npm - refacil-pay-mcp - Versions diffs - 1.1.17 → 1.1.20 - Mend

refacil-pay-mcp 1.1.17 → 1.1.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md +1538 -1612
package/dist/core/resources.js +24 -24
package/dist/core/resources.js.map +1 -1
package/dist/core/tools.js +17 -42
package/dist/core/tools.js.map +1 -1
package/dist/index.js +2 -2
package/package.json +63 -63

package/README.md CHANGED Viewed

@@ -1,1613 +1,1539 @@
-# refacil-pay MCP Server
-Servidor MCP (Model Context Protocol) generado automáticamente para la API refacil-pay.
-## 🚀 Características
-- **18 herramientas** generadas automáticamente desde la colección Postman
-- **Autenticación flexible**: Username/Password con renovación automática de tokens
-- **Servidor HTTP** con Fastify
-- **Protocolo MCP** estándar para integración con IDEs
-## 📋 Requisitos
-- Node.js 20+
-- npm o yarn
-## 📦 Instalación desde NPM
-Si este paquete está publicado en npm, puedes instalarlo globalmente:
-```bash
-# Instalación global (recomendado)
-npm install -g refacil-pay-mcp
-# Verificar instalación
-refacil-pay-mcp --version
-```
-### Configuración Rápida en IDEs
-#### Cursor
-1. Abrir **Settings** → **Features** → **Model Context Protocol**
-2. Click en **"Edit Config"**
-3. Agregar:
-**Windows**: `%APPDATA%\Cursor\User\globalStorage\saoudrizwan.claude-dev\settings\cline_mcp_settings.json`
-**macOS/Linux**: `~/.config/Cursor/User/globalStorage/saoudrizwan.claude-dev/settings/cline_mcp_settings.json`
-```json
-{
-  "mcpServers": {
-    "refacil-pay": {
-      "command": "refacil-pay-mcp",
-      "env": {
-        "BASE_URL": "https://pay-api.qa.refacil.co",
-        "USERNAME": "tu-usuario",
-        "PASSWORD": "tu-contraseña",
-        "AUTH_ENDPOINT": "/auth/login",
-        "TOKEN_CACHE_TTL": "3600"
-      }
-    }
-  }
-}
-```
-4. Reiniciar Cursor
-#### Claude Desktop
-Editar archivo de configuración:
-**Windows**: `%APPDATA%\Claude\claude_desktop_config.json`
-**macOS**: `~/Library/Application Support/Claude/claude_desktop_config.json`
-**Linux**: `~/.config/Claude/claude_desktop_config.json`
-```json
-{
-  "mcpServers": {
-    "refacil-pay": {
-      "command": "refacil-pay-mcp",
-      "env": {
-        "BASE_URL": "https://pay-api.qa.refacil.co",
-        "USERNAME": "tu-usuario",
-        "PASSWORD": "tu-contraseña",
-        "AUTH_ENDPOINT": "/auth/login",
-        "TOKEN_CACHE_TTL": "3600"
-      }
-    }
-  }
-}
-```
-Reiniciar Claude Desktop.
-#### Visual Studio Code
-1. Instalar extensión **MCP for VS Code**
-2. Editar `settings.json`:
-```json
-{
-  "mcp.servers": {
-    "refacil-pay": {
-      "command": "refacil-pay-mcp",
-      "env": {
-        "BASE_URL": "https://pay-api.qa.refacil.co",
-        "USERNAME": "tu-usuario",
-        "PASSWORD": "tu-contraseña",
-        "AUTH_ENDPOINT": "/auth/login",
-        "TOKEN_CACHE_TTL": "3600"
-      }
-    }
-  }
-}
-```
-3. Recargar VS Code
-## 🛠️ Instalación para Desarrollo
-Si quieres contribuir o ejecutar desde el código fuente:
-```bash
-# Clonar el repositorio
-git clone https://github.com/refacil/refacil-pay-mcp.git
-cd refacil-pay-mcp
-# Instalar dependencias
-npm install
-# Construir el proyecto
-npm run build
-# Iniciar en desarrollo
-npm run dev
-# Iniciar en producción
-npm start
-```
-## 🔧 Configuración
-El servidor se configura mediante variables de entorno:
-```bash
-# Copiar archivo de ejemplo
-cp .env.example .env
-# Editar configuración
-nano .env
-```
-### Variables de Entorno
-| Variable | Descripción | Valor por defecto |
-|----------|-------------|-------------------|
-| `PORT` | Puerto del servidor | `3009` |
-| `ENVIRONMENT` | Entorno de ejecución | `development` |
-| `BASE_URL` | URL base de la API | `https://pay-api.qa.refacil.co` |
-| `USERNAME` | Usuario para autenticación | `your_username_here` |
-| `PASSWORD` | Contraseña para autenticación | `your_password_here` |
-| `AUTH_ENDPOINT` | Endpoint de autenticación | `/auth/login` |
-| `TOKEN_CACHE_TTL` | TTL del caché de tokens (segundos) | `3600` |
-| `MCP_TOKEN` | Token de autenticación del MCP | `mcp-secret-token-refacil-pay` |
-## 🐳 Docker
-```bash
-# Construir imagen
-docker build -t refacil-pay-mcp .
-# Ejecutar contenedor
-docker run -p 3009:3009 refacil-pay-mcp
-# O usar docker-compose
-docker-compose up
-```
-## ☸️ Kubernetes
-```bash
-# Aplicar manifests
-kubectl apply -f k8s/
-# Verificar despliegue
-kubectl get pods -l app=refacil-pay-mcp
-```
-## 🔌 Uso del MCP
-### Endpoints Disponibles
-- **`/mcp`**: Endpoint principal del protocolo MCP
-- **`/health`**: Health check del servidor
-- **`/tools`**: Lista de herramientas disponibles
-## 🛠️ Herramientas Disponibles
-### `auth_login`
-To make the request and obtain the login you must have very clear your username and password for each environment where you are going to perform the integration, this information should be requested to our support team ([soportetecnico@refacil.com](https://mailto:soportetecnico@refacil.co)).
-Within the post you will see below are the fields to make your request
-> Note that for the consumption of any of the API services it is necessary to send the authentication token that you get when consuming the **auth/login** service as an Authorization indicating the Type and Token.
-The authentication token has an expiration time of 2 hours. Only consume this service after this time has elapsed or when the services that use the token return a 401 Unauthorized response.
-**Parámetros:**
-| Name | Type | Description |
-| --- | --- | --- |
-| username | string | Campo del body: username |
-| password | string | Campo del body: password |
-### `trx_token_generate`
-This service allows security validation for the execution of a transaction on the platform, generating a single-use token.
-> The transactional token service is obtained in three ways, depending on the action to be performed. For this, the value sent in the _**service**_ parameter must be set according to what is required:
-1\. For Payment Link: **“/cash-in/generate/payment-link/token”**.
-2\. For Payment method: **“/cash-in/generate/payment-method/token”**.
-3\. For Withdraw: **“/cash-out/generate/withdraw-method/token”**.
-4\. For Merchant Key: \[ “/merchant-key/create”, “/merchant-key/cancel” \]
-> The generated token is single-use for each transaction and cannot be consumed more than once. In addition, the transactional token will be valid for 60 seconds.
-**Parámetros:**
-| Name | Type | Description |
-| --- | --- | --- |
-| service | string | Campo del body: service |
-### `transactional_token_method`
-This service allows security validation for the execution of a transaction on the platform, generating a single-use token.
-> The transactional token service is obtained in three ways, depending on the action to be performed. For this, the value sent in the _**service**_ parameter must be set according to what is required:
-1\. For Payment Link: **“/cash-in/generate/payment-link/token”**.
-2\. For Payment method: **“/cash-in/generate/payment-method/token”**.
-3\. For Withdraw: **“/cash-out/generate/withdraw-method/token”**.
-4\. For Merchant Key: \[ “/merchant-key/create”, “/merchant-key/cancel” \]
-> The generated token is single-use for each transaction and cannot be consumed more than once. In addition, the transactional token will be valid for 60 seconds.
-**Parámetros:**
-| Name | Type | Description |
-| --- | --- | --- |
-| service | string | Campo del body: service |
-### `transactional_token_withdraw`
-This service allows security validation for the execution of a transaction on the platform, generating a single-use token.
-> The transactional token service is obtained in three ways, depending on the action to be performed. For this, the value sent in the _**service**_ parameter must be set according to what is required:
-1\. For Payment Link: **“/cash-in/generate/payment-link/token”**.
-2\. For Payment method: **“/cash-in/generate/payment-method/token”**.
-3\. For Withdraw: **“/cash-out/generate/withdraw-method/token”**.
-4\. For Merchant Key: \[ “/merchant-key/create”, “/merchant-key/cancel” \]
-> The generated token is single-use for each transaction and cannot be consumed more than once. In addition, the transactional token will be valid for 60 seconds.
-**Parámetros:**
-| Name | Type | Description |
-| --- | --- | --- |
-| service | string | Campo del body: service |
-### `transactional_token_merchan_key_create`
-This service allows security validation for the execution of a transaction on the platform, generating a single-use token.
-> The transactional token service is obtained in three ways, depending on the action to be performed. For this, the value sent in the _**service**_ parameter must be set according to what is required:
-1\. For Payment Link: **“/cash-in/generate/payment-link/token”**.
-2\. For Payment method: **“/cash-in/generate/payment-method/token”**.
-3\. For Withdraw: **“/cash-out/generate/withdraw-method/token”**.
-4\. For Merchant Key: \[ “/merchant-key/create”, “/merchant-key/cancel” \]
-> The generated token is single-use for each transaction and cannot be consumed more than once. In addition, the transactional token will be valid for 60 seconds.
-**Parámetros:**
-| Name | Type | Description |
-| --- | --- | --- |
-| service | string | Campo del body: service |
-### `transactional_token_merchant_key_cancel`
-This service allows security validation for the execution of a transaction on the platform, generating a single-use token.
-> The transactional token service is obtained in three ways, depending on the action to be performed. For this, the value sent in the _**service**_ parameter must be set according to what is required:
-1\. For Payment Link: **“/cash-in/generate/payment-link/token”**.
-2\. For Payment method: **“/cash-in/generate/payment-method/token”**.
-3\. For Withdraw: **“/cash-out/generate/withdraw-method/token”**.
-4\. For Merchant Key: \[ “/merchant-key/create”, “/merchant-key/cancel” \]
-> The generated token is single-use for each transaction and cannot be consumed more than once. In addition, the transactional token will be valid for 60 seconds.
-**Parámetros:**
-| Name | Type | Description |
-| --- | --- | --- |
-| service | string | Campo del body: service |
-### `cash_in_generate_payment_link_token`
-With the following request you can obtain a payment resource with a link that will redirect your customer to the payment gateway where he will see a list of the different payment methods available.
- ## 📥 Request Body Parameters
-| **Field** | **Type** | **Required** | **Description** |
-| --- | --- | --- | --- |
-| `amount` | number | ✅ | Value of the payment. |
-| `brandId` | number | ❌ | ID of the customer's white label; if one is not available, the default ID 79 is sent. |
-| `expiresIn` | number | ❌ | Time in minutes for the expiration of the resource or payment link. |
-| `reference1` | string | ✅ | Customer identifier, must be between 1 and 30 characters. |
-| `reference2` | object | ❌ | Object for additional information. |
-| `reference2.Commerce` | object | ❌ | Object for information related to the store or commerce. |
-| `reference2.Data` | object | ❌ | Object for information related to the conciliation of the transaction. |
-| `reference2.Label` | object | ❌ | Object to send information to be displayed in the payment summary. |
-| `returnUrl` | string | ❌ | Link that the customer will see when clicking on the back to commerce button. |
-| `showSummary` | boolean | ❌ | Indicates whether the RefácilPay payment summary will be shown or not (false: do not show, true: show). Default: true. |
-| `userMetadata` | object | ✅ | Object containing key details about the user or merchant generating the payment resource. |
-| `userMetadata.identifier` | string | ✅ | Unique identifier of the user or merchant generating the payment resource (max 36 characters). |
-| `userMetadata.ip` | string | ✅ | IP address associated with the user's identifier. Must be a valid IP address. |
-| `userMetadata.urlCommerce` | string | ✅ | URL that identifies the commerce. Must follow valid URL structure with http:// or https:// protocol. Maximum length: 500 characters. |
-| `webhookUrl` | string | ✅ | URL of the client's webhook to receive real-time payment status updates. |
-**Parámetros:**
-| Name | Type | Description |
-| --- | --- | --- |
-| transactionToken | string | Header personalizado: x-transaction-token |
-| expiresIn | number | Campo del body: expiresIn |
-| amount | number | Campo del body: amount |
-| brandId | number | Campo del body: brandId |
-| webhookUrl | string | Campo del body: webhookUrl |
-| userMetadata | object | Campo del body: userMetadata |
-| returnUrl | string | Campo del body: returnUrl |
-| reference1 | string | Campo del body: reference1 |
-| reference2 | object | Campo del body: reference2 |
-### `cash_in_generate_payment_method_token`
-This endpoint allows you to **generate payment requests** through the available _cash-in_ methods.
