documentation
Search…
Server-to-Server
Note: You should be fully PCI compliant if you want to use the Server-to-Server api (as it requires that you collect the card data). If you are not fully PCI compliant, you can use COPYandPAY to collect the payment data securely.
You can perform different types of initial payments using our server-to-server REST API.

Quick links

Card Payment (CC)

Preauthorization (PA) + Capture (CP)

A PA is created by sending a POST request over HTTPS to the /v1/payments resource. The request should include all required information such as your authentication credentials, the type of transaction, the amount and the payment information such as card details. A capture may be sent against a successful PA to request the funds being sent for clearing. See backoffice operations for more details.
Example Preauthorization (PA) Request
Response
Example Capture (CP) Request
Response
1
curl https://test.oppwa.com/v1/payments \
2
-d "entityId=8a8294174e918ca6014e9c6f5ae12a9c" \
3
-d "merchantTransactionId=Order Number 123" \
4
-d "amount=1.00" \
5
-d "currency=BRL" \
6
-d "paymentType=PA" \
7
-d "paymentBrand=VISA" \
8
-d "card.number=4111111111111111" \
9
-d "card.holder=Jose da Silva" \
10
-d "card.expiryMonth=05" \
11
-d "card.expiryYear=2025" \
12
-d "card.cvv=123" \
13
-d "customer.merchantCustomerId=12345678909" \
14
-d "customer.givenName=Jose" \
15
-d "customer.surname=da Silva" \
16
-d "customer.email= [email protected]" \
17
-d "customer.ip=123.123.123.123" \
18
-d "descriptor=123 Usage" \
19
-d "billing.city=Sao Paulo" \
20
-d "billing.country=BR" \
21
-d "billing.state=SP" \
22
-d "billing.street1=Rua Itapeva 547" \
23
-d "billing.postcode=01332000" \
24
-d "customParameters[product]=1 month membership" \
25
-d "customParameters[merchant_website]=www.store.com" \
26
-d "recurringType=INITIAL" \
27
-d "testMode=EXTERNAL" \
28
-H "Authorization: Bearer OGE4Mjk0MTcyODFiOGVlMzAxMjgyOTkwNjZmNTBjZGJ8ZGVtbw=="
Copied!
1
{
2
"id":"8ac7a4a06a00f56b016a03df1f6b5754",
3
"paymentType":"PA",
4
"paymentBrand":"VISA",
5
"amount":"1.00",
6
"currency":"BRL",
7
"descriptor":"123 Usage",
8
"merchantTransactionId":"Order Number 123",
9
"result":{
10
"code":"000.100.112",
11
"description":"Request successfully processed in 'Merchant in Connector Test Mode'"
12
},
13
14
"card":{
15
"bin":"411111",
16
"last4Digits":"1111",
17
"holder":"Jose da Silva",
18
"expiryMonth":"05",
19
"expiryYear":"2025"
20
},
21
"customer":{
22
"givenName":"Jose",
23
"surname":"da Silva",
24
"merchantCustomerId":"12345678909",
25
"email":" [email protected]",
26
"ip":"123.123.123.123"
27
},
28
"billing":{
29
"street1":"Rua Itapeva 547",
30
"city":"Sao Paulo",
31
"state":"SP",
32
"postcode":"01332000",
33
"country":"BR"
34
},
35
"customParameters":{
36
"merchant_website":"www.store.com",
37
"product":"1 month membership"
38
},
39
"risk":{
40
"score":"0"
41
},
42
"buildNumber":"[email protected] 04:42:22 +0000",
43
"timestamp":"2019-04-09 20:51:56+0000",
44
"ndc":"8a8294174e918ca6014e9c6f5ae12a9c_14eca79734c14f31b82f391b08e90b7b"
45
}
Copied!
1
curl https://test.oppwa.com/v1/payments/8ac7a4a06a00f56b016a03df1f6b5754 \
2
-d "entityId=8a8294174e918ca6014e9c6f5ae12a9c" \
3
-d "amount=1.00" \
4
-d "currency=BRL" \
5
-d "paymentType=CP" \
6
-d "testMode=EXTERNAL" \
7
-H "Authorization: Bearer OGE4Mjk0MTcyODFiOGVlMzAxMjgyOTkwNjZmNTBjZGJ8ZGVtbw=="
Copied!
1
{
2
"id": "8ac7a4a26a977d95016a99b9c15b00c8",
3
"referencedId": "8ac7a4a06a00f56b016a03df1f6b5754",
4
"paymentType": "CP",
5
"amount": "1.00",
6
"currency": "BRL",
7
"descriptor": "123 Usage",
8
"merchantTransactionId": "Order Number 123",
9
"result": {
10
"code": "000.100.112",
11
"description": "Request successfully processed in 'Merchant in Connector Test Mode'"
12
},
13
14
"customer": {
15
"merchantCustomerId": "12345678909"
16
},
17
"buildNumber": "[email protected] 08:36:44 +0000",
18
"timestamp": "2019-05-08 23:14:09+0000",
19
"ndc": "8a8294174e918ca6014e9c6f5ae12a9c_f9b9ee0131494621a93d186cbf8cca03"
20
}
Copied!

