> ## Documentation Index
> Fetch the complete documentation index at: https://docs.piriod.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Create source (publishable)

> Creates a payment source. This endpoint accepts unauthenticated calls
from the browser (publishable flow), so the request is identified by the
gateway/customer/payment context rather than a workspace header.




## OpenAPI

````yaml POST /sources/
openapi: 3.0.3
info:
  title: Piriod API
  version: 1.0.0
  description: >
    Piriod API for billing, payments, procurement and collections.


    All requests require:

    - `Authorization: Token <api_token>` header.

    - `x-simple-workspace: <workspace_id>` header (the account/workspace
    identifier).

    - Optionally `x-piriod-test-mode: true` to operate against test-mode data.


    See the Documentation tab for getting started, integration flows,
    authentication,

    error handling and pagination/filtering guides.
servers:
  - url: https://api.piriod.com
    description: Production
security:
  - TokenAuth: []
paths:
  /sources/:
    post:
      tags:
        - Payments
      summary: Create source (publishable)
      description: |
        Creates a payment source. This endpoint accepts unauthenticated calls
        from the browser (publishable flow), so the request is identified by the
        gateway/customer/payment context rather than a workspace header.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Source'
      responses:
        '201':
          description: Source created.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Source'
        '400':
          $ref: '#/components/responses/ValidationFailed'
components:
  schemas:
    Source:
      type: object
      description: >
        A payment source: either a single-use intent (e.g. one-off bank
        transfer)

        or a reusable tokenization (e.g. saved card).
      properties:
        id:
          type: integer
          readOnly: true
        customer:
          type: string
          nullable: true
          description: Customer ID. Required for reusable sources.
        gateway:
          type: string
          description: Gateway ID (e.g. `transbank`, `stripe`, `ach_transfer`).
        usage:
          type: string
          enum:
            - single
            - reusable
          default: single
        status:
          type: string
          enum:
            - failed
            - pending
            - requires_authorization
            - waiting_authorization
            - consumed
            - chargeable
            - finalized
          readOnly: true
        amount:
          type: number
          nullable: true
        description:
          type: string
          maxLength: 256
          nullable: true
        return_url:
          type: string
          format: uri
          nullable: true
          description: URL the payer is sent to after a redirect-flow tokenization.
        gateway_data:
          type: object
          readOnly: true
          description: Gateway-specific payload (e.g. redirect form fields, token).
        client:
          type: object
          description: Client metadata captured at creation time (IP, user agent, etc.).
        metadata:
          type: object
        card:
          allOf:
            - $ref: '#/components/schemas/SourceCard'
          readOnly: true
        test_mode:
          type: boolean
          readOnly: true
        created:
          type: string
          format: date-time
          readOnly: true
        updated:
          type: string
          format: date-time
          readOnly: true
      required:
        - gateway
    SourceCard:
      type: object
      description: Card details when the source represents a tokenized card.
      properties:
        brand:
          type: string
        last4:
          type: string
          maxLength: 4
        exp_month:
          type: integer
          nullable: true
        exp_year:
          type: integer
          nullable: true
    ValidationError:
      type: object
      additionalProperties:
        type: array
        items:
          type: string
      description: |
        Field-keyed error map. The special key `non_field_errors` carries
        errors that are not bound to a specific field.
      example:
        name:
          - This field is required.
        non_field_errors:
          - x-simple-workspace header is required.
  responses:
    ValidationFailed:
      description: Request body or query parameters failed validation.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ValidationError'
  securitySchemes:
    TokenAuth:
      type: apiKey
      in: header
      name: Authorization
      description: |
        Use header `Authorization: Token <api_token>`.
        API tokens are obtained from the Piriod dashboard.

````