----
-### 💡 Overview
-The table below lists the available payment methods along with their corresponding IDs and **minimum expiration times** (`expiresIn`) required when creating a payment request.
-| **Method ID** | **Description** | **Minimum Expiration (seconds)** |
-| --- | --- | --- |
-| `130` | Cash-in via **Nequi** | 43,200 |
-| `131` | Cash-in via **Daviplata** | 43,200 |
-| `133` | Cash-in via **PSE** | 1,800 |
-| `262` | Cash-in via **PSE Gateway** | 1,800 |
-| `153` | Cash-in via **Recaudo Efectivo** | 86,400 |
-| `163` | Cash-in via **TPaga** | 43,200 |
-| `248` | Cash-in via **QR Interoperable** | N/A |
-| `250` | Cash-in via **Llaves Bre-B** | 300 |
-| `273` | Cash-in via **Tarjetas** (Débito y Crédito) | 3,600 |
-| `277` | Cash-in via **Whatsapp** | 2,592,000 |
-> ⚠ **Important:**
-The value provided in the expiresIn field **must be greater than or equal** to the minimum expiration defined for the selected payment method. **This does not apply to dynamic keys, which always expire 5 minutes after creation.**
----
-## 🧩 Payment Method Details
-Each payment method requires a specific object structure within the `"paymentMethod"` field.
----
-### **Nequi**
-``` json
-"paymentMethod": {
-  "id": 130,
-  "cellphone": "3105293225"
-}
- ```
----
-### **Daviplata**
-``` json
-"paymentMethod": {
-  "id": 131,
-  "cellphone": "3208385715"
-}
- ```
----
-### **PSE**
-For this payment method, depending on the `typePerson` selected, only specific document types are accepted:
-- **`typePerson`****:** **`"0"`** → corresponds to a **Natural Person** and only accepts the following values for `documentType`:
-    - `RCN`
-    - `TI`
-    - `CC`
-    - `TE`
-    - `CE`
-    - `PA`
-    - `DIE`
-- **`typePerson`****:** **`"1"`** → corresponds to a **Legal Person** and only accepts the following value for `documentType`:
-    - `NIT`
-``` json
-"paymentMethod": {
-  "id": 133,
-  "documentType": "CC",
-  "typePerson": "0",
-  "bankId": "string",
-  "documentNumber": "string",
-  "name": "string",
-  "cellphone": "string",
-  "address": "string",
-  "email": "string"
-}
- ```
----
-### **PSE Gateway**
-This payment method enables direct integration with the PSE network for processing online bank payments.
-To consume this product, it is required to have the following parameters previously configured and associated with your product:
-- `entity_code`
-- `service_code`
-- `company_ciiu`
-- `company_name`
-These parameters identify your company within the PSE network and are necessary for successful transaction routing and validation.
-> 💬 **For more information or to request these credentials, please contact the support team.**
-This method follows **the same structure and validation rules** as **PSE**, but must use the following identifier:
-``` json
-"paymentMethod": {
-  "id": 262,
-  "documentType": "CC",
-  "typePerson": "0",
-  "bankId": "string",
-  "documentNumber": "string",
-  "name": "string",
-  "cellphone": "string",
-  "address": "string",
-  "email": "string"
-}
- ```
-The **PSE integration** relies heavily on the correct configuration of the `showSummary` and `returnUrl` parameters.
-These parameters control the **user experience** and the **finalization flow** of the payment process.
-| Scenario | `showSummary` | `returnUrl` | Flow Description |
-| --- | --- | --- | --- |
-| **1\. Standard Redirect (Default)** | `true` or not sent | ✅ Present | Displays a transaction summary screen with key payment details and retrieves the final transaction status. After the payment is completed, the user is redirected to the specified `returnUrl`. |
-| **2\. Without Transaction Summary Screen** | `false` | ✅ Present | Skips the transaction summary screen and redirects the user directly to the `returnUrl`. In this case, the merchant’s system must display the transaction summary on the destination page. |
-> ⚠️ **Note:**
-For **PSE** and **PSE Gateway**, it is **strongly recommended** to use `showSummary: true` along with a valid `returnUrl` to ensure a seamless customer experience and accurate transaction tracking.
-> 🔗 **See also:**
-- [Transaction Summary](https://documenter.getpostman.com/view/35146358/2sA3QpDEFA#45e0d76a-fabd-442e-9b17-e2f6b8354ec5)
-- [Transaction Status](https://documenter.getpostman.com/view/35146358/2sA3QpDEFA#dd3ba9f5-1f10-4109-b59d-6e5aad5e3799)
----
-### **Recaudo Efectivo**
-``` json
-"paymentMethod": {
-  "id": 153
-}
- ```
----
-### **TPaga**
-This payment method supports an optional parameter called `isQr`, which determines the type of resource returned in the `url` field:
-| **Value** | **Description** |
-| --- | --- |
-| `true` | The `url` field returns a link to a **QR code** displaying transaction details. |
-| `false` | The `url` field returns a **deeplink** to open directly in the TPAGA wallet app. |
-> 🧠 **Behavior:**
-If `isQr` is not provided, the default behavior is equivalent to `isQr: false`.
-Transactions can only be completed **from a mobile device**.
-If the request is made from a desktop or tablet, it is recommended to send `isQr: true` so the user can scan the QR from a mobile device.
-``` json
-"paymentMethod": {
-  "id": 163,
-  "isQr": false
-}
- ```
----
-### **QR Interoperable**
-For this method, the following fields are **optional**:
-- `cellphone`
-- `documentNumber`
-- `documentType`
-- `merchantId`
-The service can function using only the payment method ID; however, providing these optional fields can **improve response time**.
-You may retrieve this data through the `enrollment-data` service in the [Merchant Enrollment](https://documenter.getpostman.com/view/35146358/2sA3QpDEFA#8c9f5a18-a19a-4b8f-baba-cd7501aa29a0) section.
-> ⚠ **Prerequisite:**
-The merchant must complete the **Merchant Enrollment** process before using this method.
-See the _Merchant Enrollment_ section for setup details.
-> 🔁 **Open Resource:**
-The **QR Interoperable** operates as an _open resource_, meaning the generated QR can be used multiple times by the same user.
-> ⚙️ **Technical Note — Dynamic QR Behavior:**
-Dynamic QR codes may be scanned multiple times due to current limitations in the Redeban system.
-This is **not** an error in our platform.
-#### Behavior Details
-- Redeban does not automatically invalidate a dynamic QR after its first scan.
-- As a result, the same QR may generate multiple transaction records.
-#### Recommendations
-- Implement **application-level validation** to detect multiple payments from the same QR code.
-- Monitor dynamic QR transactions and confirm status before marking payments as completed.
-- Inform end-users to verify the success of a transaction before rescanning.
-#### Future Considerations
-- Redeban is evaluating support for **single-use dynamic QR control**.
-- Stay updated with interoperability provider announcements to adjust integrations accordingly.
-``` json
-"paymentMethod": {
-  "id": 248,
-  "cellphone": "string",
-  "documentType": "string",
-  "documentNumber": "string",
-  "merchantId": "string"
-}
- ```
----
-### **Llaves** Dinámicas **Bre-B**
-For this method, the following fields are **required**:
-- `cellphone`
-- `docNumber`
-- `docType`
-- `merchantId`
-You may retrieve this data through the `enrollment-data` service in the [Merchant Enrollment](https://documenter.getpostman.com/view/35146358/2sA3QpDEFA#8c9f5a18-a19a-4b8f-baba-cd7501aa29a0) section.
-> ⚠ **Prerequisite:**
-The merchant must complete the **Merchant Enrollment** process before using this method.
-See the _Merchant Enrollment_ section for setup details.
-> 🔁 **Open Resource:**
-The **Llaves Dinamicas Bre-B** operates as an _open resource_, meaning the generated KEY can be used multiple times by the same user.
-> ⚙️ **Technical Note — Dynamic Key Behavior:**
-Dynamic keys may receive multiple money transfers due to current limitations in the Redeban system.
-This behavior does not represent an error or malfunction in our platform.
-**Additionally, dynamic keys have a fixed validity period of 5 minutes, and this duration cannot be modified.**
-#### Behavior Details
-- Redeban does not automatically invalidate a dynamic KEY after its first send.
-- As a result, the same KEY may generate multiple transaction records.
-#### Recommendations
-- Implement **application-level validation** to detect multiple payments from the same KEY.
-- Monitor dynamic KEY transactions and confirm status before marking payments as completed.
-- Inform end-users to verify the success of a transaction before rescanning.
-#### Future Considerations
-- Stay updated with interoperability provider announcements to adjust integrations accordingly.
-``` json
-"paymentMethod": {
-  "id": 250,
-  "cellphone": "string",
-  "docType": "string",
-  "docNumber": "string",
-  "merchantId": "string"
-}
- ```
----
-### **Card Payments**
-This payment method allows processing payments with debit and credit cards (Mastercard and Visa).
-For this method, the following fields are **required**:
-- `id`: 273
-- `description`: Description of the payment detail that will be displayed in the payment link
-- `external`: Defines the type of link generated
-#### PaymentMethod Parameters
-| **Field** | **Type** | **Required** | **Description** |
-| --- | --- | --- | --- |
-| `id` | number | ✅ | Payment method ID: 273 |
-| `description` | string | ✅ | Description of the payment detail that will be displayed in the payment link |
-| `external` | boolean | ✅ | Defines whether to generate a payment link to send directly to the client (`true`) or to embed in an iframe (`false`) |
-#### Behavior based on the `external` parameter
-| **Value** | **Description** |
-| --- | --- |
-| `true` | Generates a payment link to send directly to the client. The client can complete the payment from their browser or mobile application. |
-| `false` | Generates a link to embed in an iframe within your own website. The payment is processed within your site. |
-#### Iframe Implementation Example
-When `external: false`, you can embed the payment link in an iframe as follows:
-``` html
-<html>
-<head>
-  <title>Add Payment Method</title>
-</head>
-<body>
-  <iframe
-    src="YOUR-URL-LINK-ID"
-    width="100%"
-    height="600"
-    frameborder="0"
-    style="max-width: 500px; margin: 0 auto; display: block;">
-  </iframe>
-</body>
-</html>
- ```
-> ⚠️ **Important:**
-> You must use the **complete URL** from the `url` field in the service response as the `src` attribute value in the iframe. The `src` attribute must contain the entire URL returned in the `data.url` field of the API response. For example, if the response contains:
-``` json
-"data": {
-  "url": "https://checkout.akua.la/links/lnk-07595544-cfe6-4d40-8894-0ed7cf3c28b9?sandbox=true"
-}
- ```
-Then the iframe `src` should be:
-``` html
-<iframe src="https://checkout.akua.la/links/lnk-07595544-cfe6-4d40-8894-0ed7cf3c28b9?sandbox=true" ...></iframe>
- ```
-``` json
-"paymentMethod": {
-  "id": 273,
-  "description": "Payment description",
-  "external": true
-}
- ```
-#### Response Example
-``` json
-{
-  "statusCode": "00",
-  "message": "Operación exitosa.",
-  "data": {
-    "url": "https://checkout.akua.la/links/lnk-07595544-cfe6-4d40-8894-0ed7cf3c28b9?sandbox=true",
-    "reference": "db205760-d228-11f0-8923-0d9b7d755dab",
-    "resourceId": "2762357",
-    "expiresIn": "2025-12-06T22:22:16.000Z",
-    "urlStatusPay": "https://mf-core.refacil.co/refacilpay/resumen/79/db205760-d228-11f0-8923-0d9b7d755dab",
-    "resourceUrlId": "1762027",
-    "status": 1
-  }
-}
- ```
-#### Response Fields
-| **Field** | **Description** |
-| --- | --- |
-| `url` | Payment link URL. Can be used for direct redirection or to embed in an iframe depending on the `external` value |
-| `reference` | Unique transaction reference |
-| `resourceId` | Generated payment resource ID |
-| `expiresIn` | Payment link expiration date and time |
-| `urlStatusPay` | URL to check the payment status |
-| `resourceUrlId` | URL resource ID |
-| `status` | Resource status (1 = Active) |
----
-### **Whatsapp**
-For this method, the following fields are **required**:
-- `cellphone`
-- `pdfUrl`
-> ⚠ **pdfUrl — URL standards (Meta/WhatsApp):**
-The value is not arbitrary. The URL must comply with the following so that the document can be sent via WhatsApp:
-- **Protocol:** Must be **HTTPS**.
