Corpay API Testing Status

Cards

Okta OAuth2

✅ 已通（16张卡片） ✅ Passed (16 cards)

⚠️ 缺账户信息 ⚠️ Missing account info

创建/管理虚拟卡 Create / Manage Virtual Cards

Fund

Okta OAuth2

❌ 403（Enrollment未完成） ❌ 403 (Enrollment incomplete)

❌ 同左 ❌ Same as QA

银行账户实时充值 Real-time Bank Funding

Txn

AWS Cognito

✅ 已通（0条，正常） ✅ Passed (0 records, normal)

⚠️ 不具备测试条件 ⚠️ Prerequisites not met

查询历史交易记录 Query Transaction History

Webhook

AWS Cognito

❌ 403（ICD未授权） ❌ 403 (ICD not provisioned)

⚠️ 已授权(Cognito密码过期，无法验证) ⚠️ Authorized (Cognito pwd expired, unverified)

交易事件推送通知 Transaction Event Notifications

RTCA

AWS Cognito

❌ QA 不可用 ❌ Not available in QA

⚠️ 不具备测试条件 ⚠️ Prerequisites not met

实时交易授权拦截 Real-time Authorization Control

API 模块API Module	全称Full Name	核心功能Core Function	触发方式Trigger
Cards	Cards API	创建虚拟卡、冻结/解冻/注销、修改限额、查询卡片 Create virtual cards, freeze/unfreeze/cancel, modify limits, query cards	我们主动调用 We call Corpay
Fund	Real-Time Funding API	将银行账户资金实时充值到 Corpay 账户，需先通过 Plaid 关联银行 Fund Corpay account from bank in real-time; requires Plaid bank linkage first	我们主动调用 We call Corpay
Txn	Transactions API	查询历史交易记录（授权、结算、撤销、拒绝等） Query transaction history (authorization, settlement, reversal, decline, etc.)	我们主动调用 We call Corpay
Webhook	Subscription API	订阅卡片交易事件，Corpay 推送通知到我们的 URL（事后通知） Subscribe to card events; Corpay pushes notifications to our URL (post-transaction)	Corpay 主动推送 Corpay pushes
RTCA	Real-Time Card Authorization	交易发生时 Corpay 实时回调我们，由我们决定批准/拒绝（事前拦截） Corpay calls our endpoint per transaction in real-time; we approve or decline (pre-transaction)	Corpay 实时回调 Corpay real-time callback

需要 Corpay 提供 / 确认 What We Need from Corpay

Production accountCode、customer_id_virtual、customer_id_physicalProduction accountCode, customer_id_virtual, customer_id_physical
Webhook QA：为用户 083595242799852401 完成 ICD ProvisioningWebhook QA: ICD provisioning for user 083595242799852401
Production Cognito：新密码（当前已过期）+ 确认 Production Client ID 是否与 QA 相同Production Cognito: new password (current expired) + confirm if Prod Client ID = QA
确认：Cognito 密码过期后，我方能否自行重置？还是必须联系 Corpay？Confirm: can we self-reset expired Cognito password, or must contact Corpay?
Fund API：Enrollment UI 登录凭证（如需我方完成 Enrollment 流程）Fund API: Enrollment UI login credentials (if we are to complete Enrollment)
Apple Pay / Digital Wallet 文档（Nick Herrick 跟进中）Apple Pay / Digital Wallet documentation (Nick Herrick following up)

② 认证方式 & 凭证 ② Authentication Methods & Credentials

机器对机器认证，用 Client ID + Secret 换取 Access Token，Token 有效期 60 分钟 Machine-to-machine auth. Exchange Client ID + Secret for an Access Token (valid 60 min)

QA 环境QA Environment

Token URL fleetcor-icd.oktapreview.com/
oauth2/aus2l0d91irbotby80x7/v1/token

Client ID 0oacv7038wxTkTUif0x7

状态Status ✅ 已通✅ Passed

Production 环境Production Environment

Token URL fleetcor-icd.okta.com/
oauth2/aus4jf12zlOfttOcL417/v1/token

Client ID 0oatuup0ewNTax672417

状态Status ✅ 已通（2026-02-27修正端点后） ✅ Passed (endpoint corrected on 2026-02-27)

用户名+密码登录，获取 IdToken 作为 Bearer Token，Token 有效期 60 分钟 Username + password login; obtain IdToken as Bearer Token (valid 60 min)

QA 环境QA Environment

Client ID7qvcsa7398vr89b319hmkdeob2

Username083595242799852401

PasswordTesting123!

