Credit Card
Cards are a dominant payment method worldwide. Credit cards are issued by banks and allow customers to borrow money with a promise to pay it back within a grace period to avoid extra fees. Consumers can accrue a continuing balance of debt, subject to being charged interest on the amount.
To take advantage of the features available in our API, it is important to first understand the concepts involved in processing a credit card transaction.
| Concept | Description |
|---|---|
| PCI/DSS | Payment Card Industry Data Security Standards |
| Client-side Encryption | Programming technique to encrypt sensitive cardholder data on the client side and securely transfer this data to the payment gateway to process a payment. |
| Anti fraud | It is a fraud prevention platform that provides a detailed risk analysis of online purchases. Transactions are subject to a large number of rules, besides the specific rules for each segment. According to the pre-established criteria, the request can be automatically accepted, refused or sent for manual analysis. |
| Tokenization | It´s a process that allows secure storage of sensitive credit card data. The data is transformed into an encrypted code named “token”, which can be stored in a database. This allows merchants to make recurring payments. |
| Installments | Installment payments are a way to spread out a payable amount. A customer can split up a full payment into smaller chunks, which they pay off at a regular intervals over a set period. |
Workflow
-
The merchant loads PagSeguro script in the client's browser.
-
If desired, the merchant gets installments options to show the customer.
-
The customer fills and submits payment info, then a method is called in PagSeguro's script.
-
After receiving the
direct-token, the customer submits all the necessary information to the merchant's server. -
The Merchant submits to
/transactionsto create the transaction. -
PagSeguro creates an order and returns the status transaction and
IDto the merchant. -
The Merchant returns the transation status to the customer.
When the merchant has the customer's credit card (payment-method object) saved on their side, the first step is not necessary and the parameter code must be used instead of the token parameter.
See more on Tokenization Section
Creating a Credit Card Payment
Step 1: Collect Payer Details
For most payment methods, you can collect the payment details directly from the customer. For credit cards, however, you will need to encrypt any sensitive credit card details.
Are you PCI Level 1 or 2 certified?
You can optionally submit raw card data.
See Creating a Raw Credit Card Payment for more information.
Encrypt credit card details
PagSeguro provides a JavaScript library so you can use it to securely collect your customer's credit card details without sensitive credit card data reaching your server. When the customer enters the details of the card on your site, the script collects the sensitive data and creates an encrypted version that you can securely transmit to PagSeguro.
This script is minified and doesn’t inject any dependency on your page, just the Boacompra.PaymentMethod object that will be used for the integration and can be added before the tag avoiding loading problems in the current page. It is very important to use this script from our CDN, to maintain the compatibility with PagSeguro Payment API.
To include the Direct Checkout JS in your payment page is required the insertion of a script tag with the JS file URL
<script src="http://stc.boacompra.com/payment.boacompra.min.js"></script>
Direct token method
This method returns the Direct Token required in the Direct Payment API integration. The credit card data must be informed and will be stored according to PCI-DSS Compliance standards.
It's highly recommended not to store or traffic this data in your system unless you have PCI certification. The getDirectToken method expects two parameters: Credit card object and a callback function.
Creating the direct-token in javascript
//credit card data
var data = {
creditCard: '5555666677778884',
cvv: '123',
expiration: {
month: '02',
year: '2026'
}
};
//callback function for payment.getDirectToken function
var callback = function(err, directToken) {
if (err) {
//Error in token generation
return false;
}
console.log('Token generated with success');
console.log(directToken);
};
//note: the payment object must be previously instantiated before call this function (see full example on the next section).
//calling the getDirectToken function to generate the credit-card token
payment.getDirectToken(data, callback);
Credit card object
| Property | Type | Value |
|---|---|---|
| creditCard | string | Credit card number |
| cvv | string | Credit card CVV |
| expiration | object | Object with expiration data |
| expiration.month | string | Credit card expiration month (2 characters) |
| expiration.year | string | Credit card expiration year (4 characters) |
Example of credit card object
var creditCard = {
creditCard: '5555666677778884',
cvv: '123',
expiration: {
month: '02',
year: '2020'
}
};
Callback function
The callback function expects two parameters: an error and a string token.
