PayBoom API Reference v1.0

Unified REST API for payment processing in Mexico. Integrates multiple payment processors under a single technical interface: bank transfers, cash and in-store payments, referenced deposits, and credit/debit cards with 3D Secure support.

API REST unificada para procesamiento de pagos en Mexico. Integra multiples procesadores de pago bajo una sola interfaz tecnica: transferencias bancarias, pagos en efectivo y ventanilla, depositos referenciados, y tarjetas de credito/debito con soporte para 3D Secure.

Django 5.1 REST API MySQL Bearer Auth

Base URL

https://api.payboom.io

Quick Start

Get your API Key
Request your integration credentials. You will receive an api_key with format pb_ak_... and a MID (Merchant ID).

Obtener tu API Key
Solicita tus credenciales de integracion. Recibiras un api_key con formato pb_ak_... y un MID (Merchant ID).
Choose a payment method
Use POST /directbank for transfers and cash, or POST /directcard for credit/debit cards.

Elegir metodo de pago
Usa POST /directbank para transferencias y efectivo, o POST /directcard para tarjetas de credito/debito.
Redirect the payer
For DirectBank, redirect the user to the URL received in bank_response.url. For DirectCard, process the response or redirect to the 3DS challenge.

Redirigir al pagador
Para DirectBank, redirige al usuario a la URL recibida en bank_response.url. Para DirectCard, procesa la respuesta o redirige al challenge 3DS.
Receive notification
PayBoom will send a POST to your notifyUrl when the payment changes state.

Recibir notificacion
PayBoom enviara un POST a tu notifyUrl cuando el pago cambie de estado.

Architecture

Arquitectura

Your MerchantTu Comercio

→

PayBoom API

→

Bank TransferTransferencia Bancaria

In-Store PaymentPago en Ventanilla

Cash PaymentPago en Efectivo

Credit/Debit CardTarjeta de Credito/Debito

Your merchant integrates a single API. PayBoom routes to the corresponding processor based on the bank_code. Check the bank directory for available codes.

Tu comercio integra una sola API. PayBoom enruta al procesador correspondiente segun el bank_code. Consulta el directorio de bancos para obtener los codigos disponibles.

Authentication

Autenticacion

All endpoints require authentication via a Bearer Token in the Authorization header.

Todos los endpoints requieren autenticacion via Bearer Token en el header Authorization.

HTTP Header

Authorization: Bearer pb_ak_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

API Key FormatFormato del API Key PayBoom API Keys follow the format pb_ak_ followed by 48 URL-safe alphanumeric characters. The API Key must have Active status to be valid. Las API Keys de PayBoom siguen el formato pb_ak_ seguido de 48 caracteres alfanumericos URL-safe. El API Key debe tener estado Activo para ser valido.

Permissions per Bank

Permisos por Banco

Each API Key has specific permissions per payment processor (bank_code). If you try to use a processor without permission, you will receive a 403 error.

Cada API Key tiene permisos especificos por procesador de pago (bank_code). Si intentas usar un procesador sin permiso, recibiras un error 403.

JSON — 403 Forbidden

{
  "error": "Unauthorized for this bank code",
  "status": 403
}

JSON — 401 Unauthorized

{
  "error": "Invalid or missing API key"
}

Direct Bank — Transfers & Cash

Direct Bank — Transferencias y Efectivo

The /directbank endpoint allows creating payments through methods other than card: bank transfers, in-store payments, referenced deposits, and cash payments. Each service is activated with a different bank_code.

El endpoint /directbank permite crear pagos a traves de metodos alternativos a la tarjeta: transferencias bancarias, pagos en ventanilla, depositos referenciados y pagos en efectivo. Cada servicio se activa con un bank_code diferente.

Payment Channels

Canales de Pago

PayBoom supports several payment channels through /directbank. The channel is determined by the bank_code you send in the request.

PayBoom soporta diversos canales de pago a traves de /directbank. El canal se determina por el bank_code que envies en el request.

ChannelCanal	DescriptionDescripcion	User experienceExperiencia del usuario
Bank TransferTransferencia bancaria	Payment via interbank transfer. Available 24/7.Pago via transferencia interbancaria. Disponible 24/7.	The user receives a CLABE and bank details to transfer from their online banking or mobile app.El usuario recibe una CLABE y datos bancarios para transferir desde su banca en linea o app movil.
In-Store / Cash PaymentPago en ventanilla / efectivo	Cash payment at authorized physical points (convenience stores, retail chains).Pago en efectivo en puntos fisicos autorizados (tiendas de conveniencia, cadenas comerciales).	The user receives a barcode or payment reference to present at the store.El usuario recibe un codigo de barras o referencia de pago que presenta en la tienda.
Referenced DepositDeposito referenciado	Bank deposit with a unique assigned reference.Deposito bancario con referencia unica asignada.	The user makes a deposit at a bank counter or transfer using the provided reference.El usuario realiza un deposito en ventanilla bancaria o transferencia con la referencia proporcionada.

