{"info":{"_postman_id":"f72d8445-db72-4627-8ce7-c60689c6c1e7","name":"SMEPay V2","description":"<html><head></head><body><h1 id=\"smepay-v2-api-integration\">SMEPay V2 - API Integration</h1>\n<p><strong>Flow:</strong> Authenticate → Create Order → Initiate Payment → Poll Status (optional webhook)</p>\n<hr>\n<h2 id=\"🌐-environments\">🌐 Environments</h2>\n<p>Your <code>client_id</code> is bound to <strong>Test</strong> or <strong>Live</strong> mode. Requests must target the correct host; authentication will reject mismatched mode.</p>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Environment</th>\n<th>Base URL</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><strong>Test</strong></td>\n<td><code>https://staging.smepay.in</code></td>\n</tr>\n<tr>\n<td><strong>Live</strong></td>\n<td><code>https://extranet.smepay.in</code></td>\n</tr>\n</tbody>\n</table>\n</div><hr>\n<h2 id=\"🧙-integration-options\">🧙 Integration Options</h2>\n<h3 id=\"option-1-wizard-smepay-checkout-widget\">Option 1: Wizard (SMEPay Checkout Widget)</h3>\n<p><strong>Best for:</strong> Websites, web apps, quick integration</p>\n<p><strong>Features:</strong></p>\n<ul>\n<li><p>Pre-built payment UI</p>\n</li>\n<li><p>Automatic QR generation</p>\n</li>\n<li><p>Real-time status updates</p>\n</li>\n<li><p>Mobile-responsive</p>\n</li>\n</ul>\n<p><strong>Implementation:</strong> See \"Wizard Checkout Integration\" folder</p>\n<h3 id=\"option-2-inline-dqr-direct-api\">Option 2: Inline DQR (Direct API)</h3>\n<p><strong>Best for:</strong> Custom UI, mobile apps, server-to-server</p>\n<p><strong>Features:</strong></p>\n<ul>\n<li><p>Full control over UI/UX</p>\n</li>\n<li><p>Direct API integration</p>\n</li>\n<li><p>Custom payment flow</p>\n</li>\n<li><p>Generate your own QR</p>\n</li>\n</ul>\n<p><strong>Implementation:</strong> See \"Inline DQR Integration\" folder</p>\n<hr>\n<h2 id=\"🚀-quick-start\">🚀 Quick Start</h2>\n<h3 id=\"step-1-get-credentials\">Step 1: Get Credentials</h3>\n<ol>\n<li><p>Login to <a href=\"https://app.smepay.in\">SMEPay Dashboard</a></p>\n</li>\n<li><p>Go to <strong>Integrations → View API docs</strong></p>\n</li>\n<li><p>Download your <code>client_id</code> and <code>client_secret</code></p>\n</li>\n</ol>\n<h3 id=\"step-2-test-payment\">Step 2: Test Payment</h3>\n<ol>\n<li><p>Create test order</p>\n</li>\n<li><p>Generate payment link</p>\n</li>\n<li><p>Test with UPI app</p>\n</li>\n<li><p>Verify webhook callback</p>\n</li>\n</ol>\n<hr>\n<h2 id=\"🔒-authentication\">🔒 Authentication</h2>\n<p><strong>Access Token:</strong> Expires in 10 minutes (600 seconds)</p>\n<p><strong>Use in subsequent requests:</strong></p>\n<pre class=\"click-to-expand-wrapper is-snippet-wrapper\"><code>Authorization: Bearer &lt;access_token&gt;\nContent-Type: application/json\n\n</code></pre><p><strong>Access Constraints:</strong></p>\n<ul>\n<li><p>Business verification/tier</p>\n</li>\n<li><p>IP whitelist &amp; geo-restrictions</p>\n</li>\n<li><p>Per-business rate limits</p>\n</li>\n<li><p>Minimum wallet balance for external operations</p>\n</li>\n</ul>\n<hr>\n<h2 id=\"🔔-webhooks\">🔔 Webhooks</h2>\n<p>When payment status changes, we POST to your <code>callback_url</code>:</p>\n<p><strong>Status Values:</strong></p>\n<ul>\n<li><p><code>SUCCESS</code> - Payment completed ✅</p>\n</li>\n<li><p><code>FAILED</code> - Payment failed ❌</p>\n</li>\n</ul>\n<p><strong>Security:</strong> Always validate using <code>/order/validate</code> endpoint before fulfilling order</p>\n<hr>\n<h2 id=\"💡-payment-status-flow\">💡 Payment Status Flow</h2>\n<pre class=\"click-to-expand-wrapper is-snippet-wrapper\"><code>CREATED → INITIATED → PENDING → SUCCESS/FAILED\n                              ↓\n                           EXPIRED\n\n</code></pre><hr>\n<h2 id=\"📞-support\">📞 Support</h2>\n<ul>\n<li><p><strong>Email:</strong> <a href=\"mailto:support@smepay.io\">support@smepay.io</a></p>\n</li>\n<li><p><strong>Dashboard:</strong> <a href=\"https://app.smepay.in\">https://app.smepay.in</a></p>\n</li>\n</ul>\n</body></html>","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","toc":[{"content":"SMEPay V2 - API Integration","slug":"smepay-v2-api-integration"}],"owner":"43640931","collectionId":"f72d8445-db72-4627-8ce7-c60689c6c1e7","publishedId":"2sB3HnJK8V","public":true,"customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"},"publishDate":"2025-09-08T13:50:29.000Z"},"item":[{"name":"Wizard Checkout Integration","item":[{"name":"1. Authenticate","id":"5fac8b9a-2710-46b8-82ee-df03b754c590","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n  \"client_id\": \"YOUR_CLIENT_ID\",\n  \"client_secret\": \"YOUR_CLIENT_SECRET\"\n}"},"url":"{{baseUrl}}/api/wiz/external/auth","description":"<p>Get access token for Wizard API.</p>\n<p><strong>Note:</strong> No IP whitelisting required for Wizard API</p>\n<p><strong>Response:</strong></p>\n<pre class=\"click-to-expand-wrapper is-snippet-wrapper\"><code class=\"language-json\">{\n  \"access_token\": \"&lt;token&gt;\",\n  \"token_type\": \"Bearer\",\n  \"expires_in\": 600,\n  \"environment\": \"test\"\n}\n</code></pre>\n","urlObject":{"path":["api","wiz","external","auth"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"5fac8b9a-2710-46b8-82ee-df03b754c590"},{"name":"2. Create Order","id":"1148dea5-ab0b-4a24-98b0-2a2b539c0081","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{wizard_token}}"}]},"isInherited":false},"method":"POST","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n  \"client_id\": \"YOUR_CLIENT_ID\",\n  \"amount\": \"100\",\n  \"order_id\": \"YOUR_UNIQUE_ORDER_123\",\n  \"callback_url\": \"https://your-domain.com/success\",\n  \"customer_details\": {\n    \"email\": \"customer@example.com\",\n    \"mobile\": \"9876543210\",\n    \"name\": \"Customer Name\"\n  }\n}"},"url":"{{baseUrl}}/api/wiz/external/order/create","description":"<p>Create order for Wizard widget.</p>\n<p><strong>Response:</strong></p>\n<pre class=\"click-to-expand-wrapper is-snippet-wrapper\"><code class=\"language-json\">{\n  \"amount\": 100,\n  \"callback_url\": \"https://your-domain.com/success\",\n  \"customer_details\": {...},\n  \"message\": \"Order created successfully. Use initiate payment API to start payment process.