Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.bloobank.com/llms.txt

Use this file to discover all available pages before exploring further.

Copy‑paste, set your ACCESS_KEY and PRIVATE_KEY, run. Every example below signs and sends a real POST /payments request.
Replace the placeholder ACCESS_KEY and PRIVATE_KEY with the values from your Bloobank Dashboard. Never commit them — use environment variables.

Complete client — POST /payments

// npm install elliptic
import crypto from "node:crypto";
import { ec as EC } from "elliptic";

const ec = new EC("secp256k1");

class Bloopay {
  constructor(accessKey, privateKeyHex) {
    this.endpoint = "https://payment.blooapis.io/v1";
    this.accessKey = accessKey;
    this.privateKey = privateKeyHex;
  }

  // Build X-Access-Timestamp and X-Access-Signature for a given body
  authorization(body) {
    const timestamp = Date.now(); // ms
    const bodyStr = body ? JSON.stringify(body) : "";
    const msg = `${this.accessKey}|${bodyStr}|${timestamp}`;
    const hash = crypto.createHash("sha256").update(msg).digest();

    const keyPair = ec.keyFromPrivate(Buffer.from(this.privateKey, "hex"));
    const signature = Buffer.from(keyPair.sign(hash).toDER()).toString(
      "base64",
    );

    return { timestamp, signature };
  }

  async makeRequest(path, method, body = null) {
    const { timestamp, signature } = this.authorization(body);

    const res = await fetch(`${this.endpoint}${path}`, {
      method,
      headers: {
        "Content-Type": "application/json",
        "X-Access-Key": this.accessKey,
        "X-Access-Timestamp": String(timestamp),
        "X-Access-Signature": signature,
      },
      body: body ? JSON.stringify(body) : undefined,
    });

    if (!res.ok) throw new Error(`HTTP ${res.status}: ${await res.text()}`);
    return res.json();
  }

  payment(body) {
    return this.makeRequest("/payments", "POST", body);
  }
}

// ---- usage ----
const client = new Bloopay(
  process.env.BLOOBANK_ACCESS_KEY,
  process.env.BLOOBANK_PRIVATE_KEY, // 64-char hex
);

const result = await client.payment({
  method: "pix",
  amount: { value: 1000 }, // BRL 10.00 in cents
  customer: { name: "John Doe" },
  metadata: { orderId: "PAY000000000001" },
  installments: 1,
});

console.log(result);

Handling errors

Every Bloobank error response returns a JSON object with an errors array. Wrap your HTTP call in try/catch, decode the body, and branch on the code field. 
try {
  await client.payment({
    /* ... */
  });
} catch (err) {
  // err.message includes the raw response body
  if (err.message.includes("INVALID_SIGNATURE")) {
    console.error("Signature mismatch — check body serialization");
  } else if (err.message.includes("EXPIRED_TIMESTAMP")) {
    console.error("Clock drift — sync via NTP");
  } else {
    throw err;
  }
}
See the full error code reference for the complete list.

What’s next

API Reference

All 10 endpoints with Try‑it playground.

Webhooks

Receive payment and payout events on your server.