5. Requesting information about an order
- PagBrasil
5.1. Sending the request
Your POST must be sent to https://sandbox.pagbrasil.com/api/order/get setting the content-type of the request header and body as "x-www-form-urlencoded".
Please note that this URL shall only be used for integration and testing procedures. Once the Payment Service Agreement is signed, you will receive the production environment's URL when you request your account to go live.
Request parameters:
Field | Description | Required | Length |
|---|---|---|---|
secret | Secret phrase as defined in the PagBrasil Dashboard | Yes | 128 |
pbtoken | Token assigned to your merchant account. Your token is displayed at the PagBrasil Dashboard, menu Account > Settings. | Yes | 32 |
order | Order number | Yes | 64 |
5.2. Reading the response
PagBrasil's response will be an XML with the following elements:
Field | Description | Length |
|---|---|---|
order | Order number | 64 |
payment_method | B = Boleto Bancário | 1 |
submission_date | Date the boleto was issued. Format: MM/DD/YYYY. | 10 |
url_boleto | URL to view/print the Boleto Bancário | 80 |
order_status | WP = Waiting for Payment | 2 |
payment_date | Used when order_status equal to PC, RR or RP. | 10 |
product_name | Product name | 254 |
customer_name | Customer's name | 128 |
customer_taxid | CPF if an individual, or CNPJ if the customer is a company | 14 |
customer_email | Customer's e-mail address | 128 |
customer_phone | Customer's phone number | 40 |
address_street | Customer's street address | 200 |
address_zip | Customer's postal code (in Brazil called CEP) | 8 |
address_city | Customer's city | 40 |
address_state | Customer's state (official abbreviation) | 2 |
amount_brl | Amount in Brazilian Real | 7.2 |
amount_paid | Used when order_status equal to PC, RR or RP. Amount paid by the customer in Brazilian Real – may not be the exact amount due, so it must be validated and treated according to your policy. | 7.2 |
amount_refunded | Used when order_status equal to RR or RP. Amount requested to be refunded (Brazilian Real). | 7.2 |
refund_date | Used when order_status equal to RP. Date the refund requested was completed. Format: MM/DD/YYYY. | 10 |
refund_info | Used when order_status equal to RR or RP. See item 6.1, note "b". | 128 |
signature | HMAC-MD5 hash that authenticates the response. See note "a" | 32 |
Notes:
a) To authenticate the legitimacy of the response, the last element of the XML serves as a signature. It is a HMAC-MD5 hash based on the values of all XML elements and a key defined at the PagBrasil Dashboard, menu Account > Settings. The HMAC-MD5 source string is the concatenation of all the elements that are present in the XML and its total length. The XML examples below describe how the signature is computed.
b) Example of response for an order that has been paid:
<?xml version="1.0" encoding="ISO-8859-1"?>
<request>
<order>1234567890</order>
<payment_method>B</payment_method>
<submission_date>10/12/2010</submission_date>
<url_boleto>https://pagbrasil.com/b?b3b4cj7rf</url_boleto>
<order_status>PC</order_status>
<payment_date>10/15/2010</payment_date>
<product_name>Product Test (1 license)</product_name>
<customer_name>José da Silva</customer_name>
<customer_taxid>91051605962</customer_taxid>
<customer_email>josedasilva@myemail.com.br</customer_email>
<customer_phone>11 3328.9999</customer_phone>
<address_street>Av.Paulista, 100</address_street>
<address_zip>01311100</address_zip>
<address_city>São Paulo</address_city>
<address_state>SP</address_state>
<amount_brl>39.50</amount_brl>
<amount_paid>39.50</amount_paid>
<signature>0c0372d38364f2a6d31ec61b0054ff32</signature>
</request>In this example, the hash for the signature was computed using the following string with the key "36d5f7184574caf84f5b48530ac0d690":
1234567890B10/12/2010https://pagbrasil.com/b?b3b4cj7rfPC10/15/2010Product Test (1 license)José da Silva91051605962josedasilva@myemail.com.br11 3328.9999Av.Paulista, 10001311100São PauloSP39.5039.50197Please note that the "197" at the end of the string is the length of the concatenated values of the XML elements:
1234567890B10/12/2010https://pagbrasil.com/b?b3b4cj7rfPC10/15/2010Product Test (1 license)José da Silva91051605962josedasilva@myemail.com.br11 3328.9999Av.Paulista, 10001311100São PauloSP39.5039.50c) Example of response for an order that has been refunded:
<?xml version="1.0" encoding="ISO-8859-1"?>
<request>
<order>1234567890</order>
<payment_method>B</payment_method>
<submission_date>10/12/2010</submission_date>
<url_boleto>https://pagbrasil.com/b?b3b4cj7rf</url_boleto>
<order_status>RP</order_status>
<payment_date>10/15/2010</payment_date>
<product_name>Product Test (1 license)</product_name>
<customer_name>José da Silva</customer_name>
<customer_taxid>91051605962</customer_taxid>
<customer_email>josedasilva@myemail.com.br</customer_email>
<customer_phone>11 3328.9999</customer_phone>
<address_street>Av.Paulista, 100</address_street>
<address_zip>01311100</address_zip>
<address_city>São Paulo</address_city>
<address_state>SP</address_state>
<amount_brl>39.50</amount_brl>
<amount_paid>39.50</amount_paid>
<amount_refunded>39.50</amount_refunded>
<refund_date>10/30/2010</refund_date>
<refund_info>Banco 001 - Agência 1234 - Conta 12345678-0</refund_info>
<signature>5045db6353d3970389799acc31710d7f</signature>
</request>In this example, the hash for the signature was computed using the following string with the key "36d5f7184574caf84f5b48530ac0d690":
1234567890B10/12/2010https://pagbrasil.com/b?b3b4cj7rfRP10/15/2010Product Test (1 license)José da Silva91051605962josedasilva@myemail.com.br11 3328.9999Av.Paulista, 10001311100São PauloSP39.5039.5039.5010/30/2010Banco 001 - Agência 1234 - Conta 12345678-0255Please note that the "255" at the end of the string is the length of the concatenated values of the XML elements:
1234567890B10/12/2010https://pagbrasil.com/b?b3b4cj7rfRP10/15/2010Product Test (1 license)José da Silva91051605962josedasilva@myemail.com.br11 3328.9999Av.Paulista, 10001311100São PauloSP39.5039.5039.5010/30/2010Banco 001 - Agência 1234 - Conta 12345678-0d) If the order does not exist, no information will be returned except for the following:
<?xml version="1.0" encoding="ISO-8859-1"?>
<request>
</request>CONFIDENTIAL