\",\n  \"order_id\": \"HZR2959795575241\",\n  \"order_slug\": \"2h2m6qf\",\n  \"payment_status\": \"CREATED\",\n  \"payment_url\": \"https://link.smepay.in/@acme/2h2m6qf\",\n  \"ref_id\": \"ORD__000223\",\n  \"status\": true\n}\n</code></pre>\n<p><strong>Use the <code>slug</code> to launch the Wizard widget.</strong></p>\n<p><strong>Note:</strong> <code>payment_url</code> is for sharing on other platforms for future use</p>\n","urlObject":{"path":["api","wiz","external","order","create"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"1148dea5-ab0b-4a24-98b0-2a2b539c0081"},{"name":"3. Validate Order","id":"d05196ab-3faf-4726-9b92-2aa8433c259d","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{wizard_token}}"}]},"isInherited":false},"method":"POST","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n  \"client_id\": \"YOUR_CLIENT_ID\",\n  \"amount\": 100,\n  \"slug\": \"abc123xyz\"\n}"},"url":"{{baseUrl}}/api/wiz/external/order/validate","description":"<p>Validate payment after widget success callback.</p>\n<p><strong>Response:</strong></p>\n<pre class=\"click-to-expand-wrapper is-snippet-wrapper\"><code class=\"language-json\">{\n  \"status\": true,\n  \"valid\": true,\n  \"payment_status\": \"SUCCESS\",\n  \"message\": \"Order validated successfully\"\n}\n</code></pre>\n<p><strong>Call this from your backend</strong> after receiving webhook to verify payment before fulfilling order.</p>\n","urlObject":{"path":["api","wiz","external","order","validate"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"d05196ab-3faf-4726-9b92-2aa8433c259d"}],"id":"74f54f31-1e87-4785-8043-8b6cf1510119","description":"<h1 id=\"🧙-wizard-smepay-checkout-widget\">🧙 Wizard (SMEPay Checkout Widget)</h1>\n<p><strong>Easiest integration</strong> - Pre-built payment UI with automatic QR generation.</p>\n<hr />\n<h2 id=\"✅-step-1-include-the-script\">✅ Step 1: Include the Script</h2>\n<p>Add this script tag before closing tag:</p>\n<pre class=\"click-to-expand-wrapper is-snippet-wrapper\"><code class=\"language-html\">&lt;script src=\"https://typof.co/smepay/checkout-v2.js\"&gt;&lt;/script&gt;\n\n</code></pre>\n<hr />\n<h2 id=\"✅-step-2-create-order--launch-widget\">✅ Step 2: Create Order &amp; Launch Widget</h2>\n<p><strong>Backend:</strong> First, create an order to get <code>order_slug</code></p>\n<pre class=\"click-to-expand-wrapper is-snippet-wrapper\"><code class=\"language-javascript\">// Call your backend API to create order\nfetch('/api/create-order', {\n  method: 'POST',\n  body: JSON.stringify({\n    amount: 100,\n    customer_email: 'customer@example.com'\n  })\n})\n.then(res =&gt; res.json())\n.then(data =&gt; {\n  // Launch SMEPay widget with slug\n  openSMEPayWidget(data.order_slug);\n});\n\n</code></pre>\n<p><strong>Frontend:</strong> Launch the payment widget</p>\n<pre class=\"click-to-expand-wrapper is-snippet-wrapper\"><code class=\"language-javascript\">function openSMEPayWidget(orderSlug) {\n  if (window.smepayCheckout) {\n    window.smepayCheckout({\n      slug: orderSlug,\n      onSuccess: (data) =&gt; {\n        console.log('✅ Payment successful:', data);\n        // Redirect to success page\n        if (data.callback_url) {\n          window.location.href = data.callback_url;\n        }\n      },\n      onFailure: () =&gt; {\n        console.log('❌ Payment failed or closed.');\n        // Handle failure\n      }\n    });\n  } else {\n    alert('SMEPay widget is not loaded.');\n  }\n}\n\n</code></pre>\n<hr />\n<h2 id=\"✅-step-3-validate-payment\">✅ Step 3: Validate Payment</h2>\n<p>Once user pays successfully:</p>\n<ol>\n<li><p><strong>Widget closes automatically</strong></p>\n</li>\n<li><p><strong>Redirects to</strong> <strong><code>callback_url</code></strong></p>\n</li>\n<li><p><strong>Sends POST request</strong> to your webhook URL</p>\n</li>\n<li><p><strong>Validate from backend</strong> using <code>/order/validate</code></p>\n</li>\n</ol>\n<pre class=\"click-to-expand-wrapper is-snippet-wrapper\"><code class=\"language-javascript\">// Backend validation\nfetch('https://app.smepay.in/api/wiz/external/order/validate', {\n  method: 'POST',\n  headers: {\n    'Authorization': 'Bearer ' + accessToken,\n    'Content-Type': 'application/json'\n  },\n  body: JSON.stringify({\n    client_id: 'YOUR_CLIENT_ID',\n    amount: 100.00,\n    slug: orderSlug\n  })\n})\n.then(res =&gt; res.json())\n.then(data =&gt; {\n  if (data.status &amp;&amp; data.payment_status === 'SUCCESS') {\n    // Payment verified - fulfill order\n  }\n});\n\n</code></pre>\n<hr />\n<h2 id=\"📝-complete-example\">📝 Complete Example</h2>\n<pre class=\"click-to-expand-wrapper is-snippet-wrapper\"><code class=\"language-html\">\n&lt;html&gt;\n&lt;head&gt;\n  &lt;title&gt;SMEPay Checkout&lt;/title&gt;\n&lt;/head&gt;\n&lt;body&gt;\n  &lt;button onclick=\"handlePayment()\"&gt;Pay Now&lt;/button&gt;\n  &lt;script src=\"https://typof.co/smepay/checkout-v2.js\"&gt;&lt;/script&gt;\n  &lt;script src=\"https://code.jquery.com/jquery-3.6.0.min.js\"&gt;&lt;/script&gt;\n  &lt;script&gt;\n    function handlePayment() {\n      // Step 1: Create order via your backend\n      $.post('/api/pay-qr', { amount: 100 })\n        .done(function(response) {\n          // Step 2: Launch SMEPay widget\n          if (window.smepayCheckout) {\n            window.smepayCheckout({\n              slug: response.order_slug,\n              onSuccess: (data) =&gt; {\n                console.log('✅ Payment successful');\n                if (data.callback_url) {\n                  window.location.href = data.callback_url;\n                }\n              },\n              onFailure: () =&gt; {\n                alert('❌ Payment failed or cancelled');\n              }\n            });\n          }\n        })\n        .fail(function(error) {\n          console.error('Error creating order:', error);\n        });\n    }\n  &lt;/script&gt;\n&lt;/body&gt;\n&lt;/html&gt;\n\n</code></pre>\n<hr />\n<h2 id=\"🎯-widget-features\">🎯 Widget Features</h2>\n<ul>\n<li><p>✅ <strong>Auto QR Generation</strong> - No need to generate QR yourself</p>\n</li>\n<li><p>✅ <strong>Real-time Status</strong> - Automatic payment status updates</p>\n</li>\n<li><p>✅ <strong>Mobile Responsive</strong> - Works on all devices</p>\n</li>\n<li><p>✅ <strong>UPI Deep Links</strong> - Direct app integration (GPay, PhonePe, etc.)