Example of callback function
var callback = function(err, directToken) {
if (err) {
//Error in token generation
return false;
}
console.log('Token generated with success');
console.log(directToken);
};
Full Example
Here you will find a detailed and explained example of a HTML file implementing our javascript file.
ATTENTION:
We highly recommend to instantiate the payment object as soon as possible after loads the PagSeguro's javascript file. Otherwise, we cannot be sure that all dependecies were loaded successfuly before charging the customer and unknown errors can be triggered, difficulting the payment flow. In case of any doubts, please get in touch with our B2B support.
<!DOCTYPE html>
<!-- This html script must be used into a configured virtual host in your Web Server -->
<html>
<head>
<meta charset="utf-8">
<title>PagSeguro Direct Checkout Test</title>
<!-- Script loaded with a dynamic parameter (?p=999999) value to invalidate the browser cache. -->
<script type="text/javascript" src="https://stc.boacompra.com/payment.boacompra.min.js?p=999999"></script>
<script type="text/javascript">
// You MUST instance the payment object ASAP after add the javascript on page,
// it will prevent loading time issues in the flow.
var payment = new Boacompra.PaymentMethod();
</script>
</head>
<body>
<a href="javascript:charge()" target="_self">Click here to Generate the DirectToken</a>
<script type="text/javascript">
// Example: hhttps://docs.boacompra.com/docs/direct-api-credit-card#creating-a-credit-card-payment
function charge() {
// User's credit card data should be collected in a html form
var cardData = {
creditCard: '5555666677778884',
cvv: '123',
expiration: {
month: '02',
year: '2026'
}
};
//callback function will contain errors or a directToken
var callback = function(err, directToken) {
if (err) {
// Check all errors in:
// https://developers.boacompra.com/direct-api/#direct-payment-js
alert('Error: ' + err);
return false;
}
alert('Success!\ndirect-token: ' + directToken + '\n\nUse them to create your transaction.');
// Post [directToken + user data, previously collected from html forms] to your server (Ajax request)
// The directToken parameter will be used to create your transaction
// on the endpoint https://api.boacompra.com/transactions
// The directToken parameter and others are descibed in our Manual:
// https://developers.boacompra.com/direct-api/#transaction-api
};
payment.getDirectToken(cardData, callback);
}
</script>
</body>
</html>
Step 2 (optional): Get Credit Card Installments
Credit card Installment payments are a way to spread out a payable amount. A customer can choose to split up a full payment into smaller chunks, which they pay off at regular intervals over a set period.
Brazil
Credit Card Installments available in Brazil by brand:
- Visa - up to 12x
- MasterCard - up to 12x
- American Express - up to 12x
- Elo Card - up to 12x
- Diners - up to 12x
- Hipercard - up to 12x
The minimum installment amount is 5 BRL.
To get the payment installments, you need to do the following:
Get brand and installments
To show the installment options for the customer, you must make a request to the Installments API. The installments options will change according to the credit card brand.
Get brand and installments URL
https://api.boacompra.com/card?bin={bin}&country={country}&amount={amount}¤cy={currency}Method: GET
| Property | Description | Type | Size | Required |
|---|---|---|---|---|
| bin | Credit Card BIN (first six digits of the card) | Integer | 6 | Yes |
| country | Country of Payment | String | 2 | Yes |
| amount | Value of order | Double | Min of 0.01 | Yes |
| currency | Currency of order | String | 3 | Yes |
Example to get the brand and credit card installments with cURL
curl -X GET \
'https://api.boacompra.com/card?bin=123456&country=BR&amount=16.00¤cy=BRL' \
-H 'accept: application/vnd.boacompra.com.v1+json; charset=UTF-8' \
-H 'authorization: 123:ba567109f868df40c7cda9c5563bf2a9cdcb8b6b654654165'
Response Headers
HTTP/1.1 200 OK
Content-type: application/vnd.boacompra.com.v1+json; charset=UTF-8
Response Body
{
"bin": {
"number": 123456,
"brand": "visa",
"cvvSize": 3,
"expirable": true,
"validationAlgorithm": "LUHN",
"installment": true
},
"installments": [
{
"quantity": 1,
"totalAmount": 16,
"installmentAmount": 16,
"interestFree": true
},
{
"quantity": 2,
"totalAmount": 16.48,
"installmentAmount": 8.24,
"interestFree": false
}
]
}
Check brand name (optional)
If you want to show the credit card brand name, this service offers this possibility.