Bank DirectoryDirectorio de bancos Check the GET /banks endpoint to get the full list of bank_code values available to your merchant, with their channels and description. Each code activates a specific rule engine and user flow. Consulta el endpoint GET /banks para obtener el listado completo de bank_code disponibles para tu comercio, con sus canales y descripcion. Cada codigo activa un motor de reglas y flujo de usuario especifico.

POST /directbank Create payment by transfer or cashCrear pago por transferencia o efectivo

Auth: Authorization: Bearer {api_key}

Request Body

FieldCampo	TypeTipo	RequiredRequerido	DescriptionDescripcion
bank_code	string	*	Payment service code. Check the bank directory (`GET /banks`) for available codes.Codigo del servicio de pago. Consulta el directorio de bancos (`GET /banks`) para obtener los codigos disponibles.
amount	number	*	Total transaction amountMonto total de la transaccion
mchOrderNo	string	*	Your merchant's unique order IDID unico de orden de tu comercio
currency	string	*	Currency. Must be `"MXN"`Moneda. Debe ser `"MXN"`
notifyUrl	string	*	URL where PayBoom will send the payment status notificationURL donde PayBoom enviara la notificacion del estado del pago
shopper	object	*	Payer information (see shopper object below)Informacion del pagador (ver objeto shopper abajo)

shopper object

Objeto shopper

FieldCampo	TypeTipo	DescriptionDescripcion
first_name	string	Buyer's first name(s)Nombre(s) del comprador
last_names	string	Buyer's last namesApellidos del comprador
phone_number	string	Phone numberNumero de telefono
tax_id_type	string	Tax ID type (e.g. CURP, RFC)Tipo de identificacion fiscal (e.g. CURP, RFC)
tax_id	string	Buyer's tax IDIdentificacion fiscal del comprador

Additional optional fields

Campos opcionales adicionales

Some processors may require additional fields. Check the bank directory for the specific fields of each bank_code.

Algunos procesadores pueden requerir campos adicionales. Consulta el directorio de bancos para conocer los campos especificos de cada bank_code.

FieldCampo	TypeTipo	DescriptionDescripcion
email	string	Buyer's emailEmail del comprador
country_code	string	Country code (e.g. `"MX"`)Codigo de pais (e.g. `"MX"`)
bank_id	string	Destination bank ID (when applicable)ID del banco destino (cuando aplica)
payment_ok_url	string	Redirect URL on successURL de redireccion en caso de exito
payment_error_url	string	Redirect URL on errorURL de redireccion en caso de error
expiration_time_minutes	number	Expiration time in minutes (default: 2880)Tiempo de expiracion en minutos (default: 2880)

JSON

{
  "bank_code": "1001",
  "amount": 500.00,
  "mchOrderNo": "ORD-2026-00123",
  "currency": "MXN",
  "notifyUrl": "https://mi-sitio.com/webhook/payboom",
  "shopper": {
    "first_name": "Juan",
    "last_names": "Perez Lopez",
    "phone_number": "5551234567",
    "tax_id_type": "CURP",
    "tax_id": "PELJ900101HDFRPN09"
  }
}

JSON — 200 OK

{
  "success": true,
  "payboom_reference": "pb_20260415120530123_93dfbb",
  "mchOrderNo": "ORD-2026-00123",
  "amount": 500.00,
  "currency": "MXN",
  "notifyUrl": "https://mi-sitio.com/webhook/payboom",
  "bank_response": {
    "resCode": "SUCCESS",
    "url": "https://payment.sipelatam.mx/pay/order/12345"
  }
}

cURL

curl -X POST https://api.payboom.io/directbank \
  -H "Authorization: Bearer pb_ak_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "bank_code": "1001",
    "amount": 500.00,
    "mchOrderNo": "ORD-2026-00123",
    "currency": "MXN",
    "notifyUrl": "https://mi-sitio.com/webhook/payboom",
    "shopper": {
      "first_name": "Juan",
      "last_names": "Perez Lopez",
      "phone_number": "5551234567",
      "tax_id_type": "CURP",
      "tax_id": "PELJ900101HDFRPN09"
    }
  }'

Key field: bank_response.urlCampo clave: bank_response.url Redirect the user to this URL to complete the payment. Depending on the channel, they will see bank transfer details, a barcode for cash payment, or referenced deposit instructions. Redirige al usuario a esta URL para que complete el pago. Segun el canal, vera datos de transferencia bancaria, un codigo de barras para pago en efectivo, o instrucciones de deposito referenciado.