-- **Access:** The resource must be **publicly accessible** (no authentication); the system downloads the file from this URL.
-- **Format:** The file must be a valid **PDF**.
-- **Size:** Document size must not exceed **100 MB** (WhatsApp Cloud API limit for documents).
-Sending a URL that does not meet these requirements may result in rejection or delivery failure.
-``` json
-"paymentMethod": {
-  "id": 277,
-  "cellphone": "string",
-  "pdfUrl": "string"
-}
- ```
----
-## 📥 Request Body Parameters
-| **Field** | **Type** | **Required** | **Description** |
-| --- | --- | --- | --- |
-| `amount` | number | ✅ | Value of the payment. |
-| `brandId` | number | ❌ | ID of the customer's white label; if one is not available, the default ID 79 is sent. |
-| `expiresIn` | number | ❌ | Time in seconds for the expiration of the resource or payment link. |
-| `paymentMethod` | object | ✅ | Object specifying the payment method and its details. |
-| `paymentMethod.id` | number | ✅ | ID of the selected payment method (see available payment methods). |
-| `reference1` | string | ✅ | Customer identifier, must be between 1 and 30 characters. |
-| `reference2` | object | ❌ | Object for additional information. |
-| `reference2.Commerce` | object | ❌ | Object for information related to the store or commerce. |
-| `reference2.Data` | object | ❌ | Object for information related to the conciliation of the transaction. |
-| `reference2.Label` | object | ❌ | Object to send information to be displayed in the payment summary. |
-| `returnUrl` | string | ❌ | Link that the customer will see when clicking on the back to commerce button. |
-| `showSummary` | boolean | ❌ | Indicates whether the RefácilPay payment summary will be shown or not (false: do not show, true: show). Default: true. |
-| `userMetadata` | object | ✅ | Object containing key details about the user or merchant generating the payment resource. |
-| `userMetadata.identifier` | string | ✅ | Unique identifier of the user or merchant generating the payment resource (max 36 characters). |
-| `userMetadata.ip` | string | ✅ | IP address associated with the user's identifier. Must be a valid IP address. |
-| `userMetadata.urlCommerce` | string | ✅ | URL that identifies the commerce. Must follow valid URL structure with http:// or https:// protocol. Maximum length: 500 characters. |
-| `webhookUrl` | string | ✅ | URL of the client's webhook to receive real-time payment status updates. |
-**Parámetros:**
-| Name | Type | Description |
-| --- | --- | --- |
-| transactionToken | string | Header personalizado: x-transaction-token |
-| expiresIn | number | Campo del body: expiresIn |
-| paymentMethod | object | Campo del body: paymentMethod |
-| userMetadata | object | Campo del body: userMetadata |
-| amount | number | Campo del body: amount |
-| brandId | number | Campo del body: brandId |
-| webhookUrl | string | Campo del body: webhookUrl |
-| returnUrl | string | Campo del body: returnUrl |
-| showSummary | boolean | Campo del body: showSummary |
-| reference1 | string | Campo del body: reference1 |
-| reference2 | object | Campo del body: reference2 |
-### `cash_out_generate_withdraw_method_token`
-This service allows you to generate withdrawal requests through the enabled dispersion means.
-> 🔐 Authentication
-All requests must include the following headers:
-| **Header** | **Description** | **Example** |
-| --- | --- | --- |
-| Authorization | Bearer token generated by the authentication service. | Bearer eyJhbGciOiJIUzI1NiIs... |
-| x-transaction-token | Transactional token specific to the service. | 9b48edde-652d-11ed-984e-02c840fe**** |
-| Content-Type | Content type of the request body. | application/json |
-> Important fields within the requests:
-Webhook: This is the url of the client's webhook to where our service sends the transaction status and transaction detail information.
- This endpoint allows you to **generate withdrawal (cash-out) requests** through the available payout methods.
----
-### 💡 Overview
-The table below lists the available payout methods along with their corresponding IDs and brief descriptions.
-| **Method ID** | **Description** |
-| --- | --- |
-| `264` | Cash-out via **Bre-B** |
-> ⚠ **Note:**
-Each withdrawal method requires a specific object structure within the `"withdrawMethod"` field, as shown below.
----
-## 🧩 Payout Method Details
-### **Bre-B**
-``` json
-"withdrawMethod": {
-  "id": 264,
-  "key": "@REPRUEBAL7717"
-}
- ```
-**Description:**
-Transfers funds directly to a Bre-B account using the beneficiary’s unique Bre-B key.
-> 💡 **Tip:**
-The `key` field must contain a valid Bre-B account alias in the format `@USERNAME`.
----
-## 📥 Request Body Parameters
-| **Field** | **Type** | **Required** | **Description** |
-| --- | --- | --- | --- |
-| `amount` | number | ✅ | Amount to be withdrawn. |
-| `reference1` | string | ✅ | Unique transaction reference generated by the client (max 20 characters). |
-| `webhookRequest` | string | ✅ | Customer’s webhook URL to receive real-time withdrawal status updates. |
-| `userMetadata` | object | ✅ | Object containing metadata related to the origin of the transaction. |
-| `userMetadata.identifier` | string | ✅ | Identifier for the user or merchant initiating the transaction. |
-| `userMetadata.ip` | string | ✅ | IP address from which the transaction was initiated. |
-| `userMetadata.urlCommerce` | string | ✅ | Commerce or customer’s URL associated with the transaction. |
-| `withdrawMethod` | object | ✅ | Object specifying the withdrawal method and destination details. |
-| `withdrawMethod.id` | number | ✅ | ID of the selected payout method (see table above). |
-| `withdrawMethod.key` | string | Conditional | Required for **Bre-B** withdrawals. |
-| `withdrawMethod.bankName` | string | ❌ | Optional bank name, if applicable for future payout methods. |
----
-**Parámetros:**
-| Name | Type | Description |
-| --- | --- | --- |
-| transactionToken | string | Header personalizado: x-transaction-token |
-| amount | number | Campo del body: amount |
-| reference1 | string | Campo del body: reference1 |
-| webhookRequest | string | Campo del body: webhookRequest |
-| withdrawMethod | object | Campo del body: withdrawMethod |
-| userMetadata | object | Campo del body: userMetadata |
-### `customer_getbalance`
-This service allows you to generate withdrawal requests through the enabled dispersion means.
-> 🔐 Authentication
-All requests must include the following headers:
-| **Header** | **Description** | **Example** |
-| --- | --- | --- |
-| Authorization | Bearer token generated by the authentication service. | Bearer eyJhbGciOiJIUzI1NiIs... |
-| x-transaction-token | Transactional token specific to the service. | 9b48edde-652d-11ed-984e-02c840fe**** |
-| Content-Type | Content type of the request body. | application/json |
-> Important fields within the requests:
-Webhook: This is the url of the client's webhook to where our service sends the transaction status and transaction detail information.
- This service allows you to consult the balance exchange and the dispersion exchange associated with the client's identifier.
-> To use the service, an authentication token is required, which must be sent as an Authorization header.
-Headers
-| **Name** | **Value** |
-| --- | --- |
-| Content-Type | application/json |
-| Authorization | Bearer |
-Body
-**Parámetros:**
-| Name | Type | Description |
-| --- | --- | --- |
-| userId | number | Campo del body: userId |
-### `payment_status`
-These services will allow us to validate the status of a transaction and consult the characteristics of a payment method.
- This service allows you to check the status of a transaction made, for this you must have the _reference_ data that returned the response when generating any payment resource.
-In the response you will get the _status_ _id_ which will mean the following
-0 - Transaction Rejected
-1 - Pending Transaction
-2 - Transaction Approved
-3 - Failed Transaction
-5 - Transaction Cancelled
-9 - Processing Transaction
-Headers
-| **Name** | **Value** |
-| --- | --- |
-| Content-Type | application/json |
-| Authorization | Bearer |
-Body
-**Parámetros:**
-| Name | Type | Description |
-| --- | --- | --- |
-| reference | string | Campo del body: reference |
-### `payment_customer_reference_status`
-These services will allow us to validate the status of a transaction and consult the characteristics of a payment method.
- ## 🔍 Check Transaction by Customer Reference
-This endpoint allows **API Pay** users to query the status of a transaction using only the `customerReference` value originally provided when generating a resource as `reference1` through any of the following endpoints:
-- `/cash-in/generate/payment-link/token`
-- `/cash-in/generate/payment-method/token`
-- `/cash-out/generate/withdraw-method/token`
-This service is useful for retrieving the internal **Refacil** transaction information associated with a previously submitted customer reference.
----
-## 🔐 Authentication
-This endpoint **requires** a valid Bearer Token in the request headers. Requests without valid authentication will be rejected with an `Unauthorized` error.
-## 📤 Successful Response
-- `exists`: `true` indicates that the transaction associated with the provided `customerReference` was found.
-- `id`: Internal Refacil transaction ID.
-- `status`: Transaction status code (see table below).
-- `reference`: Full Refacil transaction reference, which can be used to query `/payment/status`.
-### ℹ️ Status Code Reference
-| Status Code | Meaning |
-| --- | --- |
-| `0` | Transaction Rejected |
-| `1` | Transaction Pending |
-| `2` | Transaction Approved |
-| `3` | Transaction Failed |
-| `5` | Transaction Cancelled |
-| `9` | Transaction Processing |
----
-**Parámetros:**
-| Name | Type | Description |
-| --- | --- | --- |
-| customerReference | string | Campo del body: customerReference |
-### `payment_features`
-These services will allow us to validate the status of a transaction and consult the characteristics of a payment method.
- This service allows you to consult the necessary characteristics of a payment method to successfully generate a resource. For example, obtain the PSE banks
-Headers
-| **Name** | **Value** |
-| --- | --- |
-| Content-Type | application/json |
-| Authorization | Bearer |
-Body
-**Parámetros:**
-| Name | Type | Description |
-| --- | --- | --- |
-| id | number | Campo del body: id |
-### `webhook_notify`
-This component must be built by the merchant to receive the transaction notification data.
-You must take into account the following steps:
-**1.**You must create a Webhook without authentication.
-**2\. The** Url created will be the one you send in all requests when generating the payment resource in the “_WebhookUrl_” field. It is important to keep in mind that if for some reason you change the webhook you must modify the urls that you send in each generated resource.
-<img src="https://content.pstmn.io/10fdac74-e60a-41f2-b9ff-8b5777a7afc0/aW1hZ2UucG5n" width="322" height="117">
-A signature must be generated to validate the integrity of the messages sent to the webhook and the fields must be concatenated in the following way:
-_**HASH_KEY**_ _\=This data must be requested to the support area_.
