# CBPay > CBPay developer documentation - fiat payouts and collections across Latin America, internal transfers, on-chain USDT and KYC. ## Docs - [Add a member](https://docs.cbpayapp.com/api-reference/account/add-a-member.md): Adds a login member. Only available for company accounts. - [Change my login email](https://docs.cbpayapp.com/api-reference/account/change-my-login-email.md): Starts a login-email change. A verification code is sent to the NEW email; confirm with `POST /v1/me/email/confirm`. When the OTP policy requires it, an `X-OTP-Token` for the `email_change` action is also required. Verifying the new email is mandatory — it prevents an attacker from pointing the logi… - [Change my password](https://docs.cbpayapp.com/api-reference/account/change-my-password.md): Changes the calling member's password. Requires the current password (members created via social login without a password set their first one here, leaving `current_password` empty) and, when the OTP policy requires it, an `X-OTP-Token` for the `password_change` action. All other sessions are revoke… - [Confirm an email change or verification](https://docs.cbpayapp.com/api-reference/account/confirm-an-email-change-or-verification.md): Confirms a pending email change (or verification) with the code received. On a change, the login email — and, for owners, the account contact email — are updated and the old email is notified. - [Create an API key](https://docs.cbpayapp.com/api-reference/account/create-an-api-key.md): Issues a server-to-server API key bound to the calling account. The plaintext token (`pk_...`) is returned exactly once and cannot be retrieved again. - [Delete my profile photo](https://docs.cbpayapp.com/api-reference/account/delete-my-profile-photo.md) - [Enabled services](https://docs.cbpayapp.com/api-reference/account/enabled-services.md): Effective map of which products this account can use right now (payouts, payins, transfers, crypto, banking, kyc, cards). When a service is disabled, its action endpoints answer 403 service_disabled; reads and money already in flight are never affected. Use it to decide what to show in your UI. - [Get an account's avatar](https://docs.cbpayapp.com/api-reference/account/get-an-accounts-avatar.md): Serves the avatar image of an account in the same organization (used for the recipient preview in transfers and contacts). Avatars published to the public CDN answer with a `302` redirect to the CDN URL; legacy avatars are served directly. - [Get my account](https://docs.cbpayapp.com/api-reference/account/get-my-account.md) - [Get my settlement settings](https://docs.cbpayapp.com/api-reference/account/get-my-settlement-settings.md): Returns which virtual balance your operations (payouts and service fees) debit from by default, which assets your organization allows, and the per-operation limit (USDT equivalent) applied to volatile assets (BTC/GOLD). - [Get the platform branding](https://docs.cbpayapp.com/api-reference/account/get-the-platform-branding.md): Effective branding of the platform you operate on (name, colors, logos in base64) so a white-label front end can theme itself from the API instead of hardcoding assets. `logo_url`/`symbol_url` are public CDN URLs for the same logos — prefer them over the base64 payloads. Read-only, no PII. - [List members](https://docs.cbpayapp.com/api-reference/account/list-members.md): Login members of the calling account (company accounts). - [List my active sessions](https://docs.cbpayapp.com/api-reference/account/list-my-active-sessions.md): Lists the member's sessions (devices) with IP, user agent, login method and whether each is the current one. - [My profile QR code](https://docs.cbpayapp.com/api-reference/account/my-profile-qr-code.md): Returns the account's immutable QR token, its payload URI (`cbpay:pay?to=`) and a ready-to-render PNG. The QR only lets others SEND money to you; it never changes. - [My security activity](https://docs.cbpayapp.com/api-reference/account/my-security-activity.md): Append-only history of security events for the account (logins, credential changes, factors added/removed). Requires `from`/`to` date filters. - [Resolve a recipient by alias or QR](https://docs.cbpayapp.com/api-reference/account/resolve-a-recipient-by-alias-or-qr.md): Returns a minimal preview (alias, display name, type, avatar) of an account in the same organization, to confirm before sending. Provide `alias` or `qr` (the raw token or the full `cbpay:pay?to=…` payload). Returns a uniform 404 and is rate-limited to prevent enumeration. - [Revoke all my other sessions](https://docs.cbpayapp.com/api-reference/account/revoke-all-my-other-sessions.md): Signs out every session except the current one. - [Revoke one of my sessions](https://docs.cbpayapp.com/api-reference/account/revoke-one-of-my-sessions.md): Signs out a specific device. - [Set my default settlement asset](https://docs.cbpayapp.com/api-reference/account/set-my-default-settlement-asset.md): Changes the balance your payouts and service fees debit from when a request does not send an explicit `settlement_asset`. Any of USDT, USDC, BTC or GOLD (if enabled for your organization). The change applies to new operations only; nothing in flight is re-quoted. - [Set my permanent alias](https://docs.cbpayapp.com/api-reference/account/set-my-permanent-alias.md): Sets the account's public alias ONCE. The alias is permanent and cannot be changed. Format: 4-20 chars (a-z, 0-9, dot, underscore, hyphen), starting and ending alphanumeric; reserved words are rejected. Others can send you money by alias. - [Update my profile](https://docs.cbpayapp.com/api-reference/account/update-my-profile.md): Once your identity verification is approved, `display_name`, `tax_id` and `country` are filled from the verified identity and locked (`409 identity_locked`); `phone` stays editable with its own verification flow. - [Upload my profile photo](https://docs.cbpayapp.com/api-reference/account/upload-my-profile-photo.md): Uploads (or replaces) the account avatar. Body is the raw image bytes (JPEG, PNG or WebP), max 512 KB. The content type is detected from the file's magic bytes, never the header. When the image is published to the public CDN, `avatar_url` is an absolute URL that loads without authentication; otherwi… - [Verify my current email](https://docs.cbpayapp.com/api-reference/account/verify-my-current-email.md): Sends a code to the member's CURRENT email to mark it verified (required to use the email OTP channel for money actions). Confirm with `POST /v1/me/email/confirm`. - [Aml screening updated](https://docs.cbpayapp.com/api-reference/aml-screening-updated.md): Fires when the AML screening finishes, a case changes, the risk changes or a monitored transaction is reviewed. - [Compliance form catalogs](https://docs.cbpayapp.com/api-reference/aml-screening/compliance-form-catalogs.md): Returns every catalog (list of value/label pairs) the front should use to build consistent compliance and verification forms: genders, company status, address types, company legal forms (global list plus per-country cascade), income/wealth sources, industry standards with their per-country default,… - [Download the AML screening report (PDF)](https://docs.cbpayapp.com/api-reference/aml-screening/download-the-aml-screening-report-pdf.md): Branded PDF report of the screening — executive decision page, risk indicators (sanctions, watchlists, PEP, adverse media...), consolidated matches, aliases, glossary and a final backing section with the international data sources consulted. Trilingual via `lang` (default English). Pure read — no fe… - [Enable or disable AML monitoring](https://docs.cbpayapp.com/api-reference/aml-screening/enable-or-disable-aml-monitoring.md): Toggles continuous compliance monitoring for the account's verified identity. Enabling bills the `compliance_monitoring` fee if configured; disabling is free. Requires a prior screening. Each state change is stored in the audit history (`GET /v1/aml/screenings`, filter kind monitoring). When the sta… - [Get an AML screening](https://docs.cbpayapp.com/api-reference/aml-screening/get-an-aml-screening.md): Detail of a screening, including the full stored result. An id that belongs to another account returns 404. - [List AML screenings](https://docs.cbpayapp.com/api-reference/aml-screening/list-aml-screenings.md): History