> ## Documentation Index > Fetch the complete documentation index at: https://docs.rinne.com.br/llms.txt > Use this file to discover all available pages before exploring further. # Pay PIX or BOLEPIX transaction via QR code (Sandbox Only) > Processes a PIX payment using a QR code from an existing transaction for testing purposes. **This endpoint is only available in sandbox environment.** This endpoint allows developers to test PIX payments by paying existing transactions that have PIX QR codes. The QR code is automatically retrieved from the transaction. **Supported payment methods:** - **PIX:** Uses the QR code from `pix_data.qr_code` - **BOLEPIX:** Uses the PIX EMV code from `bolepix_data.pix_emv` The endpoint automatically detects the payment method based on the available QR code data. ## OpenAPI ````yaml /api-spec.yaml post /v1/merchants/{merchantId}/transactions/{transactionId}/pay openapi: 3.1.0 info: title: Rinne API version: 1.0.0 description: > **Rinne API** is a robust payment platform that offers integration with multiple payment providers. ## Authentication The API uses API Key authentication via the `x-api-key` header. Each company has a unique key to access resources. ## Response Format All responses follow a consistent format: - **Success**: Returns the requested data directly - **Error**: Returns an `error` object with detailed information ## Pagination Endpoints that return lists support pagination through parameters: - `page`: Page number (default: 1) - `limit`: Items per page (default: 20, maximum: 100) ## Supported Providers The API supports multiple payment providers: - **Rinne**: Internal provider - **Celcoin**: PIX integration and other financial services ## Raw Card Data (PCI Endpoints) Card credential fields (`card_data.number`, `card_data.cvv`, `card_data.network_token`, `card_data.cryptogram`, and the 3DS `card.number`) must always be sent encrypted — values start with the `ev:` prefix. Plaintext values are rejected with `400 VALIDATION_ERROR` on every host. There are two ways to send encrypted values: - **rinne-js**: card forms and wallet buttons (Apple Pay / Google Pay) encrypt credentials client-side before they leave the browser. - **PCI API host**: server-to-server integrations that handle raw card data must call `https://pci.api.rinne.com.br/core` (sandbox: `https://pci.api-sandbox.rinne.com.br/core`) instead of the regular host. This endpoint encrypts `number` and `cvv` in transit before the request reaches the API; all other fields pass through unchanged. The PCI host serves only transaction creation and 3DS session creation (both the self and merchant variants); use the regular host for everything else. contact: name: Rinne API Support email: suporte@rinne.com.br servers: - url: https://api-sandbox.rinne.com.br/core description: Sandbox - url: https://api.rinne.com.br/core description: Production security: [] tags: - name: System description: System and API health endpoints - name: Authentication description: User authentication and authorization endpoints - name: Management description: >- Merchant management endpoints - create, list, get specific, overview, update - name: Transactions description: Transaction operations for merchants - create, list, overview, refunds - name: Affiliations description: Affiliation management for merchants - name: Banking description: Banking operations for merchants - balance, cashout, statements - name: Bank Accounts description: Bank account management for merchants - name: Pix Keys description: PIX key management for merchants - name: Company Transactions description: Direct transaction management and query endpoints for companies - name: Companies description: Company management - name: Company Affiliations description: Payment provider affiliation management - name: Company Banking description: Company banking endpoints (balance, etc.) - name: Company Pix description: Company PIX key management - name: Company Ledger description: Company ledger entry query endpoints - name: Ledger description: Ledger entry query endpoints (company and merchants) - name: Webhooks description: Endpoints for receiving webhooks from external providers - name: Pricing description: Fee and cost policy management for transaction pricing - name: Users description: User management endpoints - name: Roles description: Role management endpoints - name: Permissions description: Permission management endpoints - name: Admin description: Admin management endpoints x-scalar-ignore: true paths: /v1/merchants/{merchantId}/transactions/{transactionId}/pay: post: tags: - Transactions summary: Pay PIX or BOLEPIX transaction via QR code (Sandbox Only) description: > Processes a PIX payment using a QR code from an existing transaction for testing purposes. **This endpoint is only available in sandbox environment.