-_**let signature**_ _\= referenceId-resourceId-amount-updatedAt-HASH_KEY; signature = crypto.createHmac(“sha1”, HASH_KEY).update(signature).digest(“hex”);_
-Example of a response that will reach your Webhook
-**Response**
-``` json
-{
-  "realAmount": 20000,
-  "amount": 19405,
-  "cost": "$595.00",
-  "referenceId": "38**",
-  "moduleId": 9,
-  "productId": 117,
-  "referenceKey": "3538d790-ae14-11ed-be2d-4d9b1bc987e6",
-  "paymentMethod": "PSE",
-  "userId": 189067,
-  "resourceId": "10024**",
-  "updatedAt": "2023-02-16 11:11:55",
-  "providerId": 8,
-  "providerReference": "3122330",
-  "reference1": "435sdfsd**",
-  "reference2": {
-    "Label": {
-      "Information": "Por seguridad algunos datos se encuentran cifrados",
-      "Name": "L**A",
-      "Email": "l**am@**",
-      "CellPhone": "3**4",
-      "DocumentType": "C",
-      "DocumentNumber": "52019859",
-      "Description": "Abono",
-      "Commerce": "Skandia",
-      "Reference1": null,
-      "Reference2": null,
-      "Reference3": null
-    },
-    "Data": {
-      "ConciliationCode": "FCO",
-      "ConciliationContract": "1277840",
-      "DocType": "N",
-      "DocNumber": "800194363"
-    },
-    "returnUrl": "https://www.google.com/"
-  },
-  "bankId": "1022",
-  "bankName": "BANCO UNION COLOMBIANO",
-  "status": 2,
-  "sign": "aa2f472ad7e84524a02d1716b56fc16ec2a87***",
-  "error": {
-    "code": "20-07A",
-    "message": "Error técnico en Lambda"
-  }
-}
- ```
-- Within the webhook an **"error** ” object is sent that shows the error _**code**_ and _**message**_ associated with rejections received from the supplier/bank or cancellation of the transaction when the generation of the resource is not completed.
-- The error codes are printed when the transaction is _**Rejected**_ by the bank or when it is _**Cancelled**_ because the resource generation could not be completed.
-**Notification for Withdraw**
-For withdraws, a notification will be sent to the webhook provided in the application. This notification will follow the structure mentioned above and will additionally include the withdrawal data. An example is provided below:
-``` json
-{
-    ..."webhook",
-    "withdraw": {
-        "id": "1403**",
-        "transactionId": "5690**",
-        "userId": 189067,
-        "providerReference": "3122330",
-        "accountNumber": "3051000002",
-        "accountId": null,
-        "createdAt": "2023-02-16 11:10:55",
-        "updatedAt": "2023-02-16 11:12:55",
-        "deletedAt": null,
-        "infoReference": "435sdfsd**",
-        "observation": null
-    },
-}
- ```
-> _**The implementation of the webhook by the API user is mandatory. The reception and storage of the information for the reconciliation process by the API user with RefácilPay must be ensured.**__**__**__**This item will be evaluated during the certification process and will be mandatory for the transition to Production.**_
- Body
-### Transfer state machine
-<img src="https://content.pstmn.io/89f89557-2e1b-44c2-8dcb-d9e7d2f32c54/aW1hZ2UucG5n" width="293" height="380">
-**Parámetros:**
-| Name | Type | Description |
-| --- | --- | --- |
-| reference | string | Campo del body: reference |
-### `merchant_enrollment_data`
-This service allows merchants to retrieve enrollment data for the use of the QR interoperable payment method and key creation.
-To use the service, an authentication token is required and must be sent as an `Authorization` header.
----
-### **Enrollment Process**
-1. **Retrieve Enrollment Data**
-    - Retrieves the merchant’s enrollment information once the process is completed.
----
-### **Merchant Enrollment Statuses**
-- **`approved`**
-    The merchant has been approved and is authorized to generate QR codes.
-- **`enrolled_other`**
-    The merchant is already enrolled with another entity. To proceed:
-    - Contact the commercial representative and request unenrollment from the current entity.
-    - Submit a letter signed by the legal representative.
-    - Be aware that this process may take up to **5 business days**.
-        The commercial representative will provide guidance throughout the process.
-- **`rejected`**
-    The merchant has been rejected. Please contact your commercial representative for further details.
-- **`pending`**
-    The enrollment is in progress. The query may take a few minutes. If a final status is not received shortly, contact **RefacilPay support** to verify the situation.
-- **`not_started`**
-    No enrollment process has been initiated for the requested merchant.
----
-### **Important Note on the "cellphone" Field in the Enrollment Process**
-During the merchant creation flow for the QR Interoperable product, the API retrieves the merchant's registered information from the system. However, for the **"cellphone number"** field, the **Refacil** system automatically replaces the merchant’s actual phone number with a **generic alias number**.
-This behavior follows technical and operational requirements from the provider, as the real phone number may already exist in the provider’s databases, potentially causing integration conflicts.
-To avoid these issues, a randomly generated alias is used as a placeholder. This alias is **exclusive to this product** and does **not affect** the merchant’s operation in other services.
- This endpoint retrieves the merchant's enrollment details after the enrollment process has been completed. It provides necessary information to use the QR interoperable payment method.
-### `user_webhooks`
-Service to **configure backup webhooks per client**. It allows listing, creating and activating/deactivating URLs to which RefacilPay will send notifications when the payment resource has no webhook configured (e.g. for Saldo or Dispersión).
----
-### Endpoints
-1. **List user webhooks** (GET) – Returns the backup webhooks configured for the **authenticated user** (user inferred from Bearer token).
-2. **Create user webhook** (POST) – Creates a backup webhook for the **authenticated user** and type (Saldo or Dispersión).
-3. **Update webhook status** (PATCH) – Activates or deactivates a backup webhook **owned by the authenticated user**.
-All endpoints require Bearer token authentication (`Authorization: Bearer {{tokenLogin}}`). The user is always inferred from the token for security.
- ---
-### Description
-Returns the **backup webhooks** configured for the **authenticated user**. The user is identified by the Bearer token (header `Authorization`). The response lists all webhooks for that user with their type (e.g. Saldo, Dispersión), URL and active/inactive status.
----
-### What it is for
-- Query which backup webhook URLs the authenticated client has configured.
-- See the status (active/inactive) of each webhook.
-- List available webhook types (Saldo, Dispersión).
----
-### Request
----
-### Response
-- **statusCode** (string): Operation status code. `00` = success.
-- **message** (string): Descriptive message (e.g. "Operación exitosa.").
-- **data** (array): List of webhooks, each with: `id`, `userId`, `webhookTypeId`, `typeName`, `url`, `active`, `createdAt`, `updatedAt`.
----
-### Example: Success (200 OK)
-```
-GET {{protocol}}://{{serverNamePayApi}}/user-webhooks
-Authorization: Bearer {{tokenLogin}}
- ```
-Response body:
-``` json
-{
-  "statusCode": "00",
-  "message": "Operación exitosa.",
-  "data": [
-    {
-      "id": 1,
-      "userId": 12345,
-      "webhookTypeId": 1,
-      "typeName": "Saldo",
-      "url": "https://my-server.com/webhooks/saldo",
-      "active": true,
-      "createdAt": "2025-01-15T10:00:00.000Z",
-      "updatedAt": "2025-01-15T10:00:00.000Z"
-    },
-    {
-      "id": 2,
-      "userId": 12345,
-      "webhookTypeId": 2,
-      "typeName": "Dispersión",
-      "url": "https://my-server.com/webhooks/dispersion",
-      "active": false,
-      "createdAt": "2025-01-14T08:30:00.000Z",
-      "updatedAt": "2025-01-16T14:20:00.000Z"
-    }
-  ]
-}
- ```
----
-### Example: Empty list (200 OK)
-When the user has no webhooks configured, `data` is an empty array:
-``` json
-{
-  "statusCode": "00",
-  "message": "Operación exitosa.",
-  "data": []
-}
- ```
-### `create_user_webhook`
-Service to **configure backup webhooks per client**. It allows listing, creating and activating/deactivating URLs to which RefacilPay will send notifications when the payment resource has no webhook configured (e.g. for Saldo or Dispersión).
----
-### Endpoints
-1. **List user webhooks** (GET) – Returns the backup webhooks configured for the **authenticated user** (user inferred from Bearer token).
-2. **Create user webhook** (POST) – Creates a backup webhook for the **authenticated user** and type (Saldo or Dispersión).
-3. **Update webhook status** (PATCH) – Activates or deactivates a backup webhook **owned by the authenticated user**.
-All endpoints require Bearer token authentication (`Authorization: Bearer {{tokenLogin}}`). The user is always inferred from the token for security.
- ---
-### Description
-Creates a **backup webhook** for a user and webhook type. When a new webhook is created, only this webhook remains active for that user and type; others of the same type are deactivated.
----
-### What it is for
-- Configure the URL to which RefacilPay will send backup notifications when the resource has no `webhookRequest`.
----
-### Request
----
-### Possible values for `webhookTypeId`
-| Value | Description |
-| --- | --- |
-| **1** | Saldo (cash-in backup notifications) |
-| **2** | Dispersión (cash-out / dispersion backup notifications) |
----
-### Example: Success (200 OK)
-```
-POST {{protocol}}://{{serverNamePayApi}}/user-webhooks
-Authorization: Bearer {{tokenLogin}}
-Content-Type: application/json
-{
-  "webhookTypeId": 2,
-  "url": "https://my-server.com/webhooks/dispersion"
-}
- ```
-The user is inferred from the Bearer token; do not send `userId` in the body.
-Response body:
-``` json
-{
-  "statusCode": "00",
-  "message": "Operación exitosa.",
-  "data": {
-    "id": 3,
-    "userId": 12345,
-    "webhookTypeId": 2,
-    "url": "https://my-server.com/webhooks/dispersion",
-    "active": true,
-    "createdAt": "2025-01-16T12:00:00.000Z",
-    "updatedAt": "2025-01-16T12:00:00.000Z"
-  }
-}
- ```
----
-### Example: Webhook type not found (404 Not Found)
-When `webhookTypeId` is not an allowed value (only **1** and **2** are valid), the API returns:
-``` json
-{
-  "statusCode": 404,
-  "message": "Webhook type not found: 99",
-  "error": "Not Found"
-}
- ```
----
-### Example: Validation error (400 Bad Request)
-When the request body is invalid (e.g. missing required fields, invalid URL format), the API returns validation errors:
-``` json
-{
-  "statusCode": 400,
-  "message": [
-    "url must be a URL address",
-    "url must be a URL address"
-  ],
-  "error": "Bad Request"
-}
- ```
-**Parámetros:**
-| Name | Type | Description |
-| --- | --- | --- |
-| webhookTypeId | number | Campo del body: webhookTypeId |
-| url | string | Campo del body: url |
-### `user_webhooks_status`
-Service to **configure backup webhooks per client**. It allows listing, creating and activating/deactivating URLs to which RefacilPay will send notifications when the payment resource has no webhook configured (e.g. for Saldo or Dispersión).
----
-### Endpoints
-1. **List user webhooks** (GET) – Returns the backup webhooks configured for the **authenticated user** (user inferred from Bearer token).
-2. **Create user webhook** (POST) – Creates a backup webhook for the **authenticated user** and type (Saldo or Dispersión).
-3. **Update webhook status** (PATCH) – Activates or deactivates a backup webhook **owned by the authenticated user**.
-All endpoints require Bearer token authentication (`Authorization: Bearer {{tokenLogin}}`). The user is always inferred from the token for security.
- ---
-### Description
-Updates the **active/inactive status** of a backup webhook **owned by the authenticated user**. The user is identified by the Bearer token; you can only update webhooks that belong to that user. If a webhook is activated, other webhooks for the same user and type are deactivated (only one active per type per user).
----
-### What it is for
-- Activate or deactivate a backup webhook URL without deleting it.
-- Switch which URL receives notifications when multiple are configured (activating one deactivates others of the same type).
