Endpoint Structure
Introduction
Understanding the structure of Passport API endpoints is essential for seamless integration. This guide provides a clear breakdown of the base URL, API versioning, and best practices for constructing API requests.
Base URL
All API requests to the Passport platform must be sent to the following base URL:
Sandbox:https://api.paas.sandbox.co.passportfintech.com
Production: https://api.paas.co.passportfintech.com
Example
https://api.paas.sandbox.co.passportfintech.comAlways ensure that you are using HTTPS to secure data transmission.
API Versioning
Passport API follows a versioning system to ensure backward compatibility. The version is included as part of the endpoint path:
https://api.paas.sandbox.co.passportfintech.com/version/Current Stable Version
https://api.paas.sandbox.co.passportfintech.com/v1/Tip: When integrating, always check the latest API version in this documentation to take advantage of updates and improvements.
Endpoint Structure
Each API endpoint follows a structured format:
base_url/version/resource/identifierExample
- https://api.paas-sandbox.co.passportfintech.com/v1/iam/oauth/tokens
- https://api.paas-sandbox.co.passportfintech.com/v1/customers/{customer_id}
- https://api.paas-sandbox.co.passportfintech.com/v1/accounts
- https://api.paas-sandbox.co.passportfintech.com/v1/payments/{payment_id}
Example Breakdown
| Segment | Description |
|---|---|
| {base_url} | The root domain where API requests are sent. |
| {version} | The API version (e.g., v1). |
| {resource} | The primary resource being accessed (e.g., iam/oauth/tokens). |
| {identifier} | A unique ID if needed (e.g., in a GET method iam/oauth/tokens/{token_id}). |
HTTP Codes
| Verb | Description |
|---|---|
| GET | This method is used to retrieve a specific resource or a collection of resources from the server, allowing clients to access and utilize the data efficiently. |
| POST | Allows you to create or submit a specific action within the platform. |
| PATCH | This allows you to modify only the fields that need to be changed without altering the entire resource. Ensure that the request body contains only the fields you wish to update in the desired format. |
| DELETE | Delete or revoke permissions or access for a specific user or resource. |
Response to DELETE requests will be 204 Content Not Found, with no response body.
Request and Response Structure
Request Format
All requests to the API should be structured using JSON and include necessary authentication headers.
Example of Request
curl --location --request GET 'https://api.paas.sandbox.co.passportfintech.com/v1/accounts/f1dce2ff-7413-4fab-91e4-ca84489cf74c' \--header 'Authorization: Bearer <YOUR_ACCESS_TOKEN>' \--data ''Response Format
API responses are structured in JSON and provide clear and detailed overview of the object.
Example of Response
{ "created_at": "2025-09-29T15:14:24.560Z", "updated_at": "2025-09-30T13:42:22.706Z", "entity_customer_id": "a9326341-40e6-497e-b44a-72c49a2c3910", "available_balance": { "currency": "COP", "value": "90000000000000000" }, "number": "880310992", "type": "ORDINARY", "pending_balance": { "currency": "COP", "value": "0" }, "id": "f1dce2ff-7413-4fab-91e4-ca84489cf74c"}Query Parameters
GET methods support query parameters. For more details, please review Query Parameters.