CyberSource

Required credentials

As mentioned in "Overview - Required credentials", each institution has credentials that must be obtained for the integration. CyberSource's services demand credentials below:

• Merchat ID (Merchant Code) - Merchant's key to access CyberSource's back office
• Shared Secret - Merchant's key to access CyberSource's back office. If key is not registered, Carat Portal will not be able to query status CyberSource. In case any risk analysis transaction is with status pending, the decision configured by Merchant will be executed and Carat Portal will confirm or Carat Portal will cancel the transaction.
• Key ID - Identification of the Shared Secret.
• Org ID - * Key used to collect fingerprint data from the payer's browser.
• p12 certificate - Security certification for orders analysis. The file should have the same name as Merchant ID in CyberSource system.
• p12 Certificate Password - Password for p12 certificate. Defined on the CyberSource portal.

IMPORTANT: The credentials above should be obtained from CyberSource. It is recommended to contact CyberSource and receive guidance on how to obtain the credentials. Then, the merchant should contact Carat Portal support and send the credentials to register in Carat Portal.

To obtain the Shared Secret and the Key ID follow the instructions at:

https://developer.cybersource.com/api/developer-guides/dita-gettingstarted/authentication/createSharedKey.html

To obtain the .p12 certificate, follow the instructions at:

https://support.cybersource.com/s/article/How-to-Generate-a-Simple-Order-API-Security-Key

Webhook URL Configuration

In order for us to receive status updates from the risk analysis transactions that are in manual revision, it is necessary to configure the Webhook URL on the CyberSource configuration environment.

Production URL:

https://prod.api.fiservapps.com/esitef-cybersource/processarPost.se?src=cybersource

Homologation URL:

https://prod.api.fiservapps.com/esitef-hml-cybersource/processarPost.se?src=cybersource

This URL must be configured for any status changes. To perform this configuration, please contact CyberSource Support.

Supported Carat Portal interfaces

• Payment Link via Portal
• HTML Payment Link via API
• REST Payment
• REST Pre-Authorization
• HTML Payment
• HTML Pre-Authorization

Allowed card brands

Listed below the authorizers supported by CyberSource:

• Visa
• MasterCard
• American Express
• Discover
• Diners Club
• Carte Blanche
• JCB
• EnRoute
• JAL
• Delta
• Dankort
• Laser
• Carte Bleue
• Carta Si
• Encoded account number
• UATP
• GE Money UK card
• Style
• Hipercard
• Aura
• Elo
• Elo Débito (Auxílio Emergencial)

Refund notification due to fraud

When canceling a payment due to fraud, you can notify Cybersource what happened and mark the transaction as fraudulent.

Currently, only the REST Cancellation interface can send complementary data to CyberSource. For this, it's necessary to send the following fields:

Field	Description
anti_fraud	Object with anti-fraud data.
chargeback	Informs whether the notification to Cybersource will be made or not. Allowed values: true ou false Default value: false
marked_data	Informs which fields will be relevant to notify to Cybersource that this transaction was a fraud attempt. This fields receives an array of values. For example: "marked_data":["ship_address","customer_phone","customer_email"]. Fields that can be informed: account_key_hash customer_account_id customer_email customer_idaddress customer_phone device_fingerprint ship_address If no content is sent, the default values assumed by Cybersource will be account_key_hash, customer_email and ship_address.

Example:

To use this example, don't forget to define the variable {{url}} with the value
esitef-homologacao.softwareexpress.com.br

curl

--request PUT "https://esitef-homologacao.softwareexpress.com.br/e-sitef/api/v1/cancellations/1234567890abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmnopqr"

--header "Content-Type: application/json"

--header "merchant_id: xxxxxxxxxxx"

--header "merchant_key: xxxxxxxxxxx"

--data-binary

{

"card":{

"security_code":"123",

"number":"5555555555555555",

"expiry_date":"1222"

},

"amount":"1000",

"anti_fraud":{

"chargeback":"true",

"marked_data":[

"account_key_hash",

"customer_account_id",

"customer_email"

]

}

}

--verbose

Anti-fraud parameter for CyberSource

Below is the list of anti-fraud parameters processed by CyberSource. Some parameters have different treatments depending on the institution and the "Additional detail" column that specifies CyberSource's treatment. For details of each parameter, see the anti-fraud parameters list.