Debit (DB)

A DB is created by sending a POST request over HTTPS to the /v1/payments resource. The request should include all required information such as your authentication credentials, the type of transaction, the amount and the payment information such as card details. A DB request effectively combines a PA and capture (CP) request, automatically requesting that the funds are cleared if the authorization was successful.
Example Debit (DB) Request
Response
1
curl https://test.oppwa.com/v1/payments \
2
-d "entityId=8a8294174e918ca6014e9c6f5ae12a9c" \
3
-d "amount=1.00" \
4
-d "currency=BRL" \
5
-d "paymentType=DB" \
6
-d "paymentBrand=VISA" \
7
-d "card.number=4111111111111111" \
8
-d "card.holder=Jose da Silva" \
9
-d "card.expiryMonth=05" \
10
-d "card.expiryYear=2025" \
11
-d "card.cvv=123" \
12
-d "merchantTransactionId=Order Number 123" \
13
-d "customer.merchantCustomerId=12345678909" \
14
-d "customer.givenName=Jose" \
15
-d "customer.surname=da Silva" \
16
-d "customer.email= [email protected]" \
17
-d "customer.ip=123.123.123.123" \
18
-d "descriptor=123 Usage" \
19
-d "billing.city=Sao Paulo" \
20
-d "billing.country=BR" \
21
-d "billing.state=SP" \
22
-d "billing.street1=Rua Itapeva 547" \
23
-d "billing.postcode=01332000" \
24
-d "customParameters[product]=1 month membership" \
25
-d "customParameters[merchant_website]=www.store.com" \
26
-d "recurringType=INITIAL" \
27
-d "testMode=EXTERNAL" \
28
-H "Authorization: Bearer OGE4Mjk0MTcyODFiOGVlMzAxMjgyOTkwNjZmNTBjZGJ8ZGVtbw=="
Copied!
1
{
2
"id":"8ac7a4a16a00e9b3016a03f1daf52030",
3
"paymentType":"DB",
4
"paymentBrand":"VISA",
5
"amount":"1.00",
6
"currency":"BRL",
7
"descriptor":"123 Usage",
8
"merchantTransactionId":"Order Number 123",
9
"result":{
10
"code":"000.100.112",
11
"description":"Request successfully processed in 'Merchant in Connector Test Mode'"
12
},
13
14
"card":{
15
"bin":"411111",
16
"last4Digits":"1111",
17
"holder":"Jose da Silva",
18
"expiryMonth":"05",
19
"expiryYear":"2025"
20
},
21
"customer":{
22
"givenName":"Jose",
23
"surname":"da Silva",
24
"merchantCustomerId":"12345678909",
25
"email":" [email protected]",
26
"ip":"123.123.123.123"
27
},
28
"billing":{
29
"street1":"Rua Itapeva 547",
30
"city":"Sao Paulo",
31
"state":"SP",
32
"postcode":"01332000",
33
"country":"BR"
34
},
35
"customParameters":{
36
"merchant_website":"www.store.com",
37
"product":"1 month membership"
38
},
39
"risk":{
40
"score":"0"
41
},
42
"buildNumber":"[email protected] 04:42:22 +0000",
43
"timestamp":"2019-04-09 21:12:24+0000",
44
"ndc":"8a8294174e918ca6014e9c6f5ae12a9c_442a40ed22984abdad86b19afa0e6bc8"
45
}
Copied!
For a full list of Mandatory Parameters please, see the Mandatory parameters by country.
Please note that for a HTTP POST request all the parameters are expected to go into the message body and not into the URL.
For a full list of parameters that can be sent in the initial payment request, please see the API Reference.

