{
  "info": {
    "name": "Meridian API",
    "description": "Official Postman collection for the Meridian API. Generated from the OpenAPI specs in this repository.\n\nBefore running any request, set the collection variables under the **Variables** tab:\n- `meridianApiKey` and `meridianApiSecret` (issued by Meridian)\n- `meridianProgramId` (for Meridian Accounts and Payout Origination)\n- `meridianUserId` (only for Meridian Accounts MULTI_USER integrations)\n- `baseUrl` (defaults to sandbox)\n\nPre-request scripts on each folder compute the HMAC SHA-256 signature and attach the required `X-Meridian-*` headers automatically.\n\n_Generated 2026-05-21T19:58:24.236Z. Do not edit by hand — see `postman/README.md`._",
    "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
  },
  "item": [
    {
      "name": "Meridian Accounts",
      "description": "API documentation for Meridian services\n\nContact Support:\n Name: Meridian\n Email: support@mnai.com\n\nGenerated from `products/meridian-accounts/api-reference/meridian-accounts.json`.",
      "item": [
        {
          "name": "Auth",
          "description": {
            "content": "",
            "type": "text/plain"
          },
          "item": [
            {
              "name": "Issue a Meridian Accounts access token — Client Credentials Token Body",
              "request": {
                "name": "Issue a Meridian Accounts access token",
                "description": {
                  "content": "Mints a JWT for a Meridian user. For `client_credentials` grants, the user is identified by the `X-Meridian-User-Id` header: it must be provided for MULTI_USER integrations and omitted for SINGLE_USER integrations (the single configured user is used). For `refresh_token` grants, the user is derived from the supplied refresh token.",
                  "type": "text/plain"
                },
                "url": {
                  "path": [
                    "v1",
                    "auth",
                    "token"
                  ],
                  "host": [
                    "{{baseUrl}}"
                  ],
                  "query": [],
                  "variable": [],
                  "raw": "{{baseUrl}}/v1/auth/token"
                },
                "header": [
                  {
                    "key": "Content-Type",
                    "value": "application/json"
                  },
                  {
                    "key": "Accept",
                    "value": "application/json"
                  }
                ],
                "method": "POST",
                "body": {
                  "mode": "raw",
                  "raw": "{\n  \"grant_type\": \"client_credentials\"\n}",
                  "options": {
                    "raw": {
                      "language": "json"
                    }
                  }
                }
              },
              "response": [],
              "event": [],
              "protocolProfileBehavior": {
                "disableBodyPruning": true
              }
            },
            {
              "name": "Issue a Meridian Accounts access token — Refresh Token Body",
              "request": {
                "name": "Issue a Meridian Accounts access token",
                "description": {
                  "content": "Mints a JWT for a Meridian user. For `client_credentials` grants, the user is identified by the `X-Meridian-User-Id` header: it must be provided for MULTI_USER integrations and omitted for SINGLE_USER integrations (the single configured user is used). For `refresh_token` grants, the user is derived from the supplied refresh token.",
                  "type": "text/plain"
                },
                "url": {
                  "path": [
                    "v1",
                    "auth",
                    "token"
                  ],
                  "host": [
                    "{{baseUrl}}"
                  ],
                  "query": [],
                  "variable": [],
                  "raw": "{{baseUrl}}/v1/auth/token"
                },
                "header": [
                  {
                    "key": "Content-Type",
                    "value": "application/json"
                  },
                  {
                    "key": "Accept",
                    "value": "application/json"
                  }
                ],
                "method": "POST",
                "body": {
                  "mode": "raw",
                  "raw": "{\n  \"refresh_token\": \"{{meridianRefreshToken}}\",\n  \"grant_type\": \"refresh_token\"\n}",
                  "options": {
                    "raw": {
                      "language": "json"
                    }
                  }
                }
              },
              "response": [],
              "event": [],
              "protocolProfileBehavior": {
                "disableBodyPruning": true
              }
            },
            {
              "name": "Create a Meridian user for a partner — Business User Input",
              "request": {
                "name": "Create a Meridian user for a partner",
                "description": {
                  "content": "Creates a person or business user for the calling partner on the supplied program. Only MULTI_USER integrations may call this endpoint; SINGLE_USER keys are rejected.",
                  "type": "text/plain"
                },
                "url": {
                  "path": [
                    "v1",
                    "auth",
                    "users"
                  ],
                  "host": [
                    "{{baseUrl}}"
                  ],
                  "query": [],
                  "variable": [],
                  "raw": "{{baseUrl}}/v1/auth/users"
                },
                "header": [
                  {
                    "key": "Content-Type",
                    "value": "application/json"
                  },
                  {
                    "key": "Accept",
                    "value": "application/json"
                  }
                ],
                "method": "POST",
                "body": {
                  "mode": "raw",
