Skip to main content
POST
/
v1
/
customers
/
{customer_id}
/
payment-methods
Enroll payment method
curl --request POST \
  --url https://api-sandbox.y.uno/v1/customers/{customer_id}/payment-methods \
  --header 'Content-Type: application/json' \
  --header 'account-code: <api-key>' \
  --header 'private-secret-key: <api-key>' \
  --header 'public-api-key: <api-key>' \
  --data '
{
  "type": "CARD",
  "token": "tok_4a8b9c2d-1e3f-5678-90ab-cdef12345678",
  "country": "BR"
}
'
{
  "id": "pm_1a2b3c4d-5e6f-7890-abcd-ef1234567890",
  "customer_id": "c9d0e1f2-3a4b-5c6d-7e8f-9a0b1c2d3e4f",
  "type": "CARD",
  "status": "ACTIVE",
  "card": {
    "last_four": "4242",
    "brand": "VISA",
    "expiry_month": 12,
    "expiry_year": 2028
  },
  "vaulted_token": "vtok_9f8e7d6c-5b4a-3210-fedc-ba9876543210",
  "created_at": "2026-03-01T10:00:00.000Z"
}
This request enrolls a payment method for a customer. With the information provided by Yuno after the customer selects the payment method to enroll, you will be able to save that information for future purchases using the payment method object created. Check the Available payment methods in Yuno. You’ll need to set your credentials for each payment method in the Yuno dashboard in order to to be able to use them. Note that this request requires an X-Idempotency-Key. Check the Authentication page for more information.
WebhooksWe recommend listening to Webhooks to stay up to date with the state of the enrolled payment methods of your customers.
If a customer enrolls the same card multiple times, Yuno creates a new enrollment each time and returns a distinct vaulted_token. Use the card fingerprint in the enrollment response to detect duplicates on your side (the fingerprint may be null for some providers). See Card Fingerprint.
Only available for PCI certified merchants.

Authorizations

public-api-key
string
header
required

Your public API key from the Yuno Dashboard

private-secret-key
string
header
required

Your private secret key (server-side only)

account-code
string
header
required

Your account identifier. The alias X-Account-Code is also accepted.

Path Parameters

customer_id
string<uuid>
required

The unique identifier of the customer

Body

application/json
type
enum<string>
required

Payment method type

Available options:
CARD,
PIX,
BOLETO,
PSE,
SPEI,
OXXO
Example:

"CARD"

token
string
required

One-time token from SDK tokenization

Example:

"tok_4a8b9c2d-1e3f-5678-90ab-cdef12345678"

country
string

ISO 3166-1 alpha-2 country code

Pattern: ^[A-Z]{2}$
Example:

"BR"

Response

Payment method enrolled successfully

id
string<uuid>
Example:

"pm_1a2b3c4d-5e6f-7890-abcd-ef1234567890"

customer_id
string<uuid>
Example:

"c9d0e1f2-3a4b-5c6d-7e8f-9a0b1c2d3e4f"

type
enum<string>
Available options:
CARD,
PIX,
BOLETO,
PSE,
SPEI,
OXXO
Example:

"CARD"

status
enum<string>
Available options:
ACTIVE,
EXPIRED,
REVOKED
Example:

"ACTIVE"

card
object
vaulted_token
string

Token for reuse in future payments

Example:

"vtok_9f8e7d6c-5b4a-3210-fedc-ba9876543210"

created_at
string<date-time>
Example:

"2026-03-01T10:00:00.000Z"