状态Status ✅ Token 可获取 ✅ Token obtained successfully

⚠️ 密码每 7 天过期，需定期向 Corpay 申请重置 ⚠️ Password expires every 7 days; must request reset from Corpay periodically

Production 环境Production Environment

Client ID 7qvcsa7398vr89b319hmkdeob2 ⚠️ 当前沿用 QA 值 ⚠️ Using QA value (unconfirmed)

Username061115641842162385

Password 9Fh%jEhrK956 已过期Expired

状态Status ❌ 已测试：登录失败 ❌ Tested: Login failed

❌ 密码已过期失效，需重新向 Corpay 申请新密码 ❌ Password has expired. Request a new password from Corpay.

待向 Corpay 确认的问题：Pending confirmation from Corpay:
1. 密码过期后，是否每次都需联系 Corpay 重置？还是我们可自行修改？
2. Production Client ID 是否与 QA 相同（7qvcsa7398vr89b319hmkdeob2）？
3. QA 密码每 7 天过期，当忘记修改时是否也要联系 Corpay？ 1. When password expires, must we contact Corpay to reset it, or can we reset it ourselves?
2. Is the Production Client ID the same as QA (7qvcsa7398vr89b319hmkdeob2)?
3. For QA's 7-day expiry, if we forget to renew, do we also need to contact Corpay?

③ 各 API 模块详细说明 ③ Detailed API Module Documentation

💳

Cards API Okta OAuth2 认证 Okta OAuth2 Auth

QA: api.vc-stg.corpay.com | Prod: api.vc.corpay.com

QA ✅ 全通QA ✅ All Passed Prod ⚠️ 缺账户信息Prod ⚠️ Missing account info ▾

GET /cards 获取卡片列表List Cards ✅ QA 已通（16张）✅ QA Passed (16 cards)

参数Parameter	必填Required	QA 值QA Value	Prod 值Prod Value	说明Description
`accountCode`	✅	`W-30P`	❓ 待 Corpay 提供❓ Pending from Corpay	账户代码Account code
`customerId`	✅	`OP70T`	❓ 待 Corpay 提供❓ Pending from Corpay	客户ID（虚拟卡）Customer ID (virtual card)
`maxRows`	❌	`10`	同左Same as QA	每页条数Records per page
`pageNumber`	❌	`1`	同左Same as QA	页码Page number
`cardStatus`	❌	`A`	同左Same as QA	A=激活 B=冻结 X=注销A=Active B=Frozen X=Cancelled

POST /cards 创建虚拟卡Create Virtual Card ✅ QA 已通✅ QA Passed

字段Field	必填Required	说明Description
`customer.accountCode`	✅	账户代码Account code
`customer.id`	✅	客户IDCustomer ID
`card.type`	✅	`Virtual` / `Ghost` / `Physical`
`card.amount`	✅	卡片金额（USD）Card amount (USD)
`card.firstName` / `lastName`	❌	持卡人姓名Cardholder name
`card.statusCode`	❌	`A`=激活（默认）Active (default)

成功响应返回：卡片 token、16位卡号、CVV、有效期 Success response: card token, 16-digit card number, CVV, expiry date

PATCH /cards/{token} 更新卡片（冻结/解冻/注销/修改限额） Update Card (freeze / unfreeze / cancel / modify limit) ✅ QA 已通✅ QA Passed

statusCode	含义Meaning	是否可逆Reversible
`A`	激活Active	✅
`B`	冻结Frozen	✅
`X`	永久注销Permanently Cancelled	❌ 不可逆❌ Irreversible

💰

Fund API (Real-Time Funding) Okta OAuth2 认证Okta OAuth2 Auth

QA: cpapiqa.corpay.com/v1/funds | Prod: cpapi.corpay.com/v1/funds

QA ❌ 403阻塞QA ❌ 403 Blocked Prod ❌ 同左Prod ❌ Same as QA ▾

⚠️ 使用前必须完成 6 步 Enrollment 流程（目前 Step 1-3 尚未启动） ⚠️ Must complete the 6-step Enrollment process before use (Steps 1–3 not yet started)

用 Corpay 门户账号Use Corpay portal account

Plaid 关联银行Link Bank via Plaid

选择银行账户Select bank account

Corpay 审批Corpay Approval

Credit Team 批准Credit Team approval

获取 Okta TokenGet Okta Token

代码自动处理Handled automatically

GET /accounts

获取 account-idGet account-id

POST /transfers

发起充值Initiate transfer

Enrollment UI 地址Enrollment UI URLs

环境Environment	URL
QA	`cpuiqa.corpay.com/enrollment/index.html`
Production	`cpui.corpay.com/enrollment/v2/index.html`

