Stage Disbursement
Stage a disbursement with one or more parties via Notify v4.
curl --request POST \
--url https://payapi-sandbox.ingo.money/gateway/v4/notify \
--header 'Authorization: <api-key>' \
--header 'Content-Type: application/json' \
--data '
{
"request": {
"participant_id": 12345,
"timestamp": 1745356800
},
"transaction": {
"transaction_amount": {
"amount": 250,
"currency_code": "USD"
},
"participant_unique_ids": {
"participant_unique_id1": "a4f1b2c3-d456-789e-f012-34567890abcd",
"participant_unique_id2": "b5e2c3d4-e567-890f-a123-456789012345"
},
"workflow_id": 1,
"notify_type": 0,
"sender": {
"name_personal": {
"first_name": "Alex",
"last_name": "Rivera"
},
"contact_address": {
"address1": "100 Innovation Way",
"city": "Anytown",
"state": "GA",
"zip": "00000"
},
"contact_telcom": {
"email": "noreply@example.com"
},
"sender_account": "sender-acct-001"
}
},
"transaction_parties": [
{
"settings": {
"client_provided_id": "party-001",
"role": 0,
"classification": 1,
"recipient_enabled": 1
},
"name_personal": {
"first_name": "Alex",
"last_name": "Rivera"
},
"contact_telcom": {
"email": "johnny.rockets@example.com",
"phone_mobile": "5555550100"
},
"contact_address": {
"address1": "100 Innovation Way",
"address2": "",
"city": "Anytown",
"state": "GA",
"zip": "00000"
},
"authentication": [
{
"field_label": "Last 4 SSN",
"field_order": 1,
"validation_type": 1,
"match_failure_type": 1,
"value_format": "XXXX",
"client_provided_value": "1234"
}
],
"notification": [
{
"field_label": "Account",
"client_provided_value": "Checking Account ending 5678"
}
]
}
]
}
'{
"request": {
"participant_id": 12345,
"timestamp": 1745356800
},
"response": {
"status": "100",
"message": "Success",
"duration": "0"
},
"transaction": {
"participant_unique_ids": {
"participant_unique_id1": "a4f1b2c3-d456-789e-f012-34567890abcd",
"participant_unique_id2": "b5e2c3d4-e567-890f-a123-456789012345"
},
"notification_id": "9876543",
"tracer_id": "trc-20260422-001",
"parties": [
{
"client_provided_id": "party-001",
"party_id": "1"
}
]
}
}Documentation Index
Fetch the complete documentation index at: https://developers.ingopayments.com/llms.txt
Use this file to discover all available pages before exploring further.
Authorizations
All requests must be authenticated using an HMAC-signed Authorization header. Ingo Money requires HMAC-SHA512 for all new integrations. SHA-512 provides a significantly larger internal state and output length than SHA-256, making it substantially more resistant to length-extension attacks and brute-force preimage attempts — properties that matter for financial API traffic where each request authorizes a real money movement.
Legacy integrations using HMAC-SHA256 remain supported but are encouraged to upgrade. SHA-256 continues to meet the current minimum security bar; however, upgrading to SHA-512 eliminates an entire class of potential vulnerabilities before they become exploitable, and aligns with NIST guidance recommending SHA-2 family algorithms with 256-bit security strength or greater for long-term use. Contact your Ingo integration manager to coordinate an algorithm upgrade.
MD5 and SHA-1 are not accepted under any circumstances. Requests signed with either algorithm will be rejected.
Authorization header format:
Authorization: hmac username="YOUR_HMAC_USERNAME", algorithm="hmac-sha512", headers="request-line x-date content-type content-length content-sha512", signature="BASE64_SIGNATURE"
Credentials provisioned by your Ingo integration manager:
-
HMAC username — identifies your integration in the
Authorizationheaderusernamefield. Distinct from your participant identifier. -
HMAC secret — provisioned by your Ingo integration manager. The private key used to compute the signature. Never transmit this value — store it in a secrets manager or environment variable, never in source code.
-
Participant identifier — a separate value used to identify your account within the API request payload. The name and placement differs by product family. Both the HMAC username and participant identifier are provisioned at onboarding — do not substitute one for the other.
