Cashinout.io API integration services (SBP QR · virtual USD cards · USDT)

Protocol analysis, OpenFinance-style API delivery and production source code for crypto-to-fiat payments, ruble payouts and virtual card issuance.

From $300 · Pay-per-call available

OpenData · OpenFinance · Crypto-fiat bridge · SBP QR · Virtual cards

Turn Cashinout.io accounts, transactions, and virtual cards into a clean, authorized API

Cashinout.io is a Georgian-licensed (EMI Licence No. TFZ/140525/02) crypto-to-fiat payment service that converts USDT, USDC and six other cryptocurrencies into ruble payments via the Russian Fast Payment System (SBP), issues virtual USD cards with Estonian/Hong Kong BINs, and supports instant in-app transfers. We turn those flows into structured, documented endpoints so treasury, accounting, risk, and growth teams can read balances, export transaction history, reconcile virtual-card spend and receive webhooks in real time.

SBP QR payment APIs — QR-code scan → crypto-to-ruble conversion → merchant payout (per-transaction limit 20,000 RUB), plus status callbacks and retry windows.

Virtual USD card issuance — Programmatic card creation with Estonian/HK BINs for ChatGPT, Spotify, Steam, Meta Ads, Google Ads and other international subscriptions.

Crypto statement & balance APIs — USDT (TRC-20 / BEP-20 / ERC-20), USDC and fiat balances, with paginated transaction history export to JSON, CSV and Excel.

Feature modules we build for Cashinout.io

1. Account login & KYC state sync

Mirror Cashinout.io authorization: phone/email login, 2FA session refresh, and KYC status retrieval (unverified / photo-ID / video-ID). One concrete use: automatically gate internal features when a user crosses the verification tier that unlocks SBP top-ups and virtual card issuance.

2. SBP QR payment orchestration

Generate SBP QR payloads, poll transaction status, and receive callbacks when a buyer converts USDT into rubles for an in-store purchase. Concrete use: a point-of-sale reconciliation service that records the 20,000 RUB per-transaction cap and auto-splits larger baskets.

3. Virtual USD card lifecycle API

Issue, freeze, top up and query virtual USD cards programmatically. Concrete use: an agency that issues one card per advertising account on Meta or TikTok Ads and tracks per-card spend against a crypto-funded budget.

4. Transaction history & statement export

Paginated transaction list across crypto deposits, SBP payouts, card authorisations and internal transfers, with filters by date, type and currency. Concrete use: export signed CSV / Excel into 1C, QuickBooks or Xero for month-end accounting.

5. Webhook bus for payments & cards

Single webhook stream for deposit_confirmed, sbp_paid, card_authorised, card_declined, transfer_received, kyc_updated. Concrete use: drive a fraud-rules engine that freezes a card within seconds of a declined CNP attempt in a high-risk country.

6. Merchant Centre & partner payout

Business-account endpoints for payment links, bulk payouts and partner settlements. Concrete use: a SaaS that collects ruble revenue via Cashinout payment links, converts to USDT, and auto-settles to partners’ external wallets on a weekly schedule.

Data available for integration

The table below is derived from the Cashinout.io app flows and its public documentation (academy / FAQ / ForkLog coverage). It maps what data exists, where it lives in the product, at what granularity, and how integration teams typically use it under an OpenFinance lens.

Data type	Source (screen / feature)	Granularity	Typical use
Crypto deposit history	Wallet → Deposit USDT/USDC screen	Per-tx (hash, network, amount, asset, timestamp, AML result)	Treasury reconciliation, AML audit trail, accounting ingestion
SBP QR payment record	Pay → Scan QR flow	Per-tx (qr_id, merchant, RUB amount, crypto leg, status)	Retail reconciliation, VAT & fiscal reporting, dispute handling
Ruble payout / withdrawal	Withdraw → SBP phone transfer	Per-tx (target bank, masked phone, amount, fee, status)	Payroll, contractor payouts, P2P cash-out automation
Virtual USD card ledger	Cards → Card detail screen	Per-authorisation (merchant, MCC, USD amount, decline reason)	Ad-spend attribution, subscription audit, chargeback defense
Internal user-to-user transfer	Send → To Cashinout user	Per-tx (sender, receiver, currency, memo)	Community settlements, referral tracking, marketplace payouts
Account & KYC metadata	Profile → Verification	Per-user (verification tier, limits, residency, license ref)	Access control, risk scoring, regulator-facing evidence
Referral program events	Referrals dashboard	Per-event (referrer, referred, commission %, base)	Partner payouts, growth analytics, affiliate reporting
Fees & FX rates	Exchange → Crypto/fiat rate	Per-quote (pair, rate, timestamp, expiry)	Slippage monitoring, pricing engine, hedging decisions

Typical integration scenarios

Scenario 1 — Ad agency funding international spend with crypto

Context: A Russia-based agency pays for Meta Ads, Google Ads and TikTok Ads in USD while clients settle in rubles or USDT.