of the account's AML screenings (person, company and rescreens), newest first. Requires the from/to date range; supports pagination and a risk filter. - [Re-run an AML screening](https://docs.cbpayapp.com/api-reference/aml-screening/re-run-an-aml-screening.md): Re-runs the account's screening. Requires a prior screening. Bills the `compliance_rescreen` fee if configured; refunded on upstream failure. Each rescreen is stored in the audit history (`GET /v1/aml/screenings`). `idempotency_key` is required — replaying with the same key returns the original resc… - [Submit an AML screening](https://docs.cbpayapp.com/api-reference/aml-screening/submit-an-aml-screening.md): Screens a person or company (detected from the payload) against sanctions, PEP and adverse-media lists via the compliance service. This is list screening only — identity verification with documents and liveness lives under /v1/kyc and /v1/kyb. All identity fields are optional and forwarded whole to… - [Account summary for dashboards](https://docs.cbpayapp.com/api-reference/analytics/account-summary-for-dashboards.md): Aggregated view of the whole account flow in a single call: gross volume in/out, transaction counts, new banking users, per-service sections (payouts, payins, deposits, withdrawals, transfers, swaps, cards, banking, verifications, aml, contacts) with their dimensions (country, currency, method, stat… - [Complete two-step login](https://docs.cbpayapp.com/api-reference/authentication/complete-two-step-login.md): Exchanges the `pending_token` from `POST /v1/auth/login` plus the OTP code received over SMS/WhatsApp for the real session token. The pending token expires after 10 minutes and can never call the API by itself. - [Exchange a handoff token for a test session](https://docs.cbpayapp.com/api-reference/authentication/exchange-a-handoff-token-for-a-test-session.md): Test environment only (live always answers 404). Exchanges the single-use token issued by `POST /v1/auth/environment-handoff` in live for a session of the test environment. If the account does not exist in test yet, its mirror is provisioned automatically — the test mode always exists for every user… - [Get a test-mode handoff token](https://docs.cbpayapp.com/api-reference/authentication/get-a-test-mode-handoff-token.md): Issues a single-use token (60-second TTL) that moves the CURRENT member session to the test environment — this is what powers the dashboard's one-click test/live switch, with no second login and no new OTP challenge. Only the live environment issues handoffs, and only member sessions (JWT) can reque… - [Log in](https://docs.cbpayapp.com/api-reference/authentication/log-in.md) - [Refresh the session](https://docs.cbpayapp.com/api-reference/authentication/refresh-the-session.md): Exchanges a single-use refresh token (`rt_…`, issued with every login) for a fresh access token + refresh token pair without asking for credentials again. Strict rotation: the previous access token of that device is revoked on exchange, and presenting an already-exchanged refresh token revokes the d… - [Register an account](https://docs.cbpayapp.com/api-reference/authentication/register-an-account.md): Creates a person or company account with its owner login member and returns a session token. One endpoint for both types: `type` is data. - [Request a password reset code](https://docs.cbpayapp.com/api-reference/authentication/request-a-password-reset-code.md): Sends a reset code to the member's email (default) or to their verified phone (`channel:"sms"`). Always returns 200 with the same body regardless of whether the account exists — this prevents account enumeration. Complete the reset with `POST /v1/auth/password/reset`. - [Reset the password with a code](https://docs.cbpayapp.com/api-reference/authentication/reset-the-password-with-a-code.md): Validates the code sent by `forgot` and sets a new password. All existing sessions are revoked. A single generic error (`invalid_code`) covers unknown org/member/code so nothing about account existence leaks. - [Account statement (JSON, PDF or Excel)](https://docs.cbpayapp.com/api-reference/balances/account-statement-json-pdf-or-excel.md): Consolidates every movement of the period — payouts, payins, crypto deposits and withdrawals, internal transfers and service charges — into one auditable statement with an exact reconciliation: opening_balance + total_in − total_out = closing_balance, verified against the ledger (`balanced`). The su… - [Get balance history](https://docs.cbpayapp.com/api-reference/balances/get-balance-history.md): Daily evolution of the account's balances for dashboard charts: one series per asset (the closing available balance of each day, carried forward on days without movements) plus an aggregated USD series that values BTC/GOLD at each day's historical reference price. Includes the period's total inflows… - [Get balances](https://docs.cbpayapp.com/api-reference/balances/get-balances.md): The four independent virtual balances of the calling account (USDT — the operating currency —, USDC, BTC and GOLD in grams of fine gold). Every supported asset is always present, with zeros if the account has not used that currency yet. If the account uses Banking, its BANK_USD/BANK_EUR mirror balan… - [Get FX rate history](https://docs.cbpayapp.com/api-reference/balances/get-fx-rate-history.md): Time series of the FX rates that apply to the calling account, for rate-evolution charts. Each point carries the same rates you would get operating at that time — `rate` (payout side) and `payin_rate` (deposit side) — and every country block includes `first`, `last` and the signed `change_pct` betwe… - [Get my FX rates and fees](https://docs.cbpayapp.com/api-reference/balances/get-my-fx-rates-and-fees.md): Returns the exchange rates that apply to the calling account for each country — the same rates used when operations execute (`local_amount / rate = USDT`) — plus the account's **effective** fee configuration — org defaults already resolved against your account's overrides — so clients can compute th… - [List movements](https://docs.cbpayapp.com/api-reference/balances/list-movements.md): Immutable ledger history of the calling account. - [Bank payment status changed](https://docs.cbpayapp.com/api-reference/bank-payment-status-changed.md): Fires when a bank payment reaches a new state (processing, completed, failed). - [Banking profile verification changed](https://docs.cbpayapp.com/api-reference/banking-profile-verification-changed.md): Fires when the banking profile verification state changes (submitted, under_review, approved, rejected). - [Add an account to a beneficiary](https://docs.cbpayapp.com/api-reference/banking/add-an-account-to-a-beneficiary.md) - [Create my banking profile](https://docs.cbpayapp.com/api-reference/banking/create-my-banking-profile.md): Opens the account's banking profile (once per account). Omitted `type`/`name`/`email` autofill from the CBPay account. Billed as the fixed `banking_customer` fee from the USDT balance; refunded if the corridor rejects. - [Get a bank account balance](https://docs.cbpayapp.com/api-reference/banking/get-a-bank-account-balance.md) - [Get a bank payment](https://docs.cbpayapp.com/api-reference/banking/get-a-bank-payment.md) - [Get a third-party banking user (live KYC status)](https://docs.cbpayapp.com/api-reference/banking/get-a-third-party-banking-user-live-kyc-status.md) - [Get my banking profile](https://docs.cbpayapp.com/api-reference/banking/get-my-banking-profile.md): Returns the account's banking profile with its live verification status. - [List my bank accounts](https://docs.cbpayapp.com/api-reference/banking/list-my-bank-accounts.md) - [List my bank payments](https://docs.cbpayapp.com/api-reference/banking/list-my-bank-payments.md) - [List my beneficiaries](https://docs.cbpayapp.com/api-reference/banking/list-my-beneficiaries.md) - [List the third party's bank accounts](https://docs.cbpayapp.com/api-reference/banking/list-the-third-partys-bank-accounts.md) - [List third-party banking users](https://docs.cbpayapp.com/api-reference/banking/list-third-party-banking-users.md) - [Open a bank account](https://docs.cbpayapp.com/api-reference/banking/open-a-bank-account.md): Opens a bank account for the approved profile (one per currency as