Boleto (PP) - (Brazil only)

  • Boleto Bancário is a PrePayment (PP) method (invoice/slip/voucher), which is widely used in Brazil to pay offline and online. Boleto represents 20% of payments in e-Commerce.
  • Boletos are payment slips, issued by sending a PA to the PPRO system. A Boleto is displayed at end customer’s browser where the Boleto can be printed out and paid in any bank in Brazil.
  • Clearing could take up to D+3.
  • PPRO matches bank return and generates a payment confirmation transaction type (RC) in the system. The merchant receives a report including Receipts (RC) for paid Boletos through a pre-defined SFTP server or webhook.
  • Advantage: Boleto payments are not subject to chargebacks. Once the payment has been made it is final and may only be refunded via bank transfer.
  • Boletos have due dates, up to which a payment is possible. Please discuss the optimal due dates (expiry dates) with your Account Manager, as it depends on the industry. Reminder emails sent to the customer up to 3 days before due date improve conversion significantly.

Preauthorization (PA) - Issue the Boleto

1. Send an Initial Payment

The first step is to send a Server-to-Server initial payment request with the paymentBrand and shopperResultUrl. The shopperResultUrl must be url-encoded.
Example Boleto (PA) Request
Response
1
curl https://test.oppwa.com/v1/payments \
2
-d "entityId=8a8294174e918ca6014e9c6e44672a96" \
3
-d "paymentType=PA" \
4
-d "paymentBrand=BOLETO" \
5
-d "amount=1.00" \
6
-d "currency=BRL" \
7
-d "descriptor=yourstore.com - product description - order number 1234" \
8
-d "customer.givenName= Jose" \
9
-d "customer.surname=da Silva" \
10
-d "merchantTransactionId=Order-123" \
11
-d "customer.merchantCustomerId=12345678909" \
12
-d "billing.city=São Paulo" \
13
-d "billing.country=BR" \
14
-d "billing.state=SP" \
15
-d "billing.street1=Rua Itapeva, 574" \
16
-d "billing.postcode=01332000" \
18
-d "customer.ip=123.123.123.123" \
19
-d "customParameters[CUSTOM_CPF_number]=12345678909" \
20
-d "customParameters[CUSTOM_due_date]=31/12/2019" \
21
-d "customParameters[merchant_sitename]= www.yourstore.com" \
22
-d "customParameters[product]=product description" \
23
-d "testMode=EXTERNAL" \
24
-d "shopperResultUrl=https://docs.allpago.com/intro/servertoserver-flow" \
25
-H "Authorization: Bearer OGE4Mjk0MTcyODFiOGVlMzAxMjgyOTkwNjZmNTBjZGJ8ZGVtbw=="
Copied!
1
{
2
"id":"8ac7a4a26a26c733016a2725a8260f0e",
3
"paymentType":"PA",
4
"paymentBrand":"BOLETO",
5
"amount":"1.00",
6
"currency":"BRL",
7
"descriptor":"Demo 4196.0450.7155 Order-123",
8
"merchantTransactionId":"Order-123",
9
"result":{
10
"code":"000.100.112",
11
"description":"Request successfully processed in 'Merchant in Connector Test Mode'"
12
},
13
"resultDetails":{
14
"ExtendedDescription":"User redirected to Itau",
15
"ConnectorTxID1":"8ac7a4a26a26c733016a2725a8260f0e",
