Konduto

Required credentials#

As mentioned in the "Overview - Required credentials" chapter, each institution has credentials that must be obtained for the integration. Konduto's services demand the credentials below:

Private Key (Merchant Identification) - Private key of the merchant on Konduto.
Public Key (Merchant Code) - Public key of the merchant on Konduto.

IMPORTANT: The credentials above should be obtained from Konduto. It is recommended to contact Konduto and receive guidance on how to obtain the credentials. Then, the merchant should contact Carat Portal support and send the credentials to register in Carat Portal.

Web Hook URL Configuration#

In order for us to receive status updates from the risk analysis transactions, it is necessary to configure the Webhook URL on the Konduto configuration environment.

Production URL:

https://esitef.softwareexpress.com.br/e-sitef/processarPost.se?src=konduto

Homologation URL:

https://esitef-homologacao.softwareexpress.com.br/e-sitef/processarPost.se?src=konduto

This URL must be configured for any status changes. To perform this configuration, please contact Konduto Support.

Allowed card brands#

Konduto supports any card brand.

IMPORTANT: Only credit transactions will be effectively analyzed by Konduto. Debit transactions will be sent to the institution, but will only be stored for reporting and will not be analyzed.

Supported Carat Portal interfaces#

Konduto's anti-fraud parameters (Payment Link via HTML)#

For now, the data collected for the risk analysis will only be informed during the payer's checkout. Soon, new fields may be sent in the payment creation request.

Fields collected during Checkout#

The fields collected during checkout are:

Field	Field Description	Required
`Primeiro Nome do Comprador`	First name of the payer.	Yes
`Sobrenome do Comprador`	First name of the payer.	Yes
`CPF do Comprador`	CPF of the payer.	Yes
`Telefone`	Phone number of the payer.	Yes
`E-mail`	Email of the payer.	Yes
`Nome (como está no cartão)`	Name that is printed on the card used for the purchase.	Yes
`Endereco completo`	Full billing address.	Yes
`Complemento`	Complement of the billing address.	No
`CEP`	Zip code of the billing address.	Yes
`País`	Country of the billing address.	Yes
`Estado`	State of the billing address.	Yes
`Cidade`	City of the billing address.	Yes

Example#

Example of the HTML payment request with risk analysis at Konduto:

{
  "merchant_id": "KONDUTOTEST",
  "merchant_usn": "803208495",
  "order_id": "866705726000010",
  "redirect": "A",
  "style": "N",
  "amount": "100000",
  "authenticate": "0",
  "transaction_type": "payment",
  "payment_link": "true",
  "additional_data": {
    "currency": "BRL",
    "anti_fraud": "enabled_after_auth"
  }
}

Konduto's Anti-Fraud in the Payment Link via Portal#

To enable Konduto's anti-fraud for Payment Links generated by the Merchant Portal, please contact Carat Portal's support team.

Konduto Antifraud via REST#

After finishing your registration on Carat Portal, enabling the antifraud service integration, when initializing a REST payment (learn more) or REST pre-authorization (learn more), the merchant must send the anti_fraud property and the antifraud parameters (depending on the institution you're using), both included in the additional_data object.

The anti_fraud field determines how the risk analysis will be applied and may contain the following values:

enabled_before_auth - The antifraud will be executed BEFORE the payment authorization. If the analysis is rejected, the payment won't be initiated. In the case of a pre-authorization with a non-SiTef routing, if the antifraud requires a manual analysis, the Carat Portal leaves the transaction in the PPC (Pending Confirmation Payment) state and awaits the completion of the manual evaluation.
enabled_after_auth - The antifraud will be executed AFTER the payment authorization. If the analysis is rejected, the payment that was already authorized will be cancelled. In the case of a pre-authorization with a non-SiTef routing, the Carat Portal leaves the transaction in the PPC (Pending Confirmation Payment) state and awaits the completion of the manual evaluation.

Konduto antifraud parameters#

Below are described the antifraud parameters supported by Konduto.

Note: If payer, shipment and billing_data structures are provided in the HTML call, they will not be requested in the checkout screen.