</p>\n</li>\n<li><p>✅ <strong>Error Handling</strong> - Built-in error messages</p>\n</li>\n</ul>\n<hr />\n<p>Use the APIs below to implement the backend for Wizard checkout.</p>\n","_postman_id":"74f54f31-1e87-4785-8043-8b6cf1510119"},{"name":"Inline DQR Integration","item":[{"name":"1. Authenticate","id":"1b5a3d8b-c677-4616-bced-96b0d561549c","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n  \"client_id\": \"YOUR_CLIENT_ID\",\n  \"client_secret\": \"YOUR_CLIENT_SECRET\"\n}"},"url":"{{baseUrl}}/api/external/auth","description":"<p>Obtain a short-lived access token (expires in 600 seconds).</p>\n<p><strong>Access Constraints:</strong></p>\n<ul>\n<li>Business verification/tier</li>\n<li>IP whitelist &amp; geo-restrictions</li>\n<li>Per-business rate limits</li>\n<li>Minimum wallet balance for external operations</li>\n</ul>\n<p><strong>Response:</strong></p>\n<pre class=\"click-to-expand-wrapper is-snippet-wrapper\"><code class=\"language-json\">{\n  \"access_token\": \"&lt;token&gt;\",\n  \"token_type\": \"Bearer\",\n  \"expires_in\": 600,\n  \"environment\": \"test\"\n}\n</code></pre>\n<p><strong>Use this token</strong> in <code>Authorization: Bearer &lt;token&gt;</code> header for subsequent requests.</p>\n","urlObject":{"path":["api","external","auth"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"1b5a3d8b-c677-4616-bced-96b0d561549c"},{"name":"2. Create Order","id":"7edaad29-5a45-4722-bcd2-541c5d376bf2","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{external_token}}"}]},"isInherited":false},"method":"POST","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n  \"client_id\": \"YOUR_CLIENT_ID\",\n  \"amount\": \"100.50\",\n  \"order_id\": \"YOUR_UNIQUE_ORDER_123\",\n  \"callback_url\": \"https://your.app/webhook\",\n  \"customer_details\": {\n    \"email\": \"buyer@example.com\",\n    \"mobile\": \"+911234567890\",\n    \"name\": \"Buyer Name\"\n  }\n}"},"url":"{{baseUrl}}/api/external/order/create","description":"<p>Create a new payment order.</p>\n<p><strong>Notes:</strong></p>\n<ul>\n<li><code>amount</code> is a <strong>string</strong> (positive number)</li>\n<li><code>order_id</code> must be <strong>unique</strong> per business</li>\n<li>Applies: order min/max, daily/monthly caps, wallet fee coverage check</li>\n</ul>\n<p><strong>Response:</strong></p>\n<pre class=\"click-to-expand-wrapper is-snippet-wrapper\"><code class=\"language-json\">{\n  \"status\": true,\n  \"order_id\": \"INT-123e4567-e89b-12d3-a456-426614174000\",\n  \"slug\": \"abcdefg\",\n  \"message\": \"Order created\"\n}\n</code></pre>\n<p><strong>Use the <code>slug</code> for next step (Initiate Payment)</strong></p>\n","urlObject":{"path":["api","external","order","create"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"7edaad29-5a45-4722-bcd2-541c5d376bf2"},{"name":"3. Initiate Payment","id":"816dee5a-6297-4b6c-86bf-e21f1f05e37b","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{external_token}}"}]},"isInherited":false},"method":"POST","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n  \"slug\": \"abcdefg\",\n  \"client_id\": \"YOUR_CLIENT_ID\"\n}"},"url":"{{baseUrl}}/api/external/order/initiate","description":"<p>Generate UPI payment link and QR code.</p>\n<p><strong>Preconditions:</strong></p>\n<ul>\n<li>Order belongs to your business</li>\n<li>Status is <code>CREATED</code></li>\n<li>Not expired (≈ 5 min window)</li>\n</ul>\n<p><strong>Response:</strong></p>\n<pre class=\"click-to-expand-wrapper is-snippet-wrapper\"><code class=\"language-json\">{\n  \"status\": true,\n  \"order_id\": \"INT-123e4567-e89b-12d3-a456-426614174000\",\n  \"external_reference_id\": \"YOUR_ORDER_123\",\n  \"provider\": \"phonepe\",\n  \"payment_link\": \"upi://pay?...\",\n  \"transaction_id\": \"PPabc...\",\n  \"qr_code\": \"data:image/png;base64,...\",\n  \"payment_status\": \"INITIATED\",\n  \"expires_at\": 1736034123,\n  \"intents\": {\n    \"gpay\": \"tez://...\",\n    \"phonepe\": \"phonepe://...\",\n    \"paytm\": \"paytmmp://...\"\n  },\n  \"message\": \"Payment initiated successfully. Payment will be monitored for 5 minutes.\"\n}\n</code></pre>\n<p><strong>Display the <code>qr_code</code> or use <code>payment_link</code> for UPI deep linking</strong></p>\n","urlObject":{"path":["api","external","order","initiate"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"816dee5a-6297-4b6c-86bf-e21f1f05e37b"},{"name":"4. Check Status","id":"cf3e9592-4c69-48f1-b99e-ffb8448213a9","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n  \"client_id\": \"YOUR_CLIENT_ID\",\n  \"slug\": \"abcdefg\",\n  \"ref_id\": \"YOUR_ORDER_123\"\n}"},"url":"{{baseUrl}}/api/external/qr/status","description":"<p>Poll payment status (no authentication required).</p>\n<p><strong>Response:</strong></p>\n<pre class=\"click-to-expand-wrapper is-snippet-wrapper\"><code class=\"language-json\">{\n  \"status\": true,\n  \"order_id\": \"ORDER_123\",\n  \"payment_status\": \"SUCCESS\",\n  \"amount\": 100.5,\n  \"provider\": \"phonepe\",\n  \"created_at\": 1736030500,\n  \"processed_at\": 1736030822\n}\n</code></pre>\n<p><strong>Status Values:</strong></p>\n<ul>\n<li><code>CREATED</code> - Order created</li>\n<li><code>INITIATED</code> - Payment link generated</li>\n<li><code>PENDING</code> - Payment in progress</li>\n<li><code>SUCCESS</code> - Payment completed ✅</li>\n<li><code>FAILED</code> - Payment failed ❌</li>\n<li><code>EXPIRED</code> - Order expired (5 min)</li>\n</ul>\n<p><strong>Polling Recommendation:</strong> Poll every 3-5 seconds until status is final (SUCCESS/FAILED/EXPIRED)</p>\n","urlObject":{"path":["api","external","qr","status"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"cf3e9592-4c69-48f1-b99e-ffb8448213a9"}],"id":"6fac77a4-9d71-4044-96ee-b15b521b3bc3","description":"<h1 id=\"💳-inline-dqr-dynamic-qr\">💳 Inline DQR (Dynamic QR)</h1>\n<p><strong>Direct API integration</strong> - Full control over UI/UX, generate your own QR codes.