CyberSource

Required credentials#

As mentioned in "Overview - Required credentials", each institution has credentials that must be obtained for the integration. CyberSource's services demand credentials below:

  • Merchat ID (Merchant Code) - Merchant's key to access CyberSource's back office
  • Shared Secret - Merchant's key to access CyberSource's back office. If key is not registered, Carat Portal will not be able to query status CyberSource. In case any risk analysis transaction is with status pending, the decision configured by Merchant will be executed and Carat Portal will confirm or Carat Portal will cancel the transaction.
  • Key ID - Identification of the Shared Secret.
  • Org ID - * Key used to collect fingerprint data from the payer's browser.
  • p12 certificate - Security certification for orders analysis. The file should have the same name as Merchant ID in CyberSource system.
  • p12 Certificate Password - Password for p12 certificate. Defined on the CyberSource portal.

IMPORTANT: The credentials above should be obtained from CyberSource. It is recommended to contact CyberSource and receive guidance on how to obtain the credentials. Then, the merchant should contact Carat Portal support and send the credentials to register in Carat Portal.

To obtain the Shared Secret and the Key ID follow the instructions at:

https://developer.cybersource.com/api/developer-guides/dita-gettingstarted/authentication/createSharedKey.html

To obtain the .p12 certificate, follow the instructions at:

https://support.cybersource.com/s/article/How-to-Generate-a-Simple-Order-API-Security-Key

Webhook URL Configuration#

In order for us to receive status updates from the risk analysis transactions that are in manual revision, it is necessary to configure the Webhook URL on the CyberSource configuration environment.

Production URL:

https://prod.api.fiservapps.com/esitef-cybersource/processarPost.se?src=cybersource

Homologation URL:

https://prod.api.fiservapps.com/esitef-hml-cybersource/processarPost.se?src=cybersource

This URL must be configured for any status changes. To perform this configuration, please contact CyberSource Support.

Supported Carat Portal interfaces#

Allowed card brands#

Listed below the authorizers supported by CyberSource:

  • Visa
  • MasterCard
  • American Express
  • Discover
  • Diners Club
  • Carte Blanche
  • JCB
  • EnRoute
  • JAL
  • Delta
  • Dankort
  • Laser
  • Carte Bleue
  • Carta Si
  • Encoded account number
  • UATP
  • GE Money UK card
  • Style
  • Hipercard
  • Aura
  • Elo
  • Elo Débito (Auxílio Emergencial)

Refund notification due to fraud#

When canceling a payment due to fraud, you can notify Cybersource what happened and mark the transaction as fraudulent.

Currently, only the REST Cancellation interface can send complementary data to CyberSource. For this, it's necessary to send the following fields:

FieldDescription
anti_fraudObject with anti-fraud data.
chargebackInforms whether the notification to Cybersource will be made or not.
Allowed values: true ou false
Default value: false
marked_dataInforms which fields will be relevant to notify to Cybersource that this transaction was a fraud attempt.

This fields receives an array of values. For example: "marked_data":["ship_address","customer_phone","customer_email"].

Fields that can be informed:
  • account_key_hash
  • customer_account_id
  • customer_email
  • customer_idaddress
  • customer_phone
  • device_fingerprint
  • ship_address
If no content is sent, the default values assumed by Cybersource will be account_key_hash, customer_email and ship_address.

Example:

To use this example, don't forget to define the variable {{url}} with the value
esitef-homologacao.softwareexpress.com.br

curl
--request PUT "https://esitef-homologacao.softwareexpress.com.br/e-sitef/api/v1/cancellations/1234567890abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmnopqr"
--header "Content-Type: application/json"
--header "merchant_id: xxxxxxxxxxx"
--header "merchant_key: xxxxxxxxxxx"
--data-binary
{
"card":{
"security_code":"123",
"number":"5555555555555555",
"expiry_date":"1222"
},
"amount":"1000",
"anti_fraud":{
"chargeback":"true",
"marked_data":[
"account_key_hash",
"customer_account_id",
"customer_email"
]
}
}
--verbose

Anti-fraud parameter for CyberSource#

Below is the list of anti-fraud parameters processed by CyberSource. Some parameters have different treatments depending on the institution and the "Additional detail" column that specifies CyberSource's treatment. For details of each parameter, see the anti-fraud parameters list.