Errors

Errores

CodeCodigo	DescriptionDescripcion
400	Missing required fields, invalid currency, or inactive bankCampos requeridos faltantes, moneda invalida o banco inactivo
401	Invalid or missing API KeyAPI Key invalida o ausente
403	No permission for the requested `bank_code`Sin permiso para el `bank_code` solicitado
500	Payment provider errorError del proveedor de pago
501	Bank integration not implementedIntegracion del banco no implementada

Payment Flow

Flujo de Pago

Regardless of the payment channel, the flow always follows the same pattern:

Independientemente del canal de pago, el flujo siempre sigue el mismo patron:

          1. Your backend makes POST /directbank with the corresponding bank_codeTu backend hace POST /directbank con el bank_code correspondiente
        
          2. PayBoom returns bank_response.url with the payment page for the selected channelPayBoom retorna bank_response.url con la pagina de pago del canal seleccionado
        
          3. Redirect the user to the URL → depending on the channel, they will see transfer details, a barcode, a deposit reference, etc.Redirige al usuario a la URL → segun el canal, vera datos de transferencia, un codigo de barras, una referencia de deposito, etc.
        
          4. When the payment is confirmed, PayBoom sends a POST to your notifyUrl with status APPROVEDCuando el pago es confirmado, PayBoom envia POST a tu notifyUrl con status APPROVED

Bank DirectoryDirectorio de bancos Check GET /banks to get the full list of bank_code values available to your merchant. The directory includes the channel, service name, and status of each processor. Consulta GET /banks para obtener la lista completa de bank_code disponibles para tu comercio. El directorio incluye el canal, nombre del servicio y estado de cada procesador.

Webhooks — Payment Notifications

Webhooks — Notificaciones de Pago

When a payment's status changes, PayBoom sends a POST to the URL you specified in notifyUrl. Never assume a payment was successful based on the redirect; always wait for the webhook confirmation.

Cuando el estado de un pago cambia, PayBoom envia un POST a la URL que especificaste en notifyUrl. Nunca asumas que un pago fue exitoso por la redireccion; espera siempre la confirmacion del webhook.

JSON — Notification to merchantJSON — Notificacion al comercio

{
  "payboom_reference": "pb_20260415120530123_93dfbb",
  "mchOrderNo": "ORD-2026-00123",
  "status": "APPROVED",
  "amount": "500.00",
  "currency": "MXN",
  "provider_reference": "PROVIDER-TX-789456",
  "bank_code": "1001",
  "authorization": "AUTH123456"
}

Signature verificationVerificacion de firmas PayBoom validates the cryptographic signature of each provider notification before processing it. Your notifyUrl endpoint must respond with HTTP 200 to confirm receipt. PayBoom valida la firma criptografica de cada notificacion del proveedor antes de procesarla. Tu endpoint notifyUrl debe responder con HTTP 200 para confirmar recepcion.

Direct Card — Card Payments

Direct Card — Pagos con Tarjeta

The /directcard endpoint allows processing credit and debit card payments. There are two possible payment flows:

El endpoint /directcard permite procesar pagos con tarjeta de credito y debito. Existen dos flujos de pago posibles:

FlowFlujo	DescriptionDescripcion	ResponseRespuesta
Authorization & CaptureAutorizacion y Captura	Traditional payment where authorization and capture happen in the same request. Immediate response.Pago tradicional donde la autorizacion y captura se realizan en el mismo request. Respuesta inmediata.	`APPROVED` oro `DECLINED`
3D Secure (3DS)	Payment with issuer-bank authentication. Requires user redirect to complete a challenge (OTP, biometrics, etc.).Pago con autenticacion del banco emisor. Requiere redireccion del usuario para completar un challenge (OTP, biometria, etc.).	`PENDING` + `redirect_url`

Bank DirectoryDirectorio de bancos Check GET /banks for the bank_code values available for card payments in your merchant. The flow type (traditional or 3DS) depends on the processor assigned to each bank_code.Consulta GET /banks para obtener los bank_code disponibles para pagos con tarjeta en tu comercio. El tipo de flujo (tradicional o 3DS) depende del procesador asignado a cada bank_code.