</p>\n<hr />\n<h2 id=\"🎯-use-cases\">🎯 Use Cases</h2>\n<ul>\n<li><p>Custom payment UI</p>\n</li>\n<li><p>Mobile applications</p>\n</li>\n<li><p>Server-to-server integration</p>\n</li>\n<li><p>Headless commerce</p>\n</li>\n<li><p>Custom QR design</p>\n</li>\n</ul>\n<hr />\n<h2 id=\"🔄-payment-flow\">🔄 Payment Flow</h2>\n<pre class=\"click-to-expand-wrapper is-snippet-wrapper\"><code>1. Authenticate          → Get access_token\n   ↓\n2. Create Order          → Get order_slug\n   ↓\n3. Initiate Payment      → Get payment_link &amp; QR\n   ↓\n4. Customer Pays         → UPI app\n   ↓\n5. Poll Status           → Check /order/status\n   OR\n   Receive Webhook       → POST to callback_url\n   ↓\n6. Validate Order        → Verify before fulfilling\n\n</code></pre><hr />\n<h2 id=\"🔒-security-notes\">🔒 Security Notes</h2>\n<p><strong>IP Whitelisting:</strong></p>\n<ul>\n<li><p>Required for production (<code>/api/external/</code>)</p>\n</li>\n<li><p>Configure in Dashboard → Settings → API</p>\n</li>\n</ul>\n<p><strong>Access Constraints:</strong></p>\n<ul>\n<li><p>Business verification required</p>\n</li>\n<li><p>Tier-based rate limits</p>\n</li>\n<li><p>Minimum wallet balance</p>\n</li>\n<li><p>Geo-restrictions apply</p>\n</li>\n</ul>\n<hr />\n<h2 id=\"⏱️-important-timeouts\">⏱️ Important Timeouts</h2>\n<ul>\n<li><p><strong>Access Token:</strong> 10 minutes (600s)</p>\n</li>\n<li><p><strong>Payment Link:</strong> 5 minutes</p>\n</li>\n<li><p><strong>Order Expiry:</strong> 5 minutes</p>\n</li>\n</ul>\n<hr />\n<p>Use the APIs below for direct integration.</p>\n","_postman_id":"6fac77a4-9d71-4044-96ee-b15b521b3bc3"},{"name":"Webhooks","item":[],"id":"62dc4d54-f63c-4a7a-b347-4e5d4cd3da4b","description":"<h1 id=\"🔔-webhooks\">🔔 Webhooks</h1>\n<p>SMEPay sends POST requests to your <code>callback_url</code> when payment status changes.</p>\n<hr />\n<h2 id=\"📦-webhook-payload\">📦 Webhook Payload</h2>\n<p><strong>Method:</strong> <code>POST</code></p>\n<p><strong>Content-Type:</strong> <code>application/json</code></p>\n<pre class=\"click-to-expand-wrapper is-snippet-wrapper\"><code class=\"language-json\">{\n  \"ref_id\": \"YOUR_ORDER_123\",\n  \"transaction_id\": \"SME_TXN_456\",\n  \"status\": \"SUCCESS\",\n  \"amount\": \"100.00\",\n  \"processed_at\": \"2025-01-01T12:00:00+05:30\",\n  \"created_at\": \"2025-01-01T11:55:00+05:30\"\n}\n\n</code></pre>\n<hr />\n<h2 id=\"📋-payload-fields\">📋 Payload Fields</h2>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Field</th>\n<th>Type</th>\n<th>Description</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><code>ref_id</code></td>\n<td>string</td>\n<td>Your <code>order_id</code> from create order</td>\n</tr>\n<tr>\n<td><code>transaction_id</code></td>\n<td>string</td>\n<td>SMEPay transaction ID</td>\n</tr>\n<tr>\n<td><code>status</code></td>\n<td>string</td>\n<td>Payment status (see below)</td>\n</tr>\n<tr>\n<td><code>amount</code></td>\n<td>string</td>\n<td>Payment amount</td>\n</tr>\n<tr>\n<td><code>processed_at</code></td>\n<td>string</td>\n<td>Completion timestamp (ISO 8601)</td>\n</tr>\n<tr>\n<td><code>created_at</code></td>\n<td>string</td>\n<td>Order creation timestamp (ISO 8601)</td>\n</tr>\n</tbody>\n</table>\n</div><hr />\n<h2 id=\"🎯-status-values\">🎯 Status Values</h2>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Status</th>\n<th>Description</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><code>SUCCESS</code></td>\n<td>Payment completed successfully ✅</td>\n</tr>\n<tr>\n<td><code>FAILED</code></td>\n<td>Payment failed ❌</td>\n</tr>\n<tr>\n<td><code>PENDING</code></td>\n<td>Payment in progress ⏳</td>\n</tr>\n</tbody>\n</table>\n</div><hr />\n<h2 id=\"🔄-exponential-backoff-retry-schedule\">🔄 Exponential Backoff Retry Schedule</h2>\n<p><strong>Retries only when webhook endpoint returns 5xx status code.</strong></p>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Attempt</th>\n<th>Delay Before Next</th>\n<th>Total Time Elapsed</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>Attempt 1 (Initial)</td>\n<td>1 minute</td>\n<td>0</td>\n</tr>\n<tr>\n<td>Attempt 2</td>\n<td>5 minutes</td>\n<td>1 minute</td>\n</tr>\n<tr>\n<td>Attempt 3</td>\n<td>25 minutes</td>\n<td>6 minutes</td>\n</tr>\n<tr>\n<td>Attempt 4</td>\n<td>2 hours</td>\n<td>31 minutes</td>\n</tr>\n<tr>\n<td>Attempt 5 (Final)</td>\n<td>-</td>\n<td>2h 31m</td>\n</tr>\n</tbody>\n</table>\n</div><p><strong>Note:</strong> Retries are triggered only on 5xx errors (server errors). 4xx errors (client errors) and 200 OK responses do not trigger retries.</p>\n<hr />\n<h2 id=\"🧪-testing-webhooks\">🧪 Testing Webhooks</h2>\n<p><strong>Use webhook.site for testing:</strong></p>\n<ol>\n<li><p>Go to <a href=\"https://webhook.site\">https://webhook.site</a></p>\n</li>\n<li><p>Copy your unique URL</p>\n</li>\n<li><p>Use it as <code>callback_url</code> in Create Order</p>\n</li>\n<li><p>Complete a test payment</p>\n</li>\n<li><p>See webhook payload in real-time</p>\n</li>\n</ol>\n<hr />\n<h2 id=\"📝-webhook-response-codes\">📝 Webhook Response Codes</h2>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Your Response Code</th>\n<th>SMEPay Action</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><code>200 OK</code></td>\n<td>✅ Webhook delivered successfully - No retry</td>\n</tr>\n<tr>\n<td><code>201 Created</code></td>\n<td>✅ Webhook received - No retry</td>\n</tr>\n<tr>\n<td><code>4xx Client Error</code></td>\n<td>❌ Client error - No retry</td>\n</tr>\n<tr>\n<td><code>500 Server Error</code></td>\n<td>🔄 Will trigger exponential backoff retry</td>\n</tr>\n<tr>\n<td><code>502 Bad Gateway</code></td>\n<td>🔄 Will trigger exponential backoff retry</td>\n</tr>\n<tr>\n<td><code>503 Service Unavailable</code></td>\n<td>🔄 Will trigger exponential backoff retry</td>\n</tr>\n<tr>\n<td><code>504 Gateway Timeout</code></td>\n<td>🔄 Will trigger exponential backoff retry</td>\n</tr>\n<tr>\n<td><code>Connection Timeout</code></td>\n<td>🔄 Will trigger exponential backoff retry</td>\n</tr>\n</tbody>\n</table>\n</div><p><strong>Best Practice:</strong> Always respond with <code>200 OK</code> immediately upon receiving webhook, then process asynchronously.