                  "raw": "{\n  \"externalId\": \"deserunt dolore est aute\",\n  \"business\": {\n    \"legalName\": \"Acme Inc\",\n    \"contactPhone\": \"+15551234567\",\n    \"contactEmail\": \"ops@acme.example\"\n  },\n  \"type\": \"BUSINESS\"\n}",
                  "options": {
                    "raw": {
                      "language": "json"
                    }
                  }
                }
              },
              "response": [],
              "event": [],
              "protocolProfileBehavior": {
                "disableBodyPruning": true
              }
            },
            {
              "name": "Create a Meridian user for a partner — Person User Input",
              "request": {
                "name": "Create a Meridian user for a partner",
                "description": {
                  "content": "Creates a person or business user for the calling partner on the supplied program. Only MULTI_USER integrations may call this endpoint; SINGLE_USER keys are rejected.",
                  "type": "text/plain"
                },
                "url": {
                  "path": [
                    "v1",
                    "auth",
                    "users"
                  ],
                  "host": [
                    "{{baseUrl}}"
                  ],
                  "query": [],
                  "variable": [],
                  "raw": "{{baseUrl}}/v1/auth/users"
                },
                "header": [
                  {
                    "key": "Content-Type",
                    "value": "application/json"
                  },
                  {
                    "key": "Accept",
                    "value": "application/json"
                  }
                ],
                "method": "POST",
                "body": {
                  "mode": "raw",
                  "raw": "{\n  \"externalId\": \"eu\",\n  \"person\": {\n    \"firstName\": \"Jane\",\n    \"lastName\": \"Doe\",\n    \"contactPhone\": \"+15551234567\",\n    \"contactEmail\": \"jane.doe@example.com\",\n    \"dateOfBirth\": \"1990-01-15\"\n  },\n  \"type\": \"PERSON\"\n}",
                  "options": {
                    "raw": {
                      "language": "json"
                    }
                  }
                }
              },
              "response": [],
              "event": [],
              "protocolProfileBehavior": {
                "disableBodyPruning": true
              }
            }
          ],
          "event": []
        },
        {
          "name": "Enrollment",
          "description": {
            "content": "",
            "type": "text/plain"
          },
          "item": [
            {
              "name": "Get current enrollment status",
              "request": {
                "name": "Get current enrollment status",
                "description": {
                  "content": "Returns the enrollment for the authenticated Meridian account, creating one on the first call if none exists yet.",
                  "type": "text/plain"
                },
                "url": {
                  "path": [
                    "v1",
                    "enrollment"
                  ],
                  "host": [
                    "{{baseUrl}}"
                  ],
                  "query": [],
                  "variable": [],
                  "raw": "{{baseUrl}}/v1/enrollment"
                },
                "header": [
                  {
                    "key": "Accept",
                    "value": "application/json"
                  }
                ],
                "method": "GET"
              },
              "response": [],
              "event": [],
              "protocolProfileBehavior": {
                "disableBodyPruning": true
              }
            },
            {
              "name": "Activate a pending enrollment",
              "request": {
                "name": "Activate a pending enrollment",
                "description": {
                  "content": "Creates or resumes the enrollment for the authenticated Meridian account and returns the current enrollment state.",
                  "type": "text/plain"
                },
                "url": {
                  "path": [
                    "v1",
                    "enrollment",
                    "activate"
                  ],
                  "host": [
                    "{{baseUrl}}"
                  ],
                  "query": [],
                  "variable": [],
                  "raw": "{{baseUrl}}/v1/enrollment/activate"
                },
                "header": [
                  {
                    "key": "Accept",
                    "value": "application/json"
                  }
                ],
                "method": "POST"
              },
              "response": [],
              "event": [],
              "protocolProfileBehavior": {
                "disableBodyPruning": true
              }
            }
          ],
          "event": []
        },
        {
          "name": "Information Requests",
          "description": {
            "content": "",
            "type": "text/plain"
          },
          "item": [
            {
              "name": "List all Information Requests",
              "request": {
                "name": "List all Information Requests",
                "description": {
                  "content": "Returns the Information Requests associated with the authenticated Meridian account.",
                  "type": "text/plain"
                },
                "url": {
                  "path": [
                    "v1",
                    "information-requests"
                  ],
                  "host": [
                    "{{baseUrl}}"
                  ],
                  "query": [],
                  "variable": [],
                  "raw": "{{baseUrl}}/v1/information-requests"
                },
                "header": [
                  {
                    "key": "Accept",
                    "value": "application/json"
                  }
                ],
                "method": "GET"
              },
              "response": [],
              "event": [],
              "protocolProfileBehavior": {
                "disableBodyPruning": true
              }
            },
            {
              "name": "Get an Information Request by ID",