Restricted hoursHorario restringido Card transactions are blocked between 1:00 AM and 5:59 AM (CDMX time). Payments sent during that window are automatically rejected with code P07.Las transacciones con tarjeta se bloquean entre 1:00 AM y 5:59 AM (hora CDMX). Pagos enviados en ese horario seran rechazados automaticamente con codigo P07.

POST /directcard Create payment with credit/debit cardCrear pago con tarjeta de credito/debito

Auth: Authorization: Bearer {api_key}

Request Body

FieldCampo	TypeTipo	RequiredRequerido	DescriptionDescripcion
bank_code	string	*	Card processor code. Check the bank directory (`GET /banks`).Codigo del procesador de tarjetas. Consulta el directorio de bancos (`GET /banks`).
amount	number	*	Total transaction amountMonto total de la transaccion
id	string	*	Your merchant's unique order ID (returned as `mchOrderNo`)ID unico de orden de tu comercio (se devuelve como `mchOrderNo`)
currency	string	*	ISO 4217 currency (e.g. `"MXN"`). Supported currency depends on the `bank_code`.Moneda ISO 4217 (e.g. `"MXN"`). La moneda soportada depende del `bank_code`.
notifyUrl	string	*	URL to receive the result notificationURL para recibir la notificacion del resultado
email	string	*	Cardholder emailEmail del tarjetahabiente
card	object	*	Card data (see card object)Datos de la tarjeta (ver objeto card)
shopper	object	*	Buyer data (see shopper object)Datos del comprador (ver objeto shopper)
description	string	optionalopcional	Transaction descriptionDescripcion de la transaccion
successUrl	string	optionalopcional	Redirect URL after successful payment (required for 3DS)URL de redireccion tras pago exitoso (necesaria para 3DS)
errorUrl	string	optionalopcional	Redirect URL after failed payment (required for 3DS)URL de redireccion tras pago fallido (necesaria para 3DS)
term_url_3ds	string	optionalopcional	3DS terminal URL (overrides `successUrl` for 3DS redirects)URL terminal 3DS (sobreescribe `successUrl` para redirects 3DS)

card object

Objeto card

FieldCampo	TypeTipo	RequiredRequerido	DescriptionDescripcion
holderName	string	*	Cardholder name as it appears on the cardNombre del tarjetahabiente tal como aparece en la tarjeta
cardNumber	string	*	Full card number (PAN)Numero completo de la tarjeta (PAN)
expiryYear	string	*	Expiration year (4 digits, e.g. `"2028"`)Ano de expiracion (4 digitos, e.g. `"2028"`)
expiryMonth	string	*	Expiration month (1-12, e.g. `"12"`)Mes de expiracion (1-12, e.g. `"12"`)
cvv	string	*	Security code (CVV/CVC)Codigo de seguridad (CVV/CVC)

shopper object

Objeto shopper

FieldCampo	TypeTipo	RequiredRequerido	DescriptionDescripcion
first_name	string	*	Buyer's first nameNombre del comprador
last_name	string	*	Buyer's last nameApellido del comprador
phone	string	*	Buyer's phoneTelefono del comprador
state	string	*	State/provinceEstado/provincia
city	string	*	CityCiudad
address	string	*	Full addressDireccion completa
postal_code	string	*	Postal codeCodigo postal
customer_ip	string	*	Buyer's IP addressDireccion IP del comprador
country	string	optionalopcional	Country code (e.g. `"MX"`)Codigo de pais (e.g. `"MX"`)

CurrencyMoneda The accepted currency depends on the processor assigned to the bank_code. Check the bank directory for the supported currency. If you send an incorrect currency you will receive a 400 error.La moneda aceptada depende del procesador asignado al bank_code. Consulta el directorio de bancos para verificar la moneda soportada. Si envias una moneda incorrecta recibiras un error 400.

Authorization & Capture (Traditional Payment)

Autorizacion y Captura (Pago Tradicional)

In the traditional flow, authorization and capture are done in a single request. The response is immediate: APPROVED or DECLINED. No user redirect required.

En el flujo tradicional, la autorizacion y captura se realizan en un solo request. La respuesta es inmediata: APPROVED o DECLINED. No requiere redireccion del usuario.

