{"activeVersionTag":"latest","latestAvailableVersionTag":"latest","collection":{"info":{"_postman_id":"8e5c1399-9620-4f68-b360-612223570f96","name":"Merchant API (v2.0)","description":"In order to use Merchant public API, user will have to go through few simple steps:\n\n- API key and API secret\n- HMAC authorization header\n    \n\n<h4>API key and API secret</h4>\n\nTo use Verifo Public API, user will need to obtain API key and secret, which are passed to Verifo Public API with every request.  \nIn order to obtain API key and secret, please contact Verifo support.\n\n<h4>HMAC authorization header</h4>\n\nOnce user obtained API key and secret, it is all set up! Now, the only thing left is to form HMAC Authorization header. HMAC Authorization header is formed like this:\n\n**Authorization: VERSION+'-HMAC-SHA512 Key='+CLIENT_KEY+',Signature='+HmacSHA512(queryString+'|'+bodyString, SECRET_KEY)**\n\nTo generate HMAC header, follow these simple steps:\n\n1. Append query parameters as a string with '|' (pipe) and append body parameters as a string (queryString|bodyString).\n2. Encode the result by HmacSHA512 with secret, which is API secret provided by Verifo support.\n3. Finally, insert the result from step 2 and other variables into formula provided on top. Don't forget to add your API key provided by Verifo support, and API version (uppercase), which is currently '{{version}}'.\n    \n\n```\nNext, we will show how to retrieve body and query strings.  \n\n ```\n\nvar CLIENT_KEY = client_api_key; // key obtained from Verifo support  \nvar SECRET_KEY = client_api_secret; // secret obtained from Verifo support  \nvar VERSION = postman.getEnvironmentVariable('version').toUpperCase(); // version of API, provided with environment variables  \nvar TIMESTAMP = Math.floor(Date.now() / 1000) + 6; // timestamp in seconds  \nvar NONCE = Math.floor((Date.now() + Math.random()) \\* 100); // unique nonce (unique request id)\n\n```\n**bodyString** - simply take whole request body as a string. if there is no body, or it is empty, treat bodyString as ''.  \n**queryString** - query string consists of everything except domain. '/api/' prefix, version, and path, also all parameters from request url separated by '&' sign (for example: 'limit=10&nonce=12345678945'). query string should never be empty  \n\n ```\n\nvar message = queryString + '|' + bodyString; // merge parameters from url and body\n\n```\nTake message and encode it with HmacSHA512 using SECRET_KEY:  \n\n ```\n\nvar hmacDigest = CryptoJS.enc.Hex.stringify(CryptoJS.HmacSHA512(message, SECRET_KEY));\n\n```\nFinally, put all of the variables together to form HMAC authorization header:  \n\n ```\n\nvar headerValue = VERSION+'-HMAC-SHA512 Key='+CLIENT_KEY+',Signature='+hmacDigest;\n\n```\n**That's it! User can now use 'headerValue' variable value for Authorization header to communicate with Verifo Public API.**  \n---\n_Here is the complete example of HMAC authorization header in JS (it is included in Postman Pre-request scripts, so this API is ready to use out of the box):  \n_\n\n ```\n\n``` javascript\nfunction getQueryString(url, variables, HOST) {\n    for (let variable in variables) {\n        url = url.replace('{{' + variable + '}}', variables[variable]);\n    }\n    return url.replace(HOST,'');\n}\nfunction getBodyString(data, variables) {\n    for (let variable in variables) {\n        data = data.replace('{{' + variable +'}}', variables[variable]);\n    }\n    obj = JSON.parse(data);\n    if (Object.keys(obj).length === 0) {\n        return '';\n    } else {\n        return data;\n    }\n}\nfunction getNonce() {\n  return Math.floor((Date.now() + Math.random()) * 100);\n}\nfunction getTimestamp() {\n  return Math.floor(Date.now() / 1000) + 6;\n}\nfunction getHmacHash(request, postman) {\n    let CLIENT_KEY = postman.getEnvironmentVariable('apiKey');\n    let SECRET_KEY = postman.getEnvironmentVariable('apiSecret');\n    let VERSION = postman.getEnvironmentVariable('version').toUpperCase();\n    let HOST = postman.getEnvironmentVariable('host');\n    postman.setEnvironmentVariable('timestamp', getTimestamp());\n    postman.setEnvironmentVariable('nonce', getNonce());\n    let variables = postman.