Cancellation with Idempotence

Refund operations with idempotence are requested using the following endpoint using the transaction ID (NIT) generated in the sale authorization. Refund requests will be considered successful once the request is approved by acquirer, and the status of the original sale transaction in Carat will automatically change to EST (Refunded)

Note: The Refund process requires authentication with signature. The store must have an RSA encryption public key registered in Carat and must assemble a JWT signature (JSON Web Tokens) to be sent in the authorization header. In this case, the refund transaction information will be returned directly in the service response. Learn more.#

However, if Merchant has enabled mutual authentication (mTLS) with Carat, a JWT signature is no longer a requirement.

Call details#

  • Resource: /v2/cancellations/{nit}
  • HTTP Method: POST
  • Request format: JSON
  • Response format: JSON
  • Header parameters:
ParameterDescriptionFormatMandatory
merchant_idMerchant code on Carat Portal. The production and certification codes will be different.< 15 ANYES
merchant_keyMerchant authentication key on Carat Portal. The production and certification keys will be different.< 80 ANYES
Content-TypeIt must be sent with the value application/json.= 15 ANYES
AuthorizationMerchant's signature in the Bearer {signature} format. Example: Bearer JHVGytfdgauygdauiw78264284527852897hagdg.
This parameter is mandatory, unless the Merchant has enabled mutual authentication (mTLS) along with Carat.
< 2000 ANCOND.
idempotency_keyIt's like a random code (identifier), with up to 80 characters, created by the integrator that will use the Carat API.< 80 NYES

Examples#

Below are some examples of the refund service call using the cURL tool.

Refund#

Request:

curl --location --request POST 'https://{{url}}/e-sitef/api/v2/cancellations/0a5e7dc9ef8ed24819c06a9bc1ed71f653671c931bd33fa49413477352de40d1' \
--header 'Content-Type: application/json' \
--header 'merchant_id: xxxxxxxxxxxxxxx' \
--header 'merchant_key: xxxxxxxxxxxxxxx' \
--header 'idempotency_key: ************' \
--header 'Authorization: Bearer {{assinatura}}'

Response:

{
"code": "0",
"message": "OK. Transaction successful.",
"cancellation": {
"authorizer_code": "200",
"authorizer_message": "Refund successful. [Cód.: 359]",
"status": "CON",
"nit": "1c1caed9c650b298e52e8b1acd7d9eb6b6e85bf029dc285f682b86e6283479ac",
"order_id": "1665693831749",
"customer_receipt":"=== COMPROVANTE ===",
"merchant_receipt":"=== COMPROVANTE ===",
"authorizer_id": "2",
"acquirer_id": "202",
"acquirer_name": "e.Rede REST",
"authorizer_date": "08/09/2022T17:43",
"merchant_usn": "12050620649",
"esitef_usn": "221013109643171",
"host_usn": "828420940",
"tid": "221013109643160",
"amount": "1300",
"payment_type": "C",
"esitef_date": "08/09/2022T17:43",
"is_host_cancel": "false"
}
}

IMPORTANT: Some acquirers may require the submission of card data in the request. In these cases, the following example shows how this request should be sent.

Request:

curl --location --request POST 'https://{{url}}/e-sitef/api/v2/cancellations/1bfff28297349381d8fc66fd0162c711ea5a61d932077d0109fe5642e7188e74' \
--header 'Content-Type: application/json' \
--header 'merchant_id: xxxxxxxxxxxxxxx' \
--header 'merchant_key: xxxxxxxxxxxxxxx' \
--header 'idempotency_key: ************' \
--header 'Authorization: Bearer {{assinatura}}' \
--data-raw '{
"amount": "1100",
"card": {
"expiry_date": "1223",
"security_code": "123",
"number": "5555555555555555"
}
}'

Response:

