5.1. Sending the request
Your POST must be sent to https://sandbox.pagbrasil.com/api/order/get setting the content-type of the request header and body as "x-www-form-urlencoded".
Please note that this URL shall only be used for integration and testing procedures. Once the Payment Service Agreement is signed, you will receive the production environment's URL when you request your account to go live.
Request parameters:
Field | Description | Required | Length |
---|---|---|---|
secret | Secret phrase as defined in the PagBrasil Dashboard | Yes | 128 |
pbtoken | Token assigned to your merchant account. Your token is displayed at the PagBrasil Dashboard, menu Account > Settings. | Yes | 32 |
order | Order number | Yes | 64 |
5.2. Reading the response
PagBrasil's response will be an XML with the following elements:
Field | Description | Lenght |
---|---|---|
order | Order number | 64 |
payment_method | Credit card = C | 1 |
submission_date | Date the order was submitted to PagBrasil. | 10 |
order_status | WP = Payment requested but not processed yet | 2 |
authorization_code | Authorization code provided by the credit card issuer. Only available when order has been authorized. | 9 |
payment_date | Date the payment was completed. | 10 |
product_name | Product name | 254 |
customer_name | Customer's name | 128 |
customer_taxid | CPF if an individual, or CNPJ if the customer is a company | 14 |
customer_email | Customer's e-mail address | 128 |
customer_phone | Customer's phone number | 40 |
address_street | Customer's street address | 200 |
address_zip | Customer's postal code (in Brazil called CEP) | 8 |
address_city | Customer's city | 40 |
address_state | Customer's state (official abbreviation) | 2 |
amount_brl | Amount in Brazilian Real | 5.2 |
amount_paid | Amount paid by the customer in Brazilian Real | 5.2 |
cc_installments | Number of installments (1 to 12) | 2 |
cc_brand | Credit card brand. See note "f" | 1 |
cc_holder | Credit card holder's name | 30 |
cc_number | Credit card number truncated | 14 - 19 |
cc_expiration | Credit card expiration date. | 5 |
soft_descriptor | Text identification that will appear on the customer's credit card statement next to the payee name (PB). See item 4.1, note "i". | 13 |
amount_refunded | Used when order_status equals to RR or RP. Amount requested to be refunded (Brazilian Real). | 5.2 |
refund_date | Used when order_status equals to RP. | 10 |
refund_info | Used when order_status equals to RR or RP and the refund was processed via bank transfer. See item 6.2, note "c". | 128 |
error_code | Used when order_status equals to PF or PR. See table in item 9. | 2 |
signature | HMAC-MD5 hash that authenticates the response. See note "a" | 32 |
Notes:
a) To authenticate the legitimacy of the response, the last element of the XML serves as a signature. It is a HMAC-MD5 hash based on the values of all XML elements and a key defined at the PagBrasil Dashboard, menu Account > Settings. The HMAC-MD5 source string is the concatenation of all the elements that are present in the XML and its total length. The XML examples on the next notes describe how the signature is computed.
b) Example of response for an order that has been authorized:
Code Block |
---|
<?xml version="1.0" encoding="ISO-8859-1"?> <request> <order>1234567890</order> <payment_method>C</payment_method> <submission_date>10/12/2010</submission_date> <order_status>PC</order_status> <authorization_code>493578680</authorization_code> <payment_date>10/12/2010</payment_date> <product_name>Product Test (1 license)</product_name> <customer_name>José da Silva</customer_name> <customer_taxid>91051605962</customer_taxid> <customer_email>josedasilva@myemail.com.br</customer_email> <customer_phone>11 3328.9999</customer_phone> <address_street>Av.Paulista, 100</address_street> <address_zip>01311100</address_zip> <address_city>São Paulo</address_city> <address_state>SP</address_state> <amount_brl>39.50</amount_brl> <amount_paid>39.50</amount_paid> <cc_installments>1</cc_installments> <cc_brand>V</cc_brand> <cc_holder>joao da silva</cc_holder> <cc_number>498412******1234</cc_number> <cc_expiration>12/29</cc_expiration> <soft_descriptor>TEST</soft_descriptor> <signature>42927a09be6b369bce73b7a40aa0a9f2</signature> </request> |
In this example, the hash for the signature was computed using the following string with the key "36d5f7184574caf84f5b48530ac0d690":
Code Block |
---|
1234567890C10/12/2010PC49357868010/12/2010Product Test (1 license)José da Silva91051605962josedasilva@myemail.com.br11 3328.9999Av.Paulista, 10001311100São PauloSP39.5039.501Vjoao da silva498412******123412/29TEST213 |
