Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Our latest Deposits API is focused on simplicity, usability and personalization and it is used to allow your customers to deposit with their local payment methods of preference.
We work as a bridge between you and your customer's local payment methods such as banks, e-wallets, credit cards among others.
With only one integration, you have access to the most popular payment methods in the emerging markets.
In order to make that possible, we have developed our API v3 of Deposits allowing you to create payments directly from your own cashier or from one of ours in case you want us to take care of the fields needed for each country and payment method.
Our API v3 of deposits is meant to be used on the way that fits best to your needs and technical requirements.
With only one API, you can opt for different integrations:
OneShot Experience: You collect, validate and send all the details required for the payment, and you display the payment's metadata directly on your website or redirect the customers to the payment page.
Hosted Checkout Experience: We take the user to a checkout page to complete missing payment details manually. This flow is triggered as Oneshot experience fallback flow.
V3 PCI: You collect and send to us the Credit Card details for processing. The payment is approved/rejected instantaneously. A PCI certificate is required for this integration.
Start testing all the API features with our Postman collection here.
The OneShot Experience is an integration where you send all the details required for the deposit and the customer itself and we will return you the metadata of the payment for you to build the payment page on your own website or a URL to redirect the customer to the payment page!
We call it OneShot because the customer only has to generate the payment on your cashier and pay.
Once the payment is generated, we will send a field specifying whether the payment experience can be done OneShot: native on your cashier with the metadata we give you or with Redirect.
This integration offers a more personalized user experience, as the user won't leave your site but for pay (if at all).
In order to make the payment creation process as smoother as possible and to avoid errors, in case you don't send a field that is required for the payment method/country, we will take care of it by asking the missing information to the customer on our Hosted Checkout instead of declining the payment😉 .
With this integration, it is a good idea to ask the customer to fill in their details only once and store them in your database so you don't have to ask them for those details each time and instead, you send us the information directly from your database. In case they need to modify something, they should do it from their profile and not from your cashier.
The Hosted Checkout Experience is an integrating solution where you only need to send basic details about the deposit itself, and we will generate a link you will use to redirect your customers to our Hosted Checkout where we will prompt them for any missing details like the payment method, the document, email and full name.
Once integrated, adding new payment methods and countries with this integration requires no further development on your end since we will take care of the user experience!
With this integration, you only need to send the amount and the country of the deposit and we will handle the rest. The customers will be able to choose the payment method on our Checkout, input their data and pay.
The Hosted Checkout Experience, allows you to personalize our Checkout by sending details like the payment_type to group our payment methods on different sections of your page, the bonus_amount or a strikethrough_amount to show a promo on our Hosted Checkout, the description to show them what they are paying for or even your own logo so the customer can see it on our Hosted Checkout. All of that, with only one integration described here.
The API V3 PCI for Credit Cards Processing allows you to build your own Credit Card checkout form to collect and send to us the customer's credit card details, allowing for a Seamless experience without redirecting the customer to an external checkout.
Follow this steps to start processing payments with the Zimopagos Deposits API:
1 - Sign Up: Create your merchant account in our Merchant Panel.
2 - Get Credentials: After your account has been activated, you will have access to your Staging (STG) Merchant Panel where you will need to
Whitelist your IPs
Retrieve your API Keys
Than can be done by going to Settings -> API Access.
3 - Integrate the APIs: Follow the instructions over this documentation to integrate our Deposits APIs.
In order to move your account from STG to PRODUCTION, there are a few tests you need to check you are able to do:
4 - Go Live: Once you have completed the tests required in step 3, Request Go Live on the Home of the STG Merchant Panel to generate your account in our Production environment.
We will review your tests, if everything is fine you will receive an email to activate your account on our production environment. In case there is something missing, we will let you know!
5 - Process payments: Get the production credentials, whitelist your IPs on the production environment and start processing your payments with Zimopagos!
Don't get stuck! In case you have any technical doubts not covered on this documentation, reach out to [email protected] for assistance.
In order for you to start testing our Deposits APIs right away, we have prepared a Postman Collection you can use to test and validate your integration along with the functionalities we offe
Make sure you replace the login and secretKey values with your own API Key and API Signature deposit credentials
Check the list of Payment Methods available on each American country
Learn how to integrate all of our Deposits endpoints
Welcome to Zimopagos APIs documentation page.
Here you will find all you need to know to integrate our products to start sending and receiving payments from your customers.
Our main Payment Processing APIs are listed below. Within each one of them you may find resourceful endpoints to consume and build a seamless integration.
For world-class UX and integration, we strongly suggest the use of our Deposits API OneShot Experience flow! 🚀
Learn how to integrate all of our Cashouts endpoints
Learn about our Payment Methods
You can retrieve the payment methods your account has enabled by using the
On the Merchant Panel you can check what Payment Methods your account has enabled by going to the "Payment Methods" section on the left menu. The Payment Method availability is real time updated on the panel.
Notice that not every payment method is available in Staging. Check on each country's table the available ones.
Some methods may not be available within an iframe due to our processor's security requirements. Check on each country's table the available ones. In those cases, we will ask the customer to open the payment page on a new window.
The checkouts may differ between STG and PROD in the cases we use different providers.
Some payment methods allows you to display the payment information directly on your website, without having to redirect the customer to an external website. Those methods are so called "ONE_SHOT" and are part of our . When creating a payment of this kind, we will return you all the fields you need to display to your customer on a and a URL to redirect the customer in case the payment requires so.
In case the flow is "REDIRECT", we will generate a link so that you can redirect the customer to the page where they will insert any missing details and see the payment instructions.
The ONE_SHOT and REDIRECT flows depends upon provider's availability. In order for us to provide you with the most efficient service, we may switch between service providers who doesn't support ONE_SHOTflows, hence your cashier should be able to adapt to both scenarios.
Cashouts API v3 Introduction
Find below the description of a cashout flow using the D24 cashouts integration:
1 - Upon your customer's request, you submit a cashout request through the Cashout-Request API or through the Merchants panel (Transactions -> Withdrawals -> Request Cashout).
2 - Initial validations are performed by the API, such as:
Merchant account balance enough to cover the cashout
Merchant account Transaction/Daily/Monthly limits permit the cashout
Destination Bank Account details are correct.
Customer's details are correct. Eg. Document ID
3 - If the previous step is correct, the cashout is created and remains on PENDING status, otherwise, it's DECLINED. If Pending, it will be then sent to the bank for processing, when that happens, the status is set to DELIVERED.
4 - Once the transaction comes back from the bank, it can be either COMPLETED or REJECTED (by the bank).
There are some cases in which the bank could Confirm the Cashout and then Reject it because the destinatary's bank account was, for any reason, unable to receive the funds. This is a corner case but should be considered when integrating.
In order for you to start testing our Cashouts APIs right away, we have prepared a Postman Collection you can use to test and validate your integration along with the functionalities we offer
We provide you with test credentials to our test environment, but make sure sure you replace the vars apiKey, apiPassphrase and apiSignature in the Pre-req. Scripts" section of all the requests with your own
Learn about how the notifications for refunds works
Every time a refund changes its status, we will send you an asynchronous notification to the notification_url you sent in the refund request or the one you have configured under the section "Settings -> API Access" of our Merchant Panel containing the ID of the refund.
Once received the notification, you should check its new status with the and update it on your end accordingly.
Every time a refund changes its status, we will send you a notification so you can back.
In case that for some reason your server was unable to receive the notification and you returned an HTTP code different than 200, we will retry the notification up to 5 more times or until you respond with HTTP 200, whatever comes first.
The time between each of the 5 notifications attempts will be exponential: 5, 25, 125 and 625 minutes accordingly.
When the notifications fails to be sent, it will be shown like this in our Merchant Panel:
If you see the errors from the screenshot above, it means the refund was successfully completed and the money reached the customer's account/card but suddenly we couldn't notify you. Keep reading to know how to resend the notifications.
In case your system was unable to receive the notification in any of the 5 attempts, you can always check its status with the
If you need to trigger the check status by receiving our notification, once the issue preventing you from receiving our notifications was fixed, you can go to the Merchant Panel, locate the refund and click on the three dots button under the "Status History" section and then "Resend notification" to force a new notification to be sent.
It can take up to 1 minute for the notification to be resent in PROD and 3 on STG.
Flow
Description
ONE_SHOT
In the ONE_SHOT flow, you will receive all the details needed to build a payment page on your own website. For example, the Boleto's number, barcode, expiration, amount, payment link, etc.
REDIRECT
In the REDIRECT flow, we will respond you with a link you should use to redirect your customers so they can pay.
Field
Format
Description
refund_id
Number
ID of the refund. Use this ID to check the status of the refund.
{
"refund_id": 168284
}Learn about how the notifications for deposits works
Every time a deposit changes its status, we will send you an asynchronous notification to the notification_url you sent in the request or the one you have configured under the section "Settings -> API Access -> Confirm URL" containing the ID of the deposit.
Once received the notification, you should check its new status with the Deposit Status Endpoint and update it on your end accordingly.
In the STG environment, in order to test the full flow you can manually set a deposit to COMPLETED / CANCELLED status by login into the STG Merchant Panel and going to Transactions -> Deposits. Those options will change the status of the deposit, therefore sending the respective notification to your notification_url after a few minutes.
Field
Format
Description
deposit_id
Number
ID of the deposit. Use this ID to
{
"deposit_id": 3000000001
}Every time a deposit changes its status, we will send you a notification so you can check its status back.
In case that for some reason your server was unable to handle our notification and you returned an HTTP code different than 2XX, we will retry the notification up to 5 more times or until you respond with HTTP 2XX, whatever comes first.
In case of errors while handling the notification, make sure you will answer with an HTTP code distinct than 2XX, that way we will retry the notification.
The time between each of the 5 notifications attempts will be exponential: 5, 25, 125 and 625 minutes accordingly.
When a notification failed to be sent, it will be shown like this in our Merchant Panel:
If you see the errors from the screenshot above, it means the payment was successfully completed and the money was credited to your account but suddenly we couldn't notify you. Keep reading to know how to resend the notifications.
In case your system was unable to handle the notification in any of the 5 attempts, you can always check its status with the Deposit Status Endpoint.
If you need to trigger the check status by receiving our notification, once the issue preventing you from receiving our notifications was fixed, you can go to the Merchant Panel, locate the deposit (Transactions -> Deposits) and click on the three dots button under the "Status History" section and then "Resend notification" to force a new notification to be sent.
It can take up to 1 minute for the notification to be resent.
Learn how to correctly calculate the Signature Control String to authenticate with the V3 Cashout endpoints
All calls to our Cashouts APIs must contain a Payload-Signature field on the header used to ensure request integrity and to authenticate yourself since you will use your own API Signature (secret key) to generate and encrypt a hash.
It has to be created using HMAC-SHA-256 (RFC 2104) encoding and the payload is made of the entire JSON Payload sent in the body of the requests and notifications.
Use your API Signature to create the HASH
The Payload-Signature field on the header of the requests will contain the hash generated from hashing the entire JSON Payload:
Payload-Signature: HMAC256(jsonPayload)
Example:
Payload-Signature: 223a9dd4784726f1536c926da7dc69155a57612c5c3c1e1b429c367a5eee67cf
The Payload-Signature value is case sensitive and must be sent in lower case.
In case the jsonPayload value is empty, use an empty string instead.
The jsonPayload should be converted to UTF-8 before hashing it to prevent Invalid Signature error when sending characters with different encodings.
Check the examples below on how to calculate the Payload-Signature.
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.net.util.Base64;
String json_payload = "{ \"login\": \"cashout_API_Key\", \"pass\": \"cashout_API_Passphrase\", \"external_id\": \"123456789\", \"document_id\": \"1234567899\", \"document_type\": \"\", \"cashout_type\": \"BANK\", \"beneficiary_name\": \"Test User\", \"beneficiary_lastname\": \"Test User\", \"country\": \"MX\", \"amount\": 2000, \"currency\": \"MXN\", \"email\": \"[email protected]\", \"notification_url\": \"http:\\/\\/zimo-pagos.com\\/notification\", \"bank_code\": \"072\",\"bank_branch\": \"\", \"bank_account\": \"1234567890\", \"account_type\": \"C\", \"address\": \"\"}";
String secretKey = "cashout_secret_key";
Mac hasher = Mac.getInstance("HmacSHA256");
hasher.init(new SecretKeySpec(secretKey.getBytes(), "HmacSHA256"));
String payload_signature = Base64.encodeBase64String(hasher.doFinal(json_payload.getBytes())).toLowerCase();
<?php
$json_payload = '{
"login": "cashout_API_Key",
"pass": "cashout_API_Passphrase",
"external_id": "123456789",
"document_id": "1234567899",
"document_type": "",
"cashout_type": "BANK",
"beneficiary_name": "Test User",
"beneficiary_lastname": "Test User",
"country": "MX",
"amount": 2000,
"currency": "MXN",
"email": "[email protected]",
"notification_url": "http://www.zimo-pagos.com/notification",
"bank_code": "072",
"bank_branch": "",
"bank_account": "1234567890",
"account_type": "C",
"address": ""
}';
$secretKey = "cashout_secret_key";
$payload_signature = strtolower(hash_hmac('sha256', pack('A*', $json_payload), pack('A*', $secretKey)));
?>
using System;
using System.Text;
using System.Security.Cryptography;
string jsonPayload = "{ \"login\": \"cashout_API_Key\", \"pass\": \"cashout_API_Passphrase\", \"external_id\": \"123456789\", \"document_id\": \"1234567899\", \"document_type\": \"\", \"cashout_type\": \"BANK\", \"beneficiary_name\": \"Test User\", \"beneficiary_lastname\": \"Test User\", \"country\": \"MX\", \"amount\": 2000, \"currency\": \"MXN\", \"email\": \"[email protected]\", \"notification_url\": \"http:\\/\\/www.zimo-pagos.com\\/notification\", \"bank_code\": \"072\",\"bank_branch\": \"\", \"bank_account\": \"1234567890\", \"account_type\": \"C\", \"address\": \"\"}";
string secretKey = "cashout_secret_key";
byte[] keyByte = new ASCIIEncoding().GetBytes(secretKey);
byte[] jsonPayloadBytes = new ASCIIEncoding().GetBytes(jsonPayload);
byte[] hashmessage = new HMACSHA256(keyByte).ComputeHash(jsonPayloadBytes);
string payloadSignature = BitConverter.ToString(hashmessage).Replace("-", "").ToLower();
Learn how to calculate and send the Signature header value to verify requests integrity
All the calls to our Deposits APIs will contain an Authorization field on the header used to ensure request integrity and to authenticate yourself since you will use your own secret key (API Signature) to generate and encrypt a hash.
It has to be created using HMAC-SHA-256 (RFC 2104) encoding and the payload must include the following details:
Use your API Signature to generate the Authorization value
The Authorization field on the header of the requests will contain the string "ZIMOPAGOS " plus the hash generated, in the following format:
Authorization: "ZIMO" + HMAC256(X-Date + X-Login + JSONPayload)
Example:
Authorization: ZIMO 223a9dd4784726f1536c926da7dc69155a57612c5c3c1e1b429c367a5eee67cf
The X-Login is your login API Key, it can be retrieved from the Merchant Panel by going to Settings -> API Access -> Deposit credentials -> API Key.
The X-Date is the date in ISO8601 Datetime with Timezone. Format expected: ISO8601 Datetime with Timezone: yyyy-MM-dd'T'HH:mm:ssZ. E.g.: 2020-06-21T12:33:20Z.
The Authorization value is case sensitive and must include all the above mentioned values.
The JSONPayload is the exact same JSON you sent in the body of the request.
In case the JSONPayload value is empty (for example in the status or payment methods endpoints), use an empty string ("") instead.
The JSONPayload should be converted to UTF-8 before hashing it to prevent Invalid Signature error when sending characters with different encodings.
Check the examples in the different languages on how to properly calculate the Signature.
You can also check the code of our SDKs in Java and PHP to see how it is calculated.
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Formatter;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
public static final String AUTHORIZATION_SCHEME = "ZIMO ";
private static final String HMAC_SHA256 = "HmacSHA256";
public static String buildDepositKeySignature(String apiSignature, String xDate, String depositKey, String JSONPayload)
throws NoSuchAlgorithmException, InvalidKeyException, IOException {
byte[] hmacSha256 = null;
Mac mac = Mac.getInstance(HMAC_SHA256);
SecretKeySpec secretKeySpec = new SecretKeySpec(apiSignature.getBytes(StandardCharsets.UTF_8), HMAC_SHA256);
mac.init(secretKeySpec);
hmacSha256 = mac.doFinal(buildByteArray(xDate, apiKey, JSONPayload));
return AUTHORIZATION_SCHEME + toHexString(hmacSha256);
}
private static byte[] buildByteArray(String xDate, String apiKey, String JSONPayload) throws IOException {
ByteArrayOutputStream bos = new ByteArrayOutputStream();
bos.write(xDate.getBytes(StandardCharsets.UTF_8));
bos.write(apiKey.getBytes(StandardCharsets.UTF_8));
if (JSONPayload != null) {
bos.write(JSONPayload.getBytes(StandardCharsets.UTF_8));
}
return bos.toByteArray();
}
private static String toHexString(byte[] bytes) {
Formatter formatter = new Formatter();
for (byte b : bytes) {
formatter.format("%02x", b);
}
return formatter.toString();
}
using System;
using System.Text;
using System.IO;
using System.Security.Cryptography;
namespace Application
{
class Directa24Example
{
public readonly static string AUTHORIZATION_SCHEME = "ZIMO";
private readonly static string HMAC_SHA256 = "HmacSHA256";
public static String buildDepositKeySignature(String apiSignature, String xDate, String depositKey, String jsonPayload)
{
byte[] hmacSha256 = null;
var apiSignatureEncod = Encoding.UTF8.GetBytes(apiSignature);
var hash = new HMACSHA256(apiSignatureEncod);
hmacSha256 = hash.ComputeHash(buildByteArray(xDate, depositKey, jsonPayload));
return AUTHORIZATION_SCHEME + toHexString(hmacSha256).ToLower();
}
private static byte[] buildByteArray(String xDate, String apiKey, String jsonPayload)
{
try
{
MemoryStream stream = new MemoryStream();
var xDateEncod = Encoding.UTF8.GetBytes(xDate);
var apiKeyEncod = Encoding.UTF8.GetBytes(apiKey);
stream.Write(xDateEncod, 0, xDateEncod.Length);
stream.Write(apiKeyEncod, 0, apiKeyEncod.Length);
if (!string.IsNullOrWhiteSpace(jsonPayload))
{
var jsonPayloadEncod = Encoding.UTF8.GetBytes(jsonPayload);
stream.Write(jsonPayloadEncod, 0, jsonPayloadEncod.Length);
}
return stream.ToArray();
}
catch (Exception ex)
{
throw ex;
}
}
private static string toHexString(byte[] bytes)
{
return BitConverter.ToString(bytes).Replace("-", string.Empty);
}
}
}
<?php
class ZimoExample {
const AUTHORIZATION_SCHEME = "ZIMO";
const HMAC_SHA256 = 'sha256';
public static function build_deposit_key_signature($api_signature, $x_date, $deposits_api_key, $json_payload) {
// Concatenate the content of the header X-Date, your deposits API Key (X-Login) and
// the whole JSON payload of the body of the request
$string = $x_date . $deposits_api_key . $json_payload;
// Generate the HASH by using yur own deposits API Signature and
// concatenate "D24 " in front of the hash
return self::AUTHORIZATION_SCHEME . hash_hmac(self::HMAC_SHA256, $string, $api_signature);
}
}
Technical and Security Aspects of our V3 Cashout endpoints
All API requests must be made over HTTPS. Calls made over plain HTTP will fail.