</p>\n","_postman_id":"62dc4d54-f63c-4a7a-b347-4e5d4cd3da4b"},{"name":"Disbursement Payout","item":[{"name":"1. Authenticate","event":[{"listen":"test","script":{"exec":["var json = pm.response.json();","if (json.data && json.data.token) {","    pm.environment.set('disb_token', json.data.token);","    console.log('disb_token saved:', json.data.token.substring(0,20) + '...');","}"],"type":"text/javascript","id":"bcab7900-b57a-4adb-a0d3-10f33e5bb14d"}}],"id":"e9861507-651e-4f5b-a528-1f12f83a0e9a","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json","type":"text"}],"body":{"mode":"raw","raw":"{\n  \"client_id\": \"\",\n  \"client_secret\": \"\"\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/api/v1/disbursement/auth","description":"<p>Exchange your <code>client_id</code> and <code>client_secret</code> for a short-lived JWT bearer token.</p>\n<p><strong>Response fields</strong></p>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Field</th>\n<th>Description</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><code>token</code></td>\n<td>JWT to pass as <code>Authorization: Bearer &lt;token&gt;</code> on all subsequent disbursement calls</td>\n</tr>\n<tr>\n<td><code>expires_in</code></td>\n<td>Token lifetime in seconds (typically 3600)</td>\n</tr>\n</tbody>\n</table>\n</div><p><strong>Error cases</strong></p>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Code</th>\n<th>Reason</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>401</td>\n<td>Invalid or missing credentials</td>\n</tr>\n<tr>\n<td>403</td>\n<td>IP not whitelisted — add your server IP in the SMEPay admin panel</td>\n</tr>\n</tbody>\n</table>\n</div>","urlObject":{"path":["api","v1","disbursement","auth"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"340e0cd3-c7e4-4105-ad3f-e172faa7310d","name":"200 – Success","originalRequest":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n  \"client_id\": \"api_client_001\",\n  \"client_secret\": \"secret_xxx\"\n}"},"url":""},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"{\n  \"status\": true,\n  \"data\": {\n    \"token\": \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...\",\n    \"expires_in\": 3600\n  }\n}"},{"id":"5873240a-dd7a-4cbc-b225-a42fa045ba06","name":"401 – Invalid credentials","originalRequest":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n  \"client_id\": \"wrong\",\n  \"client_secret\": \"wrong\"\n}"},"url":""},"status":"Unauthorized","code":401,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"{\n  \"status\": false,\n  \"message\": \"invalid client credentials\"\n}"},{"id":"817a9dfa-e272-4ed1-9ca7-c419deb840be","name":"403 – IP not whitelisted","originalRequest":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n  \"client_id\": \"api_client_001\",\n  \"client_secret\": \"secret_xxx\"\n}"},"url":""},"status":"Forbidden","code":403,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"{\n  \"status\": false,\n  \"error\": \"ip_not_whitelisted\",\n  \"message\": \"IP 203.0.113.42 is not in the allowed list\"\n}"}],"_postman_id":"e9861507-651e-4f5b-a528-1f12f83a0e9a"},{"name":"2. Initiate Payout - IMPS (Primary)","event":[{"listen":"test","script":{"id":"a75da6f1-c016-4ed5-90e1-baf7bc252dab","exec":["var json = pm.response.json();","if (json.data && json.data.id) {","    pm.environment.set('disb_payout_id', json.data.id);","    console.log('disb_payout_id saved:', json.data.id);","}"],"type":"text/javascript","packages":{},"requests":{}}}],"id":"33d27d15-85c1-4dfe-a244-7c4535e8f9d5","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json","type":"text"},{"key":"Authorization","value":"Bearer {{disb_token}}","type":"text"}],"body":{"mode":"raw","raw":"{\n  \"reference_id\": \"TXN-20240301-023\",\n  \"amount\": 10.0,\n  \"payment_mode\": \"IMPS\",\n  \"beneficiary_name\": \"TRILOCHAN PARIDA\",\n  \"beneficiary_account\": \"033325221134005\",\n  \"beneficiary_ifsc\": \"NESF0000333\",\n  \"callback_url\":\"https://your-callback-url\",\n  \"remarks\": \"Testing\"\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/api/v1/disbursement/payouts","description":"<p>Initiate an outbound IMPS bank transfer. <strong>IMPS is the primary payment mode</strong> — it settles within seconds and is available 24×7.</p>\n<p><strong>Request fields</strong></p>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Field</th>\n<th>Required</th>\n<th>Description</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><code>reference_id</code></td>\n<td>✅</td>\n<td>Your unique idempotency key. Duplicate reference_ids return the original payout — no double-spend</td>\n</tr>\n<tr>\n<td><code>amount</code></td>\n<td>✅</td>\n<td>Transfer amount in INR (subject to min/max limits configured for your account)</td>\n</tr>\n<tr>\n<td><code>payment_mode</code></td>\n<td>—</td>\n<td><code>IMPS</code> (default) / <code>NEFT</code></td>\n</tr>\n<tr>\n<td><code>beneficiary_name</code></td>\n<td>✅</td>\n<td>Account holder name</td>\n</tr>\n<tr>\n<td><code>beneficiary_account</code></td>\n<td>✅</td>\n<td>Bank account number</td>\n</tr>\n<tr>\n<td><code>beneficiary_ifsc</code></td>\n<td>✅</td>\n<td>11-character IFSC code</td>\n</tr>\n<tr>\n<td><code>remarks</code></td>\n<td>—</td>\n<td>Narration (max 50 chars)</td>\n</tr>\n</tbody>\n</table>\n</div><p><strong>Beneficiary data in responses</strong>\nRaw bank details are <strong>never</strong> returned. The <code>beneficiary_name</code>, <code>beneficiary_account</code>, and <code>beneficiary_ifsc</code> fields in all API responses and webhook payloads are SHA-256 hashes of the original values — you can use these for correlation but cannot reverse them.