Check brand name URL
https://api.boacompra.com/card/bin/{bin}Method: GET
| Property | Description | Type | Size | Required |
|---|---|---|---|---|
| bin | Credit Card BIN (first six digits of the card) | Integer | 6 | Yes |
Example with cURL
curl -X GET \
'https://api.boacompra.com/card/bin/123456' \
-H 'content-type: application/json' \
-H 'accept: application/vnd.boacompra.com.v1+json; charset=UTF-8' \
-H 'authorization: 123:ba567109f868df40c7cda9c5563bf2a9cdcb8b6b654654165'
Response Headers
HTTP/1.1 200 OK
Content-type: application/vnd.boacompra.com.v1+json; charset=UTF-8
Response Body
{
"bin": {
"number": 123456,
"brand": "visa",
"cvvSize": 3,
"expirable": true,
"validationAlgorithm": "LUHN",
"installment": true
}
}
Bin Object
| Property | Type |
|---|---|
| number | Integer |
| brand | String |
| cvvSize | Integer |
| expirable | Boolean |
| validationAlgorithm | String |
| installment | Boolean |
Check installment options (optional)
If you want to show the installments amount according to the brand for the customer, this service offers this possibility.
Check installment options URL
https://api.boacompra.com/card/installments?brand={brand}&country={country}&amount={amount}¤cy={currency}Method: GET
| Property | Description | Type | Size | Required |
|---|---|---|---|---|
| brand | Name of Brand | String | Yes | |
| country | Country of Payment | String | 2 | Yes |
| amount | Value of order | Double | Min of 0.01 | Yes |
| currency | Currency of order | String | 3 | Yes |
Example with cURL
curl -X GET \
'https://api.boacompra.com/card/installments?brand=visa&country=BR&amount=16.00¤cy=BRL' \
-H 'accept: application/vnd.boacompra.com.v1+json; charset=UTF-8' \
-H 'authorization: 123:ba567109f868df40c7cda9c5563bf2a9cdcb8b6b654654165'
Response Headers
HTTP/1.1 200 OK
Content-type: application/vnd.boacompra.com.v1+json; charset=UTF-8
Response Body
{
"installments": [
{
"quantity": 1,
"totalAmount": 16,
"installmentAmount": 16,
"interestFree": true
},
{
"quantity": 2,
"totalAmount": 16.48,
"installmentAmount": 8.24,
"interestFree": false
}
]
}
Installment Object
| Property | Type |
|---|---|
| quantity | Integer |
| totalAmount | Integer |
| totalinstallmentAmount | Float |
| interestFree | Boolean |
Step 3: Request a Credit Card Payment
After collecting the payment details from the customer, make a request to the Transaction API using the information given by the customer and specifying the chosen payment method by using the payment method type parameter.
The minimum amount value is 0.20 BRL.
