For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
StatusDashboard
  • Getting Started
    • Introduction
    • Authentication
    • Rate Limits
    • Error Handling
  • Guides
    • Cash-In (Receiving Payments)
    • Cash-Out (Sending Payments)
    • PIX Keys Management
    • Webhooks Integration
    • MED (Special Returns)
  • API Reference
LogoLogo
StatusDashboard
On this page
  • Authentication
  • 1. Bearer Token (JWT) — Most Endpoints
  • Obtaining a JWT
  • 2. API Key — Cash-In Endpoints
  • Example
  • Available Scopes
Getting Started

Authentication

Was this page helpful?
Edit this page
Previous

Rate Limits

Next
Built with

Authentication

The BRZ API uses two authentication methods depending on the endpoint type.

1. Bearer Token (JWT) — Most Endpoints

All endpoints except Cash-In use Bearer Token authentication:

$Authorization: Bearer <your-jwt-token>

Obtaining a JWT

Call POST /api/v1/auth/bearer-token with your API Key credentials in the headers and the desired scopes in the request body:

$curl -X POST https://api.brzip.com.br/api/v1/auth/bearer-token \
>  -H "Content-Type: application/json" \
>  -H "x-key-id: your-key-id" \
>  -H "x-secret-key: your-secret-key" \
>  -d '{
>    "scopes": [
>      "pix:keys:read",
>      "pix:keys:write",
>      "pix:balance:read",
>      "pix:cashout:write",
>      "webhooks:read",
>      "webhooks:write"
>    ]
>  }'

Response:

1{
2  "success": true,
3  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
4  "expires_in": 3600
5}

The returned JWT token should be included in the Authorization header as Bearer <token> for all subsequent requests.

2. API Key — Cash-In Endpoints

The Cash-In endpoint (POST /api/v1/pix/cash-in/qrcode) accepts API Key authentication via two headers as an alternative to Bearer Token:

$x-key-id: <your-key-id>
$x-secret-key: <your-secret-key>

Example

$curl -X POST https://api.brzip.com.br/api/v1/pix/cash-in/qrcode \
>  -H "Content-Type: application/json" \
>  -H "x-key-id: your-key-id" \
>  -H "x-secret-key: your-secret-key" \
>  -d '{
>    "amount": "150.00",
>    "description": "Payment for order #123"
>  }'

Available Scopes

When generating a Bearer Token, you can request specific scopes to control access. If no scopes are provided, the token will include all scopes available to your API Key.

ScopeDescription
pix:keys:readList and search PIX keys
pix:keys:writeRegister and delete PIX keys
pix:balance:readCheck account balance
pix:cashin:readQuery Cash-In status
pix:cashin:writeCreate and cancel Cash-In charges
pix:cashout:readQuery Cash-Out status
pix:cashout:writeCreate Cash-Out payments
pix:limits:readQuery transaction limits
pix:limits:writeRequest limit changes
pix:med:readQuery MED requests
pix:med:writeRespond to MED requests
pix:reversals:readQuery reversals
pix:reversals:writeCreate reversals
webhooks:readList and search webhooks
webhooks:writeCreate, update, delete webhooks