API requests without Payload-Signature will also fail.
You will be able to hit our APIs only from the IPs you have previously whitelisted on the Merchant Panel.
All the integration must be performed on our STG environment, where you can perform your tests freely without risks of any kind.
When you sign up, we will generate you an account on our STG environment where you will be able to:
See the transactions created
Approve and cancel transactions
Retrieve your API Keys
Whitelist your IPs, and more
Each environment has its own domain. The path of the endpoints do not change.
Environment
Domain
Staging
https://api-stg.zimo-pagos.com/
Production
Provided once you complete the testing
In order to authenticate, our Cashouts APIs uses API Keys in all of the requests to authenticate. Your API Keys can be retrieved from the Merchant Panel by going to Settings -> API Access -> Cashouts Credentials.
These are the three credentials you will need:
Your user: API Key
Your password: API Passphrase
Your secret key to generate the signatures: API Signature
Authentication to the API is performed via HTTP Basic Auth. You must provide your API Keys in all requests as the basic auth username and password.
Your user and password keys must be sent in all the API calls using the API Key and API Passphrase fields on the body of the request.
Your API Keys, along with your IP Addresses are your way to authenticate yourself, therefore, do not share your credentials in publicly accessible areas such as GitHub, client-side code and so forth.
All requests sent through Cashouts v3 API must have the following headers.
Header
Format
Mandatory
Description
Payload-Signature
String
Yes
HMAC256 of the whole JSON Payload using your API Signature
Content-Type
String
Yes
application/json
User-Agent
String
Yes
Server client user agent
For security purposes, you need to whitelist the IPs from where you will call our API.
In order to whitelist your IPs and make the process as smoother as possible, you should go to Settings -> API Access and add the list of IPs you will possibly use under the Cashouts IP Address section.
Reach out to [email protected] if you need to whitelist our servers IPs on your firewall.
We recommend you follow this list of technical and security practices to maximize the security of the information end-to-end.
Always ensure to verify the Signatures control string sent in the notifications to validate its veracity.
We convert all the data we receive to UTF-8. Make sure you are also converting it into UTF-8 to make sure both parties have the same details.
Go to the next page to learn how to generate the Payload-Signature control string to verify the requests' you send and receive integrity.
Learn how to use the Cashout Cancellation Endpoint to cancel cashouts when needed
DELETE https://api-stg.Zimo-pagos.com/v3/cashout/cancel
This API allows you to cancel a cashout request. Only for cashouts in PENDING state.
The Cancel Cashout Request endpoint is only to cancel a cashout while it is still in PENDING state (it hasn't been sent for processing).
To do that, you will need to provide both the cashout ID on our end and the external ID you sent while creating the cashout.
The Payload-Signature of the Cashout Status Endpoint is calculated by hashing the JSON payload of the request using HMAC256 and your secret key (API Signature) to encrypt it.
for further instructions.
Response fields
Content-Type*
string
application/json
Payload-Signature*
string
Control Signature
login*
string
Your Zimo-Pagos CASHOUTS API login key
pass*
string
Your Zimo-Pagos CASHOUTS API pass key
cashout_id*
number
The ID of the cashout to cancel. It is the one generated by Zimo-Pagos when the cashout was created
external_id*
string
The external ID of the cashout to cancel. It is the one you sent when generating the cashout
// HEADERS
Content-Type: application/json
Payload-Signature: 2e5023770760ea0a02230bff1a6dab934fe3b47a5e3d43854b58676600ee3868
// BODY
{
"login": "cashout_login",
"pass": "cashout_pass",
"cashout_id": 11954,
"external_id": "cashoutID2134"
}login
String. Length 32 max
Your Zimo-Pagos CASHOUTS API Key, it can be found on the Merchant Panel: Settings -> API Access. Notice there are specific Cashout credentials
pass
String. Length 32 max
Your Zimo-Pagos CASHOUTS API Passphrase, it can be found on the Merchant Panel: Settings -> API Access. Notice there are specific Cashout credentials
cashout_id
Number
Identifier of the cashout in the Zimo-Pagos end. Returned by the Create Cashout Endpoint
external_id
String
The external ID of the cashout to cancel. It is the one you sent when generating the cashout
// Cashout cancelled successfully
{
"cashout_status": 2,
"cashout_status_description": "Canceled"
}
// Cashout not found
{
"code": 509,
"message": "Cashout not found with this ID"
}
// The cashout can't be cancelled because its status is not Pending
{
"code": 510,
"message": "Invalid status transition"
}Field
Format
Type
Description
cashout_status
Number
Success
If shown, it is the new status code of the cashout.
cashout_status_description
String
Success
If shown, it described the new status of the cashout.
code
Number
Error
Error code
message
String
Error
Error description
Learn about how the notifications of the Cashout API v3 work
A notification will be sent every time the status of a cashout changes.
For security reasons we don't send the status of the cashout on the notification itself. Once you have received the notification, you will need to use the Cashout Status Endpoint to retrieve its new status.
The notifications will be sent to the notification_url specified in the request or to the default Withdrawals URL you have configured on the Merchant Panel by POST protocol in x-www-form-urlencoded format and will have the following fields:
Field
Format
Description
date
Date. Format: YYYY-MM-DD HH:MM:SS (GMT)
Date the cashout changed its status
bank_reference_id
String (max. 50 chars)
Reference ID of the bank if any
comments
String (max. 200 chars)
Comments of the cashout if any
external_id
String (max. 100 chars)
ID of the cashout you sent while creating the request
control
String
Control signature of the notification
cashout_id
Number
ID of the cashout on our end
status_reason
String
Reason of the status if any
In the STG environment you can force a notification to be sent to your notification_url from the STG Merchant Panel by going to the Transactions -> Withdrawals page, opening the cashout transaction and clicking on one of the options that will appear when clicking in the three dots button on the top right of the screen. Those options will change the status of the cashout therefore sending the respective notification after a few minutes.
date=2020-03-12%2020%3A26%3A11
&bank_reference_id=
&comments=
&external_id=cashoutV35381
&control=A4CFF64E78C4BD01F8BFCA4AFF04632EC4A33CC61BD6BBD156BA1289897892EB
&cashout_id=60067
&status_reason=The control string for the notifications is made up of some random characters at the beginning and the end of the request and the external_id received in the middle.
Check the examples below on how to calculate the control string for the notifications:
public static void main(String[] args) throws IOException, NoSuchAlgorithmException, InvalidKeyException {
String external_id = "cashoutID1234";
String message = "Be4" + external_id + "Bo7";
String apiSignature = "your_deposits_api_signature";
Mac hasher = Mac.getInstance("HmacSHA256");
hasher.init(new SecretKeySpec(apiSignature.getBytes(StandardCharsets.UTF_8), "HmacSHA256"));
byte[] result = hasher.doFinal(message.getBytes(StandardCharsets.UTF_8));
System.out.println(StringUtils.upperCase(DatatypeConverter.printHexBinary(result)));
}
$external_id = 'cashoutID1234';
$message = 'Be4' . $external_id . 'Bo7';
$api_signature = 'cashout_api_signature';
$hash = strtoupper(hash_hmac('sha256', pack('A*', $message), pack('A*', $api_signature)));
string external_id = "cashoutID1234";
string message = "Be4" + external_id + "Bo7";
string apiSignature = "your_cashouts_api_signature";
byte[] keyByte = new System.Text.Encoding.UTF8.GetBytes(apiSignature);
byte[] messageBytes = new System.Text.Encoding.UTF8.GetBytes(message);
byte[] hashmessage = new HMACSHA256(keyByte).ComputeHash(messageBytes);
string control = BitConverter.ToString(hashmessage).Replace("-", "").ToUpper();
Every time a cashout changes its status, we will send you a notification so you can check its status back.
In case that for some reason your server was unable to receive the notification and you returned an HTTP code different than 2XX, we will retry the notification up to 5 more times or until you respond with HTTP 2XX, whatever comes first.
In case of errors while handling the notification, make sure you will answer with an HTTP code distinct than 2XX, that way we will retry the notification.
The time between the 5 notifications attempts will be of 5 minutes each.
When the notification failed to be sent, it will be shown like this in our Merchant Panel:
If you see the errors from the screenshot above, it means the cashout was successfully completed but suddenly we couldn't notify you. Keep reading to know how to resend the notifications.
In case your system was unable to receive the notification in any of the 5 attempts, you can always check its status with the Cashout Status Endpoint.
If you need to trigger the check status by receiving our notification, once the issue preventing you from receiving our notifications was fixed, you can go to the Merchant Panel, locate the cashout (Transactions -> Withdrawals) and click on the three dots button under the "Status History" section and then "Resend notification" to force a new notification to be sent.
It can take up to 2 minute for the notification to be resent.
{
"cashout_status": 2,
"cashout_status_description": "Canceled"
}{
"code": 510,
"message": "Invalid status transition"
}Learn how to use the Endpoint to retrieve the status of a cashout
POST https://api-stg.zimo-pagos.com/v3/cashout/status
This API allows you to retrieve the status of a cashout
Content-Type*
string
application/json
Payload-Signature*
string
Control Signature
login*
String
Your Zimo-pagos CASHOUTS API login key
pass*
string
Your Zimo-pagos CASHOUTS API pass key
cashout_id*
number
The ID of the cashout to check status of. It is the one generated by Zimo-pagos when the cashout was created
external_id*
string
The ID of the cashout to check status of. It is the one you sent when the cashout was created
{
"cashout_status": 1,
"cashout_status_description": "Completed"
}
{
"cashout_status": 3,
"cashout_status_description": "Rejected",
"rejection_code": 0,
"rejection_reason": "Test"
}{
"code": 401,
"message": "Invalid credentials."
}{
"code": 509,
"message": "Cashout not found with this ID"
}// HEADERS
Content-Type: application/json
Payload-Signature: 2e5023770760ea0a02230bff1a6dab934fe3b47a5e3d43854b58676600ee3868
// BODY
{
"login": "cashout_login",
"pass": "cashout_pass",
"cashout_id": 11954
}login
String. Length 32 max
Your Zimo-pagos CASHOUTS API Key, it can be found on the Merchant Panel: Settings -> API Access. Notice there are specific Cashout credential
pass
String. Length 32 max
Your Zimo-pagos CASHOUTS API Passphrase, it can be found on the Merchant Panel: Settings -> API Access. Notice there are specific Cashout credentials
cashout_id
Number
Identifier of the cashout on Zimo-pagos' end. It is the one returned by the
external_id
String
Identifier of the cashout on the Merchant end. It is the one you sent while . You can opt to send this field or cashout_id
You can choose to send the external_id or the cashout_id
The Payload-Signature of the Cashout Status Endpoint is calculated by hashing the whole JSON payload of the request using HMAC256 and your secret key (API Signature) to encrypt it.
Click here for further instructions.
// Cashout successfully processed
{
"cashout_status": 1,
"cashout_status_description": "Completed"
}
// Cashout successfully processed through Pix including the E2E ID (Brazil)
{
"cashout_status": 1,
"cashout_status_description": "Completed",
"provider_external_reference": "E352104102024022919987ScFRY3aab3",
"bank": {
"code": "260",
"name": "Nubank",
"branch": "2003",
"account": "1892873892",
"beneficiary_name": "John Smith"
}
}
// Cashout Rejected by the bank
{
"cashout_status": 3,
"cashout_status_description": "Rejected",
"rejection_code": 808,
"rejection_reason": "ERROR_OTHER"
}cashout_status
Number
Status code of the cashout.
cashout_status_description
String
Description of the status
provider_external_reference
String
ID of the transaction on the bank side. For Pix, it's the E2E ID (End-to-end)
bank[]
object
Object containing information about the bank of the beneficiary
bank[].code
String
Code of the bank of the beneficiary
bank[].name
String
Name of the bank of the beneficiary
bank[].branch
String
Branch of the beneficiary's bank account
bank[].account
String
Account number of the beneficiary's bank account
bank[].beneficiary_name
String
Name of the owner of the account
rejection_code
Number
Rejection code if sent by the bank.
rejection_reason
String
Reason of the rejection if sent by the bank
When processing Pix Withdrawals, we return as part of the Status endpoint further information about the bank account of the beneficiary.
This includes the provider_external_reference, also known as the E2E ID. It is a unique ID assigned to the transactions that can be used to track the transfer across the Brazilian banking system, useful to optimize the support experience as it allows the users to uniquely track their money as it reaches their bank account.
{
"cashout_status": 1,
"cashout_status_description": "Completed",
"provider_external_reference": "E352104102024022919987ScFRY3aab3",
"bank": {
"code": "260",
"name": "Nubank",
"branch": "2003",
"account": "1892873892",
"beneficiary_name": "John Smith"
}
}We also include details about the bank account that received the money, useful when using Pix Keys.
Click here to see each Cashout Status meaning.
Check all the possible status codes in the following page:
Learn how to use the endpoint to update the status of a cashout
PUT https://api-stg.zimo-pagos.com/v3/cashout/status
This API allows you to change the status of a cashout
Content-Type*
string
application/json
Payload-Signature*
string
Control Signature
login*
String
Your Zimo-Pagos CASHOUTS API login key
pass*
string
Your Zimo-Pagos CASHOUTS API pass key
cashout_id*
number
The ID of the cashout to asign status to. It is the one generated by Zimo-Pagos when the cashout was created
status*
string
The status to be assigned to the cashout
{
"cashout_status": 1,
"cashout_status_description": "Completed"
}
{
"cashout_status": 3,
"cashout_status_description": "Rejected",
"rejection_code": 0,
"rejection_reason": "Test"
}{
"code": 401,
"message": "Invalid credentials."
}{
"code": 509,
"message": "Cashout not found with this ID"
}This API is used to update a cashout from PENDING to ON_HOLD or from ON_HOLD to PENDING.
A cashout in ON_HOLD won't be processed until you set it back to PENDING. This is useful in cases where you need to perform some form of KYC over the beneficiary before proceeding with the request.
You can create a cashout in ON_HOLD by specifying the flag on_hold: true on the cashout creation request.
If a cashout is ON_HOLD and you would like to definitely cancel it, please see the Cashout Cancellation Endpoint
Cashouts in ON_HOLD retain the amounts from your balance, so be careful to not accumulate cashouts in this status for long time.
// HEADERS
Content-Type: application/json
Payload-Signature: 2e5023770760ea0a02230bff1a6dab934fe3b47a5e3d43854b58676600ee3868
// BODY
{
"login": "cashout_login",
"pass": "cashout_pass",
"cashout id": "97875"
"status": "ON_HOLD"
}login
String. Length 32 max
Your D24 CASHOUTS API Key, it can be found on the Merchant Panel: Settings -> API Access. Notice there are specific Cashout credentials
pass
String. Length 32 max
Your D24 CASHOUTS API Passphrase, it can be found on the Merchant Panel: Settings -> API Access. Notice there are specific Cashout credentials
cashout_id
Number
Identifier of the cashout on D24 end. It is the one returned by the
status
String
Status to be assigned to the cashout. Valid values: PENDING, ON_HOLD
The Payload-Signature of the Cashout Update Status Endpoint is calculated by hashing the whole JSON payload of the request using HMAC256 and your secret key (API Signature) to encrypt it.
Click here for further instructions.
{
"code": 510,
"message": "Invalid status transition"
}code
Number
Error code
message
String
Description of the error
Click here to see each Cashout Status meaning.
There are cases in which the bank confirms us that a payout was successful and after a few days, it gets rejected by the beneficiary's bank therefore the status on our platform will change to REJECTED as well. Those are very corner cases but should be considered.
Check all the possible status codes in the following page:
Retrieve the status of a previously created refund
GET https://api-stg.zimo-pagos.com/v3/refunds/{refund_id}
This endpoint allows you to retrieve the status of a refund request.
You can trigger the check of the status of a refund at any moment you consider pertinent. However, every time a refund changes its status, we will send you a containing the ID of the refund so that you can check its status back to retrieve the new refund's status.
In order to check the status of the refunds, you need to:
Send the request with GET method.
Use the headers described .
Specify a valid refund_id in the URL of the request as PATH PARAMETERS.
Send the Authorization header, as .
Regarding the Authorization value, since the body of the requests will be empty, you should use an empty ("") string or nothing as the jsonPayload field.
In order to make the experience more personalized, we may add more fields to this response's object in the future. Please develop your integration to be able to ignore new fields considering that it will continue working fine no matter if we add new fields.
In order to generate an invoice as proof of refund, you need to:
Send the request with GET method.
Use the headers described .
Specify a valid refund_id in the URL of the request as PATH PARAMETERS.
Send the query parameter voucher as true.
Send the Authorization header, as .
Requesting a Refund and including the field voucher as a query parameter with value true will generate a voucher in base64, this voucher will need to be decoded to create the .pdf
to see each Refund Status meaning.
Check all the possible status in the following page:
refund_id*
Integer
Zimo-pagos refund_id. It is obtained when creating the refund
voucher
Boolean
true / false value, The request with True value will return the refund invoice in base64 to be decoded to create a .pdf.