Request
Requesting a credit card payment in Production
https://api.boacompra.com/transactionsMethod: POST
Requesting a credit card payment in Sandbox
https://api.sandbox.boacompra.com/transactionsMethod: POST
Example of a request using credit card payment
{
"transaction": {
"reference": "REF-XXX-1234567890",
"project-number": 1,
"country": "BR",
"currency": "BRL",
"checkout-type": "direct",
"notification-url": "https://billing.checkout.com/processing",
"language": "pt-BR"
},
"charge": [
{
"amount": 100.00,
"payment-method": {
"type": "credit-card",
"sub-type": "mastercard"
},
"payment-info": {
"installments": 3,
"token": "eyJkbmEiOiI2NzY3YzAxNDEzNGM0NTc4ODg0ZjU2MjdmYTI0ZGVhZiIsImlwIjoiMjAwLjIyMS4xMzAuNDkiLCJkZiI6ImNmYWI3MDcxMDJlZDQ4MjU4MzJhNmY2MDBhNWZjZjc2In0="
}
}
],
"payer": {
"name": "John Doe",
"email": "[email protected]",
"birth-date": "1988-12-25",
"phone-number": "+5511987654321",
"document": {
"type": "CPF",
"number": "00000000191"
},
"address": {
"street": "Rua Teste",
"number": "1102",
"complement": "AP 10",
"district": "Bairro Teste",
"state": "PR",
"city": "Maringá",
"country": "BR",
"zip-code": "87030000"
},
"ip": "200.221.118.80"
},
"shipping": {
"cost": 0,
"address": {
"street": "Rua Teste",
"number": "1102",
"complement": "AP 10",
"district": "Bairro Teste",
"state": "PR",
"city": "Maringá",
"country": "BR",
"zip-code": "87030000"
}
},
"cart": [
{
"quantity": 1,
"description": "Calça Jeans",
"category": "Collectibles",
"type": "physical",
"unit-price": 1
}
]
}
Request Parameter List
| Parameter | Description | Type | Size | Mandatory |
|---|---|---|---|---|
| transaction | Set of general transaction's information | Object | - | Yes |
| transaction.reference | Merchant transaction identifier | String | Up to 64 | Yes |
| transaction.project-number | Merchant project identifier. Default value is 1 | Integer | - | No |
| transaction.country | Country of the payment. Accepts only BR | String | 2 | Yes |
| transaction.currency | Currency of the transaction. Accepts only BRL | String | 3 | |
| transaction.checkout-type | Checkout type of the transaction. Accepts only direct | String | - | Yes |
| transaction.notification-url | URL (must bind ports 80 or 443) used to send transaction status changes notifications by HTTP | String | Up to 200 | Yes |
| transaction.language | Language used. Accepts pt-BR, en-US, es-ES, pt-PT and tr-TR | String | 5 | Yes |
| transaction.gifting | Flags transaction as gifting. We recommend sending this parameter only when the transaction is a gift (value = true). For regular transactions it is not necessary to send it. | Boolean | - | No |
| charge[] | Set of payments. Currently accepting just one (1) payment | Array | 1 | Yes |
| charge[].amount | Amount of the transaction. Separating cents by point, with two decimal places. Amount sum must be equal to shipping.cost plus cart items value | Double | Min of 0.20 | Yes |
| charge[].payment-method.type | Payment Method type (credit-card, postpay, e-wallet or eft) | String | - | Yes |
| charge[].payment-method.sub-type | Payment Method sub-type. Available brands (see more) | String | - | No |
| charge[].payment-info.installments | Installments quantity (see more) | Integer | Min of 1 | Yes |
| charge[].payment-info.token | Token containing credit card encrypted data (see more) | String | - | Yes [1] |
| charge[].payment-info.code | Token which represents a payment method previously saved and already activated (see more) | String | 32 | No |
| charge[].payment-info.save | Used to save payment method for future transactions (see more) | Boolean | - | No |
| payer | Set of customer's information | Object | - | Yes |
| payer.name | Customer name (see more) | String | Up to 255 | Yes |
| payer.email | Customer e-mail address | String | Up to 60 | Yes |
| payer.birth-date | Customer birth date. ISO-8601 Pattern (YYYY-MM-DD) | String | - | Yes [3] |
| payer.phone-number | Customer phone number. e.g (+5544999884455) | String | - | Yes |
| payer.document.type | Customer document Type. accepts: cpf and cnpj | String | - | Yes |
| payer.document.number | Customer identification document. No special characters allowed. | String | - | Yes |
| payer.ip | Customer IP. accepts IPv4 or IPv6 | String | - | No |
