Online Payment has two interfaces for integration with the virtual store, HTTPS POST and HTTPS Web Services, enabling the proper way of interaction between the merchant and Online Payment, according to the programming language and the platform of the virtual store.
On the REST Web Service interface, the payment and card data will be collected by the merchant and Online Payment will only make the payment with the financial institution.
This interface provides payments with credit, debit or voucher cards. For payments such as electronic transfer or boleto, the POST/HTML interface must be used instead.
To make a Web Service transaction, the whole communication must be done via HTTPS/TLS. It's important that the merchant's server supports encryption of a minimum of 128 bits. The merchant's server must make calls on specific addresses to do REST transactions.
Each service must be called using the base URL concatenated with the desired resource (see the chapter related to the service to be consumed). The HTTP method (GET, POST or PUT) indicates the expected action on the selected resource. Listed below are the base URLs of Online Payment:
Production base URL:
Homologation base URL:
Every call received by the services will be responded synchronously.
Never use the IP instead of the esitef-ec.softwareexpress.com.br domain. The IP can change at any time without previous warning, so it's important to use the domain when accessing Online Payment.
Besides the response parameters of the services described in this specification, Online Payment can return other parameters without previous warning.
It's important that the application is prepared to receive the unknown parameters besides the fields already specified and simply ignore them.
The payment flow will be initiated by the merchant's application after the customer completes the purchase and sends the payment data.
There are two types of payment flow: with automatic confirmation, where Online Payment is responsible for confirming the payment with the acquirer; and with late confirmation, where the merchant's application is responsible for confirming the payment by consuming the confirmation service.
The late confirmation is usually used when the merchant's application allows paying with more than one card or when some validation is done before confirming the payment.
- The merchant creates a transaction on Online Payment passing information such as the merchant ID, number of installments and the order ID and obtains as response a NIT (Transaction Identifier Number).
- The merchants then proceeds consuming the payment effectuation service, passing the NIT and the customer's card data. In case of success, the payment transaction will change its status to
- As in the payment flow with automatic confirmation, the merchant creates a transaction on Online Payment passing the payment data. In addition, they must send the
postpone_confirmationparameter with the value
- The merchant then proceeds consuming the payment effectuation service, passing the NIT and the customer's card data. In case of success, the payment transaction will change its status to
PPC(pending payment confirmation).
- Concluding, the merchant calls the payment confirmation service, passing the NIT again and the parameter
true, resulting in a transaction with status
CON(confirmed). There is also the possibility for the merchant to undo de transaction instead of confirming. For this, the
confirmparameter must be sent with the value
false, which will result in a transaction with status