs surfaced by mintlify broken-links #92
• docs(scripts): add Playwright screenshot capture scaffolding #91
• docs(content): add use-case pages, Dashboard + Secure Payment tools pages #90 👈 (View in Graphite)
• docs(content): refresh Tron coverage, batch-payment EVM scope, webhook 12-event list #89
• docs(nav): restructure navigation, remove legacy pages, retire Portal #88
• docs: fix broken links and clarify edge cases #87
• docs: add missing feature documentation for recent API changes #86
• docs: fix implementation discrepancies across API docs #85
• docs: remove beta banner and legacy SDK tab #78
• Remove AI-generated content warnings and update internal links #77
• docs(lifecycle): replace external image with local asset and remove AI-generated warning #76
• docs: remove AI-generated content warnings and simplify Request Scan page #75
• docs(resources): remove community page from navigation #74
• docs(supported-chains): add Tron network support and enhance currency documentation #73
• docs(supported-chains): streamline supported chains and currencies documentation #72
• docs(api-reference): add v2 endpoints overview and switch docs OpenAPI to v2-only spec Improve API Reference navigation by introducing a dedicated Endpoints Overview page in docs and wiring Mintlify OpenAPI rendering to a local v2-only spec. - add `api-re #71
• docs(authentication): simplify auth guide with API key vs Client ID methods and remove AI-generated content #70
• docs(fee-breakdowns): rewrite to focus on API response locations and reconciliation usage #69
• docs(protocol-fees): add protocol fees documentation and navigation #68
• docs(platform-fees): simplify configuration guide and remove AI-generated content warning #67
• docs(query-payments): rewrite with practical implementation focus and remove AI warning #66
• docs(query-requests): simplify and refactor query requests documentation for practical implementation #65
• docs(payment-detection): simplify content and remove AI warning #64
• docs(partial-payments): rewrite with step-by-step implementation guide and clarify API usage #63
• docs(standard-payments): remove AI warning, restructure content with step-by-step flow, and update API references #62
• docs(conversion-payments): rewrite with step-by-step implementation guide and remove AI-generated warning #61
• docs(payment-types): simplify overview and add payment type selection guidance #60
• docs(crypto-to-fiat): expand comprehensive guide with sandbox access, compliance flows, and implementation details #59
• docs(recurring-payments): rewrite with comprehensive workflow, security details, and practical implementation guide #58
• docs(batch-payments): add comprehensive implementation guide with examples, workflow diagrams, and demo videos #57
• docs(crosschain-payments): replace AI-generated content with comprehensive implementation guide #56
• docs(create-requests): rewrite with workflows, examples, and remove AI warning #55
• feat: add complete integration tutorial with Node.js backend and React frontend #54
• docs(getting-started): remove AI warning and refactor to focus on practical payment integration #53
• docs(api-portal): remove AI warning, add local screenshot, and update .gitignore #52
• docs: remove release notes section and streamline use cases to core features #51
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[greptile-apps]

Greptile Summary

This PR adds a full Use Cases tab (quickstart, no-code links, programmatic links, multi-chain checkout, batch payouts, webhook reconciliation) and two new Tools reference pages (Dashboard, Secure Payment), wiring them together with consistent cross-links and a refreshed landing page.

• docs.json registers all new pages and adds a "\ud83d\udee0\ufe0f Tools" group, but tools/dashboard is listed both in the "API Setup" group and in the new "Tools" group, which will render as two sidebar entries pointing to the same page.
• use-cases/programmatic-payment-links.mdx uses <Tabs> for TypeScript/Python/cURL examples where the style guide requires <CodeGroup>, and the inline HMAC snippet compares string lengths rather than buffer lengths before calling timingSafeEqual.

Confidence Score: 4/5

Safe to merge after confirming whether the duplicate tools/dashboard entry in docs.json is intentional.

All new pages are well-structured and internally consistent. The duplicate tools/dashboard entry in docs.json will produce two sidebar links to the same page unless the cross-listing is deliberate. The inline HMAC snippet in programmatic-payment-links has a subtle string-vs-buffer length check inconsistency, and the multi-language code block uses the wrong Mintlify component — both are documentation quality issues rather than functional blockers.

docs.json (duplicate dashboard entry) and use-cases/programmatic-payment-links.mdx (component choice and HMAC snippet)

Important Files Changed

Filename	Overview
docs.json	Adds Use Cases and Tools nav groups; tools/dashboard is listed twice (API Setup group + Tools group), which may create duplicate sidebar entries.
use-cases/programmatic-payment-links.mdx	New page with TypeScript/Python/cURL examples; uses <Tabs> where <CodeGroup> is required per style guide, and the HMAC verify snippet checks string length rather than buffer length before timingSafeEqual.
use-cases/webhook-reconciliation.mdx	New page with a production-ready webhook handler; correctly uses buffer-length comparison before timingSafeEqual, Redis idempotency key, and covers all 12 event types.
use-cases/quickstart.mdx	New comprehensive end-to-end walkthrough; well-structured with troubleshooting table, full chain/token reference, and consistent cross-links to other use-case pages.
tools/dashboard.mdx	New Dashboard feature reference page; EVM/Tron Tabs usage is appropriate (platform-specific content), images properly wrapped in <Frame>, clear limitations section.
tools/secure-payments.mdx	New Secure Payment feature reference; thorough coverage of wallet support, cross-chain Li.Fi routing, Tron limitations, and error states.