          1. Your backend makes POST /directcard with card and buyer dataTu backend hace POST /directcard con datos de tarjeta y comprador
        
          2. PayBoom validates the card, verifies permissions, and runs velocity checksPayBoom valida la tarjeta, verifica permisos y ejecuta chequeos de velocidad
        
          3. Returns an immediate response with status: "APPROVED" or "DECLINED"Retorna respuesta inmediata con status: "APPROVED" o "DECLINED"

JSON — Authorization & CaptureJSON — Autorizacion y Captura

{
  "bank_code": "{bank_code}",
  "amount": 299.99,
  "id": "ORD-CARD-001",
  "currency": "MXN",
  "notifyUrl": "https://mi-sitio.com/webhook/card",
  "email": "juan@email.com",
  "card": {
    "holderName": "JUAN PEREZ LOPEZ",
    "cardNumber": "4111111111111111",
    "expiryYear": "2028",
    "expiryMonth": "12",
    "cvv": "123"
  },
  "shopper": {
    "first_name": "Juan",
    "last_name": "Perez",
    "phone": "5551234567",
    "state": "CDMX",
    "city": "Ciudad de Mexico",
    "address": "Av. Reforma 222, Col. Juarez",
    "postal_code": "06600",
    "customer_ip": "189.203.45.67",
    "country": "MX"
  }
}

JSON — 200 OK (Approved)JSON — 200 OK (Aprobada)

{
  "success": true,
  "status": "APPROVED",
  "authorization": "AUTH789456",
  "payboom_reference": "pb_20260415130045789_a1b2c3",
  "mchOrderNo": "ORD-CARD-001",
  "provider_reference": "PROVIDER-TX-123456",
  "amount": "299.99",
  "currency": "MXN",
  "notifyUrl": "https://mi-sitio.com/webhook/card",
  "redirect_url": "",
  "bank_response": {
    "resp_code": "00",
    "description": "Transaccion aprobada"
  }
}

JSON — 200 (Declined)JSON — 200 (Rechazada)

{
  "success": false,
  "status": "DECLINED",
  "authorization": "",
  "payboom_reference": "pb_20260415130050123_d4e5f6",
  "mchOrderNo": "ORD-CARD-002",
  "provider_reference": "",
  "amount": "299.99",
  "currency": "MXN",
  "notifyUrl": "https://mi-sitio.com/webhook/card",
  "redirect_url": "",
  "bank_response": {
    "resp_code": "51",
    "description": "Fondos insuficientes"
  }
}

3D Secure (3DS) Payment

Pago con 3D Secure (3DS)

Some processors require 3D Secure authentication. When the processor determines issuer-bank verification is needed, the response includes a redirect_url where you must redirect the user to complete the challenge.

Algunos procesadores requieren autenticacion 3D Secure. Cuando el procesador determina que se necesita verificacion del banco emisor, la respuesta incluye un redirect_url al que debes redirigir al usuario para completar el challenge.

Required fields for 3DSCampos requeridos para 3DS When using 3DS processors, it's important to include successUrl and errorUrl in the request. These URLs are used to redirect the user after the 3DS challenge.Cuando uses procesadores con 3DS, es importante incluir successUrl y errorUrl en el request. Estas URLs se usan para redirigir al usuario despues del challenge 3DS.

          1. Your backend makes POST /directcard with card data + successUrl + errorUrlTu backend hace POST /directcard con datos de tarjeta + successUrl + errorUrl
        
          2. PayBoom returns status: "PENDING" and a redirect_url → redirect the user therePayBoom retorna status: "PENDING" y un redirect_url → redirige al usuario ahi
        
          3. The user completes the 3DS challenge on the issuer bank's page (OTP, biometrics, etc.)El usuario completa el challenge 3DS en la pagina del banco emisor (OTP, biometria, etc.)
        
          4. The bank redirects to PayBoom's callback, which verifies the result and updates the transactionEl banco redirige al callback de PayBoom, que verifica el resultado y actualiza la transaccion
        
          5. PayBoom redirects the user to your successUrl or errorUrl and sends POST to notifyUrlPayBoom redirige al usuario a tu successUrl o errorUrl y envia POST a notifyUrl

JSON — 3DS RequestJSON — Request 3DS

{
  "bank_code": "{bank_code}",
  "amount": 1500.00,
  "id": "ORD-3DS-001",
  "currency": "MXN",
  "notifyUrl": "https://mi-sitio.com/webhook/card",
  "email": "cliente@email.com",
  "successUrl": "https://mi-sitio.com/pago-exitoso",
  "errorUrl": "https://mi-sitio.com/pago-error",
  "card": {
    "holderName": "CARLOS RODRIGUEZ",
    "cardNumber": "5500000000000004",
    "expiryYear": "2027",
    "expiryMonth": "06",
    "cvv": "456"
  },
  "shopper": {
    "first_name": "Carlos",
    "last_name": "Rodriguez",
    "phone": "5559876543",
    "state": "Jalisco",
    "city": "Guadalajara",
    "address": "Av. Vallarta 1234",
    "postal_code": "44100",
    "customer_ip": "201.141.78.90",
    "country": "MX"
  }
}

