This documentation details the Fiserv PSP APIs, designed for integration with integrators, enabling the management of operations related to customers, accounts, collections and payments via Pix. The main functionalities include:
- Authentication: Obtain tokens for all transactions authentication
- Customer Management: Add, update, view and delete (CRUD) for customers
- Account Management: Add, update, view and delete (CRUD) accounts
- Pix Charges Generation: Create Pix charges efficiently and securely, allowing your customers to make payments via Pix
- Pix Payment Query: View the status and details of payments via Pix for greater control and transparency
- Refunds: Make payment refunds via Pix efficiently, ensuring customer satisfaction
- Settlement: Automatically or manual cash-out
- Webhook Management: Register webhooks to receive automatic notifications about important events such as payment confirmations or refund requests
- Reports: Generate detailed reports of Pix transactions, facilitating the monitoring of operations and reporting of settlements related to accounts
Table of contents#
Environments#
Produção
https://connect.latam.fiservapis.com/gateway
Tests
https://connect-cert.latam.fiservapis.com/gateway
Autentication#
🔒 /token#
POST#
Get the authentication token.
Parameters#
| Name | Located in | Description | Mandatory | Type |
|---|
| apikey | header | API Key | yes | string |
| x-timestamp | header | Date/time of the request (used to prevent replay attacks) | yes | string |
| x-request-id | header | Random ID used to identify the request | yes | string |
| x-hmac-signature | header | HMAC signature generated by combining the request parameters: Example: HMAC-SHA256( apikey + x-timestamp + requestBody + URL) | yes | string |
Request example#
application/x-www-form-urlencoded
| Field | Valor |
|---|
| client_id | user1234 |
| client_secret | userPassword@123 |
Responses#
| Code | Description |
|---|
| 200 | Returns the access token and expiration information |
Response example#
Webhook#
⬅️ /v1/webhook#
Management of the address to which notifications regarding the completion of customer registration (Know Your Customer process) and confirmation of billing and refund transactions carried out will be sent.
ATTENTION: To update the webhook URL, it is necessary to request it from the Fiserv team, as it is required to whitelist the URL on the proxy.
PUT#
Configure the Integrator's Webhook.
Parameters#
| Name | Located in | Description | Mandatory | Type |
|---|
| webhookUrl | body | URL that will be called in the callback | yes | string |
| apikey | header | API Key | yes | string |
| x-timestamp | header | Date/time of the request (used to prevent replay attacks) | yes | string |
| x-request-id | header | Random ID used to identify the request | sim | string |
| x-hmac-signature | header | HMAC signature generated by combining the request parameters: Example: HMAC-SHA256( apikey + x-timestamp + requestBody + URL) | yes | string |
| Authorization | header | Bearer token used for authentication | sim | string (bearerToken) |
Request example#
Responses#
| Code | Description |
|---|
| 204 | Webhook for notifications to the integrator. |
| 400 | Request with invalid format. |
| 503 | Service Unavailable |
GET#
Display the registered URL of the integrator's webhook.
Parameters#
| Name | Located in | Description | Mandatory | Type |
|---|
| Authorization | header | Bearer token used for authentication | yes | string (bearerToken) |
| webhookUrl | body | URL that will be called in the callback | yes | string |
| apikey | header | API Key | yes | string |
| x-timestamp | header | Date/time of the request (used to prevent replay attacks) | yes | string |
| x-request-id | header | Random ID used to identify the request | yes | string |
| x-hmac-signature | header | HMAC signature generated by combining the request parameters: Example: HMAC-SHA256( apikey + x-timestamp + requestBody + URL) | yes | string |
Responses#
| Code | Description |
|---|
| 200 | Webhook data |
| 503 | Service Unavailable |
DELETE#
Deleting the integrator's webhook.
Parameters#
| Name | Located in | Description | Mandatory | Type |
|---|
| webhookUrl | body | URL that will be called in the callback | yes | string |
| apikey | header | API Key | yes | string |
| x-timestamp | header | Date/time of the request (used to prevent replay attacks) | yes | string |
| x-request-id | header | Random ID used to identify the request | yes | string |
| x-hmac-signature | header | HMAC signature generated by combining the request parameters: Example: HMAC-SHA256( apikey + x-timestamp + requestBody + URL) | yes | string |
| Authorization | header | Bearer token used for authentication | yes | string (bearerToken) |
Responses#
| Code | Description |
|---|
| 204 | Webhook for Pix notifications canceled. |
| 503 | Service Unavailable |
### CALLBACKS
POST /client#
After the customer registration and the KYC process is completed, the URL registered for the webhook receives the following notification:
When Status = DONE, indicates that processing has been completed in the final KYC status and the customer information can be requested.
POST /v1/apm/pix/charges#
After the transaction charge is completed, the URL registered in the webhook receives the following notification:
| Field | Type | Description |
|---|
| Pix.endToEndId | string | End to End of payment confirmation |
| Pix.txid | string | Transaction id |
| Pix.chave | string | Account Pix Key |
| Pix.Status | string | Transaction Status [1 - Confirmed (Paid) ] |
| Pix.OperationType | string | Transaction Type (0 – Charge, 1- Refund, 2 – Reverse) |
Client#
/v1/client#
POST#
Adiciona um cliente.
