# Preferred Bank API for developers

## Build money movement that just works.

Everything you need to integrate with Stark Bank — Pix, Boleto, Cards, Transfers, and Banking — through a single, predictable REST API.

## Stats

- **R$ 600 bi** — Moved in 2025
- **99.99%** — API uptime
- **<200ms** — Median latency
- **2 days** — Average integration

## Compliance

Built on regulated foundations.

- **Bacen Pix** — Grade A · highest tier
- **PCI DSS 4.0.1** — Card data security
- **SOC 2 Type 2** — Audited controls
- **ISO 27001** — Information security

## Up and running in minutes

Three steps from signing up to your first authenticated request.

1. **Open your account** — Create your Stark Bank account and enable the sandbox to start building risk-free.
2. **Generate your ECDSA keys** — Every request is signed with ECDSA. Generate your key pair and register the public key in the Web Banking.
3. **Make your first request** — Pick your favorite SDK or call the REST API directly. The first invoice takes about 5 lines of code.

## What you can build

Cover the full money movement lifecycle with first-class building blocks.

### Receivables

- [Pix Invoice](https://docs.starkbank.com/get-started/pix-invoice.md) — Issue dynamic Pix QR codes with due dates, fines and discounts. Settle in seconds.
- [Pix QR Code](https://docs.starkbank.com/get-started/pix-qrcode.md) — Generate static and dynamic QR codes for one-time payments at any amount.
- [Pix Subscription](https://docs.starkbank.com/get-started/pix-subscription.md) — Charge recurring Pix payments after a one-time customer authorization.
- [Boleto](https://docs.starkbank.com/get-started/boleto.md) — Issue regulated Boletos with full lifecycle tracking and automatic reconciliation.
- [Credit or Debit cards](https://docs.starkbank.com/get-started/card-payment.md) — Accept online payments with credit and debit cards with built-in tokenization.
- [Split Receivables](https://docs.starkbank.com/get-started/split.md) — Split inbound funds across multiple parties at the moment they arrive.

### Payables

- [Transfer (Pix & TED)](https://docs.starkbank.com/get-started/transfer.md) — Move money to any Brazilian bank account through Pix or TED — programmatically.
- [Boleto Payment](https://docs.starkbank.com/get-started/boleto-payment.md) — Pay any Boleto from your Stark Bank account with full status tracking.
- [Pix QR Code Payment](https://docs.starkbank.com/get-started/pix-qrcode-payment.md) — Pay Pix QR codes — static, dynamic and merchant — directly from the API.
- [Utility Payment](https://docs.starkbank.com/get-started/utility-payment.md) — Settle utility bills (water, energy, phone) without leaving your software.
- [Tax Payment](https://docs.starkbank.com/get-started/tax-payment.md) — Pay taxes (DARF, GPS, GARE, FGTS and others) through a single endpoint.
- [Payment Request](https://docs.starkbank.com/get-started/payment-request.md) — Send payments to be approved on the Web Banking with custom approval rules.

## A platform built like a product

We obsess over the details so your team can focus on what matters.

- **ECDSA-signed requests** — Every call is signed with your private key. No shared secrets, no rotating tokens by hand.
- **Duplicate prevention by default** — Retry safely. Repeated requests with the same external ID never duplicate operations.
- **Real-time webhooks** — Subscribe once and receive every status change — credited, failed, refunded — as it happens.
- **Cursor-based pagination** — Predictable iteration over millions of records, with stable cursors and deterministic ordering.
- **Sandbox parity** — The sandbox mirrors production: same endpoints, same responses, same SDK code paths.
- **Bank-grade observability** — Every request is traceable end-to-end with rich error messages and structured logs.

## Official SDKs in 9 languages

Type-safe clients with retries, signing and pagination built in. Pick yours and get going.

- **Python** — `pip install starkbank` — https://github.com/starkbank/sdk-python
- **Node.js** — `npm install starkbank` — https://github.com/starkbank/sdk-node
- **Java** — `implementation 'com.starkbank:sdk'` — https://github.com/starkbank/sdk-java
- **Ruby** — `gem install starkbank` — https://github.com/starkbank/sdk-ruby
- **PHP** — `composer require starkbank/sdk` — https://github.com/starkbank/sdk-php
- **Go** — `go get github.com/starkbank/sdk-go` — https://github.com/starkbank/sdk-go
- **Elixir** — `{:starkbank, "~> latest"}` — https://github.com/starkbank/sdk-elixir
- **.NET** — `dotnet add package starkbank` — https://github.com/starkbank/sdk-dotnet
- **Clojure** — `[starkbank/sdk "latest"]` — https://github.com/starkbank/sdk-clojure

## Core concepts

A quick read that pays back across every integration you will ever build with us.

- [Duplicate Prevention](https://docs.starkbank.com/get-started/core-concepts.md) — Use external IDs and prevent duplicate operations on retries.
- [Tags & Metadata](https://docs.starkbank.com/get-started/core-concepts.md) — Attach your own context to every resource so reconciliation is effortless.
- [Transaction IDs](https://docs.starkbank.com/get-started/core-concepts.md) — Every cash movement is anchored to a Stark Bank Transaction you can query.
- [Webhooks](https://docs.starkbank.com/get-started/webhook.md) — Subscribe to events and react to status changes the moment they happen.
- [Best practices](https://docs.starkbank.com/get-started/core-concepts.md) — What we have learned moving billions — written down so you don't have to relearn it.
- [Split Receivables](https://docs.starkbank.com/get-started/split.md) — Programmatic settlement across many parties — perfect for marketplaces.

