{"openapi":"3.1.0","info":{"title":"OrionPay API","version":"1.0.0","summary":"Payments, withdrawals, and crypto for hospitals and digital products.","description":"OrionPay is a Brazilian payment platform for hospitals, digital products, and crypto. This spec covers every endpoint exposed via API key authentication (the \"API & WebHooks\" panel). For LLM agents: see https://pay.orion.moe/llms.txt and the Streamable HTTP MCP server at https://payapi.orion.moe/mcp.","contact":{"name":"OrionPay","url":"https://pay.orion.moe"},"license":{"name":"Proprietary"}},"servers":[{"url":"https://payapi.orion.moe","description":"Production"}],"tags":[{"name":"PIX","description":"Brazilian instant payments (BRL → DePix)."},{"name":"Card","description":"Credit/debit card processing."},{"name":"Integration","description":"Buyer and product access management."},{"name":"Personal","description":"Personal API: balance, withdrawals, swaps. Requires personal API key (productId=null)."},{"name":"Webhooks","description":"Outbound HTTPS notifications signed with HMAC-SHA256."}],"paths":{"/api/v1/pix/generate":{"post":{"operationId":"pix_generate","summary":"Generate PIX for product payment","description":"Generates a PIX QR code for a product purchase. The product is identified by the API key (product key). On payment, a webhook is delivered (`payment.success`) and the buyer receives an access token.","tags":["PIX"],"security":[{"ApiKey":[]},{"BearerApiKey":[]}],"x-auth":"api-key","x-mcp-tool":true,"x-mcp-tool-name":"pix_generate","x-rate-limit":{"limit":0,"windowMs":0,"note":"No rate limit (critical payment generation)."},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PixResponse"}}}},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"$ref":"#/components/responses/Unauthorized"},"429":{"$ref":"#/components/responses/RateLimited"}},"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/GeneratePixRequest"}}}}}},"/api/v1/pix/personal":{"post":{"operationId":"pix_personal","summary":"Generate PIX for personal deposit","description":"Generates a PIX QR code that credits the user's personal BRL wallet directly (no product). Requires a personal API key (productId=null).","tags":["PIX"],"security":[{"ApiKey":[]},{"BearerApiKey":[]}],"x-auth":"personal-api-key","x-mcp-tool":true,"x-mcp-tool-name":"pix_personal_deposit","x-rate-limit":{"limit":0,"windowMs":0,"note":"No rate limit (critical payment generation)."},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PixResponse"}}}},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"$ref":"#/components/responses/Unauthorized"},"429":{"$ref":"#/components/responses/RateLimited"}},"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/GeneratePixRequest"}}}}}},"/api/v1/pix/status/{id}":{"get":{"operationId":"pix_status","summary":"Check PIX payment status","description":"Polls the status of a PIX payment. The `id` parameter accepts purchaseId (numeric), transactionId (numeric), or eulenDepositId (UUID). Webhook delivery is preferred over polling.","tags":["PIX"],"security":[{"ApiKey":[]},{"BearerApiKey":[]}],"x-auth":"api-key","x-mcp-tool":true,"x-mcp-tool-name":"pix_status","x-rate-limit":{"limit":2,"windowMs":60000,"note":"2 requests per minute per ID per API key."},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PaymentStatusResponse"}}}},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"$ref":"#/components/responses/Unauthorized"},"429":{"$ref":"#/components/responses/RateLimited"}},"parameters":[{"name":"id","in":"path","required":true,"schema":{"type":"string"},"description":"purchaseId, transactionId, or eulenDepositId (UUID)."}]}},"/api/v1/card/generate":{"post":{"operationId":"card_generate","summary":"Process credit/debit card payment","description":"Charges a credit or debit card. CPF is required. Card data is sent over TLS and never stored. Returns immediately with status (synchronous capture).","tags":["Card"],"security":[{"ApiKey":[]},{"BearerApiKey":[]}],"x-auth":"api-key","x-mcp-tool":false,"x-rate-limit":{"limit":100,"windowMs":60000},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/CardPaymentResponse"}}}},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"$ref":"#/components/responses/Unauthorized"},"429":{"$ref":"#/components/responses/RateLimited"}},"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/GenerateCardPaymentRequest"}}}}}},"/api/v1/card/status/{paymentId}":{"get":{"operationId":"card_status","summary":"Check card payment status","description":"Returns the current status of a card payment.","tags":["Card"],"security":[{"ApiKey":[]},{"BearerApiKey":[]}],"x-auth":"api-key","x-mcp-tool":true,"x-mcp-tool-name":"card_status","x-rate-limit":{"limit":0,"windowMs":0},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/CardPaymentResponse"}}}},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"$ref":"#/components/responses/Unauthorized"},"429":{"$ref":"#/components/responses/RateLimited"}},"parameters":[{"name":"paymentId","in":"path","required":true,"schema":{"type":"integer"}}]}},"/integration/verify-access":{"get":{"operationId":"integration_verify_access","summary":"Verify buyer access to product","description":"Checks whether a buyer (by email or accessToken) has paid access to the product associated with the API key.","tags":["Integration"],"security":[{"ApiKey":[]},{"BearerApiKey":[]}],"x-auth":"api-key","x-mcp-tool":true,"x-mcp-tool-name":"integration_verify_access","x-rate-limit":{"limit":2,"windowMs":60000,"note":"2 requests per minute per token/email per API key."},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/VerifyAccessResponse"}}}},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"$ref":"#/components/responses/Unauthorized"},"429":{"$ref":"#/components/responses/RateLimited"}},"parameters":[{"name":"email","in":"query","schema":{"type":"string","format":"email"}},{"name":"accessToken","in":"query","schema":{"type":"string"}}]}},"/integration/buyers":{"get":{"operationId":"integration_list_buyers","summary":"List product buyers","description":"Returns all buyers of the product associated with the API key. Filter by status optional.","tags":["Integration"],"security":[{"ApiKey":[]},{"BearerApiKey":[]}],"x-auth":"api-key","x-mcp-tool":true,"x-mcp-tool-name":"integration_list_buyers","x-rate-limit":{"limit":30,"windowMs":60000},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Buyer"}}}},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"$ref":"#/components/responses/Unauthorized"},"429":{"$ref":"#/components/responses/RateLimited"}},"parameters":[{"name":"status","in":"query","schema":{"type":"string","enum":["PENDING","PAID","EXPIRED","CANCELED","REFUNDED"]}}]}},"/integration/buyers/{purchaseId}":{"get":{"operationId":"integration_get_buyer","summary":"Get buyer details","description":"Returns details for a specific purchase belonging to the API key's product.","tags":["Integration"],"security":[{"ApiKey":[]},{"BearerApiKey":[]}],"x-auth":"api-key","x-mcp-tool":true,"x-mcp-tool-name":"integration_get_buyer","x-rate-limit":{"limit":30,"windowMs":60000},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Buyer"}}}},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"$ref":"#/components/responses/Unauthorized"},"429":{"$ref":"#/components/responses/RateLimited"}},"parameters":[{"name":"purchaseId","in":"path","required":true,"schema":{"type":"integer"}}]}},"/integration/content":{"get":{"operationId":"integration_get_content","summary":"Get product content for authenticated buyer","description":"Returns the product content (files, lessons, etc.) accessible to the buyer who owns the supplied accessToken.","tags":["Integration"],"security":[{"ApiKey":[]},{"BearerApiKey":[]}],"x-auth":"api-key","x-mcp-tool":true,"x-mcp-tool-name":"integration_get_content","x-rate-limit":{"limit":30,"windowMs":60000},"responses":{"200":{"description":"OK"},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"$ref":"#/components/responses/Unauthorized"},"429":{"$ref":"#/components/responses/RateLimited"}},"parameters":[{"name":"accessToken","in":"query","required":true,"schema":{"type":"string"}}]}},"/integration/grant-access":{"post":{"operationId":"integration_grant_access","summary":"Manually grant access to a buyer","description":"Grants access to a buyer without a payment (e.g. for refunds resolution, comp tickets, or migrations). An access token is generated.","tags":["Integration"],"security":[{"ApiKey":[]},{"BearerApiKey":[]}],"x-auth":"api-key","x-mcp-tool":true,"x-mcp-tool-name":"integration_grant_access","responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Buyer"}}}},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"$ref":"#/components/responses/Unauthorized"},"429":{"$ref":"#/components/responses/RateLimited"}},"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/GrantAccessRequest"}}}}}},"/integration/revoke-access/{purchaseId}":{"delete":{"operationId":"integration_revoke_access","summary":"Revoke buyer access","description":"Revokes a buyer's access. The access token is invalidated.","tags":["Integration"],"security":[{"ApiKey":[]},{"BearerApiKey":[]}],"x-auth":"api-key","x-mcp-tool":true,"x-mcp-tool-name":"integration_revoke_access","responses":{"200":{"description":"OK"},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"$ref":"#/components/responses/Unauthorized"},"429":{"$ref":"#/components/responses/RateLimited"}},"parameters":[{"name":"purchaseId","in":"path","required":true,"schema":{"type":"integer"}}]}},"/api/v1/integration/deposit/pix":{"post":{"operationId":"integration_deposit_pix","summary":"Generate PIX deposit with payer CPF","description":"Generates a PIX QR code for product deposit, recording the payer's CPF. Used when CPF must be captured up-front (compliance, KYC, or chargeback defense).","tags":["Integration"],"security":[{"ApiKey":[]},{"BearerApiKey":[]}],"x-auth":"api-key","x-mcp-tool":true,"x-mcp-tool-name":"integration_deposit_pix","x-rate-limit":{"limit":10,"windowMs":60000},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PixResponse"}}}},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"$ref":"#/components/responses/Unauthorized"},"429":{"$ref":"#/components/responses/RateLimited"}},"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/CreatePixDepositRequest"}}}}}},"/api/v1/personal/balance":{"get":{"operationId":"personal_balance","summary":"Get all wallet balances","description":"Returns BRL balance and all crypto balances (Liquid Network, Bitcoin, Polygon, etc.).","tags":["Personal"],"security":[{"ApiKey":[]},{"BearerApiKey":[]}],"x-auth":"personal-api-key","x-mcp-tool":true,"x-mcp-tool-name":"personal_balance","x-rate-limit":{"limit":60,"windowMs":3600000},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/BalanceResponse"}}}},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"$ref":"#/components/responses/Unauthorized"},"429":{"$ref":"#/components/responses/RateLimited"}}}},"/api/v1/personal/limits":{"get":{"operationId":"personal_limits","summary":"Get withdrawal limits","description":"Returns the user's daily/monthly/per-transaction withdrawal limits and remaining usage.","tags":["Personal"],"security":[{"ApiKey":[]},{"BearerApiKey":[]}],"x-auth":"personal-api-key","x-mcp-tool":true,"x-mcp-tool-name":"personal_limits","x-rate-limit":{"limit":30,"windowMs":3600000},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/WithdrawLimitsResponse"}}}},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"$ref":"#/components/responses/Unauthorized"},"429":{"$ref":"#/components/responses/RateLimited"}}}},"/api/v1/personal/transactions":{"get":{"operationId":"personal_transactions","summary":"List transaction history","description":"Returns the user's transaction history (deposits, withdrawals, swaps), most recent first.","tags":["Personal"],"security":[{"ApiKey":[]},{"BearerApiKey":[]}],"x-auth":"personal-api-key","x-mcp-tool":true,"x-mcp-tool-name":"personal_transactions","x-rate-limit":{"limit":60,"windowMs":3600000},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TransactionListResponse"}}}},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"$ref":"#/components/responses/Unauthorized"},"429":{"$ref":"#/components/responses/RateLimited"}},"parameters":[{"name":"limit","in":"query","schema":{"type":"integer","default":10,"maximum":100}},{"name":"offset","in":"query","schema":{"type":"integer","default":0}},{"name":"type","in":"query","schema":{"type":"string","enum":["DEPOSIT","WITHDRAWAL","SWAP"]}}]}},"/api/v1/personal/withdraw/pix":{"post":{"operationId":"personal_withdraw_pix","summary":"Queue a PIX withdrawal","description":"Queues a PIX withdrawal from the user's BRL wallet. Requires API withdrawals to be enabled (see /enable-withdrawals). 7-day hold applies to API deposits.","tags":["Personal"],"security":[{"ApiKey":[]},{"BearerApiKey":[]}],"x-auth":"personal-api-key","x-mcp-tool":true,"x-mcp-tool-name":"personal_withdraw_pix","x-rate-limit":{"limit":10,"windowMs":3600000},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/WithdrawalQueuedResponse"}}}},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"$ref":"#/components/responses/Unauthorized"},"429":{"$ref":"#/components/responses/RateLimited"}},"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/PixWithdrawRequest"}}}}}},"/api/v1/personal/withdraw/crypto":{"post":{"operationId":"personal_withdraw_crypto","summary":"Queue a crypto withdrawal","description":"Queues a crypto withdrawal. Supports L-BTC, BTC-PEGOUT (Bitcoin mainnet via peg-out), DePix, USDt, USDC. Network parameter routes via SideShift for cross-chain.","tags":["Personal"],"security":[{"ApiKey":[]},{"BearerApiKey":[]}],"x-auth":"personal-api-key","x-mcp-tool":true,"x-mcp-tool-name":"personal_withdraw_crypto","x-rate-limit":{"limit":10,"windowMs":3600000},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/WithdrawalQueuedResponse"}}}},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"$ref":"#/components/responses/Unauthorized"},"429":{"$ref":"#/components/responses/RateLimited"}},"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/CryptoWithdrawRequest"}}}}}},"/api/v1/personal/withdraw/status/{id}":{"get":{"operationId":"personal_withdraw_status","summary":"Get withdrawal status","description":"Returns the status, settlement details, and txHash of a withdrawal by transaction ID.","tags":["Personal"],"security":[{"ApiKey":[]},{"BearerApiKey":[]}],"x-auth":"personal-api-key","x-mcp-tool":true,"x-mcp-tool-name":"personal_withdraw_status","x-rate-limit":{"limit":120,"windowMs":3600000},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/WithdrawalStatusResponse"}}}},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"$ref":"#/components/responses/Unauthorized"},"429":{"$ref":"#/components/responses/RateLimited"}},"parameters":[{"name":"id","in":"path","required":true,"schema":{"type":"integer"}}]}},"/api/v1/personal/swap/quote":{"post":{"operationId":"personal_swap_quote","summary":"Get a swap quote","description":"Returns a quote for swapping between supported assets (DePix, L-BTC, USDt, EURx). Quote is valid for ~30 seconds.","tags":["Personal"],"security":[{"ApiKey":[]},{"BearerApiKey":[]}],"x-auth":"personal-api-key","x-mcp-tool":true,"x-mcp-tool-name":"personal_swap_quote","x-rate-limit":{"limit":120,"windowMs":3600000},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SwapQuoteResponse"}}}},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"$ref":"#/components/responses/Unauthorized"},"429":{"$ref":"#/components/responses/RateLimited"}},"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SwapRequest"}}}}}},"/api/v1/personal/swap/execute":{"post":{"operationId":"personal_swap_execute","summary":"Execute a swap","description":"Executes a swap. Re-quotes internally before locking funds; if the rate moved beyond tolerance the swap is rejected.","tags":["Personal"],"security":[{"ApiKey":[]},{"BearerApiKey":[]}],"x-auth":"personal-api-key","x-mcp-tool":true,"x-mcp-tool-name":"personal_swap_execute","x-rate-limit":{"limit":20,"windowMs":3600000},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SwapExecuteResponse"}}}},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"$ref":"#/components/responses/Unauthorized"},"429":{"$ref":"#/components/responses/RateLimited"}},"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SwapRequest"}}}}}},"/api/v1/personal/withdraw-enabled":{"get":{"operationId":"personal_withdraw_enabled","summary":"Check API withdrawals enabled","description":"Returns whether API-driven withdrawals are enabled and the deposit hold period.","tags":["Personal"],"security":[{"ApiKey":[]},{"BearerApiKey":[]}],"x-auth":"personal-api-key","x-mcp-tool":true,"x-mcp-tool-name":"personal_withdraw_enabled","x-rate-limit":{"limit":60,"windowMs":3600000},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/WithdrawEnabledResponse"}}}},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"$ref":"#/components/responses/Unauthorized"},"429":{"$ref":"#/components/responses/RateLimited"}}}},"/api/v1/personal/enable-withdrawals":{"post":{"operationId":"personal_enable_withdrawals","summary":"Enable API withdrawals","description":"Enables withdrawal endpoints for this account. Imposes a 7-day hold on every API deposit thereafter (anti-fraud). Requires explicit acceptance of the terms.","tags":["Personal"],"security":[{"ApiKey":[]},{"BearerApiKey":[]}],"x-auth":"personal-api-key","x-mcp-tool":false,"x-rate-limit":{"limit":5,"windowMs":3600000},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/WithdrawEnabledResponse"}}}},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"$ref":"#/components/responses/Unauthorized"},"429":{"$ref":"#/components/responses/RateLimited"}},"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/EnableWithdrawalsRequest"}}}}}}},"webhooks":{"payment.success":{"post":{"summary":"Webhook: payment.success","description":"OrionPay delivers webhooks via HTTPS POST to URLs configured in the dashboard.\n\n**Headers** sent on every delivery:\n- `Content-Type: application/json`\n- `X-OrionPay-Signature: sha256=<hex>` — HMAC-SHA256 of the raw body, keyed with the webhook secret.\n- `X-OrionPay-Event: <event_name>`\n- `X-OrionPay-Delivery: <uuid>` — unique per delivery attempt; safe to use for idempotency.\n\n**Verification** (Node.js):\n```js\nconst crypto = require('crypto');\nconst signature = req.headers['x-orionpay-signature'].replace('sha256=', '');\nconst expected = crypto.createHmac('sha256', WEBHOOK_SECRET)\n  .update(rawBody).digest('hex');\nconst valid = crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected));\n```\n\n**Retries**: failures are retried with exponential backoff. Respond with 2xx to ACK.\n**Idempotency**: deduplicate by `X-OrionPay-Delivery` — the same event can be redelivered.","tags":["Webhooks"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","properties":{"event":{"type":"string","const":"payment.success"},"productId":{"type":"integer"},"purchaseId":{"type":"integer"},"transactionId":{"type":"integer"},"buyerEmail":{"type":"string","format":"email"},"buyerName":{"type":"string","nullable":true},"amount":{"type":"number"},"paidAt":{"type":"string","format":"date-time"},"accessToken":{"type":"string"},"timestamp":{"type":"integer","description":"Unix milliseconds."}}}}}},"responses":{"200":{"description":"ACK — webhook processed."},"4XX":{"description":"Treated as failure; OrionPay will retry with backoff."},"5XX":{"description":"Treated as failure; OrionPay will retry with backoff."}}}},"purchase.created":{"post":{"summary":"Webhook: purchase.created","description":"OrionPay delivers webhooks via HTTPS POST to URLs configured in the dashboard.\n\n**Headers** sent on every delivery:\n- `Content-Type: application/json`\n- `X-OrionPay-Signature: sha256=<hex>` — HMAC-SHA256 of the raw body, keyed with the webhook secret.\n- `X-OrionPay-Event: <event_name>`\n- `X-OrionPay-Delivery: <uuid>` — unique per delivery attempt; safe to use for idempotency.\n\n**Verification** (Node.js):\n```js\nconst crypto = require('crypto');\nconst signature = req.headers['x-orionpay-signature'].replace('sha256=', '');\nconst expected = crypto.createHmac('sha256', WEBHOOK_SECRET)\n  .update(rawBody).digest('hex');\nconst valid = crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected));\n```\n\n**Retries**: failures are retried with exponential backoff. Respond with 2xx to ACK.\n**Idempotency**: deduplicate by `X-OrionPay-Delivery` — the same event can be redelivered.","tags":["Webhooks"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","properties":{"event":{"type":"string","const":"purchase.created"},"productId":{"type":"integer"},"purchaseId":{"type":"integer"},"buyerEmail":{"type":"string","format":"email"},"amount":{"type":"number"},"status":{"type":"string","enum":["PENDING"]},"timestamp":{"type":"integer"}}}}}},"responses":{"200":{"description":"ACK — webhook processed."},"4XX":{"description":"Treated as failure; OrionPay will retry with backoff."},"5XX":{"description":"Treated as failure; OrionPay will retry with backoff."}}}},"access.granted":{"post":{"summary":"Webhook: access.granted","description":"OrionPay delivers webhooks via HTTPS POST to URLs configured in the dashboard.\n\n**Headers** sent on every delivery:\n- `Content-Type: application/json`\n- `X-OrionPay-Signature: sha256=<hex>` — HMAC-SHA256 of the raw body, keyed with the webhook secret.\n- `X-OrionPay-Event: <event_name>`\n- `X-OrionPay-Delivery: <uuid>` — unique per delivery attempt; safe to use for idempotency.\n\n**Verification** (Node.js):\n```js\nconst crypto = require('crypto');\nconst signature = req.headers['x-orionpay-signature'].replace('sha256=', '');\nconst expected = crypto.createHmac('sha256', WEBHOOK_SECRET)\n  .update(rawBody).digest('hex');\nconst valid = crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected));\n```\n\n**Retries**: failures are retried with exponential backoff. Respond with 2xx to ACK.\n**Idempotency**: deduplicate by `X-OrionPay-Delivery` — the same event can be redelivered.","tags":["Webhooks"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","properties":{"event":{"type":"string","const":"access.granted"},"productId":{"type":"integer"},"purchaseId":{"type":"integer"},"buyerEmail":{"type":"string","format":"email"},"grantedManually":{"type":"boolean"},"accessToken":{"type":"string"},"expiresAt":{"type":"string","format":"date-time","nullable":true},"timestamp":{"type":"integer"}}}}}},"responses":{"200":{"description":"ACK — webhook processed."},"4XX":{"description":"Treated as failure; OrionPay will retry with backoff."},"5XX":{"description":"Treated as failure; OrionPay will retry with backoff."}}}},"payment.refunded_med":{"post":{"summary":"Webhook: payment.refunded_med","description":"OrionPay delivers webhooks via HTTPS POST to URLs configured in the dashboard.\n\n**Headers** sent on every delivery:\n- `Content-Type: application/json`\n- `X-OrionPay-Signature: sha256=<hex>` — HMAC-SHA256 of the raw body, keyed with the webhook secret.\n- `X-OrionPay-Event: <event_name>`\n- `X-OrionPay-Delivery: <uuid>` — unique per delivery attempt; safe to use for idempotency.\n\n**Verification** (Node.js):\n```js\nconst crypto = require('crypto');\nconst signature = req.headers['x-orionpay-signature'].replace('sha256=', '');\nconst expected = crypto.createHmac('sha256', WEBHOOK_SECRET)\n  .update(rawBody).digest('hex');\nconst valid = crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected));\n```\n\n**Retries**: failures are retried with exponential backoff. Respond with 2xx to ACK.\n**Idempotency**: deduplicate by `X-OrionPay-Delivery` — the same event can be redelivered.","tags":["Webhooks"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","properties":{"event":{"type":"string","const":"payment.refunded_med"},"productId":{"type":"integer"},"purchaseId":{"type":"integer"},"transactionId":{"type":"integer"},"buyerEmail":{"type":"string","format":"email"},"amount":{"type":"number"},"refundedAt":{"type":"string","format":"date-time"},"reason":{"type":"string","description":"MED (fraud challenge) reason from BACEN."},"timestamp":{"type":"integer"}}}}}},"responses":{"200":{"description":"ACK — webhook processed."},"4XX":{"description":"Treated as failure; OrionPay will retry with backoff."},"5XX":{"description":"Treated as failure; OrionPay will retry with backoff."}}}},"med.created":{"post":{"summary":"Webhook: med.created","description":"OrionPay delivers webhooks via HTTPS POST to URLs configured in the dashboard.\n\n**Headers** sent on every delivery:\n- `Content-Type: application/json`\n- `X-OrionPay-Signature: sha256=<hex>` — HMAC-SHA256 of the raw body, keyed with the webhook secret.\n- `X-OrionPay-Event: <event_name>`\n- `X-OrionPay-Delivery: <uuid>` — unique per delivery attempt; safe to use for idempotency.\n\n**Verification** (Node.js):\n```js\nconst crypto = require('crypto');\nconst signature = req.headers['x-orionpay-signature'].replace('sha256=', '');\nconst expected = crypto.createHmac('sha256', WEBHOOK_SECRET)\n  .update(rawBody).digest('hex');\nconst valid = crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected));\n```\n\n**Retries**: failures are retried with exponential backoff. Respond with 2xx to ACK.\n**Idempotency**: deduplicate by `X-OrionPay-Delivery` — the same event can be redelivered.","tags":["Webhooks"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","properties":{"event":{"type":"string","const":"med.created"},"transactionId":{"type":"integer"},"purchaseId":{"type":"integer","nullable":true},"buyerEmail":{"type":"string","format":"email","nullable":true},"amount":{"type":"number"},"contestedAt":{"type":"string","format":"date-time"},"timestamp":{"type":"integer"}}}}}},"responses":{"200":{"description":"ACK — webhook processed."},"4XX":{"description":"Treated as failure; OrionPay will retry with backoff."},"5XX":{"description":"Treated as failure; OrionPay will retry with backoff."}}}},"webhook.test":{"post":{"summary":"Webhook: webhook.test","description":"OrionPay delivers webhooks via HTTPS POST to URLs configured in the dashboard.\n\n**Headers** sent on every delivery:\n- `Content-Type: application/json`\n- `X-OrionPay-Signature: sha256=<hex>` — HMAC-SHA256 of the raw body, keyed with the webhook secret.\n- `X-OrionPay-Event: <event_name>`\n- `X-OrionPay-Delivery: <uuid>` — unique per delivery attempt; safe to use for idempotency.\n\n**Verification** (Node.js):\n```js\nconst crypto = require('crypto');\nconst signature = req.headers['x-orionpay-signature'].replace('sha256=', '');\nconst expected = crypto.createHmac('sha256', WEBHOOK_SECRET)\n  .update(rawBody).digest('hex');\nconst valid = crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected));\n```\n\n**Retries**: failures are retried with exponential backoff. Respond with 2xx to ACK.\n**Idempotency**: deduplicate by `X-OrionPay-Delivery` — the same event can be redelivered.","tags":["Webhooks"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","properties":{"event":{"type":"string","const":"webhook.test"},"message":{"type":"string","example":"Test webhook from OrionPay"},"timestamp":{"type":"integer"}}}}}},"responses":{"200":{"description":"ACK — webhook processed."},"4XX":{"description":"Treated as failure; OrionPay will retry with backoff."},"5XX":{"description":"Treated as failure; OrionPay will retry with backoff."}}}},"withdrawal.completed":{"post":{"summary":"Webhook: withdrawal.completed","description":"OrionPay delivers webhooks via HTTPS POST to URLs configured in the dashboard.\n\n**Headers** sent on every delivery:\n- `Content-Type: application/json`\n- `X-OrionPay-Signature: sha256=<hex>` — HMAC-SHA256 of the raw body, keyed with the webhook secret.\n- `X-OrionPay-Event: <event_name>`\n- `X-OrionPay-Delivery: <uuid>` — unique per delivery attempt; safe to use for idempotency.\n\n**Verification** (Node.js):\n```js\nconst crypto = require('crypto');\nconst signature = req.headers['x-orionpay-signature'].replace('sha256=', '');\nconst expected = crypto.createHmac('sha256', WEBHOOK_SECRET)\n  .update(rawBody).digest('hex');\nconst valid = crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected));\n```\n\n**Retries**: failures are retried with exponential backoff. Respond with 2xx to ACK.\n**Idempotency**: deduplicate by `X-OrionPay-Delivery` — the same event can be redelivered.","tags":["Webhooks"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","properties":{"event":{"type":"string","const":"withdrawal.completed"},"transactionId":{"type":"integer"},"asset":{"type":"string"},"amount":{"type":"number"},"toAddress":{"type":"string"},"txHash":{"type":"string","nullable":true},"completedAt":{"type":"string","format":"date-time"},"timestamp":{"type":"integer"}}}}}},"responses":{"200":{"description":"ACK — webhook processed."},"4XX":{"description":"Treated as failure; OrionPay will retry with backoff."},"5XX":{"description":"Treated as failure; OrionPay will retry with backoff."}}}},"withdrawal.settled":{"post":{"summary":"Webhook: withdrawal.settled","description":"OrionPay delivers webhooks via HTTPS POST to URLs configured in the dashboard.\n\n**Headers** sent on every delivery:\n- `Content-Type: application/json`\n- `X-OrionPay-Signature: sha256=<hex>` — HMAC-SHA256 of the raw body, keyed with the webhook secret.\n- `X-OrionPay-Event: <event_name>`\n- `X-OrionPay-Delivery: <uuid>` — unique per delivery attempt; safe to use for idempotency.\n\n**Verification** (Node.js):\n```js\nconst crypto = require('crypto');\nconst signature = req.headers['x-orionpay-signature'].replace('sha256=', '');\nconst expected = crypto.createHmac('sha256', WEBHOOK_SECRET)\n  .update(rawBody).digest('hex');\nconst valid = crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected));\n```\n\n**Retries**: failures are retried with exponential backoff. Respond with 2xx to ACK.\n**Idempotency**: deduplicate by `X-OrionPay-Delivery` — the same event can be redelivered.","tags":["Webhooks"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","properties":{"event":{"type":"string","const":"withdrawal.settled"},"transactionId":{"type":"integer"},"asset":{"type":"string"},"amount":{"type":"number"},"toAddress":{"type":"string"},"txHash":{"type":"string"},"settledAt":{"type":"string","format":"date-time"},"timestamp":{"type":"integer"}}}}}},"responses":{"200":{"description":"ACK — webhook processed."},"4XX":{"description":"Treated as failure; OrionPay will retry with backoff."},"5XX":{"description":"Treated as failure; OrionPay will retry with backoff."}}}},"withdrawal.failed":{"post":{"summary":"Webhook: withdrawal.failed","description":"OrionPay delivers webhooks via HTTPS POST to URLs configured in the dashboard.\n\n**Headers** sent on every delivery:\n- `Content-Type: application/json`\n- `X-OrionPay-Signature: sha256=<hex>` — HMAC-SHA256 of the raw body, keyed with the webhook secret.\n- `X-OrionPay-Event: <event_name>`\n- `X-OrionPay-Delivery: <uuid>` — unique per delivery attempt; safe to use for idempotency.\n\n**Verification** (Node.js):\n```js\nconst crypto = require('crypto');\nconst signature = req.headers['x-orionpay-signature'].replace('sha256=', '');\nconst expected = crypto.createHmac('sha256', WEBHOOK_SECRET)\n  .update(rawBody).digest('hex');\nconst valid = crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected));\n```\n\n**Retries**: failures are retried with exponential backoff. Respond with 2xx to ACK.\n**Idempotency**: deduplicate by `X-OrionPay-Delivery` — the same event can be redelivered.","tags":["Webhooks"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","properties":{"event":{"type":"string","const":"withdrawal.failed"},"transactionId":{"type":"integer"},"asset":{"type":"string"},"amount":{"type":"number"},"reason":{"type":"string"},"failedAt":{"type":"string","format":"date-time"},"timestamp":{"type":"integer"}}}}}},"responses":{"200":{"description":"ACK — webhook processed."},"4XX":{"description":"Treated as failure; OrionPay will retry with backoff."},"5XX":{"description":"Treated as failure; OrionPay will retry with backoff."}}}},"swap.completed":{"post":{"summary":"Webhook: swap.completed","description":"OrionPay delivers webhooks via HTTPS POST to URLs configured in the dashboard.\n\n**Headers** sent on every delivery:\n- `Content-Type: application/json`\n- `X-OrionPay-Signature: sha256=<hex>` — HMAC-SHA256 of the raw body, keyed with the webhook secret.\n- `X-OrionPay-Event: <event_name>`\n- `X-OrionPay-Delivery: <uuid>` — unique per delivery attempt; safe to use for idempotency.\n\n**Verification** (Node.js):\n```js\nconst crypto = require('crypto');\nconst signature = req.headers['x-orionpay-signature'].replace('sha256=', '');\nconst expected = crypto.createHmac('sha256', WEBHOOK_SECRET)\n  .update(rawBody).digest('hex');\nconst valid = crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected));\n```\n\n**Retries**: failures are retried with exponential backoff. Respond with 2xx to ACK.\n**Idempotency**: deduplicate by `X-OrionPay-Delivery` — the same event can be redelivered.","tags":["Webhooks"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","properties":{"event":{"type":"string","const":"swap.completed"},"transactionId":{"type":"integer"},"fromCurrency":{"type":"string"},"toCurrency":{"type":"string"},"fromAmount":{"type":"number"},"toAmount":{"type":"number"},"rate":{"type":"number"},"completedAt":{"type":"string","format":"date-time"},"timestamp":{"type":"integer"}}}}}},"responses":{"200":{"description":"ACK — webhook processed."},"4XX":{"description":"Treated as failure; OrionPay will retry with backoff."},"5XX":{"description":"Treated as failure; OrionPay will retry with backoff."}}}},"swap.failed":{"post":{"summary":"Webhook: swap.failed","description":"OrionPay delivers webhooks via HTTPS POST to URLs configured in the dashboard.\n\n**Headers** sent on every delivery:\n- `Content-Type: application/json`\n- `X-OrionPay-Signature: sha256=<hex>` — HMAC-SHA256 of the raw body, keyed with the webhook secret.\n- `X-OrionPay-Event: <event_name>`\n- `X-OrionPay-Delivery: <uuid>` — unique per delivery attempt; safe to use for idempotency.\n\n**Verification** (Node.js):\n```js\nconst crypto = require('crypto');\nconst signature = req.headers['x-orionpay-signature'].replace('sha256=', '');\nconst expected = crypto.createHmac('sha256', WEBHOOK_SECRET)\n  .update(rawBody).digest('hex');\nconst valid = crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected));\n```\n\n**Retries**: failures are retried with exponential backoff. Respond with 2xx to ACK.\n**Idempotency**: deduplicate by `X-OrionPay-Delivery` — the same event can be redelivered.","tags":["Webhooks"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","properties":{"event":{"type":"string","const":"swap.failed"},"transactionId":{"type":"integer"},"fromCurrency":{"type":"string"},"toCurrency":{"type":"string"},"fromAmount":{"type":"number"},"reason":{"type":"string"},"failedAt":{"type":"string","format":"date-time"},"timestamp":{"type":"integer"}}}}}},"responses":{"200":{"description":"ACK — webhook processed."},"4XX":{"description":"Treated as failure; OrionPay will retry with backoff."},"5XX":{"description":"Treated as failure; OrionPay will retry with backoff."}}}}},"components":{"securitySchemes":{"ApiKey":{"type":"apiKey","in":"header","name":"X-API-Key","description":"Product API key (associated with a product) or personal API key (productId=null). Generate at https://pay.orion.moe/dashboard/api-webhooks."},"BearerApiKey":{"type":"http","scheme":"bearer","description":"Same as X-API-Key but passed as `Authorization: Bearer <key>`."}},"schemas":{"ErrorResponse":{"type":"object","properties":{"statusCode":{"type":"integer","example":400},"message":{"oneOf":[{"type":"string"},{"type":"array","items":{"type":"string"}}]},"error":{"type":"string"}},"required":["statusCode","message"]},"GeneratePixRequest":{"type":"object","required":["name","email"],"properties":{"amount":{"type":"number","minimum":0.01,"description":"BRL amount. Optional when product has a fixed price."},"description":{"type":"string","description":"Optional description shown to payer."},"name":{"type":"string","description":"Payer full name."},"email":{"type":"string","format":"email","description":"Payer email."},"phone":{"type":"string","description":"Optional payer phone (E.164 or Brazilian)."},"cpf":{"type":"string","description":"Optional payer CPF (11 digits) or CNPJ (14 digits)."},"ipAddress":{"type":"string","description":"Optional payer IP for fraud scoring."}}},"PixResponse":{"type":"object","properties":{"qrCode":{"type":"string","description":"BR Code (PIX copy-paste string)."},"qrCodeImage":{"type":"string","description":"Base64-encoded QR code image (data URL)."},"transactionId":{"type":"integer"},"purchaseId":{"type":"integer","nullable":true},"eulenDepositId":{"type":"string","format":"uuid"},"amount":{"type":"number"},"expiresAt":{"type":"string","format":"date-time"},"status":{"type":"string","enum":["PENDING","PAID","EXPIRED","FAILED"]}}},"PaymentStatusResponse":{"type":"object","properties":{"status":{"type":"string","enum":["PENDING","PAID","EXPIRED","FAILED"]},"paid":{"type":"boolean"},"amount":{"type":"number"},"paidAt":{"type":"string","format":"date-time","nullable":true},"buyerEmail":{"type":"string","format":"email","nullable":true},"transactionId":{"type":"integer","nullable":true},"purchaseId":{"type":"integer","nullable":true},"accessToken":{"type":"string","nullable":true,"description":"Access token granted to buyer on payment."}}},"GenerateCardPaymentRequest":{"type":"object","required":["amount","name","email","cpf","cardNumber","cardHolderName","cardExpiryMonth","cardExpiryYear","cardCvv"],"properties":{"amount":{"type":"number","minimum":5},"description":{"type":"string"},"name":{"type":"string"},"email":{"type":"string","format":"email"},"phone":{"type":"string"},"cpf":{"type":"string","description":"Required for card payments. 11 digits."},"ipAddress":{"type":"string"},"cardNumber":{"type":"string","minLength":13,"maxLength":19},"cardHolderName":{"type":"string"},"cardExpiryMonth":{"type":"string","pattern":"^(0[1-9]|1[0-2])$"},"cardExpiryYear":{"type":"string","pattern":"^20[2-9][0-9]$"},"cardCvv":{"type":"string","minLength":3,"maxLength":4},"billingAddressStreet":{"type":"string"},"billingAddressNumber":{"type":"string"},"billingAddressComplement":{"type":"string"},"billingAddressDistrict":{"type":"string"},"billingAddressCity":{"type":"string"},"billingAddressState":{"type":"string","minLength":2,"maxLength":2},"billingAddressZipCode":{"type":"string","pattern":"^[0-9]{5}-?[0-9]{3}$"}}},"CardPaymentResponse":{"type":"object","properties":{"paymentId":{"type":"integer"},"status":{"type":"string","enum":["PENDING","AUTHORIZED","PAID","DECLINED","FAILED","REFUNDED"]},"amount":{"type":"number"},"authorizationCode":{"type":"string","nullable":true},"message":{"type":"string","nullable":true}}},"VerifyAccessResponse":{"type":"object","properties":{"hasAccess":{"type":"boolean"},"purchaseId":{"type":"integer","nullable":true},"buyerEmail":{"type":"string","format":"email","nullable":true},"buyerName":{"type":"string","nullable":true},"grantedAt":{"type":"string","format":"date-time","nullable":true},"expiresAt":{"type":"string","format":"date-time","nullable":true}}},"Buyer":{"type":"object","properties":{"purchaseId":{"type":"integer"},"buyerEmail":{"type":"string","format":"email"},"buyerName":{"type":"string","nullable":true},"status":{"type":"string","enum":["PENDING","PAID","EXPIRED","CANCELED","REFUNDED"]},"price":{"type":"number"},"paidAt":{"type":"string","format":"date-time","nullable":true},"accessToken":{"type":"string","nullable":true},"expiresAt":{"type":"string","format":"date-time","nullable":true}}},"GrantAccessRequest":{"type":"object","required":["buyerEmail"],"properties":{"buyerEmail":{"type":"string","format":"email"},"buyerName":{"type":"string"},"price":{"type":"number","description":"Optional recorded price (no charge is made)."},"expiresAt":{"type":"string","format":"date-time","description":"Optional access expiry."}}},"CreatePixDepositRequest":{"type":"object","required":["cpf"],"properties":{"cpf":{"type":"string","pattern":"^\\d{11}(\\d{3})?