Property Carat Portal	Property CyberSource	Additional detail
currency	PurchaseTotals_currency	-
items		Object json Array (Learn more)
payer		Object json Array (Learn more) Present only on REST calls
shipment		Object json Array (Learn more)
billing_data		Object json Array (Learn more) If informed, it will take precedence over the data that is also informed in the payer
browser		Object json (Learn more)
travel		Object json (Learn more). Required, if the item is an air ticket
passengers		Object json Array (Learn more)
connections		Object json Array (Learn more)
mdd		Object json Array (Learn more). The allowed values can be found here.

Object items

Property Carat Portal	Property CyberSource	Additional detail
id	Item_#_ID	String with numeric content
sku	Item_#_productSKU	Required
title	Item_#_productName	-
quantity	Item_#_Quantity	-
unit_price	Item_#_unitPrice	Required
category_id	Item_#_productCode	Allowed values: adult_content default electronic_good electronic_software gift_certificate handling_only service shipping_and_handling shipping_only stored_value subscription . Required. When the used value is not default, the fields item_#_quantity, item_#_productName e item_#_productSKU are mandatory!
tax_amount	Item_#_taxAmount	-

Object payer

Note: Present only on REST calls

Property Carat Portal	Property CyberSource	Additional detail
name	billTo_firstName	-
surname	billTo_lastName	-
email	billTo_email	-
address		Object json (Learn more)
phones		Object json Array (Learn more)
documents		Object json Array (Learn more)

Object address of payer

Property Carat Portal	Property CyberSource	Additional detail
street_name + street_number	street1	-
complement	billTo_street2	-
city	billTo_city	-
state	billTo_state	-
zip_code	billTo_postalCode	-
country	billTo_country	-

Object phones of payer

Property Carat Portal	Property CyberSource	Additional detail
ddi + ddd + billTo_number	phoneNumber	-

Object documents of payer

Property Carat Portal	Property CyberSource	Additional detail
number	billTo_customerID	-
number	billTo_personalID	-

Object shipment

Property Carat Portal	Property CyberSource	Additional detail
name	shipTo_firstName	-
surname	shipTo_lastName	-
address		Object json (Learn more)
phones		Object json Array (Learn more)

Object address of shipment

Property Carat Portal	Property CyberSource	Additional detail
street_name	shipto_street1	Must send the street number and the complement. Use the keywords AP (apartment), APTO (apartment), LOTE (lot), CASA (house) or BLOCO (block).
street_name2	shipto_street2	Must send the street number and the complement. Use the keywords AP (apartment), APTO (apartment), LOTE (lot), CASA (house) or BLOCO (block).
street_number	shipto_street1	-
apartment	Will be appended to the shipto_street2	-
complement	Will be appended to the shipto_street2	-
city	shipto_city	-
state	shipto_state	-
country	shipto_country	Must use the ISO pattern
zip_code	shipto_postalCode	-
building_number	shipto_building_number	-

Object phones of shipment

Property Carat Portal	Property CyberSource	Additional detail
ddi	shipTo_phoneNumber	-
ddd	shipTo_phoneNumber	-
number	shipTo_phoneNumber	-

Object billing_data

Note: If informed, it will take precedence over the data that is also informed in the payer

Property Carat Portal	Property CyberSource	Additional detail
address		Object json Array (Learn more)
phones		Object json Array (Learn more)

Object address of billing_data

Property Carat Portal	Property CyberSource	Additional detail
street_name	billTo_street1	Must send the street number and the complement. Use the keywords AP (apartment), APTO (apartment), LOTE (lot), CASA (house) or BLOCO (block).
street_name2	billTo_street2	Must send the street number and the complement. Use the keywords AP (apartment), APTO (apartment), LOTE (lot), CASA (house) or BLOCO (block).
street_number	billTo_street1	-
apartment	Will be appended to the billTo_street2	-
complement	Will be appended to the billTo_street2	-
city	billTo_city	-
state	billTo_state	-
country	billTo_country	Must use the ISO pattern
zip_code	billTo_postalCode	-