Data / APIs: Virtual USD card issuance, card top-up, authorisation webhook, daily card ledger export.

OpenFinance mapping: Treated as consent-based card-account information access — analogous to PSD2 AISP flows where an authorised party reads card transactions on behalf of the cardholder for reporting purposes.

Scenario 2 — E-commerce merchant accepting SBP QR with USDT settlement

Context: A shop needs to accept rubles via SBP QR but settle its float in USDT to an external self-custody wallet.

Data / APIs: SBP QR create, payment status poll, webhook on sbp_paid, auto-convert to USDT, payout endpoint.

OpenFinance mapping: Equivalent to a PIS (Payment Initiation Service) pattern with an added crypto leg — useful for compliance reviews and SBP dispute flows.

Scenario 3 — Crypto-income freelancer unifying statements

Context: A contractor receives USDT income and wants a single annual statement that includes SBP withdrawals, card spend and internal transfers.

Data / APIs: Statement export API, KYC metadata, fee breakdown, multi-currency totals.

OpenFinance mapping: A personal-finance-management (PFM) style aggregation; exportable to bookkeeping tools (1C, QuickBooks, Xero, Notion-based ledgers).

Scenario 4 — Risk & AML monitoring for a fintech

Context: A fintech white-labels Cashinout.io flows to its users and must monitor AML screening results tied to Cashinout’s mandatory incoming-crypto AML checks.

Data / APIs: Deposit history enriched with AML verdict, KYC tier changes, rapid-status webhooks, watchlisted-address reporting.

OpenFinance mapping: Regulatory data-sharing analogous to FATF VASP travel-rule reporting; feed into internal transaction monitoring.

Scenario 5 — Creator platform paying out in rubles on demand

Context: A creator-economy platform collects subscription revenue in stablecoins and pays creators in rubles to their bank cards via SBP on request.

Data / APIs: Internal transfer, SBP withdrawal endpoint, payout batch status, balance pre-check.

OpenFinance mapping: Programmable payouts on top of a licensed EMI — similar to how OpenBanking platforms expose regulated payouts to downstream apps.

Technical implementation & deliverables

Deliverables checklist

OpenAPI 3.1 specification for login, statement, SBP, cards, webhooks
Protocol and auth-flow report (session token, refresh, device-binding)
Runnable reference source in Python (FastAPI) and Node.js (NestJS)
Webhook receiver template with HMAC signature verification
Test plan: happy-path, KYC-gated, limit-exceeded, AML-flagged, webhook replay
Compliance notes: Georgia EMI licence, Russian SBP rules, AML/CFT screening

Example 1 — Authorize a session (pseudocode)

POST /api/v1/cashinout/auth/login
Content-Type: application/json

{
  "phone": "+7XXXXXXXXXX",
  "otp": "123456",
  "device_id": "d41d8cd98f00b204e9800998ecf8427e"
}

200 OK
{
  "access_token": "eyJhbGciOi...",
  "refresh_token": "rt_9f2a...",
  "expires_in": 900,
  "kyc_tier": "video_verified",
  "limits": { "sbp_per_tx_rub": 20000 }
}

Example 2 — Export crypto + SBP statement

GET /api/v1/cashinout/statement?from=2025-01-01&to=2025-03-31&type=all
Authorization: Bearer <ACCESS_TOKEN>

200 OK
{
  "items": [
    { "id": "tx_01", "kind": "crypto_deposit", "asset": "USDT",
      "network": "TRC20", "amount": "250.00", "aml": "clean",
      "at": "2025-01-14T09:11:02Z" },
    { "id": "tx_02", "kind": "sbp_out", "amount_rub": "18900.00",
      "fee_rub": "0.00", "status": "settled",
      "at": "2025-01-14T09:13:40Z" },
    { "id": "tx_03", "kind": "card_auth", "card_id": "vc_77",
      "amount_usd": "19.99", "merchant": "OPENAI *CHATGPT",
      "at": "2025-01-15T20:02:11Z" }
  ],
  "next_cursor": "eyJwYWdlIjoyfQ=="
}

