REST Payment
#
OverviewCarat Portal has two interfaces for integration with the virtual store, HTTPS POST and HTTPS Web Services, enabling the proper way of interaction between the merchant and Carat Portal, according to the programming language and the platform of the virtual store.
On the REST Web Service interface, the payment and card data will be collected by the merchant and Carat Portal will only make the payment with the financial institution.
This interface provides payments with credit, debit or voucher cards. For payments such as electronic transfer or boleto, the POST/HTML interface must be used instead.
And to learn more about these nomenclatures (Bin, Software Express, Carat, e-Sitef) Learn more
#
CommunicationTo make a Web Service transaction, the whole communication must be done via HTTPS/TLS. It's important that the merchant's server supports encryption of a minimum of 128 bits. The merchant's server must make calls on specific addresses to do REST transactions.
Each service must be called using the base URL concatenated with the desired resource (see the chapter related to the service to be consumed). The HTTP method (GET, POST or PUT) indicates the expected action on the selected resource. Listed below are the base URLs of Carat Portal:
Production base URL:
https://esitef.softwareexpress.com.br/e-sitef/api
Homologation base URL:
https://esitef-homologacao.softwareexpress.com.br/e-sitef/api
Every call received by the services will be responded synchronously.
Attention:
Never use the IP instead of the esitef.softwareexpress.com.br domain. The IP can change at any time without previous warning, so it's important to use the domain when accessing Carat Portal.
Important:
Besides the response parameters of the services described in this specification, Carat Portal can return other parameters without previous warning.
It's important that the application is prepared to receive the unknown parameters besides the fields already specified and simply ignore them.
#
FlowThe payment flow will be initiated by the merchant's application after the customer completes the purchase and sends the payment data.
There are two types of payment flow: with automatic confirmation, where Carat Portal is responsible for confirming the payment with the acquirer; and with late confirmation, where the merchant's application is responsible for confirming the payment by consuming the confirmation service.
The late confirmation is usually used when the merchant's application allows paying with more than one card or when some validation is done before confirming the payment.
#
Payment with automatic confirmationFlow description:
- The merchant creates a transaction via API passing information such as the merchant ID, number of installments and the order ID and obtains as response a NIT (Transaction Identifier Number).
- The merchants then proceeds consuming the payment effectuation service, passing the NIT and the customer's card data. In case of success, the payment transaction will change its status to
CON
(confirmed).
Example
To use this example, don't forget to define the variable {{url}}
with the value
esitef-homologacao.softwareexpress.com.br
Request:
Response: (note the transaction status, that is CON of Confirmed)
#
Payment with late confirmationFlow description:
- As in the payment flow with automatic confirmation, the merchant creates a transaction via API passing the payment data. In addition, they must send the
postpone_confirmation
parameter with the valuetrue
. - The merchant then proceeds consuming the payment effectuation service, passing the NIT and the customer's card data. In case of success, the payment transaction will change its status to
PPC
(pending payment confirmation). - Concluding, the merchant calls the payment confirmation service, passing the NIT again and the parameter
confirm
with valuetrue
, resulting in a transaction with statusCON
(confirmed). There is also the possibility for the merchant to undo de transaction instead of confirming. For this, theconfirm
parameter must be sent with the valuefalse
, which will result in a transaction with statusPPN
(undone).
Exemplo
To use this example, don't forget to define the variable {{url}}
with the value
esitef-homologacao.softwareexpress.com.br
Note the parameter
postpone_confirmation
included withtrue
value, and the transaction status that now isPPC
.
Response: