Verify
Process
Webhooks
Verify — Check by Mail
Tokenize a recipient address for check by mail disbursements.
curl --request POST \
--url https://payapi-sandbox.ingo.money/gateway/verify--check \
--header 'Authorization: <api-key>' \
--header 'Content-Type: application/json' \
--data '
{
"participant_id": 12345,
"account_type": "CK",
"recipient_is_beneficiary": 1,
"recipient": {
"recipient_line1": "Ace Ventura",
"recipient_address1": "100 Innovation Way",
"recipient_address2": "Apt 3",
"recipient_city": "Anytown",
"recipient_state": "GA",
"recipient_zip": "00000",
"recipient_phone": "5555550100"
},
"beneficiary": {
"beneficiary_account": "3000000038",
"beneficiary_first_name": "Alex",
"beneficiary_last_name": "Rivera",
"beneficiary_address1": "100 Innovation Way",
"beneficiary_address2": "",
"beneficiary_city": "Anytown",
"beneficiary_state": "GA",
"beneficiary_zip": "00000",
"beneficiary_phone": "5555550100"
},
"participant_unique_id1": "35a792a5-39e6-46fa-add1-419a75d3aa9a",
"participant_unique_id2": "2d4ebd46-616b-4212-bc54-1f7f68514e1a",
"timestamp": 1597862420,
"version": 11
}
'{
"status": 100,
"client_message": "Success",
"data": {
"customer_account_token": "6218c726-3989-40ab-af84-fa6f4c932cb6",
"last_4": "0038",
"estimated_posting_date": "08/29/2020",
"estimated_posting_time": "Payment will post 7-10 Days",
"participant_unique_id1": "35a792a5-39e6-46fa-add1-419a75d3aa9a",
"participant_unique_id2": "2d4ebd46-616b-4212-bc54-1f7f68514e1a",
"request_timestamp": 1597867738
},
"time": "1.4295"
}Documentation Index
Fetch the complete documentation index at: https://developers.ingopayments.com/llms.txt
Use this file to discover all available pages before exploring further.
Authorizations
All requests must be authenticated using an HMAC-signed Authorization header. Ingo Money requires HMAC-SHA512 for all new integrations. SHA-512 provides a significantly larger internal state and output length than SHA-256, making it substantially more resistant to length-extension attacks and brute-force preimage attempts — properties that matter for financial API traffic where each request authorizes a real money movement.
Legacy integrations using HMAC-SHA256 remain supported but are encouraged to upgrade. SHA-256 continues to meet the current minimum security bar; however, upgrading to SHA-512 eliminates an entire class of potential vulnerabilities before they become exploitable, and aligns with NIST guidance recommending SHA-2 family algorithms with 256-bit security strength or greater for long-term use. Contact your Ingo integration manager to coordinate an algorithm upgrade.
MD5 and SHA-1 are not accepted under any circumstances. Requests signed with either algorithm will be rejected.
Authorization header format:
Authorization: hmac username="YOUR_HMAC_USERNAME", algorithm="hmac-sha512", headers="request-line x-date content-type content-length content-sha512", signature="BASE64_SIGNATURE"
Credentials provisioned by your Ingo integration manager:
-
HMAC username — identifies your integration in the
Authorizationheaderusernamefield. Distinct from your participant identifier. -
HMAC secret — provisioned by your Ingo integration manager. The private key used to compute the signature. Never transmit this value — store it in a secrets manager or environment variable, never in source code.
-
Participant identifier — a separate value used to identify your account within the API request payload. The name and placement differs by product family. Both the HMAC username and participant identifier are provisioned at onboarding — do not substitute one for the other.
-
API key — required for select product families as an additional per-request credential. See product-specific documentation for applicability.
See the Ingo API Authentication Guide for the complete string-to-sign construction, body hashing requirements, and timestamp validation rules.
Body
Unique participant identifier assigned by Ingo.
12345
Always CK for check by mail transactions.
CK 1"CK"
Information about the recipient (payee) of the check — used for the pay-to line and mailing address. Required when recipient_is_beneficiary = 0. When recipient_is_beneficiary = 1, this object is auto-populated from beneficiary fields and may be omitted.
Hide child attributes
Hide child attributes
Recipient / Pay To line 1 for the check and the mailing.
1 - 75"Ace Ventura"
Remittance address line 1 for the mailing.
1 - 40"123 Main St."
Remittance city for the mailing.
1 - 25"Atlanta"
Remittance state for the mailing (standard US postal abbreviation).
2^(?:A[LKSZRAEP]|C[AOT]|D[EC]|F[LM]|G[AU]|HI|I[ADLN]|K[SY]|LA|M[ADEHINOPST]|N[CDEHJMVY]|O[HKR]|P[ARW]|RI|S[CD]|T[NX]|UT|V[AIT]|W[AIVY])$"GA"
Remittance zip for the mailing. 5-digit zip or zip+4 in xxxxx-xxxx format.
10^[0-9]{5}(?:-[0-9]{4})?$"30033"
Optional recipient / Pay To line 2 for the check and the mailing.
75"c/o Pet Detective Agency"
Optional remittance address line 2 for the mailing.
40"Apt 3"
Recipient phone number.