__environment;\n    let queryString = getQueryString(request['url'], variables, HOST);\n    postman.setEnvironmentVariable('queryParams', queryString);\n    let bodyString = '';\n    if (request['data'] && request['data'].length) {\n        bodyString = getBodyString(request['data'], variables);\n    }\n    postman.setEnvironmentVariable('bodyParams', bodyString);\n    let message = queryString+'|'+bodyString;\n    let hmacDigest = CryptoJS.enc.Hex.stringify(CryptoJS.HmacSHA512(message, SECRET_KEY));\n    let headerValue = VERSION+'-HMAC-SHA512 Key='+CLIENT_KEY+',Signature='+hmacDigest;\n    return headerValue;\n}\npostman.setEnvironmentVariable('hmacAuthHeader', getHmacHash(request, postman));\n\n ```\n\n# Change Log\n\n| Version | Date | Updates |\n| --- | --- | --- |\n| 2.0.4 | 2025-09-25 | Added endpoints to verify if beneficiary is owner of account number [Payee Verification](#eec84a61-68cd-4c96-9377-12b1a30bb722). Added **payeeVerificationId** property to transaction. [Create transaction](#b7ccddc3-f8a3-4df1-9b14-7b6376bc5aea) |\n| 2.0.3 | 2025-06-18 | Added **Change Policy** |\n| 2.0.3 | 2024-09-11 | Added **\"block\"** property to **walletCurrencyList**. |\n| 2.0.2 | 2023-08-14 | Removed transaction statuses **unapproved** and **frozen** |\n| 2.0.1 | 2023-03-31 | Updated account statuses |\n| 2.0.0 | 2022-07-11 | Released version v2.0.0 |\n\n# Change Policy\n\n## Purpose\n\nThis policy outlines the procedures and guidelines for managing changes to Application Programming Interfaces (APIs) developed and maintained by UAB Verified Payments. The goal is to ensure stability, backward compatibility and clear communication to API clients.\n\n## Versioning Strategy\n\nAll API changes are categorized into breaking or non-breaking changes. We make every effort to implement changes as non-breaking, and do not generally notify clients about non-breaking changes. However, there are situations that may require breaking changes, for such cases clients will be contacted with necessary information.\n\n## Change Categories\n\n### **Breaking changes**\n\n- Removal of API or functionality\n- Removal of property from the request (even if they are considered optional)\n- Addition of new mandatory property to the request\n- Addition of new mandatory query parameter\n- Change of the URI of the API, such as host name, port or path\n- Change of request or response property name\n- Change of property data type\n- Change of the structure in request or response\n- Change of request validation logic, making it more restrictive\n- Change of error code in the response (e.g. IncorrectParameter -> InvalidParameter)\n- Change of already supported enumerated values or meaning of those values\n- Change of default behaviour when calling without newly added query parameters\n- Making of a previously optional properties in request mandatory\n- Making of headers in request mandatory\n    \n\n### Non-breaking changes\n\n- Removal or loosening of constraint for input property validated via server-side business logic\n- Addition of new functionality or new API\n- Addition of new optional request property or nested property to existing API methods\n- Addition of new properties to existing API responses\n- Addition of new optional header parameters\n- Addition of new optional query parameters\n- Addition of new event types\n- Addition of new error messages and error details while keeping old error code\n- Change of error response message and details while keeping old error code\n- Change of the order of properties in existing API responses\n- Change of mandatory fields to optional fields in an existing API\n- Reducing or extending of enumeration range (when parameters for range control are not used)\n- Change of rate limiting rules\n    \n\n## Deprecation Policy\n\nDeprecated features will be announced via:\n\n- API change log\n    \n\nDeprecated endpoints will remain functional for a minimum of **3 months** before removal.\n\n## **Change Notification**\n\nAll changes must be documented in the API change log.\n\n- For breaking changes, consumers must be notified **3 months** in advance.\n- For breaking changes, that are related to regulator **1 months** in advance.