16
"merchantAccount":"BR_Itau_ACON4_STAGING_AP",
17
"connectorInstanceId":"10.2.3.225",
18
"acquirerReturnCode":"0",
19
"connectorVersion":"1.0.25",
20
"AcquirerResponse":"000.000.000",
21
"EXTERNAL_SYSTEM_LINK":"https://shopline.itau.com.br/shopline/itaubloqueto.asp?DC=Y183Y175P209L12G238U104I153A172Q232U63P165W217G103N205O5O138Y92A103G208F14V7Q146V37P98V254R251U59Q108Q144J66S46M4I56H227Y195F163Z172D72Q162V223U164L99Y221S137M150M94Y217J195Q42R125Z61A101P114O253Y20D176C143P113U244L25M99H184P9C121C177D38W211B218N224V25I239X81J245H48T21R187H216O184W103D64J209O89J101K226R148Z16K193F215T219E32V150P143K185R224F226A219V219V85X172M62S247K129W20T172E47K117R97Q3D223N92T212M48X73X85Z249U20W11P2J176S216W90L120G117S236A60R76L213P186R150I193S67B164I44Y216I75U97M242Q70P148J12A117J151N187H5F3F255L220Z52C14T72B243Z254Z199O9F182D224G243J81U224Y214O39X141J6K9D136P112D91P54W62L171R217D128P28C128W201T47P198H163U76I244C215S206A130H0Y75Z255M236W180U11I89P63R31W27M131Q166E37L78P131W158Y152V27R13P17U19L128A65B253G184V71K165X143R73U239Z209Q130U195W207D109B6M194J159H117E230G104K165R176T45R157B228Y10J7J254N184B184C36Q128W184Y164R63Y2T254C208T192A201P168B81U44P46P46H79O112O188S46G244O222H115L185Y13L59Z126D50Z178C218Y193P146J48T33D107N0T131A92W156Y15Q2W173D164A43G87Z65G203E116L74N134X25E162P77C16K81F5Y122D194J110Q231X127V141G57L79I74X247I14Q21K58L163H76V207D16I142P206R74Z203L145G214R96Y104Z34V244M67P253U196X195H144D90H30S229Q84L92L18R240P104I226C105U53I95Z35Y231H190T87W150S177Y182N47B92R206X191G12S210N99P249P203E234E221G88U94R241E207Q19J128X111Z15U99M251Z222K31Y82F19A23D204M190T230S124N93G82Z128M90D53O61P120K186G41F205X48X91G107G149G132Q117Y65F195C140R12C67G6H139D129L131E198F9C71P70B221B67Z40T14Q211Y61G179K217V90H208G60K170O183Y255C111E55X82C163H137R11S7K145L141U84Q74H80Y144C198V82S42T82A117I18E6K114R120L61K130Q159E198K109T160M200U100L192U15N229F246G232J160U199V26V29V204I192X213W5B67R66B",
22
"connectorName":"acon4-itau",
23
"acquirerReturnMessage":"BOLETO LINK SUCCESSFULLY GENERATED",
24
"acquirerTxId1":"4196.0450.7155",
25
"acquirerTxId2":"41960450"
26
},
27
"customer":{
28
"givenName":" Jose",
29
"surname":"da Silva",
30
"merchantCustomerId":"12345678909",
31
"email":"[email protected]",
32
"ip":"123.123.123.123"
33
},
34
"billing":{
35
"street1":"Rua Itapeva, 574",
36
"city":"São Paulo",
37
"state":"SP",
38
"postcode":"01332000",
39
"country":"BR"
40
},
41
"customParameters":{
42
"CUSTOM_CPF_number":"12345678909",
43
"CUSTOM_due_date":"31/12/2019",
44
"merchant_sitename":" www.yourstore.com",
45
"product":"product description"
46
},
47
"buildNumber":"[email protected] 11:07:00 +0000",
48
"timestamp":"2019-04-16 17:15:40+0000",
49
"ndc":"8a8294174e918ca6014e9c6e44672a96_c1ed88adddbf464a9de1970d48e5d56e"
50
}
Copied!
For a full list of Mandatory Parameters please, see the Mandatory parameters by country (Brazil - Boleto).