| payer.address | Customer address object | Object | - | No [2] |
| payer.address.street | Customer address street | String | 1-160 | Yes |
| payer.address.number | Customer address number | String | 1-20 | Yes |
| payer.address.complement | Customer address complement | String | Up to 40 | No |
| payer.address.district | Customer address district | String | 1-60 | Yes |
| payer.address.state | Customer address state or province | String | 2 | Yes |
| payer.address.city | Customer address city | String | 1-60 | Yes |
| payer.address.country | Customer address country (country iso 2) | String | 2 | Yes |
| payer.address.zip-code | Customer address zip code | String | 8 | Yes |
| shipping | Set of information that will be used to deliver the items in cart (see more) | Object | - | No [2] |
| shipping.cost | Shipping cost. Separating cents by dot, with two decimal places | Double | Min of 0.01 | Yes |
| shipping.address.street | Shipping address street | String | 3-160 | Yes |
| shipping.address.number | Shipping address number | String | 1-20 | Yes |
| shipping.address.complement | Shipping address complement | String | 5-40 | No |
| shipping.address.district | Shipping address district | String | 4-60 | Yes |
| shipping.address.state | Shipping address state or province | String | 2 | Yes |
| shipping.address.city | Shipping address city | String | 3-60 | Yes |
| shipping.address.country | Shipping address country (country iso 2) | String | 2 | Yes |
| shipping.address.zip-code | Shipping address zip Code | String | 8 | Yes |
| cart[] | Set of items (at least one Item) | Array | Min of 1 | Yes |
| cart[].quantity | Item quantity | Integer | Min of 1 | Yes |
| cart[].description | Item description | String | 1-200 | Yes |
| cart[].unit-price | Price per unit. Separating cents by dot, with two decimal places | Double | Min of 0.01 | Yes |
| cart[].type | Item type - must be one of the following: digital, physical, service, subscription | String | - | Yes |
| cart[].category | Item category | String | 1-64 | No |
About required fields1- Required, except when using charge[].payment-info.code
2- Required when cart[].type is physical
3- Required when payer.document.type is cpf
Some considerations about the payer name:
- Maximum length of 255 characters
- Minimum two words
- Each word must be separated by ONE space
- The first word must have at least 2 characters and at most 50
- The middle words must have at least 1 character and at most 50
- Accepted characters: A to Z, uppercase and/or lowercase letters
- Special characters accepted: àáâäãåąčćęèéêëėįìíîïłńòóôöõøùúûüųūÿýżźñçčšžÀÁÂÄÃÅĄĆČĖĘÈÉÊËÌÍÎÏĮŁŃÒÓÔÖÕØÙÚÛÜŲŪŸÝŻŹÑßÇŒÆČŠŽ∂ð,.&/'-
Some considerations about the payer email:
- On the local-part (before the @), only alphanumeric characters and the special characters - + . _ are allowed.
Some considerations about the payer birth-date and payer phone-number:
- Required parameters for fraud analysis to chargebacks susceptible payment types.
- Payment type susceptible to chargebacks:
- credit-card
- e-wallet
Response
Example of a response using credit card payment
{
"transaction": {
"code": "111114891",
"reference": "REF-XXX-1234567890",
"amount": 100,
"status": "PENDING",
"currency": "BRL",
"country": "BR",
"payer-email": "[email protected]",
"date-created": "2018-10-09T10:23:05.916587756-03:00"
}
}
Response Parameter List
| Property | Description | Type | Size | Format |
|---|---|---|---|---|
| transaction.code | PagSeguro´s reference | String | Up to 36 | e.g.: 111181153 |
| transaction.reference | Merchant´s reference | String | Up to 64 | XXX-XXX-XX-XXXXXXXXXX |
| transaction.amount | Transaction Amount | Number | - | e.g.: 50.0 |
| transaction.status | Current status (see more) | String | - | e.g.: PAID |
| transaction.currency | Currency transaction | String | 3 | e.g.: BRL |
| transaction.country | Country transaction | String | 2 | e.g.: BR |
| transaction.payer-email | Payer email | String | Up to 60 | e.g.: [email protected] |
| transaction.date-created | Date of creation | String | - | e.g.: 2018-10-10T14:39:32.991217999-03:00 |
Creating a Raw Credit Card Payment
IMPORTANT
Anyone involved with the processing, transmission, or storage of card data MUST comply with the Payment Card Industry Data Security Standards (PCI DSS).