Please note that the "213" at the end of the string is the length of the concatenated values of the XML elements:
Code Block |
---|
1234567890C10/12/2010PC49357868010/12/2010Product Test (1 license)José da Silva91051605962josedasilva@myemail.com.br11 3328.9999Av.Paulista, 10001311100São PauloSP39.5039.501Vjoao da silva498412******123412/29TEST |
c) Example of response for an order that has been declined by the bank issuer:
Code Block |
---|
<?xml version="1.0" encoding="ISO-8859-1"?> <request> <order>1234567890</order> <payment_method>C</payment_method> <submission_date>10/12/2010</submission_date> <order_status>PF</order_status> <product_name>Product Test (1 license)</product_name> <customer_name>José da Silva</customer_name> <customer_taxid>91051605962</customer_taxid> <customer_email>josedasilva@myemail.com.br</customer_email> <customer_phone>11 3328.9999</customer_phone> <address_street>Av.Paulista, 100</address_street> <address_zip>01311100</address_zip> <address_city>São Paulo</address_city> <address_state>SP</address_state> <amount_brl>39.50</amount_brl> <cc_installments>1</cc_installments> <cc_brand>V</cc_brand> <cc_holder>joao da silva</cc_holder> <cc_number>498412******1234</cc_number> <cc_expiration>12/29</cc_expiration> <error_code>01</error_code> <soft_descriptor>TEST</soft_descriptor> <signature>ade1ed7b05831307a4434022b8b1e704</signature> </request> |
In this example, the hash for the signature was computed using the following string with the key "36d5f7184574caf84f5b48530ac0d690":
Code Block |
---|
1234567890C10/12/2010PFProduct Test (1 license)José da Silva91051605962josedasilva@myemail.com.br11 3328.9999Av.Paulista, 10001311100São PauloSP39.501Vjoao da silva498412******123412/2901TEST191 |
Please note that the "191" at the end of the string is the length of the concatenated values of the XML elements:
Code Block |
---|
1234567890C10/12/2010PFProduct Test (1 license)José da Silva91051605962josedasilva@myemail.com.br11 3328.9999Av.Paulista, 10001311100São PauloSP39.501Vjoao da silva498412******123412/2901TEST |
d) Example of response for an order that has been refunded:
Code Block |
---|
<?xml version="1.0" encoding="ISO-8859-1"?> <request> <order>1234567890</order> <payment_method>C</payment_method> <submission_date>10/12/2010</submission_date> <order_status>RP</order_status> <payment_date>10/12/2010</payment_date> <product_name>Product Test (1 license)</product_name> <customer_name>José da Silva</customer_name> <customer_taxid>91051605962</customer_taxid> <customer_email>josedasilva@myemail.com.br</customer_email> <customer_phone>11 3328.9999</customer_phone> <address_street>Av.Paulista, 100</address_street> <address_zip>01311100</address_zip> <address_city>São Paulo</address_city> <address_state>SP</address_state> <amount_brl>39.50</amount_brl> <amount_paid>39.50</amount_paid> <cc_installments>1</cc_installments> <cc_brand>V</cc_brand> <cc_holder>joao da silva</cc_holder> <cc_number>498412******1234</cc_number> <cc_expiration>12/29</cc_expiration> <amount_refunded>39.50</amount_refunded> <refund_date>10/30/2010</refund_date> <soft_descriptor>TEST</soft_descriptor> <signature>44c0eb7fd06dc698cdf7df2f8beaa2fb</signature> </request> |
In this example, the hash for the signature was computed using the following string with the key "36d5f7184574caf84f5b48530ac0d690":
Code Block |
---|
1234567890C10/12/2010RP10/12/2010Product Test (1 license)José da Silva91051605962josedasilva@myemail.com.br11 3328.9999Av.Paulista, 10001311100São PauloSP39.5039.501Vjoao da silva498412******123412/2939.5010/30/2010TEST219 |
Please note that the "219" at the end of the string is the length of the concatenated values of the XML elements:
Code Block |
---|
1234567890C10/12/2010RP10/12/2010Product Test (1 license)José da Silva91051605962josedasilva@myemail.com.br11 3328.9999Av.Paulista, 10001311100São PauloSP39.5039.501Vjoao da silva498412******123412/2939.5010/30/2010TEST |
e) If the order does not exist, no information will be returned except for the following:
Code Block |
---|
<?xml version="1.0" encoding="ISO-8859-1"?> <request> </request> |
f) Current accepted brands:
Brand | Code | CC Length | CVV Length | Sample |
---|---|---|---|---|
Mastercard | M | 16 | 3 | 5555666677778884 |
Visa | V | 16 | 3 | 4984123412341234 |
Diners | D | 14 | 3 | 30111122223331 |
Amex | A | 15 | 4 | 376411112222331 |
Hipercard | H | 16 | 3 | 6062111122223339 |
Elo | E | 16 | 3 | 6362970000457013 |