payments & payouts

This endpoint either initiates a new payment process or performs a card verification check. The operation is determined by the payment details included in the request.

Recent Requests
Log in to see full request history
TimeStatusUser Agent
Retrieving recent requests…
LoadingLoading…

Request Body

Top-level fields

FieldTypeRequiredDescription
request_typestringYes"payment" or "payout". Determines which sub-fields are required below.
referencestringYesYour unique merchant reference for this transaction. Use it later for status queries and webhook deduplication.
amountnumberYesAmount in minor currency units (e.g., kobo for NGN, cents for USD). Must be greater than 0.
currencystringYesISO 4217 currency code (e.g., "NGN", "USD").
payment_methodstringYes when request_type="payment""card" or "virtual_account". Omit for payouts.
payment_method_idstringYes when payment_method="virtual_account"Identifier of the virtual account configuration to use.
expiry_durationintegerYes when payment_method="virtual_account"How long the virtual account stays open, in seconds. Minimum 60.
sourceobjectYes when payment_method="card"Card details — see source below.
customerobjectConditionalCustomer info — see customer below. Required for payouts.
3dsobjectOptional3-D Secure configuration for card payments — see 3ds below.
redirect_urlstringYes for card paymentsURL we redirect the payer to after 3DS / authentication.
narrationstringOptionalFree-text description of the transaction.
payment_ipstringOptionalPayer's IP address (helps with fraud scoring).
authorization_typestringOptionalReserved for future use (e.g., recurring authorizations).
capturebooleanOptionalWhen false, authorize only without capturing. Defaults to true.
expiry_durationinteger (seconds)Optional when payment_method=virtual_accountHow long the account stays open to receive funds. Minimum 60.

source object (card payments)

FieldTypeRequiredDescription
typestringYesAlways "card".
panstringYesThe card number (PAN). Must pass standard credit card validation.
namestringYesCardholder name as it appears on the card.
expiry_monthstringYesTwo-digit expiry month, e.g. "09".
expiry_yearstringYesFour-digit expiry year, e.g. "2028".
cvvstringYes3- or 4-digit card verification value.
billing_address.address_line1stringOptionalStreet address line 1.
billing_address.address_line2stringOptionalStreet address line 2.
billing_address.citystringOptionalCity.
billing_address.statestringOptionalState or region.
billing_address.postal_codestringOptionalZIP / postal code.
billing_address.countrystringOptionalISO 3-letter country code (e.g. "NGA").

customer object

For card payments, the customer block is optional but recommended (any one of name / email requires reference). For payouts, account_number, bank_code, and name are required.

FieldTypeRequiredDescription
referencestringConditionalYour reference for the customer. Required if name or email is set.
namestringConditionalCustomer's full name. Required for payouts.
emailstringConditionalCustomer's email. Required if reference is set.
account_numberstringYes for payoutsBeneficiary bank account number — exactly 10 digits.
bank_codestringYes for payoutsBeneficiary bank code. Use GET /api/banks to enumerate valid codes.

3ds object (card payments only)

FieldTypeRequiredDescription
enabledbooleanOptionalSet true to enable 3-D Secure authentication.
challenge_preferencestringOptionalOne of "challenge_mandated", "challenge_preferred", "no_preference", "no_challenge".

Example Requests

Card payment with 3DS

{
  "request_type": "payment",
  "payment_method": "card",
  "reference": "ORD-2026-00482",
  "amount": 250000,
  "currency": "NGN",
  "narration": "Order #ORD-2026-00482",
  "redirect_url": "https://merchant.example/checkout/return",
  "payment_ip": "102.89.45.12",
  "source": {
    "type": "card",
    "pan": "4242424242424242",
    "name": "Jane Doe",
    "expiry_month": "09",
    "expiry_year": "2028",
    "cvv": "123",
    "billing_address": {
      "address_line1": "12 Marina Road",
      "city": "Lagos",
      "state": "Lagos",
      "postal_code": "101241",
      "country": "NGA"
    }
  },
  "customer": {
    "reference": "CUST-9381",
    "name": "Jane Doe",
    "email": "[email protected]"
  },
  "3ds": {
    "enabled": true,
    "challenge_preference": "challenge_preferred"
  }
}