</p>\n<p><strong>Payout lifecycle</strong>\n<code>INITIATED</code> → <code>PROCESSING</code> → <code>SUCCESS</code> / <code>FAILED</code></p>\n<p><strong>Error cases</strong></p>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Code</th>\n<th>message</th>\n<th>Reason</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>400</td>\n<td><code>insufficient balance</code></td>\n<td>Available balance &lt; amount + fee</td>\n</tr>\n<tr>\n<td>400</td>\n<td><code>amount below minimum</code></td>\n<td>Below your configured min_payout_amount</td>\n</tr>\n<tr>\n<td>400</td>\n<td><code>amount above maximum</code></td>\n<td>Exceeds your configured max_payout_amount</td>\n</tr>\n<tr>\n<td>400</td>\n<td><code>disbursement not enabled</code></td>\n<td>Contact SMEPay admin to enable payout access</td>\n</tr>\n<tr>\n<td>400</td>\n<td><code>duplicate reference_id</code></td>\n<td>That reference_id was already used (idempotency)</td>\n</tr>\n<tr>\n<td>401</td>\n<td><code>business_id not found in token</code></td>\n<td>Token missing or expired</td>\n</tr>\n<tr>\n<td>403</td>\n<td><code>ip_not_whitelisted</code></td>\n<td>Caller IP not in allowlist</td>\n</tr>\n</tbody>\n</table>\n</div>","urlObject":{"path":["api","v1","disbursement","payouts"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"c088d7c8-8b79-4ce1-b665-8b10c20effd0","name":"201 – Payout Initiated","originalRequest":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"},{"key":"Authorization","value":"Bearer {{disb_token}}"}],"body":{"mode":"raw","raw":"{\n  \"reference_id\": \"TXN-20240301-001\",\n  \"amount\": 5000.0,\n  \"payment_mode\": \"IMPS\",\n  \"beneficiary_name\": \"Rajan Kumar\",\n  \"beneficiary_account\": \"1234567890\",\n  \"beneficiary_ifsc\": \"SBIN0001234\",\n  \"remarks\": \"Salary March 2024\"\n}"},"url":""},"status":"Created","code":201,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"{\n  \"status\": true,\n  \"message\": \"Payout initiated successfully\",\n  \"data\": {\n    \"id\": \"7e9d3c12-a4f1-4b2e-9c3d-8e7f6a5b4c3d\",\n    \"reference_id\": \"TXN-20240301-001\",\n    \"amount\": 5000.0,\n    \"fee_amount\": 5.0,\n    \"payment_mode\": \"IMPS\",\n    \"remarks\": \"Salary March 2024\",\n    \"status\": \"INITIATED\",\n    \"provider\": \"paywize\",\n    \"beneficiary_name\": \"a3f1c2d4e5b6a7c8d9e0f1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9a0b1c2\",\n    \"beneficiary_account\": \"b2e3d4f5a6c7b8d9e0f1a2c3b4d5e6f7a8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3\",\n    \"beneficiary_ifsc\": \"c3f4e5a6b7d8c9e0f1a2d3c4e5f6a7b8c9d0e1f2a3c4d5e6f7a8b9c0d1e2f3a4\",\n    \"business_id\": \"b1c2d3e4-f5a6-7b8c-9d0e-1f2a3b4c5d6e\",\n    \"available_balance\": 45000.0,\n    \"locked_balance\": 5000.0,\n    \"initiated_at\": \"2024-03-01T10:30:00Z\",\n    \"created_at\": \"2024-03-01T10:30:00Z\",\n    \"updated_at\": \"2024-03-01T10:30:00Z\"\n  }\n}"},{"id":"8b327a25-0774-45ef-a843-7b6cdb7a64f2","name":"400 – Insufficient balance","originalRequest":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"},{"key":"Authorization","value":"Bearer {{disb_token}}"}],"body":{"mode":"raw","raw":"{\n  \"reference_id\": \"TXN-20240301-001\",\n  \"amount\": 5000.0,\n  \"payment_mode\": \"IMPS\",\n  \"beneficiary_name\": \"Rajan Kumar\",\n  \"beneficiary_account\": \"1234567890\",\n  \"beneficiary_ifsc\": \"SBIN0001234\",\n  \"remarks\": \"Salary March 2024\"\n}"},"url":""},"status":"Bad Request","code":400,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"{\n  \"status\": false,\n  \"message\": \"insufficient balance: available 1200.00, required 5005.00 (amount + fee)\"\n}"},{"id":"6a5d5df0-1124-4673-bdee-3a5086639d57","name":"400 – Disbursement not enabled","originalRequest":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"},{"key":"Authorization","value":"Bearer {{disb_token}}"}],"body":{"mode":"raw","raw":"{\n  \"reference_id\": \"TXN-20240301-001\",\n  \"amount\": 5000.0,\n  \"payment_mode\": \"IMPS\",\n  \"beneficiary_name\": \"Rajan Kumar\",\n  \"beneficiary_account\": \"1234567890\",\n  \"beneficiary_ifsc\": \"SBIN0001234\",\n  \"remarks\": \"Salary March 2024\"\n}"},"url":""},"status":"Bad Request","code":400,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"{\n  \"status\": false,\n  \"message\": \"disbursement not enabled for this account\"\n}"},{"id":"9ab35ecc-bd4b-4771-827a-867278be9ae0","name":"400 – Duplicate reference_id (idempotency)","originalRequest":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"},{"key":"Authorization","value":"Bearer {{disb_token}}"}],"body":{"mode":"raw","raw":"{\n  \"reference_id\": \"TXN-20240301-001\",\n  \"amount\": 5000.0,\n  \"payment_mode\": \"IMPS\",\n  \"beneficiary_name\": \"Rajan Kumar\",\n  \"beneficiary_account\": \"1234567890\",\n  \"beneficiary_ifsc\": \"SBIN0001234\",\n  \"remarks\": \"Salary March 2024\"\n}"},"url":""},"status":"Bad Request","code":400,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"{\n  \"status\": false,\n  \"message\": \"duplicate reference_id: TXN-20240301-001\"\n}"},{"id":"382a3ff2-485a-437f-a666-5432bb9e21e1","name":"401 – Token missing / expired","originalRequest":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n  \"reference_id\": \"TXN-20240301-001\",\n  \"amount\": 5000.0,\n  \"payment_mode\": \"IMPS\",\n  \"beneficiary_name\": \"Rajan Kumar\",\n  \"beneficiary_account\": \"1234567890\",\n  \"beneficiary_ifsc\": \"SBIN0001234\",\n  \"remarks\": \"Salary March 2024\"\n}"},"url":""},"status":"Unauthorized","code":401,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"{\n  \"status\": false,\n  \"message\": \"business_id not found in token\"\n}"},{"id":"042a9110-7e6f-430e-9f89-37455bb9dbf1","name":"403 – IP not whitelisted","originalRequest":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"},{"key":"Authorization","value":"Bearer {{disb_token}}"}],"body":{"mode":"raw","raw":"{\n  \"reference_id\": \"TXN-20240301-001\",\n  \"amount\": 5000.0,\n  \"payment_mode\": \"IMPS\",\n  \"beneficiary_name\": \"Rajan Kumar\",\n  \"beneficiary_account\": \"1234567890\",\n  \"beneficiary_ifsc\": \"SBIN0001234\",\n  \"remarks\": \"Salary March 2024\"\n}"},"url":""},"status":"Forbidden","code":403,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"{\n  \"status\": false,\n  \"error\": \"ip_not_whitelisted\",\n  \"message\": \"IP 203.0.113.42 is not in the allowed list\"\n}"}],"_postman_id":"33d27d15-85c1-4dfe-a244-7c4535e8f9d5"},{"name":"3. Check Payout Status","event":[{"listen":"test","script":{"exec":["pm.test('Status is 200', function() {","    pm.response.to.have.status(200);","});","var json = pm.response.json();","pm.test('Has payout data', function() {","    pm.expect(json.data).to.have.property('id');","    pm.expect(json.data).to.have.property('status');","});"],"type":"text/javascript","id":"2e7fe1d8-cc63-45d8-9528-2f8d03449693"}}],"id":"92c519b5-7b7e-45bd-888a-319d6beeeb3d","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[{"key":"Authorization","value":"Bearer {{disb_token}}","type":"text"}],"url":"{{baseUrl}}/api/v1/disbursement/payouts/{{disb_payout_id}}","description":"<p>Poll the status of a payout using the <code>id</code> returned by the Initiate Payout call.