API reference
API reference
Base URL: https://maxfi-api.exezine.az. All endpoints expect Authorization: Bearer sk_test_โฆ (or sk_live_โฆ) and respond with JSON. Rate limit: 100 req/60s per key. Bodies max 1 MB.
| Method | Path | Description |
|---|---|---|
| POST | /v2/payments | Direct charge โ when you control the card UI (PCI scope: SAQ D). |
| POST | /v2/payments/checkout | Hosted checkout session โ recommended. SAQ A scope. |
| GET | /v2/payments/checkout/{id} | Get a checkout session by id โ poll-friendly. |
| GET | /v2/payments/{id} | Get any payment by id, order_id, session id, or connector ref. |
| POST | /v2/payments/{id}/capture | Capture a previously authorised hold (two-phase flows). |
| POST | /v2/payments/{id}/refund | Full or partial refund โ chains across multiple calls. |
| POST | /v2/payments/{id}/cancel | Cancel an authorisation or pending payment. |
| GET | /v2/payments | Paginated list of merchant payments with filters. |
| POST | /v2/payouts | Send funds out โ card-to-card, IBAN, SBP. |
| GET | /v2/health | Service status โ public, no auth. |
Conventions
- Amounts โ always integer minor units (cents/copecks). Never decimals.
- Currency โ ISO 4217, uppercase.
- Timestamps โ RFC 3339 in UTC:
2026-04-17T07:30:00Z. - Idempotency โ set
Idempotency-Keyon any state-changing call. Cached 24h. - IDs โ
cs_*session,pay_*payment,evt_*webhook event,refund_*,payout_*.