Property
Carat Portal
Property
CyberSource
Additional detail
currencyPurchaseTotals_currency-
itemsObject json Array (Learn more)
payerObject json Array (Learn more)
Present only on REST calls
shipmentObject json Array (Learn more)
billing_dataObject json Array (Learn more)
If informed, it will take precedence over the data that is also informed in the payer
browserObject json (Learn more)
travelObject json (Learn more). Required, if the item is an air ticket
passengersObject json Array (Learn more)
connectionsObject json Array (Learn more)
mddObject json Array (Learn more). The allowed values can be found here.

Object items#

Property
Carat Portal
Property
CyberSource
Additional detail
idItem_#_IDString with numeric content
skuItem_#_productSKURequired
titleItem_#_productName-
quantityItem_#_Quantity-
unit_priceItem_#_unitPriceRequired
category_idItem_#_productCodeAllowed values:
  • adult_content
  • default
  • electronic_good
  • electronic_software
  • gift_certificate
  • handling_only
  • service
  • shipping_and_handling
  • shipping_only
  • stored_value
  • subscription
. Required.

When the used value is not default, the fields item_#_quantity, item_#_productName e item_#_productSKU are mandatory!
tax_amountItem_#_taxAmount-

Object payer#

Note: Present only on REST calls

Property
Carat Portal
Property
CyberSource
Additional detail
namebillTo_firstName-
surnamebillTo_lastName-
emailbillTo_email-
addressObject json (Learn more)
phonesObject json Array (Learn more)
documentsObject json Array (Learn more)

Object address of payer#

Property
Carat Portal
Property
CyberSource
Additional detail
street_name + street_numberstreet1-
complementbillTo_street2-
citybillTo_city-
statebillTo_state-
zip_codebillTo_postalCode-
countrybillTo_country-

Object phones of payer#

Property
Carat Portal
Property
CyberSource
Additional detail
ddi + ddd + billTo_numberphoneNumber-

Object documents of payer#

Property
Carat Portal
Property
CyberSource
Additional detail
numberbillTo_customerID-
numberbillTo_personalID-

Object shipment#

Property
Carat Portal
Property
CyberSource
Additional detail
nameshipTo_firstName-
surnameshipTo_lastName-
addressObject json (Learn more)
phonesObject json Array (Learn more)

Object address of shipment#

Property
Carat Portal
Property
CyberSource
Additional detail
street_nameshipto_street1Must send the street number and the complement. Use the keywords AP (apartment), APTO (apartment), LOTE (lot), CASA (house) or BLOCO (block).
street_name2shipto_street2Must send the street number and the complement. Use the keywords AP (apartment), APTO (apartment), LOTE (lot), CASA (house) or BLOCO (block).
street_numbershipto_street1-
apartmentWill be appended to the shipto_street2-
complementWill be appended to the shipto_street2-
cityshipto_city-
stateshipto_state-
countryshipto_countryMust use the ISO pattern
zip_codeshipto_postalCode-
building_numbershipto_building_number-

Object phones of shipment#

Property
Carat Portal
Property
CyberSource
Additional detail
ddishipTo_phoneNumber-
dddshipTo_phoneNumber-
numbershipTo_phoneNumber-

Object billing_data#

Note: If informed, it will take precedence over the data that is also informed in the payer

Property
Carat Portal
Property
CyberSource
Additional detail
addressObject json Array (Learn more)
phonesObject json Array (Learn more)

Object address of billing_data#

Property
Carat Portal
Property
CyberSource
Additional detail
street_namebillTo_street1Must send the street number and the complement. Use the keywords AP (apartment), APTO (apartment), LOTE (lot), CASA (house) or BLOCO (block).
street_name2billTo_street2Must send the street number and the complement. Use the keywords AP (apartment), APTO (apartment), LOTE (lot), CASA (house) or BLOCO (block).
street_numberbillTo_street1-
apartmentWill be appended to the billTo_street2-
complementWill be appended to the billTo_street2-
citybillTo_city-
statebillTo_state-
countrybillTo_countryMust use the ISO pattern
zip_codebillTo_postalCode-

