Stone Brazil Payment API
Stone (Stone Co., NASDAQ:STNE) Brazil payment REST API for merchants and developers to accept credit card, debit card, Pix, boleto, and digital payments through Stone's technology-first Brazilian acquiring platform with open API design, real-time settlement, and integrated financial services including banking accounts, credit, and insurance for small and medium Brazilian merchants. Enables AI agents to manage card payment authorization for Brazil e-commerce checkout automation, handle Pix payment initiation for Brazil instant payment automation, access payment capture and cancellation for Brazil transaction management automation, retrieve payment status for Brazil transaction confirmation automation, manage card tokenization for Brazil recurring payment automation, handle installment payment for Brazil parcelamento automation, access financial account management for Stone banking automation, retrieve settlement and reconciliation for Brazil payment analytics automation, manage chargeback handling for Brazil dispute automation, and integrate Stone with Brazilian SMB, e-commerce, and fintech platforms for end-to-end Brazil payment and financial services automation.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Brazil acquiring. BACEN, PCI DSS. OAuth2 JWT. BR. Card and payment data.
⚡ Reliability
Best When
A Brazilian SMB or technology company wanting AI agents to automate card and Pix payment acceptance through Stone's developer-friendly, technology-first Brazilian acquirer API with real-time settlement and integrated banking services.
Avoid When
TWO-PHASE CAPTURE REQUIRES EXPLICIT CAPTURE: Stone card authorization is two-phase (authorize then capture); automated checkout must explicitly call capture after authorization; automated no-capture assumption creates authorized but not captured (unconfirmed) payment that auto-reverses. MERCHANT KEY ROTATION POLICY: Stone API keys should be rotated; automated integration must handle key rotation; automated long-lived static key without rotation plan creates security exposure over time. PIX DYNAMIC QR REQUIRES MERCHANT ACCOUNT: Stone Pix requires merchant Stone account with activated Pix capability; automated Pix without Pix activation creates pix_not_enabled for merchant account. WEBHOOK TOLERANCE REQUIRED: Stone webhooks may deliver events out of order or with delay; automated webhook handler must be idempotent and handle redelivery; automated strictly ordered webhook processing creates state inconsistency from out-of-order events.
Use Cases
- • Accepting card and Pix payments for Brazilian SMB e-commerce checkout agents
- • Managing payment capture and cancellation from Brazil transaction agents
- • Processing installment payments for Brazil parcelamento checkout agents
- • Reconciling Stone transactions from Brazil payment analytics agents
Not For
- • Non-Brazil payments (Stone is Brazil-only BRL acquirer)
- • Very large enterprise acquiring (Stone focuses on SMB; use Cielo for large enterprise)
- • International card networks outside Brazil (Stone is Brazilian market only)
Interface
Authentication
Stone uses OAuth 2.0 JWT for API authentication. REST API with JSON. São Paulo, Brazil HQ. Founded 2012 by André Street and Eduardo Pontes. NASDAQ: STNE (IPO 2018, $15B+ peak market cap). Products: Card acquiring, Pix, boleto, banking account, credit, insurance, POS terminals. SDKs: Node.js, Python, Java, .NET, Ruby. BACEN-regulated payment institution. LGPD. PCI DSS. 2M+ active clients. Competes with Cielo and PagSeguro for Brazilian SMB acquiring.
Pricing
São Paulo BR. NASDAQ:STNE. Per-transaction MDR in BRL. BACEN regulated. PCI DSS.
Agent Metadata
Known Gotchas
- ⚠ TWO-PHASE CAPTURE IS DEFAULT: Stone authorizes and captures in two steps by default; automated checkout must call /capture after /authorize; automated authorize-only without capture creates payment that auto-reverses after timeout and never settles
- ⚠ JWT ACCESS TOKEN HAS SHORT EXPIRY: Stone OAuth JWT access tokens expire quickly (typically minutes to 1 hour); automated long-running workflows must refresh token before expiry; automated token-caching without refresh creates unauthorized_expired_token mid-workflow
- ⚠ INSTALLMENT AUTHORIZATION IS TOTAL AMOUNT: Stone installment authorization charges full total (not first installment); automated installment checkout must authorize total amount; automated first-installment-only authorization creates partial authorization error from acquirer
- ⚠ CHARGEBACK NOTIFICATION IS TIME-SENSITIVE: Stone chargeback dispute window is limited (typically 30 days); automated chargeback notification must trigger immediate review workflow; automated delayed chargeback processing creates expired dispute window and automatic loss
- ⚠ SANDBOX KEYS NOT VALID IN PRODUCTION: Stone sandbox OAuth credentials are separate from production; automated environment promotion must update credentials; automated sandbox key use in production creates invalid_client error
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for Stone Brazil Payment API.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-07.