\n    \n\nCommunication channels may include:\n\n- Email notifications\n    \n\n# Enum Values\n\n## General\n\n### Parameter requirement\n\n| Value | Description |\n| --- | --- |\n| Y | Mandatory |\n| N | Optional |\n| C | Conditional |\n\n## Wallet\n\n### Wallet status\n\n| Value | Description |\n| --- | --- |\n| active | Active |\n| suspended | Suspended |\n| frozen | Frozen |\n| disabled | Disabled |\n\n## Transaction\n\n### Transaction direction\n\n| Value | Description |\n| --- | --- |\n| incoming | Incoming |\n| outgoing | Outgoing |\n\n### Transaction status\n\n| Value | Description |\n| --- | --- |\n| created | Created |\n| pending | Pending |\n| system_approved | Approved by system |\n| manual_approval | Approved by admin |\n| processed | Processed |\n| failed | Failed |\n| completed | Completed |\n| rejected | Rejected |\n| refund | Refund |\n\n## Webhook\n\n### Webhook type\n\n| Value | Description |\n| --- | --- |\n| balance_update | Balance update |\n| wallet_create | After wallet is created |","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","isPublicCollection":false,"owner":"12483031","team":1232237,"collectionId":"8e5c1399-9620-4f68-b360-612223570f96","publishedId":"TzY4fapo","public":true,"publicUrl":"https://documenter-api.postman.tech/view/12483031/TzY4fapo","privateUrl":"https://go.postman.co/documentation/12483031-8e5c1399-9620-4f68-b360-612223570f96","customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"0A9CA6"},"documentationLayout":"classic-double-column","customisation":{"metaTags":[{"name":"description","value":""},{"name":"title","value":""}],"appearance":{"default":"light","themes":[{"name":"dark","logo":null,"colors":{"top-bar":"212121","right-sidebar":"303030","highlight":"FF6C37"}},{"name":"light","logo":null,"colors":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"0A9CA6"}}]}},"version":"8.10.1","publishDate":"2023-09-28T08:22:57.000Z","activeVersionTag":"latest","documentationTheme":"light","metaTags":{"title":"","description":""},"logos":{"logoLight":null,"logoDark":null}},"statusCode":200},"environments":[{"name":"production - v2.0","id":"de305d90-985c-47a5-a0a0-85f30b515e26","owner":"12483031","values":[{"key":"host","value":"https://api.verifo.com","enabled":true},{"key":"version","value":"v2.0","enabled":true},{"key":"apiKey","value":"apiKey","enabled":true},{"key":"apiSecret","value":"apiSecret","enabled":true},{"key":"hmacAuthHeader","value":"V2.0-HMAC-SHA512 Key=apiKey,Signature=1580a3ab8871482426fb80ef14423925a1140e89aacbaa91c02933629b9dfc7195ed3ff0f92680b0c22c80fc002cae99e0a246b02dcf4b558ce8fe5f2ab62ba1","enabled":true},{"key":"timestamp","value":"1598415974","enabled":true},{"key":"nonce","value":"159841596895764","enabled":true},{"key":"bodyParams","value":"","enabled":true},{"key":"queryParams","value":"","enabled":true}],"published":true}],"user":{"authenticated":false,"permissions":{"publish":false}},"run":{"button":{"js":"https://run.pstmn.io/button.js","css":"https://run.pstmn.io/button.css"}},"web":"https://www.getpostman.com/","team":{"logo":"https://res.cloudinary.com/postman/image/upload/t_team_logo_pubdoc/v1/team/33021a61858c2f0536e8ff67a24f12ad28995e6008254913c80ed9df0f55e3a2","favicon":"https://res.cloudinary.com/postman/image/upload/v1598346860/team/xyjj8m8llcb4eoy2fy6h.ico"},"isEnvFetchError":false,"languages":"[{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"HttpClient\"},{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"RestSharp\"},{\"key\":\"curl\",\"label\":\"cURL\",\"variant\":\"cURL\"},{\"key\":\"dart\",\"label\":\"Dart\",\"variant\":\"http\"},{\"key\":\"go\",\"label\":\"Go\",\"variant\":\"Native\"},{\"key\":\"http\",\"label\":\"HTTP\",\"variant\":\"HTTP\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"OkHttp\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"Unirest\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"Fetch\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"jQuery\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"XHR\"},{\"key\":\"c\",\"label\":\"C\",\"variant\":\"libcurl\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Axios\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Native\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Request\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Unirest\"},{\"key\":\"objective-c\",\"label\":\"Objective-C\",\"variant\":\"NSURLSession\"},{\"key\":\"ocaml\",\"label\":\"OCaml\",\"variant\":\"Cohttp\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"cURL\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"Guzzle\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"HTTP_Request2\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"pecl_http\"},{\"key\":\"powershell\",\"label\":\"PowerShell\",\"variant\":\"RestMethod\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