POST /transfers 必填字段 POST /transfers Required Fields

字段Field	值Value
`company-id`	❌ Corpay 未提供 ❌ Not provided by Corpay
`from-type`	固定 Fixed: `fund-account`
`from`	account-id（Step 5 获取）account-id (from Step 5)
`to`	Corpay 账户代码Corpay account code
`currency-code`	固定 Fixed: `usd`

📊

Transactions API AWS Cognito 认证AWS Cognito Auth

QA: cp-transaction-eapi-qa...fleetcor.com | Prod: cp-transaction-eapi.api.fleetcor.com

QA ✅ 已通QA ✅ Passed Prod ⚠️ 不具备测试条件Prod ⚠️ Prerequisites not met ▾

GET /api/transactions 查询交易列表List Transactions ✅ QA 200（0条，正常） ✅ QA 200 (0 records, normal)

参数Parameter	必填Required	说明Description
`customerId`	✅	客户ID（如 OP70T）Customer ID (e.g. OP70T)
`startDate`	❌	格式：YYYY-MM-DDTHH:MM:SSFormat: YYYY-MM-DDTHH:MM:SS
`endDate`	❌	同上Same format
`cardToken`	❌	按卡片过滤Filter by card token
`transactionType`	❌	AUTHORIZATION / POST / DECLINE / REVERSAL

响应字段包含：交易时间、金额、商户名、MCC、卡号后4位、授权码 Response includes: transaction time, amount, merchant name, MCC, last 4 digits, approval code

🔔

Webhook / Subscription API AWS Cognito 认证AWS Cognito Auth

QA: subscribe.payqa.fleetcoraws.com/qa | Prod: subscribe.fleetcorpayments.com

QA ❌ 403 Prod ✅ 已授权Prod ✅ Authorized ▾

❌ QA 403 根因：Corpay 尚未将 QA 用户 083595242799852401 provision 为 ICD 用户（已提交请求，等待 Corpay 处理）
✅ Production 用户 061115641842162385 已被 Corpay 确认授权，但 Cognito 登录目前失败（密码过期 + Client ID 待确认） ❌ QA 403 Root Cause: Corpay has not provisioned QA user 083595242799852401 as an ICD user (request submitted, awaiting Corpay action)
✅ Production user 061115641842162385 confirmed authorized by Corpay, but Cognito login currently fails (password expired + Client ID unconfirmed)

POST /webhooks 创建订阅 POST /webhooks — Create Subscription

字段Field	必填Required	说明Description
`event`	✅	card-transaction-events 等card-transaction-events, etc.
`endpoint`	✅	我们接收通知的 URLOur webhook receiver URL
`securityPolicy`	❌	签名/API Key 验证Signature / API Key validation
`deliveryPolicy`	❌	重试次数/间隔Retry count / interval

可订阅的事件：Subscribable events:
card-transaction-events — 卡片交易Card transactions
card-status-events — 卡片状态变更Card status changes
account-customer-events — 账户事件Account events
vendor-events — 供应商事件Vendor events

Corpay 推送给我们的 Payload（示例） Corpay Webhook Payload (sample)

// card-transaction-events { "event": "card-transaction-events", "elements": [{ "type": "AUTHORIZATION", "preAuthAmount": 221.77, "merchant": { "name": "ABC CORP", "mcc": "3058" ✅ MCC 有available }, ❌ 无No localAmount ❌ 无No localCurrency 所有卡为All cards are Mastercard }] }

🛡️

RTCA — Authorization Controls AWS Cognito 认证AWS Cognito Auth

仅 Production 可用Production only | subscribe.fleetcorpayments.com

QA ❌ 不可用QA ❌ Not available Prod ⚠️ 不具备测试条件Prod ⚠️ Prerequisites not met ▾

工作原理How it works

用户刷卡 → Corpay 收到授权请求 → 实时调用我们的回调 URL → 我们返回 approve/decline → Corpay 决定是否放行 Card swipe → Corpay receives auth request → Calls our callback URL in real-time → We return approve/decline → Corpay makes final decision

⚠️ 当前不具备测试条件，原因：
1. Production Cognito 密码已过期，无法完成认证
2. RTCA 需先调用 POST /authorization-setup 注册回调 URL（未配置）
3. 注册成功后才能通过刷实体卡触发回调验证