              "request": {
                "name": "Get an Information Request by ID",
                "description": {
                  "content": "Returns the Information Request details for the authenticated Meridian account.",
                  "type": "text/plain"
                },
                "url": {
                  "path": [
                    "v1",
                    "information-requests",
                    ":informationRequestId"
                  ],
                  "host": [
                    "{{baseUrl}}"
                  ],
                  "query": [],
                  "variable": [
                    {
                      "disabled": false,
                      "type": "any",
                      "value": "proident sint ullamco exercitation",
                      "key": "informationRequestId",
                      "description": "(Required) "
                    }
                  ],
                  "raw": "{{baseUrl}}/v1/information-requests/:informationRequestId"
                },
                "header": [
                  {
                    "key": "Accept",
                    "value": "application/json"
                  }
                ],
                "method": "GET"
              },
              "response": [],
              "event": [],
              "protocolProfileBehavior": {
                "disableBodyPruning": true
              }
            },
            {
              "name": "Update an Information Request",
              "request": {
                "name": "Update an Information Request",
                "description": {
                  "content": "Submits a data payload update for the authenticated Meridian account's Information Request.",
                  "type": "text/plain"
                },
                "url": {
                  "path": [
                    "v1",
                    "information-requests",
                    ":informationRequestId"
                  ],
                  "host": [
                    "{{baseUrl}}"
                  ],
                  "query": [],
                  "variable": [
                    {
                      "disabled": false,
                      "type": "any",
                      "value": "proident sint ullamco exercitation",
                      "key": "informationRequestId",
                      "description": "(Required) "
                    }
                  ],
                  "raw": "{{baseUrl}}/v1/information-requests/:informationRequestId"
                },
                "header": [
                  {
                    "key": "Content-Type",
                    "value": "application/json"
                  },
                  {
                    "key": "Accept",
                    "value": "application/json"
                  }
                ],
                "method": "PATCH",
                "body": {
                  "mode": "raw",
                  "raw": "{\n  \"data\": {}\n}",
                  "options": {
                    "raw": {
                      "language": "json"
                    }
                  }
                }
              },
              "response": [],
              "event": [],
              "protocolProfileBehavior": {
                "disableBodyPruning": true
              }
            },
            {
              "name": "Upload a file for an Information Request",
              "request": {
                "name": "Upload a file for an Information Request",
                "description": {
                  "content": "Uploads a file for the specified Information Request attachment key and stores it.",
                  "type": "text/plain"
                },
                "url": {
                  "path": [
                    "v1",
                    "information-requests",
                    ":informationRequestId",
                    "file-uploads"
                  ],
                  "host": [
                    "{{baseUrl}}"
                  ],
                  "query": [],
                  "variable": [
                    {
                      "disabled": false,
                      "type": "any",
                      "value": "proident sint ullamco exercitation",
                      "key": "informationRequestId",
                      "description": "(Required) "
                    }
                  ],
                  "raw": "{{baseUrl}}/v1/information-requests/:informationRequestId/file-uploads"
                },
                "header": [
                  {
                    "disabled": false,
                    "description": "SHA-256 digest of the multipart body, formatted per RFC 9530 as `sha-256=:<base64>:`. Required when authenticating with a partner API key; the HMAC signature is computed over the Content-Digest value instead of the raw multipart bytes. Ignored for JWT auth.",
                    "key": "Content-Digest",
                    "value": "proident sint ullamco exercitation"
                  },
                  {
                    "key": "Content-Type",
                    "value": "multipart/form-data"
                  },
                  {
                    "key": "Accept",
                    "value": "application/json"
                  }
                ],
                "method": "POST",
                "body": {
                  "mode": "formdata",
                  "formdata": [
                    {
                      "key": "attachmentKey",
                      "value": "businessLicense",
                      "type": "text",
                      "description": "(Required) Key identifying the attachment slot to upload the file to"
                    },
                    {
                      "key": "file",
                      "value": "[-27114769,90631392]",
                      "type": "text",
                      "description": "(Required) File to upload"
                    }
                  ]
                }
              },
              "response": [],
              "event": [],
              "protocolProfileBehavior": {
                "disableBodyPruning": true
              }
            },
            {
              "name": "Submit an Information Request for review",