Parameters#
| Name | Located in | Description | Type | Mandatory |
|---|
| apikey | header | API Key | string | yes |
| x-timestamp | header | Date/time of the request (used to prevent replay attacks) | string | yes |
| x-request-id | header | Random ID used to identify the request | string | yes |
| x-hmac-signature | header | HMAC signature generated by combining the request parameters: Example: HMAC-SHA256( apikey + x-timestamp + requestBody + URL) | string | yes |
| Authorization | header | Bearer token used for authentication | string (bearerToken) | yes |
| address.city | body | string | Client's city (ISO 3166) | yes |
| address.country | body | string | Client's country (ISO 3166) | yes |
| address.locality | body | string | Client's district (ISO 3166) | yes |
| address.number | body | string | Client's address number | no |
| address.postalCode | body | string | Client's ZIP Code address | yes |
| address.province | body | string | Client's adress State | yes |
| address.street | body | string | Client's adress Street | yes |
| address.subNumber | body | string | Client's adress Complement | no |
| document.number | body | string | Document Number | yes |
| document.type | body | enum | CNPJ | yes |
| contact.email | body | string | Client's E-mail | yes |
| contact.phone | body | string | Client's Phone number | yes |
| legalName | body | string | Client's legal name | yes |
| tradeName | body | string | Client's trade name | yes |
| averageTicket | body | decimal | Average ticket | yes |
Request example#
Responses#
| Name | Description | Type |
|---|
| clientId | Customer's unique ID | string |
| protocolId | Request protocol | string |
Response example#
After the client registration a KYC validation will happen asynchronously, and the result will be notified to the configured webhook.
| Code | Description |
|---|
| 200 | OK |
| 400 | Bad Request |
| 403 | Forbidden |
| 404 | Not Found |
| 500 | Internal Server Error |
| 503 | Service Unavailable |
| 504 | Gateway Timeout |
/v1/client/{clientId}#
GET#
Search for information about the customer's "Know Your Customer" status.
Parameters#
| Name | Located in | Description | Mandatory | Type |
|---|
| apikey | header | API Key | yes | string |
| x-timestamp | header | Date/time of the request (used to prevent replay attacks) | yes | string |
| x-request-id | header | Random ID used to identify the request | yes | string |
| x-hmac-signature | header | HMAC signature generated by combining the request parameters: Example: HMAC-SHA256( apikey + x-timestamp + requestBody + URL) | yes | string |
| Authorization | header | Bearer token for authentication | yes | string (bearerToken) |
| clientId | path | client id | yes | string |
| webhookUrl | body | URL that will be called in the callback | yes | string |
Responses#
The KycSytatus can be one of the following:
🔸 APPROVED
🔸 PENDING
🔸 PROCESSING
🔸 REFUSED
🔸 ERROR
Only the APPROVED status can allow the continuation of the accreditation process and the creation of a Pix Account
| Code | Description |
|---|
| 200 | OK |
| 400 | Bad Request |
| 403 | Forbidden |
| 404 | Not Found |
| 500 | Internal Server Error |
| 503 | Service Unavailable |
| 504 | Gateway Timeout |
Pix Account#
General Information about Account Management#
pixFee#
Pix fee is the fee charged for each transaction made. When the business model is commission-based, fee can be a fixed amount (amount) or MDR - Merchant Discount Rate (percentage) . Alternatively, when the business model is billing, it must not have any value.
Example of a commission-based business model with a fixed fee#
Registered fee for the account: R$ 0,85
Charged value: R$ 30,00
Fee value: R$ 0,85
Net amount: R$ 29,15
Example of a commission-based business model with MDR#
Registered fee for the account: 1%
Charged value: R$ 22,00
Fee value: R$ 0,22
Net amount: R$ 21,78
/v1/client/{clientId}/apm/pix/account#
POST#
Add a pix account.
Parameters#
| Field | Located in | Type | Mandatory | Description |
|---|
| clientId | path | string | yes | Client Id |
| apikey | header | API Key | yes | string |
| x-timestamp | header | Date/time of the request (used to prevent replay attacks) | yes | string |
| x-request-id | header | Random ID used to identify the request | yes | string |
| x-hmac-signature | header | HMAC signature generated by combining the request parameters: Example: HMAC-SHA256( apikey + x-timestamp + requestBody + URL) | yes | string |
| Authorization | header | Bearer token for authentication | yes | string (bearerToken) |
| Settlement.pixKey | body | string | yes | PixKey of settlement account. Only the pix key or account information should be provided, never both. |
| Settlement.bankAccount.type | body | integer | yes | (enum) 0. Checking Account, 1. Deposit Account 2. Payment Account 3. Savings Account |
| Settlement.bankAccount.BankCompeCode | body | string | yes | COMPE Code (Check and Other Document Clearing System) |
| Settlement.bankAccount.agency | body | string | yes | Agency number |
| Settlement.bankAccount.accountNumber | body | string | yes | Account Number |
| Settlement.bankAccount.document.number | body | string | yes | Account's CNPJ. Must have the same root as the registered CNPJ |
| Settlement.bankAccount.document.type | body | string | yes | Always inform the “CNPJ” |
| Settlement.holdSettlement | body | bool | no | Identifies if charges are created with settlement hold (default false) |
| pixFee.amount | body | decimal | no | If percentage is given, it cannot be greater than 0 |
| pixFee.percentage | body | decimal | no | If this value is given, it cannot be greater than 0 |
| pixFee.min | body | decimal | no | Can be zero, but cannot be negative |
| pixFee.max | body | decimal | no | It can only be sent if the min exists; It cannot be zero, but cannot be negative and it can never be less than or equal to the min |
| userTermsAccept.number.number | body | string | yes | CPF of the person making the acceptance |
| userTermsAccept.document.type | body | string | yes | Always “CPF” |
| userTermsAccept.ip | body | string | yes | IP Address of the machine that gave the acceptance term |
| hasAutomaticSettlement | body | boolean | yes | Indicates if settlement occurs automatically |
Request example#
Responses#
| Code | Description |
|---|
| 200 | OK |
| 400 | Bad Request |
| 401 | Unauthorized |
| 422 | Client Error |
| 500 | Server Error |
Response example#
Possible errors:#
| ErrorCode | Error |
|---|
| 148 | The account name is invalid |
| 149 | The account's CNPJ is invalid |
| 154 | The fee must have a single value |
| 158 | Account not found |
| 161 | The account is not activated |
| 162 | The PixKey must be different from the AddressPixKey |
| 169 | The settlememt account provided is invalid. |
| 170 | A settlememt account is mandatory |
| 171 | It is not possible to inform two settlememt accounts |
| 174 | The liquidation account of the CNPJ is invalid |
| 176 | It is not possible to change the settlement information for this account |
| 177 | It is not possible to change the tax rate for this account |
| 178 | The ISPB code or COMPE code must be filled in |
| 187 | Maximum tax rate must be greater than minimum tax rate |
| 188 | Minimum rate must be reported because maximum rate has been reported |
| 189 | The minimum tax rate must be greater than or equal to zero |
| 190 | Maximum tax rate must be greater than zero |
| 191 | The minimum and maximum tax rate should only be reported in the case of an MDR rate |
/v1/client/{clientId}/apm/pix/account/{pixKey}'#
GET#
Return an account based on the PIX key.