X-Date*
String
ISO8601 Datetime with Timezone: yyyy-MM-dd'T'HH:mm:ssZ
X-Login*
String
Merchant X-Login API Key
Authorization*
String
Authentication signature hash
curl --location --request GET 'https://api-stg.zimo-pagos.com/v3/refunds/1682844' \
--header 'X-Login: {{X-Login}}' \
--header 'X-Date: {{X-Date}}' \
--header 'Authorization: {{Authorization}}' \
--header 'Content-Type: application/json' \
--data-raw ''
import java.io.*;
import okhttp3.*;
public class main {
public static void main(String []args) throws IOException{
OkHttpClient client = new OkHttpClient().newBuilder()
.build();
Request request = new Request.Builder()
.url("https://api-stg.zimo-pagos.com/v3/refunds/1682844")
.method("GET", null)
.addHeader("X-Login", "{{X-Login}}")
.addHeader("X-Date", "{{X-Date}}")
.addHeader("Authorization", "{{Authorization}}")
.addHeader("Content-Type", "application/json")
.build();
Response response = client.newCall(request).execute();
System.out.println(response.body().string());
}
}
using System;
using RestSharp;
namespace HelloWorldApplication {
class HelloWorld {
static void Main(string[] args) {
var client = new RestClient("https://api-stg.zimo-pagos.com/v3/refunds/1682844");
client.Timeout = -1;
var request = new RestRequest(Method.GET);
request.AddHeader("X-Login", "{{X-Login}}");
request.AddHeader("X-Date", "{{X-Date}}");
request.AddHeader("Authorization", "{{Authorization}}");
request.AddHeader("Content-Type", "application/json");
request.AddParameter("application/json", "", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
Console.WriteLine(response.Content);
}
}
}
<?php
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "https://api-stg.zimo-pagos.com/v3/refunds/1682844",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => array(
"X-Login: {{X-Login}}",
"X-Date: {{X-Date}}",
"Authorization: {{Authorization}}",
"Content-Type: application/json"
),
));
$response = curl_exec($curl);
curl_close($curl);
echo $response;
{
"deposit_id": 300533569,
"merchant_invoice_id": "84044",
"status": "COMPLETED",
"amount": 100.00
}{
"deposit_id": 300502126,
"merchant_invoice_id": "84121",
"status": "PENDING"
}Field name
Format
Description
deposit_id
Integer
ID of the deposit refunded
merchant_invoice_id
String
Merchant invoice id of the deposit refunded
status
Enum
Status of the refund. Click here for the full list of refund codes.
amount
Number
Amount of the refund
voucher
String
Proof of refund in base64 coding for generation of .pdf file.
Included in response only if voucher is sent as true in query params.
{
"deposit_id": 300533646,
"merchant_invoice_id": "newIUnit45328731",
"status": "PENDING"
}{
"code": 208,
"description": "Resource not found",
"type": "RESOURCE_NOT_FOUND"
}Learn about the technical and security aspects of our Deposits APIs
All API requests must be made over HTTPS. Calls made over plain HTTP will fail.
API requests without Authentication will also fail.
You will be able to hit our APIs only from the IPs you have previously whitelisted on the Merchant Panel.
All the integration must be performed on our TEST environment, where you can perform your tests freely without risks of any kind.
When you sign up with us, we will generate you an account on our STG environment where you will be able to:
See the transactions created
Approve and cancel transactions
Retrieve your API Keys
Whitelist your IPs, and more
Each environment has its own domain. The path of the endpoints doesn't change.
Testing
https://api-stg.zimo-pagos.com/
Production
Provided once you complete the testing
Our Deposits APIs uses API Keys in all of the requests to authenticate. Your API Keys can be retrieved from the Merchant Panel by going to Settings -> API Access.
There are basically two set of credentials:
One API Key and one API Signature for POST operations.
One API Key key for read-only endpoints.
Authentication to the API is performed via HTTP Basic Auth. You must provide your API Key in all the requests as the basic auth username value. You do not need to provide a password.
Your API Key must be sent in all the API calls using the X-Login field on the header of the request.
Your API Keys, along with your IP Addresses are your way to authenticate yourself, therefore, do not share your secret API keys in publicly accessible areas such as GitHub, client-side code and so forth.
All the requests sent through the API of Deposits v3 must have the following headers.
Authorization
String
Yes
"ZIMO" plus a hash HMAC256 to verify request integrity
X-Login
String
Yes
Merchant API Key
X-Date
String
Yes
ISO8601 Datetime: yyyy-MM-dd'T'HH:mm:ssZ. E.g.: 2020-06-21T12:33:20Z
Content-Type
String
Yes
application/json
X-Idempotency-Key
String
No
Unique value generated by the client which the server uses to recognize subsequent retries of the same request
All the requests you send must contain the Authorization header with an HMAC256 control string signature using your own API Signature. This is used to verify the request integrity as we will calculate the same Signature and compare it with the one you send. In case of mismatch we will decline the request.
In the case of the notifications given by our APIs, those will also contain an Authorization value which you should calculate and compare to make sure the content was not altered by a Man in the Middle attack.
Check the following page for instructions on how to calculate the Control Signature.
All the requests you send must contain the header X-Login with your own API Key value used to authenticate yourself. Check API Keys.
All the requests you send must contain the header X-Date with the time in which the request was created. The format is in ISO8601 Datetime: yyyy-MM-dd'T'HH:mm:ssZ. E.g.: 2020-06-21T12:33:20Z.
Make sure you use UTC as the timezone specified and not your client's local timezone.
If the date you send differs in more than 5 seconds with the time in our servers, we will block the request for security reasons.
import java.time.LocalDateTime;
import java.time.ZoneOffset;
import java.time.format.DateTimeFormatter;
public class ClientUtils {
private static final String DATE_PATTERN = "yyyy-MM-dd'T'HH:mm:ss'Z'";
private static final DateTimeFormatter DATE_TIME_FORMATTER = DateTimeFormatter.ofPattern(DATE_PATTERN);
public static String now() {
return LocalDateTime.now(ZoneOffset.UTC).format(DATE_TIME_FORMATTER);
}
}
<?php
namespace ZimoPagos\util;
class Helpers
{
private static $DATE_TIME_FORMATTER = "Y-m-d\TH:i:s\Z";
public static function getCurrentDate()
{
date_default_timezone_set('UTC');
return date(self::$DATE_TIME_FORMATTER);
}
}
print(Helpers::getCurrentDate());
Check our SDK in JAVA and PHP for the full code of how to generate the X-Date and the full request.
Our API supports idempotency for safely retrying requests without accidentally performing the same operation twice. This is useful when an API call is disrupted in transit and you do not receive a response. For example, if a request to the Deposit Creation Endpoint does not respond due to a network connection error, you can retry the request with the same idempotency key to guarantee that no more than one deposit is created.
In order to perform an idempotent request you need to send the X-Idempotency-Key: <key> header with a random and unique string.
Idempotency works by saving the resulting status code and body of the first request made for any given idempotency key, regardless of whether it succeeded or failed. Subsequent requests with the same key return the same result, including 500 errors.
An idempotency key is a unique value generated by the client which the server uses to recognize subsequent retries of the same request. How you create unique keys is up to you, but we suggest using V4 UUIDs, or another random string with enough entropy to avoid collisions.
All POST requests accept idempotency keys. Sending idempotency keys in GET and DELETE requests has no effect and should be avoided as these requests are idempotent by definition.
All of our Deposits APIs are designed to receive and respond the information in JSON format.
This header won't change across the requests, and shall always be: application/json
For security purposes, you need to whitelist the IPs from where you will call our API.
In order to whitelist your IPs and make the process as smoother as possible, you should go to Settings -> API Access and add the list of IPs you will possibly use under the Deposit IP Address section.
Reach out to [email protected] if you need to whitelist our servers IPs on your firewall.
We recommend you follow this list of technical and security practices to maximize the security of the information end-to-end.
Always ensure to verify the Signatures control string sent in the notifications to validate its veracity.
We convert all the data we receive to UTF-8. Make sure you are also converting it into UTF-8 to make sure both parties have the same details.
Always validate that a deposit is not released more than once based on the deposit_id (The notifications can be sent multiple times).
Go to the next page to learn how to generate the requests signatures control string to verify the requests' you send and receive integrity.
Learn how to use the Cashout Bank Codes Endpoint to retrieve the list of bank codes accepted for cashouts in each country
GET https://api-stg.zimo-pagos.com/v3/banks?country={ISO_CODE}
This API allows you to retrieve the list of banks available in each country
country*
string
Country ISO code
Authorization*
string
Authorization Header. Format: "Bearer your_read_only_key"
[
{
"code": 1,
"name": "BANCO DO BRASIL S.A."
},
{
"code": 3,
"name": "BANCO DA AMAZONIA S.A."
},
{
"code": 4,
"name": "BANCO DO NORDESTE DO BRASIL S.A."
},
{
"code": 21,
"name": "BANESTES S.A. BANCO DO ESTADO DO ESPIRITO SANTO"
},
{
"code": 33,
"name": "BANCO SANTANDER BRASIL S.A."
},
{
"code": 37,
"name": "BANCO DO ESTADO DO PARA S.A. - BANPARA"
},
{
"code": 41,
"name": "BANCO DO ESTADO DO RIO GRANDE DO SUL S.A. - BANRISUL"
},
{
"code": 47,
"name": "BANCO DO ESTADO DE SERGIPE S.A. - BANESE"
},
{
"code": 70,
"name": "BANCO DE BRASILIA S.A. - BRB"
},
{
"code": 77,
"name": "BANCO INTER"
},
{
"code": 104,
"name": "CAIXA ECONOMICA FEDERAL - CEF"
},
{
"code": 212,
"name": "BANCO ORIGINAL"
},
{
"code": 218,
"name": "BANCO BONSUCESSO S.A."
},
{
"code": 237,
"name": "BANCO BRADESCO S.A."
},
{
"code": 246,
"name": "BANCO ABC BRASIL S.A."
},
{
"code": 290,
"name": "PagSeguro Internet S.A"
},
{
"code": 336,
"name": "BANCO C6 S.A"
},
{
"code": 341,
"name": "ITAU UNIBANCO S.A."
},
{
"code": 389,
"name": "BANCO MERCANTIL DO BRASIL S.A."
},
{
"code": 399,
"name": "HSBC BANK BRASIL S.A. - BANCO MULTIPLO"
},
{
"code": 422,
"name": "BANCO SAFRA S.A."
},
{
"code": 477,
"name": "CITIBANK N.A."
},
{
"code": 637,
"name": "BANCO SOFISA"
},
{
"code": 707,
"name": "BANCO DAYCOVAL S.A."
},
{
"code": 745,
"name": "BANCO CITIBANK"
},
{
"code": 746,
"name": "BANCO MODAL S.A."
},
{
"code": 748,
"name": "BANCO COOPERATIVO SICREDI S.A."
},
{
"code": 756,
"name": "BANCO COOPERATIVO DO BRASIL S/A - BANCOOB"
}
]{
"code": 100,
"description": "Invalid credentials",
"type": "INVALID_CREDENTIALS"
}This endpoint is used to retrieve and display to your customer the list of banks available on their country. In case we add or remove a bank, this endpoint will reflect those updates real-time and therefore it is a good idea to constantly check this endpoint for the list of banks.
Once the user selected their bank by its name, you need to send its code to us in the bank_code field of the requests.
The endpoint is read only and so it uses a read only key. It can be used from the front-end without major security concerns.
// URL
GET: https://api-stg.zimo-pagos.com/v3/banks?country=AR
// HEADERS
Authorization: Bearer EKiFOWiHnI Type
Field
Format
Description
Query Param
country
String (length: 2)
Header
Authorization
String
Bearer Token Authentication. It is a concatenation of the word "Bearer" and your Read Only API Key.
[
{
"code": 1,
"name": "BANCO DO BRASIL S.A."
},
{
"code": 3,
"name": "BANCO DA AMAZONIA S.A."
},
{
"code": 4,
"name": "BANCO DO NORDESTE DO BRASIL S.A."
},
{
"code": 21,
"name": "BANESTES S.A. BANCO DO ESTADO DO ESPIRITO SANTO"
},
{
"code": 33,
"name": "BANCO SANTANDER BRASIL S.A."
},
{
"code": 37,
"name": "BANCO DO ESTADO DO PARA S.A. - BANPARA"
},
{
"code": 41,
"name": "BANCO DO ESTADO DO RIO GRANDE DO SUL S.A. - BANRISUL"
},
{
"code": 47,
"name": "BANCO DO ESTADO DE SERGIPE S.A. - BANESE"
},
{
"code": 70,
"name": "BANCO DE BRASILIA S.A. - BRB"
},
{
"code": 75,
"name": "BANCO ABN AMRO S.A"
},
{
"code": 77,
"name": "BANCO INTER"
},
{
"code": 85,
"name": "Cooperativa Central de Crédito Urbano-CECRED"
},
{
"code": 93,
"name": "POLOCRED SCMEPP"
},
{
"code": 104,
"name": "CAIXA ECONOMICA FEDERAL - CEF"
},
{
"code": 121,
"name": "BANCO AGIPLAN S.A."
},
{
"code": 136,
"name": "Confederação Nacional das Cooperativas Centrais Unicred"
},
{
"code": 212,
"name": "BANCO ORIGINAL"
},
{
"code": 218,
"name": "BANCO BONSUCESSO S.A."
},
{
"code": 237,
"name": "BANCO BRADESCO S.A."
},
{
"code": 260,
"name": "NU PAGAMENTOS"
},
{
"code": 290,
"name": "PagSeguro Internet S.A"
},
{
"code": 318,
"name": "BANCO BMG S.A"
},
{
"code": 336,
"name": "BANCO C6 S.A"
},
{
"code": 341,
"name": "ITAU UNIBANCO S.A."
},
{
"code": 389,
"name": "BANCO MERCANTIL DO BRASIL S.A."
},
{
"code": 399,
"name": "HSBC BANK BRASIL S.A. - BANCO MULTIPLO"
},
{
"code": 422,
"name": "BANCO SAFRA S.A."
},
{
"code": 477,
"name": "CITIBANK N.A."
},
{
"code": 637,
"name": "BANCO SOFISA"
},
{
"code": 655,
"name": "Banco Votorantim S.A."
},
{
"code": 707,
"name": "BANCO DAYCOVAL S.A."
},
{
"code": 712,
"name": "BANCO OURINVEST S.A"
},
{
"code": 735,
"name": "BANCO NEON"
},
{
"code": 745,
"name": "BANCO CITIBANK"
},
{
"code": 746,
"name": "BANCO MODAL S.A."
},
{
"code": 748,
"name": "BANCO COOPERATIVO SICREDI S.A."
},
{
"code": 756,
"name": "BANCO COOPERATIVO DO BRASIL S/A - BANCOOB"
}
]Field
Format
Description
code
Number
Bank code. It is the value you must send in the field bank_code of the cashouts and deposits requests
name
String
Name of the bank
Check the requirements and validations made over the cashouts on Argentina
Field
Format
Description
login
String
Cashouts login
pass
String
Cashouts pass
external_id
String (max length: 100)
Transaction's ID on your end
document_id
See
Beneficiary's document ID
country
AR
See
currency
ARS/USD
See
amount
Number with up to 2 decimals
Cashout amount
bank_code
bank code
Code specifying the beneficiary's bank
bank_account
bank account
Beneficiary's bank account
bank_branch
institute number
Beneficiary's institute number
email
email address
Beneficiary's email address
beneficiary_name
String (max length: 100)
Beneficiary's name
beneficiary_lastname
String (max length: 100)
Beneficiary's last name
Use the Regex below to validate the bank accounts on your end.
Bank name
Bank Description
Format
All
CBU -
Numeric, Length 22
Since the first three digits of the CBU are the bank code, it is not mandatory to send the bank_code field.
public class Validations {
static Integer CBU_LENGTH = 22;
public static Boolean verifyCBU(String cbu) {
return cbuLengthValidation(cbu) && bankCodeValidation(cbu) && accountValidation(cbu);
}
public static Boolean cbuLengthValidation(String cbu) {
return cbu.length() == 22 && ValidationsUtils.validateOnlyNumbers(cbu);
}
public static Boolean bankCodeValidation(String cbu) {
if (cbu.length() == CBU_LENGTH && ValidationsUtils.validateOnlyNumbers(cbu)) {
String shortCbu = StringUtils.left(cbu, 8);
String bankCode = shortCbu.substring(0, 3);
String branchCode = shortCbu.substring(4, 7);
int firstCheckDigit = charToInt(shortCbu.toCharArray()[3]);
int secondCheckDigit = charToInt(shortCbu.toCharArray()[7]);
int sum = charToInt(bankCode.charAt(0)) * 7 + charToInt(bankCode.charAt(1)) * 1 + charToInt(bankCode.charAt(2)) * 3 + firstCheckDigit * 9 + charToInt(branchCode.charAt(0)) * 7 + charToInt(branchCode.charAt(1)) * 1 + charToInt(branchCode.charAt(2)) * 3;
int diference = (10 - sum % 10) % 10;
return diference == secondCheckDigit;
} else {
return false;
}
}
public static Boolean accountValidation(String cbu) {
String account = cbu.substring(8, 22);
int sum = 0;
int j = 0;
int[] weighter = new int[]{3, 9, 7, 1};
char[] arrayAccount = account.toCharArray();
int checkDigit = charToInt(account.toCharArray()[13]);
for(int i = 0; i < 13; ++i) {
sum += charToInt(arrayAccount[i]) * weighter[j % 4];
++j;
}
int diference = (10 - sum % 10) % 10;
return diference == checkDigit;
}
private static int charToInt(char ch) {
return Integer.parseInt(String.valueOf(ch));
}
}Click here to check document types and validations.
{
"login": "xxxxxxxx",
"pass": "xxxxxxxx",
"external_id": "30000000001",
"country": "AR",
"currency": "ARS",
"amount": 100,
"document_id": "5676586998",
"bank_account": "",
"bank_code": "10000",
"bank_branch": "",
"email": "[email protected]",
"beneficiary_name": "John",
"beneficiary_lastname": "Smith",
"notification_url": "https://webhook.site/url",
"type": "json"
}A.B.N Amro Bank
005
Banco de Galicia Y Buenos Aires
007
Lloyds Tsb Bank
010
Banco de La Nación Argentina
011
Banco de La Provincia de Buenos Aires
014
Industrial and Commercial Bank of China (ICBC)
015
Citibank
016
BBVA Banco Frances
017
The Bank Of Tokyo - Mitsubishi
018
Banco de La Provincia de Cordoba
020
Superville Bank
027
Banco de La Ciudad de Buenos Aires
029
Banco Patagonia Sudameris
034
Banco Hipotecario
044
Banco de San Juan
045
Banco Do Brasil
046
Banco Del Tucuman
060
Banco Municipal de Rosario
065
Santander Río
072
Banco Regional de Cuyo
079
Banco Del Chubut
083
Banco de Santa Cruz
086
Banco de La Pampa
093
Banco de Corrientes
094
Banco Provincia Del Neuquen
097
Banco Empresario de Tucuman Coop.
137
Banco B. I. Creditanstalt
147
HSBC Bank Argentina
150
J P Morgan Chase Bank Sucursal Buenos Aires
165
Banco Credicoop Coop.
191
Banco de Valores
198
Banco Roela
247
Banco Mariva
254
Banco Itau Buen Ayre
259
Bank Of America
262
Banca Nazionale Del Lavoro
265
Bnp Paribas
266
Banco Provincia de Tierra Del Fuego
268
Banco de La República Oriental Del Uruguay
269
Banco Saenz
277
Banco Meridian
281
Banco Macro Bansud
285
Banco Mercurio
293
Ing Bank
294
American Express Bank Ltd.