待 Corpay 提供新密码 + Client ID 确认后再进行配置 ⚠️ Prerequisites not met. Reasons:
1. Production Cognito password has expired; authentication not possible
2. Must call POST /authorization-setup to register callback URL first (not configured)
3. Only after registration can callback be triggered by swiping a physical card

Pending new password and Client ID confirmation from Corpay

POST /authorization-setup 设置回调 POST /authorization-setup — Register Callback

字段Field	必填Required	说明Description
`inAuthUrl`	✅	我们的回调 URLOur callback URL
`status`	✅	ENABLED / DISABLED
`apiKey`	❌	安全密钥Security key
`signatureSecret`	❌	签名密钥Signature secret

Webhook vs RTCA：Webhook 是事后通知，RTCA 是事前拦截 Webhook vs RTCA: Webhook = post-transaction notification; RTCA = pre-transaction intercept

④ 当前阻塞问题（需 Corpay 处理） ④ Current Blockers (Requires Corpay Action)

Webhook QA 用户未完成 ICD Provisioning Webhook QA User Not ICD Provisioned

QA 用户 083595242799852401 未被 Corpay 在 ICD 系统中关联 account/customer，导致所有 Webhook QA 请求返回 403 "User id is invalid" QA user 083595242799852401 has not been provisioned as an ICD user by Corpay, causing all Webhook QA requests to return 403 "User id is invalid"

❌ 阻塞Blocked 等待：Corpay（Qwan Hunter） Waiting: Corpay (Qwan Hunter)

Fund API Enrollment 流程未启动 Fund API Enrollment Not Started

需登录 Enrollment UI → Plaid 关联银行账户 → Corpay Credit Team 审批。company-id 将在完成 Enrollment 后自动获得，无需单独向 Corpay 追要 Steps: Login Enrollment UI → Link bank via Plaid → Corpay Credit Team approval. company-id will be obtained automatically upon enrollment completion — no need to request it separately from Corpay

❌ 阻塞Blocked 等待：我们启动流程 + Corpay Credit Team 审批 Waiting: We initiate + Corpay Credit Team approval

Production Cards API accountCode / customerId 未提供 Production Cards API accountCode / customerId Not Provided

QA 值为 W-30P / OP70T / O27PT，Production 对应值未从 Corpay 获取，导致所有 Production Cards API 调用返回 400 Validation failed QA values are W-30P / OP70T / O27PT. Production values not yet received from Corpay, causing all Production Cards API calls to return 400 Validation failed

❌ 阻塞Blocked 等待：Corpay（Qwan Hunter） Waiting: Corpay (Qwan Hunter)

Production Cognito 密码已过期 + Client ID 待确认 Production Cognito Password Expired + Client ID Pending

密码 9Fh%jEhrK956 已过期失效，导致 Production 的 Transactions / Webhook / RTCA 均无法测试。同时需向 Corpay 确认：密码过期后是否可自行重置，以及 Production Cognito Client ID 是否独立 Password 9Fh%jEhrK956 has expired, blocking all Production Transactions / Webhook / RTCA testing. Also need Corpay to confirm: can we self-reset expired passwords, and is the Production Cognito Client ID separate from QA?

❌ 阻塞Blocked 等待：Corpay（Qwan Hunter） Waiting: Corpay (Qwan Hunter)

Apple Pay / Digital Wallet 文档 Apple Pay / Digital Wallet Documentation

Corpay 表示需要签署 digital wallet 文档才能使用 Apple Pay，已转至 Nick Herrick 处理，Nick 已确认在跟进，等待回复 Corpay requires signing a digital wallet agreement before Apple Pay can be enabled. Referred to Nick Herrick, who confirmed follow-up is in progress.

⏳ 跟进中In progress 等待：Corpay（Nick Herrick） Waiting: Corpay (Nick Herrick)

⑤ 完整配置参考（config/corpay.php） ⑤ Full Configuration Reference (config/corpay.php)

⚠️ 以下配置请逐项核对，标 ❌ 或 ⚠️ 的字段为已知问题，标 ❓ 的字段为待 Corpay 提供 ⚠️ Please verify each field below. Items marked ❌ or ⚠️ have known issues; items marked ❓ are pending from Corpay

🔐

Okta OAuth2 凭证（Cards API + Fund API） Okta OAuth2 Credentials (Cards API + Fund API)