Parameters#
| Name | Located in | Description | Mandatory | Type |
|---|
| apikey | header | API Key | yes | string |
| x-timestamp | header | Date/time of the request (used to prevent replay attacks) | yes | string |
| x-request-id | header | Random ID used to identify the request | yes | string |
| x-hmac-signature | header | HMAC signature generated by combining the request parameters: Example: HMAC-SHA256( apikey + x-timestamp + requestBody + URL) | yes | string |
| Authorization | header | Bearer token for authentication | yes | string (bearerToken) |
| pixKey | path | Account's PIX Key | yes | string |
| clientId | path | Client id | yes | string |
Responses#
| Code | Description |
|---|
| 200 | Success |
| 400 | Bad Request |
| 401 | Unauthorized |
| 422 | Client Error |
| 500 | Server Error |
Response example#
PUT#
Change a pix account.
Description:#
Endpoint that changes a pix account.
Parameters#
| Name | Located in | Description | Mandatory | Type |
|---|
| apikey | header | API Key | yes | string |
| x-timestamp | header | Date/time of the request (used to prevent replay attacks) | yes | string |
| x-request-id | header | Random ID used to identify the request | yes | string |
| x-hmac-signature | header | HMAC signature generated by combining the request parameters: Example: HMAC-SHA256( apikey + x-timestamp + requestBody + URL) | yes | string |
| Authorization | header | Bearer token used for authentication | yes | string (bearerToken) |
| pixKey | path | Account's PIX Key | yes | string |
| clientId | path | client id | yes | string |
| Settlement.pixKey | body | string | yes | PixKey of settlement account. Only the pix key or account information should be provided, never both. |
| Settlement.bankAccount.type | body | integer | yes | (enum) 0. Checking Account, 1. Deposit Account 2. Payment Account 3. Savings Account |
| Settlement.bankAccount.BankCompeCode | body | string | yes | COMPE Code (Check and Other Document Clearing System) |
| Settlement.bankAccount.agency | body | string | yes | Agency number |
| Settlement.bankAccount.accountNumber | body | string | yes | Account Number |
| Settlement.bankAccount.document.number | body | string | yes | Account's CNPJ. Must have the same root as the registered CNPJ |
| Settlement.bankAccount.document.number | body | string | yes | Account's CNPJ. Must have the same root as the registered CNPJ |
| Settlement.bankAccount.document.type | body | string | yes | Always inform the “CNPJ” |
| Settlement.holdSettlement | body | bool | no | Identifies if charges are created with liquidation hold (default false) |
| pixFee.amount | body | decimal | no | If percentage is given, it cannot be greater than 0 |
| pixFee.percentage | body | decimal | no | If this value is given, it cannot be greater than 0 |
| pixFee.min | body | decimal | no | Can be zero, but cannot be negative |
| pixFee.max | body | decimal | no | It can only be sent if the min exists; It cannot be zero, but cannot be negative and it can never be less than or equal to the min |
| hasAutomaticSettlement | body | boolean | yes | Indicates if settlement occurs automatically |
Request example#
Responses#
| Code | Description |
|---|
| 204 | No Content |
| 400 | Bad Request |
| 401 | Unauthorized |
| 422 | Client Error |
| 500 | Server Error |
| ErrorCode | Error |
|---|
| 154 | The fee must have a single value |
| 158 | Account not found |
| 161 | Account is not active |
| 162 | The PixKey must be different from the AddressPixKey |
| 169 | The settlememt account provided is invalid |
| 170 | A settlememt account is mandatory |
| 171 | It is not possible to inform two settlememt accounts |
| 174 | The settlement account CNPJ is invalid |
| 176 | It is not possible to change the settlement information for this account |
| 177 | It is not possible to change the tax rate for this account |
| 178 | The ISPB code or COMPE code must be filled in |
| 187 | Maximum tax rate must be greater than minimum tax rate |
| 188 | Minimum tax rate must be reported because maximum tax rate has been reported |
| 189 | The minimum tax rate must be greater than or equal to zero |
| 190 | Maximum tax rate must be greater than zero |
| 191 | The minimum and maximum tax rate should only be reported in the case of an MDR rate |
DELETE#
Delete a pix account.
Description:#
Endpoint to delete a pix account.