Additional transaction data Shopping cart information Customer information Customer phone information Billing address information Shipment information Shipment address information Travel information Travel connections information Passengers information Hotel reservation information Hotel address information Hotel rooms information Hotel room guests information Event information Event venue information Event tickets information Event atendee information

Parameter	Description	Mandatory	Format
`additional_data`
`visitor_id`	Visitor identifier obtained using Konduto's JavaScript	NO	< 40 AN
`additional_data` `.items[]`
`unit_price`	Item unit price in cents	NO	< 10 N
`sku`	Item product code	NO	< 100 AN
`quantity`	Item quantity	NO	< 10 N
`id`	Unique item identification, that may be its bar code or UPC.	NO	< 100 AN
`title`	Product or service name	NO	< 100 AN
`discount_amount`	Discount amount of the product in cents	NO	< 10 N
`description`	Product description	NO	< 100 AN
`creation_date`	Indicates the date of publication of the product on the merchant's site (Format: `DD/MM/YYYY`)	NO	= 10 AN
`additional_data` `.payer`
`id`	Unique customer identifier. It may be any value (sequential, document, e-mail), as long as it's consistent on future orders.	YES	< 100 AN
`name`	Customer name	YES	< 100 AN
`surname`	Customer surname	YES	< 100 AN
`email`	Customer e-mail	YES	< 100 AN
`born_date`	Customer birth date (format : `YYYY-MM-DDTHH:MM:SS`)	NO	= 19 AN
`identification_number`	Customer document number	NO	< 100 AN
`creation_date`	Account creation date on the site (format: `DD/MM/YYYY` )	NO	= 10 AN
`is_new_client`	Boolean that indicates if the customer is using a recently created account in this purchase	NO	< 5 T/F
`is_vip_client`	Boolean that indicates if the customer is VIP or a frequent buyer	NO	< 5 T/F
`additional_data` `.payer` `.phones[]`
`ddi`	Customer phone IDD	NO	< 100 AN
`ddd`	Customer phone DDD	NO	< 100 AN
`number`	Customer phone number	NO	< 100 AN
`additional_data` `.billing_data` `.address`
`street_name`	Billing street name	NO	< 255 AN
`street_number`	Billing street number	NO	< 255 AN
`complement`	Billing address complement	NO	< 100 AN
`city`	Billing city	NO	< 100 AN
`state`	Billing state	NO	< 100 AN
`zip_code`	Billing zip code	NO	< 100 A N
`country`	Billing country code, following ISO 3166-1 alfa-3	NO	= 3 AN
`additional_data` `.shipment`
`name`	Name of the recipient	NO	< 100 AN
`surname`	Surname of the recipient	NO	< 100 AN
`additional_data` `.shipment` `.address`
`street_name`	Delivery street name	NO	< 255 AN
`street_number`	Delivery street number	NO	< 255 AN
`complement`	Delivery address complement	NO	< 255 AN
`city`	Delivery city	NO	< 100 AN
`state`	Delivery state	NO	< 100 AN
`zip_code`	Delivery zip code	NO	< 100 AN
`country`	Delivery country code, following ISO 3166-1 alfa-3	NO	= 3 AN
`additional_data` `.travel`
`transport_type`	Travel transport type (`flight` or `bus`)	YES	< 6 AN
`expiration_date`	Expiration date (format: `DD/MM/YYYY` )	NO	= 10 AN
`additional_data` `.connections[]`
`journey_type`	`OUTWARD` - outward journey `RETURN` - return trip	YES	< 7 AN
`origin_city`	Origin city	YES, if `transport_type`=`bus`	< 100 AN
`destination_city`	Destination city	YES, se `transport_type`=`bus`	< 100 AN
`from`	IATA airport code of the origin airport	YES, if `transport_type`=`flight`	= 3 AN
