Command Line Interface (CLI)¶
instapay-eg comes with a built-in command-line interface that allows you to parse share-sheet text and perform security audits directly from your terminal.
Parsing Links (instapay parse)¶
The parse command extracts the underlying deep link from the multi-line text generated by the InstaPay app. It validates the handle and the token, ensuring the link is safe and fully functional.
$ instapay parse "https://ipn.eg/S/alice/instapay/2DcFGv Click the link to send money to alice@instapay Powered by InstaPay"
┌─────────────────────────────────────────┐
│ InstaPay Link Parser │
├─────────────────────────────────────────┤
Link: https://ipn.eg/S/alice/instapay/2DcFGv
Handle: alice
Format: alice@instapay
Token: 2DcFGv
Safe: ✅ Yes
└─────────────────────────────────────────┘
Auditing URLs (instapay audit)¶
The audit command accepts a URL (not raw multi-line text) and runs a rigorous security scan against it to detect phishing domains, injection payloads, or missing deep link identifiers (like /S/).
# Auditing a perfectly valid deep link:
$ instapay audit "https://ipn.eg/S/alice/instapay/2DcFGv"
┌─────────────────────────────────────────┐
│ InstaPay Security Audit │
├─────────────────────────────────────────┤
URL: https://ipn.eg/S/alice/instapay/2DcFGv
Status: ✅ SAFE
─────────────────────────────────────
HTTPS: ✅ Valid
Domain: ✅ ipn.eg ✓
Injection: ✅ None detected
Phishing: ✅ No pattern match
└─────────────────────────────────────────┘
# Auditing a URL that is missing the /S/ deep link identifier:
$ instapay audit "https://ipn.eg/alice/instapay/2DcFGv"
┌─────────────────────────────────────────┐
│ InstaPay Security Audit │
├─────────────────────────────────────────┤
URL: https://ipn.eg/alice/instapay/2DcFGv
Status: ❌ UNSAFE - DO NOT USE
─────────────────────────────────────
HTTPS: ✅ Valid
Domain: ✅ ipn.eg ✓
Injection: ✅ None detected
Phishing: ✅ No pattern match
─────────────────────────────────────
Reason: URL path contains disallowed characters.
└─────────────────────────────────────────┘