Virtual account payment

{
  "request_type": "payment",
  "payment_method": "virtual_account",
  "payment_method_id": "va-cfg-78a2",
  "expiry_duration": 1800,
  "reference": "ORD-2026-00483",
  "amount": 500000,
  "currency": "NGN",
  "narration": "Invoice INV-2226",
  "customer": {
    "reference": "CUST-9381",
    "name": "Jane Doe",
    "email": "[email protected]"
  }
}

Payout to a bank account

{
  "request_type": "payout",
  "reference": "PO-2026-00112",
  "amount": 1500000,
  "currency": "NGN",
  "narration": "Vendor payment — May invoice",
  "customer": {
    "name": "Acme Suppliers Ltd",
    "account_number": "0123456789",
    "bank_code": "058"
  }
}

Response Body

The same PaymentResponse shape is returned for all three request flows — fields not relevant to the chosen flow are simply omitted.

Top-level fields

FieldTypeDescription
request_typestringEchoes the request type ("payment" or "payout").
idstring (UUID)The Payline transaction ID.
referencestringYour merchant reference.
payment_link_idstringPayment link ID, if the payment was created from a link.
statusstringTransaction status — see PaymentTransactionStatus.
refund_statusstringRefund state — see PaymentRefundStatus.
settle_statusstringSettlement state — see PaymentSettlementStatus.
virtual_account_detailsobjectPopulated only when payment_method = "virtual_account". See virtual_account_details below.
response_codestringNumeric internal code summarising the outcome (e.g. "10000" for success).
response_summarystringHuman-readable explanation (e.g. "Payment completed").
gateway_codestringAcquirer / gateway response code (e.g. "APPROVED").
gateway_recommendationstringAcquirer recommendation (e.g. retry, do not retry).
retrieval_reference_numberstringRRN from the acquirer.
system_trace_audit_numberstringSTAN from the acquirer.
acquirer_transaction_idstringAcquirer's transaction identifier.
authorization_codestringAuthorization code returned by the card issuer.
merchant_descriptorstringDescriptor that will appear on the cardholder's statement.
amountnumberTransaction amount in minor units.
feenumberProcessing fee charged in minor units.
currencystringISO 4217 currency code.
payment_timestampstring (RFC 3339)When the transaction was created server-side.
redirect_linkstringFor card payments requiring 3DS — redirect the payer here.
sourceobjectCard details echoed back — see source below.
customerobjectCustomer details — see customer below.
total_amount_capturednumberCumulative amount captured for this transaction.
total_amount_available_to_refundnumberRefundable balance remaining.
total_amount_refundednumberCumulative amount already refunded.

source (in response)

FieldTypeDescription
typestringAlways "card" for card payments.
card_typestringCard brand — e.g. "VISA", "MASTERCARD", "VERVE".
card_binstringFirst 6 digits of the PAN.
card_last4stringLast 4 digits of the PAN.
expiry_monthstringTwo-digit expiry month.
expiry_yearstringFour-digit expiry year.

customer (in response)

FieldTypeDescription
namestringCustomer / beneficiary name.
account_numberstringBeneficiary account number (payouts).
bank_codestringBeneficiary bank code (payouts).
bank_namestringBeneficiary bank name (payouts).
merchant_referencestringYour reference for the customer (if you supplied one).

virtual_account_details (virtual account payments)

FieldTypeDescription
account_numberstringThe bank account number the payer should transfer to.
bankstringBank name hosting the virtual account.
account_namestringName printed on the virtual account.
expected_amountstringAmount the payer is expected to send (matches request amount).
amount_receivedstringAmount actually received. Empty until the transfer arrives.
expires_atstring (RFC 3339)When this virtual account stops accepting funds.
statusstringOne of "pending", "success", "mismatch", "expired", "failed".

