> ## Documentation Index
> Fetch the complete documentation index at: https://docs-alpha.pepay.io/llms.txt
> Use this file to discover all available pages before exploring further.

# List supported tokens with pagination and filters

> Returns a paginated list of supported tokens plus each token's blocked status
for the authenticated merchant. This endpoint is optimized for large token lists.

Notes:
- `blocked=true|false` only applies when the acceptance policy is **selective**.
  For `accept_all`, `blocked=true` returns an empty list.
  For `accept_none`, `blocked=false` returns an empty list.




## OpenAPI

````yaml /api-reference/openapi.json get /api/v1/merchant/tokens/search
openapi: 3.0.0
info:
  title: Pepay API (SDK-scoped)
  version: 1.0.0
  description: API documentation for Pepay API
servers:
  - url: https://api-beta.pepay.io
    description: Beta server
  - url: http://localhost:3000
    description: Local development
security:
  - bearerAuth: []
tags:
  - name: Events
    description: Events API (history + debugging) for canonical notification envelopes.
  - name: Metrics
    description: Internal Prometheus metrics (restricted).
  - name: WebSockets
    description: WebSocket streams (upgrade endpoints) and message schemas.
  - name: Commerce - Devnet Simulator
    description: >
      Deterministic devnet-only endpoints for simulating Commerce V2 order state
      transitions.


      Use this when integrating as a merchant on devnet to test your backend/UI
      against realistic order lifecycle changes

      (payment confirmation, settlement gating, placement, tracking,
      cancellation, refunds) without placing real retailer

      orders or sending real on-chain refunds.


      How it works:

      - Requires a devnet `X-Commerce-Api-Key` (merchant-scoped).

      - Only operates on orders created in `networkEnvironment=devnet`.

      - Updates the order using the same reducer/persistence paths used in
      mainnet (provider snapshots are simulated).

      - After each simulation, Pepay emits the normal `commerce.order.updated`
      merchant webhook event.
  - name: Merchant Checkout
    description: >
      Merchant-scoped **three-step** checkout flow:

      1) `POST /api/commerce/merchant/checkout/estimate` — validate items
      against current eligible offers and return `validItems[]` +
      `invalidItems[]`.

      2) `POST /api/commerce/merchant/checkout/address` — attach and validate a
      shipping address for the estimate.

      3) `POST /api/commerce/merchant/checkout/invoice` — create the final
      invoice + commerce order.


      Cart behavior (when `useCart: true`):

      - The estimate call **reads** the saved cart but does **not** remove or
      modify cart items.

      - Items with no eligible offers are returned in `invalidItems[]`.

      - To remove items from the saved cart, call the Merchant Cart APIs (`PUT
      /api/commerce/merchant/carts/items/:itemId` with `quantity: 0`, or `DELETE
      /api/commerce/merchant/carts/items/:itemId`).

      - To exclude items for *this checkout attempt* without mutating the cart,
      use `itemOverrides[]` with `quantity: 0`.
  - name: Payment Sessions
    description: >
      Payor-facing APIs used by the hosted payment page and other embedded
      checkout clients.


      Canonical base path:

      - All documented endpoints are under `/api/v1/payments/*`.


      Authentication:

      - These endpoints do **not** accept merchant API keys or bearer JWTs.

      - Send `x-session-token` and `x-signature` headers on every request (both
      are returned when creating an invoice).


      Typical flow:

      1) Create an invoice (`POST /api/v1/invoices`) → receive `payment_url`,
      `session_token`, `signature`.

      2) Render/open the `payment_url` for the payor.

      3) Fetch invoice context (`GET /api/v1/payments/session-details`).

      4) List supported tokens (`GET /api/v1/payments/available-tokens`).

      5) Allocate a payment address (`POST /api/v1/payments/payment-addresses`)
      → use `ws_connection` for `/ws/payment`.

      6) Track progress via polling (`GET /api/v1/payments/payment-status`)
      and/or websocket (`/ws/payment`).


      Security notes:

      - Treat `session_token` and `signature` as sensitive values (anyone with
      them can read the invoice/payment status).

      - Do not store them in long-lived browser storage; prefer in-memory usage
      on the payment page.
  - name: Quotes
    description: Token settlement quotes and rate calculations
  - name: Webhooks
    description: >
      Webhook endpoint management and delivery history for canonical
      notifications.


      Delivery model:

      - At-least-once delivery; receivers must dedupe by `event.id` (also sent
      as `X-Pepay-Event-ID`).

      - Payloads are canonical `PepayEvent` objects and match websocket
      `event_v1` frames for the same event type.


      Security:

      - Endpoints must be HTTPS.