----
-### Request
----
-### Example: Success (200 OK)
-```
-PATCH {{protocol}}://{{serverNamePayApi}}/user-webhooks/1/status
-Authorization: Bearer {{tokenLogin}}
-Content-Type: application/json
-{
-  "active": true
-}
- ```
-Response body:
-``` json
-{
-  "statusCode": "00",
-  "message": "Operación exitosa.",
-  "data": {
-    "id": 1,
-    "userId": 12345,
-    "webhookTypeId": 1,
-    "url": "https://my-server.com/webhooks/saldo",
-    "active": true,
-    "createdAt": "2025-01-15T10:00:00.000Z",
-    "updatedAt": "2025-01-16T15:30:00.000Z"
-  }
-}
- ```
----
-### Example: User webhook not found (404 Not Found)
-When no webhook exists with the given `id`, the API returns:
-``` json
-{
-  "statusCode": 404,
-  "message": "User webhook not found: 999",
-  "error": "Not Found"
-}
- ```
----
-### Example: Forbidden (403 Forbidden)
-When the webhook does not belong to the authenticated user, the API returns:
-``` json
-{
-  "statusCode": 403,
-  "message": "Webhook does not belong to the authenticated user",
-  "error": "Forbidden"
-}
- ```
----
-### Example: Validation error (400 Bad Request)
-When `id` is not a valid number or body is invalid:
-``` json
-{
-  "statusCode": 400,
-  "message": "Validation failed (numeric string is expected)",
-  "error": "Bad Request"
-}
- ```
-**Parámetros:**
-| Name | Type | Description |
-| --- | --- | --- |
-| active | boolean | Campo del body: active |
-## 📝 Logs
-El servidor genera logs detallados de todas las operaciones:
-```
-[2024-01-01T12:00:00.000Z] get_users iniciada
-[2024-01-01T12:00:01.000Z] get_users completada exitosamente
-```
-## 🔍 Troubleshooting
-### Error de autenticación
-Verificar que las credenciales estén configuradas correctamente en las variables de entorno.
-### Error de conexión a la API
-Verificar que `BASE_URL` sea accesible y la API esté funcionando.
-### Error de puerto
-Verificar que el puerto `3009` no esté siendo usado por otro servicio.
-## 📞 Soporte
-Para soporte técnico, contactar al equipo de desarrollo.
----
+# refacil-pay MCP Server
+Servidor MCP (Model Context Protocol) generado automáticamente para la API refacil-pay.
+## 🚀 Características
+- **18 herramientas** generadas automáticamente desde la colección Postman
+- **Autenticación flexible**: Username/Password con renovación automática de tokens
+- **Servidor HTTP** con Fastify
+- **Protocolo MCP** estándar para integración con IDEs
+## 📋 Requisitos
+- Node.js 20+
+- npm o yarn
+## 📦 Instalación desde NPM
+Si este paquete está publicado en npm, puedes instalarlo globalmente:
+```bash
+# Instalación global (recomendado)
+npm install -g refacil-pay-mcp
+# Verificar instalación
+refacil-pay-mcp --version
+```
+### Configuración Rápida en IDEs
+#### Cursor
+1. Abrir **Settings** → **Features** → **Model Context Protocol**
+2. Click en **"Edit Config"**
+3. Agregar:
+**Windows**: `%APPDATA%\Cursor\User\globalStorage\saoudrizwan.claude-dev\settings\cline_mcp_settings.json`
+**macOS/Linux**: `~/.config/Cursor/User/globalStorage/saoudrizwan.claude-dev/settings/cline_mcp_settings.json`
+```json
+{
+  "mcpServers": {
+    "refacil-pay": {
+      "command": "refacil-pay-mcp",
+      "env": {
+        "BASE_URL": "https://pay-api.qa.refacil.co",
+        "USERNAME": "tu-usuario",
+        "PASSWORD": "tu-contraseña",
+        "AUTH_ENDPOINT": "/auth/login",
+        "TOKEN_CACHE_TTL": "3600"
+      }
+    }
+  }
+}
+```
+4. Reiniciar Cursor
+#### Claude Desktop
+Editar archivo de configuración:
+**Windows**: `%APPDATA%\Claude\claude_desktop_config.json`
+**macOS**: `~/Library/Application Support/Claude/claude_desktop_config.json`
+**Linux**: `~/.config/Claude/claude_desktop_config.json`
+```json
+{
+  "mcpServers": {
+    "refacil-pay": {
+      "command": "refacil-pay-mcp",
+      "env": {
+        "BASE_URL": "https://pay-api.qa.refacil.co",
+        "USERNAME": "tu-usuario",
+        "PASSWORD": "tu-contraseña",
+        "AUTH_ENDPOINT": "/auth/login",
+        "TOKEN_CACHE_TTL": "3600"
+      }
+    }
+  }
+}
+```
+Reiniciar Claude Desktop.
+#### Visual Studio Code
+1. Instalar extensión **MCP for VS Code**
+2. Editar `settings.json`:
+```json
+{
+  "mcp.servers": {
+    "refacil-pay": {
+      "command": "refacil-pay-mcp",
+      "env": {
+        "BASE_URL": "https://pay-api.qa.refacil.co",
+        "USERNAME": "tu-usuario",
+        "PASSWORD": "tu-contraseña",
+        "AUTH_ENDPOINT": "/auth/login",
+        "TOKEN_CACHE_TTL": "3600"
+      }
+    }
+  }
+}
+```
+3. Recargar VS Code
+## 🛠️ Instalación para Desarrollo
+Si quieres contribuir o ejecutar desde el código fuente:
+```bash
+# Clonar el repositorio
+git clone https://github.com/refacil/refacil-pay-mcp.git
+cd refacil-pay-mcp
+# Instalar dependencias
+npm install
+# Construir el proyecto
+npm run build
+# Iniciar en desarrollo
+npm run dev
+# Iniciar en producción
+npm start
+```
+## 🔧 Configuración
+El servidor se configura mediante variables de entorno:
+```bash
+# Copiar archivo de ejemplo
+cp .env.example .env
+# Editar configuración
+nano .env
+```
+### Variables de Entorno
+| Variable | Descripción | Valor por defecto |
+|----------|-------------|-------------------|
+| `PORT` | Puerto del servidor | `3009` |
+| `ENVIRONMENT` | Entorno de ejecución | `development` |
+| `BASE_URL` | URL base de la API | `https://pay-api.qa.refacil.co` |
+| `USERNAME` | Usuario para autenticación | `your_username_here` |
+| `PASSWORD` | Contraseña para autenticación | `your_password_here` |
+| `AUTH_ENDPOINT` | Endpoint de autenticación | `/auth/login` |
+| `TOKEN_CACHE_TTL` | TTL del caché de tokens (segundos) | `3600` |
+| `MCP_TOKEN` | Token de autenticación del MCP | `mcp-secret-token-refacil-pay` |
+## 🐳 Docker
+```bash
+# Construir imagen
+docker build -t refacil-pay-mcp .
+# Ejecutar contenedor
+docker run -p 3009:3009 refacil-pay-mcp
+# O usar docker-compose
+docker-compose up
+```
+## ☸️ Kubernetes
+```bash
+# Aplicar manifests
+kubectl apply -f k8s/
+# Verificar despliegue
+kubectl get pods -l app=refacil-pay-mcp
+```
+## 🔌 Uso del MCP
+### Endpoints Disponibles
+- **`/mcp`**: Endpoint principal del protocolo MCP
+- **`/health`**: Health check del servidor
+- **`/tools`**: Lista de herramientas disponibles
+## 🛠️ Herramientas Disponibles
+### `auth_login`
+To make the request and obtain the login you must have very clear your username and password for each environment where you are going to perform the integration, this information should be requested to our support team ([soportetecnico@refacil.com](https://mailto:soportetecnico@refacil.co)).
+Within the post you will see below are the fields to make your request
+> Note that for the consumption of any of the API services it is necessary to send the authentication token that you get when consuming the **auth/login** service as an Authorization indicating the Type and Token.
+The authentication token has an expiration time of 2 hours. Only consume this service after this time has elapsed or when the services that use the token return a 401 Unauthorized response.
+**Parámetros:**
+| Name | Type | Description |
+| --- | --- | --- |
+| username | string | Campo del body: username |
+| password | string | Campo del body: password |
+### `trx_token_generate`
+This service allows security validation for the execution of a transaction on the platform, generating a single-use token.
+> The transactional token service is obtained in three ways, depending on the action to be performed. For this, the value sent in the _**service**_ parameter must be set according to what is required:
+1\. For Payment Link: **“/cash-in/generate/payment-link/token”**.
+2\. For Payment method: **“/cash-in/generate/payment-method/token”**.
+3\. For Withdraw: **“/cash-out/generate/withdraw-method/token”**.
+4\. For Merchant Key: \[ “/merchant-key/create”, “/merchant-key/cancel” \]
+> The generated token is single-use for each transaction and cannot be consumed more than once. In addition, the transactional token will be valid for 60 seconds.
+**Parámetros:**
+| Name | Type | Description |
+| --- | --- | --- |
+| service | string | Campo del body: service |
+### `transactional_token_method`
+This service allows security validation for the execution of a transaction on the platform, generating a single-use token.
+> The transactional token service is obtained in three ways, depending on the action to be performed. For this, the value sent in the _**service**_ parameter must be set according to what is required:
+1\. For Payment Link: **“/cash-in/generate/payment-link/token”**.
+2\. For Payment method: **“/cash-in/generate/payment-method/token”**.
+3\. For Withdraw: **“/cash-out/generate/withdraw-method/token”**.
+4\. For Merchant Key: \[ “/merchant-key/create”, “/merchant-key/cancel” \]
+> The generated token is single-use for each transaction and cannot be consumed more than once. In addition, the transactional token will be valid for 60 seconds.
+**Parámetros:**
+| Name | Type | Description |
+| --- | --- | --- |
+| service | string | Campo del body: service |
+### `transactional_token_withdraw`
+This service allows security validation for the execution of a transaction on the platform, generating a single-use token.
+> The transactional token service is obtained in three ways, depending on the action to be performed. For this, the value sent in the _**service**_ parameter must be set according to what is required:
+1\. For Payment Link: **“/cash-in/generate/payment-link/token”**.
+2\. For Payment method: **“/cash-in/generate/payment-method/token”**.
+3\. For Withdraw: **“/cash-out/generate/withdraw-method/token”**.
+4\. For Merchant Key: \[ “/merchant-key/create”, “/merchant-key/cancel” \]
+> The generated token is single-use for each transaction and cannot be consumed more than once. In addition, the transactional token will be valid for 60 seconds.
+**Parámetros:**
+| Name | Type | Description |
+| --- | --- | --- |
+| service | string | Campo del body: service |
+### `transactional_token_merchan_key_create`
+This service allows security validation for the execution of a transaction on the platform, generating a single-use token.
+> The transactional token service is obtained in three ways, depending on the action to be performed. For this, the value sent in the _**service**_ parameter must be set according to what is required:
+1\. For Payment Link: **“/cash-in/generate/payment-link/token”**.
+2\. For Payment method: **“/cash-in/generate/payment-method/token”**.
+3\. For Withdraw: **“/cash-out/generate/withdraw-method/token”**.
+4\. For Merchant Key: \[ “/merchant-key/create”, “/merchant-key/cancel” \]
+> The generated token is single-use for each transaction and cannot be consumed more than once. In addition, the transactional token will be valid for 60 seconds.
+**Parámetros:**
+| Name | Type | Description |
+| --- | --- | --- |
+| service | string | Campo del body: service |
+### `transactional_token_merchant_key_cancel`
+This service allows security validation for the execution of a transaction on the platform, generating a single-use token.
+> The transactional token service is obtained in three ways, depending on the action to be performed. For this, the value sent in the _**service**_ parameter must be set according to what is required:
+1\. For Payment Link: **“/cash-in/generate/payment-link/token”**.
+2\. For Payment method: **“/cash-in/generate/payment-method/token”**.
+3\. For Withdraw: **“/cash-out/generate/withdraw-method/token”**.
+4\. For Merchant Key: \[ “/merchant-key/create”, “/merchant-key/cancel” \]
+> The generated token is single-use for each transaction and cannot be consumed more than once. In addition, the transactional token will be valid for 60 seconds.
+**Parámetros:**
+| Name | Type | Description |
+| --- | --- | --- |
+| service | string | Campo del body: service |
+### `cash_in_generate_payment_link_token`
+With the following request you can obtain a payment resource with a link that will redirect your customer to the payment gateway where he will see a list of the different payment methods available.