enabled). Billed as the fixed `banking_account` fee; refunded if the corridor rejects. `data` carries the receiving details (account number/IBAN, routing, bank). - [Open a bank account for the third party](https://docs.cbpayapp.com/api-reference/banking/open-a-bank-account-for-the-third-party.md) - [Quote a bank payment](https://docs.cbpayapp.com/api-reference/banking/quote-a-bank-payment.md): Validates and quotes an operation (fees, balances) without moving money. Free. - [Register a beneficiary](https://docs.cbpayapp.com/api-reference/banking/register-a-beneficiary.md): Registers a third-party beneficiary with its banking details. Free; the beneficiary account goes through moderation before it can receive WITHDRAW payments. - [Register a third-party banking user (companies only)](https://docs.cbpayapp.com/api-reference/banking/register-a-third-party-banking-user-companies-only.md): Company accounts register end clients as separate banking users with accounts in their name. Requires the verification_id of an APPROVED KYC/KYB verification of the third party: the type comes from the verification kind (KYC = INDIVIDUAL, KYB = COMPANY), identity data auto-fills from the verified pr… - [Send a bank payment](https://docs.cbpayapp.com/api-reference/banking/send-a-bank-payment.md): Executes a TRANSFER (between your own bank accounts) or WITHDRAW (to a registered beneficiary). Requires an idempotency key; retries with the same key return the original operation without re-charging. Billed as the fixed `banking_operation` fee; refunded if the corridor rejects. The final state arr… - [Submit my profile for review](https://docs.cbpayapp.com/api-reference/banking/submit-my-profile-for-review.md): Sends the banking profile to verification. Free. Track progress via GET /v1/banking/customer or the banking_customer_status_changed webhook. - [Submit the third party to verification (free)](https://docs.cbpayapp.com/api-reference/banking/submit-the-third-party-to-verification-free.md) - [Third party's bank account balance](https://docs.cbpayapp.com/api-reference/banking/third-partys-bank-account-balance.md) - [Upload a KYC document for the third party (free)](https://docs.cbpayapp.com/api-reference/banking/upload-a-kyc-document-for-the-third-party-free.md) - [Upload a verification document](https://docs.cbpayapp.com/api-reference/banking/upload-a-verification-document.md): Uploads one KYC document (base64) to the banking profile. Free of charge. - [Card status changed](https://docs.cbpayapp.com/api-reference/card-status-changed.md): Fires when a card changes state (active, frozen, cancelled), including automatic freezes when the monthly fee cannot be charged. - [Card transaction](https://docs.cbpayapp.com/api-reference/card-transaction.md): Fires on every card transaction lifecycle change: authorized (real-time hold), reversed (funds returned) and settled adjustments. Same signature headers as every delivery. - [Activate a physical card](https://docs.cbpayapp.com/api-reference/cards/activate-a-physical-card.md): Confirms the holder received the physical card. Only cards in `pending_activation`. - [Business activity catalog](https://docs.cbpayapp.com/api-reference/cards/business-activity-catalog.md): Official issuer economic-activity codes (for `kind_of_business` when creating a company cardholder). Search with `q`. Use the `code` value; a free-text value is rejected with 400 invalid_kind_of_business. - [Cancel a card](https://docs.cbpayapp.com/api-reference/cards/cancel-a-card.md): Cancels the card permanently (irreversible). Bills the `card_cancellation` fee when configured (0 = free); refunded if the cancellation fails upstream. - [Create a card](https://docs.cbpayapp.com/api-reference/cards/create-a-card.md): Issues a card (virtual or physical) that spends Just-In-Time from the account's central balance in the card's spending asset (`spending_asset`: USDT/USDC 1:1 with the USD, or BTC/GOLD converted at the price of the moment of each event; USDT by default) — no prefunding: every purchase is authorized i… - [Get a card](https://docs.cbpayapp.com/api-reference/cards/get-a-card.md) - [List card transactions](https://docs.cbpayapp.com/api-reference/cards/list-card-transactions.md): Purchases and their lifecycle: `authorized` (real-time hold), `settled` (confirmed at clearing), `reversed` (annulled, funds returned to the same balance) and `declined` (with the reason: insufficient_funds, card_limit_exceeded, card_frozen...). `spend_asset` / `spend_amount` show which balance the… - [List cards](https://docs.cbpayapp.com/api-reference/cards/list-cards.md): Account credentials list the account's cards; org admin credentials list every card in the organization (filter with `account_id`). - [Occupation catalog](https://docs.cbpayapp.com/api-reference/cards/occupation-catalog.md): Official issuer occupation codes (for the `occupation` field when designating a person cardholder). Search with `q` (matches code or label). Use the `code` value; a free-text occupation is rejected with 400 invalid_occupation. - [Reveal PAN and CVV](https://docs.cbpayapp.com/api-reference/cards/reveal-pan-and-cvv.md): Returns the card's sensitive data (PAN, CVV, expiration) as a one-time pass-through for display to the holder. Only the owning account can call it (never the org admin). **Never store or log this response** — the platform does not persist it either (PCI). - [Update limits, spending asset or freeze/unfreeze](https://docs.cbpayapp.com/api-reference/cards/update-limits-spending-asset-or-freezeunfreeze.md): Updates the card's spending limits (send "0" to remove a limit), changes the balance it spends from (`spending_asset`, future purchases only) and freezes or unfreezes it. Frozen cards decline every authorization instantly. - [Add a destination to a contact](https://docs.cbpayapp.com/api-reference/contacts/add-a-destination-to-a-contact.md): Saves a reusable destination manually: `payout` (country + method + beneficiary), `crypto` (chain + address) or `cbpay` (requires the contact to be linked). Destinations are deduplicated: repeating one refreshes its last use. - [Create a contact](https://docs.cbpayapp.com/api-reference/contacts/create-a-contact.md): Adds a contact manually. The phone is normalized to E.164 (local numbers use your account's country) and matched against accounts of your operator to fill `has_cbpay`. - [Delete a contact](https://docs.cbpayapp.com/api-reference/contacts/delete-a-contact.md): Deletes the contact and its saved destinations. - [Delete a saved destination](https://docs.cbpayapp.com/api-reference/contacts/delete-a-saved-destination.md) - [Get a contact](https://docs.cbpayapp.com/api-reference/contacts/get-a-contact.md): The contact plus its saved destinations (CBPay account, payout beneficiaries per corridor, on-chain addresses). - [Import the phone address book](https://docs.cbpayapp.com/api-reference/contacts/import-the-phone-address-book.md): Uploads up to 1,000 contacts per request (paginate beyond that). Phones are normalized to E.164; existing contacts are never duplicated; `has_cbpay` tells you which contacts already have an active account of your same operator (match by phone). - [List contacts](https://docs.cbpayapp.com/api-reference/contacts/list-contacts.md): Your account's private contact book, ordered by favorites and last use. Contacts are created automatically by every send (transfer, payout, crypto withdrawal), by manual CRUD or by importing the phone's address book. - [Update a contact](https://docs.cbpayapp.com/api-reference/contacts/update-a-contact.md): Partial update (name, alias, phone, email, favorite). Changing the phone re-runs the CBPay match. - [Crypto deposit credited](https://docs.cbpayapp.com/api-reference/crypto-deposit-credited.md): An on-chain deposit was confirmed and credited (net of the funding fee) to the balance of the wallet's asset (`USDT` or `USDC`). - [Crypto deposit credited with a risk alert](https://docs.cbpayapp.com/api-reference/crypto-deposit-credited-with-a-risk-alert.md): An incoming deposit was credited normally, but the sender address shows high risk. Informational — no action is required on the funds. - [Crypto deposit held for compliance review](https://docs.cbpayapp.com/api-reference/crypto-deposit-held-for-compliance-review.md): An incoming on-chain deposit was