** This endpoint allows developers to test PIX payments by paying existing transactions that have PIX QR codes. The QR code is automatically retrieved from the transaction. **Supported payment methods:** - **PIX:** Uses the QR code from `pix_data.qr_code` - **BOLEPIX:** Uses the PIX EMV code from `bolepix_data.pix_emv` The endpoint automatically detects the payment method based on the available QR code data. parameters: - name: merchantId in: path required: true description: Merchant/Company ID schema: type: string example: 123e4567-e89b-12d3-a456-426614174000 - name: transactionId in: path required: true description: >- Transaction ID containing the PIX QR code (from pix_data.qr_code for PIX or bolepix_data.pix_emv for BOLEPIX) schema: type: string example: 123e4567-e89b-12d3-a456-426614174001 requestBody: required: true content: application/json: schema: type: object required: - payer_company_id properties: payer_company_id: type: string description: > ID of the company whose bank account will be used for payment. The payer company must have an active affiliation with the same provider of the transaction to be able to pay. Cannot be the same as the transaction owner (merchant) company. example: 123e4567-e89b-12d3-a456-426614174002 responses: '200': description: Payment processed successfully content: application/json: schema: type: object properties: request_id: type: string example: f9b978a6-ab7e-4460-997d-1234567890ab status: type: string enum: - PENDING - PROCESSING - COMPLETED - FAILED example: COMPLETED amount: type: integer description: >- The transaction's amount in cents (payment is always for the full transaction amount) example: 10000 '400': description: Validation error (e.g. payer_company_id is the same as the merchant) content: application/json: schema: $ref: '#/components/schemas/ValidationErrorResponse' '401': description: Unauthorized - Invalid or missing API key content: application/json: schema: $ref: '#/components/schemas/AuthenticationErrorResponse' '404': description: Merchant, transaction, or bank account not found content: application/json: schema: $ref: '#/components/schemas/NotFoundErrorResponse' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/InternalServerErrorResponse' security: - ApiKeyAuth: [] components: schemas: ValidationErrorResponse: type: object properties: error: type: object properties: code: type: string example: VALIDATION_ERROR message: type: string example: Validation error status: type: integer example: 400 details: type: object properties: issues: type: array items: type: object properties: field: type: string example: email type: type: string example: REQUIRED message: type: string example: Field 'email' is required value: anyOf: - type: string - type: number - type: boolean example: invalid_value constraints: type: object example: min: 18 max: 120 path: type: string example: /companies timestamp: type: string format: date-time example: '2023-12-01T10:00:00.000Z' requestId: type: string example: req_123456789 AuthenticationErrorResponse: type: object properties: error: type: object properties: code: type: string example: AUTHENTICATION_ERROR message: type: string example: Authentication required to access this resource status: type: integer example: 401 details: type: object properties: reason: type: string example: Invalid API key path: type: string example: /companies/me timestamp: type: string format: date-time example: '2023-12-01T10:00:00.000Z' requestId: type: string example: req_123456789 NotFoundErrorResponse: type: object properties: error: type: object properties: code: type: string example: RESOURCE_NOT_FOUND message: type: string example: Company with ID '123' not found status: type: integer example: 404 path: type: string example: /companies/me timestamp: type: string format: date-time example: '2023-12-01T10:00:00.000Z' requestId: type: string example: req_123456789 InternalServerErrorResponse: type: object properties: error: type: object properties: code: type: string example: INTERNAL_SERVER_ERROR message: type: string example: An unexpected error occurred status: type: integer example: 500 path: type: string example: /companies timestamp: type: string format: date-time example: '2023-12-01T10:00:00.000Z' requestId: type: string example: req_123456789 securitySchemes: ApiKeyAuth: type: apiKey in: header name: x-api-key description: Company API key for authentication ````