{
"code": "0",
"message": "OK. Transaction successful.",
"cancellation": {
"authorizer_code": "000",
"authorizer_message": "Transacao Aprov.",
"status": "CON",
"nit": "70d70a62062d01deaf49a96c98e2c4f7306975c93164c01b5fa639fe8cb9ba05",
"order_id": "1679514603756",
"customer_receipt": ".....S.O.F.T.W.A.R.E.E.X.P.R.E.S.S.... \nSI Rede 5 \nMU Codigo transacao: 400 \nLA Codigo operacao: 200030 \nDO Valor: 111,00 \n.....S...I...M...U...L...A...D...O.... \nSI NSU SiTef: 136447 \nMU 13/09/23 16:16 \nLA ID PDV: ES000053 \nDO Estab.: 000000000000005 \n.....S...I...M...U...L...A...D...O.... \nSI Host: 999136447 \nMU Transacao Simulada Aprovada \nLA \n (SiTef) \n",
"merchant_receipt": ".....S.O.F.T.W.A.R.E.E.X.P.R.E.S.S.... \nSI Rede 5 \nMU Codigo transacao: 400 \nLA Codigo operacao: 200030 \nDO Valor: 111,00 \n.....S...I...M...U...L...A...D...O.... \nSI NSU SiTef: 136447 \nMU 13/09/23 16:16 \nLA ID PDV: ES000053 \nDO Estab.: 000000000000005 \n.....S...I...M...U...L...A...D...O.... \nSI Host: 999136447 \nMU Transacao Simulada Aprovada \n (SiTef) \n",
"authorizer_id": "2",
"acquirer_id": "1005",
"acquirer_name": "Redecard",
"authorizer_date": "13/09/2023T16:16",
"authorization_number": "136446",
"merchant_usn": "12050620649",
"esitef_usn": "230913025455891",
"sitef_usn": "136447",
"host_usn": "999136447 ",
"amount": "1100",
"payment_type": "C",
"issuer": "2",
"authorizer_merchant_id": "000000000000005",
"acquirer_cnpj": "67844256000156",
"esitef_date": "13/09/2023T16:16",
"is_host_cancel": "false"
}
}

A nit is also returned in the cancellation request response. This nit is the identifier of the cancellation transaction in Carat. Therefore, it should only be used in the Query API to query the cancellation data.

Cancellation - Using the same idempotency_key and same payload#

Request:

It may happen that there are additional fields in the second call, but all the fields from the first request will be returned.

curl --location --request POST 'https://{{url}}/e-sitef/api/v2/cancellations/1bfff28297349381d8fc66fd0162c711ea5a61d932077d0109fe5642e7188e74' \
--header 'Content-Type: application/json' \
--header 'merchant_id: xxxxxxxxxxxxxxx' \
--header 'merchant_key: xxxxxxxxxxxxxxx' \
--header 'idempotency_key: ************' \
--header 'Authorization: Bearer {{assinatura}}' \
--data-raw '{
"amount": "1100",
"card": {
"expiry_date": "1223",
"security_code": "123",
"number": "5555555555555555"
}
}'

Response:

{
"code": "0",
"message": "OK. Transaction successful.",
"cancellation": {
"authorizer_code": "000",
"authorizer_message": "Transacao Aprov.",
"status": "CON",
"nit": "70d70a62062d01deaf49a96c98e2c4f7306975c93164c01b5fa639fe8cb9ba05",
"order_id": "1679514603756",
"customer_receipt":"=== COMPROVANTE ===",
"merchant_receipt":"=== COMPROVANTE ===",
"authorizer_id": "2",
"acquirer_id": "1005",
"acquirer_name": "Redecard",
"authorizer_date": "13/09/2023T16:16",
"authorization_number": "136446",
"merchant_usn": "12050620649",
"esitef_usn": "230913025455891",
"sitef_usn": "136447",
"host_usn": "999136447 ",
"amount": "1100",
"payment_type": "C",
"issuer": "2",
"authorizer_merchant_id": "000000000000005",
"terminal_id": "ES000053",
"acquirer_cnpj": "67844256000156",
"esitef_date": "13/09/2023T16:16",
"is_host_cancel": "false"
}
}

