Overview

All transactions use the same base request format with operation-specific fields. This unified structure simplifies integration by providing a consistent API interface for both payments and withdrawals.

Common Fields

All requests to the /process/ endpoint must include these base fields:
FieldTypeRequiredDescription
operation_typestringYes"payment" or "withdrawal"
amountdecimalYesTransaction amount
currencystringNoCurrency code (default: "MXN")
customerobjectYesCustomer information
customer.namestringYesCustomer full name
customer.emailstringYesCustomer email address
client_referencestringNoYour reference identifier
metadataobjectNoAdditional data for your records
return_urlstringNoURL for redirection after 3DS processing

Request Headers

All requests must include these headers: 
Authorization: Token your_api_key
X-Signature-Transaction: calculated_hmac_signature
Content-Type: application/json

Payment Request Fields

When operation_type is "payment", include these additional fields:
FieldTypeRequiredDescription
payment_methodobjectYesPayment method details
payment_method.typestringYesPayment method type ("CARD", "SPEI", etc.)
payment_method.tokenstring*Tokenized card ID (for card payments)
payment_method.card_numberstring*Card number (if not using token)
payment_method.cvvstring*Security code (for raw card data)
payment_method.expiry_monthstring*Expiration month (for raw card data)
payment_method.expiry_yearstring*Expiration year (for raw card data)
payment_method.cardholder_namestring*Cardholder name (for raw card data)
For card payments, you’ll need to provide either a token or the full card details.

Card Payment Examples

Below are some examples of card payment requests.

Withdrawal Request Fields

When operation_type is "withdrawal", include these additional fields:
FieldTypeRequiredDescription
transfer_methodstringYesTransfer method ("SPEI" or "DEBIT_CARD")
beneficiaryobjectYesBeneficiary information
referencestringNoYour withdrawal reference
descriptionstringNoWithdrawal description
The beneficiary object includes the following fields:
FieldTypeRequiredDescription
beneficiary.accountstringYesAccount number or CLABE
beneficiary.namestringYesBeneficiary full name
beneficiary.rfcstringYesMexican tax ID (RFC)
beneficiary.institutionstringYesBank institution code
beneficiary.emailstringYesBeneficiary email

Supported Payment Methods

The following payment methods are supported:
MethodType ValueDescriptionProcessing Time
CardsCARDCredit and debit cardsInstant
SPEISPEIMexican bank transfersReal-time
OXXOOXXOCash payments at OXXO stores24-48 hours
Mercado PagoMERCADOPAGODigital walletInstant
SafetyPaySAFETYPAYAlternative cash payment24-48 hours
Supported Transfer MethodsYou can use either SPEI for same-day bank transfers, or Debit Card for instant direct deposits.
  • SPEI (SPEI): Bank account transfers, processed on the same day.
  • Debit Card (DEBIT_CARD): Direct card deposits, processed instantly.

Field Validation Rules

Complete Request Examples

Check the following examples to see how to use the request body. 
{
  "operation_type": "payment",
  "amount": 1500.00,
  "currency": "MXN",
  "customer": {
    "name": "Ana María González López",
    "email": "ana.gonzalez@empresa.mx"
  },
  "payment_method": {
    "type": "CARD",
    "card_number": "9230-0892-4469-1474",
    "cardholder_name": "c05d89b2-299c-4f93-b49a-42be00d3b64b",
    "cvv": "d31f0da3-0ed3-4ad8-8b68-14c2669a99a7",
    "expiration_month": "e401a32e-4174-424f-9688-727005f6a80e",
    "expiration_year": "bd9ccc23-3d00-4109-9626-fc6581389063"
  },
  "client_reference": "order-12345-premium",
  "metadata": {
    "customer_id": "cust_789",
    "order_id": "ord_12345",
    "store_location": "Mexico City",
    "sales_channel": "web"
  },
  "return_url": "https://mystore.com/payment/return?order=12345"
}

Request Size Limits

The request body size is limited to 10KB. Here’s a breakdown of the maximum size for each field:
FieldMaximum Size
Total request body10KB
Customer name255 characters
Customer email320 characters
Client reference255 characters
Description500 characters
Metadata object2KB

Best Practices

Here are some best practices to help you build reliable, secure, and robust requests.

Next Steps