> ## Documentation Index
> Fetch the complete documentation index at: https://docs.kiwify.com.br/llms.txt
> Use this file to discover all available pages before exploring further.

# Create Dynamic QR Code

> Creates a dynamic PIX QR code for receiving payments. Supports instant and due date types with optional payer restrictions.



## OpenAPI

````yaml /api-reference/banking/openapi.json post /v1/dynamic-qrcode
openapi: 3.1.0
info:
  title: Digital Account API
  description: Public API for account management, statements, and PIX operations
  license:
    name: ''
  version: 0.1.0
servers:
  - url: https://conta-public-api.kiwify.com
    description: Production environment
security: []
tags:
  - name: Account
    description: Account details, balance, limits, and PIX keys
  - name: Statement
    description: Account statement and transaction history
  - name: Cash out Pix
    description: Send money via PIX transfers
  - name: Cash in Pix
    description: Refund PIX transactions
  - name: Boleto Payments
    description: Pay boletos via API
  - name: PIX QR Codes
    description: PIX QR code generation for receiving payments
  - name: Webhooks
    description: >-
      Manage webhook subscriptions to receive real-time event notifications from
      the API.
paths:
  /v1/dynamic-qrcode:
    post:
      tags:
        - PIX QR Codes
      summary: Create Dynamic QR Code
      description: >-
        Creates a dynamic PIX QR code for receiving payments. Supports instant
        and due date types with optional payer restrictions.
      operationId: create_dynamic_brcode
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CreateDynamicBrcodeRequest'
        required: true
      responses:
        '201':
          description: Dynamic QR code created successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CreateDynamicBrcodeResponse'
        '400':
          description: >-
            Invalid request: malformed JSON, invalid enum values (e.g., 'CPF'
            instead of 'cpf'), missing required fields, or validation errors.
            Error codes: INVALID_JSON_BODY, MALFORMED_JSON, INVALID_REQUEST,
            VALIDATION_ERROR
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '401':
          description: Authentication failed
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '403':
          description: Access denied - missing ManageQRCode permission
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '404':
          description: 'PIX key not found. Error code: PIX_KEY_NOT_FOUND'
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '409':
          description: >-
            Conflict: duplicate transaction_id or external_reference_id already
            exists for this account. Error codes: DUPLICATE_TRANSACTION_ID,
            DUPLICATE_EXTERNAL_REFERENCE_ID
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '500':
          description: Internal server error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
      security:
        - AccessId: []
          PoPChallenge: []
          PoPFormat: []
          PoPSignature: []
components:
  schemas:
    CreateDynamicBrcodeRequest:
      type: object
      required:
        - type
        - amount_in_cents
      properties:
        accept_change_value:
          type:
            - boolean
            - 'null'
          description: >-
            Allows payer to change the QR code value when scanning. Defaults to
            false.
          example: false
        allowed_tax_ids:
          type:
            - array
            - 'null'
          items:
            type: string
          description: >-
            Optional allowlist of CPF/CNPJ (with or without formatting) that
            restricts which payers can use this QR code.

            Leave this null/omitted unless you specifically need to restrict who
            can pay. Do not set it from the buyer's

            document: a Pix payment may legitimately come from another account
            (for example, a family member) and would

            then be rejected. When provided, only payers whose document matches
            one of the listed values are accepted.

            When omitted or null, payments from any document are accepted.
          example:
            - 012.345.678-90
            - 45.059.493/0001-73
        amount_in_cents:
          type: integer
          format: int64
          description: Amount in cents (must be greater than 0)
          example: 4000
        due_date:
          type:
            - string
            - 'null'
          format: date
          description: Due date in `YYYY-MM-DD` format. Required for DUE_DATE type.
          example: '2026-06-01'
        expiration:
          type:
            - integer
            - 'null'
          format: int32
          description: >-
            Expiration time in seconds for INSTANT type. Defaults to 86400 (24
            hours).
          example: 86400
          minimum: 0
        external_reference_id:
          type:
            - string
            - 'null'
          description: >-
            External unique identifier for client's own tracking. **Must be
            unique per account if provided.**
          example: external-ref-123
        payer_data:
          oneOf:
            - type: 'null'
            - $ref: '#/components/schemas/PayerData'
              description: >-
                Payer information. Optional for INSTANT type, required for
                DUE_DATE type.
        type:
          $ref: '#/components/schemas/QRCodeType'
          description: 'QR Code type: INSTANT or DUE_DATE'
    CreateDynamicBrcodeResponse:
      type: object
      required:
        - id
        - copy_paste
        - picture_code_base64
      properties:
        copy_paste:
          type: string
          description: PIX copy-paste code (BR Code)
          example: 00020126...
        external_reference_id:
          type:
            - string
            - 'null'
          description: External reference ID provided by the client (if any)
          example: order-12345
        id:
          type: string
          format: uuid
          description: Unique QR Code identifier
        picture_code_base64:
          type: string
          description: QR Code image in base64 format
    ErrorResponse:
      type: object
      required:
        - error
        - timestamp
      properties:
        error:
          $ref: '#/components/schemas/ErrorDetails'
          description: Error payload.
        timestamp:
          type: string
          format: date-time
          description: ISO 8601 / RFC 3339 UTC timestamp of when the error occurred.
          example: '2026-05-28T14:30:00Z'
    PayerData:
      type: object
      required:
        - name
        - document_number
        - document_type
      properties:
        document_number:
          type: string
          description: Payer CPF or CNPJ (with or without formatting)
          example: 012.345.678-90
        document_type:
          $ref: '#/components/schemas/DocumentType'
          description: Payer document type. "cpf"/"CPF" or "cnpj"/"CNPJ"
        name:
          type: string
          description: Payer full name
          example: João Silva
    QRCodeType:
      type: string
      enum:
        - INSTANT
        - DUE_DATE
    ErrorDetails:
      type: object
      required:
        - code
        - message
      properties:
        code:
          type: string
          description: >-
            Machine-readable error code. Use this for branching logic, not
            `message`.
          example: INVALID_REQUEST
        details:
          type: object
          description: >-
            Optional structured details. For `INVALID_REQUEST`, may be an array
            of field validation errors or a `validation_failed` object depending
            on the endpoint.
        message:
          type: string
          description: >-
            Human-readable error description. Do not rely on this text for
            programmatic handling.
    DocumentType:
      type: string
      enum:
        - cpf
        - cnpj
  securitySchemes:
    AccessId:
      type: apiKey
      in: header
      name: x-access-id
      description: UUID of the service account (e.g., 550e8400-e29b-41d4-a716-446655440000)
    PoPChallenge:
      type: apiKey
      in: header
      name: X-PoP-Challenge
      description: >-
        Unix timestamp in milliseconds (e.g., 1704636800000). Must be within 5
        minutes of server time.
    PoPFormat:
      type: apiKey
      in: header
      name: X-PoP-Format
      description: Must be 'service-account' for service account authentication
    PoPSignature:
      type: apiKey
      in: header
      name: X-PoP-Signature
      description: >-
        EdDSA signature of the request in base64 format. Signs:
        uri:method:body:timestamp

````