5.1. Sending the request
Your POST must be sent to https://sandbox.pagbrasil.com/api/order/get setting the content-type of the request header and body as "x-www-form-urlencoded".
Please note that this URL shall only be used for integration and testing procedures. Once the Payment Service Agreement is signed, you will receive the production environment's URL when you request your account to go live.
Request parameters:
Field | Description | Required | Length |
---|---|---|---|
secret | Secret phrase as defined in the PagBrasil Dashboard | Yes | 128 |
pbtoken | Token assigned to your merchant account. Your token is displayed at the PagBrasil Dashboard, menu Account > Settings. | Yes | 32 |
order | Order number | Yes | 64 |
5.2. Reading the response
PagBrasil's response will be an XML with the following elements. For further information about the parameters, please refer to the documentation of each specific payment method available at the Payment Link.
Field | Description | Length |
---|---|---|
order | Order number | 64 |
payment_method | C = Credit card This parameter is not present when the customer has not selected a payment method yet. | 1 |
submission_date | Date the order was submitted to PagBrasil. | 10 |
url_boleto | URL to view/print the Boleto Bancário. Only available when payment_method equal to "B" or "F". | 80 |
url_payment | URL that redirects the customer to the bank's page to complete the payment. Only available when payment_method equal to "R", "E", "U" or "S". | 80 |
company_code | Company code. Only available when payment_method equal to "P". | 10 |
payment_id | Payment identification. Only available when payment_method equal to "P". | 17 |
payment_instructions | Payment instructions in Portuguese. Only available when payment_method equal to "P". | 254 |
expiration_date | Last date to pay the PagBrasil Pix. | 10 |
expiration_time | Maximum time within the expiration date the PagBrasil Pix will be allowed to be paid. | 5 |
pix_image | Pix QR Code image link. | 80 |
pix_code | Alternative code for mobile users to complete the payment when they cannot scan the code. | 254 |
order_status | WP = Payment requested but not processed yet | 2 |
authorization_code | Authorization code provided by the card issuer. Only available when payment_method equal to "C" or "D" and order has been authorized. | 9 |
payment_date | Date the payment was completed. | 10 |
product_name | Product name | 254 |
customer_name | Customer's name | 128 |
customer_taxid | CPF if an individual, or CNPJ if the customer is a company | 14 |
customer_email | Customer's e-mail address | 128 |
customer_phone | Customer's phone number | 40 |
address_street | Customer's street address | 200 |
address_zip | Customer's postal code (in Brazil called CEP) | 8 |
address_city | Customer's city | 40 |
address_state | Customer's state (official abbreviation) | 2 |
amount_brl | Amount in Brazilian Real | 7.2 |
amount_paid | Amount paid by the customer in Brazilian Real | 7.2 |
cc_installments | Number of installments (1 to 12). Only available when payment_method equal to "C" or "D". | 2 |
cc_brand | Card brand. Only available when payment_method equal to "C" or "D". | 1 |
cc_holder | Card holder's name. Only available when payment_method equal to "C" or "D". | 30 |
cc_number | Card number truncated. Only available when payment_method equal to "C" or "D". | 14 - 19 |
soft_descriptor | Text identification that will appear on the customer's credit card statement next to the payee name (PB). Only available when payment_method equal to "C" or "D". | 13 |
amount_refunded | Used when order_status equal to RR or RP. Amount requested to be refunded (Brazilian Real). | 7.2 |
refund_date | Used when order_status equal to RP. | 10 |
refund_info | Used when order_status equal to RR or RP. See item 6.2, note "c". | 128 |
error_code | Used when order_status equal to PF or PR, and payment_method equal to "C" or "D". See table in item 7. | 2 |
signature | HMAC-MD5 hash that authenticates the response. | 32 |
Notes:
a) To authenticate the legitimacy of the response, the last element of the XML serves as a signature. It is a HMAC-MD5 hash based on the values of all XML elements and a key defined at the PagBrasil Dashboard, menu Account > Settings. The HMAC-MD5 source string is the concatenation of all the elements that are present in the XML and its total length. The XML examples on the next notes describe how the signature is computed.