`to`	IATA airport code of the destination airport	YES, if `transport_type`=`flight`	= 3 AN
`departure_date`	Departure date and time (format: `YYYY-MM-DDTHH:MM:SS`)	YES	< 17 AN
`class`	Seat class name (Ex: `economy`, `business` or `first`)	NO	< 8 AN
`class_code`	Seat class code	NO	< 20 AN
`company`	Airline name	NO	< 20 AN
`additional_data` `.passengers[]`
`name`	Passenger first name	YES	< 100 AN
`last_name`	Passenger last name	YES	< 100 AN
`legal_document`	Passenger document	YES	< 100 AN
`legal_document_type`	Passenger document type (`5` = passport, any other number = id)	YES	< 8 AN
`birth_date`	Passenger birth date (format: `YYYY-MM-DDTHH:MM:SS`)	NO	< 17 AN
`nationality`	Passenger nationality, following ISO 3166-1 alfa-3	NO	= 3 AN
`is_frequent_traveler`	Frequent traveler boolean	NO	< 5 T/F
`is_with_special_needs`	Boolean which indicates if it's a passenger with special needs	NO	< 5 T/F
`frequent_flyer_card`	Loyalty program type	NO	< 255 AN
`customer_class`	Loyalty program category	NO	< 255 AN
`additional_data` `.hotel_reservations[]`
`hotel`	Hotel name	YES	< 100 AN
`category`	Hotel category	NO	< 100 AN
`additional_data` `.hotel_reservations[]` `.address`
`street_name`	Hotel street name	NO	< 255 AN
`street_number`	Hotel street number	NO	< 255 AN
`complement`	Hotel address complement	NO	< 100 AN
`city`	Hotel city	NO	< 100 AN
`state`	Hotel state	NO	< 100 AN
`zip_code`	Hotel zip code	NO	< 100 AN
`country`	Hotel country code, following ISO 3166-1 alfa-3	NO	= 3 AN
`additional_data` `.hotel_reservations[]` `.rooms[]`
`number`	Room number	NO	< 100 AN
`code`	Room code	NO	< 100 AN
`type`	Room type	NO	< 100 AN
`check_in_date`	Check-in date and time (format: `YYYY-MM-DDTHH:MM:SS`)	YES	< 17 AN
`check_out_date`	Check-out date and time (format: `YYYY-MM-DDTHH:MM:SS`)	NO	< 17 AN
`number_of_guests`	Number of guests	NO	< 9999 N
`board_basis`	Feeding regime	NO	< 100 AN
`additional_data` `.hotel_reservations[]` `.rooms[]` `.guests[]`
`name`	Guest name	YES	< 100 AN
`document`	Guest document	NO	< 8 AN
`document_type`	Guest document type: `cpf` `rg` `passport` `id` `other`	NO	< 8 AN
`birth_date`	Guest birth date (format: `YYYY-MM-DDTHH:MM:SS`)	NO	< 17 AN
`nationality`	Guest nationality, following ISO 3166-1 alfa-3	NO	= 3 AN
`additional_data` `.events[]`
`name`	Event name	YES	< 255 AN
`date`	Event date and time (format `YYYY-MM-DDTHH:MM:SS`)	YES	< 17 AN
`type`	Event type: `show` `theater` `movies` `party` `festival` `course` `sports` `corporate`	YES	< 9 AN
`subtype`	Event type details	NO	< 255 AN
`additional_data` `.events[]` `.venue`
`name`	Venue name	NO	< 255 AN
`street_name`	Venue street name	NO	< 255 AN
`street_number`	Venue street number	NO	< 255 AN
`city`	Venue city	NO	< 255 AN
`state`	Venue state	NO	< 255 AN
`country`	Venue country code, following ISO 3166-1 alfa-3	NO	= 3 AN
`capacity`	Venue capacity	NO	< 255 AN
`additional_data` `.events[]` `.tickets[]`
`id`	Unique ticket identifier	NO	< 255 AN
`category`	Ticket category: `student` `senior` `government` `social` `regular`	YES	< 10 AN
`section`	Ticket section	NO	< 255 AN
`premium`	Premium ticket indicator	NO	< 5 T/F
`additional_data` `.events[]` `.tickets[]` `.attendee`
`name`	Atendee name	NO	< 255 AN
`document`	Atendee document	YES	< 100 AN
`document_type`	Atendee document type: `cpf` `cnpj` `rg` `passport` `other`	NO	< 100 AN
`birth_date`	Atendee birth date (format: `YYYY-MM-DDTHH:MM:SS`)	NO	< 17 AN