Object phones of billing_data

Property Carat Portal	Property CyberSource	Additional detail
ddi	billTo_phoneNumber	-
ddd	billTo_phoneNumber	-
number	billTo_phoneNumber	-

Object browser

Property Carat Portal	Property CyberSource	Additional detail
ip_address	billTo_ipAddress	If this field is not sent, the client's IP will be sent

Object travel

Property Carat Portal	Property CyberSource	Additional detail
route	decisionManager_travelData_completeRoute	-
journey_type	decisionManager_travelData_journeyType	-
departure_date_time	decisionManager_travelData_journeyType	-

Object passengers

Property Carat Portal	Property CyberSource	Additional detail
id	item_#_passengerId	-
name	item_#_passengerFirstName	Fill with passenger's first name
last_name	item_#_passengerLastName	Required
frequente_flyer_card	item_#_passengerID	The field billTocustomerID can hold the same information
email	item_#_passengerEmail	Must be unique, otherwise, the transaction will be refused by CyberSource with reason code 102.
status	item_#_passengerStatus	-
type	item_#_passengerType	-
unit_price	item_#_unitPrice	-
phones		Object json Array (Learn more)

Object phones of passengers

Property Carat Portal	Property CyberSource	Additional detail
ddi	item_#_passengerPhone	-
ddd	item_#_passengerPhone	-
number	item_#_passengerPhone	-

Object connections

Property Carat Portal	Property CyberSource	Additional detail
flight_date	decisionManager_travelData_departureDateTime	the following formats are allowed: yyyy-MM-dd HH:mm z yyyy-MM-dd hh:mm a z yyyy-MM-dd hh:mma z Consider: HH = time in 24 hours format hh = time in 12 hours format a = am or pm (case insensitive) z = timezone of departure flight (if is the offset according to GMT, use the format: GMT-03:00)
from	decisionManager_travelData_leg_#_origin	Use this reference in order to get the airports codes.
to	decisionManager_travelData_leg_#_destination	Use this reference in order to get the airports codes. It's possible to consider the complete route with the field decisionManager_travelData_completeRoute. If all those fields are sent, the completeRoute field will be used.
departure_date	decisionManager_travelData_departureDateTime	-

Object mdd

Property Carat Portal	Property CyberSource	Additional detail
id	merchantDefinedData_mddField_id	It can range from 1 to 100 defined by the merchant in an agreement with Cybersource.
value	merchantDefinedData_mddField_value	Value of the field defined by the merchant in an agreement with Cybersource.

mdd values

The MDDs are additional data that help with the accuracy of Cybersource's anti-fraud analysis and sending them is highly recommended. There are three MDD ID ranges:

• Between 1 to 4, refers to MDD that will be filled out by Carat Portal itself.
• Between 5 and 20, refers to MDD that are independent of store activity.
• Between 21 and 1000, refers to MDD that are dependent of the store's activity and the filling must follow the guidelines of Cybersource. The allowed values ​​of id and the description of the value content are:

ID	Resume	Description
5	Sales channel	Sales channel of the product/service: Web, App, Ticket Office, etc.)
6	OS	Operational System used by the customer: Android, iOS, Windows, etc.
7	Application Version	Merchant's Application Version : 1.0.12
8	Provisioned for future data	Provisioned for future data.
9	Provisioned for future data	Provisioned for future data.
10	Provisioned for future data	Provisioned for future data.
11	Name used in registration	Nome registrado no cadastro (Obs: em caso de compra guest`* não enviar valor por gentileza)
12	CPF used in registration	CPF registrado no cadastro.
13	Client register age in days	Tempo de cadastro do cliente em dias. Formato: NNNNN
14	Days since first order	Quantidade de dias passados desde o primeiro pedido. Formato: NNNNN
15	Days since last order	Quantidade de dias passados desde o último pedido. Formato: NNNNN
16	Total orders quantity	Quantidade total de pedidos realizados pelo CPF cadastrado. Formato: NNNNN
17	Days since last registration change	Quantidade de dias passados desde a última alteração cadastral. Formato: NNNNN
18	Provisioned for future data	Provisioned for future data.
19	Provisioned for future data	Provisioned for future data.
20	Provisioned for future data	Provisioned for future data.