Note:

Brazilian banks do not support special characters for Boletos. i.e: !, @, #, $, %, ¨, &, , (, ), _ , +, = , ´ , “ , ‘ , ] ,[ , ^,? ,: , >, <, TM, ®, º, °, /, |, \, {, }, ª, ¢, ¬, £, etc, then you must ensure that the customer does not enter special character in these fields.
Expiry date. Payment of the Boleto is possible up to this date. At least 3 days from issuing date is recommended, so that the customer has enough time to conclude the payment.

2. Redirect the shopper

The boleto can be displayed both on desktop and mobile devices. Typically the user will expect to receive an email containing the order information and the link to display the boleto.
Redirect the shopper to the EXTERNAL_SYSTEM_LINK.
1
"EXTERNAL_SYSTEM_LINK":"https://shopline.itau.com.br/shopline/itaubloqueto.asp?DC=Y183Y175P209L12G238U104I153A172Q232U63P165W217G103N205O5O138Y92A103G208F14V7Q146V37P98V254R251U59Q108Q144J66S46M4I56H227Y195F163Z172D72Q162V223U164L99Y221S137M150M94Y217J195Q42R125Z61A101P114O253Y20D176C143P113U244L25M99H184P9C121C177D38W211B218N224V25I239X81J245H48T21R187H216O184W103D64J209O89J101K226R148Z16K193F215T219E32V150P143K185R224F226A219V219V85X172M62S247K129W20T172E47K117R97Q3D223N92T212M48X73X85Z249U20W11P2J176S216W90L120G117S236A60R76L213P186R150I193S67B164I44Y216I75U97M242Q70P148J12A117J151N187H5F3F255L220Z52C14T72B243Z254Z199O9F182D224G243J81U224Y214O39X141J6K9D136P112D91P54W62L171R217D128P28C128W201T47P198H163U76I244C215S206A130H0Y75Z255M236W180U11I89P63R31W27M131Q166E37L78P131W158Y152V27R13P17U19L128A65B253G184V71K165X143R73U239Z209Q130U195W207D109B6M194J159H117E230G104K165R176T45R157B228Y10J7J254N184B184C36Q128W184Y164R63Y2T254C208T192A201P168B81U44P46P46H79O112O188S46G244O222H115L185Y13L59Z126D50Z178C218Y193P146J48T33D107N0T131A92W156Y15Q2W173D164A43G87Z65G203E116L74N134X25E162P77C16K81F5Y122D194J110Q231X127V141G57L79I74X247I14Q21K58L163H76V207D16I142P206R74Z203L145G214R96Y104Z34V244M67P253U196X195H144D90H30S229Q84L92L18R240P104I226C105U53I95Z35Y231H190T87W150S177Y182N47B92R206X191G12S210N99P249P203E234E221G88U94R241E207Q19J128X111Z15U99M251Z222K31Y82F19A23D204M190T230S124N93G82Z128M90D53O61P120K186G41F205X48X91G107G149G132Q117Y65F195C140R12C67G6H139D129L131E198F9C71P70B221B67Z40T14Q211Y61G179K217V90H208G60K170O183Y255C111E55X82C163H137R11S7K145L141U84Q74H80Y144C198V82S42T82A117I18E6K114R120L61K130Q159E198K109T160M200U100L192U15N229F246G232J160U199V26V29V204I192X213W5B67R66B",
Copied!
Sample of Boleto:

Receipt (RC) - Payment confirmation

Important: Not every boleto will in fact be paid by your customer. Depending on the industry, up to 50% of the issued boletos will not receive a payment. Note that these will remain on the platform, even if already overdue.
Payment confirmations can be received by:
  • Instant Payment Notification (IPN) / Webhooks, (push)
  • XML Query (pull)
  • Business Intelligence Platform (BIP), (search)

Boleto Refund (RF)

Most boletos are paid with cash at any of the acceptance places in Brazil (post offices, gas stations etc). Since the boleto does not have a native method to refund a transaction, PPRO enables the merchant to refund these transactions via bank transfer. For that it is required for the merchant to collect and provide the customers bank account data, either: programmatically via API or manually via Business Intelligence Platform (BIP).

Boleto RF via API

A refund is performed against a previous payment (RC), referencing its payment.id by sending a POST request over HTTPS to the /v1/payments/{id} endpoint.
A refund is performed
Example Boleto RF Request
Response
1
curl https://test.oppwa.com/v1/payments/{id} \
2
-d "entityId=8a8294185b674555015b7ce34a9a17d3" \
3
-d "amount=1" \
4
-d "currency=BRL" \
5
-d "paymentType=RF" \
6
-d "merchantMemo=Name: João Comprador CPF:12345678909 Bank Name: Banco Santander Agency Number: 1234 Account Number: 123456789" \
7
-d "testMode=EXTERNAL" \
8
-H "Authorization: Bearer OGE4Mjk0MTg1YjY3NDU1NTAxNWI3Y2UzMGFjZTE3ZDF8d1N6NG1nNzZYUQ=="
Copied!
1
{
2
"id":"8ac7a4a06cf2812c016cfda0c3a216ed",
3
"referencedId":"8ac7a4a16cf27265016cfd9d00e9293f",
4
"paymentType":"RF",
5
"amount":"1.00",
6
"currency":"BRL",
7
"descriptor":"3460.2304.5751 Produto 1",
8
"merchantInvoiceId":"ADB065957000B",
9
"result":{
10
"code":"000.100.112",
11
"description":"Request successfully processed in 'Merchant in Connector Test Mode'"
12
},
13
"customer":{
14
"merchantCustomerId":"56359439000160"
15
},
16
"buildNumber":"[email protected] 09:39:42 +0000",
17
"timestamp":"2019-09-04 18:54:27+0000",
18
"ndc":"8a8294185b674555015b7ce34a9a17d3_46f0168f2e80436997c285ca8acc8636"
19
}
Copied!