If you are PCI Level 1 or Level 2 certified you can submit raw card data to PagSeguro when you make a payment. To submit raw card data, contact your Account Manager, once they've set you up, you are ready to submit card fields when you make a payment request.
PagSeguro recommends that you validate the number of digits entered for the credit card, expiration date and card verification code before submitting the payment information. This will help reduce transaction declines due to customer error.
Request
Requesting a raw credit card payment in Production
https://api.boacompra.com/transactionsMethod: POST
Requesting a credit card payment in Sandbox
https://api.sandbox.boacompra.com/transactionsMethod: POST
Example of a request using cURL
curl -X POST \
'https://api.boacompra.com/transactions' \
-H 'accept: application/vnd.boacompra.com.v2+json; charset=UTF-8' \
-H 'authorization: 123:ba567109f868df40c7cda9c5563bf2a9cdcb8b6b654654165' \
-H 'content-type: application/json' \
-d '{
"transaction":{
"reference":"REF-RAW-CC-1539193167",
"project-number":1,
"country":"BR",
"currency":"BRL",
"checkout-type":"direct",
"notification-url":"https://billing.checkout.com/processing",
"language":"pt-BR"
},
"charge":[
{
"amount":50.00,
"payment-method":{
"type":"credit-card"
},
"payment-info":{
"installments":2,
"credit-card":{
"number":"4073020000000002",
"cvv":"123",
"expiration-date":"2020-12"
}
}
}
],
"payer":{
"name":"John Doe",
"email":"[email protected]",
"ip":"64.128.112.215",
"phone-number": "+5511991234556",
"document":{
"type":"CPF",
"number":"31192071280"
}
},
"cart": [
{
"quantity": 1,
"description": "Action figure - Spider-man",
"category": "Collectibles",
"type": "digital",
"unit-price": 50.00
}
]
}'
| Property | Description | Type | Size | Mandatory |
|---|---|---|---|---|
| transaction.reference | Merchant Transaction Identifier | String | 64 | Yes |
| transaction.project-number | Merchant Project Identifier. Default value is 1 | Integer | - | - |
| transaction.country | Country of the payment. Accepts only BR | String | 2 | Yes |
| transaction.currency | Currency of the transaction. Accepts only BRL | String | 3 | |
| transaction.checkout-type | Checkout type of the transaction. Accepts only direct | String | - | Yes |
| transaction.notification-url | URL (must bind ports 80 or 443) used to send transaction statuses changes notifications by HTTP | String | - | Yes |
| transaction.language | Language used. Accepts pt-BR, en-US, es-ES, pt-PT and tr-TR | String | 5 | Yes |
| charge[] | Set of payments. | Array | 1 | Yes |
| charge[].amount | Amount of the transaction. Separating cents by dot, with two decimal places. Amount sum must be equal to shipping.cost plus cart items value | Double | Min of 0.20 | Yes |
| charge[].payment-method.type | Payment Method type (credit-card, postpay, e-wallet or eft) | String | - | Yes |
| charge[].payment-method.sub-type | Means of Payment Sub-type. The Card issuer | String | - | - |
| charge[].payment-info.installments | Installments quantity | String | Min of 1 | Yes |
| charge[].payment-info.credit-card.number | Payer Card Number | String | 19 | Yes |
| charge[].payment-info.credit-card.cvv | Payer Card Secutiry Code | String | 4 | Yes |
| charge[].payment-info.credit-card.expiration-date | Payer Card Expiry date printed. Pattern YYYY-MM | String | 7 | Yes |
| payer | Set of customer's information | Object | - | Yes |
| payer.name | Payer name (see more) | String | Up to 255 | Yes |