ATTENTION: Parameters that exist in payer, billing and shipment when not passed to the transaction creation service via additional_data, will be requested in the payment screen. If the parameters are passed in the transaction creation service, you will not be asked to fill in the fields on the payment screen.

Example

Example of HTML payment request with risk analysis on CyberSource

{

"merchant_id": "CYBERSRCPERMI1",

"order_id": "1629744599356",

"amount": "1000",

"transaction_type": "payment",

"installments": "1",

"installment_type": "4",

"authorizer_id": "2",

"amount": "21800",

"additional_data": {

"anti_fraud": "enabled_before_auth",

"items": [

{

"id": "1",

"title": "bola 1",

"quantity": "1",

"unit_price": "50000",

"category_id": "others",

"sku": "123"

},

{

"id": "2",

"title": "bola 2",

"quantity": "2",

"unit_price": "25000",

"category_id": "others",

"sku": "124"

}

],

"payer": {

"name": "Joaquim",

"surname": "Severino",

"email": "allison@confiavel.com",

"phones": [

{

"number": "123123123",

"ddd": "11",

"ddi": "34"

}

],

"documents": [

{

"type": "CPF",

"number": "09719224703"

}

],

"address": {

"zip_code": "02932900",

"street_number": "123",

"street_name": "rua bill",

"city": "sao paulo",

"state": "SP",

"country": "BR",

"complement": "complemento"

}

},

"shipment": {

"name": "Joao",

"surname": "Silva Ship",

"address": {

"zip_code": "12345678",

"street_number": "Rua do Exemplo",

"street_name": "123",

"apartment": "901",

"city": "São Paulo",

"complement": "Sobreloja 3",

"country": "BR",

"state": "SP"

},

"phones": [

{

"number": "123123123",

"ddd": "11",

"ddi": "34"

}

]

},

"browser": {

"ip_address": "200.162.232.200"

},

"mdd": [

{

"id": "5",

"value": "Gichê"

},

{

"id": "6",

"value": "Linux"

}

]

}

}

REST Examples

Example 1

Example of request of REST payment with risk analisis in CyberSource hightlighted to "Items".

To use this example, don't forget to define the variable {{url}} with the value
esitef-homologacao.softwareexpress.com.br

curl --location --request POST 'https://esitef-homologacao.softwareexpress.com.br/e-sitef/api/v1/transactions' \

--header 'merchant_id: xxxxxxxxxxxxxxxxx' \

--header 'merchant_key: xxxxxxxxxxxxxxxxxxxxxx' \

--header 'Content-Type: application/json' \

--data-raw '{

"merchant_usn": "11063843776",

"order_id": "1629828190786",

"installments": "1",

"installment_type": "4",

"authorizer_id": "2",

"amount": "9700",

"additional_data": {

"anti_fraud": "enabled_before_auth",

"items": [

{

"id": "1",

"title": "bola 1",

"quantity": "1",

"unit_price": "50000",

"category_id": "others",

"sku": "123"

},

{

"id": "2",

"title": "bola 2",

"quantity": "2",

"unit_price": "25000",

"category_id": "others",

"sku": "124"

}

],

"payer": {

"name": "Joaquim",

"surname": "Severino",

"email": "allison@confiavel.com",

"phones": [

{

"number": "123123123",

"ddd": "11",

"ddi": "34"

}

],

"documents": [

{

"type": "CPF",

"number": "09719224703"

}

],

"address": {

"zip_code": "02932900",

"street_number": "123",

"street_name": "rua bill",

"city": "sao paulo",

"state": "SP",

"country": "BR",

"complement": "complemento"

}

},

"shipment": {

"name": "Joao",

"surname": "Silva Ship",

"address": {

"zip_code": "12345678",

"street_number": "Rua do Exemplo",

"street_name": "123",

"apartment": "901",

"city": "São Paulo",

"complement": "Sobreloja 3",

"country": "BR",

"state": "SP"

},

"phones": [

{

"number": "123123123",

"ddd": "11",

"ddi": "34"

}

]

},

"browser": {

"ip_address": "200.162.232.200"

}

}

}'

Example of response of REST payment with risk analisis in CyberSource hightlighted to "Items".

