Welcome to the Vepuy API! Our API allows you to access multiple endpoints, generate and manage payments using different methods, as well as retrieve information related to payments.
The API is designed around REST principles, featuring predictable URLs and a resource-oriented approach. It utilizes standard HTTP response codes to convey the outcome of API requests. All API responses are in JSON format, even in the case of errors.
When making requests, users should expect a 200 status code for successful operations. Any status code other than 200 indicates either an invalid request or an issue with the response. This typically occurs when the provided data fails validation checks performed by Vepuy.
If you have an account with Vepuy, you can access the REST API through the following endpoints:
| Environment | Base URL |
|---|---|
| Production | https://api.vepuy.com/ |
| Sandbox | https://sandbox-api.vepuy.com/ |
The Production endpoint provides direct access for generating real transactions. The Sandbox endpoint allows you to test your integration without affecting real data.
To interact with the API, you need to authenticate using the Bearer authentication scheme. Follow these steps to authenticate with the API:
Remember to replace your_public_token and your_private_token with the access keys provided for your application.
Get your access keys: Before you can authenticate, you must obtain your unique access keys provided by Vepuy. This includes a Public Token and a Private Token.
Include authentication headers: In every API request you make, you must include the following authentication headers:
Authorization: This header should contain "Bearer" followed by your Public Token.Example:
Authorization: Bearer your_public_tokenDate: This header should contain the timestamp in the format "YYYY-MM-DDTHH:MM:SSZ" in UTC. Ensure that the timestamp is not more than 5 minutes different from the current time.Example in JavaScript:
const date = new Date().toISOString();Example in PHP:
$date = gmdate("Y-m-d\TH:i:s\Z");Example in Python:
from datetime import datetime date = datetime.utcnow().isoformat()Sign: This header should contain a signature generated using HMAC-SHA256 with your Private Token and the timestamp (Date).Example in JavaScript:
const crypto = require('crypto'); const date = new Date().toISOString(); const your_private_token = 'your_private_token'; const message = date; const key = Buffer.from(your_private_token, 'utf-8'); const hmac = crypto.createHmac('sha256', key); hmac.update(message); const sign = hmac.digest('hex');Example in PHP:
$sign = hash_hmac('sha256', $date, $your_private_token);Example in Python:
import hashlib import hmac import time your_private_token = 'your_private_token' # Reemplaza con tu token privado date = time.strftime('%Y-%m-%dT%H:%M:%SZ', time.gmtime()) message = date.encode('utf-8') # Genera la firma HMAC-SHA256 signature = hmac.new(your_private_token.encode('utf-8'), message, hashlib.sha256).hexdigest()
- Make the request: After including the authentication headers, you can securely make the request.
Examples in Various Programming Languages
Below are examples of how to implement authentication in different programming languages:
JavaScript:
const date = new Date().toISOString(); const sign = crypto.createHmac('sha256', yourPrivateToken).update(date).digest('hex'); const headers = { 'Authorization': `Bearer ${yourPublicToken}`, 'Date': date, 'Sign': sign };PHP:
$date = gmdate("Y-m-d\TH:i:s\Z"); $sign = hash_hmac('sha256', $date, $your_private_token); $headers = [ 'Authorization' => 'Bearer ' . $your_public_token, 'Date' => $date, 'Sign' => $sign ];Python:
import hashlib import hmac import datetime date = datetime.datetime.utcnow().strftime('%Y-%m-%dT%H:%M:%SZ') private_key = "your_private_token" public_key = "your_public_token" message = date.encode('utf-8') secret_key = private_key.encode('utf-8') signature = hmac.new(secret_key, message, hashlib.sha256).hexdigest() headers = { 'Authorization': f'Bearer {public_key}', 'Date': date, 'Sign': signature }
If you have an account with Vepuy, you can access the REST API through the following endpoints:
| Environment | Base URL |
|---|---|
| TokenPublic | prkey-5bb2191b1333-086f3d324e9f-20958482 |
| TokenPrivate | prscr-d938c621cd39-76ced650dae7-63c13446 |
This example provides clear instructions on how to authenticate with the API and includes examples in different programming languages, including PHP. Be sure to replace your_public_token and your_private_token with the access keys provided for your application.
Create
This method allows you to create a payment order.
The id and token fields returned in this response must be stored securely
by the merchant to control the transaction.
As for redirect_url, it is the URL to which the user should be redirected.