              "request": {
                "name": "Submit an Information Request for review",
                "description": {
                  "content": "Submits the Information Request for the authenticated Meridian account.",
                  "type": "text/plain"
                },
                "url": {
                  "path": [
                    "v1",
                    "information-requests",
                    ":informationRequestId",
                    "submit"
                  ],
                  "host": [
                    "{{baseUrl}}"
                  ],
                  "query": [],
                  "variable": [
                    {
                      "disabled": false,
                      "type": "any",
                      "value": "proident sint ullamco exercitation",
                      "key": "informationRequestId",
                      "description": "(Required) "
                    }
                  ],
                  "raw": "{{baseUrl}}/v1/information-requests/:informationRequestId/submit"
                },
                "header": [
                  {
                    "key": "Accept",
                    "value": "application/json"
                  }
                ],
                "method": "POST"
              },
              "response": [],
              "event": [],
              "protocolProfileBehavior": {
                "disableBodyPruning": true
              }
            }
          ],
          "event": []
        },
        {
          "name": "Accounts",
          "description": {
            "content": "",
            "type": "text/plain"
          },
          "item": [
            {
              "name": "List Accounts",
              "request": {
                "name": "List Accounts",
                "description": {
                  "content": "Returns the accounts associated with the authenticated Meridian account.",
                  "type": "text/plain"
                },
                "url": {
                  "path": [
                    "v1",
                    "accounts"
                  ],
                  "host": [
                    "{{baseUrl}}"
                  ],
                  "query": [],
                  "variable": [],
                  "raw": "{{baseUrl}}/v1/accounts"
                },
                "header": [
                  {
                    "key": "Accept",
                    "value": "application/json"
                  }
                ],
                "method": "GET"
              },
              "response": [],
              "event": [],
              "protocolProfileBehavior": {
                "disableBodyPruning": true
              }
            },
            {
              "name": "Get Account by ID",
              "request": {
                "name": "Get Account by ID",
                "description": {
                  "content": "Returns the account details for the authenticated Meridian account.",
                  "type": "text/plain"
                },
                "url": {
                  "path": [
                    "v1",
                    "accounts",
                    ":accountId"
                  ],
                  "host": [
                    "{{baseUrl}}"
                  ],
                  "query": [],
                  "variable": [
                    {
                      "disabled": false,
                      "type": "any",
                      "value": "proident sint ullamco exercitation",
                      "key": "accountId",
                      "description": "(Required) "
                    }
                  ],
                  "raw": "{{baseUrl}}/v1/accounts/:accountId"
                },
                "header": [
                  {
                    "key": "Accept",
                    "value": "application/json"
                  }
                ],
                "method": "GET"
              },
              "response": [],
              "event": [],
              "protocolProfileBehavior": {
                "disableBodyPruning": true
              }
            }
          ],
          "event": []
        },
        {
          "name": "Transactions",
          "description": {
            "content": "",
            "type": "text/plain"
          },
          "item": [
            {
              "name": "List Transactions",
              "request": {
                "name": "List Transactions",
                "description": {
                  "content": "Returns the transactions associated with the authenticated Meridian account.",
                  "type": "text/plain"
                },
                "url": {
                  "path": [
                    "v1",
                    "transactions"
                  ],
                  "host": [
                    "{{baseUrl}}"
                  ],
                  "query": [],
                  "variable": [],
                  "raw": "{{baseUrl}}/v1/transactions"
                },
                "header": [
                  {
                    "key": "Accept",
                    "value": "application/json"
                  }
                ],
                "method": "GET"
              },
              "response": [],
              "event": [],
              "protocolProfileBehavior": {
                "disableBodyPruning": true
              }
            },
            {
              "name": "Get Transaction by ID",
              "request": {
                "name": "Get Transaction by ID",
                "description": {
                  "content": "Returns the transaction details for the authenticated Meridian account.",
                  "type": "text/plain"
                },
                "url": {
                  "path": [
                    "v1",
                    "transactions",
                    ":transactionId"
                  ],
                  "host": [
                    "{{baseUrl}}"
                  ],
                  "query": [],
                  "variable": [
                    {
                      "disabled": false,
                      "type": "any",
                      "value": "proident sint ullamco exercitation",
                      "key": "transactionId",
