Verify
Process
Webhooks
Process — Card
Push a disbursement to a tokenized debit or credit card account.
curl --request POST \
--url https://payapi-sandbox.ingo.money/gateway/process--card \
--header 'Authorization: <api-key>' \
--header 'Content-Type: application/json' \
--data '
{
"participant_id": 12345,
"account_type": "CA",
"amount": 1010.5,
"customer_account_token": "ca875cce-58c0-46a0-8f14-676190cc7df6",
"source_of_funds": 4,
"recipient_phone": "1231231234",
"participant_unique_id1": "1f2739ed-3531-4af2-ae36-e6faf7936462",
"participant_unique_id2": "90759390-01c7-47e7-8a90-6faa89b18ff6",
"sender": {
"sender_account": "ACC-00123456",
"name_personal": {
"first_name": "Alex",
"last_name": "Rivera"
},
"contact_address": {
"address1": "100 Innovation Way",
"address2": "",
"city": "Anytown",
"state": "GA",
"zip": "00000"
},
"contact_telcom": {
"email": "jane.doe@example.com",
"phone_home": "5555550101",
"phone_mobile": "5555550100"
}
},
"ledger": {
"api_key": "lk_live_abc123xyz",
"user_id": "usr_00456",
"entity_type": "program",
"entity_id": "ent_00789"
},
"timestamp": 1576099257,
"version": 11
}
'{
"status": 100,
"client_message": "Success",
"data": {
"estimated_posting_time": "Payment will post within 5 minutes.",
"estimated_posting_date": "04/21/2026",
"transaction_id": 2361525,
"request_timestamp": 1576099632,
"customer_account_token": "ca875cce-58c0-46a0-8f14-676190cc7df6",
"participant_unique_id1": "1f2739ed-3531-4af2-ae36-e6faf7936462",
"participant_unique_id2": "90759390-01c7-47e7-8a90-6faa89b18ff6"
},
"time": "1.1275"
}Documentation Index
Fetch the complete documentation index at: https://developers.ingopayments.com/llms.txt
Use this file to discover all available pages before exploring further.
Authorizations
All requests must be authenticated using an HMAC-signed Authorization header. Ingo Money requires HMAC-SHA512 for all new integrations. SHA-512 provides a significantly larger internal state and output length than SHA-256, making it substantially more resistant to length-extension attacks and brute-force preimage attempts — properties that matter for financial API traffic where each request authorizes a real money movement.
Legacy integrations using HMAC-SHA256 remain supported but are encouraged to upgrade. SHA-256 continues to meet the current minimum security bar; however, upgrading to SHA-512 eliminates an entire class of potential vulnerabilities before they become exploitable, and aligns with NIST guidance recommending SHA-2 family algorithms with 256-bit security strength or greater for long-term use. Contact your Ingo integration manager to coordinate an algorithm upgrade.
MD5 and SHA-1 are not accepted under any circumstances. Requests signed with either algorithm will be rejected.
Authorization header format:
Authorization: hmac username="YOUR_HMAC_USERNAME", algorithm="hmac-sha512", headers="request-line x-date content-type content-length content-sha512", signature="BASE64_SIGNATURE"
Credentials provisioned by your Ingo integration manager:
-
HMAC username — identifies your integration in the
Authorizationheaderusernamefield. Distinct from your participant identifier. -
HMAC secret — provisioned by your Ingo integration manager. The private key used to compute the signature. Never transmit this value — store it in a secrets manager or environment variable, never in source code.
-
Participant identifier — a separate value used to identify your account within the API request payload. The name and placement differs by product family. Both the HMAC username and participant identifier are provisioned at onboarding — do not substitute one for the other.
-
API key — required for select product families as an additional per-request credential. See product-specific documentation for applicability.
See the Ingo API Authentication Guide for the complete string-to-sign construction, body hashing requirements, and timestamp validation rules.
Body
Unique participant identifier assigned by Ingo.
12345
Always CA for card-based (debit or credit) disbursements.
CA 1"CA"
Amount of the transaction.
x >= 0.011010.5
Token representing the account number and customer data as provided in the response from a previous Verify API call. When provided, raw account fields (account, expiration_date, recipient_first_name, recipient_last_name, recipient_address1, recipient_city, recipient_state, recipient_zip) must be omitted.
1 - 255"ca875cce-58c0-46a0-8f14-676190cc7df6"
Funding source indicator: 1 = Cash, 2 = Check, 3 = Combo of Cash & Check, 4 = Corp Disbursement.
1, 2, 3, 4 4
Participant assigned transaction ID for the process request. Value must be unique and may not contain NPI data. Used for idempotency — a duplicate value returns an idempotent response without initiating a new push request. Appears on daily reconciliation reports.
1 - 255"1f2739ed-3531-4af2-ae36-e6faf7936462"
Unix timestamp of the request.
1576099257
API version of the request. Current version is 11.