Object phones of billing_data#

Property
Carat Portal
Property
CyberSource
Additional detail
ddibillTo_phoneNumber-
dddbillTo_phoneNumber-
numberbillTo_phoneNumber-

Object browser#

Property
Carat Portal
Property
CyberSource
Additional detail
ip_addressbillTo_ipAddressIf this field is not sent, the client's IP will be sent

Object travel#

Property
Carat Portal
Property
CyberSource
Additional detail
routedecisionManager_travelData_completeRoute-
journey_typedecisionManager_travelData_journeyType-
departure_date_timedecisionManager_travelData_journeyType-

Object passengers#

Property
Carat Portal
Property
CyberSource
Additional detail
iditem_#_passengerId-
nameitem_#_passengerFirstNameFill with passenger's first name
last_nameitem_#_passengerLastNameRequired
frequente_flyer_carditem_#_passengerIDThe field billTocustomerID can hold the same information
emailitem_#_passengerEmailMust be unique, otherwise, the transaction will be refused by CyberSource with reason code 102.
statusitem_#_passengerStatus-
typeitem_#_passengerType-
unit_priceitem_#_unitPrice-
phonesObject json Array (Learn more)

Object phones of passengers#

Property
Carat Portal
Property
CyberSource
Additional detail
ddiitem_#_passengerPhone-
ddditem_#_passengerPhone-
numberitem_#_passengerPhone-

Object connections#

Property
Carat Portal
Property
CyberSource
Additional detail
flight_datedecisionManager_travelData_departureDateTimethe following formats are allowed:
  • yyyy-MM-dd HH:mm z
  • yyyy-MM-dd hh:mm a z
  • yyyy-MM-dd hh:mma z
Consider:
  • HH = time in 24 hours format
  • hh = time in 12 hours format
  • a = am or pm (case insensitive)
  • z = timezone of departure flight (if is the offset according to GMT, use the format: GMT-03:00)
fromdecisionManager_travelData_leg_#_originUse this reference in order to get the airports codes.
todecisionManager_travelData_leg_#_destinationUse this reference in order to get the airports codes. It's possible to consider the complete route with the field decisionManager_travelData_completeRoute. If all those fields are sent, the completeRoute field will be used.
departure_datedecisionManager_travelData_departureDateTime-

Object mdd#

Property
Carat Portal
Property
CyberSource
Additional detail
idmerchantDefinedData_mddField_idIt can range from 1 to 100 defined by the merchant in an agreement with Cybersource.
valuemerchantDefinedData_mddField_valueValue of the field defined by the merchant in an agreement with Cybersource.

mdd values#

The MDDs are additional data that help with the accuracy of Cybersource's anti-fraud analysis and sending them is highly recommended. There are three MDD ID ranges:

  • Between 1 to 4, refers to MDD that will be filled out by Carat Portal itself.
  • Between 5 and 20, refers to MDD that are independent of store activity.
  • Between 21 and 1000, refers to MDD that are dependent of the store's activity and the filling must follow the guidelines of Cybersource. The allowed values ​​of id and the description of the value content are:
IDResumeDescription
5Sales channelSales channel of the product/service: Web, App, Ticket Office, etc.)
6OSOperational System used by the customer: Android, iOS, Windows, etc.
7Application VersionMerchant's Application Version : 1.0.12
8Provisioned for future dataProvisioned for future data.
9Provisioned for future dataProvisioned for future data.
10Provisioned for future dataProvisioned for future data.
11Name used in registrationNome registrado no cadastro (Obs: em caso de compra guest`* não enviar valor por gentileza)
12CPF used in registrationCPF registrado no cadastro.
13Client register age in daysTempo de cadastro do cliente em dias. Formato: NNNNN
14Days since first orderQuantidade de dias passados desde o primeiro pedido. Formato: NNNNN
15Days since last orderQuantidade de dias passados desde o último pedido. Formato: NNNNN
16Total orders quantityQuantidade total de pedidos realizados pelo CPF cadastrado. Formato: NNNNN
17Days since last registration changeQuantidade de dias passados desde a última alteração cadastral. Formato: NNNNN
18Provisioned for future dataProvisioned for future data.
19Provisioned for future dataProvisioned for future data.
20Provisioned for future dataProvisioned for future data.