Parameters#
| Name | Located in | Description | Mandatory | Type |
|---|
| apikey | header | API Key | yes | string |
| x-timestamp | header | Date/time of the request (used to prevent replay attacks) | yes | string |
| x-request-id | header | Random ID used to identify the request | yes | string |
| x-hmac-signature | header | HMAC signature generated by combining the request parameters: Example: HMAC-SHA256( apikey + x-timestamp + requestBody + URL) | yes | string |
| Authorization | header | Bearer token used for authentication | yes | string (bearerToken) |
| pixKey | path | Account's PIX Key | yes | string |
| clientId | path | Client id | yes | string |
Responses#
| Code | Description |
|---|
| 204 | No Content |
| 400 | Bad Request |
| 401 | Unauthorized |
| 422 | Client Error |
| 500 | Server Error |
/v2/client/{clientId}/apm/pix/account/balance/{pixKey} ´#
GET#
Consult the account balance by pix key.
Parameters#
| Name | Located in | Description | Mandatory | Type |
|---|
| apikey | header | API Key | yes | string |
| x-timestamp | header | Date/time of the request (used to prevent replay attacks) | yes | string |
| x-request-id | header | Random ID used to identify the request | yes | string |
| x-hmac-signature | header | HMAC signature generated by combining the request parameters: Example: HMAC-SHA256( apikey + x-timestamp + requestBody + URL) | yes | string |
| Authorization | header | Bearer token for authentication | yes | string (bearerToken) |
| clientId | path | Client Identifier | yes | string |
| pixKey | path | Pix Key of the account | yes | string |
Responses#
| Field | Type | Additional Information |
|---|
| availableBalance | decimal | Available balance in the account |
| blockedBalance | decimal | Blocked balance in the account |
| totalBalance | decimal | Total balance in the account |
Response example#
/v1/client/{clientId}/apm/pix/accounts#
GET#
View a customer's accounts.
Parameters#
| Name | Located in | Description | Mandatory | Type |
|---|
| apikey | header | API Key | yes | string |
| x-timestamp | header | Date/time of the request (used to prevent replay attacks) | yes | string |
| x-request-id | header | Random ID used to identify the request | yes | string |
| x-hmac-signature | header | HMAC signature generated by combining the request parameters: Example: HMAC-SHA256( apikey + x-timestamp + requestBody + URL) | yes | string |
| Authorization | header | Bearer token used for authentication | yes | string (bearerToken) |
| clientId | path | Client id | yes | string |
| pagination.currentPage | query | Page to be consulted | no | int |
| pagination.pageSize | query | Number of items per page | no | int |
Responses#
| Code | Description |
|---|
| 200 | OK |
| 400 | Bad Request |
| 401 | Unauthorized |
| 422 | Client Error |
| 500 | Server Error |
Response example#
/v1/apm/pix/accounts#
GET#
Query an integrator's accounts.
Parameters#
| Name | Located in | Description | Mandatory | Type |
|---|
| apikey | header | API Key | yes | string |
| x-timestamp | header | Date/time of the request (used to prevent replay attacks) | yes | string |
| x-request-id | header | Random ID used to identify the request | yes | string |
| x-hmac-signature | header | HMAC signature generated by combining the request parameters: Example: HMAC-SHA256( apikey + x-timestamp + requestBody + URL) | yes | string |
| Authorization | header | Bearer token used for authentication | yes | string (bearerToken) |
| pagination.currentPage | query | Page to be consulted | no | int |
| pagination.pageSize | query | Number of items per page | no | int |
Responses#
| Code | Description |
|---|
| 200 | OK |
| 400 | Bad Request |
| 401 | Unauthorized |
| 422 | Client Error |
| 500 | Server Error |
Response example#
## Pix Transaction
/v1/apm/pix/charge#
POST#
Create pix charge.
Description:#
Endpoint to create an pix charge.
Parameters#
| Name | Located in | Description | Mandatory | Type |
|---|
| apikey | header | API Key | yes | string |
| x-timestamp | header | Date/time of the request (used to prevent replay attacks) | yes | string |
| x-request-id | header | Random ID used to identify the request | yes | string |
| x-hmac-signature | header | HMAC signature generated by combining the request parameters: Example: HMAC-SHA256( apikey + x-timestamp + requestBody + URL) | yes | string |
| Authorization | header | Bearer token for authentication | yes | string (bearerToken) |
| amount | body | Charge amount | yes | decimal |
| pixKey | body | Account's Pix Key | yes | string |
| returnQrCodeImage | body | Indicator that returns the qrCode image (false default) | yes | bool |
| expiration | body | QRcode expiration time in seconds | yes | int |
Request example#
Responses#
| Field | Type | Additional Information |
|---|
| txid | string | Transaction ID generated |
| location | string | Located in of the generated QRCode |
| qrCodeImage | bool | Base64 image of the QRcode (Only when returnQrCodeImage= true is specified) |
| status | string | Transaction status. Possible values: 0- PENDING;1 - CONFIRMED; 2 - CANCELLED |
| | |
| amount | decimal | Transaction value |
| pixCopyPaste | string | Copy and paste code from Pix |
| pixKey | string | Pix key used for the transaction |
| Code | Description |
|---|
| 200 | Pix charge created |
| 400 | Request with invalid format |
| 404 | The requested content was not found |
| 503 | This service is currently unavailable |
Response example#
| Error | Description |
|---|
| 157 | This charge does not have a fee amount |
| 96 | The settlement schedule date is less than the current date |
| 153 | The account for this pix key is not active |
| 157 | This charge does not have a fee amount |
| 158 | Account not found |
| 167 | Account suspended for billing processing |
| 193 | The charge cannot be null or negative |
/v1/apm/pix/charge/{txid}'#
GET#
Check immediate billing through a specific txid.