11
10-digit recipient phone number.
10"1231231234"
Optional second participant assigned transaction ID. Does not appear on daily reconciliation reports.
255"90759390-01c7-47e7-8a90-6faa89b18ff6"
Data about the transaction sender. Required for clients using sender data.
Hide child attributes
Hide child attributes
Sender account identifier.
1 - 100"ACC-00123456"
Hide child attributes
Hide child attributes
Street address line 1.
1 - 150"123 Main St"
City.
1 - 150"Atlanta"
State (standard US postal abbreviation).
2^(?:A[LKSZRAEP]|C[AOT]|D[EC]|F[LM]|G[AU]|HI|I[ADLN]|K[SY]|LA|M[ADEHINOPST]|N[CDEHJMVY]|O[HKR]|P[ARW]|RI|S[CD]|T[NX]|UT|V[AIT]|W[AIVY])$"GA"
5-digit zip or zip+4 in xxxxx-xxxx format.
10^[0-9]{5}(?:-[0-9]{4})?$"30313"
Optional street address line 2 (e.g. Apt, Suite).
150"Apt 4B"
Hide child attributes
Hide child attributes
Sender email address.
1 - 150"jane.doe@example.com"
Home phone number.
10"4045550100"
Mobile phone number.
10"4045550101"
Required for clients configured for ledger service. Exclude entirely if not applicable to your integration.
Hide child attributes
Hide child attributes
API key associated with the ledger program.
1 - 100"lk_live_abc123xyz"
User ID associated with the ledger program.
1 - 100"usr_00456"
Entity type for the ledger. Accepted values: program, business, user.
program, business, user 1 - 50"program"
Entity ID associated with the ledger.
100"ent_00789"
Client-assigned store ID. Required if participant is configured for retail card-present.
255"STORE-001"
Client-assigned terminal ID. Required if participant is configured for retail card-present.
255"TERM-001"
Client-assigned clerk ID. Required if participant is configured for retail card-present.
255"CLERK-001"
Response
Payment accepted successfully
Numeric code describing the status of the API request. 100 = Success, 102 = Success - Pending Issuer Response, 130 = Success - OFAC Suspended.
100
Text description associated with the status code.
"Success"
Hide child attributes
Hide child attributes
Provided on success. Estimated posting time of the payment.
"Payment will post within 5 minutes."
Provided on success. Estimated posting date of the payment.
"04/21/2026"
Always provided on success and in certain failure conditions. Unique transaction identifier generated with each successful request. Log this value — Ingo Payment Services will request it for support interactions.
2361525
Unix timestamp of the request.
1576099632
Echo of value from request. Provided on success.
"ca875cce-58c0-46a0-8f14-676190cc7df6"
Always provided on success and in certain failure conditions. Echo of value provided on request.
"1f2739ed-3531-4af2-ae36-e6faf7936462"
Provided on success and in certain failure conditions if sent on original request. Echo of value provided on request.
"90759390-01c7-47e7-8a90-6faa89b18ff6"
Time in seconds to complete the request.
"1.1275"
curl --request POST \
--url https://payapi-sandbox.ingo.money/gateway/process--card \
--header 'Authorization: <api-key>' \
--header 'Content-Type: application/json' \
--data '
{
"participant_id": 12345,
"account_type": "CA",
"amount": 1010.5,
"customer_account_token": "ca875cce-58c0-46a0-8f14-676190cc7df6",
"source_of_funds": 4,
"recipient_phone": "1231231234",
"participant_unique_id1": "1f2739ed-3531-4af2-ae36-e6faf7936462",
"participant_unique_id2": "90759390-01c7-47e7-8a90-6faa89b18ff6",
"sender": {
"sender_account": "ACC-00123456",
"name_personal": {
"first_name": "Alex",
"last_name": "Rivera"
},
"contact_address": {
"address1": "100 Innovation Way",
"address2": "",
"city": "Anytown",
"state": "GA",
"zip": "00000"
},
"contact_telcom": {
"email": "jane.doe@example.com",
"phone_home": "5555550101",
"phone_mobile": "5555550100"
}
},
"ledger": {
"api_key": "lk_live_abc123xyz",
"user_id": "usr_00456",
"entity_type": "program",
"entity_id": "ent_00789"
},
"timestamp": 1576099257,
"version": 11
}
'{
"status": 100,
"client_message": "Success",
"data": {
"estimated_posting_time": "Payment will post within 5 minutes.",
"estimated_posting_date": "04/21/2026",
"transaction_id": 2361525,
"request_timestamp": 1576099632,
"customer_account_token": "ca875cce-58c0-46a0-8f14-676190cc7df6",
"participant_unique_id1": "1f2739ed-3531-4af2-ae36-e6faf7936462",
"participant_unique_id2": "90759390-01c7-47e7-8a90-6faa89b18ff6"
},
"time": "1.1275"
}