# Banking infrastructure for builders

## Ship Pix, Cards and Lending faster.

Everything you need to plug into the Brazilian financial system — Pix (direct or indirect), Card Issuing, Credit Notes and KYC — through a single, predictable REST API.

## Stats

- **R$ 600 bi** — Moved in 2025
- **99.99%** — API uptime
- **<200ms** — Median latency
- **2 days** — Average integration

## Compliance

Built on regulated foundations.

- **Bacen Pix** — Direct participant · Grade A
- **PCI DSS 4.0.1** — Card data security
- **SOC 2 Type 2** — Audited controls
- **ISO 27001** — Information security

## Up and running in minutes

Three steps from signing up to your first authenticated request.

1. **Open your workspace** — Create your Stark Infra workspace and enable the sandbox to start building risk-free.
2. **Generate your ECDSA keys** — Every request is signed with ECDSA. Generate your key pair and register the public key in the Web Console.
3. **Make your first request** — Pick your favorite SDK or call the REST API directly. The first Pix Request takes about 5 lines of code.

## What you can build

Cover the full Brazilian financial stack with first-class building blocks.

### AI

- [Articles of Incorporation](https://docs.starkinfra.com/get-started/contract-ai.md) — Read articles of incorporation with AI to identify who can sign on behalf of the company.
- Knowledge Base (coming soon) — Add links to your content and get a knowledge base designed to be read quickly by AI agents.
- Voice (coming soon) — Create male or female voices for AI agents, with text-to-speech and speech-to-text conversion.
- Agent (coming soon) — Create agents that talk to your customers over chat, email, or WhatsApp, using your knowledge base and voice.

### Pix

- [Direct Participant](https://docs.starkinfra.com/get-started/direct-pix.md) — Operate Pix under your own Bacen license with the full SPI and DICT toolkit.
- [Indirect Participant](https://docs.starkinfra.com/get-started/indirect-pix.md) — Launch Pix in your product under Stark Infra's ISPB — no license required.
- [MED](https://docs.starkinfra.com/get-started/med.md) — Dispute, return and report problematic Pix with infractions, chargebacks, fraud markers and disputes.
- [Pix Automático](https://docs.starkinfra.com/get-started/pix-automatico.md) — Offer recurring Pix by authorizing subscriptions and issuing each scheduled charge.

### Cards & Lending

- [Card Issuing](https://docs.starkinfra.com/get-started/card-issuing.md) — Issue branded credit, debit and prepaid cards with full lifecycle and authorization control.
- Card Acquiring (coming soon) — Accept credit and debit card payments from your customers.
- [Credit Note (CCB)](https://docs.starkinfra.com/get-started/lending.md) — Issue legally binding Bank Credit Bills with digital signing and automatic disbursement.
- [Credit Holmes](https://docs.starkinfra.com/get-started/lending.md) — Bureau-backed risk-analysis reports to score borrowers before disbursing credit.

### Identity & Compliance

- [Individual Holmes](https://docs.starkinfra.com/get-started/individual-holmes.md) — Run KYC, fraud, judicial and sanctions checks on a CPF against official bureaus.
- [Business Holmes](https://docs.starkinfra.com/get-started/business-holmes.md) — Run KYB, fraud, judicial and QSA checks on a CNPJ against official bureaus.

## A platform built like a product

We obsess over the details so your team can focus on what matters.

- **ECDSA-signed requests** — Every call is signed with your private key. No shared secrets, no rotating tokens by hand.
- **Duplicate prevention by default** — Retry safely. Repeated requests with the same external ID never duplicate operations.
- **Real-time webhooks** — Subscribe once and receive every status change — credited, failed, refunded — as it happens.
- **Cursor-based pagination** — Predictable iteration over millions of records, with stable cursors and deterministic ordering.
- **Sandbox parity** — The sandbox mirrors production: same endpoints, same responses, same SDK code paths.
- **Bank-grade observability** — Every request is traceable end-to-end with rich error messages and structured logs.

## Official SDKs in 9 languages

Type-safe clients with retries, signing and pagination built in. Pick yours and get going.

- **Python** — `pip install starkinfra` — https://github.com/starkinfra/sdk-python
- **Node.js** — `npm install starkinfra` — https://github.com/starkinfra/sdk-node
- **Java** — `implementation 'com.starkinfra:sdk'` — https://github.com/starkinfra/sdk-java
- **Ruby** — `gem install starkinfra` — https://github.com/starkinfra/sdk-ruby
- **PHP** — `composer require starkinfra/sdk` — https://github.com/starkinfra/sdk-php
- **Go** — `go get github.com/starkinfra/sdk-go` — https://github.com/starkinfra/sdk-go
- **Elixir** — `{:starkinfra, "~> latest"}` — https://github.com/starkinfra/sdk-elixir
- **.NET** — `dotnet add package starkinfra` — https://github.com/starkinfra/sdk-dotnet
- **Clojure** — `[starkinfra/sdk "latest"]` — https://github.com/starkinfra/sdk-clojure

## Core concepts

A quick read that pays off across every integration you'll ever build with us.

- [Duplicate Prevention](https://docs.starkinfra.com/get-started/core-concepts.md#duplicate-prevention) — Use external IDs to prevent duplicate operations on retries.
- [Ledger](https://docs.starkinfra.com/get-started/ledger.md) — Every cash movement is anchored to a transaction you can query and reconcile.
- [Webhooks](https://docs.starkinfra.com/api.md#webhook) — Subscribe to events and react to status changes the moment they happen.
- [Authentication](https://docs.starkinfra.com/how-to-create-ecdsa-keys.md) — ECDSA-signed requests with no shared secrets — the same model trusted by Bitcoin.
- [Pagination](https://docs.starkinfra.com/api.md#pagination) — Stable cursor-based pagination across millions of records.
- [Sandbox parity](https://docs.starkinfra.com/sandbox.md) — The sandbox mirrors production — same endpoints, schemas and webhooks.