</p>\n<p>The <code>{{disb_payout_id}}</code> variable is auto-saved by the Initiate Payout test scripts.</p>\n<p><strong>Payout statuses</strong></p>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Status</th>\n<th>Meaning</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><code>INITIATED</code></td>\n<td>Accepted, queued for processing</td>\n</tr>\n<tr>\n<td><code>PROCESSING</code></td>\n<td>Submitted to Paywize</td>\n</tr>\n<tr>\n<td><code>SUCCESS</code></td>\n<td>Bank transfer confirmed — <code>utr_number</code> is set</td>\n</tr>\n<tr>\n<td><code>FAILED</code></td>\n<td>Transfer failed — see <code>failure_reason</code></td>\n</tr>\n</tbody>\n</table>\n</div><p><strong>Error cases</strong></p>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Code</th>\n<th>Reason</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>400</td>\n<td>Invalid UUID format for payout id</td>\n</tr>\n<tr>\n<td>401</td>\n<td>Token missing or expired</td>\n</tr>\n<tr>\n<td>403</td>\n<td>IP not whitelisted</td>\n</tr>\n<tr>\n<td>404</td>\n<td>Payout not found (wrong id or belongs to different merchant)</td>\n</tr>\n</tbody>\n</table>\n</div>","urlObject":{"path":["api","v1","disbursement","payouts","{{disb_payout_id}}"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"17454e3c-d426-4b54-b6f6-e9ac628df44f","name":"200 – SUCCESS","originalRequest":{"method":"GET","header":[{"key":"Authorization","value":"Bearer {{disb_token}}"}],"url":""},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"{\n  \"status\": true,\n  \"message\": \"Payout retrieved successfully\",\n  \"data\": {\n    \"id\": \"7e9d3c12-a4f1-4b2e-9c3d-8e7f6a5b4c3d\",\n    \"reference_id\": \"TXN-20240301-001\",\n    \"amount\": 5000.0,\n    \"fee_amount\": 5.0,\n    \"payment_mode\": \"IMPS\",\n    \"remarks\": \"Salary March 2024\",\n    \"status\": \"SUCCESS\",\n    \"provider\": \"paywize\",\n    \"utr_number\": \"UTR123456789012\",\n    \"provider_reference_id\": \"PAYWIZE-REF-001\",\n    \"beneficiary_name\": \"a3f1c2d4e5b6a7c8d9e0f1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9a0b1c2\",\n    \"beneficiary_account\": \"b2e3d4f5a6c7b8d9e0f1a2c3b4d5e6f7a8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3\",\n    \"beneficiary_ifsc\": \"c3f4e5a6b7d8c9e0f1a2d3c4e5f6a7b8c9d0e1f2a3c4d5e6f7a8b9c0d1e2f3a4\",\n    \"business_id\": \"b1c2d3e4-f5a6-7b8c-9d0e-1f2a3b4c5d6e\",\n    \"available_balance\": 45000.0,\n    \"locked_balance\": 0.0,\n    \"initiated_at\": \"2024-03-01T10:30:00Z\",\n    \"processed_at\": \"2024-03-01T10:30:45Z\",\n    \"created_at\": \"2024-03-01T10:30:00Z\",\n    \"updated_at\": \"2024-03-01T10:30:45Z\"\n  }\n}"},{"id":"8b87f5e4-e14e-4fc2-bb3d-46b742286f54","name":"200 – INITIATED (still processing)","originalRequest":{"method":"GET","header":[{"key":"Authorization","value":"Bearer {{disb_token}}"}],"url":""},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"{\n  \"status\": true,\n  \"message\": \"Payout retrieved successfully\",\n  \"data\": {\n    \"id\": \"7e9d3c12-a4f1-4b2e-9c3d-8e7f6a5b4c3d\",\n    \"reference_id\": \"TXN-20240301-001\",\n    \"amount\": 5000.0,\n    \"fee_amount\": 5.0,\n    \"payment_mode\": \"IMPS\",\n    \"status\": \"INITIATED\",\n    \"provider\": \"paywize\",\n    \"beneficiary_name\": \"a3f1c2d4e5b6a7c8d9e0f1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9a0b1c2\",\n    \"beneficiary_account\": \"b2e3d4f5a6c7b8d9e0f1a2c3b4d5e6f7a8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3\",\n    \"beneficiary_ifsc\": \"c3f4e5a6b7d8c9e0f1a2d3c4e5f6a7b8c9d0e1f2a3c4d5e6f7a8b9c0d1e2f3a4\",\n    \"business_id\": \"b1c2d3e4-f5a6-7b8c-9d0e-1f2a3b4c5d6e\",\n    \"available_balance\": 45000.0,\n    \"locked_balance\": 5000.0,\n    \"initiated_at\": \"2024-03-01T10:30:00Z\",\n    \"created_at\": \"2024-03-01T10:30:00Z\",\n    \"updated_at\": \"2024-03-01T10:30:00Z\"\n  }\n}"},{"id":"fc9be444-00e2-4258-9156-4cc1c25f78df","name":"200 – FAILED","originalRequest":{"method":"GET","header":[{"key":"Authorization","value":"Bearer {{disb_token}}"}],"url":""},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"{\n  \"status\": true,\n  \"message\": \"Payout retrieved successfully\",\n  \"data\": {\n    \"id\": \"7e9d3c12-a4f1-4b2e-9c3d-8e7f6a5b4c3d\",\n    \"reference_id\": \"TXN-20240301-001\",\n    \"amount\": 5000.0,\n    \"fee_amount\": 5.0,\n    \"payment_mode\": \"IMPS\",\n    \"status\": \"FAILED\",\n    \"provider\": \"paywize\",\n    \"failure_reason\": \"Invalid beneficiary account number\",\n    \"beneficiary_name\": \"a3f1c2d4e5b6a7c8d9e0f1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9a0b1c2\",\n    \"beneficiary_account\": \"b2e3d4f5a6c7b8d9e0f1a2c3b4d5e6f7a8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3\",\n    \"beneficiary_ifsc\": \"c3f4e5a6b7d8c9e0f1a2d3c4e5f6a7b8c9d0e1f2a3c4d5e6f7a8b9c0d1e2f3a4\",\n    \"business_id\": \"b1c2d3e4-f5a6-7b8c-9d0e-1f2a3b4c5d6e\",\n    \"available_balance\": 50000.0,\n    \"locked_balance\": 0.0,\n    \"initiated_at\": \"2024-03-01T10:30:00Z\",\n    \"processed_at\": \"2024-03-01T10:31:00Z\",\n    \"created_at\": \"2024-03-01T10:30:00Z\",\n    \"updated_at\": \"2024-03-01T10:31:00Z\"\n  }\n}"},{"id":"346f1f04-6efa-4a67-981c-6f79d37e4ced","name":"404 – Payout not found","originalRequest":{"method":"GET","header":[{"key":"Authorization","value":"Bearer {{disb_token}}"}],"url":""},"status":"Not Found","code":404,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"{\n  \"status\": false,\n  \"message\": \"payout not found\"\n}"},{"id":"a3c60262-5eaf-4f39-8189-bd84789638df","name":"401 – Token missing / expired","originalRequest":{"method":"GET","header":[],"url":""},"status":"Unauthorized","code":401,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"{\n  \"status\": false,\n  \"message\": \"business_id not found in token\"\n}"}],"_postman_id":"92c519b5-7b7e-45bd-888a-319d6beeeb3d"}],"id":"66b7d47e-2f62-4673-a5ac-1c8ca4d529a2","description":"<h1 id=\"💸-disbursement-payout-api\">💸 Disbursement Payout API</h1>\n<p>Send money directly to any bank account in India via IMPS, NEFT, or RTGS.