NOT credited because the sender address shows severe risk (sanctions / direct illicit funds). The operator's compliance team reviews the hold and releases (credits) or rejects it. - [Crypto withdrawal status changed](https://docs.cbpayapp.com/api-reference/crypto-withdrawal-status-changed.md): An on-chain withdrawal reached a new state. - [Create an on-chain withdrawal](https://docs.cbpayapp.com/api-reference/crypto/create-an-on-chain-withdrawal.md): Sends USDT, USDC or BTC on-chain from its own balance. Supported pairs: `tron`/`USDT`, `eth`/`USDT`, `eth`/`USDC`, `btc`/`BTC` (GOLD has no on-chain rail). `amount + withdrawal fee` is debited atomically and held; final state arrives via the `crypto_withdrawal_status_changed` webhook. `failed` refun… - [Get a withdrawal](https://docs.cbpayapp.com/api-reference/crypto/get-a-withdrawal.md) - [List my wallets](https://docs.cbpayapp.com/api-reference/crypto/list-my-wallets.md): Returns every wallet of the calling account, oldest first. - [List on-chain activity](https://docs.cbpayapp.com/api-reference/crypto/list-on-chain-activity.md): Funding credits and withdrawals of the calling account. - [Restore a missing deposit wallet](https://docs.cbpayapp.com/api-reference/crypto/restore-a-missing-deposit-wallet.md): Every account — person and company — holds exactly **one deposit wallet per supported pair** (`tron`/`usdt`, `eth`/`usdt`, `eth`/`usdc`, `btc`/`btc`), provisioned automatically and free of charge on registration. Deposit wallets only **receive** crypto that credits the account's virtual balance: the… - [External movement on a segregated wallet](https://docs.cbpayapp.com/api-reference/external-movement-on-a-segregated-wallet.md): The activity sync detected an on-chain movement of a segregated wallet that did not go through the platform (expected under client custody, e.g. after importing or exporting the key). The wallet's activity record stays complete either way. - [Kyb document ocr finished](https://docs.cbpayapp.com/api-reference/kyb-document-ocr-finished.md): Fires when the OCR validation of a KYB document finishes. - [Kyb link completed](https://docs.cbpayapp.com/api-reference/kyb-link-completed.md): Fires when your customer completes a hosted KYB link; the submission is created. - [Kyb verification status changed](https://docs.cbpayapp.com/api-reference/kyb-verification-status-changed.md): Fires on every KYB submission lifecycle change, including AML/risk/report signals from the review. - [Kyc document ocr finished](https://docs.cbpayapp.com/api-reference/kyc-document-ocr-finished.md): Fires when the OCR validation of a document uploaded through the API finishes. - [Confirm a KYB document upload](https://docs.cbpayapp.com/api-reference/kyc-kyb/confirm-a-kyb-document-upload.md) - [Confirm a KYC document upload](https://docs.cbpayapp.com/api-reference/kyc-kyb/confirm-a-kyc-document-upload.md): Step 3 of the document flow. Attaches the uploaded file to the submission and queues its OCR validation; the result arrives via the kyc_document_validated webhook. - [Create a KYB link for a customer](https://docs.cbpayapp.com/api-reference/kyc-kyb/create-a-kyb-link-for-a-customer.md): Company accounts only: generates a hosted KYB link for one of YOUR end customers (businesses). Bills the fixed `kyb_verification` fee when configured (refunded if creation fails); `idempotency_key` is required. `country` picks the wizard corridor: us, cl, ve, br, mx, co, pe, bo, py, ar or generic (s… - [Create a KYB submission with API data](https://docs.cbpayapp.com/api-reference/kyc-kyb/create-a-kyb-submission-with-api-data.md): Company accounts only: verifies one of YOUR end customers (a business) sending the data directly. Body: external_customer_id, country?, business (the company fields), ubos?, directors?, signers?, bank_info?, metadata?. Bills the fixed `kyb_verification` fee; `idempotency_key` required. Re-sending wh… - [Create a KYC link for a customer](https://docs.cbpayapp.com/api-reference/kyc-kyb/create-a-kyc-link-for-a-customer.md): Company accounts only: generates a hosted KYC link for one of YOUR end customers. The wizard covers form, documents and video liveness. Bills the fixed `kyc_verification` fee when configured (refunded if creation fails); `idempotency_key` is required — a retry with the same key returns the original… - [Create a KYC submission with API data](https://docs.cbpayapp.com/api-reference/kyc-kyb/create-a-kyc-submission-with-api-data.md): Company accounts only: verifies one of YOUR end customers sending the data directly (no wizard). Countries in ISO alpha-3, dates YYYY-MM-DD, id_type passport | id_card | drivers_license. Documents are optional at creation (upload them via the presign flow); no liveness is required at creation — the… - [Create a liveness link](https://docs.cbpayapp.com/api-reference/kyc-kyb/create-a-liveness-link.md): Hosted page where your customer completes ONLY the video liveness check (camera gestures + server-side face match against the uploaded identity document). Free — the service was billed when the submission was created. If an open link exists the same one is returned; if the check already passed, 400… - [Download the signed compliance report (PDF)](https://docs.cbpayapp.com/api-reference/kyc-kyb/download-the-signed-compliance-report-pdf.md): Signed compliance report of a KYB verification — evidence for your own auditors. Free (the service was billed when the verification was created). - [Get a KYB link](https://docs.cbpayapp.com/api-reference/kyc-kyb/get-a-kyb-link.md) - [Get a KYB submission](https://docs.cbpayapp.com/api-reference/kyc-kyb/get-a-kyb-submission.md): Aggregated state: status, risk_band, pending_documents, rejection_reason, changes_requested_comments and aml_decision. - [Get a KYC link](https://docs.cbpayapp.com/api-reference/kyc-kyb/get-a-kyc-link.md) - [Get a KYC submission](https://docs.cbpayapp.com/api-reference/kyc-kyb/get-a-kyc-submission.md): Aggregated state without internal sensitive data: status, risk_band, pending_documents (documents compliance requested), rejection_reason, changes_requested_comments, liveness_pending and documents_received. - [Get the liveness link and check state](https://docs.cbpayapp.com/api-reference/kyc-kyb/get-the-liveness-link-and-check-state.md) - [List KYB document OCR results](https://docs.cbpayapp.com/api-reference/kyc-kyb/list-kyb-document-ocr-results.md) - [List KYB links](https://docs.cbpayapp.com/api-reference/kyc-kyb/list-kyb-links.md) - [List KYB submissions](https://docs.cbpayapp.com/api-reference/kyc-kyb/list-kyb-submissions.md) - [List KYC document OCR results](https://docs.cbpayapp.com/api-reference/kyc-kyb/list-kyc-document-ocr-results.md) - [List KYC links](https://docs.cbpayapp.com/api-reference/kyc-kyb/list-kyc-links.md) - [List KYC submissions](https://docs.cbpayapp.com/api-reference/kyc-kyb/list-kyc-submissions.md) - [My onboarding verification state](https://docs.cbpayapp.com/api-reference/kyc-kyb/my-onboarding-verification-state.md): Effective verification state of the calling account — `kyc_status`, the required kind (kyc for persons, kyb for companies) plus the latest self-onboarding link and submission. - [Presign a KYB document upload](https://docs.cbpayapp.com/api-reference/kyc-kyb/presign-a-kyb-document-upload.md): Same 3-step flow as KYC documents. Categories: legalPresence, ownershipStructure, controlStructure, companyDetails. - [Presign a KYC document upload](https://docs.cbpayapp.com/api-reference/kyc-kyb/presign-a-kyc-document-upload.md): Step 1 of the document flow: returns a temporary upload URL. Then PUT the binary to upload_url with the same Content-Type (step 2) and confirm (step 3). Categories: identity, proofOfResidence. Types: application/pdf, image/png, image/jpeg; 15 MB max; the URL expires in 15 minutes. - [Request my onboarding verification link](https://docs.cbpayapp.com/api-reference/kyc-kyb/request-my-onboarding-verification-link.md): Returns the account's own identity-verification link (person accounts get a KYC link, company accounts a KYB link — derived from the account type). The hosted wizard covers the full flow: form, document uploads and video liveness. Free. If an open link already exists it is returned with 200; an alre… - [Kyc link completed](https://docs.cbpayapp.com/api-reference/kyc-link-completed.md): Fires