Parameters#
| Name | Located in | Description | Mandatory | Type |
|---|
| apikey | header | API Key | yes | string |
| x-timestamp | header | Date/time of the request (used to prevent replay attacks) | yes | string |
| x-request-id | header | Random ID used to identify the request | yes | string |
| x-hmac-signature | header | HMAC signature generated by combining the request parameters: Example: HMAC-SHA256( apikey + x-timestamp + requestBody + URL) | yes | string |
| Authorization | header | Bearer token for authentication | yes | string (bearerToken) |
| txid | path | Transaction Id | yes | string |
| returnQrCodeImage | query | Indicator whether QrCode should be generated in base64 or not | no | boolean |
Responses#
| Code | Description |
|---|
| 200 | Data from a immediate pix charge |
| 404 | The requested content was not found |
| 503 | This service is currently unavailable |
Response example#
/v1/apm/pix/charge/cancel/{txid} '#
PATCH#
Cancel immediate charge.
Parameters#
| Name | Located in | Description | Mandatory | Type |
|---|
| apikey | header | API Key | yes | string |
| x-timestamp | header | Date/time of the request (used to prevent replay attacks) | yes | string |
| x-request-id | header | Random ID used to identify the request | yes | string |
| x-hmac-signature | header | HMAC signature generated by combining the request parameters: Example: HMAC-SHA256( apikey + x-timestamp + requestBody + URL) | yes | string |
| Authorization | header | Bearer token for authentication | yes | string (bearerToken) |
| txid | path | | yes | string |
Responses#
| Code | Description |
|---|
| 204 | No Content |
| 400 | Request with invalid format |
| 404 | The requested content was not found |
| 503 | This service is currently unavailable |
/v1/apm/pix/charges#
GET#
Check the list of immediate charges using parameters such as start, end, CPF, CNPJ and status.
Parameters#
| Name | Located in | Description | Mandatory | Type |
|---|
| apikey | header | API Key | yes | string |
| x-timestamp | header | Date/time of the request (used to prevent replay attacks) | yes | string |
| x-request-id | header | Random ID used to identify the request | yes | string |
| x-hmac-signature | header | HMAC signature generated by combining the request parameters: Example: HMAC-SHA256( apikey + x-timestamp + requestBody + URL) | yes | string |
| Authorization | header | Bearer token used for authentication | yes | string (bearerToken) |
| startDate | query | Start date to filter the query | yes | timezone (ISO 8601) |
| endDate | query | End date to filter the query | yes | timezone (ISO 8601) |
| pixKey | query | Account Pix Key | no | string |
| documentNumber | query | CNPJ number | no | string |
| status | query | Status of the transactionPossible values: 1 - CONFIRMED; 2 - CANCELLED | | |
| no | string | | | |
| pagination.currentPage | query | | no | int |
| pagination.pageSize | query | | no | int |
Responses#
| Code | Description |
|---|
| 200 | List of pix charges |
| 503 | This service is currently unavailable |
Response#
| Property | Type | Description |
|---|
| results.txid | string | Pix charge unique identifier |
| results.location | string | Payloads location |
| results.qrCodeImage | bool | Base64 of the QrCode image |
| results.status | string (enum) | Status of the pix charge. Possible values: 0 - PENDING ;1 - CONFIRMED ; 2 - CANCELLED |
| results.amount | decimal | Amount of the pix charge (BRL) |
| results.pixCopyPaste | string | Copy and paste code |
| results.pixKey | string | Internal pix key of the account |
| results.expiration | int | Lifetime of the pix charge before expiration, specified in seconds |
| results.createdAt | DateTime (ISO 8601) | Date and time of creation |
| results.pix.confirmedAt | DateTime (ISO 8601) | Date and time of confirmation |
| results.pix.endToEndId | string | Unique end to end id for the pix charge |
| results.pix.amount | decimal | Amount of the payment (BRL) |
| results.pix.pixKey | string | Pix key of the receiver |
| pix.fraudReproval | enum | In case of reproval by the fraud prevention engine, this field will be populated with the following value: 1 - Fraud Suspected |
| results.pix.reverses.txid | string | Refunds unique identifier |
| results.pix.reverses.endToEndId | string | Unique end to end id for the refund |
| results.pix.reverses.amount | decimal | Refunded amount (BRL) |
| results.pix.reverses.confirmedAt | DateTime (ISO 8601) | Date and time of refund |
| results.pix.reverses.status | int (enum) | Status of the refund. Possible values: 1 - CONFIRMED 2 - CANCELLED |
| pagination.currentPage | int | Current page retrieved |
| pagination.pageSize | int | Current page size |
| pagination.totalPages | int | Total pages to be retrieved |
| pagination.totalItems | int | Total items to be retrieved |
| criteria.startDate | DateTime (ISO 8601) | Filter transactions after this date and time |
| criteria.endDate | DateTime (ISO 8601) | Filter transactions before this date and time |
| criteria.pixKey | string | Pix key of the account |
| criteria.documentNumber | string | Document number of the account |
| criteria.status | string | Status of the transaction values: 0 - PENDING; 1 - CONFIRMED; 2 - CANCELLED |
Response examples#
/v1/apm/pix/{endToEndId}/reverse/{txid} '#
PUT#
Request a refund.
Parameters#
| Name | Located in | Description | Mandatory | Type |
|---|
| apikey | header | API Key | yes | string |
| x-timestamp | header | Date/time of the request (used to prevent replay attacks) | yes | string |
| x-request-id | header | Random ID used to identify the request | yes | string |
| x-hmac-signature | header | HMAC signature generated by combining the request parameters: Example: HMAC-SHA256( apikey + x-timestamp + requestBody + URL) | yes | string |
| Authorization | header | Bearer token used for authentication | yes | string (bearerToken) |
| endToEndId | path | End to end transaction code | yes | string |
| txid | path | Transaction Id | yes | string |
| amount | body | Transaction amount | yes | string |
Request example#
Responses#
| Code | Description |
|---|
| 200 | Return data |
| 400 | Request with invalid format |
| 404 | The requested content was not found |
| 503 | This service is currently unavailable |
Response example#
GET#
Check return using a Pix End To End ID and return ID.
