> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cbpayapp.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Execute a pull collection with the payer's data (public)

> Runs the pull charge of a materialized collect option (`c2p` / `debito_inmediato`) with the data the payer typed on the checkout page — bank, document, phone or account, and the OTP (generated in the payer's banking app for C2P, or requested via `POST /pay/{token}/collect/otp` for immediate debit, sending back its `otp_reference`). The amount is ALWAYS the one frozen at materialization — the payer never sends it. If the rail confirms synchronously the link is settled in the same call (`paid: true`); a rejection does NOT kill the link — the payer can fix the data or pick another method. Retrying with the same data never charges twice. Strictly rate limited per IP.



## OpenAPI

````yaml /openapi.yaml post /pay/{token}/collect
openapi: 3.1.0
info:
  title: CBPay API
  version: '1.89'
  description: |
    CBPay is a multi-currency payment platform: fiat payouts and collections
    across Latin America, internal transfers, on-chain funding and
    withdrawals, and KYC screening. Every account holds four independent
    virtual balances — USDT (the operating currency), USDC, BTC and GOLD
    (grams of fine gold) — that never mix or convert automatically.
    Payouts and service fees can be paid from any of the four balances:
    set a default with `PUT /v1/settlement` or override per payout with
    `settlement_asset`.

    All amounts are decimal strings in each currency's precision (6 decimals
    for USDT/USDC/GOLD, 8 for BTC). Errors always return
    `{"error": "<code>", "message": "<detail>"}`.
servers:
  - url: https://api.qbank.cl/platform
    description: Live (production, real money)
  - url: https://cryptobank.qbank.cl/platform
    description: Test (sandbox, simulated money — pk_test_ keys)
security:
  - bearerAuth: []
tags:
  - name: Receipts
    description: >-
      Branded PDF receipt per operation, with a public signed-QR authenticity
      check, receipt_url on every response/webhook and automatic email delivery
      on final states.
  - name: Authentication
    description: Register and log in account members. Sessions last 24 hours.
  - name: Account
    description: Profile, members and API keys of the calling account.
  - name: Balances
    description: Balances, movement history and FX rates.
  - name: Payouts
    description: >-
      Fiat dispersals debited from the settlement balance of your choice (USDT
      by default).
  - name: Payins
    description: Fiat top-ups credited to the USDT balance.
  - name: Transfers
  - name: Contacts
  - name: Swaps
    description: >-
      Free internal transfers between CBPay accounts (person or company, any
      combination).
  - name: Crypto
    description: On-chain funding and withdrawals (TRON, Ethereum and Bitcoin).
  - name: Segregated wallets
    description: >-
      On-chain wallets with their own balance (companies unlimited; persons 1
      per network+asset pair) — create, import, send, export the private key and
      auto-forward. The balance lives on-chain, never in the ledger.
  - name: QR Crypto POS
    description: >-
      Amount-bearing crypto QR charges for processors with physical POS
      terminals (company accounts): verified merchants, exclusive address + QR
      per charge, early payment detection, per-merchant reconciliation and
      refunds over the crypto withdrawal rail.
  - name: KYC / KYB
  - name: AML screening
    description: >-
      Identity verification: KYC for persons, KYB for companies, with AML
      screening, rescreening and continuous monitoring.
  - name: Wallet screening
    description: >-
      AML risk assessment of blockchain addresses (sanctions, illicit-fund
      exposure) with a per-scan fee, plus free automatic protection on
      withdrawals and deposits.
  - name: Analytics
  - name: Webhooks
    description: Subscriptions to receive signed event notifications.
  - name: Status
    description: Service availability.
  - name: Banking
    description: >-
      Real bank accounts: receive, hold and send money over international
      banking rails.
  - name: Cards
    description: >-
      Virtual and physical cards that spend Just-In-Time from the account's USDT
      balance, with per-card spending limits.
  - name: Security (OTP)
    description: >-
      One-time verification codes over SMS/WhatsApp/email protecting sensitive
      actions, plus self-service 2FA preferences. Applies to user sessions only
      — API keys are exempt.
  - name: Passkeys
    description: >-
      Passwordless sign-in with the device's biometrics (Face ID, Touch ID,
      Windows Hello, security keys) via WebAuthn, authenticator apps (TOTP) with
      backup codes, and session/device management.
  - name: Social login
    description: >-
      Passwordless sign up and sign in with Google, Apple, Microsoft and
      Facebook via token exchange. The front end obtains the provider
      credential; the API verifies it and issues the CBPay session.
paths:
  /pay/{token}/collect:
    post:
      tags:
        - Payins
      summary: Execute a pull collection with the payer's data (public)
      description: >-
        Runs the pull charge of a materialized collect option (`c2p` /
        `debito_inmediato`) with the data the payer typed on the checkout page —
        bank, document, phone or account, and the OTP (generated in the payer's
        banking app for C2P, or requested via `POST /pay/{token}/collect/otp`
        for immediate debit, sending back its `otp_reference`). The amount is
        ALWAYS the one frozen at materialization — the payer never sends it. If
        the rail confirms synchronously the link is settled in the same call
        (`paid: true`); a rejection does NOT kill the link — the payer can fix
        the data or pick another method. Retrying with the same data never
        charges twice. Strictly rate limited per IP.
      operationId: checkoutCollect
      parameters:
        - name: token
          in: path
          required: true
          schema:
            type: string
          description: Opaque checkout token embedded in the `checkout_url`.
      requestBody:
        required: true
        content:
          application/json:
            examples:
              c2p:
                summary: C2P — OTP generated by the payer in their banking app
                value:
                  country: VE
                  currency: VES
                  method: c2p
                  payer_document: V12345678
                  payer_phone: '04141234567'
                  payer_bank: '0102'
                  otp: '123456'
              immediate_debit:
                summary: Immediate debit — OTP requested via /collect/otp
                value:
                  country: VE
                  currency: VES
                  method: debito_inmediato
                  payer_document: V12345678
                  payer_bank: '0102'
                  payer_account: '01020123456789012345'
                  otp: '654321'
                  otp_reference: '783412'
      responses:
        '200':
          description: Result of the collection attempt.
          content:
            application/json:
              examples:
                paid:
                  summary: Rail confirmed synchronously — link settled
                  value:
                    paid: true
                    status: paid
                    status_message: approved
                rejected_soft:
                  summary: Rail reported a recoverable rejection in the response body
                  value:
                    paid: false
                    status: failed
                    status_code: '05'
                    status_message: the document does not match the C2P registration
        '404':
          description: Invalid token or unknown payment link.
          content:
            application/json:
              example:
                error: not_found
                message: payment link not found
        '409':
          description: The link was already paid via another method.
          content:
            application/json:
              example:
                error: already_paid
                message: this payment link was already paid
        '410':
          description: The link expired without payment.
          content:
            application/json:
              example:
                error: checkout_expired
                message: this payment link expired
        '422':
          description: >-
            The pull option is not materialized, or the rail rejected the charge
            (the link stays pending so the payer can retry).
          content:
            application/json:
              examples:
                not_materialized:
                  summary: Pull option not prepared yet
                  value:
                    error: method_unavailable
                    message: prepare this payment option first (POST /methods/{method})
                rail_rejected:
                  summary: Rail rejected the charge
                  value:
                    error: collect_rejected
                    message: invalid or expired OTP
        '429':
          description: Too many requests from this IP.
          content:
            application/json:
              example:
                error: too_many_attempts
                message: too many requests; wait a moment and retry
      security: []
components:
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      description: |
        Session JWT (from register/login) or API key (`pk_...`).
        `X-API-Key: <token>` is accepted as an alternative header.

````