when your customer completes a hosted KYC link; the submission is created. - [Kyc verification status changed](https://docs.cbpayapp.com/api-reference/kyc-verification-status-changed.md): Fires on every KYC submission lifecycle change (submitted, in_review, changes_requested, more_info_required, escalated, approved, approved_partial, rejected). Your own onboarding arrives with self_onboarding: true. - [Liveness check completed](https://docs.cbpayapp.com/api-reference/liveness-check-completed.md): Fires when the video liveness check is completed from a liveness link. - [Begin passkey registration](https://docs.cbpayapp.com/api-reference/passkeys/begin-passkey-registration.md): Starts a WebAuthn registration ceremony. Requires the current password (if the member has one) — a new sign-in factor is never added from a stolen session. Pass `options.publicKey` to `navigator.credentials.create()`. - [Begin passwordless passkey login](https://docs.cbpayapp.com/api-reference/passkeys/begin-passwordless-passkey-login.md): Starts a WebAuthn discoverable login ceremony. Pass the returned `options.publicKey` to `navigator.credentials.get()` and send the result to `finish`. The challenge is single-use and expires in 2 minutes. - [Confirm and activate the authenticator app](https://docs.cbpayapp.com/api-reference/passkeys/confirm-and-activate-the-authenticator-app.md): Activates TOTP with the first valid code and returns 10 one-time backup codes (shown only once). - [Finish passkey registration](https://docs.cbpayapp.com/api-reference/passkeys/finish-passkey-registration.md): Validates the attestation and stores the passkey under a friendly name. - [Finish passwordless passkey login](https://docs.cbpayapp.com/api-reference/passkeys/finish-passwordless-passkey-login.md): Validates the authenticator assertion and issues a session. A passkey is already two factors (device + biometrics), so this login does not go through the login OTP. - [List my passkeys](https://docs.cbpayapp.com/api-reference/passkeys/list-my-passkeys.md) - [My authenticator app status](https://docs.cbpayapp.com/api-reference/passkeys/my-authenticator-app-status.md): Whether an authenticator app (TOTP) is active and how many backup codes remain. - [Regenerate backup codes](https://docs.cbpayapp.com/api-reference/passkeys/regenerate-backup-codes.md): Issues a fresh set of backup codes and invalidates the previous ones. Requires a valid authenticator or backup code. - [Remove a passkey](https://docs.cbpayapp.com/api-reference/passkeys/remove-a-passkey.md): Removes a passkey. Requires the current password (if the member has one) and is blocked if it is the only sign-in method left. - [Remove my authenticator app](https://docs.cbpayapp.com/api-reference/passkeys/remove-my-authenticator-app.md): Disables TOTP. Requires a valid authenticator (or backup) code and respects the org floor — if the organization mandates the authenticator app it cannot be removed. - [Start authenticator app enrollment](https://docs.cbpayapp.com/api-reference/passkeys/start-authenticator-app-enrollment.md): Generates a TOTP secret and returns the `otpauth://` URI plus a QR PNG to scan in Google Authenticator / Authy. Requires the current password (if the member has one). Confirm with `POST /v1/me/totp/confirm`. - [Payin credited](https://docs.cbpayapp.com/api-reference/payin-credited.md): A fiat collection was received and credited to the account in USDT. For universal checkout links (`kind: checkout`) the payload also carries `settled_via` (e.g. `qr`, `crypto:tron:usdt`, `cbpay`), `settlement_asset` and `asset_amount`; crypto payments add `crypto_amount` and CBPay app payments add `… - [Payin expired](https://docs.cbpayapp.com/api-reference/payin-expired.md): An active collection (QR or hosted checkout) reached a final state without receiving the payment: the payin moves from `pending` to `expired` (or `failed`). No funds move; create a new payin to retry the charge. - [Active collection (pull)](https://docs.cbpayapp.com/api-reference/payins/active-collection-pull.md): Charges the payer directly in corridors that support pull collections (e.g. Venezuela `c2p` / `debito_inmediato`). Synchronous: if the charge is approved the deposit converts at your current `payin_rate` and is credited in the same call, net of the payin fee. If the payer declines, `paid` is false,… - [Create a dedicated deposit account](https://docs.cbpayapp.com/api-reference/payins/create-a-dedicated-deposit-account.md): Provisions a fixed deposit destination bound to your account in corridors that support it (e.g. a Mexican CLABE). Every transfer arriving to it is credited automatically, net of the payin fee. Creation is free. - [Create a payin (top-up charge)](https://docs.cbpayapp.com/api-reference/payins/create-a-payin-top-up-charge.md): Creates a fiat top-up. With `method: "qr"` (default) an active QR charge is generated through the processor — in Bolivia the local interoperable QR, in Brazil a dynamic PIX QR whose `charge` carries the QR image and the "copia e cola" payload. With `method: "bank_transfer"` the deposit is announced… - [Execute a pull collection with the payer's data (public)](https://docs.cbpayapp.com/api-reference/payins/execute-a-pull-collection-with-the-payers-data-public.md): Runs the pull charge of a materialized collect option (`c2p` / `debito_inmediato`) with the data the payer typed on the checkout page — bank, document, phone or account, and the OTP (generated in the payer's banking app for C2P, or requested via `POST /pay/{token}/collect/otp` for immediate debit, s… - [Get a payin](https://docs.cbpayapp.com/api-reference/payins/get-a-payin.md) - [List my deposit accounts](https://docs.cbpayapp.com/api-reference/payins/list-my-deposit-accounts.md): Lists the dedicated deposit destinations bound to the calling account. - [List payin methods](https://docs.cbpayapp.com/api-reference/payins/list-payin-methods.md) - [List payins](https://docs.cbpayapp.com/api-reference/payins/list-payins.md) - [Materialize a checkout payment option (public)](https://docs.cbpayapp.com/api-reference/payins/materialize-a-checkout-payment-option-public.md): Creates (lazily) the payment option the payer picked on a universal checkout link and returns its instructions — the payment URL for card/hosted methods, the QR for QR methods, the announce reference for bank transfers, or an exclusive crypto deposit address with the exact quoted amount plus a scann… - [Quote a checkout link before choosing (public)](https://docs.cbpayapp.com/api-reference/payins/quote-a-checkout-link-before-choosing-public.md): Indicative quotes for a universal checkout link BEFORE materializing — the catalog of countries with live fiat methods (card excluded — see `cards`), the card options listed separately per country+currency in `cards[]` with the quoted due amount (a corridor may accept several charge currencies, e.g.… - [Request a collection OTP](https://docs.cbpayapp.com/api-reference/payins/request-a-collection-otp.md): Requests the one-time password some pull methods need before the charge (e.g. immediate debit). Free of charge. - [Request the OTP of a pull collection (public)](https://docs.cbpayapp.com/api-reference/payins/request-the-otp-of-a-pull-collection-public.md): For pull methods whose rail sends the payer a one-time key on demand (`requires_otp_request: true` in the materialization, e.g. Venezuela immediate debit). Triggers the OTP delivery to the payer and returns the `otp_reference` that must accompany the final `POST /pay/{token}/collect`. The pull optio… - [Universal checkout page (public)](https://docs.cbpayapp.com/api-reference/payins/universal-checkout-page-public.md): Public branded HTML page behind the `checkout_url` returned by `POST /v1/payins` with `method: "checkout"`. The payer opens it without credentials, picks a country and fiat method, a crypto option (deposit address with scannable QR) or pays directly from the CBPay app (merchant QR + alias always vis… - [Universal checkout state (public)](https://docs.cbpayapp.com/api-reference/payins/universal-checkout-state-public.md): JSON state of a universal checkout link — for the page's own polling and for integrators rendering their own payment front end over the same link. Shows the status, the settlement asset and amount, the winning method once paid, the