295
Banco Banex
297
Banco Comafi
299
Banco de Inversión Y Comercio Exterior
300
Banco Piano
301
Banco Finansur
303
Banco Julio
305
Banco Privado de Inversiones
306
Nuevo Banco de La Rioja
309
Banco Del Sol
310
Nuevo Banco Del Chaco
311
M. B. A. Banco de Inversiones
312
Banco de Formosa
315
Banco CMF
319
Banco de Santiago Del Estero
321
Nuevo Banco Industrial de Azul
322
Deutsche Bank
325
Nuevo Banco de Santa Fe
330
Banco Cetelem Argentina
331
Banco de Servicios Financieros
332
Banco Cofidis
335
Banco Bradesco Argentina
336
Banco de Servicios Y Transacciones
338
Rci Ba
339
Bacs Banco de Crédito Y Securitización
340
Nuevo Banco de Entre Rios
386
Nuevo Banco Suquia
387
Nuevo Banco Bisel
388
Banco Columbia
389
Learn how to generate cashouts request by using our Cashout API v3 directly from your website
POST https://api-stg.zimo-pagos.com/v3/cashout
This endpoint allows you to generate cashout requests
Content-Type*
string
application/json
Payload-Signature*
string
Control signature
login*
string
Your Zimo-pagos CASHOUTS API login key
pass*
string
Your Zimo-pagos CASHOUTS API pass key
external_id*
string
Unique cashout ID on the merchant end
country*
string
Country of the cashout
amount*
number
Amount of the cashout
currency
string
Currency in which the amount was specified
document_id*
string
Document ID of the beneficiary
document_type
string
Document type of the ID specified
beneficiary_id
string
beneficiary id (for anonymous)
beneficiary_name*
string
Beneficiary's name
beneficiary_lastname
string
Beneficiary's last name
string
Beneficiary's email address
phone
string
Beneficiary's phone number
bank_code
number
Beneficiary's bank code
bank_account
string
Beneficiary's bank account
bank_branch
string
Beneficiary's branch of their bank account
account_type
string
Beneficiary's account type
address
string
Beneficiary's address
city
string
Beneficiary's city
postal_code
string
Beneficiary's postal code
beneficiary_birthdate
string
Beneficiary's birthdate
notification_url*
string
URL where the notifications will be sent
comments
string
Commentaries about the cashout
on_hold
boolean
Used to mark a cashout as on hold and not process it until manually changed to pending by you
{
"cashout_id": "8405147"
}{
"code": 303,
"message": "Invalid bank code"
}
{
"code": 300,
"message": "bank_account: must not be null; Invalid Bank account"
}
{
"code": 504,
"message": "User unauthorized due to cadastral situation",
"reason": "Underage user detected",
"reason_code": 105
}
login
string (max length: 32)
Your Zimo-pagos CASHOUTS API Key, found on the Merchant Panel by going to: Settings -> API Access. Notice there are specific Cashout credentials
pass
string (max length: 32)
Your Zimo-pagos CASHOUTS API Passphrase, found on the Merchant Panel by going to: Settings -> API Access. Notice there are specific Cashout credentials
external_id
string (max length: 100)
Unique cashout ID on the merchant end
country
string (length: 2)
Country code for the cashout in ISO 3166-1 alpha-2 code format
amount
Big Decimal (up to 2 decimals)
Cashout amount on the currency specified
Valid number
currency
string (length: 3)
Currency code of the amount in ISO 4217 format
document_id
string (max length: 40)
Beneficiary’s personal identification number
document_type
string (maxLength: 15)
Beneficiary’s personal identification number type
beneficiary_name
string (max length: 100)
Beneficiary's name
String of up to 100 characters
beneficiary_lastname
string (max length: 100)
Beneficiary's last name
String of up to 100 characters
string (maxLength: 100)
Beneficiary's valid email address
phone
string (maxLength: 20)
Beneficiary's phone number
bank_code
Integer (max length: 6)
Beneficiary's bank code
bank_account
string (max length: 30)
Beneficiary's bank account number
bank_branch
string (max length: 15)
Beneficiary's bank branch number
account_type
string (max length: 1)
Type of account
address
string (max length: 255)
Beneficiary's address
String of up to 200 characters
city
string (max length: 100)
Beneficiary's city
String of up to 100 characters
postal_code
string (max length: 20)
Beneficiary's postal code
beneficiary_birthdate
string (pattern: 'YYYYMMDD')
Beneficiary's birthdate
notification_url
string (max length: 300)
To be provided if the notification URL is different from the notification URL defined on the Merchant Panel
Valid URL over HTTPS
comments
string (max length: 200)
A commentary for this cashout
String of up to 200 characters
on_hold
boolean
If the merchant wants to hold the cashout and set it to process later through the merchants panel. Default: false
[true, false]
code
Number
Error code. See the
message
String
Description of the error
reason
String
Reason description for KYC check failure. See the . *Only shown in case of code 504
reason_code
Number
Reason code for KYC check failure. See the . *Only shown in case of code 504
{
"code": 300,
"message": "bankAccount: Invalid or missing Bank account"
}
{
"code": 303,
"message": "Invalid bank code"
}
{
"code": 504,
"message": "User unauthorized due to cadastral situation."
"reason": "Underage user detected",
"reason_code": 105
}
Each country has different requirements and therefore we ask for different fields you need to send on the requests.
Go to the Countries Validations page to check each country requirements and validations.
In Mexico, we accept cashouts sent directly to debit cards.
When that happens, you need to send the request through a different endpoint, otherwise your request will be declined with Invalid bank account, it shouldn't be a credit card.
PROD endpoint for Debit Cards: Email [email protected] with your cashout API Key
STG endpoint for Debit Cards: https://cc-api-stg.zimo-pagos.com/v3/cashout
The bank accounts in Mexico are in CLABE format (numeric) and have 18 digits (without dashes). Therefore one way to detect that a bank account specified by the customer is a debit card is by checking with the luhn algorithm if it is a valid card number and/or with a regex for each brand, like the example below.
public static final String SENSIBLE_DATA_PATTERN = new StringBuilder("(?:(?<visa>4[0-9]{12}(?:[0-9]{3})?)")
.append("|(?<mastercard>5[1-5][0-9]{14})")
.append("|(?<discover>6(?:011|5[0-9]{2})[0-9]{12})")
.append("|(?<amex>3[47][0-9]{13})")
.append("|(?<diners>3(?:0[0-5]|[68][0-9])?[0-9]{11})")
.append("|(?<jcb>(?:2131|1800|35[0-9]{3})[0-9]{11}))")
.toString();
private boolean validateCreditCard(CashoutRequestDto request) {
final String bankAccount = request.getBank_account();
if (StringUtils.isEmpty(bankAccount) || !LuhnCheckDigit.LUHN_CHECK_DIGIT.isValid(bankAccount) ||
bankAccount.matches(Constants.SENSIBLE_DATA_PATTERN)) {
return false;
}
return true;
}If true, send the request through the cc-api endpoint, if false send it through the normal endpoint. The integration and requirements remains exactly the same, only changing the error message returned in case of invalid bank account and that we validate the bank_account sent to be a valid credit card number using the Luhn Algorithm.
Sending a debit card number through the non-cc endpoint will make the request to fail with the following error:
{
"code": 300,
"message": "bank_account: Invalid bank account, it shouldn't be a credit card"
}Invalid bank_account error on the cc-api endpoint:
{
"code": 300,
"message": "bankAccount: invalid credit card number"
}Learn about the API Codes returned by our Cashouts APIs
0
The cashout was accepted by Zimopagos but it wasn't sent to the bank yet. It can still be Canceled. See
1
The money reached the customer's account
2
The cashout was cancelled by you
3
The cashout was rejected by the bank due to invalid bank account, account closed, etc.
4
The cashout was sent to the bank for processing. At this point it can't be cancelled anymore
5
Cashout set to on hold by you. It won't be processed until manually changed again to Pending status
The error information is the one (if) provided by the Bank.
800
ERROR_ACCOUNT_INCORRECT
Invalid bank account
801
ERROR_ACCOUNT_CLOSED
Bank account is closed
802
ERROR_AMOUNT_INCORRECT
Invalid amount
803
ERROR_BANK_INVALID
Invalid bank code
804
ERROR_BANK_BRANCH_INCORRECT
Invalid bank branch
805
ERROR_BENEFICIARY_DOCUMENT_ID_INVALID
Invalid beneficiary document
806
ERROR_BENEFICIARY_NAME_INCORRECT
Beneficiary name doesn't match bank details
807
ERROR_REJECTED_BY_BANK
Rejected by bank
808
ERROR_OTHER
Other error
809
WITHDRAWAL_EXPIRED
Withdrawal expired
810
LIMIT_EXCEEDED
Beneficiary limit exceeded
811
RISK_POLICY
Violates bank risk policy
812
BLOCKED_FROZEN_ACCOUNT
Bank account blocked/frozen
813
DOCUMENT_ACCOUNT_MISMATCH
Beneficiary document doesn't match bank details
814
INVALID_PIX_KEY
Invalid Pix Key
815
INVALID_IFSC_CODE
Invalid IFSC code
816
INVALID_ACCOUNT_OR_IFSC_CODE
Invalid bank account or IFSC code
817
INVALID_NBIN
Invalid NBIN
818
ACCOUNT_UNABLE
The bank account is unable to receive transfers
819
INVALID_ACCOUNT_TYPE
Invalid bank account type
820
REJECTED_BY_MERCHANT_REQUEST
Rejected by merchant's request
821
MONTHLY_LIMIT_EXCEEDED_FOR_USER
Monthly limit exceeded for user
822
ACCOUNT_NAME_REQUIRED_TO_BE_IN_KATAKANA
Account name required to be in Katakana
824
REJECTED_BY_THIRD_PARTY_CONTROL
Rejected by third party control
826
WITHDRAWAL_REVERSED
Withdrawal reversed
300
Invalid params + [param name] + [reason]
302
Invalid control string.
303
Invalid bank code
401
Invalid credentials
402
Unregistered IP address (Go to API Access to whitelist the IP in the Merchant Panel)
502
Invalid request body - Please check that the JSON is well formatted
503
The transaction cannot be completed due to regulatory limits applied to the beneficiary account.
504
User unauthorized due to cadastral situation.
508
Limit exceeded: {TRANSACTION|DAILY|MONTHLY|USER MONTHLY QUANTITY}
509
Cashout not found with this ID
510
Invalid status: cashout is not Pending
511
External ID already used
514
Insufficient funds
515
Invalid user status: {BLACKLISTED|BLOCKED|SUSPENDED}
518
Country not available
519
Merchant not enabled. Contact your Account Manager
524
Invalid Credentials. Contact [email protected]
525
Close loop rejection
526
Invalid currency
533
Invalid Amount. The minimum amount is {currency} {amount} or equivalent in USD
537
Could not make the cashout. Contact [email protected]
538
Invalid account status: {BLACKLISTED}
539
Payout method unavailable. The country and/or bank selected is not available. Please check with your Account Manager
540
Beneficiary email or phone is required
541
email already used by another beneficiary
542
phone already used by another beneficiary
543
must be a
702
Could not cancel cashout
703
Could not make the cashout. Contact [email protected]
101
400
USER_REJECTED_KYC_CHECK
Transaction related to blacklisted user.
The transaction was rejected because one of its attributes was related to a blacklisted user
102
400
USER_REJECTED_KYC_CHECK
Email risk
High risk detected by our fraud prevention engine related to the user's email address
103
400
USER_REJECTED_KYC_CHECK
Credit card risk
High risk detected by our fraud prevention engine related to the credit card used
104
400
USER_REJECTED_KYC_CHECK
User rejected after KYC check
User rejected by our KYC controls
105
400
USER_REJECTED_KYC_CHECK
Underage user detected
User does not meet the minimum age requirement
106
400
USER_REJECTED_KYC_CHECK
Mismatch between user name and document name
The user's name does not match the name associated with the document provided
107
400
USER_REJECTED_KYC_CHECK
Document status is not OK
Some irregularities have been detected while validating the document information
108
400
USER_REJECTED_KYC_CHECK
PEP user detected
The user is a Politically Exposed Person (PEP)
109
400
USER_REJECTED_KYC_CHECK
High risk detected
High risk detected by our fraud prevention engine
110
400
USER_REJECTED_KYC_CHECK
Failed biometric check
Something went wrong while performing the biometric check on the user
111
400
USER_REJECTED_KYC_CHECK
Failed OTP verification
Something went wrong while performing the OTP check on the user
112
400
USER_REJECTED_KYC_CHECK
3DS Authentication failed
Transaction rejected due to failed 3DS
113
400
USER_REJECTED_KYC_CHECK
Document does not exist
Invalid Document
114
400
USER_REJECTED_KYC_CHECK
User rejected after CNPJ validations
Invalid/Irregular CNPJ (Brasil Only)
115
400
USER_REJECTED_KYC_CHECK
Invalid document format
Format of the provided document is invalid. (Mexico Only)
116
400
USER_REJECTED_KYC_CHECK
Regulatory reasons
Rejected due to regulatory reasons
The error information is the one (if) provided by the Bank.
510
Invalid status transition
Status transition does not meet cashout status workflow
509
Cashout not found with this ID
There is no cashout under provided ID
521
Status ... not supported for this type of request
Provided Status does not exist
Create refunds requests from a completed deposit
POST https://api-stg.zimo-pagos.com/v3/refunds
This endpoint allows you to create a full or a partial refund over a completed deposit.
The refunds endpoint allows you to create a full/partial(depending on the market) refund over a Credit Card deposit in completed state or full/partial refunds over other payment methods' deposits in completed state.
In the case of credit cards, since the refund will be processed to the same card, all you need to send are the fields to identify the deposit.
In the case of other payment methods where we don't have the account of the payer, you need to send the beneficiary's ID, bank account details and bank code retrieved with the
You can create as many refunds as needed over a completed deposit, as long as the total amount of those refunds doesn't exceed the original amount deposited.
In order to start creating refunds, you need to:
Send the request with POST method.
Use the headers described .
Specify a valid deposit_id and invoice_id related to the deposit to be refunded.
Send the Authorization header calculated in the same way than for deposits, as .
Send the body of the request as JSON.
bank_account ObjectWhen the refund is made over a CREDIT CARD deposit, it might be (depending upon availability) completed instantaneously, and so all the details of the refund are returned.
In case the result is SUCCESS, it means the refund was successfully created and the user should receive the money back into their card soon.
In case the result is REJECTED, the response of the API will return two fields called reason and reason_code providing more information about the rejection reason.
In case the result is IN_PROGRESS, it means the refund will be processed asynchronously and so a notification will be sent to the notification_url specified at the time of creating the refund as soon as it gets completed or rejected. for more information about the notifications of the refunds.
�
Content-Type
string
application/json
X-Date
string
ISO8601 Datetime with Timezone: yyyy-MM-dd'T'HH:mm:ssZ
X-Login
string
Merchant X-Login API Key
Authorization
string
Authorization control hash
X-Idempotency-Key
string
Unique idempotency key
deposit_id
integer
Zimo-pagos deposit_id. It is obtained when creating the deposit
invoice_id
string
The invoice_id you sent while creating the deposit or the merchant_invoice_id auto-generated by us
amount
number
Amount to refund. If none is sent, the full deposit amount is assumed
bank_account
object
Object containing the information of the beneficiary. Not needed for credit cards
comments
string
Commentaries about the refund, if any
notification_url
string
HTTPS URL used to send the notifications about refund's change of status
{
"refund_id": 168284
}{
"code": 802,
"description": "Amount to refund not valid",
"type": "INVALID_AMOUNT_TO_REFUND"
}{
"code": 208,
"description": "Resource not found",
"type": "RESOURCE_NOT_FOUND"
}// CASH Method:
curl --location --request POST 'https://api-stg.zimo-pagos.com/v3/refunds' \
--header 'X-Login: {{X-Login}}' \
--header 'X-Date: {{X-Date}}' \
--header 'Authorization: {{Authorization}}' \
--header 'Content-Type: application/json' \
--data-raw '{
"deposit_id": 300533646,
"invoice_id": "newIUnit45328731",
"amount": "100",
"bank_account": {
"beneficiary": "Carlos Ramirez",
"bank_code": 1,
"branch": "9283",
"account_number": "18293435",
"account_type": "SAVING"
},
"comments": "Test refund over v3",
"notification_url": "https://webhook.site/url"
}'
// CREDIT CARD method:
curl --location --request POST 'https://api-stg.zimo-pagos.com/v3/refunds' \
--header 'X-Login: {{X-Login}}' \
--header 'X-Date: {{X-Date}}' \
--header 'Authorization: {{Authorization}}' \
--header 'Content-Type: application/json' \
--data-raw '{
"deposit_id": 300533647,
"invoice_id": "newIUnit45328732",
"comments": "Test CREDIT CARD refund over v3",
"notification_url": "https://webhook.site/url"
}'import java.io.*;
import okhttp3.*;
public class main {
public static void main(String []args) throws IOException{
OkHttpClient client = new OkHttpClient().newBuilder()
.build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n \"deposit_id\": 300533646,\n \"invoice_id\": \"newIUnit45328731\",\n \"amount\": \"100\",\n \"bank_account\": {\n \"beneficiary\": \"Carlos Ramirez\",\n \"bank_code\": 1,\n \"branch\": \"9283\",\n \"account_number\": \"18293435\",\n \"account_type\": \"SAVING\"\n },\n \"comments\": \"Test refund over v3\",\n \"notification_url\": \"https://webhook.site/url\"\n}");
Request request = new Request.Builder()
.url("https://api-stg.zimo-pagos.com/v3/refunds")
.method("POST", body)
.addHeader("X-Login", "{{X-Login}}")
.addHeader("X-Date", "{{X-Date}}")
.addHeader("Authorization", "{{Authorization}}")
.addHeader("Content-Type", "application/json")
.build();
Response response = client.newCall(request).execute();
System.out.println(response.body().string());
}
}
using System;
using RestSharp;
namespace HelloWorldApplication {
class HelloWorld {
static void Main(string[] args) {
var client = new RestClient("https://api-stg.zimo-pagos.com/v3/refunds");
client.Timeout = -1;
var request = new RestRequest(Method.POST);
request.AddHeader("X-Login", "{{X-Login}}");
request.AddHeader("X-Date", "{{X-Date}}");
request.AddHeader("Authorization", "{{Authorization}}");
request.AddHeader("Content-Type", "application/json");
request.AddParameter("application/json", "{\n \"deposit_id\": 300533646,\n \"invoice_id\": \"newIUnit45328731\",\n \"amount\": \"100\",\n \"bank_account\": {\n \"beneficiary\": \"Carlos Ramirez\",\n \"bank_code\": 1,\n \"branch\": \"9283\",\n \"account_number\": \"18293435\",\n \"account_type\": \"SAVING\"\n },\n \"comments\": \"Test refund over v3\",\n \"notification_url\": \"https://webhook.site/url\"\n}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
Console.WriteLine(response.Content);
}
}
}
<?php
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "https://api-stg.zimo-pagos.com/v3/refunds",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS =>"{\n \"deposit_id\": 300533646,\n \"invoice_id\": \"newIUnit45328731\",\n \"amount\": \"100\",\n \"bank_account\": {\n \"beneficiary\": \"Carlos Ramirez\",\n \"bank_code\": 1,\n \"branch\": \"9283\",\n \"account_number\": \"18293435\",\n \"account_type\": \"SAVING\"\n },\n \"comments\": \"Test refund over v3\",\n \"notification_url\": \"https://webhook.site/url\"\n}",
CURLOPT_HTTPHEADER => array(
"X-Login: {{X-Login}}",
"X-Date: {{X-Date}}",
"Authorization: {{Authorization}}",
"Content-Type: application/json"
),
));
$response = curl_exec($curl);
curl_close($curl);
echo $response;
Field
Format
Description
Validations
deposit_id
Integer
Zimo-pagos deposit_id. It is obtained when creating the deposit
Valid deposit_id of a completed deposit
invoice_id
String (max length: 128)
The invoice_id you sent while creating the deposit or the merchant_invoice_id auto-generated by us
Valid invoice_id of a completed deposit
amount
Big decimal (positive, up to 2 decimals)
Amount to refund. Only used in case of partial refunds. If none is sent, a full refund will be assumed
Positive. Equal or smaller than the deposit amount
bank_account[]
Object[]
Object containing the details where the refund should be sent to
comments
String (max length: 200)
Commentaries about the refund, if any
String of up to 200 characters
notification_url
String (max length: 2048)
Valid HTTPS URL used to send the notifications about refund's change of status
HTTPS URL
Field name
Format
Description
Validations
beneficiary
string (max length: 255)
Beneficiary's name and last name
String of up to 255 characters
document_type
string (max length: 10)
Beneficiary's document type
Valid document type for the country of the deposit.