b) Example of response for an order that has been authorized:
<?xml version="1.0" encoding="ISO-8859-1"?> <request> <order>1234567890</order> <payment_method>C</payment_method> <submission_date>10/12/2010</submission_date> <order_status>PC</order_status> <authorization_code>493578680</authorization_code> <payment_date>10/12/2010</payment_date> <product_name>Product Test (1 license)</product_name> <customer_name>José da Silva</customer_name> <customer_taxid>91051605962</customer_taxid> <customer_email>josedasilva@myemail.com.br</customer_email> <customer_phone>11 3328.9999</customer_phone> <address_street>Av.Paulista, 100</address_street> <address_zip>01311100</address_zip> <address_city>São Paulo</address_city> <address_state>SP</address_state> <amount_brl>39.50</amount_brl> <amount_paid>39.50</amount_paid> <cc_installments>1</cc_installments> <cc_brand>V</cc_brand> <cc_holder>joao da silva</cc_holder> <cc_number>498412******1234</cc_number> <cc_expiration>12/29</cc_expiration> <soft_descriptor>TEST</soft_descriptor> <signature>42927a09be6b369bce73b7a40aa0a9f2</signature> </request>
In this example, the hash for the signature was computed using the following string with the key "36d5f7184574caf84f5b48530ac0d690":
1234567890C10/12/2010PC49357868010/12/2010Product Test (1 license)José da Silva91051605962josedasilva@myemail.com.br11 3328.9999Av.Paulista, 10001311100São PauloSP39.5039.501Vjoao da silva498412******123412/29TEST213
Please note that the "213" at the end of the string is the length of the concatenated values of the XML elements:
1234567890C10/12/2010PC49357868010/12/2010Product Test (1 license)José da Silva91051605962josedasilva@myemail.com.br11 3328.9999Av.Paulista, 10001311100São PauloSP39.5039.501Vjoao da silva498412******123412/29TEST
c) Example of response for an order that has been declined by the bank issuer:
<?xml version="1.0" encoding="ISO-8859-1"?> <request> <order>1234567890</order> <payment_method>C</payment_method> <submission_date>10/12/2010</submission_date> <order_status>PF</order_status> <product_name>Product Test (1 license)</product_name> <customer_name>José da Silva</customer_name> <customer_taxid>91051605962</customer_taxid> <customer_email>josedasilva@myemail.com.br</customer_email> <customer_phone>11 3328.9999</customer_phone> <address_street>Av.Paulista, 100</address_street> <address_zip>01311100</address_zip> <address_city>São Paulo</address_city> <address_state>SP</address_state> <amount_brl>39.50</amount_brl> <cc_installments>1</cc_installments> <cc_brand>V</cc_brand> <cc_holder>joao da silva</cc_holder> <cc_number>498412******1234</cc_number> <cc_expiration>12/29</cc_expiration> <error_code>01</error_code> <soft_descriptor>TEST</soft_descriptor> <signature>ade1ed7b05831307a4434022b8b1e704</signature> </request>
In this example, the hash for the signature was computed using the following string with the key "36d5f7184574caf84f5b48530ac0d690":
1234567890C10/12/2010PFProduct Test (1 license)José da Silva91051605962josedasilva@myemail.com.br11 3328.9999Av.Paulista, 10001311100São PauloSP39.501Vjoao da silva498412******123412/2901TEST191
Please note that the "191" at the end of the string is the length of the concatenated values of the XML elements:
1234567890C10/12/2010PFProduct Test (1 license)José da Silva91051605962josedasilva@myemail.com.br11 3328.9999Av.Paulista, 10001311100São PauloSP39.501Vjoao da silva498412******123412/2901TEST
d) Example of response for an order that has been refunded:
<?xml version="1.0" encoding="ISO-8859-1"?> <request> <order>1234567890</order> <payment_method>C</payment_method> <submission_date>10/12/2010</submission_date> <order_status>RP</order_status> <payment_date>10/12/2010</payment_date> <product_name>Product Test (1 license)</product_name> <customer_name>José da Silva</customer_name> <customer_taxid>91051605962</customer_taxid> <customer_email>josedasilva@myemail.com.br</customer_email> <customer_phone>11 3328.9999</customer_phone> <address_street>Av.Paulista, 100</address_street> <address_zip>01311100</address_zip> <address_city>São Paulo</address_city> <address_state>SP</address_state> <amount_brl>39.50</amount_brl> <amount_paid>39.50</amount_paid> <cc_installments>1</cc_installments> <cc_brand>V</cc_brand> <cc_holder>joao da silva</cc_holder> <cc_number>498412******1234</cc_number> <cc_expiration>12/29</cc_expiration> <amount_refunded>39.50</amount_refunded> <refund_date>10/30/2010</refund_date> <soft_descriptor>TEST</soft_descriptor> <signature>44c0eb7fd06dc698cdf7df2f8beaa2fb</signature> </request>
In this example, the hash for the signature was computed using the following string with the key "36d5f7184574caf84f5b48530ac0d690":
1234567890C10/12/2010RP10/12/2010Product Test (1 license)José da Silva91051605962josedasilva@myemail.com.br11 3328.9999Av.Paulista, 10001311100São PauloSP39.5039.501Vjoao da silva498412******123412/2939.5010/30/2010TEST219
Please note that the "219" at the end of the string is the length of the concatenated values of the XML elements:
1234567890C10/12/2010RP10/12/2010Product Test (1 license)José da Silva91051605962josedasilva@myemail.com.br11 3328.9999Av.Paulista, 10001311100São PauloSP39.5039.501Vjoao da silva498412******123412/2939.5010/30/2010TEST
e) If the order does not exist, no information will be returned except for the following:
<?xml version="1.0" encoding="ISO-8859-1"?> <request> </request>
f) Current accepted credit card brands:
Brand | Code | CC Length | CVV Length | Sample |
---|---|---|---|---|
Mastercard | M | 16 | 3 | 5555666677778884 |
Visa | V | 16 | 3 | 4984123412341234 |
Diners | D | 14 | 3 | 30111122223331 |
Amex | A | 15 | 4 | 376411112222331 |
Hipercard | H | 16 | 3 | 6062111122223339 |
Elo | E | 16 | 3 | 6362970000457013 |