How to read this spec
- Tags group endpoints by feature area (Authentication, Enrollment, Accounts, Transfer, InstaPay, PESONet, Bills, Loan, …).
- Environments — the Servers dropdown lists Staging (sandbox) — relaxed, App Check & request signing bypassed, the default for early integration — and sbx (UAT) — production profile with full security enforced, where you validate before go-live.
- Security — most endpoints require the layered auth model (App Check → device-key ECDSA signature + nonce → optional passkey step-up → bearer token). See the Security Implementation Guide for how to satisfy each.
- Examples live inline on each request/response schema; expand an operation to see them.