                      "description": "(Required) "
                    }
                  ],
                  "raw": "{{baseUrl}}/v1/transactions/:transactionId"
                },
                "header": [
                  {
                    "key": "Accept",
                    "value": "application/json"
                  }
                ],
                "method": "GET"
              },
              "response": [],
              "event": [],
              "protocolProfileBehavior": {
                "disableBodyPruning": true
              }
            }
          ],
          "event": []
        }
      ],
      "event": [
        {
          "listen": "prerequest",
          "script": {
            "type": "text/javascript",
            "exec": [
              "// Pre-request script: Meridian Accounts",
              "//",
              "// Computes the HMAC SHA-256 signature documented at",
              "// /products/meridian-accounts/guides/server-to-server-authentication-with-hmac",
              "// and attaches the required X-Meridian-* headers.",
              "//",
              "// Canonical string: apiKey + timestamp + method + path + body",
              "// (X-Meridian-Program-Id is required on the request but NOT in the canonical string.)",
              "//",
              "// MULTI_USER integrations: set the `meridianUserId` collection variable.",
              "// SINGLE_USER integrations: leave `meridianUserId` empty; the header is omitted.",
              "",
              "const apiKey    = pm.variables.get(\"meridianApiKey\");",
              "const apiSecret = pm.variables.get(\"meridianApiSecret\");",
              "const programId = pm.variables.get(\"meridianProgramId\");",
              "const userId    = pm.variables.get(\"meridianUserId\"); // optional; MULTI_USER only",
              "",
              "if (!apiKey || !apiSecret || !programId) {",
              "    throw new Error(",
              "        \"Missing Meridian credentials. Set collection variables: \" +",
              "        \"meridianApiKey, meridianApiSecret, meridianProgramId.\"",
              "    );",
              "}",
              "",
              "const timestamp = Date.now().toString();",
              "const method    = pm.request.method;",
              "",
              "const url  = pm.request.url;",
              "const qs   = url.getQueryString();",
              "const path = url.getPath() + (qs ? \"?\" + qs : \"\");",
              "",
              "const body = pm.request.body?.raw ?? \"\";",
              "",
              "const canonical = apiKey + timestamp + method + path + body;",
              "const signature = CryptoJS.HmacSHA256(canonical, apiSecret).toString(CryptoJS.enc.Hex);",
              "",
              "// Headers are added defensively: remove any stale copies before re-adding,",
              "// so re-running the request inside the same Postman session doesn't double up.",
              "const headers = pm.request.headers;",
              "[\"X-Meridian-Api-Key\", \"X-Meridian-Program-Id\", \"X-Meridian-User-Id\",",
              " \"X-Meridian-Timestamp\", \"X-Meridian-Signature\"].forEach((h) => headers.remove(h));",
              "",
              "headers.add({ key: \"X-Meridian-Api-Key\",    value: apiKey });",
              "headers.add({ key: \"X-Meridian-Program-Id\", value: programId });",
              "headers.add({ key: \"X-Meridian-Timestamp\",  value: timestamp });",
              "headers.add({ key: \"X-Meridian-Signature\",  value: signature });",
              "if (userId) {",
              "    headers.add({ key: \"X-Meridian-User-Id\", value: userId });",
              "}",
              "",
              "pm.variables.set(\"meridianTimestamp\", timestamp);",
              "pm.variables.set(\"meridianSignature\", signature);",
              ""
            ]
          }
        }
      ]
    },
    {
      "name": "Payout Origination",
      "description": "These endpoints accept a Base64-encoded payout message payload and allow you to list resulting transactions or retrieve a transaction by Meridian ID. Request authentication is performed using Meridian HMAC headers. The server validates the HMAC headers, stores the encoded payload, and queues the message for downstream processing.\n\n\nGenerated from `products/payout-origination/api-reference/payout-origination.json`.",
      "item": [
        {
          "name": "Payouts",
          "description": {
            "content": "Payout origination and transaction tracking",
            "type": "text/plain"
          },
          "item": [
            {
              "name": "Submit a payout request",
              "request": {
                "name": "Submit a payout request",
                "description": {
                  "content": "Accepts a Base64-encoded payout request in the format specified by the `format` path parameter.\n\nSupported values:\n  - `pacs008` for ISO 20022 `pacs.008.*` XML messages\n  - `json` for a JSON payload where `entityId`, `beneficiaryId`, `amount`, `currency`, and `reference` are all required\n\nAuthentication uses Meridian HMAC headers:\n  - X-Meridian-Api-Key\n  - X-Meridian-Timestamp\n  - X-Meridian-Signature\n\nUse Idempotency-Key as a separate header for duplicate protection.\n\nThe endpoint returns 202 Accepted once the encoded payload has been safely accepted for processing. Webhooks will be sent for each status change until a finality status. The transaction APIs may be used to list resulting transactions and retrieve the latest status on demand.\n",
                  "type": "text/plain"
                },
                "url": {
                  "path": [
                    "v1",
                    "payout-origination",
                    ":format"
                  ],
                  "host": [
                    "{{baseUrl}}"
                  ],
                  "query": [],
                  "variable": [
                    {
                      "disabled": false,
                      "type": "any",
                      "value": "json",
                      "key": "format",
                      "description": "(Required) Message format identifier. Use `pacs008` for ISO 20022 `pacs.008.*` XML messages or `json` for Base64-encoded JSON payout payloads."
