API Reference

Comorando helps you recover failed payments automatically.

Send a payment failure event. Comorando decides the best action — retry, grace period, or escalation — and executes it automatically.

One API call. Everything else is handled.

No SDK required. No npm install. Every endpoint works with plain curl or the built-in fetch in Node.js 18+. Authenticate with your API key in the x-api-key header.

✔ Reduces involuntary churn ✔ Handles retries automatically ✔ Full audit trail on every decision

Authentication

All protected endpoints require your API key sent as an HTTP header. You get your key when you register.

Header: x-api-key: ck_your_api_key_here
Keys are prefixed with ck_ and shown once at registration. Store them securely.

Base URL

All requests go to:

https://api.comorando.com

GET /health

Public. Check that the API is up. No authentication required.

curl

curl https://api.comorando.com/health

Response

{"status": "ok"}

POST /api-keys/register

Public. Create an organization and get your API key in one step. The key is shown once — save it immediately.

Field	Type	Description
email*	string	Your email address
name*	string	Your organization name (min 2 chars)

curl

curl -X POST https://api.comorando.com/api-keys/register \
  -H 'Content-Type: application/json' \
  -d '{"email":"you@example.com","name":"Acme Inc"}'

Node.js

const res = await fetch('https://api.comorando.com/api-keys/register', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({ email: 'you@example.com', name: 'Acme Inc' })
});
const { organizationId, apiKey, plan } = await res.json();
// Save apiKey — it's only shown once

Response 201

{ "organizationId": "c46f8d2a-6d30-47be-837b-...", "apiKey": "ck_...", "plan": "free" }

POST /decisions

Send a failed payment or subscription event. Comorando analyzes the context and automatically decides: whether to retry the payment, when to retry, whether to grant a grace period, and whether to escalate the issue. Execution happens automatically after the decision. Response is immediate (<50ms).

Requires x-api-key header.

Field	Type	Description
event_type*	string	Type of event: `payment.failed`, `subscription.cancelled`, `subscription.expired`, etc.
event_idoptional	string	Unique ID for idempotency. Duplicate `event_id`s are silently ignored within 1 hour.
dataoptional	object	Any event payload: customer ID, amount, plan, failure reason, etc.

Example: A $79 payment fails due to insufficient funds. Comorando schedules a retry and helps prevent a potential churn event.

curl

curl -X POST https://api.comorando.com/decisions \
  -H 'Content-Type: application/json' \
  -H 'x-api-key: ck_your_key_here' \
  -d '{
    "event_type": "payment.failed",
    "event_id": "paypal-evt-abc123",
    "data": {
      "customer_email": "user@example.com",
      "amount": 79.00,
      "currency": "USD",
      "failure_reason": "insufficient_funds"
    }
  }'

Node.js

const res = await fetch('https://api.comorando.com/decisions', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'x-api-key': process.env.COMORANDO_API_KEY
  },
  body: JSON.stringify({
    event_type: 'payment.failed',
    event_id: webhookEvent.id,   // ensures exactly-once
    data: webhookEvent
  })
});
const { id, status, correlation_id } = await res.json();

Response 201

{ "status": "processed", "id": "bf56b6e4-20e0-4bce-8109-...", "event_type": "payment.failed", "correlation_id": "9f4e2a1c-..." }

What happens next → The retry is scheduled automatically based on failure type and customer history
→ The customer may receive a notification
→ The outcome is tracked in your dashboard with full audit trail

Additional endpoints Additional API endpoints (query decisions, billing usage, account management) are available through the Pro Dashboard at comorando.com/pro-dashboard.html
Los endpoints adicionales de la API (consultar decisiones, uso de facturación, gestión de cuenta) están disponibles a través del Panel Pro en comorando.com/pro-dashboard.html
Endpoints adicionais da API (consultar decisões, uso de faturamento, gerenciamento de conta) estão disponíveis no Painel Pro em comorando.com/pro-dashboard.html

Retry Guidelines

Comorando's default retry schedule is designed to comply with PayPal AUP section 4.3 and equivalent processor policies. You may customize intervals via your decision configuration, but must remain within your processor's acceptable use boundaries.

Attempt	Default Interval	Notes
First retry	1 hour after initial failure	Covers transient declines (temporary holds, network issues)
Second retry	24 hours after first retry	Allows time for customer to update payment method
Third retry	72 hours after second retry	Final automated attempt before escalation or grace period

Compliance note: These intervals comply with PayPal AUP section 4.3 which prohibits excessive or aggressive retry patterns. You are responsible for ensuring any custom intervals remain within your payment processor's acceptable use policy. Comorando is not liable for account actions taken by your processor resulting from custom retry configurations. See Terms of Service §19 for full details.

Supported Payment Providers

Configure your provider's webhook URL to point to the corresponding endpoint below. Add your provider credentials to your environment variables.

Provider	Region	Webhook URL
Mercado Pago	LATAM	`POST https://api.comorando.com/webhooks/mercadopago`
Stripe	Global	`POST https://api.comorando.com/webhooks/stripe`
dLocal	CO · CL · PE · MX	`POST https://api.comorando.com/webhooks/dlocal`
PayU	CO · LATAM	`POST https://api.comorando.com/webhooks/payu`
Mobbex	Argentina	`POST https://api.comorando.com/webhooks/mobbex`
Payway (Prisma)	Argentina	`POST https://api.comorando.com/webhooks/payway`
Rebill	Argentina	`POST https://api.comorando.com/webhooks/rebill`

Signature verification: Stripe, dLocal, Mobbex, and Rebill webhooks are verified using HMAC-SHA256. PayU uses MD5 hash verification. Payway relies on IP whitelist — no request signature. Mercado Pago requires a valid MP_ACCESS_TOKEN to fetch full payment details.

Event types

Use these as the event_type field when submitting decisions.

event_type	Description
payment.failed	A payment attempt was declined or failed
payment.reversed	A charge was reversed or refunded
subscription.cancelled	A subscription was cancelled by the user or gateway
subscription.expired	A subscription reached end of billing period
subscription.suspended	A subscription was suspended due to payment failure
checkout.abandoned	A checkout session was started but not completed

Error codes

Code	HTTP	Meaning
unauthorized	401	Missing or invalid API key
event_type_required	400	The `event_type` field is missing
email_already_registered	409	That email is already registered
valid_email_required	400	The email field is missing or invalid
organization_name_required	400	The name field is missing or too short
duplicate_ignored	200	Event with this `event_id` was already processed (idempotent)
not_found	404	Decision ID not found or belongs to another org
rate_limit_exceeded	429	Too many requests — slow down
internal_error	500	Server-side error — contact support

Want to use Comorando in production? See pricing →

Need help? hello@comorando.com