ATTENTION: Parameters that exist in payer, billing and shipment when not passed to the transaction creation service via additional_data, will be requested in the payment screen. If the parameters are passed in the transaction creation service, you will not be asked to fill in the fields on the payment screen.

Example#

Example of HTML payment request with risk analysis on CyberSource

{
"merchant_id": "CYBERSRCPERMI1",
"order_id": "1629744599356",
"amount": "1000",
"transaction_type": "payment",
"installments": "1",
"installment_type": "4",
"authorizer_id": "2",
"amount": "21800",
"additional_data": {
"anti_fraud": "enabled_before_auth",
"items": [
{
"id": "1",
"title": "bola 1",
"quantity": "1",
"unit_price": "50000",
"category_id": "others",
"sku": "123"
},
{
"id": "2",
"title": "bola 2",
"quantity": "2",
"unit_price": "25000",
"category_id": "others",
"sku": "124"
}
],
"payer": {
"name": "Joaquim",
"surname": "Severino",
"email": "allison@confiavel.com",
"phones": [
{
"number": "123123123",
"ddd": "11",
"ddi": "34"
}
],
"documents": [
{
"type": "CPF",
"number": "09719224703"
}
],
"address": {
"zip_code": "02932900",
"street_number": "123",
"street_name": "rua bill",
"city": "sao paulo",
"state": "SP",
"country": "BR",
"complement": "complemento"
}
},
"shipment": {
"name": "Joao",
"surname": "Silva Ship",
"address": {
"zip_code": "12345678",
"street_number": "Rua do Exemplo",
"street_name": "123",
"apartment": "901",
"city": "São Paulo",
"complement": "Sobreloja 3",
"country": "BR",
"state": "SP"
},
"phones": [
{
"number": "123123123",
"ddd": "11",
"ddi": "34"
}
]
},
"browser": {
"ip_address": "200.162.232.200"
},
"mdd": [
{
"id": "5",
"value": "Gichê"
},
{
"id": "6",
"value": "Linux"
}
]
}
}

REST Examples#

Example 1#

Example of request of REST payment with risk analisis in CyberSource hightlighted to "Items".

To use this example, don't forget to define the variable {{url}} with the value
esitef-homologacao.softwareexpress.com.br

curl --location --request POST 'https://esitef-homologacao.softwareexpress.com.br/e-sitef/api/v1/transactions' \
--header 'merchant_id: xxxxxxxxxxxxxxxxx' \
--header 'merchant_key: xxxxxxxxxxxxxxxxxxxxxx' \
--header 'Content-Type: application/json' \
--data-raw '{
"merchant_usn": "11063843776",
"order_id": "1629828190786",
"installments": "1",
"installment_type": "4",
"authorizer_id": "2",
"amount": "9700",
"additional_data": {
"anti_fraud": "enabled_before_auth",
"items": [
{
"id": "1",
"title": "bola 1",
"quantity": "1",
"unit_price": "50000",
"category_id": "others",
"sku": "123"
},
{
"id": "2",
"title": "bola 2",
"quantity": "2",
"unit_price": "25000",
"category_id": "others",
"sku": "124"
}
],
"payer": {
"name": "Joaquim",
"surname": "Severino",
"email": "allison@confiavel.com",
"phones": [
{
"number": "123123123",
"ddd": "11",
"ddi": "34"
}
],
"documents": [
{
"type": "CPF",
"number": "09719224703"
}
],
"address": {
"zip_code": "02932900",
"street_number": "123",
"street_name": "rua bill",
"city": "sao paulo",
"state": "SP",
"country": "BR",
"complement": "complemento"
}
},
"shipment": {
"name": "Joao",
"surname": "Silva Ship",
"address": {
"zip_code": "12345678",
"street_number": "Rua do Exemplo",
"street_name": "123",
"apartment": "901",
"city": "São Paulo",
"complement": "Sobreloja 3",
"country": "BR",
"state": "SP"
},
"phones": [
{
"number": "123123123",
"ddd": "11",
"ddi": "34"
}
]
},
"browser": {
"ip_address": "200.162.232.200"
}
}
}'

Example of response of REST payment with risk analisis in CyberSource hightlighted to "Items".