Cancellation - Using the same idempotency_key and payload with different amount#

Request:

curl --location --request POST 'https://{{url}}/e-sitef/api/v2/cancellations/1bfff28297349381d8fc66fd0162c711ea5a61d932077d0109fe5642e7188e74' \
--header 'Content-Type: application/json' \
--header 'merchant_id: xxxxxxxxxxxxxxx' \
--header 'merchant_key: xxxxxxxxxxxxxxx' \
--header 'idempotency_key: ************' \
--header 'Authorization: Bearer {{assinatura}}' \
--data-raw '{
"amount": "11100",
"card": {
"expiry_date": "1223",
"security_code": "123",
"number": "5555555555555555"
}
}'

Response:

{
"code": "1270",
"message": "Idempotent transaction body does not match the original",
"cancellation": {
"status": "INV"
}
}

Request parameters#

The table below describes the request parameters of the refund service:

ParameterDescriptionFormatMandatory
amountAmount in cents to be refunded. It’s important to note that not every acquirer supports refunds with an amount smaller than the payment amount (partial refund).
If this field is not sent, Carat Portal will assume the total amount of the payment.
< 12 NNO
cardThe obligation of this object depends solely and exclusively on the acquirer used in the transaction.
numberCustomer's card number (PAN).

Brand generated token (DPAN) for network token payment. Learn more
< 19 NYES
cryptogramCryptogram generated by the card brand= 28 ANNO
expiry_dateCard expiry date in MMYY format.= 4 NCOND.
security_codeSecurity code.< 5 NCOND.

Response parameters#

If successful, the HTTP response code will be 200. Any other code must be interpreted as an error. The table below describes the response parameters of the refund creation service:

ParameterDescriptionFormat
codeCarat Portal response code. Any code different from 0(zero) means failure. Learn more.< 4 N
messageCarat Portal response message.< 500 AN
cancellation
authorizer_codeAuthorizer response code.< 10 AN
authorizer_messageAuthorizer response message.< 500 AN
statusStatus of the payment transaction on Carat Portal. Learn more.= 3 AN
nitIdentifier of the refund transaction on Carat.= 64 AN
order_idOrder code of the transaction sent by the merchant.< 40 AN
merchant_usnUnique sequential number of the transaction sent by the merchant.< 12 N
amountAmount of the refund transaction as specified by the merchant (in cents).< 12 N
sitef_usnUnique sequential number of the refund transaction on SiTef.= 6 N
esitef_usnUnique sequential number of the refund transaction on Carat Portal.= 15 N
customer_receiptCustomer’s receipt.< 4000 AN
merchant_receiptMerchant’s receipt.< 4000 AN
authorizer_idCode of the authorizer used on the transaction.< 4 N
acquirer_idCode of the acquirer used on the transaction.< 4 N
acquirer_nameName of the acquirer used on the transaction.< 100 AN
authorizer_dateRefund authorization date returned by the authorizer in DD/MM/YYYY'T'HH:mm format. Example: 13/07/2017T16:03= 16 D
authorization_numberAuthorization number.< 6 AN
host_usnHost USN.< 20 AN
tidID of the transaction on the acquirer. This field is only returned on transactions with acquirers that are external to SiTef.< 40 AN
esitef_dateRefund authorization date on Carat Portal in DD/MM/YYYY'T'HH:mm format. Example: 13/07/2017T16:03= 16 D
issuerIssuer code returned by the authorizer.< 5 AN
authorizer_merchant_idAffiliation code of the merchant on the authorizer.< 100 AN
is_host_cancelThis field will return the value true in case of refund via host.< 5 T/F
payment_typePayment type from the selected authorizer: B = boleto, C = credit, D = debit, P = Private Label credit card, T = bank transfer, G = gift card, O = other payment methods, W = Boleto NR via Web Service= 1 AN