      - Deliveries are signed using `HMAC_SHA256("${timestamp_ms}.${raw_body}")`
      and sent in `X-Pepay-Signature`.
paths:
  /api/v1/merchant/tokens/search:
    get:
      tags:
        - Token Management
      summary: List supported tokens with pagination and filters
      description: >
        Returns a paginated list of supported tokens plus each token's blocked
        status

        for the authenticated merchant. This endpoint is optimized for large
        token lists.


        Notes:

        - `blocked=true|false` only applies when the acceptance policy is
        **selective**.
          For `accept_all`, `blocked=true` returns an empty list.
          For `accept_none`, `blocked=false` returns an empty list.
      parameters:
        - in: query
          name: environment
          schema:
            type: string
            enum:
              - mainnet
              - devnet
          description: Filter tokens by environment (defaults to the merchant environment).
        - in: query
          name: limit
          schema:
            type: integer
            minimum: 1
            maximum: 200
            default: 50
          description: Max number of tokens to return.
        - in: query
          name: offset
          schema:
            type: integer
            minimum: 0
            default: 0
          description: Offset for pagination.
        - in: query
          name: search
          schema:
            type: string
          description: Search by token symbol, name, or address (case-insensitive).
        - in: query
          name: network
          schema:
            type: string
            enum:
              - ethereum
              - base
              - solana
              - avalanche
              - ton
              - bsc
              - arbitrum
              - optimism
              - cardano
              - sui
          description: Filter by network.
        - in: query
          name: token_type
          schema:
            type: string
            enum:
              - native
              - erc20
              - spl
              - sui
              - ton
          description: Filter by token type.
        - in: query
          name: is_active
          schema:
            type: boolean
          description: Filter by active status.
        - in: query
          name: supports_stable_settlement
          schema:
            type: boolean
          description: Filter by stable settlement capability.
        - in: query
          name: blocked
          schema:
            type: boolean
          description: Filter by blocked status (selective policy only).
      responses:
        '200':
          description: Paginated token list
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Getapiv1merchanttokenssearchResponse200'
        '400':
          description: Invalid request parameters
        '401':
          description: Authentication required
        '500':
          description: Server error
      security:
        - bearerAuth: []
        - ApiKeyAuth: []
components:
  schemas:
    Getapiv1merchanttokenssearchResponse200:
      type: object
      properties:
        acceptance_policy:
          type: string
          enum:
            - accept_all
            - accept_none
            - selective
        environment:
          type: string
          enum:
            - mainnet
            - devnet
        total:
          type: integer
        limit:
          type: integer
        offset:
          type: integer
        tokens:
          type: array
          items:
            type: object
            properties:
              id:
                type: integer
              token_symbol:
                type: string
              token_name:
                type: string
              token_address:
                type: string
                nullable: true
              token_decimals:
                type: integer
              network:
                type: string
              network_environment:
                type: string
              token_type:
                type: string
              requires_memo:
                type: boolean
              photo_uri:
                type: string
                nullable: true
                description: Token logo URI when available.
              supports_stable_settlement:
                type: boolean
              is_active:
                type: boolean
              is_monitored:
                type: boolean
              is_blocked:
                type: boolean
              price:
                type: object
                nullable: true
                properties:
                  usd:
                    type: number
                  last_updated_at:
                    type: integer
                  provider_type:
                    type: string
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: JWT token for wallet authentication
    ApiKeyAuth:
      type: apiKey
      in: header
      name: x-api-key
      description: API key for authentication

````