{
"code": "0",
"message": "OK. Transaction successful.",
"payment": {
"status": "NOV",
"nit": "<nit>",
"order_id": "1629828190786",
"merchant_usn": "11063843776",
"amount": "9700"
}
}

Example of request of REST payment effectuation with risk analisis in CyberSource hightlighted to "Items".

To use this example, don't forget to define the variable {{url}} with the value
esitef-homologacao.softwareexpress.com.br

curl --location --request POST 'https://esitef-homologacao.softwareexpress.com.br/e-sitef/api/v1/payments/<nit>' \
--header 'merchant_id: xxxxxxxxxxxxxxxxx' \
--header 'merchant_key: xxxxxxxxxxxxxxxxxxxxxx' \
--header 'Content-Type: application/json' \
--data-raw '{
"card": {
"number": "455182001234512345",
"expiry_date": "1122",
"security_code": "123",
"holder": "Abdul Natchos"
}
}'

Example of response of REST payment effectuation with risk analisis in CyberSource hightlighted to "Items".

{
"code": "0",
"message": "OK. Transaction successful.",
"payment": {
"authorizer_code": "000",
"authorizer_message": "Transacao OK!",
"status": "CON",
"nit": "<nit>",
"order_id": "1629828190786",
"customer_receipt": "...",
"merchant_receipt": "...",
"authorizer_id": "2",
"acquirer_id": "125",
"acquirer_name": "Cielo",
"authorizer_date": "14/07/2021T12:33",
"authorization_number": "145622",
"merchant_usn": "11063843776",
"esitef_usn": "210714076044700",
"sitef_usn": "145622",
"host_usn": "000145622 ",
"amount": "9700",
"payment_type": "C",
"issuer": "1",
"authorizer_merchant_id": "020000080750001",
"terminal_id": "ES000045",
"payment_date": "14/07/2021T12:33",
"analysis": {
"status": "ACC",
"code": "100",
"message": "ACCEPT | Score: 88"
}
}
}

Example 2#

Example of request of REST payment with risk analisis in CyberSource highlighted "Items" and "passenger":

To use this example, don't forget to define the variable {{url}} with the value
esitef-homologacao.softwareexpress.com.br

curl --location --request POST 'https://esitef-homologacao.softwareexpress.com.br/e-sitef/api/v1/transactions' \
--header 'merchant_id: xxxxxxxxxxxxxxxxx' \
--header 'merchant_key: xxxxxxxxxxxxxxxxxxxxxx' \
--header 'Content-Type: application/json' \
--data-raw '{
"merchant_usn": "11063843776",
"order_id": "1629828190787",
"installments": "1",
"installment_type": "4",
"authorizer_id": "2",
"amount": "52912",
"additional_data": {
"anti_fraud": "enabled_before_auth",
"anti_fraud_criteria": "ON_SUCCESS",
"items": [
{
"title": "bola 1",
"quantity": "1",
"unit_price": "50000",
"tax_amount": "25",
"category_id": "default",
"id": "1",
"sku": "1234"
},
{
"title": "bola 2",
"quantity": "1",
"unit_price": "50000",
"tax_amount": "25",
"category_id": "default",
"id": "0",
"sku": "2552"
}
],
"payer": {
"name": "Joaquim",
"surname": "Silva Severino",
"email": "joaquin@exemplo.com",
"address": {
"zip_code": "01107001",
"street_number": "123",
"street_name": "Rua Augusta",
"apartment": "69",
"complement": "Ao lado do hotel",
"city": "São Paulo",
"state": "SP",
"country": "br"
},
"phones": [
{
"number": "998844551",
"ddd": "11",
"ddi": "55"
}
],
"documents": [
{
"type": "cpf",
"number": "68408639307"
}
]
},
"shipment": {
"type": "1",
"cost": "2000",
"name": "Joaquim",
"surname": "Silva",
"address": {
"zip_code": "12345678",
"street_number": "123",
"street_name": "Rua do Exemplo",
"complement": "CASA",
"city": "São Paulo",
"state": "SP",
"country": "br",
"county": "jardins"
},
"phones": [
{
"number": "123123123",
"ddd": "11",
"ddi": "34"
}
]
},
"passengers": [
{
"id": "3354688841",
"name": "Joaquim",
"last_name": "Severino",
"email": "allison@confiavel.com",
"customer_class": "standard",
"unit_price": "100000",
"type": "ADT",
"phone": {
"number": "998844551",
"ddd": "11",
"ddi": "55"
}
}
],
"mdd": [
{
"id": "5",
"value": "Gichê"
},
{
"id": "6",
"value": "Linux"
}
],
"travel": {
"route": "GIG-SFO:SFO-LAX",
"departure_date_time": "2019-12-19T09:00:00",
"journey_type": "Round_Trip"
},
"browser": {
"ip_address": "200.162.232.200"
}
}
}'