+ ## 📥 Request Body Parameters
+| **Field** | **Type** | **Required** | **Description** |
+| --- | --- | --- | --- |
+| `amount` | number | ✅ | Value of the payment. |
+| `brandId` | number | ❌ | ID of the customer's white label; if one is not available, the default ID 79 is sent. |
+| `expiresIn` | number | ❌ | Time in minutes for the expiration of the resource or payment link. |
+| `reference1` | string | ✅ | Customer identifier, must be between 1 and 30 characters. |
+| `reference2` | object | ❌ | Object for additional information. |
+| `reference2.Commerce` | object | ❌ | Object for information related to the store or commerce. |
+| `reference2.Data` | object | ❌ | Object for information related to the conciliation of the transaction. |
+| `reference2.Label` | object | ❌ | Object to send information to be displayed in the payment summary. |
+| `returnUrl` | string | ❌ | Link that the customer will see when clicking on the back to commerce button. |
+| `showSummary` | boolean | ❌ | Indicates whether the RefácilPay payment summary will be shown or not (false: do not show, true: show). Default: true. |
+| `userMetadata` | object | ✅ | Object containing key details about the user or merchant generating the payment resource. |
+| `userMetadata.identifier` | string | ✅ | Unique identifier of the user or merchant generating the payment resource (max 36 characters). |
+| `userMetadata.ip` | string | ✅ | IP address associated with the user's identifier. Must be a valid IP address. |
+| `userMetadata.urlCommerce` | string | ✅ | URL that identifies the commerce. Must follow valid URL structure with http:// or https:// protocol. Maximum length: 500 characters. |
+| `webhookUrl` | string | ✅ | URL of the client's webhook to receive real-time payment status updates. |
+**Parámetros:**
+| Name | Type | Description |
+| --- | --- | --- |
+| expiresIn | number | Campo del body: expiresIn |
+| amount | number | Campo del body: amount |
+| brandId | number | Campo del body: brandId |
+| webhookUrl | string | Campo del body: webhookUrl |
+| userMetadata | object | Campo del body: userMetadata |
+| returnUrl | string | Campo del body: returnUrl |
+| reference1 | string | Campo del body: reference1 |
+| reference2 | object | Campo del body: reference2 |
+### `cash_in_generate_payment_method_token`
+This endpoint allows you to **generate payment requests** through the available _cash-in_ methods.
+---
+### 💡 Overview
+The table below lists the available payment methods along with their corresponding IDs and **minimum expiration times** (`expiresIn`) required when creating a payment request.
+| **Method ID** | **Description** | **Minimum Expiration (seconds)** |
+| --- | --- | --- |
+| `130` | Cash-in via **Nequi** | 43,200 |
+| `131` | Cash-in via **Daviplata** | 43,200 |
+| `133` | Cash-in via **PSE** | 1,800 |
+| `262` | Cash-in via **PSE Gateway** | 1,800 |
+| `153` | Cash-in via **Recaudo Efectivo** | 86,400 |
+| `163` | Cash-in via **TPaga** | 43,200 |
+| `248` | Cash-in via **QR Interoperable** | N/A |
+| `250` | Cash-in via **Llaves Bre-B** | 300 |
+| `273` | Cash-in via **Tarjetas** (Débito y Crédito) | 3,600 |
+| `277` | Cash-in via **Whatsapp** | 2,592,000 |
+> ⚠ **Important:**
+The value provided in the expiresIn field **must be greater than or equal** to the minimum expiration defined for the selected payment method. **This does not apply to dynamic keys, which always expire 5 minutes after creation.**
+---
+## 🧩 Payment Method Details
+Each payment method requires a specific object structure within the `"paymentMethod"` field.
+---
+### **Nequi**
+``` json
+"paymentMethod": {
+  "id": 130,
+  "cellphone": "3105293225"
+}
+ ```
+---
+### **Daviplata**
+``` json
+"paymentMethod": {
+  "id": 131,
+  "cellphone": "3208385715"
+}
+ ```
+---
+### **PSE**
+For this payment method, depending on the `typePerson` selected, only specific document types are accepted:
+- **`typePerson`****:** **`"0"`** → corresponds to a **Natural Person** and only accepts the following values for `documentType`:
+    - `RCN`
+    - `TI`
+    - `CC`
+    - `TE`
+    - `CE`
+    - `PA`
+    - `DIE`
+- **`typePerson`****:** **`"1"`** → corresponds to a **Legal Person** and only accepts the following value for `documentType`:
+    - `NIT`
+``` json
+"paymentMethod": {
+  "id": 133,
+  "documentType": "CC",
+  "typePerson": "0",
+  "bankId": "string",
+  "documentNumber": "string",
+  "name": "string",
+  "cellphone": "string",
+  "address": "string",
+  "email": "string"
+}
+ ```
+---
+### **PSE Gateway**
+This payment method enables direct integration with the PSE network for processing online bank payments.
+To consume this product, it is required to have the following parameters previously configured and associated with your product:
+- `entity_code`
+- `service_code`
+- `company_ciiu`
+- `company_name`
+These parameters identify your company within the PSE network and are necessary for successful transaction routing and validation.
+> 💬 **For more information or to request these credentials, please contact the support team.**
+This method follows **the same structure and validation rules** as **PSE**, but must use the following identifier:
+``` json
+"paymentMethod": {
+  "id": 262,
+  "documentType": "CC",
+  "typePerson": "0",
+  "bankId": "string",
+  "documentNumber": "string",
+  "name": "string",
+  "cellphone": "string",
+  "address": "string",
+  "email": "string"
+}
+ ```
+The **PSE integration** relies heavily on the correct configuration of the `showSummary` and `returnUrl` parameters.
+These parameters control the **user experience** and the **finalization flow** of the payment process.
+| Scenario | `showSummary` | `returnUrl` | Flow Description |
+| --- | --- | --- | --- |
+| **1\. Standard Redirect (Default)** | `true` or not sent | ✅ Present | Displays a transaction summary screen with key payment details and retrieves the final transaction status. After the payment is completed, the user is redirected to the specified `returnUrl`. |
+| **2\. Without Transaction Summary Screen** | `false` | ✅ Present | Skips the transaction summary screen and redirects the user directly to the `returnUrl`. In this case, the merchant’s system must display the transaction summary on the destination page. |
+> ⚠️ **Note:**
+For **PSE** and **PSE Gateway**, it is **strongly recommended** to use `showSummary: true` along with a valid `returnUrl` to ensure a seamless customer experience and accurate transaction tracking.
+> 🔗 **See also:**
+- [Transaction Summary](https://documenter.getpostman.com/view/35146358/2sA3QpDEFA#45e0d76a-fabd-442e-9b17-e2f6b8354ec5)
+- [Transaction Status](https://documenter.getpostman.com/view/35146358/2sA3QpDEFA#dd3ba9f5-1f10-4109-b59d-6e5aad5e3799)
+---
+### **Recaudo Efectivo**
+``` json
+"paymentMethod": {
+  "id": 153
+}
+ ```
+---
+### **TPaga**
+This payment method supports an optional parameter called `isQr`, which determines the type of resource returned in the `url` field:
+| **Value** | **Description** |
+| --- | --- |
+| `true` | The `url` field returns a link to a **QR code** displaying transaction details. |
+| `false` | The `url` field returns a **deeplink** to open directly in the TPAGA wallet app. |
+> 🧠 **Behavior:**
+If `isQr` is not provided, the default behavior is equivalent to `isQr: false`.
+Transactions can only be completed **from a mobile device**.
+If the request is made from a desktop or tablet, it is recommended to send `isQr: true` so the user can scan the QR from a mobile device.
+``` json
+"paymentMethod": {
+  "id": 163,
+  "isQr": false
+}
+ ```
+---
+### **QR Interoperable**
+For this method, the following fields are **optional**:
+- `cellphone`
+- `documentNumber`
+- `documentType`
+- `merchantId`
+The service can function using only the payment method ID; however, providing these optional fields can **improve response time**.
+You may retrieve this data through the `enrollment-data` service in the [Merchant Enrollment](https://documenter.getpostman.com/view/35146358/2sA3QpDEFA#8c9f5a18-a19a-4b8f-baba-cd7501aa29a0) section.
+> ⚠ **Prerequisite:**
+The merchant must complete the **Merchant Enrollment** process before using this method.
+See the _Merchant Enrollment_ section for setup details.
+> 🔁 **Open Resource:**
+The **QR Interoperable** operates as an _open resource_, meaning the generated QR can be used multiple times by the same user.
+> ⚙️ **Technical Note — Dynamic QR Behavior:**
+Dynamic QR codes may be scanned multiple times due to current limitations in the Redeban system.
+This is **not** an error in our platform.
+#### Behavior Details
+- Redeban does not automatically invalidate a dynamic QR after its first scan.
+- As a result, the same QR may generate multiple transaction records.
+#### Recommendations
+- Implement **application-level validation** to detect multiple payments from the same QR code.
+- Monitor dynamic QR transactions and confirm status before marking payments as completed.
+- Inform end-users to verify the success of a transaction before rescanning.
+#### Future Considerations
+- Redeban is evaluating support for **single-use dynamic QR control**.
+- Stay updated with interoperability provider announcements to adjust integrations accordingly.
+``` json
+"paymentMethod": {
+  "id": 248,
+  "cellphone": "string",
+  "documentType": "string",
+  "documentNumber": "string",
+  "merchantId": "string"
+}
+ ```
+---
+### **Llaves** Dinámicas **Bre-B**
+For this method, the following fields are **required**:
+- `cellphone`
+- `docNumber`
+- `docType`
+- `merchantId`
+You may retrieve this data through the `enrollment-data` service in the [Merchant Enrollment](https://documenter.getpostman.com/view/35146358/2sA3QpDEFA#8c9f5a18-a19a-4b8f-baba-cd7501aa29a0) section.
+> ⚠ **Prerequisite:**
+The merchant must complete the **Merchant Enrollment** process before using this method.
+See the _Merchant Enrollment_ section for setup details.
+> 🔁 **Open Resource:**
+The **Llaves Dinamicas Bre-B** operates as an _open resource_, meaning the generated KEY can be used multiple times by the same user.
+> ⚙️ **Technical Note — Dynamic Key Behavior:**
+Dynamic keys may receive multiple money transfers due to current limitations in the Redeban system.
+This behavior does not represent an error or malfunction in our platform.
+**Additionally, dynamic keys have a fixed validity period of 5 minutes, and this duration cannot be modified.**
+#### Behavior Details
+- Redeban does not automatically invalidate a dynamic KEY after its first send.
+- As a result, the same KEY may generate multiple transaction records.
+#### Recommendations
+- Implement **application-level validation** to detect multiple payments from the same KEY.
+- Monitor dynamic KEY transactions and confirm status before marking payments as completed.
+- Inform end-users to verify the success of a transaction before rescanning.
+#### Future Considerations
+- Stay updated with interoperability provider announcements to adjust integrations accordingly.
+``` json
+"paymentMethod": {
+  "id": 250,
+  "cellphone": "string",
+  "docType": "string",
+  "docNumber": "string",
+  "merchantId": "string"
+}
+ ```
+---
+### **Card Payments**
+This payment method allows processing payments with debit and credit cards (Mastercard and Visa).
+For this method, the following fields are **required**:
+- `id`: 273
+- `description`: Description of the payment detail that will be displayed in the payment link
+#### PaymentMethod Parameters
+| **Field** | **Type** | **Required** | **Description** |
+| --- | --- | --- | --- |
+| `id` | number | ✅ | Payment method ID: 273 |
+| `description` | string | ✅ | Description of the payment detail that will be displayed in the payment link |
+``` json
+"paymentMethod": {
+  "id": 273,
+  "description": "string"
+}
+ ```
+---
+### **Whatsapp**
+For this method, the following fields are **required**:
+- `cellphone`
+- `pdfUrl`
+> **pdfUrl — URL standards (Meta/WhatsApp):**
+The value is not arbitrary. The URL must comply with the following so that the document can be sent via WhatsApp:
+- **Protocol:** Must be **HTTPS**.
+- **Access:** The resource must be **publicly accessible** (no authentication); the system downloads the file from this URL.
+- **Format:** The file must be a valid **PDF**.
+- **Size:** Document size must not exceed **100 MB** (WhatsApp Cloud API limit for documents).
+Sending a URL that does not meet these requirements may result in rejection or delivery failure.