JSON — 200 (Redirect to 3DS)JSON — 200 (Redirect a 3DS)

{
  "success": true,
  "status": "PENDING",
  "authorization": "",
  "payboom_reference": "pb_20260415140012345_x1y2z3",
  "mchOrderNo": "ORD-3DS-001",
  "provider_reference": "PROVIDER-EXT-789",
  "amount": "1500.00",
  "currency": "MXN",
  "notifyUrl": "https://mi-sitio.com/webhook/card",
  "redirect_url": "https://procesador.com/3ds/challenge/PROVIDER-EXT-789",
  "bank_response": {
    "status": "REDIRECT",
    "external_id": "PROVIDER-EXT-789",
    "redirection_url": "https://procesador.com/3ds/challenge/PROVIDER-EXT-789"
  }
}

Action requiredAccion requerida When status is "PENDING" and there is a redirect_url, you must redirect the user to that URL to complete the 3DS challenge. Do not consider the payment approved until you receive the notification at notifyUrl.Cuando status es "PENDING" y hay un redirect_url, debes redirigir al usuario a esa URL para que complete el challenge 3DS. No consideres el pago como aprobado hasta recibir la notificacion en notifyUrl.

JSON — Webhook notifyUrl (POST)

{
  "payboom_reference": "pb_20260415140012345_x1y2z3",
  "mchOrderNo": "ORD-3DS-001",
  "status": "APPROVED",
  "amount": "1500.00",
  "currency": "MXN",
  "provider_reference": "PROVIDER-EXT-789",
  "bank_code": "{bank_code}",
  "authorization": "AUTH-3DS-456"
}

State Flow — 3DS

Flujo de estados — 3DS

POST /directcard

↓

PENDING + redirect_url

↓

User completes 3DS challengeUsuario completa challenge 3DS

↓

successexito

APPROVED

→ successUrl

failurefallo

DECLINED

→ errorUrl

Webhooks & Callbacks (Cards)

Webhooks y Callbacks (Tarjetas)

PayBoom handles two notification mechanisms for card payments:

PayBoom maneja dos mecanismos de notificacion para pagos con tarjeta:

MechanismMecanismo	DescriptionDescripcion	UseUso
notifyUrl (Webhook)	Async POST to merchant backend with the final resultPOST asincrono al backend del comercio con el resultado final	Update the order status in your databaseActualizar el estado de la orden en tu base de datos
successUrl / errorUrl (Callback)	User browser redirect after 3DSRedireccion del navegador del usuario tras el 3DS	Show a confirmation or error page to the userMostrar al usuario una pagina de confirmacion o error

Critical securitySeguridad critica Never rely solely on the redirect to successUrl to confirm a payment. A malicious user could manually navigate to that URL. Always verify the real payment status using the notifyUrl webhook.Nunca confies solo en la redireccion a successUrl para confirmar un pago. Un usuario malintencionado podria navegar manualmente a esa URL. Siempre verifica el estado real del pago usando el webhook notifyUrl.

/directcard endpoint errors

Errores del endpoint /directcard

HTTP CodeCodigo HTTP	DescriptionDescripcion
400	Missing required fields, expired card, invalid JSON, or wrong currency for the processorCampos requeridos faltantes, tarjeta expirada, JSON invalido o moneda incorrecta para el procesador
401	Invalid or missing API KeyAPI Key invalida o ausente
403	No permission for the requested `bank_code`Sin permiso para el `bank_code` solicitado
429	Velocity check failed (too many attempts with the same card)Chequeo de velocidad fallido (demasiados intentos con la misma tarjeta)
500	Payment provider errorError del proveedor de pago
501	Bank integration not implementedIntegracion del banco no implementada

Cancel & RefundCancelar y Reembolsar

The cancel and refund endpoints allow reversing approved transactions. Availability of these operations depends on the processor assigned to each bank_code.

Los endpoints de cancelacion y reembolso permiten revertir transacciones aprobadas. La disponibilidad de estas operaciones depende del procesador asignado a cada bank_code.