Example of response of REST payment with risk analisis in CyberSource highlighted "Items" and "passenger":

{
"code": "0",
"message": "OK. Transaction successful.",
"payment": {
"status": "NOV",
"nit": "<nit>",
"order_id": "1629828190787",
"merchant_usn": "11063843776",
"amount": "33012"
}
}

Example of request from payment effectivation of REST payment with risk analisys on CyberSource highlighted "Items" and "passenger":

curl --location --request POST 'https://esitef-homologacao.softwareexpress.com.br/e-sitef/api/v1/payments/<nit>' \
--header 'merchant_id: xxxxxxxxxxxxxxxxx' \
--header 'merchant_key: xxxxxxxxxxxxxxxxxxxxxx' \
--header 'Content-Type: application/json' \
--data-raw '{
"card": {
"number": "455182001234512345",
"expiry_date": "1122",
"security_code": "123",
"holder": "Joaquim S Severino"
}
}'

Example of response from payment effectivation of REST payment with risk analisys on CyberSource highlighted "Items" and "passenger":

{
"code": "0",
"message": "OK. Transaction successful.",
"payment": {
"authorizer_code": "000",
"authorizer_message": "Transacao OK!",
"status": "CON",
"nit": "<nit>",
"order_id": "1629828190787",
"customer_receipt": "...",
"merchant_receipt": "...",
"authorizer_id": "2",
"acquirer_id": "125",
"acquirer_name": "Cielo",
"authorizer_date": "14/07/2021T12:00",
"authorization_number": "145487",
"merchant_usn": "11063843776",
"esitef_usn": "210714076041520",
"sitef_usn": "145487",
"host_usn": "000145487 ",
"amount": "33012",
"payment_type": "C",
"issuer": "1",
"authorizer_merchant_id": "020000080750001",
"terminal_id": "ES000085",
"payment_date": "14/07/2021T12:00",
"analysis": {
"status": "ACC",
"code": "100",
"message": "ACCEPT | Score: 90"
}
}
}

Example 3#

Example of request Review using simulator

To use this example, don't forget to define the variable {{url}} with the value
esitef-homologacao.softwareexpress.com.br

curl --location --request POST 'https://esitef-homologacao.softwareexpress.com.br/e-sitef/api/v1/transactions' \
--header 'merchant_id: xxxxxxxxxxxxxxxxx' \
--header 'merchant_key: xxxxxxxxxxxxxxxxxxxxxx' \
--header 'Content-Type: application/json' \
--data-raw '{
"merchant_usn": "11063843776",
"order_id": "1627061279316",
"installments": "1",
"installment_type": "4",
"authorizer_id": "2",
"amount": "19612",
"additional_data": {
"anti_fraud": "enabled_before_auth",
"payer": {
"name": "Joaquim",
"surname": "Severino",
"email": "allison@confiavel.com",
"phones": [
{
"number": "123123123",
"ddd": "11",
"ddi": "34"
}
],
"documents": [
{
"type": "CPF",
"number": "09719224703"
}
],
"address": {
"zip_code": "02932900",
"street_number": "123",
"street_name": "rua bill",
"city": "sao paulo",
"state": "SP",
"country": "BR",
"complement": "complemento"
}
},
"shipment": {
"name": "Joao",
"surname": "Silva Ship",
"address": {
"zip_code": "12345678",
"street_number": "Rua do Exemplo",
"street_name": "123",
"apartment": "901",
"city": "São Paulo",
"complement": "Sobreloja 3",
"country": "BR",
"state": "SP"
},
"phones": [
{
"number": "123123123",
"ddd": "11",
"ddi": "34"
}
]
},
"browser": {
"ip_address": "200.162.232.200"
}
}
}'

