API reference
API reference
Base URL: https://maxfi-api.exezine.az. All endpoints expect Authorization: Bearer sk_test_… (or sk_live_…) and respond with JSON. Rate limit: 100 req/60s per key. Bodies max 1 MB.
| Method | Path | Description |
|---|---|---|
| POST | /v2/payments | Direct charge — when you control the card UI (PCI scope: SAQ D). |
| POST | /v2/payments/checkout | Hosted checkout session — recommended. SAQ A scope. |
| GET | /v2/payments/checkout/{id} | Get a checkout session by id — poll-friendly. |
| GET | /v2/payments/{id} | Get any payment by id, order_id, session id, or connector ref. |
| POST | /v2/payments/{id}/capture | Capture a previously authorised hold (two-phase flows). |
| POST | /v2/payments/{id}/refund | Full or partial refund — chains across multiple calls. |
| POST | /v2/payments/{id}/cancel | Cancel an authorisation or pending payment. |
| GET | /v2/payments | Paginated list of merchant payments with filters. |
| POST | /v2/payouts | Send funds out — card-to-card, IBAN, SBP. |
| GET | /v2/health | Service status — public, no auth. |
Conventions
- Amounts — always integer minor units (cents/copecks). Never decimals.
- Currency — ISO 4217, uppercase.
- Timestamps — RFC 3339 in UTC:
2026-04-17T07:30:00Z. - Idempotency — set
Idempotency-Keyon any state-changing call. Cached 24h. - IDs —
cs_*session,pay_*payment,evt_*webhook event,refund_*,payout_*.