POST /cancel Cancel an approved transactionCancelar una transaccion aprobada

Auth: Authorization: Bearer {api_key}

Request Body

FieldCampo	TypeTipo	RequiredRequerido	DescriptionDescripcion
payboom_reference	string	*	PayBoom reference of the original transactionReferencia PayBoom de la transaccion original
amount	number	*	Amount to cancelMonto a cancelar

JSON

{
  "payboom_reference": "pb_20260415130045789_a1b2c3",
  "amount": 299.99
}

JSON — 200 OK

{
  "success": true,
  "status": "CANCELLED",
  "payboom_reference": "pb_20260415150012345_new123",
  "original_payboom_reference": "pb_20260415130045789_a1b2c3",
  "provider_reference": "CANCEL-TX-789",
  "amount": 299.99,
  "bank_response": {}
}

ValidationsValidaciones The original transaction must belong to the authenticated merchant, have status APPROVED, SETTLED, or APROBADA, and have a provider reference.La transaccion original debe pertenecer al comercio autenticado, tener status APPROVED, SETTLED o APROBADA, y contar con una referencia del proveedor.

POST /refund Refund an approved transactionReembolsar una transaccion aprobada

Auth: Authorization: Bearer {api_key}

Same format as /cancel. The main difference is that some processors use a dedicated refund endpoint that may be available starting the day after the transaction.

Mismo formato que /cancel. La diferencia principal es que algunos procesadores usan un endpoint dedicado de reembolso que puede estar disponible a partir del dia siguiente a la transaccion.

FieldCampo	TypeTipo	RequiredRequerido	DescriptionDescripcion
payboom_reference	string	*	PayBoom reference of the original transactionReferencia PayBoom de la transaccion original
amount	number	*	Amount to refundMonto a reembolsar

AvailabilityDisponibilidad Not all processors support cancellation and refund. Some processors only allow same-day cancellations and next-day refunds. Check the bank directory to verify the available operations for each bank_code.No todos los procesadores soportan cancelacion y reembolso. Algunos procesadores solo permiten cancelaciones el mismo dia y reembolsos a partir del dia siguiente. Consulta el directorio de bancos para verificar las operaciones disponibles para cada bank_code.

Query Endpoints

Endpoints de Consulta

GET /banks List available banksListar bancos disponibles

Auth: Authorization: Bearer {api_key}

Returns the banks/processors your API Key has permission to use.

Retorna los bancos/procesadores que tu API Key tiene permiso para usar.

Query Parameters (optional)

Query Parameters (opcionales)

ParameterParametro	DescriptionDescripcion
country	Filter by country (e.g. `MX`)Filtrar por pais (e.g. `MX`)
channel	Filter by channel (e.g. `card`, `transfer`)Filtrar por canal (e.g. `card`, `transfer`)

JSON — 200 OK

{
  "data": [
    {
      "code": "XXXX",
      "country": "MX",
      "channel": "transfer",
      "bankname": "Transferencia Bancaria",
      "providername": "Proveedor A",
      "estado": "Activo"
    },
    {
      "code": "YYYY",
      "country": "MX",
      "channel": "card",
      "bankname": "Tarjeta Credito/Debito",
      "providername": "Proveedor B",
      "estado": "Activo"
    }
  ]
}

Reference — Transaction StatusesReferencia — Estados de Transaccion

StatusEstado	DescriptionDescripcion	ProcessorsProcesadores
PENDING	Transaction created, waiting for confirmation or 3DS redirectTransaccion creada, esperando confirmacion o redireccion 3DS	All (standard format)Todos (formato estandar)
pendiente	Equivalent to PENDING (legacy format from some processors)Equivalente a PENDING (formato legacy de algunos procesadores)	Some transfer/cash processorsAlgunos procesadores de transferencia/efectivo
APPROVED	Payment successfully approvedPago aprobado exitosamente	AllTodos
DECLINED	Payment rejected by the processor or issuer bankPago rechazado por el procesador o banco emisor	CardsTarjetas
3DS	In progress of 3D Secure authenticationEn proceso de autenticacion 3D Secure	Some card processorsAlgunos procesadores de tarjeta
SETTLED	Payment settled (funds transferred)Pago liquidado (fondos transferidos)	Some card processorsAlgunos procesadores de tarjeta
CANCELLED	Transaction cancelledTransaccion cancelada	Cards (with cancel)Tarjetas (con cancel)
REFUNDED	Transaction refundedTransaccion reembolsada	Cards (with refund)Tarjetas (con refund)
FAILED	Processing errorError en el procesamiento	AllTodos