Example 3 — Webhook receiver with HMAC

POST https://your-host/webhooks/cashinout
X-Cashinout-Signature: t=1715000000,v1=3a7b...
Content-Type: application/json

{
  "event": "sbp_paid",
  "id": "evt_9a2f",
  "data": {
    "qr_id": "qr_551",
    "amount_rub": "12500.00",
    "crypto_leg": { "asset": "USDT", "amount": "138.42" },
    "merchant_ref": "order-7781",
    "status": "settled"
  },
  "created": 1715000000
}

// Verify: v1 == HMAC_SHA256(secret, t + '.' + rawBody)

Compliance & privacy

Regulatory context we align to

Georgia EMI framework (Cashinout holds EMI Licence No. TFZ/140525/02) — we follow the operator’s published policies for consent, data retention and custodial wallet treatment.
Russian Federal Law 115-FZ on anti-money laundering and counter-terrorism financing — integrations preserve AML verdict and KYC tier on every transaction record.
Bank of Russia SBP rules — integrations respect the 20,000 RUB per-transaction QR cap and status lifecycle (pending / settled / refunded).
FATF VASP travel rule — crypto-side metadata kept for cross-VASP reporting on USDT (TRC-20 / BEP-20 / ERC-20) and USDC flows.
GDPR-aligned data minimisation — only fields required for the stated business use are persisted by default; PAN and CVV are never stored client-side.

How we operate

We work exclusively under a customer’s explicit authorization or against publicly documented / authorised endpoints. Access uses the account’s own credentials or OAuth-style tokens, never scraped secrets. Log retention, consent records and data-minimisation rules are captured in the delivered compliance memo so the integration can be defended to an auditor or regulator.

For regulated clients we support NDAs, DPIAs, and a review of data residency (Georgia / EU / self-hosted) before any live data touches our systems.

Data flow / architecture

A typical Cashinout.io integration uses four nodes:

Client app / back office → issues consented requests (login, statement, card ops).
Integration gateway (hosted by us or self-hosted) → translates to Cashinout flows, handles session refresh, retries, rate limits, AML flag enrichment.
Storage & normalisation → append-only ledger in PostgreSQL / ClickHouse, normalised to a unified schema (transactions, cards, users, webhooks).
Downstream → BI dashboards, accounting (1C / QuickBooks / Xero), fraud engine, or your own public API.

Webhook events (sbp_paid, card_authorised, deposit_confirmed) flow in parallel to pull endpoints, so both real-time automation and batch reconciliation stay in sync.

Market positioning & user profile

Cashinout.io targets crypto-income users in Russia and the broader CIS who need ordinary, everyday payments — groceries paid by SBP QR, Spotify and ChatGPT subscriptions paid by virtual USD card, and ruble cash-outs to a bank card. The service acts as a regulated bridge between USDT/USDC balances and day-to-day spending, with mobile-first distribution on Android, plus a web dashboard and a Telegram bot for power users. In 2024 it added public SBP QR crypto payments, a move covered by industry outlets like ForkLog and discussed in its own academy and FAQ pages. The current positioning appeals to three segments: freelancers earning in stablecoins, small e-commerce merchants that want SBP acceptance without holding crypto, and B2B partners using the Merchant Centre for payouts and settlements.

Screenshots

Click any thumbnail to open a larger view.

Similar apps & integration landscape

Teams that integrate Cashinout.io often also run wallets, cards, or payout rails from other providers. We list these apps to describe the broader crypto-to-fiat ecosystem, not to rank them. Unified exports across several of these services are a common request.

Cryptomus

Virtual crypto card with direct wallet top-ups and Apple Pay / Google Pay. Users who also hold Cryptomus cards often want one consolidated spend ledger alongside Cashinout’s virtual USD cards.

Bitget Wallet Card

A Visa/Mastercard virtual debit card for spending USDT/USDC globally. Integration teams frequently need combined transaction exports covering Cashinout SBP flows and Bitget card authorisations.

Brighty

A Lithuanian app offering multi-currency IBAN accounts (USD / EUR / GBP) and crypto-to-fiat cards. Relevant for users who hold euro IBANs alongside Cashinout ruble payouts.

PST.NET

Virtual USD/EUR cards funded by crypto, widely used by marketers. Often paired with Cashinout for agencies that want both SBP ruble acceptance and PST ad cards in a single dashboard.