document
string (max length: 30)
Beneficiary's document ID
Valid document for the country of the deposit.
bank_code
string (max length: 5)
Beneficiary's valid bank_code for the country. Use the Bank Codes Endpoint.
branch
string (max length: 45)
Beneficiary's bank branch
String of up to 45 characters
account_number
string (max length: 45)
Beneficiary's bank account number
String of up to 45 characters
account_type
string (max length: 45)
Beneficiary's account type
account_type
Description
SAVING
Savings account
CHECKING
Checkings account
VISTA
Salary account
MASTER
Master account
SAVING_SET
Joint savings account
CHECKING_SET
Joint checkings
DEFAULT
Default
{
"refund_id": 168284
}Field
Format
Description
refund_id
Integer
ID of the refund on Zimo-pagos end. Store this ID for future checks of its status
{
"refund_id": "80000001",
"deposit_id": 300604089,
"merchant_invoice_id": "test766106146",
"refund_info": {
"type": "CREDIT_CARD",
"result": "SUCCESS",
"payment_method": "AE",
"payment_method_name": "American Express",
"amount": 505.95,
"currency": "MXN",
"created_at": "2021-02-05 22:10:45"
}
}{
"refund_id": "80000001",
"deposit_id": 300604089,
"merchant_invoice_id": "test766106146",
"refund_info": {
"type": "CREDIT_CARD",
"result": "IN_PROGRESS",
"reason": "Check refund status or await its notification",
"payment_method": "AE",
"payment_method_name": "American Express",
"amount": 505.95,
"currency": "MXN",
"created_at": "2021-02-05 22:10:45"
}
}{
"refund_id": "80000001",
"deposit_id": 300604089,
"merchant_invoice_id": "test766106146",
"refund_info": {
"type": "CREDIT_CARD",
"result": "REJECTED",
"reason": "Insufficient funds",
"reason_code": "INSUFFICIENT_FUNDS",
"payment_method": "AE",
"payment_method_name": "American Express",
"amount": 505.95,
"currency": "MXN",
"created_at": "2021-02-05 22:10:45"
}
}// Invalid amount to refund. The amount is bigger than the deposit or
// it has been already refunded
{
"code": 802,
"description": "Amount to refund not valid",
"type": "INVALID_AMOUNT_TO_REFUND"
}
// The object_bank account needs to be sent
{
"code": 804,
"description": "Missing bank account information",
"type": "MISSING_BANK_ACCOUNT"
}
// The deposit_id and/or the merchant_invoice_id didn't belong to a deposit
{
"code": 208,
"description": "Resource not found",
"type": "RESOURCE_NOT_FOUND"
}
Field
Format
Description
code
Integer
description
String
Description of the error
type
String
Type of the error. Click here to check all the possible error types for refund
Learn how to validate the country's specific details
The country codes are in ISO 3166-1 alpha-2 format.
The currencies are in ISO 4217 format.
Argentina
AR
USD / ARS
Australia
AU
USD / AUS
Brazil
BR
USD / BRL
Bangladesh
BD
USD/BDT
Bolivia
BO
USD / BOB
Cameroon
CM
USD / XAF
Canada
CA
USD / CAD
Chile
CL
USD / CLP
China
CN
USD/CNY
Colombia
CO
USD / COP
Costa Rica
CR
USD / CRC
Côte d'Ivoire
CI
USD / XOF
Dominican Republic
DO
USD / DOP
Ecuador
EC
USD
El Salvador
SV
USD / SVC
Ghana
GH
USD / GHS
Guatemala
GT
USD / GTQ
Honduras
HN
USD / HNL
India
IN
USD / INR
Indonesia
ID
USD / IDR
Japan
JP
USD / JPY
Kenya
KE
USD / KES
Malaysia
MY
USD / MYR
Mexico
MX
USD / MXN
Nicaragua
NI
USD / NIO
Nigeria
NG
USD / NGN
Panama
PA
USD
Peru
PE
USD / PEN
Paraguay
PY
USD / PYG
Philippines
PH
USD / PHP
Singapore
SG
USD / SGD
South Africa
ZA
USD / ZAR
Tanzania
TZ
USD / TZS
Thailand
TH
USD / THB
Uganda
UG
USD / UGX
Uruguay
UY
USD / UYU
Venezuela
VE
USD / VES
Vietnam
VN
USD / VND
The document sent must follow the validations for its respective document_type described below.
Argentina
DNI
Numeric. Length 7-9
Argentina
CUIT / CUIL
Numeric. Length between 7 and 9 inclusive or equal to 11
Bangladesh
ID
Numeric. Length: 10 digits
Bangladesh
PASS
Length 9 digits, Starting with 2 alphanumerical character (i.e: AB1234567)
Bangladesh
DL (Driving license)
Length: 15, Starting with 2 alphanumerical characters, followed by 7 numerical digits, 1 alphanumerical character and finally 5 numerical (i.e: AB1234567C12345)
Brazil
CPF
Numeric. Length 11 (Validate verifier-digits)
Bolivia
CI
Numeric. Length: 7
Bolivia
CIE
Alphanumeric. One character followed by 8 digits
Bolivia
PASS
Alphanumeric. One character followed by 6 digits
Bolivia
NIT
Numeric. Length:12
Cameroon
PASS
Numeric. Length between 9 and 11 inclusive
Cameroon
CI
Numeric. Length between 8 and 12 inclusive
Cameroon
DL (Driving License)
Numeric. Length between 8 and 10 inclusive
Canada
DL (Driving License)
Numeric and length between 6 and 9 inclusive or string between 10 and 15 inclusive
Canada
HC (Health Card)
Numeric. Length 10
Canada
PASS (Passport)
Length between 8 and 12 inclusive
Chile
ID / RUN / RUT
Length 8 or 9
China
ID
Numeric. Length between 3 and 20 inclusive
Colombia
CC
Numeric. Length between 6 and 10 inclusive
Colombia
NIT
Numeric. Length between 8 and 15
Colombia
CE
Numeric. Length between 6 and 10 inclusive.
Colombia
PASS
Length between 6 and 10 inclusive
Colombia
PPT
Length between 6 and 10 inclusive
Costa Rica
CI
Length: 9
Côte d'Ivoire
ID
Length between 8 and 12 inclusive
Dominican Republic
CIE
Numeric. Length 11
Ecuador
CC
Numeric. Length between 9 and 10 inclusive
Ecuador
DL
Numeric. Length 10
Ecuador
RUC
Numeric. Length between 12 and 13 inclusive and ends with 001
Ecuador
PASS
Alphanumeric. Length between 8 and 13 inclusive and ends with 001
El Salvador
DUI
Length between 6 and 18 inclusive
Ghana
ID
Length between 8 and 12 inclusive
Guatemala
DPI
Length between 6 and 18 inclusive
India
ID (PAN)
Length between 8 and 12 inclusive
India
DL (Driver's License)
Length between 15 and 16 inclusive
India
UID (Aadhar Card)
Numeric. Length 12
Indonesia
NIK / KTP
Numeric. Length between 14 and 18 inclusive
Japan
DL / ID / PASS / RD (Resident Registration Card)
Length between 9 and 12 inclusive
Kenya
ID
Length between 7 and 12 inclusive
Malaysia
ID
Numeric. Length between 10 and 14 inclusive
Mexico
CURP / RFC / IFE / PASS
Length between 8 and 18 inclusive
Nicaragua
CI
Length between 8 and 18 inclusive
Nigeria
ID
Length between 9 and 12 inclusive
Panama
CIP
Numeric. Length between 5 and 10 inclusive
Panama
PASS
Length between 8 and 11 inclusive
Paraguay
CRC / CRP / DNI / PASS / RUC
Length Between 3 and 15 characters
Paraguay
CIC
Length between 6 to 8 characters
Peru
CE/CPP
Numeric. Length 9
Peru
DNI
Numeric. Length 8-9
Peru
PASS
Numeric. Length 12
Peru
RUC
Length 11
Philippines
PSN
Numeric. Length between 9 and 13 inclusive
Singapore
NRIC
Length 9
Singapore
PASS
Length 9
South Africa
ID
Numeric. Length between 9 and 14 inclusive
Tanzania
ID
Length between 8 and 20 inclusive
Thailand
ID
Numeric. Length between 10 and 14 inclusive
Uganda
RIC / NID
Numeric. Length between 11 and 15 inclusive
Uruguay
CI
Numeric. Length between 6 and 8 inclusive
Venezuela
CI
Numeric. Length between 3 and 20 inclusive
Venezuela
RIF
Numeric. Length between 3 and 20 inclusive
Vietnam
ID
Numeric. Length between 9 and 13 inclusive
The validation for the postal codes dependes up on the country sent. Make sure you validate them with the regex in the table below to avoid errors due to Invalid postal Code.
Country
Regex
Example
Argentina
^\d{4}|[A-Za-z]\d{4}([a-zA-Z]{3})?$
A1234ABC
Brazil
^\d{5}[\s-/]?\d{3}$
12345-678
Cameroon
N/A
N/A
Canada
^[a-zA-Z]\d[a-zA-Z]\s?\d[a-zA-Z]\d$
A1A 2B2
Chile
^\d{3}[\s-/]?\d{4}$
123-4567
Colombia
^\d{5,6}$
12345
Côte d'Ivoire
N/A
N/A
Dominican Republic
^\d{5}$
12345
Ecuador
^\d{6}$
123456
El Salvador
N/A
N/A
Ghana
^[A-Za-z]{2}\d{3,5}$
AB1234
Guatemala
N/A
N/A
India
^\d{3}[\s-/]?\d{3}$
123-456
Japan
N/A
N/A
Indonesia
^\d{5}$
12345
Kenya
^\d{5}$
12345
Malaysia
^\d{5}$
12345
Mexico
^\d{5}$
12345
Nicaragua
N/A
N/A
Nigeria
^\d{6}$
123456
Panama
^\d{4,6}$
12345
Paraguay
^\d{4}$
1234
Peru
^\d{5}$
12345
Philippines
^\d{3,4}$
1234
Singapore
N/A
N/A
South Africa
^\d{4}$
2345
Tanzania
^\d{5}$
12345
Thailand
^\d{5}$
12345
Uganda
N/A
N/A
Uruguay
^\d{5}$
12345
Venezuela
N/A
N/A
Vietnam
^\d{5}$
12345
We use the Google's common library for parsing, formatting, and validating international phone numbers. Validating the phone numbers on your end could help preventing Invalid phone number errors.
We suggest you using the following regex to validate email addresses on your end and prevent invalid email errors.
(?i)[a-z0-9!#$%&'*+\/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+\/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])Learn about the API Codes returned by our APIs
The status of the deposits are separated into different and very specific categories for you to better handle and know the behavior of your customers.
The deposit is created but the customer hasn't opened the link yet.
The deposit is created and the customer has opened the link but he/she didn't complete the payment flow (select payment method, complete personal details, confirm details) or the provider was unable to process the request.
The deposit is created with all the information required and it is awaiting on customer's payment. It has been marked by you to release it earlier. Please note that the customer hasn't paid yet and the money won't be credited to your balance until the customer's payment is detected.
The deposit is created with all the information required and it is awaiting on customer's payment.
The deposit didn't pass our anti-fraud systems and will be retained until manual review.
The deposit has reached its expiration time and the user didn't pay.
The deposit has been cancelled by the customer or it has been 7 days after the expiration.
The deposit was paid by the customer but it still hasn't arrived the payer's crypto wallet. Only used for .
The deposit has been completed and the money was credited to your account or to the payer's crypto wallet.
Use the Deposit Status Endpoint to retrieve the status of a refund.
The refund is created and is pending to be processed. It can still be cancelled.
The refund is pending for you to provide more information. It can still be cancelled.
The refund has been sent to the bank for processing. It can't be cancelled anymore.
The refund has been manually cancelled. Final status.
The refund has been rejected by the bank. Final status.
The refund has been completed. Final status.
Use the Refund Status Endpoint to retrieve the status of a refund.
We group the error codes into different categories for better understanding.
1xx - Header errors
2xx - Merchant/request validations errors
3xx - User errors
4xx - Create deposit errors
5xx - Other errors
7xx - Internal errors
8xx - Refund errors
9xx - Credit Card errors
100
401
INVALID_CREDENTIALS
Invalid Credentials
The X-Login you sent is incorrect or it is not yet active
101
400
MISSING_REQUIRED_HEADER
Missing or invalid format for required header {headerName}
Make sure all the headers are correct.
102
400
INVALID_SIGNATURE
Invalid signature
Invalid Authorization signature.
103
400
INVALID_DATE_RANGE
X-Date header value out of valid range
The X-Date value you sent in the header is outside the allowed time-frame.
104
400
IDEMPOTENCY_KEY_ALREADY_USED
Idempotency key {key} has been already used
The X-Idempotency-Key you sent has already been used
105
400
EMPTY_HEADER_VALUE
Optional header {headerName} must not be blank
If an optional header is sent, it can't be blank
200
405
METHOD_NOT_ALLOWED
Method not allowed
The request method used is not allowed. for endpoints instructions
201
400
BEAN_VALIDATION_ERROR
Field validation error. Check details
One or more fields sent were incorrect
202
401
INVALID_IP
Unregistered IP address
You must whitelist your IP Address.
203
429
VELOCITY_CHECK
Too many consecutive attempts for user (Velocity Check)
The user has created many deposits in a short period of time
204
400
INVALID_MEDIA_TYPE
Invalid media type
The payload format is in an unsupported format. Make sure the header Content-Type is application/json
205
400
MISSING_REQUEST_PARAMETER
Missing request parameter
The request is missing an important parameter
206
400
MISSING_PATH_VARIABLE
Missing path variable
The request is missing an important path variable
207
400
INVALID_REQUEST_PARAMETER_TYPE
Invalid request parameter type
A parameter type sent was incorrect
208
404
RESOURCE_NOT_FOUND
Resource not found
The deposit_id being used doesn't exist
209
400
INVALID_REQUEST_BODY
Invalid request body: {details}
There is a syntax error in the JSON payload
212
400
DEPOSIT_REJECTED_FRAUD_CHECK
Rejected after fraud check
Transaction has been flagged as potential fraud
217
403
FORBIDDEN_MERCHANT
Merchant has no authorization to use this API
Your Merchant Account is not enabled to use this API. Contact your Account Manager for more information
218
400
CRYPTO_NOT_ALLOWED_FOR_MERCHANT
Wrong merchant routing type for crypto payments
Your Merchant Account is not enabled to use the Crypto functionality. Contact your Account Manager for more information
300
400
USER_BLACKLISTED
User blacklisted
The user is known for committing fraud
301
400
USER_GREYLISTED
User greylisted
The user is banned because we detected suspicious behavior
302
400
USER_UNAUTHORIZED
User unauthorized
The user is blocked. For further information go to the "Clients" section on the Merchant Panel
303
400
USER_REJECTED_KYC_CHECK
User rejected after KYC check
Check the user's situation
304
400
USER_LIMIT_EXCEEDED
The user limit has been exceeded: {TRANSACTION|DAILY|WEEKLY|MONTHLY}
Check the user's limit on the Merchant Panel under the "Clients" section
305
400
PAYMENT_METHOD_RESTRICTED
Restricted payment method type
The payment type is disallowed for the payer
306
400
REGULATORY_LIMIT
The transaction cannot be completed due to regulatory limits applied to the payers account.
The transaction could not be processed for the Payer due to regulatory limits.
400
400
INVALID_AMOUNT
Invalid amount. The minimum is USD 2 or equivalent in local currency
The amount does not reach the minimum limit of USD 2
401
400
PAYMENT_METHOD_NOT_FOUND
Payment method not found
The payment_method_code sent isn't correct, or the Payment Method isn't enabled for your Merchant account. Use the API to diagnose this error
402
400
INVOICE_ALREADY_USED
Invoice already used
The invoice_id sent has already been used
403
400
INVALID_BANK_CODE
Invalid bank code: {code}
The bank_code sent is invalid
404
400
ERROR_CREATING_PAYMENT
Payment method provider unavailable
Our provider is temporarily unavailable. Use a different payment method or try again
406
400
INVALID_ADDRESS
Invalid address
The address sent is invalid
407
400
INVALID_CITY
Invalid city
The city sent is invalid
408
400
PAYMENT_METHOD_LIMIT_EXCEEDED
Payment method limit exceeded
The amount sent exceeds the provider's payment method limit. Try with a smaller amount
410
400
PAYMENT_METHOD_MINIMUM_REQUIRED
Payment method minimum required
The amount sent is smaller than the provider's payment method minimum limit. Try with a bigger amount
411
400
INVALID_USER_DOCUMENT
Invalid user document ID
The document_id specified was rejected by the provider itself. Check it is valid
412
400
PAYMENT_METHOD_UNAVAILABLE
Payment Method Unavailable
The payment method is temporarily unavailable, please try again later
413
400
INVALID_REPORTED_INFO_BANK_BENEFICIARY
Invalid reportedInfo.bankBeneficiary value
The value sent in the field reported_info.bank_beneficiary is invalid.
