Skip to main content
POST
/
gateway
/
verify--retail
curl --request POST \
  --url https://payapi-sandbox.ingo.money/gateway/verify--retail \
  --header 'Authorization: <api-key>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "participant_id": 12345,
  "account_type": "CA",
  "amount": 101,
  "recipient_first_name": "Alex",
  "recipient_last_name": "Rivera",
  "account": "411111XXXXXXXXXX",
  "expiration_date": "2612",
  "cvv": "123",
  "recipient_address1": "100 Innovation Way",
  "recipient_address2": "Apt 3",
  "recipient_city": "Anytown",
  "recipient_state": "GA",
  "recipient_zip": "00000",
  "recipient_phone": "1231231234",
  "store_id": "STORE-001",
  "terminal_id": "TERM-042",
  "clerk_id": "CLK-007",
  "participant_unique_id1": "fb746578-c4c3-498f-b398-1ff07b4fe2ff",
  "participant_unique_id2": "77d6b010-eab4-44dc-9a27-6ffa4838c9f2",
  "timestamp": 1579832224,
  "version": 11
}
'
{
  "status": 100,
  "client_message": "Success",
  "data": {
    "customer_account_token": "715b9903-7bcd-45ae-bc92-4092c8186d9f",
    "last_4": "1111",
    "request_timestamp": 1579832224,
    "issuers": [
      {
        "payee_id": "526263",
        "payee_name": "Bank of America - Platinum MasterCard and Visa",
        "payee_address": "PO Box 15019",
        "payee_city": "Wilmington",
        "payee_state": "DE",
        "payee_zip": "19850-5019",
        "credit_info": {
          "min": "0.05",
          "max": "1500.00",
          "card_type": "Debit",
          "estimated_posting_time": "Payment will post Next Business Day",
          "estimated_posting_date": "04/22/2026"
        },
        "issuing_network": "Visa",
        "credit_enabled": 1,
        "debit_enabled": 0
      }
    ],
    "participant_unique_id1": "fb746578-c4c3-498f-b398-1ff07b4fe2ff",
    "participant_unique_id2": "77d6b010-eab4-44dc-9a27-6ffa4838c9f2",
    "expiration_date": "2612",
    "count": 1
  },
  "time": "4.0146"
}

Authorizations

Authorization
string
header
required

HMAC-SHA512 signed Authorization header. See the Authentication page for the complete signing guide.

Body

application/json

Provide either customer_account_token or raw account fields. For BP account type, also provide payee_id. store_id, clerk_id, and terminal_id are required when the client is configured as a retail participant — confirmed via client-level backend configuration.

participant_id
integer
required

Unique participant identifier assigned by Ingo.

Example:

12345

account_type
enum<string>
required

CA = card-present (debit or credit), BP = bill payment card-present.

Available options:
CA,
BP
Minimum string length: 1
Example:

"CA"

participant_unique_id1
string
required

Participant assigned ID to be associated with customer_account_token creation. Should correlate to participant assigned values affiliated with future process requests for tracking purposes. Must not contain NPI data.

Required string length: 1 - 255
Example:

"fb746578-c4c3-498f-b398-1ff07b4fe2ff"

timestamp
integer<int64>
required

Unix timestamp of the request.

Example:

1579832224

version
integer
required

API version of the request. Current version is 11.

Example:

11

payee_id
string

Ingo assigned payee ID for the selected biller. Required for BP account type. Obtain from the Biller Payments Search API prior to calling Verify.

Maximum string length: 40
Example:

"123457"

customer_account_token
string | null

Alternative to raw account data when the account was previously tokenized. If provided, raw account fields (account, expiration_date, recipient_first_name, recipient_last_name, recipient_address1, recipient_city, recipient_state, recipient_zip) are not required and should be omitted.

Required string length: 1 - 255
Example:

"ca875cce-58c0-46a0-8f14-676190cc7df6"

amount
number<float> | null

Dollar amount of disbursement. Max value determined by participant velocity limits.

Required range: x >= 0.01
Example:

101

recipient_first_name
string

Customer first name. Required unless customer_account_token is provided.

Required string length: 1 - 255
Example:

"Johnny"

recipient_last_name
string

Customer last name. Required unless customer_account_token is provided.

Required string length: 1 - 255
Example:

"Rockets"

recipient_business_name
string | null

Optional recipient business name.

Maximum string length: 150
Example:

null

account
string

Card or bill payment account number. Required unless customer_account_token is provided.

Required string length: 1 - 255
Example:

"411111XXXXXXXXXX"

expiration_date
string | null

Card expiration date in YYMM format. Conditionally required for CA based on client configuration (expiration_date_enabled flag). Not required for BP account type or if customer_account_token is provided.

Maximum string length: 4
Pattern: ^[0-9]{2}(0[1-9]|1[0-2])$
Example:

"2612"

cvv
string | null

CVV value (3–4 digits depending on card type). Conditionally required for CA based on client configuration (cvv_enabled flag). Never required for BP account type or if customer_account_token is provided.

Pattern: ^[0-9]{3,4}$
Example:

"123"

recipient_address1
string

Customer billing address line 1. Required unless customer_account_token is provided.

Required string length: 1 - 255
Example:

"123 Main St."

recipient_address2
string | null

Customer billing address line 2.

Maximum string length: 255
Example:

"Apt 3"

recipient_city
string

Customer billing city. Required unless customer_account_token is provided.

Required string length: 1 - 255
Example:

"Atlanta"

recipient_state
string

Customer billing state (standard US postal abbreviation). Required unless customer_account_token is provided.

Required string length: 2
Pattern: ^(?:A[LKSZRAEP]|C[AOT]|D[EC]|F[LM]|G[AU]|HI|I[ADLN]|K[SY]|LA|M[ADEHINOPST]|N[CDEHJMVY]|O[HKR]|P[ARW]|RI|S[CD]|T[NX]|UT|V[AIT]|W[AIVY])$
Example:

"GA"

recipient_zip
string | null

Customer billing zip code. 5-digit zip or zip+4 in xxxxx-xxxx format. Required unless customer_account_token is provided.

Maximum string length: 10
Pattern: ^[0-9]{5}(?:-[0-9]{4})?$
Example:

"30313"

recipient_phone
string | null

10-digit recipient phone number.

Maximum string length: 10
Example:

"1231231234"

store_id
string

Client assigned store ID. Required when the client is configured as a retail participant (retail flag enabled in client configuration).

Required string length: 1 - 255
Example:

"STORE-001"

terminal_id
string

Client assigned terminal ID. Required when the client is configured as a retail participant (retail flag enabled in client configuration).

Required string length: 1 - 255
Example:

"TERM-042"

clerk_id
string

Client assigned clerk ID. Required when the client is configured as a retail participant (retail flag enabled in client configuration).

Required string length: 1 - 255
Example:

"CLK-007"

participant_unique_id2
string | null

Optional second participant assigned ID. Should be carried forward to future process requests for tracking purposes. Must not contain NPI data.

Maximum string length: 255
Example:

"77d6b010-eab4-44dc-9a27-6ffa4838c9f2"

Response

Verification successful — token returned

status
integer

Numeric code describing the status of the API request. 100 = Success.

Example:

100

client_message
string

Text description associated with the status code.

Example:

"Success"

data
object
time
string

Time in seconds to complete the request.

Example:

"4.0146"