diff --git a/lnurlw/lnurlw_callback.go b/lnurlw/lnurlw_callback.go
index a2e2a0f..b5d5a61 100644
--- a/lnurlw/lnurlw_callback.go
+++ b/lnurlw/lnurlw_callback.go
@@ -38,6 +38,18 @@ func lndhub_payment(w http.ResponseWriter, p *db.Payment, bolt11 decodepay.Bolt1
 		return
 	}
 
+	// check amount limits
+	invoice_sats := int(bolt11.MSatoshi / 1000)
+
+	//check the tx limit
+	if invoice_sats > c.Tx_limit_sats {
+		log.WithFields(log.Fields{"card_payment_id": p.Card_payment_id}).Info("invoice_sats: ", invoice_sats)
+		log.WithFields(log.Fields{"card_payment_id": p.Card_payment_id}).Info("tx_limit_sats: ", c.Tx_limit_sats)
+		log.WithFields(log.Fields{"card_payment_id": p.Card_payment_id}).Info("over tx_limit_sats!")
+		resp_err.Write(w)
+		return
+	}
+
 	//lndhub.auth API call
 	//the login JSON is held in the Card_name field
 	// as "login:password"
@@ -98,6 +110,14 @@ func lndhub_payment(w http.ResponseWriter, p *db.Payment, bolt11 decodepay.Bolt1
 		return
 	}
 
+	// update paid_flag so we only attempt payment once
+	err = db.Update_payment_paid(p.Card_payment_id)
+	if err != nil {
+		log.WithFields(log.Fields{"card_payment_id": p.Card_payment_id}).Warn(err)
+		resp_err.Write(w)
+		return
+	}
+
 	// https://github.com/fiatjaf/lnurl-rfc/blob/luds/03.md
 	//
 	// LN SERVICE sends a {"status": "OK"} or