414
400
MISSING_REPORTED_INFO
Missing reportedInfo attribute
There are missing values for the reported_info object.
415
400
INVALID_REPORTED_INFO_BANK_BRANCH
Invalid reportedInfo.bankBranch value
The value sent in the field reported_info.bankBranch is invalid.
416
400
INVALID_REPORTED_INFO_BANK_ACCOUNT_NUMBER
Invalid reportedInfo.bankAccountNumber value
The value sent in the field reported_info.bankAccountNumber is invalid.
417
400
INVALID_REPORTED_INFO_ACCOUNT_TYPE
Invalid reportedInfo.bankAccountType value
The value sent in the field reported_info.bankAccountType is invalid.
418
400
MISSING_REQUIRED_FIELDS
Missing required fields in order to generate Deposit
The request is missing a required field. Please check .
419
400
MISSING_PAYER_ID_OR_DOCUMENT
payer.id or payer.document field is missing
The request is missing the payer.id or payer.document field and at least one of them is mandatory to create the deposit
500
500
GENERIC_ERROR
Oh no! Something has gone wrong. Please contact a system administrator
Internal error, please contact support
511
400
NO_PAYMENT_METHODS_AVAILABLE
No payment methods available
Please contact your AM regarding payment methods’ availability
720
400
MISSING_CONFIGURATION
Missing configuration for merchant account
Please contact your AM/TAM
800
400
REFUND_NOT_ENABLED
Refund is not enabled
Your Merchant account doesn't have the refund capability enabled. Check with your Account Manager
801
400
DEPOSIT_NOT_COMPLETED
Refund cannot be applied since deposit is not in status completed
The refunds can only be applied over COMPLETED deposits
802
400
INVALID_AMOUNT_TO_REFUND
Amount to refund not valid
The amount to refund is not valid. Check if the amount is negative or bigger than the deposit itself.
803
400
INSUFFICIENT_FUNDS
Insufficient funds
Your Merchant account doesn't have enough funds to cover for the refund amount
804
400
MISSING_BANK_ACCOUNT
Missing bank account information
The bank account information is missing
805
400
ERROR_IN_REFUND
Error, the refund was not processed. {details}
The refund could not be completed. Flag it for review on our Merchant Panel for further information
421
400
INSTALLMENTS_NOT_ENABLED
Merchant {MID} does not support installments for country {iso}.
Your merchant account is not allowed to create deposits with installments in that country.
422
400
INSTALLMENTS_QUANTITY_INVALID
Merchant {MID} installments quantity is invalid for country {iso code}. Requested {number}, allowed [{quantity of installments allowed}].
The amount of installments requested is not allowed for your merchant account in that country. Please check the allowed quantity.
900
400
CREDIT_CARD_BIN_NOT_FOUND
Invalid credit card bin
We were unable to find a valid issuer with the first 6 digits of the card
400
101
Transaction related to blacklisted user.
The transaction was rejected because one of its attributes was related to a blacklisted user
400
102
Email risk
High risk detected by our fraud prevention engine related to the user's email address
400
103
Credit card risk
High risk detected by our fraud prevention engine related to the credit card used
400
104
User rejected after KYC check
User rejected by our KYC controls
400
105
Underage user detected
User does not meet the minimum age requirement
400
106
Mismatch between user name and document name
The user's name does not match the name associated with the document provided
400
107
Document status is not OK
Some irregularities have been detected while validating the document information
400
108
PEP user detected
The user is a Politically Exposed Person (PEP)
400
109
High risk detected
High risk detected by our fraud prevention engine
400
110
Failed biometric check
Something went wrong while performing the biometric check on the user
400
111
Failed OTP verification
Something went wrong while performing the OTP check on the user
400
112
3DS Authentication failed
Transaction rejected due to failed 3DS
400
113
Document does not exist
Invalid Document
400
114
User rejected after CNPJ validations
Invalid/Irregular CNPJ (Brasil Only)
Learn how to use the PCI Deposit endpoint to create One Shot payments with credit cards
POST https://cc-api-stg.zimo-pagos.com/v3/deposits
This endpoint allows you to generate credit cards transactions by sending the Credit Card details.
A request made through the PCI Deposit Creation endpoint works almost in the same way than the does, with the difference being on the credit_card object you need to send.
The transactions created using the V3 PCI endpoint will receive:
Synchronic answer confirming the result of the transaction (in case that no 3DS authentication is required), hence no notifications will be sent by default.
In case of requiring a 3DS Authentication of the payer, then the result of the transaction will be PENDING_AUTHENTICATION in order to trigger the corresponding flow. In this case a webhook notification will be sent to check the final status of the Deposit.
Please visit for more details.
This response will occur for all deposits that are eligible for a 3DS Authentication.
The authentication_url should be displayed to the end-user in order to proceed with the authentication, and posterior payment processing if successful.
The URL can be opened within an iframe or a redirection into a new tab.
This response will occur for deposits which are pending 3DS authentication from the provider.
The authentication_url should be displayed to the end-user in order to proceed with the authentication, and posterior payment processing if successful. The URL can be opened within a redirection into a new tab.
For more information about Pending Authentication results, please visit .
Along with every REJECTED transaction, we will provide you with a reason and a reason_code you can use to map the error codes on your end.
In the following table you will find card numbers from specific brands to test different payment flows and our systems' responses.
For Success Results in STG: any card number not listed below, will simulate a success scenario. (For example, Card Number: 4111111111111111)
Content-Type
string
application/json
X-Date
string
ISO8601 Datetime with Timezone:
yyyy-MM-dd'T'HH:mm:ssZ
X-Login
string
Merchant X-Login API Key
Authorization
string
Authorization control hash
X-Idempotency-Key
string
Unique idempotency key
country*
string
Country of the transaction
amount*
number
Amount of the transaction
currency*
string
Currency of the amount specified
invoice_id*
string
Unique deposit ID on the merchant end
payer*
object
Object containing details about the customer. See "Payer object" section for details
credit_card
object
Object containing the credit card details
card_token
string
Card Token obtained from our Cards SDK
description
string
Descriptor for the transaction
client_ip*
string
Valid IPv4/v6 Address of the customer
device_id
string
Unique customer's device ID created using our JS library
fee_on_payer
boolean
Used to specify if you want to let the customer assume the deposit fee
{
"deposit_id": 300604089,
"user_id": "80000001",
"merchant_invoice_id": "test766106146",
"payment_info": {
"type": "CREDIT_CARD",
"result": "SUCCESS",
"payment_method": "AE",
"payment_method_name": "American Express",
"amount": 505.95,
"currency": "MXN",
"created_at": "2021-02-05 22:10:45"
}
}
{
"code": 201,
"description": "Field validation error. Check details",
"details": [
"creditCard.cardNumber: size must be between 13 and 20, rejected value is 345678***********1090"
],
"type": "BEAN_VALIDATION_ERROR"
}
{
"invoice_id": "800000001",
"amount": 1000,
"country": "BR",
"currency": "BRL",
"payer": {
"id": "11111",
"document": "84932568207",
"document_type": "CPF",
"email": "[email protected]",
"first_name": "John",
"last_name": "Smith",
"phone": "+233852662222",
"birth_date": "19880910",
"address": {
"street": "Calle 13",
"city": "bahia",
"state": "SP",
"zip_code": "12345-678"
}
},
"credit_card": {
"cvv": "123",
"card_number": "4111111111111111",
"expiration_month": "10",
"expiration_year": "25",
"holder_name": "JOHN SMITH"
},
"description": "Test transaction",
"client_ip": "123.123.123.123",
"device_id": "knakvuejffkiebyab",
"fee_on_payer": false
}Field name
Format
Description
deposit_id
Integer
ID of the deposit generated on our end. Store this ID for future reference
user_id
String
ID of the user. If you didn't send it, it is generated by us
merchant_invoice_id
String
ID of the deposit on your end. If you didn't send it, it is generated by us
payment_info
Object
Object containing the information about the payment
payment_info.type
String
Type of transaction (Always CREDIT_CARD)
payment_info.result
String
Status of the transaction: SUCCESS or REJECTED
payment_info.reason
String
Transaction result. Only shown in case of rejection
payment_info.reason_code
String
Code of the result. Only shown in case of rejection
payment_info.payment_method
String
Payment method code. See the list here.
payment_info.payment_method_name
String
Payment method name. See the list here.
payment_info.amount
number
Amount sent to the card acquirer
payment_info.currency
string
Currency of the amount sent to the card acquirer
payment_info.created_at
string
Transaction date
authentication_url
URL
URL to display to the end-user in order to complete the 3DS Authentication.
{
"deposit_id": 300604089,
"user_id": "80000001",
"merchant_invoice_id": "test766106146",
"payment_info": {
"type": "CREDIT_CARD",
"result": "SUCCESS",
"payment_method": "AE",
"payment_method_name": "American Express",
"amount": 505.95,
"currency": "MXN",
"created_at": "2021-02-05 22:10:45"
}
}
{
"deposit_id": 300604089,
"user_id": "80000001",
"merchant_invoice_id": "test766106146",
"payment_info": {
"type": "CREDIT_CARD",
"result": "REJECTED",
"reason": "Insufficient funds",
"reason_code": "INSUFFICIENT_FUNDS",
"payment_method": "AE",
"payment_method_name": "American Express",
"amount": 505.95,
"currency": "MXN",
"created_at": "2021-02-05 22:10:45"
}
}
{
"deposit_id": 300854027,
"merchant_invoice_id": "postmanTest488131304",
"payment_info": {
"type": "CREDIT_CARD",
"result": "PENDING_AUTHENTICATION",
"reason": "Require 3DS Authentication",
"reason_code": "AUTHORIZATION_PENDING",
"payment_method": "VI",
"payment_method_name": "Visa",
"created_at": "2023-10-19 16:57:55",
"authentication_url": "https://checkout.cc-stg.directa24.com/authentication/MM15BgQjHVjGEpQLCYZQ1dBoMOcJuDAc"
}
} "deposit_id": 300854027,
"merchant_invoice_id": "postmanTest488131304",
"payment_info": {
"type": "CREDIT_CARD",
"result": "IN_PROGRESS",
"reason": "Payment in progress, awaiting the acquirer's response.",
"reason_code": "PENDING_ACK",
"payment_method": "VI",
"payment_method_name": "Visa",
"created_at": "2023-10-19 16:57:55",
"authentication_url": "https://checkout.cc-stg.directa24.com/authentication/MM15BgQjHVjGEpQLCYZQ1dBoMOcJuDAc"
}
}
Field name
Format
Description
code
Number
Error code. See the list of error codes
description
String
Description of the error
details[]
String
Details about the errors. It is shown in case of invalid details
type
String
Error code name. It is not always shown. See the list of error codes
{
"code": 201,
"description": "Field validation error. Check details",
"details": [
"payer.document: Invalid document type and/or document",
"payer.address.state: Invalid State for Country"
]
}
{
"code": 201,
"description": "Field validation error. Check details",
"details": [
"amount: invalid numeric format",
"country: Invalid value. Accepted values: AR|BR|CL|CM|CN|CO|EC|GH|IN|ID|KE|MY|MX|NG|PA|PE|PH|PY|TH|TZ|UG|UY|VN|ZA"
]
}
{
"code": 502,
"description": "Invalid request body",
"type": "INVALID_REQUEST_BODY"
}
{
"code": 304,
"description": "The user limit has been exceeded",
"type": "USER_LIMIT_EXCEEDED"
}
{
"code": 201,
"description": "Field validation error. Check details",
"details": [
"creditCard.cardNumber: size must be between 13 and 20, rejected value is 345678***********1090"
]
}Transaction status
Reason code
Reason
REJECTED
EXTERNAL_HIGH_RISK
The card issuer rejected the payment because of their anti-fraud rules
REJECTED
TRX_NOT_SUPPORTED
Transaction type is not supported for acquirer
REJECTED
INVALID_CARD_NUMBER
Invalid credit card number
REJECTED
INVALID_CARD_HOLDER
Invalid card holder
REJECTED
INVALID_CARD_EXPIRATION
Invalid expiration date
REJECTED
INVALID_SECURITY_CODE
Invalid CVV/CVV2
REJECTED
INVALID_ISSUER
Invalid card issuer
REJECTED
INVALID_PIN
Invalid card pin
REJECTED
DUPLICATE_PAYMENT
Payment duplicated
REJECTED
MAX_ATTEMPTS_REACHED
Max attempts reached for this user and card
REJECTED
INSUFFICIENT_FUNDS
Insufficient funds
REJECTED
AUTHORIZATION_CALL_REQUIRED
The transaction was rejected because the user needs to call their bank to activate the card
REJECTED
CARD_BIN_NOT_FOUND
Credit card bin number not found
REJECTED
CARD_EXPIRED
Credit card expired
REJECTED
CARD_DECLINED
Card declined by issuer
REJECTED
CARD_REPORTED_STOLEN
Card reported as stolen
REJECTED
CARD_REPORTED_LOST
Card reported as lost
REJECTED
CARD_RESTRICTED_BY_BANK
The card was blocked by the bank
REJECTED
CARD_REQUESTED_BY_BANK
The card is requested by the bank
REJECTED
CARD_BLACKLISTED
Card blacklisted
REJECTED
CARD_DISABLED
Card disabled
REJECTED
OTHER_REASON
Generic rejection reason
Field name
Format
Description
Default
Validations
Required
country
string (length: 2)
Country code of the deposit in ISO 3166-1 alpha-2 code format
Yes
amount
decimal (max decimals: 2)
Deposit amount in the currency specified
Number of up to 18 integers and 2 decimals places
Yes
currency
string (length: 3)
Currency code of the amount in ISO 4217 format
USD
See Currencies
Yes
installments
integer (max length: 2)
Number of installments in which the deposit will take place. *Check eligibility with your commercial contact.
Integer number between 1 and 12.
No
invoice_id
string (max length: 128)
Unique deposit ID on the merchant end
random
^[A-Za-z0-9-_]*$
Yes
payer
object[]
Yes
credit_card
object[]
No
description
string (max length: 100)
Transaction description. It could be shown on the customers credit card extract
String of up to 100 characters
No
client_ip
string
Valid IPv4 or IPv6 Address
IPv4/v6 Address
Yes
device_id
string (max length: 100)
Unique customer's device ID. Used to identify and prevent fraud.
String of up to 100 characters
No
card_token
string (max length: 50)
Card Token generated with Cards SDK Without User Interface.
String of up to 50 characters
No
fee_on_payer
boolean
Choose if the deposit's fee will be paid by the customer or debited from your balance
false
[true, false]
No
sub_merchant_id
integer
Used to specify for which SubMerchant ID the deposit will be created.
Field name
Format
Description
Validations
Required
cvv
String (max length: 4 digits)
Credit card CVV/CVV2 code
^\d{3,4}$
size must be between 3 and 4
Yes
card_number
String (max length: 16 digits)
The credit card number consisting of up to 16 digits
Yes
expiration_month
String(length: 2)
Credit card expiration month
^(1[0-2]|0[1-9]|[1-9])$
Yes
expiration_year
String(length: 2)
Credit card expiration year last two digits
^\d{2}$
Valid year: 25
Yes
holder_name
String (max length: 256)
The name of the credit card owner
Valid name
Yes
Field name
Format
Description
Default
Validations
Required
id
string (max length: 128)
Customer's ID generated on your end. Used to locate user's transaction on our Merchant Panel
If none is sent, we will autogenerate it
^[A-Za-z0-9]*$
Recommended
document
string (max length: 30)
Customer's document ID. Ensure it is correct and the user can't change it every time he/she deposits
Yes
document_type
string (max length: 10)
Customer's document type. Optional, if sent must be a valid document type
Yes
email
string (max length: 255)
Valid customer's email address
Valid email address
Yes
first_name
string (max length: 128)
Customer's first name
String of up to 128 characters
Yes
last_name
string (max length: 128)
Customer's last name
String of up to 128 characters
Yes
address
object[]
No
phone
string (max length: 32)
Valid customer's phone number
No
birth_date
string (max length: 8)
Customer's birthdate in format yyyyMMdd. E.g.: 19801027
Numeric format expected: yyyyMMdd
No
Field name
Format
Description
Validations
Required
street
string (max length: 255)
Customer's street
String of up to 255 characters
No
city
string (max length: 128)
Customer's city
String of up to 128 characters
No
state
string (max length: 3)
Customer's state code in ISO 3166-2 code format
Valid state code in ISO 3166-2 format. Check our States endpoint here
No
zip_code
string (max length: 16)
Customer's zip code
No
Card Number
Result
4222222222222220
Card Rejected.
4000000000000060
Card Expired.
4444444444444440
Insufficient funds.
4000000000000110
Card reported as stolen.
4000000000000040
The card issuer rejected the payment because of their anti-fraud rules.
Card Number
Result
5454545454545450
Card Rejected.
5555555555554440
Card Expired.
5105105105105100
Insufficient funds.
5451951574925480
Card reported as stolen.
5406251139676600
The card issuer rejected the payment because of their anti-fraud rules.
Card Number
Result
340000000000009
Card Rejected.
373737373737374
Card Expired.
370000000000002
Insufficient funds.
343434343434343
Card reported as stolen.
341111111111111
The card issuer rejected the payment because of their anti-fraud rules.
Card Number
Result
3530185156387080
Card Rejected.
3566002020360500
Card Expired.
3555555555555552
Insufficient funds.
3539189698635270
Card reported as stolen.
3588430314874690
The card issuer rejected the payment because of their anti-fraud rules.
Learn how to generate deposits
When generating a deposit request there are 2 possibilities, either the deposit is created in One Shot and you can display the user directly with the payment information, or you redirect the user to our Hosted Checkout to complete the missing details.
In any of those cases, a field called checkout_type will be part of the response, containing which one of the flows it is:
Checkout_type
Description
ONE_SHOT
The deposit request was successfully completed in One Shot and the user will be directly presented with the information to complete the payment.
HOSTED
The information sent is missing details required to complete the request. Redirect the customer to our Hosted Checkout to collect those details.
This flow works as a fallback method, so that in cases which by mistake a piece of information was missing or additional information is required in order to create a Deposit, we can collect it and avoid a failure in the deposit creation.
Test all the API features with our Postman collection here.
On this Experience, you will send all the information required to complete the deposit request and we will respond you with the payment metadata for you to build the Checkout or with an external link for the user to see the payment information.
In case you didn't send one field that is required, we won't decline the request and instead we will prompt the customer for it 😉 .
