5. Requesting information about an order 

Owned by PagBrasil
Last updated: Dec 27, 2023
4 min read

5.1. Sending the request

 

Your POST must be sent to https://sandbox.pagbrasil.com/api/order/get setting the content-type of the request header and body as "x-www-form-urlencoded".

Please note that this URL shall only be used for integration and testing procedures. Once the Payment Service Agreement is signed, you will receive the production environment's URL when you request your account to go live.

Request parameters:

Field

Description

Required

Length

Field

Description

Required

Length

secret

Secret phrase as defined in the PagBrasil Dashboard

Yes

128

pbtoken

Token assigned to your merchant account. Your token is displayed at the PagBrasil Dashboard, menu Account > Settings.

Yes

32

order

Order number

Yes

64

5.2. Reading the response

PagBrasil's response will be an XML with the following elements:

Field

Description

Length

Field

Description

Length

order

Order number

64

payment_method

Debit card = D

1

submission_date

Date the order was submitted to PagBrasil.
Format: MM/DD/YYYY.

10

order_status

WP = Waiting for Payment
PC = Payment Completed
PF = Payment Failed
RR = Refund Requested
RP = Refund Processed

2

authorization_code

Authorization code provided by the debit card issuing bank. Only available when order_status = PC.

9

payment_date

Date the payment was completed.
Format: MM/DD/YYYY.
Only available when order has been authorized.

10

product_name

Product name

254

customer_name

Customer's name

128

customer_taxid

CPF if an individual, or CNPJ if the customer is a company

14

customer_email

Customer's e-mail address

128

customer_phone

Customer's phone number

40

address_street

Customer's street address

200

address_zip

Customer's postal code (in Brazil called CEP)

8

address_city

Customer's city

40

address_state

Customer's state (official abbreviation)

2

amount_brl

Amount in Brazilian Real

7.2

amount_paid

Amount paid by the customer in Brazilian Real

7.2

cc_installments

Always 1

1

cc_brand

Debit card brand. See item 4.1, note "j" for codes.

1

cc_holder

Debit card holder's name

30

cc_number

Debit card number truncated

14-19

cc_expiration

Debit card expiration date.
Format: MM/YY.

5

soft_descriptor

Optional text identification that will appear on the customer's debit card statement next to the payee name (PB). See item 4.1, note "h".

13

amount_refunded

Used when order_status equal to RR or RP.
Amount requested to be refunded (Brazilian Real).

7.2

refund_date

Used when order_status equal to RP.
Date the refund requested was completed.
Format: MM/DD/YYYY.

10

refund_info

Used when order_status equal to RR or RP and the refund was processed via bank transfer. See item 6.2, note "b".

128

error_code

Used when order_status equal to PF. See table in item 7.

2

signature

HMAC-MD5 hash that authenticates the response. See note "a"   

32

Notes:

a) To authenticate the legitimacy of the response, the last element of the XML serves as a signature.

It is a HMAC-MD5 hash based on the values of all XML elements and a key defined at the PagBrasil Dashboard, menu Account > Settings. The HMAC-MD5 source string is the concatenation of all the elements that are present in the XML and its total length. The XML examples on the next pages describe how the signature is computed.

b) Example of response for an order that has been authorized:

<?xml version="1.0" encoding="ISO-8859-1"?> <request> <order>1234567890</order> <payment_method>D</payment_method> <submission_date>10/12/2010</submission_date> <order_status>PC</order_status> <authorization_code>493578680</authorization_code> <payment_date>10/12/2010</payment_date> <product_name>Product Test (1 license)</product_name> <customer_name>José da Silva</customer_name> <customer_taxid>91051605962</customer_taxid> <customer_email>josedasilva@myemail.com.br</customer_email> <customer_phone>11 3328.9999</customer_phone> <address_street>Av.Paulista, 100</address_street> <address_zip>01311100</address_zip> <address_city>São Paulo</address_city> <address_state>SP</address_state> <amount_brl>39.50</amount_brl> <amount_paid>39.50</amount_paid> <cc_installments>1</cc_installments> <cc_brand>V</cc_brand> <cc_holder>joao da silva</cc_holder> <cc_number>498412******1234</cc_number> <cc_expiration>12/29</cc_expiration> <soft_descriptor>TEST</soft_descriptor> <signature>9c1fe6cac5521f0b09413ae61e6d1b31</signature> </request>

In this example, the hash for the signature was computed using the following string with the key "36d5f7184574caf84f5b48530ac0d690":

1234567890D10/12/2010PC49357868010/12/2010Product Test (1 license)José da Silva91051605962josedasilva@myemail.com.br11 3328.9999Av.Paulista, 10001311100São PauloSP39.5039.501Vjoao da silva498412******123412/29TEST213

Please note that the "213" at the end of the string is the length of the concatenated values of the XML elements:

1234567890D10/12/2010PC49357868010/12/2010Product Test (1 license)José da Silva91051605962josedasilva@myemail.com.br11 3328.9999Av.Paulista, 10001311100São PauloSP39.5039.501Vjoao da silva498412******123412/29TEST

c) Example of response for an order that has been declined by the bank issuer:

In this example, the hash for the signature was computed using the following string with the key "36d5f7184574caf84f5b48530ac0d690":

Please note that the "178" at the end of the string is the length of the concatenated values of the XML elements:

d) Example of response for an order that has been refunded:

 

In this example, the hash for the signature was computed using the following string with the key "36d5f7184574caf84f5b48530ac0d690":

Please note that the "219" at the end of the string is the length of the concatenated values of the XML elements:

e) If the order does not exist, no information will be returned except for the following:

 

CONFIDENTIAL