Example of response from Review using simulator

{
"code": "0",
"message": "OK. Transaction successful.",
"payment": {
"status": "NOV",
"nit": "<nit>",
"order_id": "1627061274344",
"merchant_usn": "11063843776",
"amount": "26312"
}
}

Example of request to effectuate payment from Review using simulator

To use this example, don't forget to define the variable {{url}} with the value
esitef-homologacao.softwareexpress.com.br

curl --location --request POST 'https://esitef-homologacao.softwareexpress.com.br/e-sitef/api/v1/payments/<nit>' \
--header 'merchant_id: xxxxxxxxxxxxxxxxx' \
--header 'merchant_key: xxxxxxxxxxxxxxxxxxxxxx' \
--header 'Content-Type: application/json' \
--data-raw '{
"card": {
"number": "455182001234512345",
"expiry_date": "1122",
"security_code": "123"
}
}'

Example of response from action of payment effectuation of Review using simulator

{
"code": "0",
"message": "OK. Transaction successful.",
"payment": {
"authorizer_code": "000",
"authorizer_message": "Transacao OK!",
"status": "PPC",
"nit": "<nit>",
"order_id": "1627061274344",
"customer_receipt": "...",
"merchant_receipt": "...",
"authorizer_id": "2",
"acquirer_id": "125",
"acquirer_name": "Cielo",
"authorizer_date": "23/07/2021T14:28",
"authorization_number": "235179",
"merchant_usn": "11063843776",
"esitef_usn": "210723076775210",
"sitef_usn": "235179",
"host_usn": "000235179 ",
"amount": "26312",
"payment_type": "C",
"issuer": "1",
"authorizer_merchant_id": "020000080750001",
"terminal_id": "ES000011",
"payment_date": "23/07/2021T14:28",
"analysis": {
"status": "REV",
"code": "100",
"message": "REVIEW | Score: 0"
}
}
}

Example 4#

Example of request for Reject using simulator

To use this example, don't forget to define the variable {{url}} with the value
esitef-homologacao.softwareexpress.com.br

curl --location --request POST 'https://esitef-homologacao.softwareexpress.com.br/e-sitef/api/v1/transactions' \
--header 'merchant_id: xxxxxxxxxxxxxxxxx' \
--header 'merchant_key: xxxxxxxxxxxxxxxxxxxxxx' \
--header 'Content-Type: application/json' \
--data-raw '{
"merchant_usn": "11063843776",
"order_id": "1627061470845",
"installments": "1",
"installment_type": "4",
"authorizer_id": "2",
"amount": "82513",
"additional_data": {
"anti_fraud": "enabled_before_auth",
"payer": {
"name": "Joaquim",
"surname": "Severino",
"email": "allison@confiavel.com",
"phones": [
{
"number": "123123123",
"ddd": "11",
"ddi": "34"
}
],
"documents": [
{
"type": "CPF",
"number": "09719224703"
}
],
"address": {
"zip_code": "02932900",
"street_number": "123",
"street_name": "rua bill",
"city": "sao paulo",
"state": "SP",
"country": "BR",
"complement": "complemento"
}
},
"shipment": {
"name": "Joao",
"surname": "Silva Ship",
"address": {
"zip_code": "12345678",
"street_number": "Rua do Exemplo",
"street_name": "123",
"apartment": "901",
"city": "São Paulo",
"complement": "Sobreloja 3",
"country": "BR",
"state": "SP"
},
"phones": [
{
"number": "123123123",
"ddd": "11",
"ddi": "34"
}
]
},
"browser": {
"ip_address": "200.162.232.200"
}
}
}'