+``` json
+"paymentMethod": {
+  "id": 277,
+  "cellphone": "string",
+  "pdfUrl": "string"
+}
+ ```
+<h2>📥 Request Body Parameters</h2>
+| **Field** | **Type** | **Required** | **Description** |
+| --- | --- | --- | --- |
+| `amount` | number | ✅ | Value of the payment. |
+| `brandId` | number | ❌ | ID of the customer's white label; if one is not available, the default ID 79 is sent. |
+| `expiresIn` | number | ❌ | Time in seconds for the expiration of the resource or payment link. |
+| `paymentMethod` | object | ✅ | Object specifying the payment method and its details. |
+| `paymentMethod.id` | number | ✅ | ID of the selected payment method (see available payment methods). |
+| `reference1` | string | ✅ | Customer identifier, must be between 1 and 30 characters. |
+| `reference2` | object | ❌ | Object for additional information. |
+| `reference2.Commerce` | object | ❌ | Object for information related to the store or commerce. |
+| `reference2.Data` | object | ❌ | Object for information related to the conciliation of the transaction. |
+| `reference2.Label` | object | ❌ | Object to send information to be displayed in the payment summary. |
+| `returnUrl` | string | ❌ | Link that the customer will see when clicking on the back to commerce button. |
+| `showSummary` | boolean | ❌ | Indicates whether the RefácilPay payment summary will be shown or not (false: do not show, true: show). Default: true. |
+| `userMetadata` | object | ✅ | Object containing key details about the user or merchant generating the payment resource. |
+| `userMetadata.identifier` | string | ✅ | Unique identifier of the user or merchant generating the payment resource (max 36 characters). |
+| `userMetadata.ip` | string | ✅ | IP address associated with the user's identifier. Must be a valid IP address. |
+| `userMetadata.urlCommerce` | string | ✅ | URL that identifies the commerce. Must follow valid URL structure with http:// or https:// protocol. Maximum length: 500 characters. |
+| `webhookUrl` | string | ✅ | URL of the client's webhook to receive real-time payment status updates. |
+**Parámetros:**
+| Name | Type | Description |
+| --- | --- | --- |
+| expiresIn | number | Campo del body: expiresIn |
+| paymentMethod | object | Campo del body: paymentMethod |
+| userMetadata | object | Campo del body: userMetadata |
+| amount | number | Campo del body: amount |
+| brandId | number | Campo del body: brandId |
+| webhookUrl | string | Campo del body: webhookUrl |
+| returnUrl | string | Campo del body: returnUrl |
+| showSummary | boolean | Campo del body: showSummary |
+| reference1 | string | Campo del body: reference1 |
+| reference2 | object | Campo del body: reference2 |
+### `cash_out_generate_withdraw_method_token`
+This service allows you to generate withdrawal requests through the enabled dispersion means.
+> 🔐 Authentication
+All requests must include the following headers:
+| **Header** | **Description** | **Example** |
+| --- | --- | --- |
+| Authorization | Bearer token generated by the authentication service. | Bearer eyJhbGciOiJIUzI1NiIs... |
+| x-transaction-token | Transactional token specific to the service. | 9b48edde-652d-11ed-984e-02c840fe**** |
+| Content-Type | Content type of the request body. | application/json |
+> Important fields within the requests:
+Webhook: This is the url of the client's webhook to where our service sends the transaction status and transaction detail information.
+ This endpoint allows you to **generate withdrawal (cash-out) requests** through the available payout methods.
+---
+### 💡 Overview
+The table below lists the available payout methods along with their corresponding IDs and brief descriptions.
+| **Method ID** | **Description** |
+| --- | --- |
+| `264` | Cash-out via **Bre-B** |
+> ⚠ **Note:**
+Each withdrawal method requires a specific object structure within the `"withdrawMethod"` field, as shown below.
+---
+## 🧩 Payout Method Details
+### **Bre-B**
+``` json
+"withdrawMethod": {
+  "id": 264,
+  "key": "@REPRUEBAL7717"
+}
+ ```
+**Description:**
+Transfers funds directly to a Bre-B account using the beneficiary’s unique Bre-B key.
+> 💡 **Tip:**
+The `key` field must contain a valid Bre-B account alias in the format `@USERNAME`.
+---
+## 📥 Request Body Parameters
+| **Field** | **Type** | **Required** | **Description** |
+| --- | --- | --- | --- |
+| `amount` | number | ✅ | Amount to be withdrawn. |
+| `reference1` | string | ✅ | Unique transaction reference generated by the client (max 20 characters). |
+| `webhookRequest` | string | ✅ | Customer’s webhook URL to receive real-time withdrawal status updates. |
+| `userMetadata` | object | ✅ | Object containing metadata related to the origin of the transaction. |
+| `userMetadata.identifier` | string | ✅ | Identifier for the user or merchant initiating the transaction. |
+| `userMetadata.ip` | string | ✅ | IP address from which the transaction was initiated. |
+| `userMetadata.urlCommerce` | string | ✅ | Commerce or customer’s URL associated with the transaction. |
+| `withdrawMethod` | object | ✅ | Object specifying the withdrawal method and destination details. |
+| `withdrawMethod.id` | number | ✅ | ID of the selected payout method (see table above). |
+| `withdrawMethod.key` | string | Conditional | Required for **Bre-B** withdrawals. |
+| `withdrawMethod.bankName` | string | ❌ | Optional bank name, if applicable for future payout methods. |
+---
+**Parámetros:**
+| Name | Type | Description |
+| --- | --- | --- |
+| amount | number | Campo del body: amount |
+| reference1 | string | Campo del body: reference1 |
+| webhookRequest | string | Campo del body: webhookRequest |
+| withdrawMethod | object | Campo del body: withdrawMethod |
+| userMetadata | object | Campo del body: userMetadata |
+### `customer_getbalance`
+This service allows you to generate withdrawal requests through the enabled dispersion means.
+> 🔐 Authentication
+All requests must include the following headers:
+| **Header** | **Description** | **Example** |
+| --- | --- | --- |
+| Authorization | Bearer token generated by the authentication service. | Bearer eyJhbGciOiJIUzI1NiIs... |
+| x-transaction-token | Transactional token specific to the service. | 9b48edde-652d-11ed-984e-02c840fe**** |
+| Content-Type | Content type of the request body. | application/json |
+> Important fields within the requests:
+Webhook: This is the url of the client's webhook to where our service sends the transaction status and transaction detail information.
+ This service allows you to consult the balance exchange and the dispersion exchange associated with the client's identifier.
+> To use the service, an authentication token is required, which must be sent as an Authorization header.
+Headers
+| **Name** | **Value** |
+| --- | --- |
+| Content-Type | application/json |
+| Authorization | Bearer |
+Body
+**Parámetros:**
+| Name | Type | Description |
+| --- | --- | --- |
+| userId | number | Campo del body: userId |
+### `payment_status`
+These services will allow us to validate the status of a transaction and consult the characteristics of a payment method.
+ This service allows you to check the status of a transaction made, for this you must have the _reference_ data that returned the response when generating any payment resource.
+In the response you will get the _status_ _id_ which will mean the following
+0 - Transaction Rejected
+1 - Pending Transaction
+2 - Transaction Approved
+3 - Failed Transaction
+5 - Transaction Cancelled
+9 - Processing Transaction
+Headers
+| **Name** | **Value** |
+| --- | --- |
+| Content-Type | application/json |
+| Authorization | Bearer |
+Body
+**Parámetros:**
+| Name | Type | Description |
+| --- | --- | --- |
+| reference | string | Campo del body: reference |
+### `payment_customer_reference_status`
+These services will allow us to validate the status of a transaction and consult the characteristics of a payment method.
+ ## 🔍 Check Transaction by Customer Reference
+This endpoint allows **API Pay** users to query the status of a transaction using only the `customerReference` value originally provided when generating a resource as `reference1` through any of the following endpoints:
+- `/cash-in/generate/payment-link/token`
+- `/cash-in/generate/payment-method/token`
+- `/cash-out/generate/withdraw-method/token`
+This service is useful for retrieving the internal **Refacil** transaction information associated with a previously submitted customer reference.
+---
+## 🔐 Authentication
+This endpoint **requires** a valid Bearer Token in the request headers. Requests without valid authentication will be rejected with an `Unauthorized` error.
+## 📤 Successful Response
+- `exists`: `true` indicates that the transaction associated with the provided `customerReference` was found.
+- `id`: Internal Refacil transaction ID.
+- `status`: Transaction status code (see table below).
+- `reference`: Full Refacil transaction reference, which can be used to query `/payment/status`.
+### ℹ️ Status Code Reference
+| Status Code | Meaning |
+| --- | --- |
+| `0` | Transaction Rejected |
+| `1` | Transaction Pending |
+| `2` | Transaction Approved |
+| `3` | Transaction Failed |
+| `5` | Transaction Cancelled |
+| `9` | Transaction Processing |
+---
+**Parámetros:**
+| Name | Type | Description |
+| --- | --- | --- |
+| customerReference | string | Campo del body: customerReference |
+### `payment_features`
+These services will allow us to validate the status of a transaction and consult the characteristics of a payment method.
+ This service allows you to consult the necessary characteristics of a payment method to successfully generate a resource. For example, obtain the PSE banks
+Headers
+| **Name** | **Value** |
+| --- | --- |
+| Content-Type | application/json |
+| Authorization | Bearer |
+Body
+**Parámetros:**
+| Name | Type | Description |
+| --- | --- | --- |
+| id | number | Campo del body: id |
+### `webhook_notify`
+This component must be built by the merchant to receive the transaction notification data.
+You must take into account the following steps:
+**1.**You must create a Webhook without authentication.
+**2\. The** Url created will be the one you send in all requests when generating the payment resource in the “_WebhookUrl_” field. It is important to keep in mind that if for some reason you change the webhook you must modify the urls that you send in each generated resource.
+<img src="https://content.pstmn.io/10fdac74-e60a-41f2-b9ff-8b5777a7afc0/aW1hZ2UucG5n" width="322" height="117">
+A signature must be generated to validate the integrity of the messages sent to the webhook and the fields must be concatenated in the following way:
+_**HASH_KEY**_ _\=This data must be requested to the support area_.
+_**let signature**_ _\= referenceId-resourceId-amount-updatedAt-HASH_KEY; signature = crypto.createHmac(“sha1”, HASH_KEY).update(signature).digest(“hex”);_
+Example of a response that will reach your Webhook
+**Response**
+``` json
+{
+  "realAmount": 20000,
+  "amount": 19405,
+  "cost": "$595.00",
+  "referenceId": "38**",
+  "moduleId": 9,
+  "productId": 117,
+  "referenceKey": "3538d790-ae14-11ed-be2d-4d9b1bc987e6",
+  "paymentMethod": "PSE",
+  "userId": 189067,
+  "resourceId": "10024**",
+  "updatedAt": "2023-02-16 11:11:55",
+  "providerId": 8,
+  "providerReference": "3122330",
+  "reference1": "435sdfsd**",
+  "reference2": {
+    "Label": {
+      "Information": "Por seguridad algunos datos se encuentran cifrados",
+      "Name": "L**A",
+      "Email": "l**am@**",
+      "CellPhone": "3**4",
+      "DocumentType": "C",
+      "DocumentNumber": "52019859",
+      "Description": "Abono",
+      "Commerce": "Skandia",
+      "Reference1": null,
+      "Reference2": null,
+      "Reference3": null
+    },
+    "Data": {
+      "ConciliationCode": "FCO",
+      "ConciliationContract": "1277840",
+      "DocType": "N",
+      "DocNumber": "800194363"
+    },
+    "returnUrl": "https://www.google.com/"
+  },
+  "bankId": "1022",
+  "bankName": "BANCO UNION COLOMBIANO",
+  "status": 2,
+  "sign": "aa2f472ad7e84524a02d1716b56fc16ec2a87***",
+  "error": {
+    "code": "20-07A",
+    "message": "Error técnico en Lambda"
+  }
+}
+ ```
+- Within the webhook an **"error** ” object is sent that shows the error _**code**_ and _**message**_ associated with rejections received from the supplier/bank or cancellation of the transaction when the generation of the resource is not completed.
+- The error codes are printed when the transaction is _**Rejected**_ by the bank or when it is _**Cancelled**_ because the resource generation could not be completed.