Moon Virtual Cards

Visa prepaid cards purchasable with crypto for online merchants. Users integrating both typically need unified per-subscription spend reporting.

BVNK

Enterprise stablecoin-to-fiat rails with USD / EUR / GBP virtual accounts. A natural counterpart to Cashinout when a business needs EUR or GBP acceptance in addition to ruble SBP.

Oobit

“Just-in-time” payments from self-custody wallets at Visa terminals. For operators, combined views of Oobit and Cashinout help show both custodial and non-custodial crypto spend.

RedotPay

Crypto payment app with global transfers and virtual card issuance. Users moving between RedotPay and Cashinout often want a single place to view balances across both.

KAST

Multi-chain support for USDC/USDT and virtual USD bank accounts. A common companion for stablecoin treasury teams that also settle rubles via Cashinout.

Nexo

Crypto lending and card platform. Aggregation across Nexo card spend and Cashinout SBP payouts is a recurring ask from private banking clients.

Engagement workflow

How a Cashinout.io integration lands

Scope call: which Cashinout flows you need (SBP, cards, statements, webhooks) and which downstream systems (1C, BI, wallet).
Protocol analysis and API design (2–5 business days, complexity-dependent).
Build & internal validation against a sandbox / authorised account (3–8 business days).
Docs, samples and test plan (1–2 business days), including HMAC webhook verification samples.
First delivery typically 5–15 business days; regulatory reviews may extend timelines.

FAQ

What do you need from me?

The target app name (Cashinout.io), the concrete business need (e.g. SBP payouts, virtual card spend export), and any existing Cashinout account, Merchant Centre credentials, or sandbox access.

How long does delivery take?

Usually 5–12 business days for a first drop covering login + statements; richer stacks (cards + webhook bus + partner payouts) take longer.

How do you handle compliance?

Authorised use only, with logging, consent records, HMAC-signed webhooks, and data-minimisation guidance aligned to Russian 115-FZ, Georgian EMI rules, FATF VASP travel-rule expectations, and GDPR principles.

Which engagement models do you offer?

Two: (1) Source code delivery from $300 — you receive runnable API source, OpenAPI docs, and tests, and pay after satisfaction; (2) Pay-per-call — you use our hosted Cashinout.io API endpoints and pay only per call, no upfront fee.

About our studio

We are an independent technical studio focused on mobile-app protocol analysis and OpenData / OpenFinance / OpenBanking API integration. The team ships production endpoints for crypto-fiat gateways, digital wallets, card issuers, and retail fintech apps; members have background in payments, EMI operations, reverse engineering of mobile transport layers and enterprise API gateways.

Fintech, crypto, e-commerce, retail, travel, social and OTT coverage
Android & iOS protocol analysis and authorised API extraction
Python / Node.js / Go SDKs, webhook servers, and test harnesses
Full pipeline: protocol analysis → build → validation → compliance memo
Source code delivery from $300 — runnable code and docs, pay after satisfaction
Pay-per-call API billing — hosted endpoints, no upfront fee, usage-based pricing

Contact

To request a quote or submit your Cashinout.io-related requirement, please use our contact page:

Open the contact page

Share: the target flows (SBP, cards, statements, webhooks), any sandbox / Merchant Centre credentials, and your preferred engagement model (source-code delivery from $300 or pay-per-call).

Original app overview — Cashinout.io (appendix)

Cashinout — Crypto for Everyday Payments. Spend your crypto in real life with Cashinout. Pay via SBP QR, withdraw funds in rubles, issue virtual USD cards for international payments, and transfer money within the service — quickly, simply, and all in one app.

What’s available in Cashinout:

Payments via SBP QR
Withdrawals in rubles
Virtual USD cards
Instant transfers between users
Clear fees, statuses, and transaction history

Who Cashinout is for:

For those who receive income in crypto
For everyday payments and transfers
For paying for international services and subscriptions

Why Cashinout:

One service for key payment scenarios
Fast and intuitive user flows
Transparent terms and control over your transactions
A convenient way to turn crypto into everyday spending

Operator & licence: Cashinout.io is operated under Georgian EMI Licence No. TFZ/140525/02; AML checks are applied to all incoming crypto, and SBP QR payments carry a 20,000 RUB per-transaction cap as described in the operator’s FAQ and academy.

This appendix summarises the original app; the rest of this page focuses on how its data can be exposed through authorised, compliant APIs.