Skip to content

Developer Guide

This guide is for developers at business partner organizations — issuers, processors, or embossers — who want to integrate with the QPay APIs in the sandbox environment.

Journey overview

flowchart LR
    A([Request tenant]) --> B([Receive credentials e-mail])
    B --> C([Set password & complete profile])
    C --> D([Create client credentials])
    D --> E([Get access token])
    E --> F([Call QPay APIs])
Step Description Who
1 Request a tenant account You
2 Set your password You
3 Create client credentials You
4 Obtain an access token Your application
5 Call the APIs Your application

Step 1 — Request a tenant account

Contact the QPay team at support@quecto.com.br to request a tenant. Include:

  • Your organization name
  • Your role in the platform (issuer, processor, or embosser)
  • The name and e-mail address of the initial administrator user

The QPay admin will create your tenant and your first user account. You will receive an e-mail invitation to complete registration.

Step 2 — Set your password

Check your inbox for an e-mail from QPay. Follow the link to:

  1. Set your password
  2. Complete your profile (name, contact info)

After completing registration, you can log into the developer console.

Step 3 — Create client credentials

Client credentials are machine-to-machine credentials (OAuth2 client_id + client_secret) that your application uses to authenticate with the API. They are separate from your personal user account.

See Creating client credentials for a step-by-step walkthrough.

Step 4 — Obtain an access token

Use your client_id and client_secret to obtain a short-lived JWT access token via the OAuth2 client credentials flow:

curl -X POST https://sandbox.qpay.quecto.com.br/auth/realms/qpay/protocol/openid-connect/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials" \
  -d "client_id=YOUR_CLIENT_ID" \
  -d "client_secret=YOUR_CLIENT_SECRET"

The response contains an access_token field. Pass it as a bearer token on every API request:

Authorization: Bearer <access_token>

See Authentication & tokens for details on token expiry and refresh.

Step 5 — Call the APIs

All QPay services in the sandbox are available at:

https://sandbox.qpay.quecto.com.br

Explore the full API reference in the APIs section. A good starting point is GET /credentials/whoami to confirm your token is working and inspect your tenant identity:

curl https://sandbox.qpay.quecto.com.br/credentials/whoami \
  -H "Authorization: Bearer <access_token>"

Next steps

  • Sandbox

    Understand the sandbox environment, limitations, and test data.

    Sandbox overview

  • Credentials

    Manage client credentials and understand token lifecycle.

    Credentials guide

  • Tutorial

    End-to-end walkthrough: from first token to issuing a card.

    Tutorial

  • API Reference

    Browse interactive API docs for all QPay services.

    API docs