5.1. Sending the request
Your POST must be sent to https://sandbox.pagbrasil.com/api/order/get setting the content-type of the request header and body as "x-www-form-urlencoded".
Please note that this URL shall only be used for integration and testing procedures. Once the Payment Service Agreement is signed, you will receive the production environment's URL when you request your account to go live.
Request parameters:
Field | Description | Required | Length |
---|---|---|---|
secret | Secret phrase as defined in the PagBrasil Dashboard | Yes | 128 |
pbtoken | Token assigned to your merchant account. Your token is displayed at the PagBrasil Dashboard, menu Account > Settings. | Yes | 32 |
order | Order number | Yes | 64 |
5.2. Reading the response
PagBrasil's response will be an XML with the following elements:
Field | Description | Length |
---|---|---|
order | Order number | 64 |
payment_method | X = PagBrasil Pix | 1 |
submission_date | Date the order was submitted to PagBrasil. | 10 |
expiration_date | Last date to pay the PagBrasil Pix. | 10 |
expiration_time | Maximum time within the expiration date the PagBrasil Pix will be allowed to be paid. | 5 |
pix_image | Pix QR Code image link. | 80 |
pix_code | Alternative code for mobile users to complete the payment when they cannot scan the code (QR Code payload data). | 254 |
order_status | WP = Waiting for Payment | 2 |
authorization_code | Authorization code provided by the bank. Only available when order has been authorized. | 32 |
payment_date | Used when order_status equal to PC, RR or RP. | 10 |
product_name | Product name | 254 |
customer_name | Customer's name | 128 |
customer_taxid | CPF if an individual, or CNPJ if the customer is a company | 14 |
customer_email | Customer's e-mail address | 128 |
customer_phone | Customer's phone number | 40 |
address_street | Customer's street address | 200 |
address_zip | Customer's postal code (in Brazil called CEP) | 8 |
address_city | Customer's city | 40 |
address_state | Customer's state (official abbreviation) | 2 |
amount_brl | Amount in Brazilian Real | 7.2 |
amount_paid | Used when order_status equal to PC, RR or RP. Amount paid by the customer in Brazilian Real – may not be the exact amount due, so it must be validated and treated according your policy. | 7.2 |
amount_refunded | Used when order_status equal to RR or RP. Amount requested to be refunded (Brazilian Real). | 7.2 |
refund_date | Used when order_status equal to RP. | 10 |
refund_info | Used when order_status equal to RR or RP. | 128 |
signature | HMAC-MD5 hash that authenticates the response. See note "a" | 32 |
Notes:
a) To authenticate the legitimacy of the response, the last element of the XML serves as a signature. It is a HMAC-MD5 hash based on the values of all XML elements and a key defined at the PagBrasil Dashboard, menu Account > Settings. The HMAC-MD5 source string is the concatenation of all the elements that are present in the XML and its total length. The XML examples on the next notes describe how the signature is computed.
b) Order status "PR" (Payment Rejected) means the order is not registered in the Pix database. It can be either because of a temporary error establishing the connection to the Pix system, or our fraud screening denied the transaction for security reasons – without submitting it to the Pix system.
c) Example of response for an order that has been paid:
<?xml version="1.0" encoding="ISO-8859-1"?> <request> <order>1234567890</order> <payment_method>X</payment_method> <submission_date>10/12/2010</submission_date> <expiration_date>10/12/2010</expiration_date> <expiration_time>23:59</expiration_time> <pix_image>https://pagbrasil.com/x/img?i174bwzjqc</pix_image> <pix_code>9999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999</pix_code> <order_status>PC</order_status> <payment_date>10/15/2010</payment_date> <product_name>Product Test (1 license)</product_name> <customer_name>José da Silva</customer_name> <customer_taxid>91051605962</customer_taxid> <customer_email>josedasilva@myemail.com.br</customer_email> <customer_phone>11 3328.9999</customer_phone> <address_street>Av.Paulista, 100</address_street> <address_zip>01311100</address_zip> <address_city>São Paulo</address_city> <address_state>SP</address_state> <amount_brl>39.50</amount_brl> <amount_paid>39.50</amount_paid> <signature>f04312f1f4ed9adae484af97ac95de8a</signature> </request>
In this example, the hash for the signature was computed using the following string with the key "36d5f7184574caf84f5b48530ac0d690":
1234567890X10/12/201010/12/201023:59https://pagbrasil.com/x/img?i174bwzjqc9999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999PC10/15/2010Product Test (1 license)José da Silva91051605962josedasilva@myemail.com.br11 3328.9999Av.Paulista, 10001311100São PauloSP39.5039.50380
Please note that the "380" at the end of the string is the length of the concatenated values of the XML elements:
1234567890X10/12/201010/12/201023:59https://pagbrasil.com/x/img?i174bwzjqc9999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999PC10/15/2010Product Test (1 license)José da Silva91051605962josedasilva@myemail.com.br11 3328.9999Av.Paulista, 10001311100São PauloSP39.5039.50
c) Example of response for an order that has been refunded:
<?xml version="1.0" encoding="ISO-8859-1"?> <request> <order>1234567890</order> <payment_method>X</payment_method> <submission_date>10/12/2010</submission_date> <expiration_date>10/12/2010</expiration_date> <expiration_time>23:59</expiration_time> <pix_image>https://pagbrasil.com/x/img?i174bwzjqc</pix_image> <pix_code>9999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999</pix_code> <order_status>RP</order_status> <payment_date>10/15/2010</payment_date> <product_name>Product Test (1 license)</product_name> <customer_name>José da Silva</customer_name> <customer_taxid>91051605962</customer_taxid> <customer_email>josedasilva@myemail.com.br</customer_email> <customer_phone>11 3328.9999</customer_phone> <address_street>Av.Paulista, 100</address_street> <address_zip>01311100</address_zip> <address_city>São Paulo</address_city> <address_state>SP</address_state> <amount_brl>39.50</amount_brl> <amount_refunded>39.50</amount_refunded> <refund_date>10/30/2010</refund_date> <refund_info>Banco 001 - Agência 1234 - Conta 12345678-0</refund_info> <signature>47d01185413b303af5f3c5fa0bb7d6cf</signature> </request>
In this example, the hash for the signature was computed using the following string with the key "36d5f7184574caf84f5b48530ac0d690":
1234567890X10/12/201010/12/201023:59https://pagbrasil.com/x/img?i174bwzjqc9999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999RP10/15/2010Product Test (1 license)José da Silva91051605962josedasilva@myemail.com.br11 3328.9999Av.Paulista, 10001311100São PauloSP39.5039.5010/30/2010Banco 001 - Agência 1234 - Conta 12345678-0433
Please note that the "433" at the end of the string is the length of the concatenated values of the XML elements:
1234567890X10/12/201010/12/201023:59https://pagbrasil.com/x/img?i174bwzjqc9999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999RP10/15/2010Product Test (1 license)José da Silva91051605962josedasilva@myemail.com.br11 3328.9999Av.Paulista, 10001311100São PauloSP39.5039.5010/30/2010Banco 001 - Agência 1234 - Conta 12345678-0
d) If the order does not exist, no information will be returned except for the following:
<?xml version="1.0" encoding="ISO-8859-1"?> <request> </request>