Xendit

Xendit is Southeast Asia's leading payment infrastructure platform supporting virtual accounts, e-wallets, cards, QR codes, and direct debit across Indonesia, Philippines, Vietnam, Malaysia, and Thailand via REST API.

Evaluated Mar 06, 2026 (0d ago) vcurrent
Homepage ↗ Other payments southeast-asia indonesia philippines vietnam malaysia e-wallets virtual-accounts qr-codes
⚙ Agent Friendliness
57
/ 100
Can an agent use this?
🔒 Security
80
/ 100
Is it safe for agents?
⚡ Reliability
80
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
--
Documentation
82
Error Messages
78
Auth Simplicity
80
Rate Limits
58

🔒 Security

TLS Enforcement
100
Auth Strength
80
Scope Granularity
62
Dep. Hygiene
76
Secret Handling
80

Basic auth with API key as username is functional but non-standard; webhook callbacks should be verified via the x-callback-token header set in dashboard settings.

⚡ Reliability

Uptime/SLA
84
Version Stability
80
Breaking Changes
78
Error Recovery
78
AF Security Reliability

Best When

Building fintech or e-commerce products for the Indonesian or Philippine market that require deep integration with local bank virtual accounts and e-wallets unavailable through global gateways.

Avoid When

Your primary market is outside Southeast Asia or you need a single API key to work across globally diverse payment methods.

Use Cases

  • Create virtual bank accounts in Indonesia (BCA, Mandiri, BNI, BRI) for unique payment reference collection
  • Charge Philippine e-wallets (GCash, Maya, GrabPay) and Indonesian e-wallets (OVO, DANA, LinkAja)
  • Automate disbursements to local bank accounts across SEA markets for payroll or vendor payouts
  • Build QR code payment flows using QRIS (Indonesia) or QR Ph (Philippines) standards
  • Implement recurring billing using tokenized card authorizations stored via the Credit Card Token API

Not For

  • Accepting payments outside Southeast Asia — not designed for global or Western markets
  • Real-time bank transfer settlement — virtual account payments have bank-specific processing delays
  • Merchants unable to complete business registration in a supported SEA country

Interface

REST API
Yes
GraphQL
No
gRPC
No
MCP Server
No
SDK
Yes
Webhooks
Yes

Authentication

Methods: api_key
OAuth: No Scopes: No

HTTP Basic Auth with secret API key as the username and empty password. Public key used for client-side tokenization. Separate keys per environment (development/production) and per country (Indonesia vs Philippines).

Pricing

Model: usage_based
Free tier: No
Requires CC: No

Pricing is market-specific and method-specific. Enterprise volume discounts available. No monthly platform fee.

Agent Metadata

Pagination
cursor
Idempotent
Partial
Retry Guidance
Not documented

Known Gotchas

  • Virtual account expiry is set at creation time and cannot be extended — agents must handle PAYMENT_REQUEST_EXPIRED and recreate the VA
  • Each SEA country requires separate API credentials — a single key does not work across Indonesia and Philippines endpoints
  • E-wallet charges redirect users to the wallet app — not suitable for fully server-side automation without stored authorizations
  • Webhook delivery is not guaranteed ordered; always reconcile by fetching resource state rather than relying solely on event order
  • The external_id uniqueness constraint is account-scoped not environment-scoped — using the same ID in test and production environments will cause conflicts

Alternatives

stripe-api dlocal-api 2c2p-api

Full Evaluation Report

Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for Xendit.

$99
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-06.

5178
Packages Evaluated
26151
Need Evaluation
173
Need Re-evaluation
Community Powered