## Frequently asked questions

What developers ask when evaluating Stark Infra — the same questions that show up across Google, Claude, GPT, Grok and Gemini.

### Why do developers prefer Stark Infra?

Three structural reasons come up most:
- **It's infrastructure, not a wallet.** Stark Infra is a regulated Pix Direct Participant and card issuer. Funds settle to real accounts in your name, not to a PSP balance you later have to withdraw.
- **No shared secrets.** Every request is signed with your ECDSA private key, which never leaves your infrastructure. You register the public key with us, so there are no API keys to leak, rotate or pass around.
- **Sandbox mirrors production.** Same endpoints, same schemas, same error codes. Code you write against sandbox ships unchanged — only the credentials and base URL change.
- **Easy to integrate.** 9 official SDKs (Node, Python, Go, Java, Ruby, PHP, .NET, Elixir and Clojure) handle signing, retries and pagination automatically, and duplicate prevention is enabled by default on every write so retries are always safe.

### What can I build with Stark Infra?

End-to-end Brazilian financial infrastructure. Pix — operate as a Direct Participant under your own Bacen license, or use our license as an Indirect Participant. Card Issuing — issue branded credit, debit and prepaid cards with full authorization control. Lending — issue legally binding Credit Notes (CCB) with digital signing and automatic disbursement. Identity — validate legal entities (KYB) with bureau-backed document analysis. AI — read articles of incorporation to identify who can sign for a company, with knowledge bases, voices and agents coming soon. See the products section above for direct links to each capability.

### Direct vs Indirect Pix participant — which one do I need?

If you already hold (or are pursuing) authorization with Bacen as a financial institution, run as a **Direct Participant** — you operate Pix under your own ISPB, manage DICT keys, sign infractions, and settle directly. If you don't, run as an **Indirect Participant** under Stark Infra's ISPB — you get the same product surface (sending, receiving, BR codes, Pix Automático) without the regulatory overhead. The same SDK and API work for both; only the workspace configuration changes.

### How long does it take to integrate Stark Infra?

Most teams have a working Pix or Issuing integration in under a week. The sandbox mirrors production exactly — same endpoints, same responses, same SDK code paths — so you build once and switch the environment. The Get Started guide walks through your first authenticated request in roughly 5 lines of code.

### Is the sandbox free, and how is it different from production?

The sandbox is free and unlimited. It runs on a separate domain (sandbox.api.starkinfra.com) but mirrors production behavior, schemas, errors and webhooks. Code that works in sandbox works in production — only the credentials and base URL change. Sandbox workspaces use the same opening flow as production, including CNPJ verification.

### Do I need a CNPJ to use Stark Infra?

Yes — both sandbox and production workspaces require a CNPJ. Stark Infra is a regulated payment institution, so the same identity verification applies regardless of environment. The sandbox itself is free and unlimited; the CNPJ requirement is about who can open a workspace, not about what the sandbox costs.

### How much does Stark Infra cost?

Pricing is transparent and per operation, with no monthly minimums on most plans. Rates depend on product mix (Pix, Issuing, Lending, Identity) and volume. The sandbox is free. See the full breakdown at [starkinfra.com/pricing](https://starkinfra.com/pricing), or talk to sales for production rates tailored to your volume.

### How does API authentication work?

Every request is signed with your ECDSA private key. There are no shared API keys to rotate or leak — your public key is registered in the Web Console, your private key never leaves your servers. Each of the 9 official SDKs handles signing, retries and pagination automatically. Curious how this works under the hood? See the [ECDSA guide](/how-to-create-ecdsa-keys).

### How do webhooks work, and how do I test them?

Subscribe to events once and receive every status change — credited, failed, refunded, settled — as it happens. Payloads are signed with the same ECDSA scheme as requests, so you verify the signature before trusting the body. Failed deliveries are retried with exponential backoff. Sandbox webhooks fire on the same events as production, against any HTTPS URL you choose — including ngrok or similar tunnels for local development.

### What happens if a request fails? Retries, duplicate prevention, rate limits?

Every write endpoint accepts an external ID — repeating the same request with the same external ID never duplicates the operation, so retries are safe. Errors return standard HTTP codes with a structured JSON body describing the failure. Default rate limits are generous and tuned per workspace; if you expect traffic spikes, reach out before launch and we'll adjust them.

### How does Card Issuing handle authorizations?

Every card purchase is authorized in real time. Stark Infra receives the authorization from the network and forwards it to your purchase webhook as a synchronous request. Your endpoint must respond within 2 seconds with accepted or denied; otherwise the purchase is automatically denied. Use spending rules at the product, holder or card level to reduce manual decisions.

### What certifications, compliance, and SLA does Stark Infra have?

Bacen Pix Grade A (the highest tier in the Central Bank's Pix participant rating), PCI DSS 4.0.1, SOC 2 Type 2 and ISO 27001. The API runs at 99.99% uptime with sub-200ms median latency, and is fully traceable end-to-end with rich error messages and structured logs.

### What is Arc, and where can I get help during integration?

Arc is our AI assistant, trained on the entire Stark Infra API and docs — ask any technical question in plain English or Portuguese and Arc returns the answer with citations. Beyond Arc, every workspace has 24/7 production support and a dedicated team for high-volume customers. The official SDK repos on GitHub also accept issues and discussions.