Parameters#
| Name | Located in | Description | Mandatory | Type |
|---|
| apikey | header | API Key | yes | string |
| x-timestamp | header | Date/time of the request (used to prevent replay attacks) | yes | string |
| x-request-id | header | Random ID used to identify the request | yes | string |
| x-hmac-signature | header | HMAC signature generated by combining the request parameters: Example: HMAC-SHA256( apikey + x-timestamp + requestBody + URL) | yes | string |
| Authorization | header | Bearer token used for authentication | yes | string (bearerToken) |
| endToEndId | path | Payment End To End Code | yes | string |
| txid | path | Transaction Id | yes | string |
Responses#
| Code | Description |
|---|
| 200 | Refunds data |
| 404 | The requested content was not found |
| 503 | This service is currently unavailable |
Response example#
/v1/apm/pix/charge/settlement/hold/{txid} '#
PATCH#
Block the pix charge settlement until it's unblocked.
/v1/apm/pix/charge/settlement/release/{txid}'#
Parameters#
| Name | Located in | Description | Mandatory | Type |
|---|
| apikey | header | API Key | yes | string |
| x-timestamp | header | Date/time of the request (used to prevent replay attacks) | yes | string |
| x-request-id | header | Random ID used to identify the request | yes | string |
| x-hmac-signature | header | HMAC signature generated by combining the request parameters: Example: HMAC-SHA256( apikey + x-timestamp + requestBody + URL) | yes | string |
| Authorization | header | Bearer token used for authentication | yes | string |
| txid | path | Charge unique identifier | yes | string |
Responses#
| Code | Description |
|---|
| 204 | No Content |
| 400 | Request with invalid format |
| 404 | Request content not found |
| 503 | Service unavailable |
/v1/apm/pix/charge/settlement/release/{txid}'#
PATCH#
Allows the pix charge to be settled in the next settlement window.
Parameters#
| Name | Located in | Description | Mandatory | Type |
|---|
| apikey | header | API Key | yes | string |
| x-timestamp | header | Date/time of the request (used to prevent replay attacks) | yes | string |
| x-request-id | header | Random ID used to identify the request | yes | string |
| x-hmac-signature | header | HMAC signature generated by combining the request parameters: Example: HMAC-SHA256( apikey + x-timestamp + requestBody + URL) | yes | string |
| Authorization | header | Bearer token used for authentication | yes | string |
| txid | path | Charge unique identifier | yes | string |
Responses#
| Code | Description |
|---|
| 204 | No Content |
| 400 | Request with invalid format |
| 404 | Request content not found |
| 503 | Service unavailable |
Cash-out#
/v2/apm/pix/cashout#
POST#
Create pix cashout.
Parameters#
| Name | Located in | Description | Mandatory | Type |
|---|
| apikey | header | API Key | yes | string |
| x-timestamp | header | Date/time of the request (used to prevent replay attacks) | yes | string |
| x-request-id | header | Random ID used to identify the request | yes | string |
| x-hmac-signature | header | HMAC signature generated by combining the request parameters: Example: HMAC-SHA256( apikey + x-timestamp + requestBody + URL) | yes | string |
| Authorization | header | Bearer token for authentication | yes | string (bearerToken) |
| amount | body | Amount to cashout (BRL) | yes | decimal |
| pixKey | query | Internal pix key of the account | yes | string |
| receiverPixKey | body | Pix key of the receiver, must belong to the receiverDocument | yes | bool |
| receiverDocument | body | Document of the receiver, will be validated together with the pix key | yes | string |
Request example#
Responses#
| Field | Type | Additional Information |
|---|
| txid | string | Cashouts unique identifier |
Response example#
After successfully requesting the cashout operation some validations will be made asynchronously, and the cashout might still be denied. The result from this validation, together with the confirmation key necessary for the confirmation request (next endpoint), will be sent to the webhook
.
GET#
Search and retrieve cash-outs. Allows for batch reconciliation.
Parameters#
| Name | Located in | Description | Mandatory | Type |
|---|
| apikey | header | API Key | yes | string |
| x-timestamp | header | Date/time of the request (used to prevent replay attacks) | yes | string |
| x-request-id | header | Random ID used to identify the request | yes | string |
| x-hmac-signature | header | HMAC signature generated by combining the request parameters: Example: HMAC-SHA256( apikey + x-timestamp + requestBody + URL) | yes | string |
| Authorization | header | Bearer token for authentication | yes | string (bearerToken) |
| pixKey | query | Pix key of the account | yes | string |
| startDate | query | Filter cashouts after the startDate | yes | DateTime (ISO 8601) |
| endDate | query | Filter cashouts before the endDate | yes | DateTime (ISO 8601) |
| status | query | Status of the cashout. | yes | Possible values: 0 - Pending (awaiting confirmation) 1 – Processing (processing payment) 2 - Confirmed (paid) 3 - Failed (failed payment) 4 - Expired (expired confirmation) 5 – Requested (Requested) |
Responses#
| Field | Type | Additional Information |
|---|
| result.txid | string | Unique identifier of the cashout operation |
| result.endToEndId | string | Unique end to end id for the pix transaction, will always be null until the confirmation of the cashout (item X+1) |
| result.createdAt | DateTime (ISO 8601) | Date and time of the cashout creation |
| result.confirmedAt | DateTime (ISO 8601) | Date and time of the cashout confirmation |
| result.pixKey | string | Internal accounts pix key |
| result.receiverDocument | string | Document of the cashouts receiver |
| result.receiverPixKey | string | Pix key of the cashouts receiver |
| result.amount | decimal | Amount of the cashout (BRL) |
| result.status | int (enum) | Status of the cashout. Possible values: 0 - Pending (awaiting confirmation) 1 – Processing (processing payment) 2 - Confirmed (paid) 3 - Failed (failed payment) 4 - Expired (expired confirmation) 5 – Requested (Requested) |
| result.failReason | int (enum) | Fail Reason (Only when status is Failed) 1 - Without limit, 2 - Without balance, 3 - Expired,4 - Concurrency,5 - Processing Fail,6 - Fraud Suspect |
| pagination.currentPage | int | Current page retrieved |
| pagination.pageSize | int | Page size retrieved |
| pagination.totalPages | int | Total pages to retrieve |
| pagination.totalItems | int | Total items to retrieve |
Response example#
/v2/apm/pix/cashout/confirm#
POST#
Confirm a pix cashout request with the confirmation key.