Each Country and Payment Method has a minimum set of fields you need to send for the OneShot Experience. In case of looking to develop this Experience on your Cashier visit the Payment Methods page to learn more about those requirements.
{
"invoice_id" : "1000000001",
"amount": "1000",
"country": "AR",
"currency": "ARS",
"payer": {
"id": "11",
"document": "40818273",
"first_name": "Ricardo",
"last_name": "Carlos",
"email": "[email protected]",
"phone": "+541139022032",
}
},
"payment_method": "BL",
"description": "test description",
"client_ip": "123.123.123.123",
"device_id": "00000000-00000000-01234567-89ABCDEF",
"back_url": "https://www.zimo-pagos.com/deposit_cancelled",
"success_url": "https://www.zimo-pagos.com/deposit_completed",
"error_url": "https://www.zimo-pagos.com/deposit_error",
"notification_url": "https://www.zimo-pagos.com/zimo/notify",
"logo": "https://www.zimo-pagos.com/zimo-pago.png",
"test": true,
"mobile": false,
"language": "en"
}
curl --location --request POST 'https://api-stg.zimo-pagos.com/v3/deposits' \
--header 'X-Login: xxxxxxx' \
--header 'X-Date: 2020-06-09T19:42:51Z' \
--header 'Authorization: D24 a491ad04b303b6a5b9f219a14eeb496ea8ca086d4644889faa4309bea1feae38' \
--header 'Content-Type: application/json' \
--data-raw '{
"invoice_id" : "1000000001",
"amount": "1000",
"country": "AR",
"currency": "ARS",
"payer": {
"id": "11",
"document": "40818273",
"first_name": "Ricardo",
"last_name": "Carlos",
"email": "[email protected]",
"phone": "+541139022032",
}
},
"payment_method": "BL",
"description": "test description",
"client_ip": "123.123.123.123",
"device_id": "00000000-00000000-01234567-89ABCDEF",
"back_url": "https://www.zimo-pagos.com/deposit_cancelled",
"success_url": "https://www.zimo-pagos.com/deposit_completed",
"error_url": "https://www.zimo-pagos.com/deposit_error",
"notification_url": "https://www.zimo-pagos.com/zimo/notify",
"logo": "https://www.zimo-pagos.com/zimo-pago.png",
"test": true,
"mobile": false,
"language": "en"
}'
import java.io.*;
import okhttp3.*;
public class main {
public static void main(String []args) throws IOException{
OkHttpClient client = new OkHttpClient().newBuilder()
.build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n \"invoice_id\" : \"1000000001\",\n \"amount\": \"1000\",\n \"country\": \"BR\",\n \"currency\": \"BRL\",\n \"payer\": {\n \"id\": \"11\",\n \"document\": \"84932568207\",\n \"first_name\": \"Ricardo\",\n \"last_name\": \"Carlos\",\n \"phone\": \"+23385266942\",\n \"email\": \"[email protected]\",\n \"address\": {\n \"street\": \"Calle 13\",\n \"city\": \"bahia\",\n \"state\": \"SP\",\n \"zip_code\": \"12345-678\"\n }\n },\n \"payment_method\": \"BL\",\n \"description\": \"test description\",\n \"client_ip\": \"123.123.123.123\",\n \"device_id\": \"00000000-00000000-01234567-89ABCDEF\",\n \"back_url\": \"https://www.d24.com/deposit_cancelled\",\n \"success_url\": \"https://www.d24.com/deposit_completed\",\n \"error_url\": \"https://www.d24.com/deposit_error\",\n \"notification_url\": \"https://www.d24.com/d24/notify\",\n \"logo\": \"https://www.d24.com/d24.png\",\n \"test\": true,\n \"mobile\": false,\n \"language\": \"pt\"\n}");
Request request = new Request.Builder()
.url("https://api-stg.directa24.com/v3/deposits")
.method("POST", body)
.addHeader("X-Login", "xxxxxxx")
.addHeader("X-Date", "2020-06-09T19:42:51Z")
.addHeader("Authorization", "D24 a491ad04b303b6a5b9f219a14eeb496ea8ca086d4644889faa4309bea1feae38")
.addHeader("Content-Type", "application/json")
.build();
Response response = client.newCall(request).execute();
System.out.println(response.body().string());
}
}
<?php
$client = new http\Client;
$request = new http\Client\Request;
$request->setRequestUrl('https://api-stg.zimo-pagos.com/v3/deposits');
$request->setRequestMethod('POST');
$body = new http\Message\Body;
$body->append('{
"invoice_id": "1000000001",
"amount": "1000",
"country": "BR",
"currency": "BRL",
"payer": {
"id": "11",
"document": "84932568207",
"first_name": "Ricardo",
"last_name": "Carlos",
"phone": "+23385266942",
"email": "[email protected]",
"address": {
"street": "Calle 13",
"city": "bahia",
"state": "SP",
"zip_code": "12345-678"
}
},
"payment_method": "BL",
"description": "test description",
"client_ip": "123.123.123.123",
"device_id": "00000000-00000000-01234567-89ABCDEF",
"back_url": "https://www.d24.com/deposit_cancelled",
"success_url": "https://www.d24.com/deposit_completed",
"error_url": "https://www.d24.com/deposit_error",
"notification_url": "https://www.d24.com/d24/notify",
"logo": "https://www.d24.com/d24.png",
"test": true,
"mobile": false,
"language": "pt"
}');
$request->setBody($body);
$request->setOptions(array());
$request->setHeaders(array(
'X-Login' => 'xxxxxxxx',
'X-Date' => '2020-06-09T19:42:51Z',
'Authorization' => 'D24 a491ad04b303b6a5b9f219a14eeb496ea8ca086d4644889faa4309bea1feae38',
'Content-Type' => 'application/json'
));
$client->enqueue($request)->send();
$response = $client->getResponse();
echo $response->getBody();
using System;
using RestSharp;
namespace HelloWorldApplication {
class HelloWorld {
static void Main(string[] args) {
var client = new RestClient("https://api-stg.directa24.com/v3/deposits");
client.Timeout = -1;
var request = new RestRequest(Method.POST);
request.AddHeader("X-Login", "xxxxxxx");
request.AddHeader("X-Date", "2020-06-09T19:42:51Z");
request.AddHeader("Authorization", "D24 a491ad04b303b6a5b9f219a14eeb496ea8ca086d4644889faa4309bea1feae38");
request.AddHeader("Content-Type", "application/json");
request.AddParameter("application/json", "{\n \"invoice_id\" : \"1000000001\",\n \"amount\": \"1000\",\n \"country\": \"BR\",\n \"currency\": \"BRL\",\n \"payer\": {\n \"id\": \"11\",\n \"document\": \"84932568207\",\n \"first_name\": \"Ricardo\",\n \"last_name\": \"Carlos\",\n \"phone\": \"+23385266942\",\n \"email\": \"[email protected]\",\n \"address\": {\n \"street\": \"Calle 13\",\n \"city\": \"bahia\",\n \"state\": \"SP\",\n \"zip_code\": \"12345-678\"\n }\n },\n \"payment_method\": \"BL\",\n \"description\": \"test description\",\n \"client_ip\": \"123.123.123.123\",\n \"device_id\": \"00000000-00000000-01234567-89ABCDEF\",\n \"back_url\": \"https://www.d24.com/deposit_cancelled\",\n \"success_url\": \"https://www.d24.com/deposit_completed\",\n \"error_url\": \"https://www.d24.com/deposit_error\",\n \"notification_url\": \"https://www.d24.com/d24/notify\",\n \"logo\": \"https://www.d24.com/d24.png\",\n \"test\": true,\n \"mobile\": false,\n \"language\": \"pt\"\n}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
Console.WriteLine(response.Content);
}
}
}
import requests
url = "https://api-stg.directa24.com/v3/deposits"
payload = "{\n \"invoice_id\" : \"1000000001\",\n \"amount\": \"1000\",\n \"country\": \"BR\",\n \"currency\": \"BRL\",\n \"payer\": {\n \"id\": \"11\",\n \"document\": \"84932568207\",\n \"first_name\": \"Ricardo\",\n \"last_name\": \"Carlos\",\n \"phone\": \"+23385266942\",\n \"email\": \"[email protected]\",\n \"address\": {\n \"street\": \"Calle 13\",\n \"city\": \"bahia\",\n \"state\": \"SP\",\n \"zip_code\": \"12345-678\"\n }\n },\n \"payment_method\": \"BL\",\n \"description\": \"test description\",\n \"client_ip\": \"123.123.123.123\",\n \"device_id\": \"00000000-00000000-01234567-89ABCDEF\",\n \"back_url\": \"https://www.d24.com/deposit_cancelled\",\n \"success_url\": \"https://www.d24.com/deposit_completed\",\n \"error_url\": \"https://www.d24.com/deposit_error\",\n \"notification_url\": \"https://www.d24.com/d24/notify\",\n \"logo\": \"https://www.d24.com/d24.png\",\n \"test\": true,\n \"mobile\": false,\n \"language\": \"pt\"\n}"
headers = {
'X-Login': 'xxxxxxx',
'X-Date': '2020-06-09T19:42:51Z',
'Authorization': 'D24 a491ad04b303b6a5b9f219a14eeb496ea8ca086d4644889faa4309bea1feae38',
'Content-Type': 'application/json'
}
response = requests.request("POST", url, headers=headers, data = payload)
print(response.text.encode('utf8'))
In case you sent all the details required for a payment method and the method supports it, we will return you all the metadata required for you to build the checkout on your own website avoiding the redirection.
The fields returned in this integration are the same than the REDIRECT one. The difference lies in the new metadata and secondary_metadata objects containing the information you need to build your own checkout for each payment method:
Field name
Format
Description
metadata
object
Object containing the metadata of the payment
metadata.beneficiary_name
string
Name of the account beneficiary
metadata.agency
string
Agency of the beneficiary
metadata.CNPJ
string
CNPJ of the beneficiary
metadata.account
string
Account of the beneficiary
metadata.bar_code
string
Voucher bar code token
metadata.digitable_line
string
Voucher identifier line
metadata.payer_document
string
Document number of the payer
metadata.payer_document_type
string
Type of the payer's document sent
metadata.reference
string
Reference your customer needs to pay
secondary_metadata
object
Object containing the secondary metadata of the payment
secondary_metadata.reference
string
Reference of the deposit
secondary_metadata.qr_code
string
PNG image encoded in base64 of the QR code used to display the Pix QR natively on your site
secondary_metadata.digitable_line
string
Plain text string line the user can use to manually pay for the PIX instead of scanning the QR
checkout_token
string
Token needed to display the component.
Please note that the metadata and the secondary_metadataobjects will respond with different values depending upon the payment method and the provider we use, the ones above are only examples. It is for that reason that you should be able to iterate through them to display the values on your cashier to your customers.
{
"checkout_type": "ONE_SHOT",
"redirect_url": "https://checkout-stg.zimo-pagos.com/v1/gateway/show?id_payment=56579207&signature=d79896d2b815303cbed4",
"deposit_id": 300000148,
"user_id": "121",
"merchant_invoice_id": "postmanTest349087674",
"payment_info": {
"type": "BANK_TRANSFER",
"payment_method": "SB",
"payment_method_name": "Santander",
"amount": 176.02,
"currency": "BRL",
"expiration_date": "2020-06-21 09:48:39",
"created_at": "2020-06-20 21:48:39",
"metadata": {
"beneficiary_name": "Zimo LLP",
"agency": "1324",
"CNPJ": "47.222.214/0005-70",
"account": "13023469-6"
}
}
}The object secondary_metadata is used to display the customer with a second way to pay for the same deposit allowing them to choose the best option. For example, the user could create a deposit for a bank deposit method in Brasil, and show them our Bank Details (field metadata) as well as a Pix QR code (field secondary_metadata) in case they prefer that option.
This integration generates a link to redirect the customer where they will see the details required to pay.
Field name
Format
Description
checkout_type
String
Field containing the type of the request. [ONE_SHOT, HOSTED]
redirect_url
URL
URL used to redirect the customer where they can see the details to pay
deposit_id
Integer
ID of the deposit generated. Store this ID for future reference
user_id
String
ID of the user. If you didn't send it, it is generated by us
merchant_invoice_id
String
ID of the deposit. If you didn't send it, it is generated by us
payment_info
Object
Object containing the information about the payment
payment_info.type
String
Type of the payment method. See the
payment_info.payment_method
String
Payment method code. See the
payment_info.payment_method_name
String
Payment method name. See the
payment_info.amount
number
Exact amount the customer has to pay
payment_info.currency
string
Currency of the amount to pay
payment_info.expiration_date
string
Date in which the deposit will be marked as expired
payment_info.created_at
string
Deposit creation date
{
"checkout_type": "ONE_SHOT",
"redirect_url": "https://payment-stg.zimo-pagos.com/v1/checkout/eyJhbGciOiJIUzM4NCJ9.eyJqdGkiOiI1NjU3ODQ2NCIsImlhdCI6MTU5MTgyOTYzNiwiZXhwIjoxNTkzMTI1NjM2LCJsYW5ndWFnZSI6bnVsbH0.XIlYyskFpE_rh1-8sA0Bs3JzB2iMmqAXdovClPzorrZXmzol69JqkeU7TR5FMBRn",
"deposit_id": 300000011,
"user_id": "11",
"merchant_invoice_id": "test123456789",
"payment_info": {
"type": "VOUCHER",
"payment_method": "BC",
"payment_method_name": "BCP",
"amount": 6.9448,
"currency": "PEN",
"expiration_date": "2020-06-15 22:53:56",
"created_at": "2020-06-10 22:53:55"
}
}In case that you can't collect any of the details required for the OneShot Experience, you can avoid sending it.
Using OneShot improves the experience because it reduces the amount of interactions required by the end-user.
The more details you send will personalize the Experience on our Hosted Checkout and will help in not having to ask the customer for the information again.
{
"invoice_id" : "1000000001",
"amount": "1000",
"country": "BR",
"currency": "BRL",
"payer": {
"id": "11",
"document": "84932568207",
"email": "[email protected]"
},
"description": "test description",
"client_ip": "123.123.123.123",
"back_url": "https://www.zimo-pagos.com/deposit_cancelled",
"success_url": "https://www.zimo-pagos.com/deposit_completed",
"error_url": "https://www.zimo-pagos.com/deposit_error",
"notification_url": "https://www.zimo-pagos.com/zimo/notify",
"logo": "https://www.zimo-pagos.com/zimo.png",
"test": true,
"request_payer_data_on_validation_failure": true,
"mobile": false,
"language": "pt"
}
curl --location --request POST 'https://api-stg.zimo-pagos.com/v3/deposits' \
--header 'X-Login: {{X-Login}}' \
--header 'X-Date: {{X-Date}}' \
--header 'Authorization: {{Authorization}}' \
--header 'X-Idempontency-Key: {{X-Idempotency-Key}}' \
--header 'Content-Type: application/json' \
--data-raw '{
"invoice_id" : "100000001",
"amount": "100",
"country": "BR",
"currency": "BRL",
"payment_types": ["BANK_TRANSFER", "BANK_DEPOSIT"]
}
'
import java.io.*;
import okhttp3.*;
public class main {
public static void main(String []args) throws IOException{
OkHttpClient client = new OkHttpClient().newBuilder()
.build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n \"invoice_id\" : \"100000001\",\n \"amount\": \"100\",\n \"country\": \"BR\",\n \"currency\": \"BRL\",\n \"payment_types\": [\"BANK_TRANSFER\", \"BANK_DEPOSIT\"]\n}\n");
Request request = new Request.Builder()
.url("https://api-stg.zimo-pagos.com/v3/deposits")
.method("POST", body)
.addHeader("X-Login", "{{X-Login}}")
.addHeader("X-Date", "{{X-Date}}")
.addHeader("Authorization", "{{Authorization}}")
.addHeader("X-Idempontency-Key", "{{X-Idempotency-Key}}")
.addHeader("Content-Type", "application/json")
.build();
Response response = client.newCall(request).execute();
System.out.println(response.body().string());
}
}
<?php
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "https://api-stg.zimo-pagos.com/v3/deposits",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS =>"{\n \"invoice_id\" : \"100000001\",\n \"amount\": \"100\",\n \"country\": \"BR\",\n \"currency\": \"BRL\",\n \"payment_types\": [\"BANK_TRANSFER\", \"BANK_DEPOSIT\"]\n}\n",
CURLOPT_HTTPHEADER => array(
"X-Login: {{X-Login}}",
"X-Date: {{X-Date}}",
"Authorization: {{Authorization}}",
"X-Idempontency-Key: {{X-Idempotency-Key}}",
"Content-Type: application/json"
),
));
$response = curl_exec($curl);
curl_close($curl);
echo $response;
using System;
using RestSharp;
namespace HelloWorldApplication {
class HelloWorld {
static void Main(string[] args) {
var client = new RestClient("https://api-stg.zimo-pagos.com/v3/deposits");
client.Timeout = -1;
var request = new RestRequest(Method.POST);
request.AddHeader("X-Login", "{{X-Login}}");
request.AddHeader("X-Date", "{{X-Date}}");
request.AddHeader("Authorization", "{{Authorization}}");
request.AddHeader("X-Idempontency-Key", "{{X-Idempotency-Key}}");
request.AddHeader("Content-Type", "application/json");
request.AddParameter("application/json", "{\n \"invoice_id\" : \"100000001\",\n \"amount\": \"100\",\n \"country\": \"BR\",\n \"currency\": \"BRL\",\n \"payment_types\": [\"BANK_TRANSFER\", \"BANK_DEPOSIT\"]\n}\n", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
Console.WriteLine(response.Content);
}
}
}
import http.client
import mimetypes
conn = http.client.HTTPSConnection("api-stg.zimo-pagos.com")
payload = "{\n \"invoice_id\" : \"100000001\",\n \"amount\": \"100\",\n \"country\": \"BR\",\n \"currency\": \"BRL\",\n \"payment_types\": [\"BANK_TRANSFER\", \"BANK_DEPOSIT\"]\n}\n"
headers = {
'X-Login': '{{X-Login}}',
'X-Date': '{{X-Date}}',
'Authorization': '{{Authorization}}',
'X-Idempontency-Key': '{{X-Idempotency-Key}}',
'Content-Type': 'application/json'
}
conn.request("POST", "/v3/deposits", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
payment_method.Field name
Format
Description
checkout_type
String
Field containing the type of the request. [ONE_SHOT, HOSTED]
redirect_url
URL
URL used to redirect the customer to our Hosted Checkout
deposit_id
Number
ID of the deposit on Zimo-Pagos end
user_id
String
ID of the user on your end. If you didn't send it, it is generated by us
merchant_invoice_id
String
ID of the deposit on your end. If you didn't send it, make sure you save it as it is generated auto-generated and may be needed in the future (See )
{
"checkout_type": "HOSTED",
"redirect_url": "https://payin-stg.zimo-pagos.com/validate/eyJhbGciOiJIUR_JErX-j3S1pVaD",
"deposit_id": 300000010,
"user_id": "4-2845801292757825290",
"merchant_invoice_id": "100000001"
}Click here for the error response format.
