Managing your wallet
The wallet UI lives at www.misar.io/wallet. Every Misar product links here to view balance and top up, then returns you to where you came from.
There is one place to view your balance, top up, and read your transaction history: the centralized wallet page on misar.io.
https://www.misar.io/wallet
Every Misar product — MisarMail, MisarBlog, MisarReach — shows a Manage wallet link instead of its own balance/top-up UI. Following it brings you here. Spending still happens inside each product (server-side, via the deduct API) — only viewing and topping up are centralized.
One wallet, one page
The wallet moved out of each product's settings into misar.io so there is a single source of truth. The old /dashboard/wallet path still works — it redirects to /wallet.
Cross-product return — ?returnTo
When a product sends you to the wallet, it appends a returnTo query parameter pointing at the exact page you came from:
https://www.misar.io/wallet?returnTo=https://reach.misar.io/settings?tab=billing
The wallet page then:
Shows a Back to <product> link
Derived from the returnTo subdomain (e.g. reach.misar.io → "Reach").
Returns you after top-up
The Stripe success URL is built from returnTo, so after payment you land back on the exact product page with ?wallet_topup=success.
Validation (open-redirect safety)
returnTo is only honored when it is a relative path or an absolute URL on a *.misar.io host. Anything else is ignored and the user falls back to the dashboard. The same *.misar.io allowlist is enforced server-side when building the Stripe top-up session, so a service-key caller cannot craft an off-platform redirect.
returnTo value | Honored? |
|---|---|
/settings | ✅ relative path on misar.io |
https://reach.misar.io/settings?tab=billing | ✅ misar.io subdomain |
https://mail.misar.io/inbox/inbox | ✅ misar.io subdomain |
https://evil.com/phish | ❌ ignored → dashboard |
Linking from a product
To send a user to the wallet and bring them back, build the link with the current page as returnTo:
const manageWalletHref =
`https://www.misar.io/wallet?returnTo=${encodeURIComponent(currentPageUrl)}`;After a successful top-up the user returns to currentPageUrl with ?wallet_topup=success&session_id=… appended — handle or ignore those params gracefully on the landing page.