Parameters#
| Name | Located in | Description | Mandatory | Type |
|---|
| apikey | header | API Key | yes | string |
| x-timestamp | header | Date/time of the request (used to prevent replay attacks) | yes | string |
| x-request-id | header | Random ID used to identify the request | yes | string |
| x-hmac-signature | header | HMAC signature generated by combining the request parameters: Example: HMAC-SHA256( apikey + x-timestamp + requestBody + URL) | yes | string |
| Authorization | header | Bearer token for authentication | yes | string (bearerToken) |
| txid | body | Cashouts unique identifier | yes | string |
| confirmationKey | body | Confirmation key provided in the webhook notification payload | yes | string |
Request example#
After the confirmation the cashout can still fail in some scenarios, so another notification will be sent to the configured webhook to inform if the cashout was completed successfully.
Response#
| Code | Description |
|---|
| 204 | No Content |
/v2/apm/pix/cashout/{txid}'#
GET#
Retrieve cashout data with the txid. In case of delay or failure of the webhook notification, this endpoint can be used to check the cashout status.
Parameters#
| Name | Located in | Description | Mandatory | Type |
|---|
| apikey | header | API Key | yes | string |
| x-timestamp | header | Date/time of the request (used to prevent replay attacks) | yes | string |
| x-request-id | header | Random ID used to identify the request | yes | string |
| x-hmac-signature | header | HMAC signature generated by combining the request parameters: Example: HMAC-SHA256( apikey + x-timestamp + requestBody + URL) | yes | string |
| Authorization | header | Bearer token for authentication | yes | string (bearerToken) |
| txid | path | Cashouts unique identifier | yes | string |
Responses#
| Field | Type | Additional Information |
|---|
| txid | string | Unique identifier of the cashout operation |
| endToEndId | string | Unique end to end id for the pix transaction, will always be null until the confirmation of the cashout |
| createdAt | DateTime (ISO 8601) | Date and time of the cashout creation |
| confirmedAt | DateTime (ISO 8601) | Date and time of the cashout confirmation |
| pixKey | string | Internal accounts pix key |
| receiverDocument | string | Document of the cashouts receiver |
| receiverPixKey | string | Pix key of the cashouts receiver |
| amount | decimal | Amount of the cashout (BRL) |
| status | int (enum) | Status of cashout. Possible values: 0 - Pending (awaiting confirmation) 1 – Processing (processing payment) 2 - Confirmed (paid) 3 - Failed (failed payment) 4 - Expired (expired confirmation) 5 – Requested (Requested) |
| result.failReason | int (enum) | Fail Reason (Only when status is Failed). 1 - Without limit; 2 - Without balance; 3 - Expired 4; - Concurrency 5; - Processing Fail; 6 - Fraud Suspect; |
Response example#
Reports#
/v1/apm/pix/report/transactions#
GET#
Consult list of charges.
Parameters#
| Name | Located in | Description | Mandatory | Type |
|---|
| apikey | header | API Key | yes | string |
| x-timestamp | header | Date/time of the request (used to prevent replay attacks) | yes | string |
| x-request-id | header | Random ID used to identify the request | yes | string |
| x-hmac-signature | header | HMAC signature generated by combining the request parameters: Example: HMAC-SHA256( apikey + x-timestamp + requestBody + URL) | yes | string |
| Authorization | header | Bearer token for authentication | yes | string (bearerToken) |
| pixKey | query | Pix Key | no | string |
| documentNumber | query | Client id | no | string |
| startDate | query | Billing start date and time | no | timezone (ISO 8601) |
| endDate | query | Billing end date and time | no | timezone (ISO 8601) |
| settlementStartDate | query | Settlement start date and time | no | timezone (ISO 8601) |
| settlementEndDate | query | Settlement end date and time | no | timezone (ISO 8601) |
| txid | query | Transaction Id | no | string |
| endToEnd | query | End to End Confirmation Code | no | string |
| pagination.currentPage | query | Current page | yes | integer |
| pagination.pageSize | query | Number of items per page | yes | integer |
Responses#
| Code | Description |
|---|
| 200 | Success |
| 400 | Bad Request |
| 401 | Unauthorized |
| 422 | Client Error |
| 500 | Server Error |
Response example#
/v2/apm/pix/report/transactions#
GET#
Search transactions statement
Parameters#
| Name | Located in | Description | Mandatory | Type |
|---|
| apikey | header | API Key | yes | string |
| x-timestamp | header | Date/time of the request (used to prevent replay attacks) | yes | string |
| x-request-id | header | Random ID used to identify the request | yes | string |
| x-hmac-signature | header | HMAC signature generated by combining the request parameters: Example: HMAC-SHA256( apikey + x-timestamp + requestBody + URL) | yes | string |
| Authorization | header | Bearer token for authentication | yes | string (bearerToken) |
| pixKey | query | Pix key of the account | no | string |
| documentNumber | query | Document number of the account | no | string |
| startDate | query | Filter transactions after this date and time | yes | DateTime (ISO 8601) |
| endDate | query | Filter transactions before this date and time | yes | DateTime (ISO 8601) |
| txid | query | Transactions unique identifier | no | string |