                    }
                  ],
                  "raw": "{{baseUrl}}/v1/payout-origination/:format"
                },
                "header": [
                  {
                    "disabled": false,
                    "description": "(Required) Unique key to protect against accidental duplicate submissions",
                    "key": "Idempotency-Key",
                    "value": "6e6fa6e8-4e7c-4d1f-8d44-71f2a7e6f8b0"
                  },
                  {
                    "key": "Content-Type",
                    "value": "text/plain"
                  },
                  {
                    "key": "Accept",
                    "value": "application/json"
                  }
                ],
                "method": "POST",
                "auth": {
                  "type": "apikey",
                  "apikey": [
                    {
                      "key": "key",
                      "value": "X-Meridian-Signature"
                    },
                    {
                      "key": "value",
                      "value": "{{apiKey}}"
                    },
                    {
                      "key": "in",
                      "value": "header"
                    }
                  ]
                },
                "body": {
                  "mode": "raw",
                  "raw": "PERvY3VtZW50IHhtbG5zPSJ1cm46aXNvOnN0ZDppc286MjAwMjI6dGVjaDp4c2Q6cGFjcy4wMDguMDAxLjA4Ij48RklUb0ZJQ3N0bXJDZHRUcmY+PEdycEhkcj48TXNnSWQ+MjAyNjA0MDctMDAwMTIzPC9Nc2dJZD48L0dycEhkcj48L0ZJVG9GSUNzdG1yQ2R0VHJmPjwvRG9jdW1lbnQ+"
                }
              },
              "response": [],
              "event": [],
              "protocolProfileBehavior": {
                "disableBodyPruning": true
              }
            }
          ],
          "event": []
        },
        {
          "name": "Transactions",
          "description": {
            "content": "",
            "type": "text/plain"
          },
          "item": [
            {
              "name": "List payout transactions",
              "request": {
                "name": "List payout transactions",
                "description": {
                  "content": "Returns transactions with their latest processing status. You can optionally filter the results by the Meridian `messageId` returned from the message submission endpoint.\n\nAuthentication uses Meridian HMAC headers:\n  - X-Meridian-Api-Key\n  - X-Meridian-Timestamp\n  - X-Meridian-Signature\n",
                  "type": "text/plain"
                },
                "url": {
                  "path": [
                    "v1",
                    "transactions"
                  ],
                  "host": [
                    "{{baseUrl}}"
                  ],
                  "query": [
                    {
                      "disabled": false,
                      "key": "pageIndex",
                      "value": "1"
                    },
                    {
                      "disabled": false,
                      "key": "pageSize",
                      "value": "50"
                    },
                    {
                      "disabled": false,
                      "key": "messageId",
                      "value": "msg_01JVY8Y4N9X2M6S5Q7T1",
                      "description": "Optional filter using the Meridian-assigned message identifier returned when the message was accepted"
                    }
                  ],
                  "variable": [],
                  "raw": "{{baseUrl}}/v1/transactions?pageIndex=1&pageSize=50&messageId=msg_01JVY8Y4N9X2M6S5Q7T1"
                },
                "header": [
                  {
                    "key": "Accept",
                    "value": "application/json"
                  }
                ],
                "method": "GET",
                "auth": {
                  "type": "apikey",
                  "apikey": [
                    {
                      "key": "key",
                      "value": "X-Meridian-Signature"
                    },
                    {
                      "key": "value",
                      "value": "{{apiKey}}"
                    },
                    {
                      "key": "in",
                      "value": "header"
                    }
                  ]
                }
              },
              "response": [],
              "event": [],
              "protocolProfileBehavior": {
                "disableBodyPruning": true
              }
            },
            {
              "name": "Get a payout transaction",
              "request": {
                "name": "Get a payout transaction",
                "description": {
                  "content": "Returns a transaction with its latest processing status by Meridian transaction ID.\n\nAuthentication uses Meridian HMAC headers:\n  - X-Meridian-Api-Key\n  - X-Meridian-Timestamp\n  - X-Meridian-Signature\n",
                  "type": "text/plain"
                },
                "url": {
                  "path": [
                    "v1",
                    "transactions",
                    ":id"
                  ],
                  "host": [
                    "{{baseUrl}}"
                  ],
                  "query": [],
                  "variable": [
                    {
                      "disabled": false,
                      "type": "any",
                      "value": "txn_01JVY8Y4N9X2M6S5Q7T1",
                      "key": "id",
                      "description": "(Required) Meridian internal transaction identifier"
                    }
                  ],
                  "raw": "{{baseUrl}}/v1/transactions/:id"
                },
                "header": [
                  {