-
API key — required for select product families as an additional per-request credential. See product-specific documentation for applicability.
See the Ingo API Authentication Guide for the complete string-to-sign construction, body hashing requirements, and timestamp validation rules.
Body
General information associated with the API request.
Transaction-level information for the disbursement notification.
Hide child attributes
Hide child attributes
Hide child attributes
Hide child attributes
Hide child attributes
Hide child attributes
Participant assigned transaction ID. Must be unique. Used for idempotency. Appears on daily reconciliation reports.
1 - 100"a4f1b2c3-d456-789e-f012-34567890abcd"
Optional second participant assigned transaction ID.
100"b5e2c3d4-e567-890f-a123-456789012345"
Ingo assigned workflow ID that determines the notification and authentication flow. Assigned during client onboarding.
1
Disbursement flow type. 0 = Standard disbursement (one-time), 1 = Enrollment only (recurring), 2 = Disbursement only (recurring — party must already be enrolled), 3 = Enrollment and disbursement (recurring).
0, 1, 2, 3 0
Optional secure link to include in the notification.
250null
Optional URL to a document embedded in the notification. Required when the client is configured for document embedding (document_embedding_enabled).
2048"https://example.com/documents/agreement.pdf"
Optional language code for the recipient notification. Required when configured for alternate language support.
8"es"
Sender information. Required when the client is configured with require_sender_data. Contact your Ingo integration manager to confirm.
Hide child attributes
Hide child attributes
Hide child attributes
Hide child attributes
Sender address line 1.
1 - 150"100 Innovation Way"
Sender city.
1 - 150"Peachtree Corners"
Sender state (standard US postal abbreviation).
2^(?:A[LKSZRAEP]|C[AOT]|D[EC]|F[LM]|G[AU]|HI|I[ADLN]|K[SY]|LA|M[ADEHINOPST]|N[CDEHJMVY]|O[HKR]|P[ARW]|RI|S[CD]|T[NX]|UT|V[AIT]|W[AIVY])$"GA"
Sender zip code.
10^[0-9]{5}(?:-[0-9]{4})?$"30092"
Optional sender address line 2.
150null
Client assigned sender account identifier.
1 - 100"sender-acct-001"
Array of transaction parties. Each party defines a recipient, approver, or interested party for the disbursement notification. At least one party with role: 0 (recipient) and recipient_enabled: 1 is required.
1Hide child attributes
Hide child attributes
Party configuration settings that define the party's role in the disbursement flow.
Hide child attributes
Hide child attributes
Party role. 0 = Recipient, 1 = Approver, 2 = Interested party. When multiparty_enabled is false, only role 0 (Recipient) is accepted.
0, 1, 2 0
Party classification. 1 = Individual, 2 = Business.
1, 2 1
Whether this party is enabled to receive the disbursement. 1 = Enabled, 0 = Notification only (no disbursement). At least one party must have recipient_enabled: 1.
0, 1 1
Client assigned identifier for this party. Required for notify_type: 0, 1, and 3. Not required for notify_type: 2 (disbursement-only recurring — uses party_id instead). Must not be the value default_check.
1 - 50"party-001"
Ingo assigned party identifier for recurring disbursements. Required for notify_type: 2 (disbursement-only recurring). UUID or 1 for default.
1 - 36"1"
Party contact telecommunication information.
Hide child attributes
Hide child attributes
Party email address. The disbursement notification is sent to this address.
1 - 150"johnny.rockets@example.com"
10-digit party mobile number. Conditionality depends on OTAC client configuration.
10"4045551234"
Optional 10-digit party home phone number.
10null
Party postal address.
Hide child attributes
Hide child attributes
Party address line 1.
1 - 150"123 Main St."
Party city.
1 - 150"Atlanta"
Party state (standard US postal abbreviation).
2^(?:A[LKSZRAEP]|C[AOT]|D[EC]|F[LM]|G[AU]|HI|I[ADLN]|K[SY]|LA|M[ADEHINOPST]|N[CDEHJMVY]|O[HKR]|P[ARW]|RI|S[CD]|T[NX]|UT|V[AIT]|W[AIVY])$"GA"
Party zip code.
10^[0-9]{5}(?:-[0-9]{4})?$"30313"
Optional party address line 2.