Once the payer completes the payment, the result will be notified to the merchant endpoint that was provided in the urlnotify parameter, if it exists.
header Parameters
| Authorization required | string The Authorization header containing the Bearer token. |
| Date required | string The Date header containing the timestamp in "AAAA-MM-DDTHH:MM:SSZ" format. |
| Sign required | string The Sign header containing the HMAC-SHA256 signature. |
Request Body schema: application/jsonrequired
| email required | string <email> User's email, must be a valid email address. |
| order required | string^[a-zA-Z0-9]*$ Unique order identifier, alphanumeric without spaces. |
| amount required | integer amount, integers only. |
| payment | string Default: "all" Type of payment. Consult allowed codes. |
| document | string User's DNI, optional, specific format required (e.g., V18765123). |
| phone | string^(0412|0414|0424|0416|0426)[0-9]{7}$ User's phone number, optional, specific format required (e.g., 04121234567). |
| currency | string Default: "VES" Currency in ISO alphanumeric format, optional. |
| subject required | string^[a-zA-Z0-9 ]*$ Description of the product or service, alphanumeric and spaces only. |
| urlnotify | string <uri> Callback URL for notifications, optional, must be a valid URL. |
| urlreturn_failed required | string <uri> Return URL for failed payments, must be a valid URL. |
| urlreturn_pending required | string <uri> Return URL for pending payments, must be a valid URL. |
| urlreturn_success required | string <uri> Return URL for successful payments, must be a valid URL. |
Responses
Request samples
- Payload
{- "order": "AZ999",
- "amount": 0,
- "payment": "01021",
- "document": "V21876543",
- "phone": "04241876543",
- "currency": "VES",
- "subject": "Sale of product or service",
}Response samples
- 200
{- "id": 123456789012345,
- "token": "dvtrx-123456789012-123456789012-01245678",
- "status": "register",
- "created_at": "2021-02-03 04:05:06",
- "redirect_url": "/payment/dvtrx-123456789012-123456789012-01245678",
- "commerce": {
- "order": "AZ999",
- "subject": "Sale of product or service",
- "amount": 0,
- "currency": "VES",
}, - "payment": {
- "start": null,
- "end": null,
- "amount": 0,
- "fee": 0,
- "authorization": null,
- "currency": "VES",
- "deposit": {
- "date": null,
- "liquidate": null
}
}, - "payer": {
- "dni": null,
- "phone": null
}
}Get
This method allows you to retrieve payment details by providing the payment token in the URL path.
path Parameters
| token required | string The payment token obtained from a previous payment request. |
header Parameters
| Authorization required | string The Authorization header containing the Bearer token. |
| Date required | string The Date header containing the timestamp in "AAAA-MM-DDTHH:MM:SSZ" format. |
| Sign required | string The Sign header containing the HMAC-SHA256 signature. |
Responses
Response samples
- 200
{- "id": 123456789012345,
- "token": "dvtrx-123456789012-123456789012-01245678",
- "status": "register",
- "created_at": "2021-02-03 04:05:06",
- "redirect_url": "/payment/dvtrx-123456789012-123456789012-01245678",
- "commerce": {
- "order": "AZ999",
- "subject": "Sale of product or service",
- "amount": 0,
- "currency": "VES",
}, - "payment": {
- "start": null,
- "end": null,
- "amount": 0,
- "fee": 0,
- "authorization": null,
- "currency": "VES",
- "deposit": {
- "date": null,
- "liquidate": null
}
}, - "payer": {
- "dni": null,
- "phone": null
}
}All
This method allows you to retrieve a list of transactions based on specified criteria.
query Parameters
| start_date | string <date> The start date for filtering transactions (e.g., 2022-01-01). |
| end_date | string <date> The end date for filtering transactions (e.g., 2032-03-01). |
| page | integer >= 1 The page number for pagination (e.g., 1). |
| per_page | integer [ 1 .. 5000 ] The number of records to return per page (e.g., 5000, maximum is 5000). |
header Parameters
| Authorization required | string The Authorization header containing the Bearer token. |
| Date required | string The Date header containing the timestamp in "AAAA-MM-DDTHH:MM:SSZ" format. |
| Sign required | string The Sign header containing the HMAC-SHA256 signature. |
Responses
Response samples
- 200
[- {
- "id": 123456789012345,
- "token": "dvtrx-123456789012-123456789012-01245678",
- "status": "register",
- "created_at": "2021-02-03 04:05:06",
- "redirect_url": "/payment/dvtrx-123456789012-123456789012-01245678",
- "commerce": {
- "order": "AZ999",
- "subject": "Sale of product or service",
- "amount": 0,
- "currency": "VES",
}, - "payment": {
- "start": null,
- "end": null,
- "amount": 0,
- "fee": 0,
- "authorization": null,
- "currency": "VES",
- "deposit": {
- "date": null,
- "liquidate": null
}
}, - "payer": {
- "dni": null,
- "phone": null
}
}
]Create
This method allows you to create a payment order.