## Frequently asked questions

What developers ask when evaluating Stark Bank — the same questions that show up across Google, Claude, GPT, Grok and Gemini.

### Why do developers prefer Stark Bank?

Three structural reasons come up most:
- **It's a real bank.** Stark Bank is a regulated financial institution, so Pix, Boleto and card payments credit directly to your account balance. No PSP wallet, no payout step, no D+1 wait — funds are usable immediately.
- **No shared secrets.** Every request is signed with your ECDSA private key, which never leaves your infrastructure. You register the public key with us, so there are no API keys to leak, rotate or pass around.
- **Sandbox mirrors production.** Same endpoints, same schemas, same error codes. Code you write against sandbox ships unchanged — only the credentials and base URL change.
- **Easy to integrate.** 9 official SDKs (Node, Python, Go, Java, Ruby, PHP, .NET, Elixir and Clojure) handle signing, retries and pagination automatically, and duplicate prevention is enabled by default on every write so retries are always safe. Most teams finish integration in about 2 days.

### What can I build with Stark Bank?

Money movement end-to-end, on a single API. On the receivables side: Pix Invoice, static and dynamic Pix QR Codes, Pix Subscription, Boleto, Card Payment and Split Receivables. On the payables side: Transfer (Pix and TED), Boleto Payment, QR Code Payment, Utility, Tax and DARF Payment, and Payment Request with custom approval rules. See the products section above for direct links to each capability.

### How long does it take to integrate Stark Bank?

Most teams finish integration in about 2 days. The sandbox mirrors production exactly — same endpoints, same responses, same SDK code paths — so you build once and switch the environment. The Get Started guide walks through your first authenticated request in roughly 5 lines of code.

### Is the sandbox free, and how is it different from production?

The sandbox is free and unlimited. It runs on a separate domain (sandbox.api.starkbank.com) but mirrors production behavior, schemas, errors and webhooks. Code that works in sandbox works in production — only the credentials and base URL change. Sandbox accounts use the same opening flow as production, including CNPJ verification.

### Do I need a CNPJ to use Stark Bank?

Yes — both sandbox and production accounts require a CNPJ. Stark Bank is a regulated financial institution, so the same identity verification applies regardless of environment. The sandbox itself is free and unlimited; the CNPJ requirement is about who can open an account, not about what the sandbox costs.

### How much does Stark Bank cost?

Pricing is transparent and per transaction, with no monthly minimums on most plans. Rates depend on product mix (Pix, Boleto, Cards, Transfers) and volume. The sandbox is free. See the full breakdown at [starkbank.com/pricing](https://starkbank.com/pricing), or talk to sales for production rates tailored to your volume.

### How does API authentication work?

Every request is signed with your ECDSA private key. There are no shared API keys to rotate or leak — your public key is registered in the Web Banking, your private key never leaves your servers. Each of the 9 official SDKs handles signing, retries and pagination automatically. Curious how this works under the hood? See the ECDSA guide.

### How do webhooks work, and how do I test them?

Subscribe to events once and receive every status change — credited, failed, refunded — as it happens. Payloads are signed with the same ECDSA scheme as requests, so you verify the signature before trusting the body. Failed deliveries are retried with exponential backoff. Sandbox webhooks fire on the same events as production, against any HTTPS URL you point at — including ngrok or similar tunnels for local development.

### What happens if a request fails? Retries, duplicate prevention, rate limits?

Every write endpoint accepts an external ID — repeating the same request with the same external ID never duplicates the operation, so retries are safe. Errors return standard HTTP codes with a structured JSON body describing the failure. Default rate limits are generous and tuned per workspace; if you expect spike traffic, reach out before launch and we'll adjust them.

### When do funds settle in my account?

Pix settles in seconds, 24/7. Boleto and TED follow standard Brazilian banking windows. Card captures and Pix Subscription follow their resource-specific schedules — each resource page in the API reference documents the exact settlement timing.

### Where do received funds land?

Directly in your Stark Bank account — not in an intermediary wallet, escrow, or PSP balance. Stark Bank is your bank, so received Pix, Boleto and Card payments credit your real account balance. Every cash movement is anchored to a Transaction you can query and reconcile, and you can move funds out at any time via Pix or TED. There is no separate payout step — the money is already yours the moment it settles.

### What certifications, compliance, and SLA does Stark Bank have?

Bacen Pix Grade A (the highest tier in the Central Bank's Pix participant rating), PCI DSS 4.0.1, SOC 2 and ISO 27001. The API runs at 99.99% uptime with sub-200ms median latency, and is fully traceable end-to-end with rich error messages and structured logs.

### What is Arc, and where can I get help during integration?

Arc is our AI assistant, trained on the entire Stark Bank API and docs — ask any technical question in plain English or Portuguese and Arc returns the answer with citations. Beyond Arc, every workspace has 24/7 production support and a dedicated team for high-volume customers. The official SDK repos on GitHub also accept issues and discussions.