25"5551234567"
Flag indicating whether the recipient is the beneficiary. 1 = Recipient is the beneficiary (default). 0 = Recipient is not the beneficiary — a separate recipient mailing address must be provided.
0, 1 1
Information about the beneficiary associated with the payment. Only persistent data should be provided — data that can be used again for payments on the same account. All information provided is included in the remittance data printed and sent with the check. When recipient_is_beneficiary = 1, this information is also used for the pay-to line and mailing address.
Hide child attributes
Hide child attributes
Account number or other identifier used to ensure the payment is applied to the correct beneficiary account. Should be a value that can be used on repeat or subsequent payments with the same generated customer_account_token.
1 - 30"3000000038"
First name of person associated with the beneficiary account.
1 - 30"Ace"
Last name of person associated with the beneficiary account.
1 - 30"Ventura"
Beneficiary address line 1.
1 - 40"123 Main St."
Beneficiary city.
1 - 25"Atlanta"
Beneficiary state (standard US postal abbreviation).
2^(?:A[LKSZRAEP]|C[AOT]|D[EC]|F[LM]|G[AU]|HI|I[ADLN]|K[SY]|LA|M[ADEHINOPST]|N[CDEHJMVY]|O[HKR]|P[ARW]|RI|S[CD]|T[NX]|UT|V[AIT]|W[AIVY])$"GA"
Beneficiary zip. 5-digit zip or zip+4 in xxxxx-xxxx format.
1 - 10^[0-9]{5}(?:-[0-9]{4})?$"30033"
Optional company name of business associated with the beneficiary account.
75null
Optional beneficiary address line 2.
40"Apt 3"
Phone number associated with the beneficiary.
25"5551234567"
Email address associated with the beneficiary.
60"ace.ventura@example.com"
Alternative to raw beneficiary data when the account was previously tokenized. If provided, beneficiary_account and beneficiary identification fields are not required.
1 - 255"6218c726-3989-40ab-af84-fa6f4c932cb6"
Participant assigned ID to be associated with customer_account_token creation. Should correlate to participant assigned values affiliated with future process requests for tracking purposes (e.g. CustomerID or AccountID). Must not contain NPI data.
1 - 255"35a792a5-39e6-46fa-add1-419a75d3aa9a"
Unix timestamp of the request.
1597862420
API version of the request. Current version is 11.
11
Optional second participant assigned ID. Should be carried forward to future process requests for tracking purposes. Must not contain NPI data.
255"2d4ebd46-616b-4212-bc54-1f7f68514e1a"
Client assigned store ID. Required for Retail client participants.
255"STORE-001"
Client assigned terminal ID. Required for Retail client participants.
255"TERM-042"
Client assigned clerk ID. Required for Retail client participants.
255"CLK-007"
Response
Verification successful — token returned
Numeric code describing the status of the API request. 100 = Success.
100
Text description associated with the status code.
"Success"
Hide child attributes
Hide child attributes
GUID — unique value generated based upon account and recipient data. Use this token in all subsequent Process requests for this account.
"6218c726-3989-40ab-af84-fa6f4c932cb6"
The last 4 digits of the beneficiary_account value.
"0038"
Estimated posting date of the payment.
"08/29/2020"
Estimated posting time narrative.
"Payment will post 7-10 Days"
Echo of participant assigned ID for the verify request.
"35a792a5-39e6-46fa-add1-419a75d3aa9a"
Echo of optional second participant assigned ID for the verify request.
"2d4ebd46-616b-4212-bc54-1f7f68514e1a"
Unix timestamp of the request.
1597867738
Time in seconds to complete the request.
"1.4295"
curl --request POST \
--url https://payapi-sandbox.ingo.money/gateway/verify--check \
--header 'Authorization: <api-key>' \
--header 'Content-Type: application/json' \
--data '
{
"participant_id": 12345,
"account_type": "CK",
"recipient_is_beneficiary": 1,
"recipient": {
"recipient_line1": "Ace Ventura",
"recipient_address1": "100 Innovation Way",
"recipient_address2": "Apt 3",
"recipient_city": "Anytown",
"recipient_state": "GA",
"recipient_zip": "00000",
"recipient_phone": "5555550100"
},
"beneficiary": {
"beneficiary_account": "3000000038",
"beneficiary_first_name": "Alex",
"beneficiary_last_name": "Rivera",
"beneficiary_address1": "100 Innovation Way",
"beneficiary_address2": "",
"beneficiary_city": "Anytown",
"beneficiary_state": "GA",
"beneficiary_zip": "00000",
"beneficiary_phone": "5555550100"
},
"participant_unique_id1": "35a792a5-39e6-46fa-add1-419a75d3aa9a",
"participant_unique_id2": "2d4ebd46-616b-4212-bc54-1f7f68514e1a",
"timestamp": 1597862420,
"version": 11
}
'{
"status": 100,
"client_message": "Success",
"data": {
"customer_account_token": "6218c726-3989-40ab-af84-fa6f4c932cb6",
"last_4": "0038",
"estimated_posting_date": "08/29/2020",
"estimated_posting_time": "Payment will post 7-10 Days",
"participant_unique_id1": "35a792a5-39e6-46fa-add1-419a75d3aa9a",
"participant_unique_id2": "2d4ebd46-616b-4212-bc54-1f7f68514e1a",
"request_timestamp": 1597867738
},
"time": "1.4295"
}