"http.client\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"Requests\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"httr\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"RCurl\"},{\"key\":\"ruby\",\"label\":\"Ruby\",\"variant\":\"Net::HTTP\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"Httpie\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"wget\"},{\"key\":\"swift\",\"label\":\"Swift\",\"variant\":\"URLSession\"}]","languageSettings":[{"key":"csharp","label":"C#","variant":"HttpClient"},{"key":"csharp","label":"C#","variant":"RestSharp"},{"key":"curl","label":"cURL","variant":"cURL"},{"key":"dart","label":"Dart","variant":"http"},{"key":"go","label":"Go","variant":"Native"},{"key":"http","label":"HTTP","variant":"HTTP"},{"key":"java","label":"Java","variant":"OkHttp"},{"key":"java","label":"Java","variant":"Unirest"},{"key":"javascript","label":"JavaScript","variant":"Fetch"},{"key":"javascript","label":"JavaScript","variant":"jQuery"},{"key":"javascript","label":"JavaScript","variant":"XHR"},{"key":"c","label":"C","variant":"libcurl"},{"key":"nodejs","label":"NodeJs","variant":"Axios"},{"key":"nodejs","label":"NodeJs","variant":"Native"},{"key":"nodejs","label":"NodeJs","variant":"Request"},{"key":"nodejs","label":"NodeJs","variant":"Unirest"},{"key":"objective-c","label":"Objective-C","variant":"NSURLSession"},{"key":"ocaml","label":"OCaml","variant":"Cohttp"},{"key":"php","label":"PHP","variant":"cURL"},{"key":"php","label":"PHP","variant":"Guzzle"},{"key":"php","label":"PHP","variant":"HTTP_Request2"},{"key":"php","label":"PHP","variant":"pecl_http"},{"key":"powershell","label":"PowerShell","variant":"RestMethod"},{"key":"python","label":"Python","variant":"http.client"},{"key":"python","label":"Python","variant":"Requests"},{"key":"r","label":"R","variant":"httr"},{"key":"r","label":"R","variant":"RCurl"},{"key":"ruby","label":"Ruby","variant":"Net::HTTP"},{"key":"shell","label":"Shell","variant":"Httpie"},{"key":"shell","label":"Shell","variant":"wget"},{"key":"swift","label":"Swift","variant":"URLSession"}],"languageOptions":[{"label":"C# - HttpClient","value":"csharp - HttpClient - C#"},{"label":"C# - RestSharp","value":"csharp - RestSharp - C#"},{"label":"cURL - cURL","value":"curl - cURL - cURL"},{"label":"Dart - http","value":"dart - http - Dart"},{"label":"Go - Native","value":"go - Native - Go"},{"label":"HTTP - HTTP","value":"http - HTTP - HTTP"},{"label":"Java - OkHttp","value":"java - OkHttp - Java"},{"label":"Java - Unirest","value":"java - Unirest - Java"},{"label":"JavaScript - Fetch","value":"javascript - Fetch - JavaScript"},{"label":"JavaScript - jQuery","value":"javascript - jQuery - JavaScript"},{"label":"JavaScript - XHR","value":"javascript - XHR - JavaScript"},{"label":"C - libcurl","value":"c - libcurl - C"},{"label":"NodeJs - Axios","value":"nodejs - Axios - NodeJs"},{"label":"NodeJs - Native","value":"nodejs - Native - NodeJs"},{"label":"NodeJs - Request","value":"nodejs - Request - NodeJs"},{"label":"NodeJs - Unirest","value":"nodejs - Unirest - NodeJs"},{"label":"Objective-C - NSURLSession","value":"objective-c - NSURLSession - Objective-C"},{"label":"OCaml - Cohttp","value":"ocaml - Cohttp - OCaml"},{"label":"PHP - cURL","value":"php - cURL - PHP"},{"label":"PHP - Guzzle","value":"php - Guzzle - PHP"},{"label":"PHP - HTTP_Request2","value":"php - HTTP_Request2 - PHP"},{"label":"PHP - pecl_http","value":"php - pecl_http - PHP"},{"label":"PowerShell - RestMethod","value":"powershell - RestMethod - PowerShell"},{"label":"Python - http.client","value":"python - http.client - Python"},{"label":"Python - Requests","value":"python - Requests - Python"},{"label":"R - httr","value":"r - httr - R"},{"label":"R - RCurl","value":"r - RCurl - R"},{"label":"Ruby - Net::HTTP","value":"ruby - Net::HTTP - Ruby"},{"label":"Shell - Httpie","value":"shell - Httpie - Shell"},{"label":"Shell - wget","value":"shell - wget - Shell"},{"label":"Swift - URLSession","value":"swift - URLSession - Swift"}],"layoutOptions":[{"value":"classic-single-column","label":"Single Column"},{"value":"classic-double-column","label":"Double Column"}],"versionOptions":[],"environmentOptions":[{"value":"0","label":"No Environment"},{"label":"production - v2.0","value":"12483031-de305d90-985c-47a5-a0a0-85f30b515e26"}],"canonicalUrl":"https://documenter.gw.postman.com/view/metadata/TzY4fapo"}