> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cbpayapp.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Create a POS charge (crypto QR with amount)

> Creates an amount-bearing crypto QR charge for a merchant. Same contract as the universal checkout link: amount + settlement_asset (account default when omitted); the due the customer pays is quoted in the QR's crypto at creation (the payer covers any conversion — you receive your exact target). The response carries the exclusive deposit address, the raw-address QR (qr_payload + qr_png_base64) and the frozen due, ready for the POS. idempotency_key is required: a retry returns the SAME charge and address.



## OpenAPI

````yaml /openapi.yaml post /v1/pos/charges
openapi: 3.1.0
info:
  title: CBPay API
  version: '1.89'
  description: |
    CBPay is a multi-currency payment platform: fiat payouts and collections
    across Latin America, internal transfers, on-chain funding and
    withdrawals, and KYC screening. Every account holds four independent
    virtual balances — USDT (the operating currency), USDC, BTC and GOLD
    (grams of fine gold) — that never mix or convert automatically.
    Payouts and service fees can be paid from any of the four balances:
    set a default with `PUT /v1/settlement` or override per payout with
    `settlement_asset`.

    All amounts are decimal strings in each currency's precision (6 decimals
    for USDT/USDC/GOLD, 8 for BTC). Errors always return
    `{"error": "<code>", "message": "<detail>"}`.
servers:
  - url: https://api.qbank.cl/platform
    description: Live (production, real money)
  - url: https://cryptobank.qbank.cl/platform
    description: Test (sandbox, simulated money — pk_test_ keys)
security:
  - bearerAuth: []
tags:
  - name: Receipts
    description: >-
      Branded PDF receipt per operation, with a public signed-QR authenticity
      check, receipt_url on every response/webhook and automatic email delivery
      on final states.
  - name: Authentication
    description: Register and log in account members. Sessions last 24 hours.
  - name: Account
    description: Profile, members and API keys of the calling account.
  - name: Balances
    description: Balances, movement history and FX rates.
  - name: Payouts
    description: >-
      Fiat dispersals debited from the settlement balance of your choice (USDT
      by default).
  - name: Payins
    description: Fiat top-ups credited to the USDT balance.
  - name: Transfers
  - name: Contacts
  - name: Swaps
    description: >-
      Free internal transfers between CBPay accounts (person or company, any
      combination).
  - name: Crypto
    description: On-chain funding and withdrawals (TRON, Ethereum and Bitcoin).
  - name: Segregated wallets
    description: >-
      On-chain wallets with their own balance (companies unlimited; persons 1
      per network+asset pair) — create, import, send, export the private key and
      auto-forward. The balance lives on-chain, never in the ledger.
  - name: QR Crypto POS
    description: >-
      Amount-bearing crypto QR charges for processors with physical POS
      terminals (company accounts): verified merchants, exclusive address + QR
      per charge, early payment detection, per-merchant reconciliation and
      refunds over the crypto withdrawal rail.
  - name: KYC / KYB
  - name: AML screening
    description: >-
      Identity verification: KYC for persons, KYB for companies, with AML
      screening, rescreening and continuous monitoring.
  - name: Wallet screening
    description: >-
      AML risk assessment of blockchain addresses (sanctions, illicit-fund
      exposure) with a per-scan fee, plus free automatic protection on
      withdrawals and deposits.
  - name: Analytics
  - name: Webhooks
    description: Subscriptions to receive signed event notifications.
  - name: Status
    description: Service availability.
  - name: Banking
    description: >-
      Real bank accounts: receive, hold and send money over international
      banking rails.
  - name: Cards
    description: >-
      Virtual and physical cards that spend Just-In-Time from the account's USDT
      balance, with per-card spending limits.
  - name: Security (OTP)
    description: >-
      One-time verification codes over SMS/WhatsApp/email protecting sensitive
      actions, plus self-service 2FA preferences. Applies to user sessions only
      — API keys are exempt.
  - name: Passkeys
    description: >-
      Passwordless sign-in with the device's biometrics (Face ID, Touch ID,
      Windows Hello, security keys) via WebAuthn, authenticator apps (TOTP) with
      backup codes, and session/device management.
  - name: Social login
    description: >-
      Passwordless sign up and sign in with Google, Apple, Microsoft and
      Facebook via token exchange. The front end obtains the provider
      credential; the API verifies it and issues the CBPay session.
paths:
  /v1/pos/charges:
    post:
      tags:
        - QR Crypto POS
      summary: Create a POS charge (crypto QR with amount)
      description: >-
        Creates an amount-bearing crypto QR charge for a merchant. Same contract
        as the universal checkout link: amount + settlement_asset (account
        default when omitted); the due the customer pays is quoted in the QR's
        crypto at creation (the payer covers any conversion — you receive your
        exact target). The response carries the exclusive deposit address, the
        raw-address QR (qr_payload + qr_png_base64) and the frozen due, ready
        for the POS. idempotency_key is required: a retry returns the SAME
        charge and address.
      operationId: createPosCharge
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
                - merchant_id
                - amount
                - crypto
                - idempotency_key
              properties:
                merchant_id:
                  type: string
                  format: uuid
                amount:
                  type: string
                settlement_asset:
                  type: string
                  enum:
                    - USDT
                    - USDC
                    - BTC
                    - GOLD
                crypto:
                  type: string
                  enum:
                    - tron:usdt
                    - eth:usdt
                    - eth:usdc
                    - btc:btc
                reference:
                  type: string
                expires_in:
                  type: integer
                  minimum: 300
                  maximum: 86400
                  default: 900
                idempotency_key:
                  type: string
            example:
              merchant_id: d2875683-fc80-4c7b-876a-fb585d7c6982
              amount: '25'
              crypto: tron:usdt
              reference: TICKET-0451
              expires_in: 900
              idempotency_key: pos-0451-1
      responses:
        '201':
          description: Created
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/PosCharge'
              example:
                charge_id: 66773a3a-9911-4482-ae3c-09a481aba018
                payin_id: bd3d88ca-af9c-4c05-a6f8-0982a2d187d5
                account_id: 5138e8dd-64bd-43ef-aafe-8d9ef23bec9e
                status: pending
                amount: '25'
                settlement_asset: USDT
                crypto: tron:usdt
                chain: tron
                asset: USDT
                address: TC5SToDEigQtie7Crf9et7ui7zDsvdDHeG
                due: '25.000000'
                received: '0.000000'
                qr_payload: TC5SToDEigQtie7Crf9et7ui7zDsvdDHeG
                qr_png_base64: iVBORw0KGgo...
                merchant:
                  id: d2875683-fc80-4c7b-876a-fb585d7c6982
                  name: La Terraza Restaurant
                  external_ref: resto-001
                reference: TICKET-0451
                expires_at: '2026-07-17T19:55:00Z'
                receipt_url: >-
                  https://api.qbank.cl/platform/v1/payins/bd3d88ca-af9c-4c05-a6f8-0982a2d187d5/receipt
                created_at: '2026-07-17T19:40:00Z'
                updated_at: '2026-07-17T19:40:00Z'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          description: merchant_disabled / settlement_asset_disabled
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
              example:
                error: merchant_disabled
                message: this merchant is disabled; re-enable it before charging
        '503':
          description: pricing_unavailable
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
              example:
                error: pricing_unavailable
                message: crypto pricing is temporarily unavailable
components:
  schemas:
    PosCharge:
      type: object
      properties:
        charge_id:
          type: string
          format: uuid
        payin_id:
          type: string
          format: uuid
        account_id:
          type: string
          format: uuid
        status:
          type: string
          enum:
            - pending
            - paid
            - expired
        amount:
          type: string
        settlement_asset:
          type: string
        crypto:
          type: string
        chain:
          type: string
        asset:
          type: string
        address:
          type: string
        due:
          type: string
        received:
          type: string
        refunded_total:
          type: string
        qr_payload:
          type: string
        qr_png_base64:
          type: string
        confirming:
          type: boolean
        detected_amount:
          type: string
        merchant:
          type: object
          properties:
            id:
              type: string
            name:
              type: string
            external_ref:
              type: string
        reference:
          type: string
        quote_expires_at:
          type: string
          format: date-time
        paid_at:
          type: string
          format: date-time
        expires_at:
          type: string
          format: date-time
        conversion_status:
          type: string
        refunds:
          type: array
          items:
            $ref: '#/components/schemas/PosChargeRefund'
        receipt_url:
          type: string
        created_at:
          type: string
          format: date-time
        updated_at:
          type: string
          format: date-time
    Error:
      type: object
      properties:
        error:
          type: string
          description: Machine-readable error code (snake_case).
          example: insufficient_funds
        message:
          type: string
          description: Human-readable explanation.
    PosChargeRefund:
      type: object
      properties:
        refund_id:
          type: string
          format: uuid
        charge_id:
          type: string
          format: uuid
        withdrawal_id:
          type: string
        amount:
          type: string
        asset:
          type: string
        to_address:
          type: string
        status:
          type: string
        tx_id:
          type: string
        created_at:
          type: string
          format: date-time
        updated_at:
          type: string
          format: date-time
  responses:
    Unauthorized:
      description: Missing or invalid credential (`unauthorized`).
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            error: unauthorized
            message: invalid or missing credentials
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      description: |
        Session JWT (from register/login) or API key (`pk_...`).
        `X-API-Key: <token>` is accepted as an alternative header.

````