Field name
Format
Description
code
Number
Error code. See the
description
String
Description of the error
details[]
String
Details about the errors. It is not always shown
type
String
Error code name. It is not always shown. See the
reason_code
Number
Reason code for KYC check failure. See the
reason
String
Reason description for KYC check failure. See the
In case of error due to KYC check, we display two extra fields reason and reason_code. The list of errors can be found here
{
"code": 201,
"description": "Field validation error. Check details",
"details": [
"payer.document: Invalid document type and/or document",
"payer.address.state: Invalid State for Country"
]
}
{
"code": 201,
"description": "Field validation error. Check details",
"details": [
"amount: invalid numeric format",
"country: Invalid value. Accepted values: AR|BR|CL|CM|CN|CO|EC|GH|IN|ID|KE|MY|MX|NG|PA|PE|PH|PY|TH|TZ|UG|UY|VN|ZA"
]
}
{
"code": 502,
"description": "Invalid request body",
"type": "INVALID_REQUEST_BODY"
}
{
"code": 304,
"description": "The user limit has been exceeded: TRANSACTION",
"type": "USER_LIMIT_EXCEEDED"
}
{
"code": 303,
"description": "User rejected after KYC check",
"type": "USER_REJECTED_KYC_CHECK",
"reason": "Underage user detected",
"reason_code": 105
}
{
"code": 201,
"description": "Field validation error. Check details",
"details": [
"invoiceId: must match \"^[A-Za-z0-9-_]*$\""
],
"type": "BEAN_VALIDATION_ERROR"
}
When processing payments to a Cryptocurrency e-wallet, you must send in the request an object called crypto with the currency the wallet address and the network the wallet belongs to. Please click here for more details about the crypto object.
To retrieve the actual exchange of any currency against a cryptocurrency, please use the Crypto Exchange Endpoint.
When a customer pays a crypto transaction, the money is credited directly into the customer's wallet address and not into your merchant balance. After the transaction was paid by the customer, the status of the transaction will be APPROVED while we are transferring the funds to the user's wallet. As soon as the money gets into the user's wallet, the deposit will change to COMPLETED status. Please click here for more information about deposit statuses.
Field name
Format
Description
Default
Validations
country
string (length: 2)
Country code of the deposit in ISO 3166-1 alpha-2 code format
amount
decimal (max decimals: 2)
Deposit amount in the currency specified
Number of up to 18 integers and 2 decimals places
currency
string (length: 3)
Currency code of the amount in ISO 4217 format
USD
invoice_id
string (max length: 128)
Unique deposit ID on the merchant end
random
^[A-Za-z0-9-_]*$
merchant_external_reference
string
Optional parameter to include additional internal information on the merchant end.
request_payer_data_on
_validation_failure
boolean
Boolean used to specify if you want to receive declines by invalid data even if it is not required by the payment method. for more info
false
[true, false]
payer
object[]
Object containing details about the customer
payment_method
string (max length: 3)
Payment method code
payment_type
string
Type of payment methods to show the customer. If null is sent and payment_method is null, "ALL" will be assumed
All
payment_types
array
Same as payment_type but multiple payment methods' types can be specified with an array. I.e.: payment_types: ["BANK_DEPOSIT", "BANK_TRANSFER"]
All
sub_merchant_id
integer
Used to specify for which SubMerchant ID the deposit will be created.
allow_installments
boolean
Used to specify if the credit card deposit can be created with installments. For more info visit this .
false
reported_info
object[]
Object containing details about the bank account from which the deposit will be made. Used in ONE_SHOT mode to auto-detect user's payment
bank_account
object[]
Object containing details about the bank account from which the deposit will be made
expiration
numeric
Used to express, in minutes, how long after its creation the deposit should expire. Cannot be more than the default expiration of the payment method.
Number of up to 5 integers
fee_on_payer
boolean
Choose if the deposit's fee will be paid by the customer or debited from your balance
false
[true, false]
surcharge_on_payer
boolean
Choose if the surcharge will be paid by the customer or debited from your balance
true
[true, false]
bonus_amount
decimal (max decimals: 2)
Used to show the customer a bonus amount. I.e.: amount:100, bonus_amount:50
User will see: Pay 100, receive 150
Number of up to 18 integers and 2 decimals
bonus_relative
boolean
Used to define if the bonus_amount was specified as a percentage of the amount or as an absolute value
false
[true, false]
strikethrough_price
decimal (max decimals: 2)
Used to show the customer a strikethrough amount. I.e.:
Before: 150
Now: 100
Number of up to 18 integers and 2 decimals
description
string (max length: 100)
Deposit description. It will be shown to the customer on our Hosted Checkout as the description of the product to be acquired
String of up to 100 characters
client_ip
string
Valid IPv4 or IPv6 Address
IPv4/v6 Address
device_id
string (max length: 100)
Unique customer's device ID. Used to identify and prevent fraud.
String of up to 100 characters
language
string (length: 2)
Language to show the customer on the deposit page in ISO 639-1 code format. *Not all the languages are available
String of 2 characters [es, en, pt, ja]
back_url
string (max length: 2048)
Valid URL over HTTPS used to redirect the customer in case of a pending (in process) deposit.
HTTPS URL
success_url
string (max length: 2048)
Valid URL over HTTPS used to redirect the customer in case the deposit flow was completed.
HTTPS URL
error_url
string (max length: 2048)
Valid URL over HTTPS used to redirect the customer in case of error while generating the deposit
HTTPS URL
notification_url
string (max length: 2048)
Valid URL over HTTPS used to receive the notifications about the deposit's changes of status. If none is sent, we will use the one configured on the Merchant Panel
HTTPS URL
logo
string (max length: 2048)
Valid URL over HTTPS used to show your logo on our Hosted Checkout Experience. If none is sent, we will use the one configured on the Merchant Panel
HTTPS URL
test
boolean
Used to flag a deposit as test. If true, the deposit will not affect the merchant's balance
false
[true, false]
mobile
boolean
Used to specify if the redirection will be made on a mobile device
false
[true, false]
early_release
boolean
Used to specify if the deposit should be early released. Useful when you want to release payments to your VIP users before it were completed
false
[true, false]
requested_token
boolean
Used to indicate if the checkout_token is needed in the response.
false
[true, false]
The fields bonus_amount, bonus_relative, strikethrough_price, and description only affect our Hosted Checkout GUI and doesn't affect any balance or calculations.
Using the same back_url, success_url and error_url is ok if you want to show your customers with a generic message when being redirected. Even better is to generate one unique link for each deposit for better user experience when being redirected. I.e.: https://www.example.com/deposit/{deposit_id_hashed}/pending
We recommend sending the following flags to prevent declines and improve conversion rates.
The flag mobile is a boolean and has to be sent equal to true if the customer generating the deposit is using a mobile device/application. If not sent it defaults to false.
There are some payment methods that have a different flow on mobile devices compared to the flow on web devices because the payment method doesn't work the same way in those devices. When a deposit gets created as ONE_SHOT, it means the flow is assigned before the user navigates into our website, and therefore, we can't identify if the customer comes from a mobile device or not.
Considering that, if the flag mobile is not sent we could route a mobile user through the web flow, therefore, affecting the ability of the customer to complete the deposit.
The flag request_payer_data_on_validation_failure can be used to prevent the request to be declined in case you send an invalid payer.phone, payer.address.state and/or payer.address.zip_code.
If it is required by the payment method, we will return you with a HOSTED CHECKOUT link where the customer will fill in the incorrect details on our checkout and if the details is not needed by the payment method, it will be ignored and the link for ONE SHOT will be returned.
Example responses:
// With the flag request_payer_data_on_validation_failure = false
// or not sent (it defaults to false)
{
"code": 201,
"description": "Field validation error. Check details",
"details": [
"payer.address.zipCode: Invalid zip code format for Country",
"payer.address.state: Invalid State for Country",
"payer.phone: Invalid phone for Country"
],
"type": "BEAN_VALIDATION_ERROR"
}
// With the flag request_payer_data_on_validation_failure = true
// The payment method requires any of the fields so a Hosted Checkout link
// is returned to collect those
// Typical HOSTED response
{
"checkout_type": "HOSTED",
"redirect_url": "https://payin.zimo-pagos.com/validate/eyJhbGciOiJIUzM4NCJ9.eyJqdGkiOiIzMzg4Mjc3OTIiLCJpYXQiOjE2MTY2MDcyMDIsImV4cCI6MTYxOTE5OTIwMn0.0-_gFW0F0Yk73J8SoAddPUaOrgsKILMVbYa1cZehrF_PEk6cj17dIXDDs6FRjkkd",
"deposit_id": 338827792,
"user_id": "4-1874596909371448397",
"merchant_invoice_id": "postmanTest640841435"
}
// With the flag request_payer_data_on_validation_failure = true
// The fields payer.phone, payer.address.state and payer.address.zip_code are not
// required for the payment method
// Typical ONE_SHOT response
{
"checkout_type": "ONE_SHOT",
"redirect_url": "https://payment.zimo-pagos.com/v1/checkout/eyJhbGciOiJIUzM4NCJ9.eyJqdGkiOiIyMDQxNzcxMjMiLCJpYXQiOjE2MTY2MDY5NzcsImV4cCI6MTYxNzkwMjk3NywibGFuZ3VhZ2UiOiJwdCJ9.sVh4-WAW2Q5lehuDMWXhUuOVQUzqmN_XRrNBDhyOZUb36dWd9a6QX9i-JB_ocjWJ",
"iframe": true,
"deposit_id": 338827003,
"user_id": "4-1874596909371448397",
"merchant_invoice_id": "postmanTest806586134",
"payment_info": {
"type": "BANK_DEPOSIT",
"payment_method": "B",
"payment_method_name": "Bradesco",
"amount": 571.03,
"currency": "BRL",
"expiration_date": "2021-03-24 22:29:37",
"created_at": "2021-03-24 17:29:37",
"metadata": {
"reference": 204177123,
"beneficiary_name": "zimo-pagos LLP",
"account_type": "Conta corrente",
"beneficiary_document_type": "CNPJ",
"agency": "6444",
"bank_url": "http://www.bradesco.com.br/html/classic/index.shtm",
"beneficiary_document": "37.123.123/0001-53",
"account": "49110-3"
}
}
}
id
string (max length: 128)
Customer's ID generated on your end. Used to locate user's transaction on our Merchant Panel
If none is sent, we will autogenerate it
^[A-Za-z0-9]*$
Recommended
document
string (max length: 30)
Customer's document ID. Ensure it is correct and the user can't change it every time he/she deposits
Yes
document_type
string (max length: 10)
Customer's document type. Optional, if sent must be a valid document type
Yes
email
string (max length: 255)
Valid customer's email address
Valid email address
Yes
first_name
string (max length: 128)
Customer's first name
String of up to 128 characters
Yes
last_name
string (max length: 128)
Customer's last_name
String of up to 128 characters
Yes
address
object
Object containing customer's address details
No
phone
string (max length: 32)
Valid customer's phone number
No
birth_date
string (max length: 8)
Customer's birthdate in format yyyyMMdd. E.g.: 19801027
Numeric format expected: yyyyMMdd
No
registration_date
string (max length: 8)
Customer's registration date in your website in UTC with format yyyyMMdd. E.g.: 20211123
Numeric format expected: yyyyMMdd
No
Field name
Format
Description
Validations
street
string (max length: 255)
Customer's street
String of up to 255 characters
city
string (max length: 128)
Customer's city
String of up to 128 characters
state
string (max length: 3)
Customer's state code in
Valid state code in format. Check our
zip_code
string (max length: 16)
Customer's zip code
This object will be used to auto-detect the user payment in our bank extracts.
This information is mandatory for some payment methods if you would like to use the ONE_SHOT experience by building your own cashiers with the metadata. If not sent, we will ask the customer for it on our hosted payment page.
If used with the redirect flows, we will automatically populate the fields with the information sent.
Field name
Format
Description
Validations
bank_account_number
string (max length: 45)
Bank account number of the customer
String of up to 45 characters
bank_branch
string (max length: 45)
Bank branch of the customer's bank account
String of up to 45 characters
bank_beneficiary
string (max length: 255)
Bank account owner name
String of up to 255 characters
bank_account_type
string (max length: 16)
Bank account type of the customer
See in the below table the list of fields required for each payment method.
Country
Payment Method Code
Payment Method Name
Field Mask
Field Regex
Field Name
BR
CA
Caixa
bank_account_type
BR
SJ
Sicredi
^[^\d\s]{2,30}(\s[^\d\s]{2,30})+$
bank_beneficiary
BR
B
Bradesco
^[^\d\s]{2,30}(\s[^\d\s]{2,30})+$
bank_beneficiary
BR
SF
Banco Safra
^[^\d\s]{2,30}(\s[^\d\s]{2,30})+$
bank_beneficiary
BR
BB
Banco Brasil
00000000000-A
^\d{1,11}-[\da-zA-Z]$
bank_account_number
BR
BB
Banco Brasil
0000-A
^\d{1,4}(-[\da-zA-Z])?$
bank_branch
BR
BZ
Banco Original
0000
^\d{1,4}?$
bank_branch
BR
CA
Caixa
0000
^\d{1,4}?$
bank_branch
BR
BZ
Banco Original
000000000-0
^\d{1,9}-\d$
bank_account_number
BR
CA
Caixa
000000000-0
^\d{1,14}-\d$
bank_account_number
CL
IA
Itau
^[^\d\s]{2,30}(\s[^\d\s]{2,30})+$
bank_beneficiary
CL
SC
Santander
^[^\d\s]{2,30}(\s[^\d\s]{2,30})+$
bank_beneficiary
CL
TY
Security
^[^\d\s]{2,30}(\s[^\d\s]{2,30})+$
bank_beneficiary
PA
DI
Credicorp
^[^\d\s]{2,30}(\s[^\d\s]{2,30})+$
bank_beneficiary
PE
BC
BCP
^[^\d\s]{2,30}(\s[^\d\s]{2,30})+$
bank_beneficiary
PE
IB
InterBank
^[^\d\s]{2,30}(\s[^\d\s]{2,30})+$
bank_beneficiary
This object will be used to specify that the deposit will be credited into a crypto e-wallet.
Field name
Format
Description
Validations
currency
string (max length: 10)
Symbol of the Cryptocurrency
wallet
string (max length: 128)
Address of the payer's crypto e-wallet
String of up to 128 characters
network
string (max length: 12)
Network of the wallet
Valid network symbol
Binance USD
BUSD
DAI
DAI
RIF Dollar
RDOC
Tether
USDT
USD Coin
USDC
AVAX C-Chain
AVAXC
BNB Beacon Chain
BEP2
BNB Smart Chain
BEP20
Ethereum
ERC20
Polygon
Polygon
Solana
Solana
Tron
TRC20
Tezos
Tezos
RSK
RSK
For other networks not in that list please reach out to your Account Manager.
Click on the link below to learn about our Payment Methods and the fields required for each of them:
Media type of the body sent to the API.
application/jsonISO8601 Datetime with Timezone: yyyy-MM-dd'T'HH:mm:ssZ
Merchant X-Login API Key.
Authorization control hash.
Unique idempotency key for ensuring that the same request is not processed more than once.
Country of the deposit.
Amount of the deposit.
Unique deposit ID on your side.
Currency of the deposit.
Flag specifying if you want to ignore errors because of invalid phone, zip_code and/or city's state.
Object containing details about the customer. See 'Payer object' section for details.
Payment method code.
Array of payment methods' types to show the customer on our Hosted Checkout.
Object containing details about the bank account from which the deposit will be made. Used in ONE_SHOT mode to auto-detect user's payment.
Object containing details about the customer's bank account. Used to enforce a close-loop policy.
Used to show the customer a bonus amount (Pay 100, receive 120).
Used to define if the bonus_amount was specified as an absolute value or as a percentage.
Used to show the customer a strikethrough amount.
Description of the deposit.
Valid IPv4/6 Address of the customer.
Unique customer's device ID created using our JS library.
Language of the view page.
HTTPS URL used to redirect the customer in case of cancelling the deposit.
HTTPS URL used to redirect the customer in case of success.
HTTPS URL used to redirect the customer in case of error while generating the payment.
HTTPS URL used to send the notifications about deposit's change of status.
HTTPS URL used as the Merchant logo on our cashier page.
Used to mark a deposit as test. If true, the deposit will not affect the merchant's balance.
Used to specify if the redirection will be made on a mobile device.
Used to specify if the deposit should be released earlier.
Used to specify if you want to let the customer assume the deposit fee.
Successful creation of the transaction
Field validation error. Check details
POST /v3/deposits HTTP/1.1
Host: api-stg.zimo-pagos.com
Content-Type: application/json
X-Date: 2025-08-15T00:11:05.297Z
X-Login: text
Authorization: text
Accept: */*
Content-Length: 760
{
"invoice_id": "1000000001",
"amount": "1000",
"country": "AR",
"currency": "ARS",
"payer": {
"id": "11",
"document": "40947043",
"first_name": "Ricardo",
"last_name": "Carlos",
"email": "[email protected]",
"phone": "+44113923542",
"address": {
"street": "Jujuy",
"city": "Buenos Aires",
"state": "BA",
"zip_code": 1890
}
},
"payment_method": "BL",
"description": "test description",
"client_ip": "123.123.123.123",
"device_id": "00000000-00000000-01234567-89ABCDEF",
"back_url": "https://www.zimo-pagos.com/deposit_cancelled",
"success_url": "https://www.zimo-pagos.com/deposit_completed",
"error_url": "https://www.zimo-pagos.com/deposit_error",
"notification_url": "https://www.zimo-pagos.com/zimo/notify",
"logo": "https://www.zimo-pagos.com/zimo-pagos.png",
"test": true,
"mobile": false,
"language": "es"
}{
"checkout_type": "ONE_SHOT",
"redirect_url": "https://checkout-stg.zimo-pagos.com/v1/gateway/show?id_payment=56578849&signature=fff0e0a6a98066c19caf",
"deposit_id": 300000025,
"user_id": "11",
"merchant_invoice_id": "postmanTest943044826",
"payment_info": {
"type": "BANK_DEPOSIT",
"payment_method": "BB",
"payment_method_name": "Bank Transfer",
"amount": 500.99,
"currency": "ARS",
"expiration_date": "2020-06-17 07:04:16",
"created_at": "2020-06-16 19:04:16",
"metadata": {
"beneficiary_name": "Zimo-Pagos LLP",
"agency": "000-0",
"account": 2.850590940090418e+21
}
}
}