| payer.email | Payer email | String | Up to 60 | Yes |
| payer.ip | Customer IP. accepts IPv4 or IPv6 | String | - | Yes |
| payer.phone-number | Customer phone number. e.g (+5544999884455) | String | - | No |
| payer.document.type | Payer Document Type. Accepts: cpf and cnpj | String | - | Yes |
| payer.document.number | Payer Identification document. Remove special characters | String | - | Yes |
| cart[] | Set of items (at least one Item) | Array | Min of 1 | Yes |
| cart[].quantity | Item quantity | Integer | Min of 1 | Yes |
| cart[].description | Item description | String | 1-200 | Yes |
| cart[].unit-price | Price per unit. Separating cents by dot, with two decimal places | Double | Min of 0.01 | Yes |
| cart[].type | Item type (see more) | String | - | Yes |
| cart[].category | Item category | String | 1-64 | No |
Response
Example of a response
{
"transaction": {
"code": "111181153",
"reference": "REF-RAW-CC-1539193167",
"amount": 100,
"status": "PENDING",
"currency": "BRL",
"country": "BR",
"payer-email": "[email protected]",
"date-created": "2018-10-10T14:39:32.991217999-03:00"
}
}
| Property | Description | Type | Size | Format |
|---|---|---|---|---|
| transaction.code | PagSeguro´s reference | String | Up to 36 | e.g.: 111181153 |
| transaction.reference | Merchant´s reference | String | Up to 64 | XXX-XXX-XX-XXXXXXXXXX |
| transaction.amount | Transaction Amount | Number | - | e.g.: 50.0 |
| transaction.status | Current status (see more) | String | - | e.g.: PENDING |
| transaction.currency | Currency transaction | String | 3 | e.g.: BRL |
| transaction.country | Currency transaction | String | 2 | e.g.: BR |
| transaction.payer-email | Payer email | String | Up to 60 | e.g.: [email protected] |
| transaction.date-created | Date of creation | String | - | e.g.: 2018-10-10T14:39:32.991217999-03:00 |
Tokenization
When applied to data security, tokenization is the process of substituting a sensitive data
element with a non-sensitive equivalent, referred to as a token. The sensitive credit card data used
during the transaction will be converted into a token which can be used in future transactions.
This technique allows the merchants to offer features such as one-click buying, retry sending a transaction,
and also allows the merchant to create its own service of recurring payment.
How does it work?
- Merchant submits the payment info to
/transactionsusing the parametercharge[].payment-info.saveas true. - PagSeguro creates a unique token (payment-method.code) and maps it into the payment-method object reponse.
- PagSeguro returns the transaction object and payment-method object.
- The merchant stores the payment-method object.
- The transaction status is changed to COMPLETE.
- The merchant can now use
charge[].payment-info.codeto create future transactions for the same customer.
Important
- The tokenization feature can only be used with credit card payment method.
- The credit card code can only be used after the status of the initial transaction is changed to COMPLETE.
- The credit card code can only be used with the same customer email for which it was generated, otherwise it will cause an error.
- If the merchant tries to save the same credit card for the same email twice, the payment method object won't be returned in the response body.
Step 1: Saving the Payment Method
The merchant creates a payment request that demands the payment method to be saved.