Sequence Diagram

sequenceDiagram
    participant U as User / Developer
    participant D as Dashboard
    participant A as Auth API
    participant R as Request API
    participant SP as Secure Payment
    participant W as Webhook Handler

    U->>D: Step 1 — Sign in with EVM/Tron wallet
    D-->>U: session_token cookie (15 min idle TTL)
    U->>D: Step 2 — Create payment destination
    D-->>U: destinationId (ERC-7828 format)
    U->>D: Step 3 — Generate Client ID
    D->>A: POST /v1/client-ids
    A-->>U: clientId
    U->>A: Step 4 — POST /v1/webhook (x-client-id)
    A-->>U: webhookId + secret (shown once)
    U->>R: Step 5 — POST /v2/secure-payments
    R-->>U: securePaymentUrl + requestIds
    U->>SP: Share securePaymentUrl with payer
    SP->>SP: Payer connects wallet, picks chain/token
    SP->>SP: Li.Fi cross-chain swap (if needed)
    SP-->>W: payment.confirmed webhook (HMAC-SHA256)
    W-->>SP: 200 OK (idempotent, deduped on delivery ID)

Loading

_{Reviews (1): Last reviewed commit: "docs(content): add use-case pages, Dashb..." | Re-trigger Greptile}

[greptile-apps]

Duplicate nav entry for tools/dashboard

tools/dashboard appears twice in docs.json: once inside the "API Setup" group and again in the new "🛠️ Tools" group. If this is intentional cross-listing, it will render as two separate sidebar links pointing to the same page, which can confuse readers and signal a navigation design inconsistency. If cross-listing is desired, consider using a relative link/alias rather than duplicating the page path — or confirm this duplication is intended and add a comment.

[greptile-apps]

Use <CodeGroup> for multi-language code examples — the AGENTS.md style guide states to use <CodeGroup> when showing the same concept in multiple programming languages, and <Tabs> for platform-specific alternative approaches. TypeScript/Python/cURL for the same POST /v2/secure-payments call is a multi-language example and should use <CodeGroup>.

Suggested change

	<Tabs>
	<Tab title="TypeScript / Node.js">
	```typescript
	const response = await fetch("https://api.request.network/v2/secure-payments", {
	method: "POST",
	headers: {
	"Content-Type": "application/json",
	"x-client-id": process.env.RN_CLIENT_ID!,
	},
	body: JSON.stringify({
	requests: [
	{
	destinationId:
	"0x6923831ACf5c327260D7ac7C9DfF5b1c3cB3C7D7@eip155:8453#ABCD1234:0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
	amount: "100",
	},
	],
	reference: order.id,
	payerIdentifier: customer.email,
	}),
	});
	const { securePaymentUrl, requestIds, token } = await response.json();
	// Send securePaymentUrl to the customer (redirect, email, etc.)
	```
	</Tab>
	<Tab title="Python">
	```python
	import os
	import requests
	response = requests.post(
	"https://api.request.network/v2/secure-payments",
	headers={
	"Content-Type": "application/json",
	"x-client-id": os.environ["RN_CLIENT_ID"],
	},
	json={
	"requests": [
	{
	"destinationId": (
	"0x6923831ACf5c327260D7ac7C9DfF5b1c3cB3C7D7"
	"@eip155:8453#ABCD1234:"
	"0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"
	),
	"amount": "100",
	}
	],
	"reference": order.id,
	"payerIdentifier": customer.email,
	},
	)
	data = response.json()
	secure_payment_url = data["securePaymentUrl"]
	```
	</Tab>
	<Tab title="cURL">
	```bash
	curl -X POST "https://api.request.network/v2/secure-payments" \
	-H "Content-Type: application/json" \
	-H "x-client-id: $RN_CLIENT_ID" \
	-d '{
	"requests": [
	{
	"destinationId": "0x6923831ACf5c327260D7ac7C9DfF5b1c3cB3C7D7@eip155:8453#ABCD1234:0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
	"amount": "100"
	}
	],
	"reference": "ORDER-2026-042",
	"payerIdentifier": "alice@example.com"
	}'
	```
	</Tab>
	</Tabs>
	<CodeGroup>

Context Used: AGENTS.md (source)

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

[greptile-apps]

String-length check instead of buffer-length check before timingSafeEqual — signature.length === expected.length compares the raw hex string lengths, not the decoded buffer lengths. If signature contains non-hex characters, Buffer.from(signature, "hex") silently drops them and produces a shorter buffer, causing timingSafeEqual to throw a TypeError instead of returning false. The authoritative reference implementation in webhook-reconciliation.mdx correctly creates buffers first and compares their .length properties.

Suggested change

	const ok =
	signature.length === expected.length &&
	timingSafeEqual(Buffer.from(signature, "hex"), Buffer.from(expected, "hex"));
	const sigBuf = Buffer.from(signature, "hex");
	const expBuf = Buffer.from(expected, "hex");
	const ok =
	sigBuf.length === expBuf.length &&
	timingSafeEqual(sigBuf, expBuf);