                    "key": "Accept",
                    "value": "application/json"
                  }
                ],
                "method": "GET",
                "auth": {
                  "type": "apikey",
                  "apikey": [
                    {
                      "key": "key",
                      "value": "X-Meridian-Signature"
                    },
                    {
                      "key": "value",
                      "value": "{{apiKey}}"
                    },
                    {
                      "key": "in",
                      "value": "header"
                    }
                  ]
                }
              },
              "response": [],
              "event": [],
              "protocolProfileBehavior": {
                "disableBodyPruning": true
              }
            }
          ],
          "event": []
        }
      ],
      "event": [
        {
          "listen": "prerequest",
          "script": {
            "type": "text/javascript",
            "exec": [
              "// Pre-request script: Payout Origination",
              "//",
              "// Mirrors the reference Postman script in",
              "// /products/payout-origination/authentication.mdx",
              "//",
              "// Canonical string: apiKey + timestamp + method + path + body",
              "// (X-Meridian-Program-Id is required on the request but NOT in the canonical string.)",
              "// For Payout Origination POSTs the body is the raw Base64-encoded payload sent on the wire.",
              "",
              "const apiKey    = pm.variables.get(\"meridianApiKey\");",
              "const apiSecret = pm.variables.get(\"meridianApiSecret\");",
              "const programId = pm.variables.get(\"meridianProgramId\");",
              "",
              "if (!apiKey || !apiSecret || !programId) {",
              "    throw new Error(",
              "        \"Missing Meridian credentials. Set collection variables: \" +",
              "        \"meridianApiKey, meridianApiSecret, meridianProgramId.\"",
              "    );",
              "}",
              "",
              "const timestamp = Date.now().toString();",
              "const method    = pm.request.method;",
              "",
              "const url  = pm.request.url;",
              "const qs   = url.getQueryString();",
              "const path = url.getPath() + (qs ? \"?\" + qs : \"\");",
              "",
              "const body = pm.request.body?.raw ?? \"\";",
              "",
              "const canonical = apiKey + timestamp + method + path + body;",
              "const signature = CryptoJS.HmacSHA256(canonical, apiSecret).toString(CryptoJS.enc.Hex);",
              "",
              "const headers = pm.request.headers;",
              "[\"X-Meridian-Api-Key\", \"X-Meridian-Program-Id\",",
              " \"X-Meridian-Timestamp\", \"X-Meridian-Signature\"].forEach((h) => headers.remove(h));",
              "",
              "headers.add({ key: \"X-Meridian-Api-Key\",    value: apiKey });",
              "headers.add({ key: \"X-Meridian-Program-Id\", value: programId });",
              "headers.add({ key: \"X-Meridian-Timestamp\",  value: timestamp });",
              "headers.add({ key: \"X-Meridian-Signature\",  value: signature });",
              "",
              "pm.variables.set(\"meridianTimestamp\", timestamp);",
              "pm.variables.set(\"meridianSignature\", signature);",
              ""
            ]
          }
        }
      ]
    },
    {
      "name": "Retail Virtual Accounts",
      "description": "API endpoints that are secured with JWT for purposes of calling Meridian APIs from a custom user interface\n\nGenerated from `products/retail-va/api-reference/retail-rtd.json`.",
      "item": [
        {
          "name": "Sessions",
          "description": {
            "content": "",
            "type": "text/plain"
          },
          "item": [
            {
              "name": "Create a Virtual Account Session",
              "request": {
                "name": "Create a Virtual Account Session",
                "description": {
                  "content": "Validates customer and wallet payload and, upon successful validation, returns a session key that can be used to start the hosted Meridian onboarding experience.",
                  "type": "text/plain"
                },
                "url": {
                  "path": [
                    "v1",
                    "virtual-accounts",
                    "sessions"
                  ],
                  "host": [
                    "{{baseUrl}}"
                  ],
                  "query": [],
                  "variable": [],
                  "raw": "{{baseUrl}}/v1/virtual-accounts/sessions"
                },
                "header": [
                  {
                    "key": "Content-Type",
                    "value": "application/json"
                  },
                  {
                    "key": "Accept",
                    "value": "application/json"
                  }
                ],
                "method": "POST",
                "auth": null,
                "body": {
                  "mode": "raw",
                  "raw": "{\n  \"customer\": \"<null>\",\n  \"customerId\": \"<string>\",\n  \"receiver\": {\n    \"firstName\": \"<string>\",\n    \"lastName\": \"<string>\",\n    \"phoneNumber\": \"<string>\",\n    \"linkedAccount\": {\n      \"type\": \"<string>\",\n      \"blockchain\": \"<null>\",\n      \"wallet\": \"<null>\",\n      \"bankAccount\": \"<null>\"\n    }\n  },\n  \"redirectUrl\": \"<string>\"\n}",
                  "options": {
                    "raw": {
                      "language": "json"
                    }
