Notifications & Security

Types of Notifications

1. Direct Debit Activation (direct_debit_activate)

Triggers: When a direct debit is created without billing_account.

Email Content:

• Personalized greeting
• Invitation to activate the service
• Service details (concept, reference, trade)
• "Activate Direct Debit" button
• Activation link with temporary token (valid 24 hours)
• Information on authorization of charges

https://app.ecartpay.com/direct-debit/activate/507f1f77bcf86cd799439012?_v=eyJhbGc...

2. CLABE validation (direct_debit_validate_clabe)

Triggers: When a direct debit is created with billing_account but it is not active

Email Content:

• Personalized greeting
• CLABE verification request
• "Verify CLABE Account" button
• Validation link with temporary token (valid 24 hours)
• Thank you message

https://app.ecartpay.com/direct-debit/507f1f77bcf86cd799439012?_v=eyJhbGc...

Security & Validations

1. Authorization Scopes

2. Ownership Verification

For every request, the system performs a mandatory check to ensure the resource being accessed belongs to the authenticated merchant account. If a direct_debit_id is provided in the authorization, it must strictly match the ID in the request path.

3. Temporal Tokens

Activation and validation links utilize temporal tokens to minimize exposure:

• Expiration: Tokens automatically expire after 24 hours.
• Scope: Tokens are restricted to specific actions related only to that unique Direct Debit resource.
• One-Time Use: Designed for single-use activation or validation flows.

4. Data Validation

• Reference Integrity: The system maintains a unique index on the 7-digit reference number to prevent duplicate charges.
• Currency Restriction: Only MXN is supported for Direct Debit transactions to comply with local banking standards.
• CLABE Validation: All 18-digit Mexican bank accounts are verified for structure and bank code validity before activation.