| endToEndId | query | Pix transaction unique end to end identifier | no | string |
| pagination.currentPage | query | Page number to be retrieved | yes | integer |
| pagination.pageSize | query | Page size to be retrieved | yes | integer |
Responses#
| Field | Type | Additional Information |
|---|
| result.txid | string | Transactions unique identifier |
| result.amount | decimal | Amount of the transaction (BRL) |
| result.movementType | int (enum) | Type of movement Possible values: 0 - Debit 1 - Credit |
| result.transactionType | int | Type of transaction Possible values: 0 - PixCharge 1 - PixRefund 2 - PixReverse 3 - PixOrderAutomatic 4 - PixSpecialRefund 5 - PixSpecialRefundReverse 6 - PixOrderManual 7 - Fee 8 - FeeReverse 9 - PixChargeLock 10 - PixChargeUnlock |
| result.accountCnpj | string | Account CNPJ |
| result.createdAt | DateTime (ISO 8601) | Date and time of creation |
| result.endToEndId | string | Unique end to end id for the transaction |
| result.fraudReproval | enum | In case of reproval by the fraud prevention engine, this field will be populated with the following values: 1 - Fraud Suspected |
| result.thirdPartyName | string | Name of the third party (external) involved in the transaction |
| pagination.currentPage | int | Current page retrieved |
| pagination.pageSize | int | Current page size |
| pagination.totalPages | int | Total pages to be retrieved |
| pagination.totalItems | int | Total items to be retrieved |
| criteria.startDate | DateTime (ISO 8601) | Filter transactions after this date and time |
| criteria.endDate | DateTime (ISO 8601) | Filter transactions before this date and time |
| criteria.pixKey | string | Pix key of the account |
| criteria.documentNumber | string | Document number of the account |
| criteria.txid | string | Transactions unique identifier |
| criteria.endToEndId | string | Unique end to end id for the transaction |
| summary.sumAmountCredits | decimal | Sum of all credits for the searched filters |
| summary.sumAmountDebits | decimal | Sum of all debits for the searched filters |
Responses#
| Code | Description |
|---|
| 200 | Success |
| 400 | Bad Request |
| 401 | Unauthorized |
| 422 | Client Error |
| 500 | Server Error |
Response example#
/v1/apm/pix/report/settlements#
GET#
Consult the list of liquidations.
Parameters#
| Name | Located in | Description | Mandatory | Type |
|---|
| apikey | header | API Key | yes | string |
| x-timestamp | header | Date/time of the request (used to prevent replay attacks) | yes | string |
| x-request-id | header | Random ID used to identify the request | yes | string |
| x-hmac-signature | header | HMAC signature generated by combining the request parameters: Example: HMAC-SHA256( apikey + x-timestamp + requestBody + URL) | yes | string |
| Authorization | header | Bearer token used for authentication | yes | string (bearerToken) |
| pixKey | query | Account's Pix Key | no | string |
| documentNumber | query | CNPJ number | no | string |
| startDate | query | Start date for consultation | no | timezone (ISO 8601) |
| endDate | query | End date for consultation | no | timezone (ISO 8601) |
| status | query | | no | GetLiquidationsInStatus |
| pagination.currentPage | query | Current Page | yes | integer |
| pagination.pageSize | query | Itens per page | no | integer |
Get Liquidations Status#
| Code | Status |
|---|
| 0 | Pending |
| 1 | Confirmed |
| 2 | Fail |
Responses#
| Code | Description |
|---|
| 200 | Success |
| 400 | Bad Request |
| 401 | Unauthorized |
| 422 | Client Error |
| 500 | Server Error |
Response example#
Additional Information#
Default Header#
Some information is required in all requests, they are:
| Header | Detalhes |
|---|
| Authorization | Authentication token. For more information, check Token item from this document |
| apikey | Provided by Fiserv after integrated accreditation |
| x-timestamp | Timestamp of the request. Also used to generate the HMAC signature. For more information, check HMAC Calculation item from this document |
| x-hmac-signature | Generated HMAC. For more information, check HMAC Calculation item from this document |
| x-request-id | Random request ID |
HMAC Calculation#
The HMAC must be calculated using the SHA256 algorithm and the private key that will be provided by Fiserv, containing the following concatenated fields:
APIKEY + TIMESTAMP + REQUEST_BODY + URL_PATH
Below is an example of a postman script that generates the indicated headers according to the specification:
Default error object#
All errors handled are returned in a standard format, which is as follows:
Tests#
PUT /utils/ ordem-pagar#
Simulates the payment of a pix charge in the sandbox environment.
Parâmetros da requisição#
| Nome | Localizado em | Descrição | Obrigatório | Tipo |
|---|
| apikey | header | API Key | yes | string |
| x-timestamp | header | Date/time of the request (used to prevent replay attacks) | yes | string |
| x-request-id | header | Random ID used to identify the request | yes | string |
| x-hmac-signature | header | HMAC signature generated by combining the request parameters: Example: HMAC-SHA256( apikey + x-timestamp + requestBody + URL) | yes | string |
| Authorization | header | Bearer token for authentication | yes | string (bearerToken) |
| qrCode | body | Pix chanrge copy and paste code (QRCode) | yes | string |
Request example#