search

Payments - Complete Flow

hashtag
Overview

The Payments endpoint processes a complete payment transaction with automatic tokenization, authorization, and capture in a single API call. This is the most common endpoint for direct sales where you want immediate payment collection.

POST /v1/payments/

hashtag
What Happens Internally

Client Request → Firstoken API → [Tokenization + Authorization + Capture] → Response

  1. Tokenization: Card data is securely tokenized

  2. Authorization: Payment is authorized with the token

  3. Capture: Payment is automatically captured

  4. Response: Single response with the complete transaction result

hashtag
Request Body

hashtag
Minimal Required Fields

{
  "transaction_info": {
    "type": "payment",
    "reference_code": "1753550023570"
  },
  "card": {
    "number": "4225289837059229",
    "expiration_date": "01/2030",
    "security_code": "123",
    "holder": "John Doe Jones"
  },
  "order_info": {
    "amount_details": {
      "total_amount": 1000,
      "currency": "BRL",
      "items_amount": 1000
    },
    "installments": 1,
    "descriptor": "Test Payment"
  },
  "cardholder_info": {
    "first_name": "John",
    "last_name": "Doe",
    "document": {
      "type": "CPF",
      "number": "54672396002",
      "nationality": "BR"
    },
    "country": "BR",
    "address_1": "123 Main St",
    "city": "Sao Paulo",
    "state": "SP",
    "postal_code": "04001-000",
    "email": "john_autoaccept@test.com",
    "phone_number": "4158880000",
    "phone_type": "Mobile",
    "phone_area_code": "22"
  },
  "bill_to": {
    "id": "1234567890",
    "first_name": "John",
    "last_name": "Doe",
    "document": {
      "type": "CPF",
      "number": "54672396002",
      "nationality": "BR"
    },
    "country": "BR",
    "address_1": "123 Main St",
    "city": "Sao Paulo",
    "state": "SP",
    "postal_code": "04001-000",
    "email": "test@cybs.com",
    "phone_number": "4158880000",
    "phone_type": "Mobile",
    "phone_area_code": "22",
    "profile": "1"
  },
  "line_items": [
    {
      "category": {
        "id": "1",
        "name": "Category 1"
      },
      "id": "1",
      "name": "Item 1",
      "price": 1500,
      "quantity": 1,
      "type": "Generic"
    }
  ],
  "device_info": {
    "fingerprint_session_id": "0a76c25669713d8d6d306ba8c21259b7",
    "ip_address": "127.0.0.1"
  }
}

hashtag
Complete Request with All Fields

hashtag
Field Specifications

hashtag
transaction_info (Required)

Field
Type
Required
Description

type

String

Yes

Must be "payment"

reference_code

String

Yes

Merchant reference code

hashtag
card (Required)

Field
Type
Required
Description

number

String

Yes

Card number

expiration_date

String

Yes

Card expiration (MM/YYYY format)

security_code

String

Yes

CVV/CVC code (3-4 digits)

holder

String

Yes

Cardholder name as it appears on card

circle-exclamation

hashtag
Note: Use a Firstoken token instead of card details; simply apply the token directly as follow

  • Temporal token:

  • Permanent token (you can use all schema token types) :

hashtag
order_info (Required)

Field
Type
Required
Description

amount_details.total_amount

Number

Yes

Total transaction amount

amount_details.currency

String

Yes

Currency code (BRL, USD, etc.)

amount_details.items_amount

Number

Yes

Sum of line items amount

amount_details.shipping_amount

Number

No

Shipping cost

amount_details.fee_amount

Number

No

Additional fees

installments

Number

Yes

Number of installments

descriptor

String

Yes

Payment descriptor

hashtag
cardholder_info (Required)

Field
Type
Required
Description

first_name

String

Yes

First name

last_name

String

Yes

Last name

document.type

String

Yes

Document type (CPF, CNPJ)

document.number

String

Yes

Document number

document.nationality

String

Yes

Document nationality (BR)

country

String

Yes

Country code

address_1

String

Yes

Primary address

city

String

Yes

City name

state

String

Yes

State code

postal_code

String

Yes

Postal code

email

String

Yes

Email address

phone_number

String

Yes

Phone number

phone_type

String

No

Phone type (Mobile, Home, Work)

phone_area_code

String

Yes

Area code

gender

String

No

Gender (MALE, FEMALE, OTHER)

birth_date

String

No

Birth date (YYYY-MM-DD)

address_2

String

No

Secondary address

phone_country_code

String

No

Phone country code

hashtag
bill_to (Required)

Field
Type
Required
Description

id

String

No

Customer identifier

profile

String

No

Customer profile

All other fields

Various

Same as cardholder_info

Same requirements

hashtag
line_items (Required)

Field
Type
Required
Description

id

String

Yes

Item identifier

name

String

Yes

Item name

price

Number

Yes

Item price

quantity

Number

Yes

Item quantity

type

String

No

Item type must be Generic

category.id

String

No

Category identifier

category.name

String

No

Category name

seller_id

String

No

Seller identifier

service_date

String

No

Service date

discount_amount

Number

No

Discount applied

hashtag
Device Info

Parameter
Type
Required
Description

ip_address

String

Yes

Customer's IP address

fingerprint_session_id*

String

Yes

A unique numerical ID generated for each user session on a website.

(*) The fingerprint_session_id is generated using a Koin script that is called from the webpage.

hashtag
shipping_info (Optional)

Field
Type
Required
Description

country

String

No

Shipping country

address_1

String

No

Shipping address

city

String

No

Shipping city

state

String

No

Shipping state

postal_code

String

No

Shipping postal code

by

String

No

Shipping carrier

date

String

No

Expected delivery date

type

String

No

Shipping type (STANDARD, EXPRESS)

price

Number

No

Shipping cost

hashtag
Response Format

hashtag
Success Response (200)

hashtag
Failed Payment Response (200)

hashtag
Error Response (400/500)

hashtag
Response Fields

hashtag
transaction_info

Field
Type
Description

type

String

Response type (payment_response, authorization_response, etc.)

reference_code

String

Merchant reference code from request

transaction_id

String

Unique transaction identifier generated by Firstoken

request_id

String

Unique request identifier

status

String

Transaction status (Collected, Declined, Pending, etc.)

response_code

String

Internal response code

created_at

String

Transaction creation timestamp (ISO 8601)

hashtag
order_info

Field
Type
Description

amount_details.authorized_amount

Number

Authorized amount

amount_details.currency

String

Transaction currency

hashtag
risk_info

Field
Type
Description

status

String

Antifraud status: Approved, Rejected, Pending

date

String

Date of antifraud evaluation (ISO 8601)

strategies

Array

Array of antifraud strategies applied (see Strategies section)

hashtag
error_info (present when transaction fails)

Field
Type
Description

reason

String

Failure reason (InsufficientFunds, InvalidCard, etc.)

message

String

Human-readable error message

hashtag
Antifraud Strategies

The strategies array contains objects with antifraud strategies that were applied to the transaction. Each strategy object contains:

Field
Type
Description

type

String

Strategy type (VerificationCode ,DocumentScan ,ManualVerification ,CollectAuthRecovery ")

link

String

Reference link for strategy details

Note: Strategies must be configured in your KOIN account to appear in responses. If no strategies are configured, the array will be empty [].

hashtag
cURL Example

PreviousPayments API - KOINNextAuthorization

Last updated