6.1. Sending the request
Your POST must be sent to https://sandbox.pagbrasil.com/api/pix/rec/add setting the content-type of the request header and body as "x-www-form-urlencoded".
Please note that this URL shall only be used for integration and testing procedures. Once the Payment Service Agreement is signed, you will receive the production environment's URL when you request your account to go live.
Request parameters:
Field | Description | Required | Length |
|---|---|---|---|
secret | Secret phrase as defined in the PagBrasil Dashboard | Yes | 128 |
pbtoken | Token assigned to your merchant account. Your token is displayed at the PagBrasil Dashboard, menu Account > Settings. | Yes | 32 |
payer_name | Customer's full name if an individual, or "razão social" if the customer is a company. See note "e" | Yes | 128 |
payer_taxid | CPF if an individual, or CNPJ if the customer is a company. See note "f" | Yes | 14 |
pix_rec_description | Text that uniquely identifies the subscription within the customer's banking app. | No | 19 |
pix_rec_cycle | Define the recurrence cycle as one the following values: “weekly”, “monthly”, “quarterly”, “semiannual”, “annually”. | Yes | 10 |
pix_rec_expiration | Recurrence end date. | No | 10 |
pix_rec_first_recurrence | Estimated date of the first future recurring charge. | Yes | 10 |
pix_rec_minimum_amount | Minimum amount for recurring charges. This prevents the customer from setting a lower payment limit, but it may also make the customer hesitant to give their consent. Therefore, it should be used cautiously and aligned with the subscription the customer is signing up for. | No | 7.2 |
pix_rec_retry | Set “1” to indicate it’s a recurring charge retry. See note “g” | No | 1 |
param_url | A string that can be concatenated to the URL our server posts the response to. See note "g" | No | 254 |
Notes:
a) All fields are required except when noted otherwise.
b) If a parameter is sent with a size greater than the maximum allowed, process will not be aborted but the value will be truncated.
c) The response will be an XML with the recurrence details, in exactly the same format as a "/api/pix/rec/get" response (see item 8.2).
d) The parameter product_name must contain the name of the product or service purchased, and it is required for compliance purposes.
e) You need to let the customer selects if they are a "pessoa física" (individual) or a "pessoa jurídica" (company). If they select "pessoa física", you need to ask for their full name and CPF (see note "h"). If they select "pessoa jurídica", you need to ask for the "razão social" (official company name registered at the local tax authority) and CNPJ (see note "h").
f) There are two types of tax IDs in Brazil: CPF (used by individuals) and CNPJ (used by companies). You must validate the tax ID to prevent sending to PagBrasil invalid values. Please find below the format for each type of tax ID.
CPF: 11 digits, with no separator. Customers use to write CPFs with separators (example: 123.123.123-12), but you must allow to enter only digits from 0 to 9 (example: 12312312312).
CNPJ: 14 digits, with no separator. Companies use to write CNPJs with separators (example: 12.345.678/0001-23, but you must allow to enter only digits from 0 to 9 (example: 12345678000123).
Example of javascript to prevent other characters than digits:
onKeyPress='if (window.event.keyCode<48 || window.event.keyCode>57) event.returnValue = false;'
The last 2 digits of the CPF/CNPJ are check digits, and you will need to use them to validate the tax ID entered by the customer. You will find examples of CPF/CNPJ validation routines in different languages at the PagBrasil Dashboard, menu Resources. For testing purposes, please use CPF 91051605962 and CNPJ 78797547000157.
g) The URL our server posts the response to for an "/api/pix/rec/add" call consists of a fixed and a dynamic part. The first part is defined at the PagBrasil Dashboard, menu Account > Settings. The second part is defined using param_url (optional). For example, if you define at the PagBrasil Dashboard the URL as "https://www.test.com/script.asp" and param_url as "?customer_id=12345&newsletter=yes" we will post the authorization response to: "https://www.test.com/script.asp?customer_id=12345&newsletter=yes"
6.2. Receiving the webhook with the authorization response
You need to login to the PagBrasil Dashboard and specify the URL (webhook) you want PagBrasil to send the notification confirming the recurring was authorized. By default we only allow outgoing connections to HTTPS URLs at standard port 443. If you plan to use a different port number in the IPN's URL please contact us requesting an exception.
PagBrasil's POST:
Field | Description | Length |
|---|---|---|
secret | Secret phrase as defined in the PagBrasil Dashboard | 128 |
payment_method | X = PagBrasil Pix | 1 |
pix_rec_id | Recurrence identifier to be used when requesting future recurring charges. | 64 |
recurrence_status | A = Authorized | 1 |
Notes:
a) After processing our IPN your server needs to acknowledge it has successfully received it by writing "Received successfully [timestamp]". If your server responds to our IPN with an invalid acknowledgement, our system will e-mail your technical contact a warning notification (subject "Urgent: Error posting IPN - Not Compliant"). In this case, the IPN will not be resent and you may want to resend the IPN manually at the PagBrasil Dashboard, menu IPN History, after resolving the problem at your end.
If we are not able to connect to your server to send an IPN, our system will e-mail your technical contact a warning notification (subject "Urgent: Error posting IPN - Fail") and will then try to resend the IPN as follows:
The next 7 attempts will take place every 7 minutes.
The next 23 attempts will take place every 60 minutes. If the last attempt of sending the IPN fails, our system will e-mail another warning notification (subject "Urgent: Error posting IPN - Fail").
Please note that any IPN can be resent manually at any time at the PagBrasil Dashboard, menu IPN History.