+**Notification for Withdraw**
+For withdraws, a notification will be sent to the webhook provided in the application. This notification will follow the structure mentioned above and will additionally include the withdrawal data. An example is provided below:
+``` json
+{
+    ..."webhook",
+    "withdraw": {
+        "id": "1403**",
+        "transactionId": "5690**",
+        "userId": 189067,
+        "providerReference": "3122330",
+        "accountNumber": "3051000002",
+        "accountId": null,
+        "createdAt": "2023-02-16 11:10:55",
+        "updatedAt": "2023-02-16 11:12:55",
+        "deletedAt": null,
+        "infoReference": "435sdfsd**",
+        "observation": null
+    },
+}
+ ```
+> _**The implementation of the webhook by the API user is mandatory. The reception and storage of the information for the reconciliation process by the API user with RefácilPay must be ensured.**__**__**__**This item will be evaluated during the certification process and will be mandatory for the transition to Production.**_
+ Body
+### Transfer state machine
+<img src="https://content.pstmn.io/89f89557-2e1b-44c2-8dcb-d9e7d2f32c54/aW1hZ2UucG5n" width="293" height="380">
+**Parámetros:**
+| Name | Type | Description |
+| --- | --- | --- |
+| reference | string | Campo del body: reference |
+### `merchant_enrollment_data`
+This service allows merchants to retrieve enrollment data for the use of the QR interoperable payment method and key creation.
+To use the service, an authentication token is required and must be sent as an `Authorization` header.
+---
+### **Enrollment Process**
+1. **Retrieve Enrollment Data**
+    - Retrieves the merchant’s enrollment information once the process is completed.
+---
+### **Merchant Enrollment Statuses**
+- **`approved`**
+    The merchant has been approved and is authorized to generate QR codes.
+- **`enrolled_other`**
+    The merchant is already enrolled with another entity. To proceed:
+    - Contact the commercial representative and request unenrollment from the current entity.
+    - Submit a letter signed by the legal representative.
+    - Be aware that this process may take up to **5 business days**.
+        The commercial representative will provide guidance throughout the process.
+- **`rejected`**
+    The merchant has been rejected. Please contact your commercial representative for further details.
+- **`pending`**
+    The enrollment is in progress. The query may take a few minutes. If a final status is not received shortly, contact **RefacilPay support** to verify the situation.
+- **`not_started`**
+    No enrollment process has been initiated for the requested merchant.
+---
+### **Important Note on the "cellphone" Field in the Enrollment Process**
+During the merchant creation flow for the QR Interoperable product, the API retrieves the merchant's registered information from the system. However, for the **"cellphone number"** field, the **Refacil** system automatically replaces the merchant’s actual phone number with a **generic alias number**.
+This behavior follows technical and operational requirements from the provider, as the real phone number may already exist in the provider’s databases, potentially causing integration conflicts.
+To avoid these issues, a randomly generated alias is used as a placeholder. This alias is **exclusive to this product** and does **not affect** the merchant’s operation in other services.
+ This endpoint retrieves the merchant's enrollment details after the enrollment process has been completed. It provides necessary information to use the QR interoperable payment method.
+### `user_webhooks`
+Service to **configure backup webhooks per client**. It allows listing, creating and activating/deactivating URLs to which RefacilPay will send notifications when the payment resource has no webhook configured (e.g. for Saldo or Dispersión).
+---
+### Endpoints
+1. **List user webhooks** (GET) – Returns the backup webhooks configured for the **authenticated user** (user inferred from Bearer token).
+2. **Create user webhook** (POST) – Creates a backup webhook for the **authenticated user** and type (Saldo or Dispersión).
+3. **Update webhook status** (PATCH) – Activates or deactivates a backup webhook **owned by the authenticated user**.
+All endpoints require Bearer token authentication (`Authorization: Bearer {{tokenLogin}}`). The user is always inferred from the token for security.
+ ---
+### Description
+Returns the **backup webhooks** configured for the **authenticated user**. The user is identified by the Bearer token (header `Authorization`). The response lists all webhooks for that user with their type (e.g. Saldo, Dispersión), URL and active/inactive status.
+---
+### What it is for
+- Query which backup webhook URLs the authenticated client has configured.
+- See the status (active/inactive) of each webhook.
+- List available webhook types (Saldo, Dispersión).
+---
+### Request
+---
+### Response
+- **statusCode** (string): Operation status code. `00` = success.
+- **message** (string): Descriptive message (e.g. "Operación exitosa.").
+- **data** (array): List of webhooks, each with: `id`, `userId`, `webhookTypeId`, `typeName`, `url`, `active`, `createdAt`, `updatedAt`.
+---
+### Example: Success (200 OK)
+```
+GET {{protocol}}://{{serverNamePayApi}}/user-webhooks
+Authorization: Bearer {{tokenLogin}}
+ ```
+Response body:
+``` json
+{
+  "statusCode": "00",
+  "message": "Operación exitosa.",
+  "data": [
+    {
+      "id": 1,
+      "userId": 12345,
+      "webhookTypeId": 1,
+      "typeName": "Saldo",
+      "url": "https://my-server.com/webhooks/saldo",
+      "active": true,
+      "createdAt": "2025-01-15T10:00:00.000Z",
+      "updatedAt": "2025-01-15T10:00:00.000Z"
+    },
+    {
+      "id": 2,
+      "userId": 12345,
+      "webhookTypeId": 2,
+      "typeName": "Dispersión",
+      "url": "https://my-server.com/webhooks/dispersion",
+      "active": false,
+      "createdAt": "2025-01-14T08:30:00.000Z",
+      "updatedAt": "2025-01-16T14:20:00.000Z"
+    }
+  ]
+}
+ ```
+---
+### Example: Empty list (200 OK)
+When the user has no webhooks configured, `data` is an empty array:
+``` json
+{
+  "statusCode": "00",
+  "message": "Operación exitosa.",
+  "data": []
+}
+ ```
+### `create_user_webhook`
+Service to **configure backup webhooks per client**. It allows listing, creating and activating/deactivating URLs to which RefacilPay will send notifications when the payment resource has no webhook configured (e.g. for Saldo or Dispersión).
+---
+### Endpoints
+1. **List user webhooks** (GET) – Returns the backup webhooks configured for the **authenticated user** (user inferred from Bearer token).
+2. **Create user webhook** (POST) – Creates a backup webhook for the **authenticated user** and type (Saldo or Dispersión).
+3. **Update webhook status** (PATCH) – Activates or deactivates a backup webhook **owned by the authenticated user**.
+All endpoints require Bearer token authentication (`Authorization: Bearer {{tokenLogin}}`). The user is always inferred from the token for security.
+ ---
+### Description
+Creates a **backup webhook** for a user and webhook type. When a new webhook is created, only this webhook remains active for that user and type; others of the same type are deactivated.
+---
+### What it is for
+- Configure the URL to which RefacilPay will send backup notifications when the resource has no `webhookRequest`.
+---
+### Request
+---
+### Possible values for `webhookTypeId`
+| Value | Description |
+| --- | --- |
+| **1** | Saldo (cash-in backup notifications) |
+| **2** | Dispersión (cash-out / dispersion backup notifications) |
+---
+### Example: Success (200 OK)
+```
+POST {{protocol}}://{{serverNamePayApi}}/user-webhooks
+Authorization: Bearer {{tokenLogin}}
+Content-Type: application/json
+{
+  "webhookTypeId": 2,
+  "url": "https://my-server.com/webhooks/dispersion"
+}
+ ```
+The user is inferred from the Bearer token; do not send `userId` in the body.
+Response body:
+``` json
+{
+  "statusCode": "00",
+  "message": "Operación exitosa.",
+  "data": {
+    "id": 3,
+    "userId": 12345,
+    "webhookTypeId": 2,
+    "url": "https://my-server.com/webhooks/dispersion",
+    "active": true,
+    "createdAt": "2025-01-16T12:00:00.000Z",
+    "updatedAt": "2025-01-16T12:00:00.000Z"
+  }
+}
+ ```
+---
+### Example: Webhook type not found (404 Not Found)
+When `webhookTypeId` is not an allowed value (only **1** and **2** are valid), the API returns:
+``` json
+{
+  "statusCode": 404,
+  "message": "Webhook type not found: 99",
+  "error": "Not Found"
+}
+ ```
+---
+### Example: Validation error (400 Bad Request)
+When the request body is invalid (e.g. missing required fields, invalid URL format), the API returns validation errors:
+``` json
+{
+  "statusCode": 400,
+  "message": [
+    "url must be a URL address",
+    "url must be a URL address"
+  ],
+  "error": "Bad Request"
+}
+ ```
+**Parámetros:**
+| Name | Type | Description |
+| --- | --- | --- |
+| webhookTypeId | number | Campo del body: webhookTypeId |
+| url | string | Campo del body: url |
+### `user_webhooks_status`
+Service to **configure backup webhooks per client**. It allows listing, creating and activating/deactivating URLs to which RefacilPay will send notifications when the payment resource has no webhook configured (e.g. for Saldo or Dispersión).
+---
+### Endpoints
+1. **List user webhooks** (GET) – Returns the backup webhooks configured for the **authenticated user** (user inferred from Bearer token).
+2. **Create user webhook** (POST) – Creates a backup webhook for the **authenticated user** and type (Saldo or Dispersión).
+3. **Update webhook status** (PATCH) – Activates or deactivates a backup webhook **owned by the authenticated user**.
+All endpoints require Bearer token authentication (`Authorization: Bearer {{tokenLogin}}`). The user is always inferred from the token for security.
+ ---
+### Description
+Updates the **active/inactive status** of a backup webhook **owned by the authenticated user**. The user is identified by the Bearer token; you can only update webhooks that belong to that user. If a webhook is activated, other webhooks for the same user and type are deactivated (only one active per type per user).
+---
+### What it is for
+- Activate or deactivate a backup webhook URL without deleting it.
+- Switch which URL receives notifications when multiple are configured (activating one deactivates others of the same type).
+---
+### Request
+---
+### Example: Success (200 OK)
+```
+PATCH {{protocol}}://{{serverNamePayApi}}/user-webhooks/1/status
+Authorization: Bearer {{tokenLogin}}
+Content-Type: application/json
+{
+  "active": true
+}
+ ```
+Response body:
+``` json
+{
+  "statusCode": "00",
+  "message": "Operación exitosa.",
+  "data": {
+    "id": 1,
+    "userId": 12345,
+    "webhookTypeId": 1,
+    "url": "https://my-server.com/webhooks/saldo",
+    "active": true,
+    "createdAt": "2025-01-15T10:00:00.000Z",
+    "updatedAt": "2025-01-16T15:30:00.000Z"
+  }
+}
+ ```
+---
+### Example: User webhook not found (404 Not Found)
+When no webhook exists with the given `id`, the API returns:
+``` json
+{
+  "statusCode": 404,
+  "message": "User webhook not found: 999",
+  "error": "Not Found"
+}
+ ```
+---
+### Example: Forbidden (403 Forbidden)
+When the webhook does not belong to the authenticated user, the API returns:
+``` json
+{
+  "statusCode": 403,
+  "message": "Webhook does not belong to the authenticated user",
+  "error": "Forbidden"
+}
+ ```
+---
+### Example: Validation error (400 Bad Request)
+When `id` is not a valid number or body is invalid:
+``` json
+{
+  "statusCode": 400,
+  "message": "Validation failed (numeric string is expected)",
+  "error": "Bad Request"
+}
+ ```
+**Parámetros:**
+| Name | Type | Description |
+| --- | --- | --- |
+| active | boolean | Campo del body: active |
+## 📝 Logs
+El servidor genera logs detallados de todas las operaciones:
+```
+[2024-01-01T12:00:00.000Z] get_users iniciada
+[2024-01-01T12:00:01.000Z] get_users completada exitosamente
+```
+## 🔍 Troubleshooting
+### Error de autenticación
+Verificar que las credenciales estén configuradas correctamente en las variables de entorno.
+### Error de conexión a la API
+Verificar que `BASE_URL` sea accesible y la API esté funcionando.
+### Error de puerto
+Verificar que el puerto `3009` no esté siendo usado por otro servicio.
+## 📞 Soporte
+Para soporte técnico, contactar al equipo de desarrollo.
+---
 *Generado automáticamente por Refacil MCP Framework*