$","description":"Payer CPF (11 digits) or CNPJ (14 digits)."},"buyerName":{"type":"string"},"buyerEmail":{"type":"string","format":"email"},"amount":{"type":"number","minimum":0.01}}},"BalanceResponse":{"type":"object","properties":{"brl":{"type":"number","description":"BRL wallet balance."},"brlBlocked":{"type":"number","description":"BRL pending in withdrawals/swaps."},"crypto":{"type":"array","items":{"type":"object","properties":{"asset":{"type":"string","example":"L-BTC"},"network":{"type":"string","example":"liquid"},"balance":{"type":"string","description":"Balance as decimal string for precision."},"address":{"type":"string","nullable":true}}}}}},"WithdrawLimitsResponse":{"type":"object","properties":{"daily":{"type":"object","properties":{"limit":{"type":"number"},"used":{"type":"number"}}},"monthly":{"type":"object","properties":{"limit":{"type":"number"},"used":{"type":"number"}}},"perTransaction":{"type":"object","properties":{"min":{"type":"number"},"max":{"type":"number"}}}}},"TransactionListResponse":{"type":"object","properties":{"total":{"type":"integer"},"items":{"type":"array","items":{"type":"object","properties":{"id":{"type":"integer"},"type":{"type":"string","enum":["DEPOSIT","WITHDRAWAL","SWAP"]},"status":{"type":"string"},"amount":{"type":"number"},"currency":{"type":"string"},"createdAt":{"type":"string","format":"date-time"},"metadata":{"type":"object","additionalProperties":true}}}}}},"PixWithdrawRequest":{"type":"object","required":["amount","pixKey"],"properties":{"amount":{"type":"number","minimum":1,"maximum":100000,"description":"BRL amount."},"pixKey":{"type":"string","description":"PIX key (CPF/CNPJ/email/phone/random)."},"pixKeyType":{"type":"string","enum":["CPF","CNPJ","EMAIL","PHONE","EVP"],"description":"Optional; auto-detected if omitted."},"description":{"type":"string"},"taxNumber":{"type":"string","pattern":"^\\d{11}$|^\\d{14}$","description":"Tax number of the recipient (CPF/CNPJ)."},"euid":{"type":"string","description":"Optional Eulen user identifier override."}}},"CryptoWithdrawRequest":{"type":"object","required":["amount","toAddress","assetTicker"],"properties":{"amount":{"type":"number","minimum":0,"description":"Amount in the asset's native unit."},"toAddress":{"type":"string","description":"Destination wallet address."},"assetTicker":{"type":"string","enum":["L-BTC","BTC-PEGOUT","DePix","USDt","USDC"],"description":"BTC-PEGOUT: peg-out to Bitcoin mainnet (min 0.00025 BTC)."},"network":{"type":"string","enum":["liquid","bitcoin","ethereum","tron","bsc","solana","ton","avalanche","polygon","optimism"],"description":"Optional network override (e.g. for SideShift cross-chain routing)."},"memo":{"type":"string","description":"Required for TON."}}},"WithdrawalQueuedResponse":{"type":"object","properties":{"transactionId":{"type":"integer"},"status":{"type":"string","enum":["QUEUED","PENDING","PROCESSING"]},"amount":{"type":"number"},"asset":{"type":"string"},"estimatedSettlementAt":{"type":"string","format":"date-time","nullable":true}}},"WithdrawalStatusResponse":{"type":"object","properties":{"transactionId":{"type":"integer"},"status":{"type":"string","enum":["QUEUED","PROCESSING","COMPLETED","SETTLED","FAILED","REJECTED"]},"amount":{"type":"number"},"asset":{"type":"string"},"txHash":{"type":"string","nullable":true},"failureReason":{"type":"string","nullable":true},"createdAt":{"type":"string","format":"date-time"},"settledAt":{"type":"string","format":"date-time","nullable":true}}},"SwapRequest":{"type":"object","required":["fromCurrency","toCurrency","amount"],"properties":{"fromCurrency":{"type":"string","enum":["DePix","L-BTC","USDt","EURx"]},"toCurrency":{"type":"string","enum":["DePix","L-BTC","USDt","EURx"]},"amount":{"type":"number","minimum":0}}},"SwapQuoteResponse":{"type":"object","properties":{"quoteId":{"type":"string"},"fromCurrency":{"type":"string"},"toCurrency":{"type":"string"},"fromAmount":{"type":"number"},"toAmount":{"type":"number"},"rate":{"type":"number"},"fee":{"type":"number"},"expiresAt":{"type":"string","format":"date-time"}}},"SwapExecuteResponse":{"type":"object","properties":{"transactionId":{"type":"integer"},"status":{"type":"string","enum":["QUEUED","PROCESSING","COMPLETED","FAILED"]},"fromAmount":{"type":"number"},"toAmount":{"type":"number"},"fromCurrency":{"type":"string"},"toCurrency":{"type":"string"}}},"WithdrawEnabledResponse":{"type":"object","properties":{"enabled":{"type":"boolean"},"depositHoldDays":{"type":"integer","description":"7-day hold applies to API deposits when withdrawals are enabled."},"enabledAt":{"type":"string","format":"date-time","nullable":true}}},"EnableWithdrawalsRequest":{"type":"object","required":["acceptTerms"],"properties":{"acceptTerms":{"type":"boolean","description":"Must be true; acknowledges 7-day hold on API deposits."}}}},"responses":{"Unauthorized":{"description":"Missing or invalid API key.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"RateLimited":{"description":"Rate limit exceeded.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"BadRequest":{"description":"Validation error.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}},"x-mcp":{"transport":"streamable-http","url":"https://payapi.orion.moe/mcp","auth":{"type":"header","name":"X-API-Key"},"tools":["pix_generate","pix_personal_deposit","pix_status","card_status","integration_verify_access","integration_list_buyers","integration_get_buyer","integration_get_content","integration_grant_access","integration_revoke_access","integration_deposit_pix","personal_balance","personal_limits","personal_transactions","personal_withdraw_pix","personal_withdraw_crypto","personal_withdraw_status","personal_swap_quote","personal_swap_execute","personal_withdraw_enabled"]}}