6. Requesting a refund
6.1. Sending the request
Your POST must be sent to https://sandbox.pagbrasil.com/api/order/refund setting the content-type of the request header and body as "x-www-form-urlencoded".
Please note that this URL shall only be used for integration and testing procedures. Once the Payment Service Agreement is signed, you will receive the production environment's URL when you request your account to go live.
Request parameters:
Field | Description | Required | Length |
---|---|---|---|
secret | Secret phrase as defined in the PagBrasil Dashboard | Yes | 128 |
pbtoken | Token assigned to your merchant account. | Yes | 32 |
order | Order number | Yes | 64 |
amount_refunded | Amount requested to be refunded (Brazilian Real) | Yes | 7.2 |
customer_bank | Customer's bank number (número do banco). See note "e" | Yes | 3 |
customer_branch | Branch number (agência). | Yes | 12 |
customer_account | Account number (conta corrente). Must include the hyphen and the verification digit; for example: "12345678-0". | Yes | 12 |
Notes:
a) The merchant needs to ask the end customer for their bank details and submit these to us using the parameters customer_bank (número do banco), customer_branch (agência) and customer_account (conta corrente). Please note that there is no other way to obtain the bank details, as banks don't disclose the customer's bank account information.
b) When information about an order is requested, one of the parameters returned is refund_info (see item 5.2), which includes the contents for parameters customer_bank, customer_branch and customer_account, formatted in a way your operator may easily review such information. Please see the example below.
Parameters sent when requesting a refund:
customer_bank = 001
customer_branch = 1234
customer_account = 12345678-0
Parameter refund_info returned when requesting information about this order:
Banco 001 - Agência 1234 - Conta 12345678-0
This way, your operator may copy/paste the information returned by refund_info when it's necessary to remind the customer what information was used to process the refund.
c) The bank account holder must be the customer, and not a third-party.
d) A successful response for the refund request will be "Refund request received".
e) Please find the bank numbers here (column "COD COMPENSAÇÃO").
6.2. Receiving the refund confirmation
Refunds are processed within one business day. You need to login to the PagBrasil Dashboard and specify the URL you want PagBrasil to notify you when the refund is processed.
PagBrasil's POST:
Field | Description | Length |
---|---|---|
secret | Secret phrase as defined in the PagBrasil Dashboard | 128 |
payment_method | Value "B". This value specifies that the data being posted is the response to a Boleto Bancário refund request (either for a traditional Boleto Bancário or a Boleto Flash®). | 1 |
order | Order number | 64 |
amount_brl | Amount in Brazilian Real | 7.2 |
amount_refunded | Amount requested to be refunded (Brazilian Real) | 7.2 |
payment_status | P = Refund Processed See note "a" | 1 |
signature | HMAC-MD5 hash that authenticates the IPN. See note "c" | 32 |
a) The payment status is returned as "P" (Refund Processed) when the refund request was submitted to the bank using the account information provided by the end customer. Please note that the Refund Processed status doesn't necessarily mean that the customer has received the credit, as the money can later be returned by the recipient's bank if the account information turns out to be incorrect.
b) The payment status is returned as "J" (Refund rejected) when the money has been returned by the recipient's bank because the account information provided was incorrect. In this case, please ask the customer to confirm that the bank details are correct and that they are the account holder. When you have their correct information you may request the refund again.
c) To authenticate the legitimacy of the IPN, you may check the parameter secret and/or the parameter signature, which is a HMAC-MD5 hash based on three parameters and a key defined at the PagBrasil Dashboard, menu Account > Settings. The HMAC-MD5 source string is the concatenation of the values of the parameters order, amount_brl and payment_status and the total length for these three parameters. For example, if parameter order="1234567890", amount_brl="39.50" and payment_status="P", the parameter signature would be "3093a7dffa0c04e74e827d1b52ef514e".
In this example, the hash for the signature was computed using the string "123456789039.50P16" with the key "36d5f7184574caf84f5b48530ac0d690".
CONFIDENTIAL