150"Apt 3"
Individual name for the party. Provide either name_personal{} or name_business — not both.
Business name for the party. Provide instead of name_personal{} for business parties. Requires enable_business_name client configuration.
1 - 150null
Array of authentication challenge records for this party. Maximum count determined by client configuration (max_authentication_records).
1Hide child attributes
Hide child attributes
Display label for the authentication field. Accepts letters, numbers, hyphens, forward slashes, and spaces.
1 - 50^[A-Za-z0-9\-\/ ]+$"Last 4 SSN"
Display order for the authentication field. Must be unique within the array.
1 <= x <= 991
Validation behavior type per NOTIFY_TYPES_V4. 0–3 accepted.
0, 1, 2, 3 1
Behavior on match failure per NOTIFY_TYPES_V4. 0–3 accepted.
0, 1, 2, 3 1
Mask format string defining how the value is displayed to the party.
250"XXXX"
The actual value the party must match to authenticate.
1 - 100"1234"
Array of supplemental notification records for this party. Maximum count determined by client configuration (max_notification_records).
1Hide child attributes
Hide child attributes
Display label for the notification record.
1 - 50"Account"
Value to display for this notification record.
1 - 750"Checking Account ending 5678"
Response
Notification submitted successfully
Transaction outcome data.
Hide child attributes
Hide child attributes
Hide child attributes
Hide child attributes
Echo of participant_unique_id1 from request.
"a4f1b2c3-d456-789e-f012-34567890abcd"
Echo of participant_unique_id2 from request.
"b5e2c3d4-e567-890f-a123-456789012345"
Ingo assigned unique identifier for the staged disbursement. Retain this value — it can be used in cancel operations via POST /gateway/v3/notifycancel.
"9876543"
Ingo assigned tracer ID for the notification.
"trc-20260422-001"
curl --request POST \
--url https://payapi-sandbox.ingo.money/gateway/v4/notify \
--header 'Authorization: <api-key>' \
--header 'Content-Type: application/json' \
--data '
{
"request": {
"participant_id": 12345,
"timestamp": 1745356800
},
"transaction": {
"transaction_amount": {
"amount": 250,
"currency_code": "USD"
},
"participant_unique_ids": {
"participant_unique_id1": "a4f1b2c3-d456-789e-f012-34567890abcd",
"participant_unique_id2": "b5e2c3d4-e567-890f-a123-456789012345"
},
"workflow_id": 1,
"notify_type": 0,
"sender": {
"name_personal": {
"first_name": "Alex",
"last_name": "Rivera"
},
"contact_address": {
"address1": "100 Innovation Way",
"city": "Anytown",
"state": "GA",
"zip": "00000"
},
"contact_telcom": {
"email": "noreply@example.com"
},
"sender_account": "sender-acct-001"
}
},
"transaction_parties": [
{
"settings": {
"client_provided_id": "party-001",
"role": 0,
"classification": 1,
"recipient_enabled": 1
},
"name_personal": {
"first_name": "Alex",
"last_name": "Rivera"
},
"contact_telcom": {
"email": "johnny.rockets@example.com",
"phone_mobile": "5555550100"
},
"contact_address": {
"address1": "100 Innovation Way",
"address2": "",
"city": "Anytown",
"state": "GA",
"zip": "00000"
},
"authentication": [
{
"field_label": "Last 4 SSN",
"field_order": 1,
"validation_type": 1,
"match_failure_type": 1,
"value_format": "XXXX",
"client_provided_value": "1234"
}
],
"notification": [
{
"field_label": "Account",
"client_provided_value": "Checking Account ending 5678"
}
]
}
]
}
'{
"request": {
"participant_id": 12345,
"timestamp": 1745356800
},
"response": {
"status": "100",
"message": "Success",
"duration": "0"
},
"transaction": {
"participant_unique_ids": {
"participant_unique_id1": "a4f1b2c3-d456-789e-f012-34567890abcd",
"participant_unique_id2": "b5e2c3d4-e567-890f-a123-456789012345"
},
"notification_id": "9876543",
"tracer_id": "trc-20260422-001",
"parties": [
{
"client_provided_id": "party-001",
"party_id": "1"
}
]
}
}