Status Enums

status — PaymentTransactionStatus

ValueMeaning
pendingTransaction created; awaiting payment or authorization.
successTransaction completed successfully.
failedTransaction terminally failed.

refund_status — PaymentRefundStatus

ValueMeaning
noneNo refund attempted.
partially_refundedSome, but not all, of the amount has been refunded.
refundedFull amount refunded.
refund_failedA refund attempt failed.

settle_status — PaymentSettlementStatus

ValueMeaning
initiatedSettlement batch created.
pendingAwaiting bank processing.
rejectedSettlement rejected by the bank.
approvedApproved; funds awaiting release.
releasedFunds released to the merchant wallet.

Example Responses

Card payment (3DS pending — payer must complete redirect)

{
  "request_type": "payment",
  "id": "9f8a4bb1-7d2c-4f9d-9e2d-a3b6c0a18a55",
  "reference": "ORD-2026-00482",
  "status": "pending",
  "refund_status": "none",
  "response_code": "10001",
  "response_summary": "Processing",
  "amount": 250000,
  "fee": 1250,
  "currency": "NGN",
  "payment_timestamp": "2026-05-19T10:30:00Z",
  "redirect_link": "https://checkout.payline.co/3ds/eyJhbGciOi…",
  "source": {
    "type": "card",
    "card_type": "VISA",
    "card_bin": "424242",
    "card_last4": "4242",
    "expiry_month": "09",
    "expiry_year": "2028"
  },
  "customer": {
    "name": "Jane Doe",
    "merchant_reference": "CUST-9381"
  }
}

Virtual account payment

{
  "request_type": "payment",
  "id": "f1c2d3a4-5b6c-7d8e-9f0a-1b2c3d4e5f6a",
  "reference": "ORD-2026-00483",
  "status": "pending",
  "response_code": "10001",
  "response_summary": "Processing",
  "amount": 500000,
  "currency": "NGN",
  "payment_timestamp": "2026-05-19T10:32:11Z",
  "virtual_account_details": {
    "account_number": "9988776655",
    "bank": "Providus",
    "account_name": "PAYLINE/ORD-2026-00483",
    "expected_amount": "500000",
    "expires_at": "2026-05-19T11:02:11Z",
    "status": "pending"
  },
  "customer": {
    "name": "Jane Doe",
    "merchant_reference": "CUST-9381"
  }
}

Payout

{
  "request_type": "payout",
  "id": "a0b1c2d3-e4f5-6789-abcd-ef0123456789",
  "reference": "PO-2026-00112",
  "status": "success",
  "response_code": "10000",
  "response_summary": "Payment completed",
  "amount": 1500000,
  "fee": 50000,
  "currency": "NGN",
  "payment_timestamp": "2026-05-19T10:35:48Z",
  "customer": {
    "name": "Acme Suppliers Ltd",
    "account_number": "0123456789",
    "bank_code": "058",
    "bank_name": "GTBank"
  }
}

Verify Card Payload

keytypedescription
request_typestringcard_check
currencystringCurrency used for the payment.
sourceobjectname: NameOnCard
pan: CardNumber
cvv: CVV
expiry_month: ExpireMonth
expiry_year: ExpireYear
type: CARD

Generating the X-Signature

📘

To securely authenticate API requests, a signature (X-Signature) must be generated and included in the request headers. This signature is a HMAC SHA256 hash of the request data, using a provided secret key.

Steps to Generate the X-Signature:

  • Prepare the Data: The data to be sent in the API request (request payload) should be prepared as a string.
  • Generate HMAC SHA256 Signature (e.g using crypto-js for Node:
    • Use the HMAC SHA256 algorithm on the request data string.
    • The secret key for HMAC SHA256 is provided (e.g., "sktest$jmrluwtudhbztd@s&lu").
    • The output should be converted to a hexadecimal string.
      Include the Signature in Headers: The resulting hexadecimal string is used as the value for the X-Signature header in the API request.
Body Params

Payment Request Details

3ds
object
number
string
boolean
string
customer
object
integer
string
string
string
string
enum
Allowed:
string
string
enum

regular

Allowed:
string
string
string
enum
Allowed:
source
object
Headers
string
required

Current Timestamp

string
required

Unique Nonce Value

string
required

HMAC SHA256 Signature

Responses

Language
Credentials
Header
LoadingLoading…
Response
Click Try It! to start a request and see the response here! Or choose an example:
application/json