</p>\n<hr />\n<h2 id=\"🔑-credentials\">🔑 Credentials</h2>\n<p>Disbursement uses <strong>separate credentials</strong> from the payment collection API:</p>\n<ul>\n<li><code>client_id</code> and <code>client_secret</code> issued by SMEPay admin per merchant</li>\n<li>Token endpoint: <code>POST /api/v1/disbursement/auth</code></li>\n<li>Token TTL: <strong>1 hour</strong> (3600 seconds)</li>\n</ul>\n<hr />\n<h2 id=\"🔄-flow\">🔄 Flow</h2>\n<pre class=\"click-to-expand-wrapper is-snippet-wrapper\"><code>1. Authenticate        → Get disb_token (1 hr TTL)\n   ↓\n2. Initiate Payout     → POST /api/v1/disbursement/payouts\n   ↓                     Status = INITIATED\n3. Poll Status         → GET /api/v1/disbursement/payouts/{id}\n   OR Receive Webhook  → SMEPay POSTs to your callback URL\n   ↓\n4. Terminal Status     → SUCCESS or FAILED\n</code></pre><hr />\n<h2 id=\"🏦-payment-modes\">🏦 Payment Modes</h2>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Mode</th>\n<th>Speed</th>\n<th>Min Amount</th>\n<th>Max Amount</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><strong>IMPS</strong></td>\n<td>Instant, 24×7</td>\n<td>₹1</td>\n<td>₹5,00,000</td>\n</tr>\n<tr>\n<td><strong>NEFT</strong></td>\n<td>Batch (Mon–Sat 8AM–7PM)</td>\n<td>₹1</td>\n<td>No cap</td>\n</tr>\n<tr>\n<td><strong>RTGS</strong></td>\n<td>Real-time</td>\n<td><strong>₹2,00,000</strong></td>\n<td>No cap</td>\n</tr>\n</tbody>\n</table>\n</div><p><strong>IMPS is the primary and default mode.</strong></p>\n<hr />\n<h2 id=\"🔒-security\">🔒 Security</h2>\n<p><strong>Sensitive fields encrypted at rest (AES-256-GCM):</strong></p>\n<ul>\n<li><code>beneficiary_name</code>, <code>beneficiary_account</code>, <code>beneficiary_ifsc</code>, <code>beneficiary_email</code>, <code>beneficiary_mobile</code></li>\n<li>Format: <code>base64( 12-byte-nonce || ciphertext || 16-byte-GCM-tag )</code></li>\n<li>Each field uses a fresh random nonce — same plaintext → different ciphertext every time</li>\n</ul>\n<p><strong>Deduplication hash (SHA-256):</strong></p>\n<ul>\n<li><code>account_hash = SHA-256( business_id + ':' + account_number + ':' + ifsc )</code></li>\n<li>Deterministic lookup — SMEPay deduplicates beneficiaries without decrypting</li>\n</ul>\n<p><strong>IP Whitelisting:</strong> Enforced on all merchant calls. Test-mode businesses skip this check.</p>\n","_postman_id":"66b7d47e-2f62-4673-a5ac-1c8ca4d529a2"},{"name":"Onboarding","item":[{"name":"Auth","id":"76381540-86be-4510-a992-b0d7a076f6f3","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n    \"partner_code\": \"PARTNER_CODE\",\n    \"email\": \"EMAIL_ID\"\n}","options":{"raw":{"language":"json"}}},"url":"https://partner.smepay.in/api/partner/merchants/tsp/auth","urlObject":{"protocol":"https","path":["api","partner","merchants","tsp","auth"],"host":["partner","smepay","in"],"query":[],"variable":[]}},"response":[],"_postman_id":"76381540-86be-4510-a992-b0d7a076f6f3"},{"name":"Create Merchant","id":"542bffd7-0791-4327-8c8a-cf69011d5401","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"<token>"}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n    \"name\": \"John Doe12\",\n    \"business_name\": \"Doe Shop12\",\n    \"company_name\": \"Doe Enterprises12\",\n    \"email\": \"joh0n1235@example.com\",\n    \"mobile\": \"8593052627\"\n}","options":{"raw":{"language":"json"}}},"url":"https://partner.smepay.in/api/partner/merchants/extended","urlObject":{"protocol":"https","path":["api","partner","merchants","extended"],"host":["partner","smepay","in"],"query":[],"variable":[]}},"response":[{"id":"1a60d4c7-d809-40f4-8d9e-ee4eb62fe434","name":"Create Merchant","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n    \"name\": \"John Doe12\",\n    \"business_name\": \"Doe Shop12\",\n    \"company_name\": \"Doe Enterprises12\",\n    \"email\": \"joh0n1235@example.com\",\n    \"mobile\": \"8593052627\"\n}","options":{"raw":{"language":"json"}}},"url":"https://partner.smepay.in/api/partner/merchants/extended"},"status":"Created","code":201,"_postman_previewlanguage":null,"header":[{"key":"Date","value":"Wed, 01 Apr 2026 05:43:11 GMT"},{"key":"Content-Type","value":"application/json"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Connection","value":"keep-alive"},{"key":"Server","value":"cloudflare"},{"key":"Cache-Control","value":"no-cache, private"},{"key":"vary","value":"Origin"},{"key":"x-frame-options","value":"SAMEORIGIN"},{"key":"x-content-type-options","value":"nosniff"},{"key":"x-xss-protection","value":"1; mode=block"},{"key":"referrer-policy","value":"strict-origin-when-cross-origin"},{"key":"cf-cache-status","value":"DYNAMIC"},{"key":"Nel","value":"{\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}"},{"key":"Report-To","value":"{\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pJ3Cqu2PiFFo1f48JMx1oneXaUY3aqUO46dbKldtic7QU2FMlfYkuZ%2BHTkSISmD1ayvOrDAtZmhviyJetd06zkw1y2kre32ckYfrTYZC%2FQn0mZIXMoZaYQ05MU%2Fb%2BNFUuT52qoGq7PWijVHaxmY0Zg%3D%3D\"}]}"},{"key":"CF-RAY","value":"9e554655cab9b5bf-MAA"},{"key":"alt-svc","value":"h3=\":443\"; ma=86400"}],"cookie":[],"responseTime":null,"body":"{\n    \"message\": \"Merchant created successfully\",\n    \"business_id\": \"bc6681fd-4090-44d0-9ec5-0034741f268c\",\n    \"kyc_url\": \"https://kyc.smepay.in/kyc/bc6681fd-4090-44d0-9ec5-0034741f268c\"\n}"}],"_postman_id":"542bffd7-0791-4327-8c8a-cf69011d5401"}],"id":"03dcea81-9c55-4183-899a-273471d0d077","_postman_id":"03dcea81-9c55-4183-899a-273471d0d077","description":""}],"variable":[{"key":"base_url","value":"https://extranet.smepay.in","type":"string"},{"key":"client_id","value":"","type":"string"},{"key":"client_secret","value":"","type":"string"},{"key":"access_token","value":"","type":"string"},{"key":"external_order_id","value":"EXT-2025-0001","type":"string"},{"key":"slug","value":"","type":"string"},{"key":"callback_url","value":"https://your.app/webhook","type":"string"},{"key":"amount","value":"100.50","type":"string"}]}