{

"code": "0",

"message": "OK. Transaction successful.",

"payment": {

"status": "NOV",

"nit": "<nit>",

"order_id": "1629828190786",

"merchant_usn": "11063843776",

"amount": "9700"

}

}

Example of request of REST payment effectuation with risk analisis in CyberSource hightlighted to "Items".

To use this example, don't forget to define the variable {{url}} with the value
esitef-homologacao.softwareexpress.com.br

curl --location --request POST 'https://esitef-homologacao.softwareexpress.com.br/e-sitef/api/v1/payments/<nit>' \

--header 'merchant_id: xxxxxxxxxxxxxxxxx' \

--header 'merchant_key: xxxxxxxxxxxxxxxxxxxxxx' \

--header 'Content-Type: application/json' \

--data-raw '{

"card": {

"number": "455182001234512345",

"expiry_date": "1122",

"security_code": "123",

"holder": "Abdul Natchos"

}

}'

Example of response of REST payment effectuation with risk analisis in CyberSource hightlighted to "Items".

{

"code": "0",

"message": "OK. Transaction successful.",

"payment": {

"authorizer_code": "000",

"authorizer_message": "Transacao OK!",

"status": "CON",

"nit": "<nit>",

"order_id": "1629828190786",

"customer_receipt": "...",

"merchant_receipt": "...",

"authorizer_id": "2",

"acquirer_id": "125",

"acquirer_name": "Cielo",

"authorizer_date": "14/07/2021T12:33",

"authorization_number": "145622",

"merchant_usn": "11063843776",

"esitef_usn": "210714076044700",

"sitef_usn": "145622",

"host_usn": "000145622 ",

"amount": "9700",

"payment_type": "C",

"issuer": "1",

"authorizer_merchant_id": "020000080750001",

"terminal_id": "ES000045",

"payment_date": "14/07/2021T12:33",

"analysis": {

"status": "ACC",

"code": "100",

"message": "ACCEPT | Score: 88"

}

}

}

Example 2

Example of request of REST payment with risk analisis in CyberSource highlighted "Items" and "passenger":

To use this example, don't forget to define the variable {{url}} with the value
esitef-homologacao.softwareexpress.com.br

curl --location --request POST 'https://esitef-homologacao.softwareexpress.com.br/e-sitef/api/v1/transactions' \

--header 'merchant_id: xxxxxxxxxxxxxxxxx' \

--header 'merchant_key: xxxxxxxxxxxxxxxxxxxxxx' \

--header 'Content-Type: application/json' \

--data-raw '{

"merchant_usn": "11063843776",

"order_id": "1629828190787",

"installments": "1",

"installment_type": "4",

"authorizer_id": "2",

"amount": "52912",

"additional_data": {

"anti_fraud": "enabled_before_auth",

"anti_fraud_criteria": "ON_SUCCESS",

"items": [

{

"title": "bola 1",

"quantity": "1",

"unit_price": "50000",

"tax_amount": "25",

"category_id": "default",

"id": "1",

"sku": "1234"

},

{

"title": "bola 2",

"quantity": "1",

"unit_price": "50000",

"tax_amount": "25",

"category_id": "default",

"id": "0",

"sku": "2552"

}

],

"payer": {

"name": "Joaquim",

"surname": "Silva Severino",

"email": "joaquin@exemplo.com",

"address": {

"zip_code": "01107001",

"street_number": "123",

"street_name": "Rua Augusta",

"apartment": "69",

"complement": "Ao lado do hotel",

"city": "São Paulo",

"state": "SP",

"country": "br"

},

"phones": [

{

"number": "998844551",

"ddd": "11",

"ddi": "55"

}

],

"documents": [

{

"type": "cpf",

"number": "68408639307"

}

]

