MEXICOP2P

Getting Started

Everything you need to start integrating the MexicoP2P Partner API — API keys, authentication, rate limits, and error handling.

What is the MexicoP2P Partner API?

MexicoP2P provides crypto-to-peso infrastructure for your platform. You make a few REST API calls to create USDC/USDT sell orders, and the MexicoP2P marketplace handles escrow on Starknet, buyer matching, SPEI payment verification, and crypto release — all automatically.

Base URL:

https://mexicop2p.org/api/v1

Get your API key

  1. Sign up for a partner account at mexicop2p.org/partners
  2. Open the Partner Dashboard and navigate to API Keys
  3. Click Generate API Key — copy it immediately (we hash it with bcrypt and can't show it again)
  4. Copy your Webhook Secret from the same page (used to verify webhook signatures)

Key format

PartValueLength
Prefixmp2p_5 chars
SecretRandom hex64 chars
Total69 chars

Example: mp2p_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2

Key management

  • Each partner gets one active key at a time
  • Rotate keys by generating a new one and updating your integration
  • Keys cannot be recovered — generate a new one if lost

Authentication

All requests require your API key in the X-API-Key header:

curl -H "X-API-Key: mp2p_your_api_key_here" \
  https://mexicop2p.org/api/v1/health

Authentication errors

Error CodeHTTPMeaning
MISSING_API_KEY401No X-API-Key header in the request
INVALID_API_KEY401Key doesn't match any active partner
PARTNER_INACTIVE403Partner account is not active
PARTNER_SUSPENDED403Partner KYB status is suspended

IP whitelisting

You can restrict API access to specific IP addresses from the Partner Dashboard. When enabled, requests from non-whitelisted IPs receive a 403 with error code IP_NOT_ALLOWED.

Leave the whitelist empty to allow all IPs.

Webhook signatures

Webhook deliveries include HMAC-SHA256 signatures so you can verify they came from MexicoP2P. See Signature Verification for implementation details.

HeaderDescription
X-Webhook-IdUnique delivery ID
X-Webhook-SignatureHMAC-SHA256 hex signature
X-Webhook-TimestampUnix timestamp (seconds)

Signature is computed over {timestamp}.{JSON payload} using your webhook secret.

Rate limits and tiers

TierRequests/minMonthly usersMonthly volumeRevenue sharePrice
Free501050,000 MXN30% of your fees$0
Growth2005001,000,000 MXN20% of your fees$199/mo
Enterprise1,000UnlimitedCustomCustomCustom

MexicoP2P does not charge fees to end users. You optionally set a feePercent on quotes — that's your revenue. MexicoP2P takes a share of it based on your tier. See Pricing.

Rate limit headers

Every response includes these headers:

HeaderDescription
X-RateLimit-LimitMax requests per minute for your tier
X-RateLimit-RemainingRequests remaining in the current window
X-RateLimit-ResetUnix timestamp when the window resets
Retry-AfterSeconds to wait (only on 429 responses)

When you exceed the limit, you'll receive a 429 response with error code RATE_LIMITED. Use the Retry-After header value before retrying.

Volume and user limits

  • Volume limits are checked on each POST /orders request (daily and monthly). Returns VOLUME_LIMIT_EXCEEDED when exceeded.
  • User limits are checked on POST /users. Returns USER_LIMIT_REACHED when exceeded.

Best practices

  • Cache exchange rates (valid for 5 minutes) instead of fetching per request
  • Use webhooks instead of polling order status
  • Implement exponential backoff when receiving 429 responses

Error codes

All errors follow a consistent format:

{
  "error": "ERROR_CODE",
  "message": "Human-readable error description"
}

Full error code table

CodeHTTPDescription
MISSING_API_KEY401No X-API-Key header in request
INVALID_API_KEY401API key doesn't match any active partner
PARTNER_INACTIVE403Partner account is not active
PARTNER_SUSPENDED403Partner KYB status is suspended
IP_NOT_ALLOWED403Client IP not in partner's whitelist
RATE_LIMITED429Request rate limit exceeded for tier
VALIDATION_ERROR400Missing or invalid request fields
INVALID_CLABE400CLABE failed 18-digit validation with check digit
INVALID_QUOTE404Quote not found or doesn't belong to partner
QUOTE_EXPIRED410Quote TTL (5 minutes) has elapsed
QUOTE_USED409Quote already consumed by an order
QUOTE_USER_MISMATCH400Quote's partnerUserRef doesn't match request
NOT_FOUND404Resource doesn't exist
DUPLICATE_USER409User with this partnerUserRef already exists
USER_LIMIT_REACHED403Partner hit tier's maximum user count
VOLUME_LIMIT_EXCEEDED403Partner exceeded daily or monthly volume limit
KYC_NOT_AVAILABLE400Partner uses PARTNER_MANAGED KYC model
KYC_LIMIT_REACHED403Monthly KYC verification limit exceeded
KYC_SESSION_FAILED502Upstream KYC provider returned an error

HTTP status code summary

StatusMeaning
200Success
201Created (new resource)
400Validation error
401Authentication failed
403Forbidden (inactive, suspended, limit reached, IP blocked)
404Not found
409Conflict (duplicate, already used)
410Gone (expired)
429Rate limited
500Internal server error
502Bad gateway (external service error)
  • How It Works — Architecture, trade flow, glossary, and KYC models
  • Quickstart — Create your first order in 5 steps
  • API Reference — All endpoints with examples
  • Webhooks — Event delivery and signature verification

LLM context

AI coding assistants can use machine-readable API context files to help you integrate:

FileURLDescription
llms.txt/llms.txtConcise API overview for AI context windows
llms-full.txt/llms-full.txtFull documentation as plain text

Add to your project's AI config (e.g., .cursor/rules or CLAUDE.md):

@https://docs.mexicop2p.org/llms.txt

How It Works

Architecture, trade flow, glossary, and KYC models for the MexicoP2P Partner API.

On this page

What is the MexicoP2P Partner API?Get your API keyKey formatKey managementAuthenticationAuthentication errorsIP whitelistingWebhook signaturesRate limits and tiersRate limit headersVolume and user limitsBest practicesError codesFull error code tableHTTP status code summaryQuick linksLLM context