frozen fiat materializations (`fiat_methods`), the live progress of… - [Payout status changed](https://docs.cbpayapp.com/api-reference/payout-status-changed.md): A payout reached a new state (processing, completed or failed). - [Confirm a QR payout (Bolivia, Brazil)](https://docs.cbpayapp.com/api-reference/payouts/confirm-a-qr-payout-bolivia-brazil.md): Step 2 of the QR payout (Bolivia and Brazil/PIX), charged exactly like a regular payout: the local amount converts at **your account's rate** and `usdt_amount + fixed fee` is debited. The result is **synchronous** — the response carries the final state (`completed`, or `failed` with an automatic ref… - [Create a payout](https://docs.cbpayapp.com/api-reference/payouts/create-a-payout.md): Disperses fiat to a local bank account. The local amount converts to USDT at **your account's rate** (the same one returned by `GET /v1/rates`); `usdt_amount` plus the fixed fee (when configured) is debited and held until the dispersal completes. If it fails, the full debit is refunded. - [Get a payout](https://docs.cbpayapp.com/api-reference/payouts/get-a-payout.md) - [List destination banks](https://docs.cbpayapp.com/api-reference/payouts/list-destination-banks.md): Bank catalog for a country's payouts. Without `method` it returns the union of every payout method's banks for the country (deduplicated by code); pass `method` to get a single channel's catalog. Some methods have no bank catalog (e.g. QR) and contribute no entries. - [List payout methods](https://docs.cbpayapp.com/api-reference/payouts/list-payout-methods.md): Available payout corridors (country, currency, method) offered by CBPay. Pass-through of the processing core catalog. - [List payouts](https://docs.cbpayapp.com/api-reference/payouts/list-payouts.md): Returns the payouts of the calling account. - [Scan a payout QR (Bolivia, Brazil)](https://docs.cbpayapp.com/api-reference/payouts/scan-a-payout-qr-bolivia-brazil.md): Step 1 of the QR payout — Bolivia (local interoperable QR) and Brazil (PIX QR, including the "copia e cola" code): reads a collection QR and returns the recipient's data plus the `provider_reference` needed to confirm. **Free of charge** — nothing is debited until the confirm step. Defaults to Boliv… - [Create a POS charge (crypto QR with amount)](https://docs.cbpayapp.com/api-reference/qr-crypto-pos/create-a-pos-charge-crypto-qr-with-amount.md): Creates an amount-bearing crypto QR charge for a merchant. Same contract as the universal checkout link: amount + settlement_asset (account default when omitted); the due the customer pays is quoted in the QR's crypto at creation (the payer covers any conversion — you receive your exact target). The… - [Get a POS charge (POS polling)](https://docs.cbpayapp.com/api-reference/qr-crypto-pos/get-a-pos-charge-pos-polling.md): Charge detail for the POS polling loop. While pending, if an on-chain deposit is already detected but not yet confirmed, the response adds confirming:true + detected_amount (UX signal only — credit happens on confirmation). Partial payments accumulate in received; late payments into an expired charg… - [Get a POS merchant](https://docs.cbpayapp.com/api-reference/qr-crypto-pos/get-a-pos-merchant.md): Merchant detail. Only the owning account (or the org admin) can read it. - [List POS charges](https://docs.cbpayapp.com/api-reference/qr-crypto-pos/list-pos-charges.md): Charges of the account with merchant_id/status filters and a mandatory date range — the per-client reconciliation view. - [List POS merchants](https://docs.cbpayapp.com/api-reference/qr-crypto-pos/list-pos-merchants.md): Paginated list of the merchants registered by the account (processor). - [List the refunds of a POS charge](https://docs.cbpayapp.com/api-reference/qr-crypto-pos/list-the-refunds-of-a-pos-charge.md): Refunds of the charge; each status follows its withdrawal lifecycle (a failed withdrawal refunds the debit and releases the cap). - [POS reconciliation summary per merchant](https://docs.cbpayapp.com/api-reference/qr-crypto-pos/pos-reconciliation-summary-per-merchant.md): Per-merchant aggregate over a date range: charge counts, gross collected (target of paid charges), the processor's informative commission, refunded totals and the net to distribute to each merchant. - [Refund a POS charge](https://docs.cbpayapp.com/api-reference/qr-crypto-pos/refund-a-pos-charge.md): Returns (part of) what the charge received to the payer as a regular crypto withdrawal from the account balance (hold, withdrawal fee and every compliance control of the rail). to_address is always explicit — never auto-refunded to the deposit origin. Hard cap: the sum of refunds can never exceed wh… - [Register a POS merchant](https://docs.cbpayapp.com/api-reference/qr-crypto-pos/register-a-pos-merchant.md): Registers a merchant (restaurant, hotel, store) bound to an APPROVED third-party KYC/KYB verification — the identity comes from the verification. fee_percent/fee_fixed are the processor's informative commission to the merchant (computed per paid charge and in the summary; never charged by the platfo… - [Update a POS merchant](https://docs.cbpayapp.com/api-reference/qr-crypto-pos/update-a-pos-merchant.md): Updates status (active/disabled — a disabled merchant cannot generate new charges), the informative commission and the external reference. Identity is never edited: it comes from the verification. - [Download the banking operation receipt (PDF)](https://docs.cbpayapp.com/api-reference/receipts/download-the-banking-operation-receipt-pdf.md): Branded PDF receipt of a banking operation (amount, currency, counterparty, status) with the signed verification QR. Available for operations created after the traceability mirror went live. - [Download the card purchase receipt (PDF)](https://docs.cbpayapp.com/api-reference/receipts/download-the-card-purchase-receipt-pdf.md): Branded PDF receipt of a card transaction, with the merchant, USD amount, debited balance and the signed verification QR. - [Download the crypto deposit receipt (PDF)](https://docs.cbpayapp.com/api-reference/receipts/download-the-crypto-deposit-receipt-pdf.md): Branded PDF receipt of a credited on-chain deposit. The `depositID` is the `deposit_id` field returned by `GET /v1/crypto/transactions`. - [Download the crypto withdrawal receipt (PDF)](https://docs.cbpayapp.com/api-reference/receipts/download-the-crypto-withdrawal-receipt-pdf.md): Branded PDF receipt of the on-chain withdrawal, with the network, destination address, tx hash and the signed verification QR. - [Download the payin receipt (PDF)](https://docs.cbpayapp.com/api-reference/receipts/download-the-payin-receipt-pdf.md): Branded PDF receipt of the collection, with the reference, amounts, status badge and the signed verification QR. Non-final states carry a diagonal watermark. - [Download the payout receipt (PDF)](https://docs.cbpayapp.com/api-reference/receipts/download-the-payout-receipt-pdf.md): Branded PDF receipt of the payout, with the beneficiary data, amounts, status badge and the signed verification QR. Non-final states carry a diagonal watermark. Only the payout's owner (or the org admin) can download it. - [Download the segregated wallet deposit receipt (PDF)](https://docs.cbpayapp.com/api-reference/receipts/download-the-segregated-wallet-deposit-receipt-pdf.md): Branded PDF receipt of an on-chain deposit received by a segregated wallet, with the network, origin address, tx hash and the signed verification QR. - [Download the segregated wallet send receipt (PDF)](https://docs.cbpayapp.com/api-reference/receipts/download-the-segregated-wallet-send-receipt-pdf.md): Branded PDF receipt of an on-chain send from a segregated wallet, with the network, destination address, tx hash and the signed verification QR. - [Download the swap receipt (PDF)](https://docs.cbpayapp.com/api-reference/receipts/download-the-swap-receipt-pdf.md): Branded PDF receipt of the balance conversion, with both legs, the applied rate and the signed verification QR. - [Download the transfer receipt (PDF)](https://docs.cbpayapp.com/api-reference/receipts/download-the-transfer-receipt-pdf.md): Branded PDF receipt of the internal transfer (both parties can download it; the counterparty is shown by display name). - [Verify a receipt's authenticity (public)](https://docs.cbpayapp.com/api-reference/receipts/verify-a-receipts-authenticity-public.md): Public endpoint (no credentials) behind the QR printed on every receipt. The code is cryptographically signed: a tampered or made-up one answers 404 with `valid: false`. The response shows the operation's REAL current status and amount — never the beneficiary's personal data. Browsers get a branded… - [Get an OTP challenge](https://docs.cbpayapp.com/api-reference/security-otp/get-an-otp-challenge.md) - [List my OTP challenges](https://docs.cbpayapp.com/api-reference/security-otp/list-my-otp-challenges.md) - [My 2FA preferences](https://docs.cbpayapp.com/api-reference/security-otp/my-2fa-preferences.md): Shows the effective 2FA policy for the account with, per action, whether it is locked by the organization (the org policy is the floor the account cannot go below). - [My OTP policy](https://docs.cbpayapp.com/api-reference/security-otp/my-otp-policy.md): Effective OTP policy for the calling account — whether the feature is enabled, which actions require a code and over which channel, plus the (masked) phone and its verification state. - [Request an OTP code](https://docs.cbpayapp.com/api-reference/security-otp/request-an-otp-code.md): Sends a one-time code to the account's phone over the channel configured for the action. Requires a user session (JWT) — API keys receive `403 session_required`. Hourly send limits apply. - [Update my 2FA preferences](https://docs.cbpayapp.com/api-reference/security-otp/update-my-2fa-preferences.md): Lets the account owner configure its own 2FA. You can always harden (enable actions, move to a stronger channel: totp > email > sms/whatsapp) but never go below the organization floor. Weakening (disabling an active action or lowering the channel) requires an `X-OTP-Token` for the `security_settings… - [Verify the code](https://docs.cbpayapp.com/api-reference/security-otp/verify-the-code.md): Validates the code received over SMS/WhatsApp and returns the single-use `otp_token` that authorizes the protected action (send it in the `X-OTP-Token` header). 5 attempts per challenge. - [Segregated wallet deposit received](https://docs.cbpayapp.com/api-reference/segregated-wallet-deposit-received.md): An on-chain deposit was confirmed at a segregated wallet. It does **not** touch the ledger (the balance lives on-chain in the wallet). - [Segregated wallet key exported](https://docs.cbpayapp.com/api-reference/segregated-wallet-key-exported.md): Security alert: the private key of a segregated wallet was exported (shared custody). The payload never includes the key. - [Segregated wallet send status changed](https://docs.cbpayapp.com/api-reference/segregated-wallet-send-status-changed.md): A send from a segregated wallet reached a new state (processing, completed or failed). - [Configure auto-forward](https://docs.cbpayapp.com/api-reference/segregated-wallets/configure-auto-forward.md): Forwards everything that arrives at the wallet to an address of yours. Redirects future funds, so it requires a verified account and OTP. - [Create a segregated wallet](https://docs.cbpayapp.com/api-reference/segregated-wallets/create-a-segregated-wallet.md): Creates a new on-chain wallet owned by the calling account. Its balance lives on-chain (never in the ledger) and it is exempt from the treasury sweep. Supported pairs: `tron`/`usdt`, `eth`/`usdt`, `eth`/`usdc`, `btc`/`btc`. Company accounts can create unlimited wallets; person accounts hold **1 per… - [Export the private key](https://docs.cbpayapp.com/api-reference/segregated-wallets/export-the-private-key.md): Returns the wallet's private key (shared custody: the wallet stays operational in the platform after export). The most sensitive operation of the product: requires a signed-in user session with 2FA (API keys rejected), a verified account and a `reason` of at least 20 characters kept in the audit tra… - [Get a segregated wallet](https://docs.cbpayapp.com/api-reference/segregated-wallets/get-a-segregated-wallet.md) - [Get a send](https://docs.cbpayapp.com/api-reference/segregated-wallets/get-a-send.md) - [Get the auto-forward rule](https://docs.cbpayapp.com/api-reference/segregated-wallets/get-the-auto-forward-rule.md) - [Get the live on-chain balance](https://docs.cbpayapp.com/api-reference/segregated-wallets/get-the-live-on-chain-balance.md): Returns the wallet's live on-chain balance, including native gas (TRX/ETH) so you can tell whether it can pay a network fee. - [Import an external wallet](https://docs.cbpayapp.com/api-reference/segregated-wallets/import-an-external-wallet.md): Imports a wallet you already control by providing its `private_key_hex`. The key travels only to the custodian and is **never stored or logged** in the platform. Requires a signed-in user session with 2FA (API keys are rejected with `human_session_required`), a verified account and OTP. Bills the `w… - [List my segregated wallets](https://docs.cbpayapp.com/api-reference/segregated-wallets/list-my-segregated-wallets.md): Lists the calling account's segregated wallets, newest first. - [List on-chain activity](https://docs.cbpayapp.com/api-reference/segregated-wallets/list-on-chain-activity.md): Full on-chain activity (deposits and sends) of the wallet. - [List on-chain deposits](https://docs.cbpayapp.com/api-reference/segregated-wallets/list-on-chain-deposits.md) - [List sends from the wallet](https://docs.cbpayapp.com/api-reference/segregated-wallets/list-sends-from-the-wallet.md) - [Send crypto from the wallet](https://docs.cbpayapp.com/api-reference/segregated-wallets/send-crypto-from-the-wallet.md): Sends crypto **from the wallet itself** (real source address, signed by the custodian). `idempotency_key` is required. Gas is on the client: if the wallet lacks native gas the send is rejected with `422 insufficient_gas` before any charge. May bill the `wallet_send` fee (from the account ledger sett… - [Link a provider to my account](https://docs.cbpayapp.com/api-reference/social-login/link-a-provider-to-my-account.md) - [List enabled social providers](https://docs.cbpayapp.com/api-reference/social-login/list-enabled-social-providers.md): Public. Returns the social providers enabled for the org and their `client_id`, so the front end can render the right buttons. - [List my linked providers](https://docs.cbpayapp.com/api-reference/social-login/list-my-linked-providers.md) - [Sign in or register with a social provider](https://docs.cbpayapp.com/api-reference/social-login/sign-in-or-register-with-a-social-provider.md): Token exchange. The front end obtains the provider credential (Google/Apple/Microsoft `id_token`, Facebook `access_token`) and posts it here. The API verifies it against the provider and returns the CBPay session — creating the account on first use. Respects the account's OTP-on-login policy (may re… - [Unlink a provider](https://docs.cbpayapp.com/api-reference/social-login/unlink-a-provider.md): Blocked with `409 last_login_method` if it is the only sign-in method (no password and no other linked provider). - [Service health](https://docs.cbpayapp.com/api-reference/status/service-health.md): Public liveness check of the API and its database. - [Suspected key compromise critical alarm](https://docs.cbpayapp.com/api-reference/suspected-key-compromise-critical-alarm.md): CRITICAL: funds left a platform-custody segregated wallet without going through the platform. By design this is impossible unless the private key leaked. Treat the key as compromised, move remaining funds to a new wallet and contact support immediately. - [Create a swap](https://docs.cbpayapp.com/api-reference/swaps/create-a-swap.md): Converts balance between two of your currencies, synchronously and atomically — your balance changes instantly and the money never leaves your account (no OTP). Volatile pairs (BTC/GOLD) share the per-operation and 24h volume limits with payouts and card purchases. Requires an idempotency key: repla… - [Get a swap](https://docs.cbpayapp.com/api-reference/swaps/get-a-swap.md) - [List swaps](https://docs.cbpayapp.com/api-reference/swaps/list-swaps.md) - [Quote a swap](https://docs.cbpayapp.com/api-reference/swaps/quote-a-swap.md): Free indicative quote to convert between your USDT, USDC, BTC and GOLD balances (any pair, source different from destination). The rate you see is your account's execution rate — quoted = received, no separate fees. Indicative: execution uses the price at the POST moment (stablecoin pairs are stable… - [Transfer received](https://docs.cbpayapp.com/api-reference/transfer-received.md): The account received an internal transfer. - [Create an internal transfer](https://docs.cbpayapp.com/api-reference/transfers/create-an-internal-transfer.md): Moves balance between two CBPay accounts, atomically and always free of charge — any combination works: person to person, person to company, company to person or company to company. Works with the four virtual balances (`USDT` default, `USDC`, `BTC`, `GOLD`) and always between balances of the **same… - [Get a transfer](https://docs.cbpayapp.com/api-reference/transfers/get-a-transfer.md): Returns one transfer; visible only to its two parties. - [List transfers](https://docs.cbpayapp.com/api-reference/transfers/list-transfers.md): Lists the account's transfers (sent and received), newest first. - [Get an address screening](https://docs.cbpayapp.com/api-reference/wallet-screening/get-an-address-screening.md): Detail of a screening, including the full stored assessment. An id that belongs to another account returns 404. - [List address screenings](https://docs.cbpayapp.com/api-reference/wallet-screening/list-address-screenings.md): History of the account's screenings, newest first. Requires the from/to date range; supports pagination and a risk filter. - [Screen a blockchain address](https://docs.cbpayapp.com/api-reference/wallet-screening/screen-a-blockchain-address.md): Assesses the AML risk of a blockchain address (sanctioned entity, illicit-fund exposure) against global on-chain intelligence and returns a normalized risk level (Low/Medium/High/Severe) with the full evidence. Network-agnostic: the address is evaluated across every supported chain at once; `chain`… - [Create a webhook subscription](https://docs.cbpayapp.com/api-reference/webhooks/create-a-webhook-subscription.md): Subscribes an HTTPS callback to the calling account's events. - [List webhook subscriptions](https://docs.cbpayapp.com/api-reference/webhooks/list-webhook-subscriptions.md): Lists the account's webhook subscriptions (the secret is never returned). - [Authentication and account](https://docs.cbpayapp.com/en/authentication.md): JWT sessions, API keys, your account profile and company members - [Changelog](https://docs.cbpayapp.com/en/changelog.md): History of API and documentation changes - [Fees](https://docs.cbpayapp.com/en/concepts/fees.md): How each service is charged and where to check your terms - [Idempotency](https://docs.cbpayapp.com/en/concepts/idempotency.md): Retry safely without duplicating operations - [Money model](https://docs.cbpayapp.com/en/concepts/money-model.md): Per-currency virtual balances, FX conversion, holds and the immutable ledger - [Movements and reconciliation](https://docs.cbpayapp.com/en/concepts/movements-reconciliation.md): The immutable ledger (GET /v1/movements), every entry type and how to reconcile against the statement and webhooks - [Persons and companies](https://docs.cbpayapp.com/en/concepts/persons-companies.md): The differences between the two account types, product by product, on a single page - [Enabled services](https://docs.cbpayapp.com/en/concepts/services.md): Which products your account has enabled and how to react to service_disabled - [Statuses and lifecycle](https://docs.cbpayapp.com/en/concepts/statuses.md): Every status of every product, which ones are final and what to do in each - [Environments and testing](https://docs.cbpayapp.com/en/environment-testing.md): Test mode and live mode: test base URL, pk_test_ keys, magic values to force every outcome, local webhooks and the go-live checklist - [Errors](https://docs.cbpayapp.com/en/errors.md): Error format and complete code catalog - [FAQ](https://docs.cbpayapp.com/en/faq.md): The typical integration questions, answered upfront - [Integration flows](https://docs.cbpayapp.com/en/flows.md): The five end-to-end flows of a typical integration, with step-by-step sequence diagrams - [AML screening](https://docs.cbpayapp.com/en/guides/aml.md): Screen persons and companies against sanctions, PEP and adverse media lists, with rescreening and continuous monitoring - [Your account summary (analytics)](https://docs.cbpayapp.com/en/guides/analytics.md): One endpoint with every series and statistic of your account to build your dashboard: volume, transactions, users, per-service sections, countries, spending and balances - [Banking](https://docs.cbpayapp.com/en/guides/banking.md): Real bank accounts for your account: receive, hold and send money over international banking rails - [Cards: virtual and physical](https://docs.cbpayapp.com/en/guides/cards.md): Issue cards that spend straight from any of the account's balances (USDT, USDC, BTC or GOLD), with per-card limits - [Contacts](https://docs.cbpayapp.com/en/guides/contacts.md): Contact book: fills itself with every send, imports the phone address book, discovers who has CBPay and enables sending money by phone number - [Crypto: wallets, deposits and withdrawals](https://docs.cbpayapp.com/en/guides/crypto.md): Create on-chain wallets, deposit, transfer and check movements - [KYC and KYB verification](https://docs.cbpayapp.com/en/guides/kyc.md): Identity verification with a hosted wizard: form, OCR-validated documents and video liveness — for your account and for your customers - [Payins](https://docs.cbpayapp.com/en/guides/payins.md): Collect in local currency and get credited in USDT - [Payouts](https://docs.cbpayapp.com/en/guides/payouts.md): Send fiat to local bank accounts, debited from your USDT balance - [Profile & security](https://docs.cbpayapp.com/en/guides/profile.md): Password, verified email, alias and QR to get paid, profile photo, 2FA (SMS/WhatsApp/email/app), passkeys, and session and security-activity management - [QR Crypto POS](https://docs.cbpayapp.com/en/guides/qr-pos.md): Amount-bearing crypto QR charges for processors with physical POS terminals: register your verified merchants, generate the QR, detect the payment and reconcile per client - [Receipts](https://docs.cbpayapp.com/en/guides/receipts.md): Branded PDF per operation, with a QR authenticity check, receipt_url on every response and automatic email delivery - [Wallet screening](https://docs.cbpayapp.com/en/guides/screenings.md): Assess the AML risk of any blockchain address — sanctions, illicit funds, exposure — before transacting with it - [Segregated wallets](https://docs.cbpayapp.com/en/guides/segregated-wallets.md): On-chain wallets with their own balance: create, import, receive, send, export the key and auto-forward — the balance lives on the blockchain, never in the ledger - [Social login (Google, Apple, Microsoft, Meta)](https://docs.cbpayapp.com/en/guides/social-login.md): Sign up and sign in with Google, Apple, Microsoft and Facebook, passwordless - [Account statement](https://docs.cbpayapp.com/en/guides/statement.md): The consolidated statement: JSON for your web, downloadable PDF and Excel, ready for your accountant - [Swaps](https://docs.cbpayapp.com/en/guides/swaps.md): Convert between your USDT, USDC, BTC and GOLD balances instantly, with a prior quote and the execution rate of the moment - [Internal transfers](https://docs.cbpayapp.com/en/guides/transfers.md): Move USDT, USDC, BTC or GOLD between CBPay accounts, free and instant - [Introduction](https://docs.cbpayapp.com/en/introduction.md): What CBPay is and what you can build with the API - [MCP Server](https://docs.cbpayapp.com/en/mcp.md): Connect your AI editor or assistant to the CBPay documentation with one click - [Postman](https://docs.cbpayapp.com/en/postman.md): Ready-to-import collection to try the whole API - [Quickstart](https://docs.cbpayapp.com/en/quickstart.md): From zero to your first payout — with the cycle closed by webhook — in six steps - [Security and 2FA (OTP)](https://docs.cbpayapp.com/en/security-2fa.md): One-time codes over SMS or WhatsApp protecting login, payouts, withdrawals and more - [Webhooks](https://docs.cbpayapp.com/en/webhooks.md): Receive signed events in real time ## OpenAPI Specs - [openapi.zh](https://docs.cbpayapp.com/openapi.zh.yaml) - [openapi](https://docs.cbpayapp.com/openapi.yaml) - [openapi.es](https://docs.cbpayapp.com/openapi.es.yaml)