Skip to main content
POST

Secret Key & Private Key (Generate Signature)

Body

application/json
appId
integer
required

Business ID (obtained from the backend, must correspond to the currency in the URL)

orderId
string
required

Merchant Order Number

Maximum string length: 48
name
string
required

Payer's Name (format: English letters, spaces allowed, 1–30 characters, "firstName middleName lastName"; middleName optional; special characters allowed: '.-)

Required string length: 1 - 30
Pattern: ^[A-Za-z\s'.\-]+$
phone
string
required

Valid phone number

email
string<email>
required

Valid email address

amount
string
required

Transaction Amount (unit: Mex$, precise to two decimal places; do not use punctuation such as ",")

Pattern: ^\d+\.\d{2}$
payType
enum<string>
required

Payment Method: QR (Barcode Payment) or VA (Virtual Account)

Available options:
QR,
VA
inBankCode
string
required

Collection Code. When payType is QR, inBankCode supports: OXXO, CASH payment methods; when payType is VA, inBankCode is CLABE

callBackUrl
string<uri>
required

Redirect URL after successful payment

callBackFailUrl
string<uri>
required

Redirect URL after failed payment

partnerUserId
string
required

Unique User Identifier (e.g., userId), used for risk control. Must be valid; otherwise, the transaction may be affected. Allowed format: numbers, letters, or common symbols -~!@#$%&*()_.

Pattern: ^[A-Za-z0-9\-~!@#$%&*()_]+$
sign
string
required

Signature

cancelUrl
string<uri>

Cancel payment redirect URL. If provided, users can click back on the payment page and be redirected to this URL

notifyUrl
string<uri>

Callback URL

subject
string

Payment Note (transaction title, product name, payment reason)

body
string

Additional Details

Response

200 - application/json
status
string

1: Normal, 0: Exception

error
string

Error code

msg
string

Error description

data
object
Last modified on July 16, 2026