The token fields returned in this response must be stored securely
by the merchant to control the transaction.
Once the payment is executed, the result will be notified to the merchant endpoint provided in the urlnotify parameter, if it exists.
header Parameters
| Authorization required | string The Authorization header containing the Bearer token. |
| Date required | string The Date header containing the timestamp in "AAAA-MM-DDTHH:MM:SSZ" format. |
| Sign required | string The Sign header containing the HMAC-SHA256 signature. |
Request Body schema: application/jsonrequired
| email required | string <email> User's email, must be a valid email address. |
| phone required | string^(0412|0414|0424|0416|0426)[0-9]{7}$ User's phone number, optional, specific format required (e.g., 04121234567). |
| order required | string^[a-zA-Z0-9]*$ Unique order identifier, alphanumeric without spaces. |
| subject required | string^[a-zA-Z0-9 ]*$ Description of the product or service, alphanumeric and spaces only. |
| amount required | integer amount, integers only. |
required | object |
| urlnotify required | string <uri> Callback URL for notifications, optional, must be a valid URL. |
Responses
Request samples
- Payload
{- "phone": "04121234567",
- "order": "AZ999",
- "subject": "Abono",
- "amount": 0,
- "bank": {
- "name": "Client",
- "code": "0000",
- "document": "V21876543",
- "num": 4241876543
},
}Response samples
- 200
{- "id": 123456789,
- "token": "P987654321",
- "status": "register"
}Get
This method allows you to retrieve payment details by providing the payment token in the URL path.
path Parameters
| token required | string The payment token obtained from a previous payment request. |
header Parameters
| Authorization required | string The Authorization header containing the Bearer token. |
| Date required | string The Date header containing the timestamp in "AAAA-MM-DDTHH:MM:SSZ" format. |
| Sign required | string The Sign header containing the HMAC-SHA256 signature. |
Responses
Response samples
- 200
{- "id": "P987654321",
- "status": "register",
- "created_at": "2040-01-02 03:04:05",
- "commerce": {
- "phone": "04241876543",
- "order": "AZ999",
- "subject": "Sale of product or service",
- "amount": 0,
- "bank": {
- "name": "Name",
- "document": "21876543",
- "document_type": "V",
- "code": "0000",
- "type": null,
- "num": "04241876543",
- "methoad": "mobile"
},
}, - "wallet": {
- "payout": {
- "id": "WP987654321",
- "create_at": "2040-01-02 03:04:05",
- "type": "expense",
- "subject": "Cargo payout - WP987654321",
- "amount": 0,
- "currency": "VES",
- "deposit": {
- "date": null,
- "amount": 0
}
}, - "payout_tax": {
- "id": "WPT87654321",
- "create_at": "2040-01-02 03:04:05",
- "type": "expense",
- "subject": "Cargo tax payout - WPT87654321",
- "amount": 0,
- "currency": "VES"
}
}
}All
This method allows you to retrieve a list of transactions based on specified criteria.
query Parameters
| start_date | string <date> The start date for filtering transactions (e.g., 2022-01-01). |
| end_date | string <date> The end date for filtering transactions (e.g., 2032-03-01). |
| page | integer >= 1 The page number for pagination (e.g., 1). |
| per_page | integer [ 1 .. 5000 ] The number of records to return per page (e.g., 5000, maximum is 5000). |
header Parameters
| Authorization required | string The Authorization header containing the Bearer token. |
| Date required | string The Date header containing the timestamp in "AAAA-MM-DDTHH:MM:SSZ" format. |
| Sign required | string The Sign header containing the HMAC-SHA256 signature. |
Responses
Response samples
- 200
[- {
- "id": "P987654321",
- "status": "register",
- "created_at": "2040-01-02 03:04:05",
- "commerce": {
- "phone": "04241876543",
- "order": "AZ999",
- "subject": "Sale of product or service",
- "amount": 0,
- "bank": {
- "name": "Name",
- "document": "21876543",
- "document_type": "V",
- "code": "0000",
- "type": null,
- "num": "04241876543",
- "methoad": "mobile"
},
}, - "wallet": {
- "payout": {
- "id": "WP987654321",
- "create_at": "2040-01-02 03:04:05",
- "type": "expense",
- "subject": "Cargo payout - WP987654321",
- "amount": 0,
- "currency": "VES",
- "deposit": {
- "date": null,
- "amount": 0
}
}, - "payout_tax": {
- "id": "WPT87654321",
- "create_at": "2040-01-02 03:04:05",
- "type": "expense",
- "subject": "Cargo tax payout - WPT87654321",
- "amount": 0,
- "currency": "VES"
}
}
}
]