                  }
                }
              },
              "response": [],
              "event": [],
              "protocolProfileBehavior": {
                "disableBodyPruning": true
              }
            }
          ],
          "event": []
        }
      ],
      "event": [
        {
          "listen": "prerequest",
          "script": {
            "type": "text/javascript",
            "exec": [
              "// Pre-request script: Retail Virtual Accounts",
              "//",
              "// Mirrors the reference Postman script in",
              "// /products/retail-va/authentication.mdx",
              "//",
              "// Canonical string: apiKey + timestamp + method + path + body",
              "// Retail VA does NOT require X-Meridian-Program-Id.",
              "",
              "const apiKey    = pm.variables.get(\"meridianApiKey\");",
              "const apiSecret = pm.variables.get(\"meridianApiSecret\");",
              "",
              "if (!apiKey || !apiSecret) {",
              "    throw new Error(",
              "        \"Missing Meridian credentials. Set collection variables: \" +",
              "        \"meridianApiKey, meridianApiSecret.\"",
              "    );",
              "}",
              "",
              "const timestamp = Date.now().toString();",
              "const method    = pm.request.method;",
              "",
              "const url  = pm.request.url;",
              "const qs   = url.getQueryString();",
              "const path = url.getPath() + (qs ? \"?\" + qs : \"\");",
              "",
              "const body = pm.request.body?.raw ?? \"\";",
              "",
              "const canonical = apiKey + timestamp + method + path + body;",
              "const signature = CryptoJS.HmacSHA256(canonical, apiSecret).toString(CryptoJS.enc.Hex);",
              "",
              "const headers = pm.request.headers;",
              "[\"X-Meridian-Api-Key\", \"X-Meridian-Timestamp\", \"X-Meridian-Signature\"]",
              "    .forEach((h) => headers.remove(h));",
              "",
              "headers.add({ key: \"X-Meridian-Api-Key\",   value: apiKey });",
              "headers.add({ key: \"X-Meridian-Timestamp\", value: timestamp });",
              "headers.add({ key: \"X-Meridian-Signature\", value: signature });",
              "",
              "pm.variables.set(\"meridianTimestamp\", timestamp);",
              "pm.variables.set(\"meridianSignature\", signature);",
              ""
            ]
          }
        }
      ]
    }
  ],
  "variable": [
    {
      "key": "baseUrl",
      "value": "https://sandbox-api.va.meridianpay.com",
      "type": "string"
    },
    {
      "key": "meridianApiKey",
      "value": "",
      "type": "string"
    },
    {
      "key": "meridianApiSecret",
      "value": "",
      "type": "string"
    },
    {
      "key": "meridianProgramId",
      "value": "",
      "type": "string"
    },
    {
      "key": "meridianUserId",
      "value": "",
      "type": "string"
    },
    {
      "key": "meridianAccessToken",
      "value": "",
      "type": "string"
    },
    {
      "key": "meridianRefreshToken",
      "value": "",
      "type": "string"
    }
  ],
  "event": [
    {
      "listen": "test",
      "script": {
        "type": "text/javascript",
        "exec": [
          "// Collection-level tests",
          "//",
          "// Runs after every request. Keep these conservative — they apply to every endpoint",
          "// and should hold for any successful 2xx call.",
          "",
          "pm.test(\"status is 2xx\", function () {",
          "    pm.expect(pm.response.code).to.be.within(200, 299);",
          "});",
          "",
          "pm.test(\"response time is under 5s\", function () {",
          "    pm.expect(pm.response.responseTime).to.be.below(5000);",
          "});",
          "",
          "// ─── Auto-capture access/refresh tokens ──────────────────────────────────────",
          "// Only the auth/token endpoint returns these fields, so this is a no-op for",
          "// every other request. Stored as collection variables so the Refresh Token",
          "// request (and any other request that needs a bearer token) picks them up",
          "// automatically via `{{meridianAccessToken}}` / `{{meridianRefreshToken}}`.",
          "try {",
          "    const json = pm.response.json();",
          "    if (json && typeof json === \"object\") {",
          "        if (typeof json.access_token === \"string\" && json.access_token.length) {",
          "            pm.collectionVariables.set(\"meridianAccessToken\", json.access_token);",
          "            console.log(\"Saved meridianAccessToken.\");",
          "        }",
          "        if (typeof json.refresh_token === \"string\" && json.refresh_token.length) {",
          "            pm.collectionVariables.set(\"meridianRefreshToken\", json.refresh_token);",
          "            console.log(\"Saved meridianRefreshToken.\");",
          "        }",
          "    }",
          "} catch (_) {",
          "    // Non-JSON response — nothing to capture, that's fine.",
          "}",
          "",
          "// 401 is a common authentication failure — surface a clearer message in the",
          "// Postman test pane so clients aren't left guessing.",
          "if (pm.response.code === 401) {",
          "    pm.test(\"not a 401 (HMAC signature failure)\", function () {",
          "        pm.expect.fail(",
          "            \"Got 401 Unauthorized. Common causes: missing/invalid meridianApiSecret, \" +",
          "            \"clock skew > 60s, or a Program-Id mismatch.\"",
          "        );",
          "    });",
          "}",
          ""
        ]
      }
    }
  ]
}