ATTENTION: Parameters that exist in payer, billing and shipment when not passed to the transaction creation service via additional_data, will be requested in the payment screen. If the parameters are passed in the transaction creation service, you will not be asked to fill in the fields on the payment screen.

Example#

Below is an example of a REST payment creation request with Konduto risk analysis:

{
  "merchant_usn": "2423423434",
  "order_id": "2432342343",
  "installments": "1",
  "installment_type": "4",
  "authorizer_id": "2",
  "amount": "1300",
  "additional_data": {
    "anti_fraud": "enabled_before_auth",
    "visitor_id": "XKhas09jcks",
    "items": [
      {
        "title": "title1",
        "quantity": "1",
        "unit_price": "1111",
        "description": "description1",
        "id": "id1",
        "discount_amount": "111",
        "sku": "sku1",
        "creation_date": "11/01/2011"
      }
    ],
    "payer": {
      "name": "Marcos",
      "surname": "da Silva",
      "email": "marocs@dasilva.com",
      "born_date": "1990-01-01T11:11:11",
      "creation_date": "02/03/2004",
      "is_new_client": "true",
      "is_vip_client": "true",
      "phones": [
        {
          "number": "333333333",
          "ddd": "22",
          "ddi": "11"
        },
        {
          "number": "666666666",
          "ddd": "55",
          "ddi": "44"
        }
      ],
      "identification_number": "47764543004"
    },
    "shipment": {
      "name": "Fernando",
      "surname": "Bezerra",
      "address": {
        "zip_code": "98764312",
        "street_number": "987",
        "street_name": "Rua Shipment",
        "complement": "ap. 587",
        "city": "São Shipment",
        "state": "MA",
        "country": "BRA"
      }
    },
    "passengers": [
      {
        "name": "Miguel",
        "last_name": "Herrera",
        "frequent_flyer_card": "frequentFlyerCard",
        "legal_document_type": "1",
        "legal_document": "12312312312",
        "birth_date": "1980-07-28T10:40:00",
        "customer_class": "customerClass",
        "nationality": "BRA",
        "is_frequent_traveler": "true",
        "is_with_special_needs": "true"
      }
    ],
    "connections": [
      {
        "company": "Verde",
        "class": "first",
        "from": "GRU",
        "to": "CGH",
        "departure_date": "2023-09-07T07:09:00",
        "journey_type": "OUTWARD",
        "origin_city": "San Juan",
        "destination_city": "Homero Lopez",
        "class_code": "VIP"
      },
      {
        "company": "Rosa",
        "class": "economy",
        "from": "BSB",
        "to": "VCP",
        "departure_date": "2022-10-21T16:39:00",
        "journey_type": "RETURN",
        "origin_city": "San Pablo",
        "destination_city": "Juanito Cruz",
        "class_code": "ECONOMY"
      }
    ],
    "hotel_reservations": [
      {
        "hotel": "Hotel Green Tree",
        "address": {
          "zip_code": "83392019",
          "street_number": "529",
          "street_name": "Rua Hoteleira",
          "complement": "ap. 019",
          "city": "San Hotel",
          "state": "AC",
          "country": "EN"
        },
        "rooms": [
          {
            "number": "902",
            "code": "ROOM902",
            "type": "King Size",
            "check_in_date": "2020-01-09T12:30:00",
            "check_out_date": "2020-01-19T13:00:00",
            "number_of_guests": "1",
            "board_basis": "Vegan",
            "guests": [
              {
                "name": "José Aníbal",
                "document": "98798798712",
                "document_type": "cpf",
                "birth_date": "12/03/1970",
                "nationality": "BRA"
              }
            ]
          }
        ],
        "category": "categoryhotel"
      }
    ],
    "billing_data": {
      "address": {
        "zip_code": "12341234",
        "street_number": "666",
        "street_name": "Rua Billing",
        "complement": "ap. 2369",
        "city": "São Billing",
        "state": "AM",
        "country": "BRA"
      }
    },
    "travel": {
      "transport_type": "flight",
      "expiration_date": "2022-02-14T01:30:00"
    },
    "discount_info": "Informações de desconto",
    "events": [
      {
        "name": "Evento de Rock",
        "date": "2021-11-22T09:28:00",
        "type": "show",
        "subtype": "music",
        "venue": {
          "name": "Debicard Hall",
          "street_name": "Rua do Evento",
          "street_number": "928",
          "city": "Jardinópolis",
          "state": "MS",
          "country": "DO",
          "capacity": "300"
        },
        "tickets": [
          {
            "id": "12h374612h4h",
            "category": "social",
            "section": "Seção 1",
            "premium": "true",
            "attendee": {
              "name": "Daniel Almeida",
              "document": "71728293945",
              "document_type": "other",
              "birth_date": "03/10/1990"
            }
          }
        ]
      }
    ]
  }
}