},

"shipment": {

"type": "1",

"cost": "2000",

"name": "Joaquim",

"surname": "Silva",

"address": {

"zip_code": "12345678",

"street_number": "123",

"street_name": "Rua do Exemplo",

"complement": "CASA",

"city": "São Paulo",

"state": "SP",

"country": "br",

"county": "jardins"

},

"phones": [

{

"number": "123123123",

"ddd": "11",

"ddi": "34"

}

]

},

"passengers": [

{

"id": "3354688841",

"name": "Joaquim",

"last_name": "Severino",

"email": "allison@confiavel.com",

"customer_class": "standard",

"unit_price": "100000",

"type": "ADT",

"phone": {

"number": "998844551",

"ddd": "11",

"ddi": "55"

}

}

],

"mdd": [

{

"id": "5",

"value": "Gichê"

},

{

"id": "6",

"value": "Linux"

}

],

"travel": {

"route": "GIG-SFO:SFO-LAX",

"departure_date_time": "2019-12-19T09:00:00",

"journey_type": "Round_Trip"

},

"browser": {

"ip_address": "200.162.232.200"

}

}

}'

Example of response of REST payment with risk analisis in CyberSource highlighted "Items" and "passenger":

{

"code": "0",

"message": "OK. Transaction successful.",

"payment": {

"status": "NOV",

"nit": "<nit>",

"order_id": "1629828190787",

"merchant_usn": "11063843776",

"amount": "33012"

}

}

Example of request from payment effectivation of REST payment with risk analisys on CyberSource highlighted "Items" and "passenger":

curl --location --request POST 'https://esitef-homologacao.softwareexpress.com.br/e-sitef/api/v1/payments/<nit>' \

--header 'merchant_id: xxxxxxxxxxxxxxxxx' \

--header 'merchant_key: xxxxxxxxxxxxxxxxxxxxxx' \

--header 'Content-Type: application/json' \

--data-raw '{

"card": {

"number": "455182001234512345",

"expiry_date": "1122",

"security_code": "123",

"holder": "Joaquim S Severino"

}

}'

Example of response from payment effectivation of REST payment with risk analisys on CyberSource highlighted "Items" and "passenger":

{

"code": "0",

"message": "OK. Transaction successful.",

"payment": {

"authorizer_code": "000",

"authorizer_message": "Transacao OK!",

"status": "CON",

"nit": "<nit>",

"order_id": "1629828190787",

"customer_receipt": "...",

"merchant_receipt": "...",

"authorizer_id": "2",

"acquirer_id": "125",

"acquirer_name": "Cielo",

"authorizer_date": "14/07/2021T12:00",

"authorization_number": "145487",

"merchant_usn": "11063843776",

"esitef_usn": "210714076041520",

"sitef_usn": "145487",

"host_usn": "000145487 ",

"amount": "33012",

"payment_type": "C",

"issuer": "1",

"authorizer_merchant_id": "020000080750001",

"terminal_id": "ES000085",

"payment_date": "14/07/2021T12:00",

"analysis": {

"status": "ACC",

"code": "100",

"message": "ACCEPT | Score: 90"

}

}

}

Example 3

Example of request Review using simulator

To use this example, don't forget to define the variable {{url}} with the value
esitef-homologacao.softwareexpress.com.br

curl --location --request POST 'https://esitef-homologacao.softwareexpress.com.br/e-sitef/api/v1/transactions' \

--header 'merchant_id: xxxxxxxxxxxxxxxxx' \

--header 'merchant_key: xxxxxxxxxxxxxxxxxxxxxx' \

--header 'Content-Type: application/json' \

--data-raw '{

"merchant_usn": "11063843776",

"order_id": "1627061279316",

"installments": "1",

"installment_type": "4",

"authorizer_id": "2",

"amount": "19612",

"additional_data": {

"anti_fraud": "enabled_before_auth",

"payer": {

"name": "Joaquim",

"surname": "Severino",

"email": "allison@confiavel.com",

"phones": [

{

"number": "123123123",

"ddd": "11",

"ddi": "34"