Request
Example of a request using credit card tokenization
{
"transaction": {
"reference": "REF-XXX-1234567890",
"project-number": 1,
"country": "BR",
"currency": "BRL",
"checkout-type": "direct",
"notification-url": "https://billing.checkout.com/processing",
"language": "pt-BR"
},
"charge": [
{
"amount": 100.00,
"payment-method": {
"type": "credit-card",
"sub-type": "mastercard"
},
"payment-info": {
"installments": 3,
"token": "eyJkbmEiOiI2NzY3YzAxNDEzNGM0NTc4ODg0ZjU2MjdmYTI0ZGVhZiIsImlwIjoiMjAwLjIyMS4xMzAuNDkiLCJkZiI6ImNmYWI3MDcxMDJlZDQ4MjU4MzJhNmY2MDBhNWZjZjc2In0=",
"save": true
}
}
],
"payer": {
"name": "John Doe",
"email": "[email protected]",
"birth-date": "1988-12-25",
"phone-number": "+5511987654321",
"document": {
"type": "CPF",
"number": "00000000191"
},
"address": {
"street": "Rua Teste",
"number": "1102",
"complement": "AP 10",
"district": "Bairro Teste",
"state": "PR",
"city": "Maringá",
"country": "BR",
"zip-code": "87030010"
},
"ip": "200.221.118.80"
},
"shipping": {
"cost": 0,
"address": {
"street": "Rua Teste",
"number": "1102",
"complement": "AP 0",
"district": "Bairro Teste",
"state": "PR",
"city": "Maringá",
"country": "BR",
"zip-code": "87030000"
}
},
"cart": [
{
"quantity": 1,
"description": "Calça Jeans",
"category": "Collectibles",
"type": "physical",
"unit-price": 1
}
]
}
Response
Example of a response containing a payment method
{
"transaction": {
"code": "99481144",
"reference": "REF-XXX-1234567890",
"amount": 100,
"status": "PENDING",
"currency": "BRL",
"country": "BR",
"payer-email": "[email protected]",
"date-created": "2018-10-09T15:16:31.76093422-03:00"
},
"payment-methods": [
{
"code": "5B990EBB79F54E65B752EC555BD3A9B6",
"credit-card": {
"brand": "mastercard",
"masked-number": "************5099",
"expiration-date": "2021-12"
},
"date-created": "2018-10-09T15:16:32.508735399-03:00"
}
]
}
Step 2: Merchant Stores the Payment Method
The merchant stores the following object in other to have features like one-click buying, retry sending a transaction, among others alike.
This payment method code can only be used to create a new transaction after the transaction's status is changed to COMPLETE..
Example of a payment method that the merchant can store on their side
{
"code": "5B990EBB79F54E65B752EC555BD3A9B6",
"credit-card": {
"brand": "mastercard",
"masked-number": "************5099",
"expiration-date": "2021-12"
},
"date-created": "2018-10-09T15:16:32.508735399-03:00"
}
Step 3: Merchant Uses the Saved Payment Method
The merchant uses the stored payment method to create a new transaction for the same customer
Example of a request using the stored payment method
{
"transaction": {
"reference": "REF-XXX-1234567891",
"project-number": 1,
"country": "BR",
"currency": "BRL",
"checkout-type": "direct",
"notification-url": "https://billing.checkout.com/processing",
"language": "pt-BR"
},
"charge": [
{
"amount": 100.00,
"payment-method": {
"type": "credit-card",
"sub-type": "mastercard"
},
"payment-info": {
"installments": 3,
"code": "5B990EBB79F54E65B752EC555BD3A9B6"
}
}
],
"payer": {
"name": "John Doe",
"email": "[email protected]",
"birth-date": "1988-12-25",
"phone-number": "+5511987654321",
"document": {
"type": "CPF",
"number": "00000000191"
},
"address": {
"street": "Rua Teste",
"number": "1102",
"complement": "AP 10",
"district": "Bairro Teste",
"state": "PR",
"city": "Maringá",
"country": "BR",
"zip-code": "87030000"
},
"ip": "200.221.118.80"
},
"shipping": {
"cost": 0,
"address": {
"street": "Rua Teste",
"number": "1102",
"complement": "AP 10",
"district": "Bairro dos testes",
"state": "PR",
"city": "Maringá",
"country": "BR",
"zip-code": "87030000"
}
},
"cart": [
{
"quantity": 1,
"description": "Calça Jeans",
"category": "Collectibles",
"type": "physical",
"unit-price": 1
}
]
}
Available Brands
American Express
Diners
Elo
HiperCard
MasterCard
Visa
Updated over 1 year ago