Boleto RF via Business Intelligence Platform (BIP)

Required data from the customer:

1
Name
2
Brazilian CPF (see compliance (Customer ID number by country))
3
Bank name
4
Bank agency number
5
Bank account data
Copied!

Oxxo (PP) - (Mexico only)

  • Oxxo is a PrePayment (PP) method (invoice/slip/voucher), which is widely used in Mexico to pay offline (Oxxo store).
  • Oxxo are payment slips, issued by sending a PA request to PPRO’s system. The slip is displayed on the end customer’s browser where it can be either printed out or scanned off a mobile device.
  • The Oxxo slip has two important elements: barcode & reference number (numerical representation of the barcode). The customer is able to pay by either of them. It is a question of which design fits your checkout better. In addition, PPRO provides a hosted page containing both elements.
  • Clearing usually happens the next day, but can be delayed (in case of weekends and public holidays in Mexico).
  • Oxxo due dates are configurable. Please discuss the optimal due dates (expiry dates) with your Account Manager. Reminder emails sent to the customer up to 3 days before due date improve conversion significantly.

Preauthorization (PA) - Issue the payment slip

1. Send an Initial Payment

The first step is to send a Server-to-Server initial payment request with the paymentBrand .
Example Oxxo (PA) Request
Response
1
curl https://test.oppwa.com/v1/payments \
2
-d "entityId=8a829417545c8cf1015476ec405c23b7" \
3
-d "paymentType=PA" \
4
-d "paymentBrand=OXXO" \
5
-d "amount=1.00" \
6
-d "currency=MXN" \
7
-d "descriptor=yourstore.com - product description - order number 1234" \
8
-d "merchantTransactionId=Order-123" \
9
-d "customer.givenName=Juan" \
10
-d "customer.surname=Uribe" \
11
-d "customer.email= [email protected]" \
12
-d "customer.ip=123.123.123.123" \
13
-d "billing.city=Mexico City" \
14
-d "billing.country=MX" \
15
-d "billing.state=MX" \
16
-d "billing.street1=Calle 1, 232" \
17
-d "billing.postcode=01309" \
18
-d "customParameters[url_logo]=https://www.allpago.com/logos/demo-logo.jpg" \
19
-d "customParameters[due_date]=14/12/2020" \
20
-d "customParameters[merchant_sitename]= www.yourstore.com" \
21
-d "customParameters[product]=product description" \
22
-d "testMode=EXTERNAL" \
23
-H "Authorization: Bearer OGE4Mjk0MTcyODFiOGVlMzAxMjgyOTkwNjZmNTBjZGJ8ZGVtbw=="
Copied!
1
{
2
"id":"8ac7a4a26a304583016a46f8fe2624ee",
3
"paymentType":"PA",
4
"paymentBrand":"OXXO",
5
"amount":"1.00",
6
"currency":"MXN",
7
"descriptor":"3503.1119.7264 MX_Oxxo yourstore.com - product description - order number 1234",
8
"merchantTransactionId":"Order-123",
9
"result":{
10
"code":"000.100.112",
11
"description":"Request successfully processed in 'Merchant in Connector Test Mode'"
12
},
13
"resultDetails":{
14
"ConnectorTxID1":"8ac7a4a26a304583016a46f8fe2624ee",
15
"connectorInstanceId":"10.2.4.221",
16
"acquirerReturnCode":"-",
17
"EXTERNAL_SYSTEM_BARCODE_IMAGE":"https://staging-oxxo-batch.allpago.com/rest/acon2/v1/barcode/image/8ac7a4a26a304583016a46f8fe2624ee",
18
"EXTERNAL_SYSTEM_LINK":"https://staging-oxxo-batch.allpago.com/rest/acon2/v1/barcode/8ac7a4a26a304583016a46f8fe2624ee",
19
"EXTERNAL_SYSTEM_BARCODE_NUMBER":"46350311197264520201214000010004",
20
"ExtendedDescription":"Transaction succeeded",
21
"merchantAccount":"Oxxo_Batch_ACON3_STAGING",
22
"connectorVersion":"1.0.15",
23
"AcquirerResponse":"000.000.000",
24
"connectorName":"Oxxo-Batch",
25
"acquirerInitialTxId":"3503.1119.7264",
26
"acquirerReturnMessage":"-",
27
"acquirerTxId1":"3503.1119.7264"
28
},
29
"customer":{
30
"givenName":"Juan",
31
"surname":"Uribe",
32
"email":" [email protected]",
33
"ip":"123.123.123.123"
34
},
35
"billing":{
36
"street1":"Calle 1, 232",
37
"city":"Mexico City",
38
"state":"MX",
39
"postcode":"01309",
40
"country":"MX"
41
},
42
"customParameters":{
43
"due_date":"14/12/2020",
44
"merchant_sitename":" www.yourstore.com",
45
"product":"product description",
46
"url_logo":"https://www.allpago.com/logos/demo-logo.jpg"
47
},
48
"buildNumber":"[email protected] 07:26:11 +0000",
49
"timestamp":"2019-04-22 21:34:44+0000",
50
"ndc":"8a829417545c8cf1015476ec405c23b7_66c555e58d7a42249294bc382abac905"
51
}
Copied!
For a full list of Mandatory Parameters please, see the Mandatory parameters by country (Mexico - Oxxo).
The PA’s response has 3 elements:
  • ConnectorDetails.EXTERNAL_SYSTEM_LINK: PPRO hosted complete page containing all elements (barcode, reference number)
  • ConnectorDetails.EXTERNAL_SYSTEM_BARCODE_IMAGE: barcode url of PPRO hosted png.
  • ConnectorDetails.EXTERNAL_SYSTEM_BARCODE_NUMBER: reference number (can be used equally for paying the oxxo slip). The first option is a complete solution, options 2&3 offer the merchant full flexibility to build his own oxxo page by using the elements to this end.