}

],

"documents": [

{

"type": "CPF",

"number": "09719224703"

}

],

"address": {

"zip_code": "02932900",

"street_number": "123",

"street_name": "rua bill",

"city": "sao paulo",

"state": "SP",

"country": "BR",

"complement": "complemento"

}

},

"shipment": {

"name": "Joao",

"surname": "Silva Ship",

"address": {

"zip_code": "12345678",

"street_number": "Rua do Exemplo",

"street_name": "123",

"apartment": "901",

"city": "São Paulo",

"complement": "Sobreloja 3",

"country": "BR",

"state": "SP"

},

"phones": [

{

"number": "123123123",

"ddd": "11",

"ddi": "34"

}

]

},

"browser": {

"ip_address": "200.162.232.200"

}

}

}'

Example of response from Review using simulator

{

"code": "0",

"message": "OK. Transaction successful.",

"payment": {

"status": "NOV",

"nit": "<nit>",

"order_id": "1627061274344",

"merchant_usn": "11063843776",

"amount": "26312"

}

}

Example of request to effectuate payment from Review using simulator

To use this example, don't forget to define the variable {{url}} with the value
esitef-homologacao.softwareexpress.com.br

curl --location --request POST 'https://esitef-homologacao.softwareexpress.com.br/e-sitef/api/v1/payments/<nit>' \

--header 'merchant_id: xxxxxxxxxxxxxxxxx' \

--header 'merchant_key: xxxxxxxxxxxxxxxxxxxxxx' \

--header 'Content-Type: application/json' \

--data-raw '{

"card": {

"number": "455182001234512345",

"expiry_date": "1122",

"security_code": "123"

}

}'

Example of response from action of payment effectuation of Review using simulator

{

"code": "0",

"message": "OK. Transaction successful.",

"payment": {

"authorizer_code": "000",

"authorizer_message": "Transacao OK!",

"status": "PPC",

"nit": "<nit>",

"order_id": "1627061274344",

"customer_receipt": "...",

"merchant_receipt": "...",

"authorizer_id": "2",

"acquirer_id": "125",

"acquirer_name": "Cielo",

"authorizer_date": "23/07/2021T14:28",

"authorization_number": "235179",

"merchant_usn": "11063843776",

"esitef_usn": "210723076775210",

"sitef_usn": "235179",

"host_usn": "000235179 ",

"amount": "26312",

"payment_type": "C",

"issuer": "1",

"authorizer_merchant_id": "020000080750001",

"terminal_id": "ES000011",

"payment_date": "23/07/2021T14:28",

"analysis": {

"status": "REV",

"code": "100",

"message": "REVIEW | Score: 0"

}

}

}

Example 4

Example of request for Reject using simulator

To use this example, don't forget to define the variable {{url}} with the value
esitef-homologacao.softwareexpress.com.br

curl --location --request POST 'https://esitef-homologacao.softwareexpress.com.br/e-sitef/api/v1/transactions' \

--header 'merchant_id: xxxxxxxxxxxxxxxxx' \

--header 'merchant_key: xxxxxxxxxxxxxxxxxxxxxx' \

--header 'Content-Type: application/json' \

--data-raw '{

"merchant_usn": "11063843776",

"order_id": "1627061470845",

"installments": "1",

"installment_type": "4",

"authorizer_id": "2",

"amount": "82513",

"additional_data": {

"anti_fraud": "enabled_before_auth",

"payer": {

"name": "Joaquim",

"surname": "Severino",

"email": "allison@confiavel.com",

"phones": [

{

"number": "123123123",

"ddd": "11",

"ddi": "34"

}

],

"documents": [

{

"type": "CPF",

"number": "09719224703"

}

],

"address": {

"zip_code": "02932900",

"street_number": "123",

"street_name": "rua bill",

"city": "sao paulo",

"state": "SP",

"country": "BR",

"complement": "complemento"

}

},

"shipment": {

"name": "Joao",

"surname": "Silva Ship",

"address": {

"zip_code": "12345678",

"street_number": "Rua do Exemplo",

"street_name": "123",

"apartment": "901",

"city": "São Paulo",

"complement": "Sobreloja 3",

"country": "BR",

"state": "SP"