HTTP Error CodesCodigos de Error HTTP

CodeCodigo	MeaningSignificado	Recommended actionAccion recomendada
400	Bad Request — Invalid or incomplete dataBad Request — Datos invalidos o incompletos	Check required fields and formatsVerifica los campos requeridos y formatos
401	Unauthorized — Invalid API KeyUnauthorized — API Key invalida	Check your API Key and that it's activeVerifica tu API Key y que este activa
403	Forbidden — No permission for this processorForbidden — Sin permiso para este procesador	Request activation of the permission for the bank_codeSolicita que se active el permiso para el bank_code
429	Too Many Requests — Velocity limit exceededToo Many Requests — Limite de velocidad excedido	Wait before retrying. Review velocity rulesEspera antes de reintentar. Revisa reglas de velocidad
500	Internal Server Error — Provider errorInternal Server Error — Error del proveedor	Retry after a few secondsReintenta despues de unos segundos
501	Not Implemented — Processor not availableNot Implemented — Procesador no disponible	Use a supported bank_codeUsa un bank_code soportado

PayBoom Response Codes (P0X)Codigos de Respuesta PayBoom (P0X)

These codes are generated by PayBoom when a transaction is rejected by internal velocity, amount, or schedule rules. They are received in the response_code field of the response.Estos codigos son generados por PayBoom cuando una transaccion es rechazada por reglas internas de velocidad, restricciones de monto u horario. Se reciben en el campo response_code de la respuesta.

CodeCodigo	DescriptionDescripcion	Recommended actionAccion recomendada
P00	Transaction blocked by velocity rules (generic)Transaccion bloqueada por reglas de velocidad (generico)	Contact support to review the configured rulesContacta a soporte para revisar las reglas configuradas
P01	Merchant daily limit exceededLimite diario del comercio excedido	Wait until the next day or request a daily limit increaseEspera al dia siguiente o solicita un aumento de limite diario
P02	Merchant monthly limit exceededLimite mensual del comercio excedido	Wait until the next month or request a monthly limit increaseEspera al siguiente mes o solicita un aumento de limite mensual
P03	Maximum number of transactions per card in 24 hours exceededNumero maximo de transacciones por tarjeta en 24 horas excedido	Wait 24 hours to retry with the same cardEspera 24 horas para reintentar con la misma tarjeta
P04	Minimum time between successful transactions with the same card has not elapsedTiempo minimo entre transacciones exitosas con la misma tarjeta no ha transcurrido	Wait for the configured interval before retryingEspera el intervalo configurado antes de reintentar
P05	Card temporarily blocked due to multiple failed attemptsTarjeta temporalmente bloqueada por multiples intentos fallidos	Wait for the cooldown period before retryingEspera el periodo de enfriamiento antes de reintentar
P06	Card permanently blockedTarjeta permanentemente bloqueada	The card has been blocked. Use a different cardLa tarjeta ha sido bloqueada. Usa una tarjeta diferente
P07	Transaction amount below the minimum allowed / Transaction outside allowed hoursMonto de transaccion menor al minimo permitido / Transaccion fuera de horario	Check the minimum amount or allowed hours (1:00 AM - 5:59 AM CDMX is blocked)Verifica el monto minimo o el horario permitido (1:00 AM - 5:59 AM CDMX esta bloqueado)
P08	Transaction amount exceeds the maximum allowed per transactionMonto de transaccion excede el maximo permitido por transaccion	Reduce the amount or request a limit increaseReduce el monto o solicita un aumento de limite
P09	Cards with this BIN are not allowedTarjetas con este BIN no estan permitidas	The card BIN is blocked. Use a card from a different bank/issuerEl BIN de la tarjeta esta bloqueado. Usa una tarjeta de otro banco/emisor

P0X Codes and HTTP 429Codigos P0X y HTTP 429 Transactions rejected by velocity rules (P01-P09) return HTTP 429 (Too Many Requests). Out-of-hours transactions (P07) return HTTP 200 with status DECLINED.Las transacciones rechazadas por reglas de velocidad (P01-P09) retornan HTTP 429 (Too Many Requests). Las transacciones fuera de horario (P07) retornan HTTP 200 con status DECLINED.

Merchant Notification Format (Webhook)Formato de Notificacion al Comercio (Webhook)

PayBoom sends a POST to your notifyUrl when the transaction status changes. Your endpoint must respond with HTTP 200.PayBoom envia un POST a tu notifyUrl cuando el estado de la transaccion cambia. Tu endpoint debe responder con HTTP 200.

JSON — Webhook PayloadJSON — Payload del Webhook

{
  "payboom_reference": "pb_20260415120530123_93dfbb",
  "mchOrderNo": "ORD-2026-00123",
  "status": "APPROVED",
  "amount": "500.00",
  "currency": "MXN",
  "provider_reference": "PROVIDER-TX-789",
  "bank_code": "1001",
  "authorization": "AUTH123456",
  "raw": {
    // Respuesta original del proveedor (varia por procesador)
  }
}