两个环境均已测试通过 ✅ Both environments tested and passing ✅

QA ✅ Prod ✅ ▾

字段Field	QA 值QA Value	Production 值Production Value
`okta_domain`	`https://fleetcor-icd.oktapreview.com`	`https://fleetcor-icd.okta.com`
`okta_authorization_server_id`	`aus2l0d91irbotby80x7`	`aus4jf12zlOfttOcL417`
`okta_token_url`	`...oktapreview.com/oauth2/aus2.../v1/token`	`...okta.com/oauth2/aus4.../v1/token`
`okta_scopes`	`cards.write cards.:token.write cards.:token.read`
`client_id`	`0oacv7038wxTkTUif0x7`	`0oatuup0ewNTax672417`
`client_secret`	`HfMxz1wEyBZ8OezS5_rcjJ_e7VvE-xs-LRh4HJarlSUngcz8Xuern9Qqh91Sj_pS`	`CNU5rvB0uF9IxSXYqOLV2r9XiSh33uFR-0HW2_6JXQWpUp9mi6fbdWfuI-ccNRCF`

🔐

AWS Cognito 凭证（Transactions + Webhook + RTCA） AWS Cognito Credentials (Transactions + Webhook + RTCA)

QA 可用 / Production 密码过期待更新 QA working / Production password expired

QA ✅ Prod ❌ ▾

字段Field	QA 值QA Value	Production 值Production Value
`cognito_region`	`us-east-1`	`us-east-1`
`cognito_client_id`	`7qvcsa7398vr89b319hmkdeob2`	`7qvcsa7398vr89b319hmkdeob2` ⚠️ 沿用QA值，待确认 ⚠️ Using QA value, unconfirmed
`cognito_username`	`083595242799852401`	`061115641842162385`
`cognito_password`	`Testing123!` ⚠️ 7天过期 ⚠️ Expires in 7 days	`9Fh%jEhrK956` ❌ 已过期 ❌ Expired

🏦

账户信息（Cards API 必填参数） Account Info (Required for Cards API)

Production 值待 Corpay 提供 Production values pending from Corpay

QA ✅ Prod ❌ 待提供 Prod ❌ Pending ▾

字段Field	QA 值QA Value	Production 值Production Value
`account_code`	`W-30P`	❓ 待 Corpay 提供Pending from Corpay
`customer_id_virtual`	`OP70T`	❓ 待 Corpay 提供Pending from Corpay
`customer_id_physical`	`O27PT`	❓ 待 Corpay 提供Pending from Corpay
`company_id` Fund API 必填Required for Fund API	❓ Enrollment 完成后自动获得Obtained after Enrollment	❓ 同左Same as QA

🌐

API 端点地址（api_endpoints） API Endpoint URLs (api_endpoints)

来源：Corpay Card API User Guide v2.1 + Real Time Funding User Guide v4 Source: Corpay Card API User Guide v2.1 + Real Time Funding User Guide v4

▾

用途Purpose	认证Auth	QA 地址QA URL	Production 地址Production URL
cards 卡片 APICards API	Okta	`https://api.vc-stg.corpay.com`	`https://api.vc.corpay.com`
transactions 交易查询Transactions	Cognito	`https://cp-transaction-eapi-qa.ca-ce1-ch2-d-000.api.fleetcor.com`	`https://cp-transaction-eapi.api.fleetcor.com`
subscriptions Webhook 订阅Webhook	Cognito	`https://subscribe.payqa.fleetcoraws.com/qa`	`https://subscribe.fleetcorpayments.com`
fund 资金充值Funding	Okta	`https://cpapiqa.corpay.com/v1/funds`	`https://cpapi.corpay.com/v1/funds`
fund_enrollment_ui 注册 UIEnrollment UI	浏览器Browser	`https://cpuiqa.corpay.com/enrollment/index.html`	`https://cpui.corpay.com/enrollment/v2/index.html`
authorization_controls RTCA	Cognito	`https://subscribe.payqa.fleetcoraws.com/qa` ❌ QA 不可用❌ QA unavailable	`https://subscribe.fleetcorpayments.com`
vcws 虚拟卡服务VCWS	Basic	`https://w6cert.iconnectdata.com/VCWS/services/VCWS`	`https://w6.iconnectdata.com/VCWS/services/VCWS`
onboarding 客户入驻Onboarding	-	`https://na-cp-domestic-onboarding-qa.ca-ce1-ch2-d-000.api.fleetcor.com`	`https://na-cp-domestic-onboarding.api.fleetcor.com`

Corpay API 测试状态总览 | 最后更新 2026-03-09 | 如有问题请联系技术团队 Corpay API Testing Status Overview | Last Updated: 2026-03-09 | Contact the tech team for questions

Corpay API 测试状态总览 Corpay API Testing Status Overview