Quick Start: APM Payment

Process an alternative payment method in 3 steps: authenticate, submit payment, handle the redirect.

#Prerequisites

Sandbox credentials (merchantKey + merchantSecret) and your accountId from Exirom
APM method enabled for your merchant account

#Step 1: Authenticate

curl -X POST https://sandbox.api.exirom.com/api/api/v1/auth \
  -H "Content-Type: application/json" \
  -d '{
    "merchantKey": "YOUR_MERCHANT_KEY",
    "merchantSecret": "YOUR_MERCHANT_SECRET"
  }'

{
  "merchantKey": "YOUR_MERCHANT_KEY",
  "token": "eyJhbGciOiJIUzI1NiIs..."
}

#Step 2: Submit a Payment

This example uses PIX (Brazilian QR payment). Replace paymentMethod, paymentType, and method-specific fields in apmPayload for other methods — see the full method list.

Note: APM API uses accountId while Card API uses mid (Merchant ID) to identify your merchant account. Both values are provided by Exirom during onboarding -- they are different identifiers for the same merchant.

curl -X POST https://sandbox.api.exirom.com/api/api/v1/payments/apm \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Referer: https://your-domain.com" \
  -d '{
    "requestId": "unique-request-id-001",
    "accountId": "YOUR_ACCOUNT_ID",
    "amount": "50.00",
    "currency": "BRL",
    "apmPayload": {
      "paymentMethod": "PIX",
      "paymentType": "BANK_TRANSFER",
      "documentId": "12345678901"
    },
    "callbackUrl": "https://your-domain.com/callback",
    "successRedirectUrl": "https://your-domain.com/payment-complete",
    "failureRedirectUrl": "https://your-domain.com/payment-failed",
    "billingDetails": {
      "firstName": "Test",
      "lastName": "User",
      "email": "test@example.com",
      "country": "BR"
    },
    "device": {
      "ip": "203.0.113.1"
    },
    "checksum": "<Base64EncodedChecksum>"
  }'

Computing the checksum: The checksum is an HMAC-SHA256 signature of accountId|amount|currency|requestId (pipe-delimited, amount as the exact decimal string from the request body), Base64-encoded. For this example:
# Fields: accountId=YOUR_ACCOUNT_ID, amount=50.00, currency=BRL, requestId=unique-request-id-001
echo -n "YOUR_ACCOUNT_ID|50.00|BRL|unique-request-id-001" \
  | openssl dgst -sha256 -hmac "YOUR_MERCHANT_SECRET" -binary \
  | base64
See the full Checksum Authentication Guide for details and code examples in multiple languages.

{
  "requestId": "unique-request-id-001",
  "transactionId": "txn_apm_456",
  "transactionStatus": "CUSTOMER_VERIFICATION",
  "apmResponseData": {
    "actionType": "QR",
    "qrData": "00020126580014br.gov.bcb.pix...",
    "qrDeepLink": "pix://pay?code=..."
  },
  "createdTime": "2026-03-14T10:00:00Z"
}

Handle the response based on apmResponseData.actionType — render the QR code, redirect, or process directly. See Payment Flow.

For full request/response schema, see POST /api/v1/payments/apm API Reference.

#Step 3: Receive the Result

Exirom sends a webhook POST to your callbackUrl:

{
  "transactionId": "txn_apm_456",
  "transactionStatus": "SUCCEED",
  "amount": 50.00,
  "currency": "BRL",
  "requestId": "unique-request-id-001"
}

Return HTTP 200 immediately. Process asynchronously.

#What's Next?

Full APM Payment Guide — complete request/response reference
APM References — all 105+ payment methods
Smart Routing — automatic provider selection
Handling the Callback — webhook processing
Integration Checklist — pre-go-live checklist