},

"phones": [

{

"number": "123123123",

"ddd": "11",

"ddi": "34"

}

]

},

"browser": {

"ip_address": "200.162.232.200"

}

}

}'

Example of response for Reject using simulator

{

"code": "0",

"message": "OK. Transaction successful.",

"payment": {

"status": "NOV",

"nit": "<nit>",

"order_id": "1627061470845",

"merchant_usn": "11063843776",

"amount": "82513"

}

}

Example of request for payment effectuation for Reject using simulator

curl --location --request POST 'https://esitef-homologacao.softwareexpress.com.br/e-sitef/api/v1/payments/<nit>' \

--header 'merchant_id: xxxxxxxxxxxxxxxxx' \

--header 'merchant_key: xxxxxxxxxxxxxxxxxxxxxx' \

--header 'Content-Type: application/json' \

--header 'Content-Type: application/json' \

--data-raw '{

"card": {

"number": "455182001234512345",

"expiry_date": "1122",

"security_code": "123"

}

}'

Example of response for payment effectuation for Reject using simulator

{

"code": "998",

"message": "Denied by antifraud",

"payment": {

"authorizer_code": "100",

"status": "NEG",

"nit": "<nit>",

"analysis": {

"status": "REJ",

"code": "100",

"message": "REJECT | Score: 0"

}

}

}

Example 5

Example of Request with invalid Item Id

To use this example, don't forget to define the variable {{url}} with the value
esitef-homologacao.softwareexpress.com.br

curl --location --request POST 'https://esitef-homologacao.softwareexpress.com.br/api/v1/transactions' \

--header 'merchant_id: xxxxxxxxxxxxxxxxx' \

--header 'merchant_key: xxxxxxxxxxxxxxxxxxxxxx' \

--header 'Content-Type: application/json' \

--data-raw '{

"merchant_usn": "11063843776",

"order_id": "1627062021650",

"installments": "1",

"installment_type": "4",

"authorizer_id": "2",

"amount": "21800",

"additional_data": {

"anti_fraud": "enabled_before_auth",

"items": [

{

"id": "1",

"title": "bola 1",

"quantity": "1",

"unit_price": "50000",

"category_id": "others",

"sku": "123"

},

{

"id": "2A",

"title": "bola 2",

"quantity": "2",

"unit_price": "25000",

"category_id": "others",

"sku": "124"

}

],

"payer": {

"name": "Joaquim",

"surname": "Severino",

"email": "allison@confiavel.com",

"phones": [

{

"number": "123123123",

"ddd": "11",

"ddi": "34"

}

],

"documents": [

{

"type": "CPF",

"number": "09719224703"

}

],

"address": {

"zip_code": "02932900",

"street_number": "123",

"street_name": "rua bill",

"city": "sao paulo",

"state": "SP",

"country": "BR",

"complement": "complemento"

}

},

"shipment": {

"name": "Joao",

"surname": "Silva Ship",

"address": {

"zip_code": "12345678",

"street_number": "Rua do Exemplo",

"street_name": "123",

"apartment": "901",

"city": "São Paulo",

"complement": "Sobreloja 3",

"country": "BR",

"state": "SP"

},

"phones": [

{

"number": "123123123",

"ddd": "11",

"ddi": "34"

}

]

},

"browser": {

"ip_address": "200.162.232.200"

}

}

}'

Example of Response with Invalid Item Id

{

"code": "350",

"message": "invalid item id value",

"payment": {

"status": "INV",

"nit": "<nit>",

"order_id": "1627062021650",

"merchant_usn": "11063843776",

"amount": "21800"

}

}

Response Codes

As explained in the chapter "Risk analysis response", the codes below are CyberSource's specific responses.

Code	Description
100	Transaction performed successfully and approved by the Decision Manager.
101	One or more of the required fields are missing in the request.
102	One or more of the required fields contains invalid data.
150	Error: General System Failure
151	Error: The request was received but timeout occurred. This error does not include timeout between client and server.
152	Error: The request was received, but a service did not finish in a timely manner.
202	Expired card