> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cbpayapp.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Universal checkout state (public)

> JSON state of a universal checkout link — for the page's own polling and for integrators rendering their own payment front end over the same link. Shows the status, the settlement asset and amount, the winning method once paid, the frozen fiat materializations (`fiat_methods`), the live progress of every crypto deposit address (amount due vs received) and the `conversion_status` of the auto-conversion. No credentials; rate limited per IP.



## OpenAPI

````yaml /openapi.yaml get /pay/{token}/state
openapi: 3.1.0
info:
  title: CBPay API
  version: '1.89'
  description: |
    CBPay is a multi-currency payment platform: fiat payouts and collections
    across Latin America, internal transfers, on-chain funding and
    withdrawals, and KYC screening. Every account holds four independent
    virtual balances — USDT (the operating currency), USDC, BTC and GOLD
    (grams of fine gold) — that never mix or convert automatically.
    Payouts and service fees can be paid from any of the four balances:
    set a default with `PUT /v1/settlement` or override per payout with
    `settlement_asset`.

    All amounts are decimal strings in each currency's precision (6 decimals
    for USDT/USDC/GOLD, 8 for BTC). Errors always return
    `{"error": "<code>", "message": "<detail>"}`.
servers:
  - url: https://api.qbank.cl/platform
    description: Live (production, real money)
  - url: https://cryptobank.qbank.cl/platform
    description: Test (sandbox, simulated money — pk_test_ keys)
security:
  - bearerAuth: []
tags:
  - name: Receipts
    description: >-
      Branded PDF receipt per operation, with a public signed-QR authenticity
      check, receipt_url on every response/webhook and automatic email delivery
      on final states.
  - name: Authentication
    description: Register and log in account members. Sessions last 24 hours.
  - name: Account
    description: Profile, members and API keys of the calling account.
  - name: Balances
    description: Balances, movement history and FX rates.
  - name: Payouts
    description: >-
      Fiat dispersals debited from the settlement balance of your choice (USDT
      by default).
  - name: Payins
    description: Fiat top-ups credited to the USDT balance.
  - name: Transfers
  - name: Contacts
  - name: Swaps
    description: >-
      Free internal transfers between CBPay accounts (person or company, any
      combination).
  - name: Crypto
    description: On-chain funding and withdrawals (TRON, Ethereum and Bitcoin).
  - name: Segregated wallets
    description: >-
      On-chain wallets with their own balance (companies unlimited; persons 1
      per network+asset pair) — create, import, send, export the private key and
      auto-forward. The balance lives on-chain, never in the ledger.
  - name: QR Crypto POS
    description: >-
      Amount-bearing crypto QR charges for processors with physical POS
      terminals (company accounts): verified merchants, exclusive address + QR
      per charge, early payment detection, per-merchant reconciliation and
      refunds over the crypto withdrawal rail.
  - name: KYC / KYB
  - name: AML screening
    description: >-
      Identity verification: KYC for persons, KYB for companies, with AML
      screening, rescreening and continuous monitoring.
  - name: Wallet screening
    description: >-
      AML risk assessment of blockchain addresses (sanctions, illicit-fund
      exposure) with a per-scan fee, plus free automatic protection on
      withdrawals and deposits.
  - name: Analytics
  - name: Webhooks
    description: Subscriptions to receive signed event notifications.
  - name: Status
    description: Service availability.
  - name: Banking
    description: >-
      Real bank accounts: receive, hold and send money over international
      banking rails.
  - name: Cards
    description: >-
      Virtual and physical cards that spend Just-In-Time from the account's USDT
      balance, with per-card spending limits.
  - name: Security (OTP)
    description: >-
      One-time verification codes over SMS/WhatsApp/email protecting sensitive
      actions, plus self-service 2FA preferences. Applies to user sessions only
      — API keys are exempt.
  - name: Passkeys
    description: >-
      Passwordless sign-in with the device's biometrics (Face ID, Touch ID,
      Windows Hello, security keys) via WebAuthn, authenticator apps (TOTP) with
      backup codes, and session/device management.
  - name: Social login
    description: >-
      Passwordless sign up and sign in with Google, Apple, Microsoft and
      Facebook via token exchange. The front end obtains the provider
      credential; the API verifies it and issues the CBPay session.
paths:
  /pay/{token}/state:
    get:
      tags:
        - Payins
      summary: Universal checkout state (public)
      description: >-
        JSON state of a universal checkout link — for the page's own polling and
        for integrators rendering their own payment front end over the same
        link. Shows the status, the settlement asset and amount, the winning
        method once paid, the frozen fiat materializations (`fiat_methods`), the
        live progress of every crypto deposit address (amount due vs received)
        and the `conversion_status` of the auto-conversion. No credentials; rate
        limited per IP.
      operationId: checkoutState
      parameters:
        - name: token
          in: path
          required: true
          schema:
            type: string
          description: Opaque checkout token embedded in the `checkout_url`.
      responses:
        '200':
          description: Current state of the payment link.
          content:
            application/json:
              examples:
                pending:
                  summary: Pending with a frozen fiat quote and crypto progress
                  value:
                    status: pending
                    settlement_asset: USDT
                    asset_amount: '50'
                    description: Order 8841
                    expires_at: '2026-07-17T17:57:44Z'
                    fiat_methods:
                      - method: qr
                        country: MX
                        currency: MXN
                        local_amount: '941.00'
                    crypto:
                      - method: crypto:tron:usdt
                        chain: tron
                        asset: USDT
                        address: TWkfyUCXSdRfNHrRc9CJisFLYd6Ha3XWvS
                        due: '50.000000'
                        received: '5.000000'
                paid:
                  summary: Paid via crypto, conversion done
                  value:
                    status: paid
                    settlement_asset: GOLD
                    asset_amount: '2'
                    description: Order 8841
                    expires_at: '2026-07-17T17:57:44Z'
                    conversion_status: done
                    paid_method: crypto:tron:usdt
                    paid_at: '2026-07-16T18:03:11Z'
                    redirect_url: https://your-app.com/payment/ok
        '404':
          description: Invalid token or unknown payment link.
          content:
            application/json:
              example:
                error: not_found
                message: payment link not found
        '429':
          description: Too many requests from this IP.
          content:
            application/json:
              example:
                error: too_many_attempts
                message: too many requests; wait a moment and retry
      security: []
components:
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      description: |
        Session JWT (from register/login) or API key (`pk_...`).
        `X-API-Key: <token>` is accepted as an alternative header.

````