Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

5.1. Sending the request

Your POST must be sent to https://sandbox.pagbrasil.com/api/order/get setting the content-type of the request header and body as "x-www-form-urlencoded".

Please note that this URL shall only be used for integration and testing procedures. Once the Payment Service Agreement is signed, you will receive the production environment's URL when you request your account to go live.

Request parameters:

Field

Description

Required

Length

secret

Secret phrase as defined in the PagBrasil Dashboard

Yes

128

pbtoken

Token assigned to your merchant account. Your token is displayed at the PagBrasil Dashboard, menu Account > Settings.

Yes

32

order

Order number

Yes

64

5.2. Reading the response

PagBrasil's response will be an XML with the following elements:

Field

Description

Length

order

Order number

64

payment_method

X = PagBrasil Pix

1

submission_date

Date the order was submitted to PagBrasil.
Format: MM/DD/YYYY.

10

expiration_date

Last date to pay the PagBrasil Pix.
Format: MM/DD/YYYY.

10

expiration_time

Maximum time within the expiration date the PagBrasil Pix will be allowed to be paid.
Format: HH:MM.

5

pix_image

Pix QR Code image link.

80

pix_code

Alternative code for mobile users to complete the payment when they cannot scan the code.

254

order_status

WP = Waiting for Payment
PC = Payment Completed
PR = Payment Rejected. See note "b"   
RR = Refund Requested
RP = Refund Processed
CB = Chargeback

2

payment_date

Used when order_status equals to PC, RR or RP.
Format: MM/DD/YYYY.

10

product_name

Product name

254

customer_name

Customer's name

128

customer_taxid

CPF if an individual, or CNPJ if the customer is a company

14

customer_email

Customer's e-mail address

128

customer_phone

Customer's phone number

40

address_street

Customer's street address

200

address_zip

Customer's postal code (in Brazil called CEP)

8

address_city

Customer's city

40

address_state

Customer's state (official abbreviation)

2

amount_brl

Amount in Brazilian Real

5.2

amount_paid

Used when order_status equals to PC, RR or RP. Amount paid by the customer in Brazilian Real – may not be the exact amount due, so it must be validated and treated according your policy.

5.2

amount_refunded

Used when order_status equals to RR or RP. Amount requested to be refunded (Brazilian Real).

5.2

refund_date

Used when order_status equals to RP.
Date the refund requested was completed.
Format: MM/DD/YYYY.

10

refund_info

Used when order_status equals to RR or RP.
See item 6.1, note "b".

128

signature

HMAC-MD5 hash that authenticates the response. See note "a"   

32

Notes:

a) To authenticate the legitimacy of the response, the last element of the XML serves as a signature. It is a HMAC-MD5 hash based on the values of all XML elements and a key defined at the PagBrasil Dashboard, menu Account > Settings. The HMAC-MD5 source string is the concatenation of all the elements that are present in the XML and its total length. The XML examples on the next notes describe how the signature is computed.


b) Order status "PR" (Payment Rejected) means the order is not registered in the Pix database. It can be either because of a temporary error establishing the connection to the Pix system, or our fraud screening denied the transaction for security reasons – without submitting it to the Pix system.


c) Example of response for an order that has been paid:

<?xml version="1.0" encoding="ISO-8859-1"?>
<request>
<order>1234567890</order>
<payment_method>X</payment_method>
<submission_date>10/12/2010</submission_date>
<expiration_date>10/12/2010</expiration_date>
<expiration_time>23:59</expiration_time>
<pix_image>https://pagbrasil.com/x/img?i174bwzjqc</pix_image>
<pix_code>9999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999</pix_code>
<order_status>PC</order_status>
<payment_date>10/15/2010</payment_date>
<product_name>Product Test (1 license)</product_name>
<customer_name>José da Silva</customer_name>
<customer_taxid>91051605962</customer_taxid>
<customer_email>josedasilva@myemail.com.br</customer_email>
<customer_phone>11 3328.9999</customer_phone>
<address_street>Av.Paulista, 100</address_street>
<address_zip>01311100</address_zip>
<address_city>São Paulo</address_city>
<address_state>SP</address_state>
<amount_brl>39.50</amount_brl>
<amount_paid>39.50</amount_paid>
<signature>f04312f1f4ed9adae484af97ac95de8a</signature>
</request>

In this example, the hash for the signature was computed using the following string with the key "36d5f7184574caf84f5b48530ac0d690":

1234567890X10/12/201010/12/201023:59https://pagbrasil.com/x/img?i174bwzjqc9999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999PC10/15/2010Product Test (1 license)José da Silva91051605962josedasilva@myemail.com.br11 3328.9999Av.Paulista, 10001311100São PauloSP39.5039.50380

Please note that the "380" at the end of the string is the length of the concatenated values of the XML elements:

1234567890X10/12/201010/12/201023:59https://pagbrasil.com/x/img?i174bwzjqc9999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999PC10/15/2010Product Test (1 license)José da Silva91051605962josedasilva@myemail.com.br11 3328.9999Av.Paulista, 10001311100São PauloSP39.5039.50

c) Example of response for an order that has been refunded:

<?xml version="1.0" encoding="ISO-8859-1"?>
<request>
<order>1234567890</order>
<payment_method>X</payment_method>
<submission_date>10/12/2010</submission_date>
<expiration_date>10/12/2010</expiration_date>
<expiration_time>23:59</expiration_time>
<pix_image>https://pagbrasil.com/x/img?i174bwzjqc</pix_image>
<pix_code>9999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999</pix_code>
<order_status>RP</order_status>
<payment_date>10/15/2010</payment_date>
<product_name>Product Test (1 license)</product_name>
<customer_name>José da Silva</customer_name>
<customer_taxid>91051605962</customer_taxid>
<customer_email>josedasilva@myemail.com.br</customer_email>
<customer_phone>11 3328.9999</customer_phone>
<address_street>Av.Paulista, 100</address_street>
<address_zip>01311100</address_zip>
<address_city>São Paulo</address_city>
<address_state>SP</address_state>
<amount_brl>39.50</amount_brl>
<amount_refunded>39.50</amount_refunded>
<refund_date>10/30/2010</refund_date>
<refund_info>Banco 001 - Agência 1234 - Conta 12345678-0</refund_info>
<signature>47d01185413b303af5f3c5fa0bb7d6cf</signature>
</request>

In this example, the hash for the signature was computed using the following string with the key "36d5f7184574caf84f5b48530ac0d690":

1234567890X10/12/201010/12/201023:59https://pagbrasil.com/x/img?i174bwzjqc9999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999RP10/15/2010Product Test (1 license)José da Silva91051605962josedasilva@myemail.com.br11 3328.9999Av.Paulista, 10001311100São PauloSP39.5039.5010/30/2010Banco 001 - Agência 1234 - Conta 12345678-0433

Please note that the "433" at the end of the string is the length of the concatenated values of the XML elements:

1234567890X10/12/201010/12/201023:59https://pagbrasil.com/x/img?i174bwzjqc9999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999RP10/15/2010Product Test (1 license)José da Silva91051605962josedasilva@myemail.com.br11 3328.9999Av.Paulista, 10001311100São PauloSP39.5039.5010/30/2010Banco 001 - Agência 1234 - Conta 12345678-0

d) If the order does not exist, no information will be returned except for the following:

<?xml version="1.0" encoding="ISO-8859-1"?>
<request>
</request>
  • No labels