Last updated

Instant Payments API

Description

Khipu's API for creating and receiving payments allows collectors (individuals or organizations) with an active collection account on Khipu to generate payments.

The process of creation, payment, and validation is as follows:

  1. The collector generates a payment using the API and displays a button for purchase.
  2. The payer clicks the payment button on the website or a payment link in an email or other medium and pays using Khipu.
  3. The payer is redirected to the return page defined by the collector, where it should indicate that the payment is being verified (or to the failure page if the payment could not be made).
  4. A few moments later, Khipu verifies the transaction and notifies the payer by email. Additionally, the merchant is notified by email and/or through the invocation of a web service.
  5. The collector validates the payment notification and delivers the traded goods to the payer (or discards the notification if it is invalid).

flujo-api

¡Important!
In the third step, the payer is redirected to a return page (3a) or the possibility of payment abandonment (3b). Success means that the transfer is in the verification process, but this does not mean that it has been successfully completed yet. It is essential to complete the verification in step 5 before delivering the product or service. The same applies to rejection; the user still has instances to resume the payment and complete it.

Collect account

When a person creates a user account on Khipu, a "collection account" will automatically be created for them. This collect account is where payments received from other individuals will be associated.

To start receiving payments, it's necessary to activate this collection account by linking it to a bank account. The bank account is where the daily proceeds will be deposited on the next business day. This bank account can be changed later and will affect all payments that have not yet been settled.

Initially, a collection account does not have a bank account associated with it. To link a bank account, you should go to your Khipu account and try to create a payment request. The system will prompt you to complete a payment using that bank account to ensure that you have access to it. The payment amount will be refunded on the next business day.

¡Important!
If the new collection account is associated with an individual, the account will have a maximum amount of $50,000 per payment (in Chile). To increase this amount, you must contact us at soporte@khipu.com.

Multiple Collection Accounts

A user account on Khipu can create (or have access to) multiple collection accounts. This is useful, for example, to have different businesses, each with its own collect account. Each collection account must have its bank account configured, but multiple collection accounts can share the data of the same bank account where the money will be settled.

Credentials

Every collection account has credentials that allow the use of the REST API. These credentials are generated when the collection account is created.

This new version of the API no longer requires requests to be signed, as the authentication and authorization process is handled by a secret API key associated with the collection account, which must be sent in a special header (x-api-key) in each request. Due to the level of access it provides, the key should not be shared with anyone. You can always create a new key that will invalidate the old one if you want to change it; the process is completely self-managed, and you can review the details in the section Authentication.

However, it is important to know how to locate the "Collection Account ID," which can be useful for expediting a support ticket.

Attention
Version 2.0 of the API will continue to function, so it is important to keep the collect account's secret key secure.

Security

In the creation and validation of a payment, two different security mechanisms are used. On one hand, Khipu uses an extended validation certificate that allows the collector to always know that they are effectively communicating with Khipu's official servers. Additionally, for this new version of the API, the x-api-key header allows the generator of the payment to be unequivocally identified.

Testing Environment and Transition to Production

In this section, we show you the necessary steps to start integrating Khipu into your site. The most important thing to note is that, during the development and testing process, you should use credentials from development collection accounts. Only when your site is ready and the integration is prepared to make real payments should you switch to production collection account credentials.

Collection Account in Developer Mode

Khipu does not have a separate testing version from the production version like other platforms. Instead, the API and servers of the main platform are used. To perform development tests, a "developer collecting account" is used. These billing accounts are identical to normal ones but have some differences:

The associated current accounts are not real as no real money is settled. They are created only for testing purposes. Payments generated with them can only be paid using test banks.

To create a development account, you must follow these steps:

  • Register as a user here: https://khipu.com/user/register
  • Go to your user profile on Khipu
  • In "Developer Options" activate developer mode.
  • Then go to settings and choose "Collection Accounts"
  • Now a button "Create account in developer mode" will appear.

Now that you have a development account, all you need is the API key. The process is self-service; in the "Account Options" panel, "Integrating Khipu into your website" section, review the Autenticación section for more details.

Testing Bank

Development collection accounts can only receive payments from Test Banks. These banks are created by Khipu for testing purposes.

The test bank allows you to test that the payment process is complete, including going to the bank and depositing to Khipu or using simplified transfer. Since these banks do not operate with real money, you can make as many transfers as you want because the balance never runs out.

Additionally, these banks have on-screen instructions to enter, fill in passwords, and authorize transfers.

Internet Access

To access Khipu's REST API, you need to have an internet connection. This is necessary to create and modify payments.

Whenever Khipu receives a payment, the merchant is notified so that they can deliver the product or service to the customer. This notification can be via email or using the instant notification API. The recommended mechanism is the instant notification because it does not require human intervention once it is well configured. These notifications are invocations that Khipu must make to a web service on the merchant's website, which is why this web service must be visible from the internet. Refer to Webhook for notifications for details on how to use the notification API.

Common Use Case

Let's analyze the most common use case of the REST API, which is making a payment on a web store to purchase a product. The most common flow has the following steps:

  • The customer selects their products and chooses to pay.
  • The merchant creates a payment using the REST API.
  • The merchant sends the customer to pay in Khipu website.
  • The customer pays.
  • The customer is redirected to the merchant's website and waits a few moments while Khipu verifies the payment.
  • The payment is verified, and the merchant is notified via web service.
  • The merchant delivers the product or service.

Now let's look at the steps where integration with Khipu is necessary:

Create a payment

Important Information
The API 3.0 specification is built following the definitions of OpenAPI, so you can build complete clients in one of the over 50 languages supported by the openapi-generator tool, a process explained in the Code Generation section.

POST /payments

After the customer selects their products and chooses to pay, the payment process begins. Most e-commerce software operates similarly. They all have some sort of object that represents the purchase order. What we need to do is link this purchase order to a payment in Khipu.

You can review the documentation for the POST /payments method, which includes code snippets in various programming languages for a quick test. However, we recommend reviewing the Code Generation section to build a more robust client.

In the first step, we obtain the purchase order object. This can be created on the spot or retrieved using its own identifier that allows us to identify that purchase order/payment. At the API level, this value is represented by the transaction_id parameter of the call. This is necessary so that at the time of reconciliation, you can obtain the purchase order and mark it as paid.

The response from the call will be an object with information about the created payment. The payment_id field contains the unique identifier of our payment and the URL to which we should send the user to pay.

Offering a List of Banks (Optional)

GET /banks

This step is optional but can be useful for some merchants. In the previous call to create payments, you can see the parameter "Bank ID to pay". This ID is used to create a payment with a pre-selected bank (only from banks supported by Khipu). To obtain this ID, you can use the call to the GET /banks method, which provides a list of banks supported by Khipu, their names, their IDs, and other information.

The result of the call contains the banks value, which is a list of banks. Each bank has a bank_id with the value that we can use to create configured payments.