Example of response for Reject using simulator

{
"code": "0",
"message": "OK. Transaction successful.",
"payment": {
"status": "NOV",
"nit": "<nit>",
"order_id": "1627061470845",
"merchant_usn": "11063843776",
"amount": "82513"
}
}

Example of request for payment effectuation for Reject using simulator

curl --location --request POST 'https://esitef-homologacao.softwareexpress.com.br/e-sitef/api/v1/payments/<nit>' \
--header 'merchant_id: xxxxxxxxxxxxxxxxx' \
--header 'merchant_key: xxxxxxxxxxxxxxxxxxxxxx' \
--header 'Content-Type: application/json' \
--header 'Content-Type: application/json' \
--data-raw '{
"card": {
"number": "455182001234512345",
"expiry_date": "1122",
"security_code": "123"
}
}'

Example of response for payment effectuation for Reject using simulator

{
"code": "998",
"message": "Denied by antifraud",
"payment": {
"authorizer_code": "100",
"status": "NEG",
"nit": "<nit>",
"analysis": {
"status": "REJ",
"code": "100",
"message": "REJECT | Score: 0"
}
}
}

Example 5#

Example of Request with invalid Item Id

To use this example, don't forget to define the variable {{url}} with the value
esitef-homologacao.softwareexpress.com.br

curl --location --request POST 'https://esitef-homologacao.softwareexpress.com.br/api/v1/transactions' \
--header 'merchant_id: xxxxxxxxxxxxxxxxx' \
--header 'merchant_key: xxxxxxxxxxxxxxxxxxxxxx' \
--header 'Content-Type: application/json' \
--data-raw '{
"merchant_usn": "11063843776",
"order_id": "1627062021650",
"installments": "1",
"installment_type": "4",
"authorizer_id": "2",
"amount": "21800",
"additional_data": {
"anti_fraud": "enabled_before_auth",
"items": [
{
"id": "1",
"title": "bola 1",
"quantity": "1",
"unit_price": "50000",
"category_id": "others",
"sku": "123"
},
{
"id": "2A",
"title": "bola 2",
"quantity": "2",
"unit_price": "25000",
"category_id": "others",
"sku": "124"
}
],
"payer": {
"name": "Joaquim",
"surname": "Severino",
"email": "allison@confiavel.com",
"phones": [
{
"number": "123123123",
"ddd": "11",
"ddi": "34"
}
],
"documents": [
{
"type": "CPF",
"number": "09719224703"
}
],
"address": {
"zip_code": "02932900",
"street_number": "123",
"street_name": "rua bill",
"city": "sao paulo",
"state": "SP",
"country": "BR",
"complement": "complemento"
}
},
"shipment": {
"name": "Joao",
"surname": "Silva Ship",
"address": {
"zip_code": "12345678",
"street_number": "Rua do Exemplo",
"street_name": "123",
"apartment": "901",
"city": "São Paulo",
"complement": "Sobreloja 3",
"country": "BR",
"state": "SP"
},
"phones": [
{
"number": "123123123",
"ddd": "11",
"ddi": "34"
}
]
},
"browser": {
"ip_address": "200.162.232.200"
}
}
}'

Example of Response with Invalid Item Id

{
"code": "350",
"message": "invalid item id value",
"payment": {
"status": "INV",
"nit": "<nit>",
"order_id": "1627062021650",
"merchant_usn": "11063843776",
"amount": "21800"
}
}

Response Codes#

As explained in the chapter "Risk analysis response", the codes below are CyberSource's specific responses.

CodeDescription
100Transaction performed successfully and approved by the Decision Manager.
101One or more of the required fields are missing in the request.
102One or more of the required fields contains invalid data.
150Error: General System Failure
151Error: The request was received but timeout occurred. This error does not include timeout between client and server.
152Error: The request was received, but a service did not finish in a timely manner.
202Expired card