2. Redirect the shopper

The Oxxo slip can be displayed both on desktop and mobile devices. Typically the user will expect to receive an email containing the order information and the link to display the Oxxo slip.
Redirect the shopper to the EXTERNAL_SYSTEM_LINK.
Sample of Oxxo slip:
Oxxo sample

Receipt (RC) - Payment confirmation

Payment confirmations can be received by:
  • Instant Payment Notification (Webhooks), (push)
  • XML Query (pull)
  • Business Intelligence Platform (BIP), (search)

Oxxo Refund (RF)

Most slips are paid with cash at any of the acceptance places in Mexico (Oxxo stores). Since the slip does not have a native method to refund a transaction, PPRO enables the merchant to refund these transactions via bank transfer. For that it is required for the merchant to collect and provide the customers bank account data, via Business Intelligence Platform (manual):

Oxxo RF via BIP

Select RC and then click on RF
Add the information required and then click on Submit.
Transaction processed successfully.
Confirm success on the flow.

PayPal (VA) - (Brazil)

PayPal is one of the most popular alternative payment methods. In an asynchronous workflow a redirect takes place to allow the account holder to complete/verify the payment. After this the account holder is redirected back to the shopperResultUrl and the status of the payment can be queried.

Debit (DB)

In an asynchronous workflow a redirect takes place to allow the account holder to complete/verify the payment. After this the account holder is redirected back to the shopperResultUrl and the status of the payment can be queried.

1. Send an Initial Payment

The first step is to send a Server-to-Server initial payment request with the paymentBrand and shopperResultUrl. The shopperResultUrl must be url-encoded.
Example Debit (DB) Request
Response
1
curl https://test.oppwa.com/v1/payments \
2
-d "entityId=8a8294174e918ca6014e9c77fe772acb" \
3
-d "merchantTransactionId=100" \
4
-d "merchantInvoiceId=ORDERID 123" \
5
-d "paymentBrand=PAYPAL" \
6
-d "paymentType=DB" \
7
-d "amount=1.00" \
8
-d "currency=BRL" \
9
-d "customer.givenName=Paulo" \
10
-d "customer.surname=Souza" \
11
-d "billing.city=São Paulo" \
12
-d "billing.country=BR" \
13
-d "billing.state=SP" \
14
-d "billing.street1=Rua um, 123" \
15
-d "billing.postcode=01332000" \
17
-d "customer.ip=127.0.0.1" \
18
-d "customer.merchantCustomerId=12345678909" \
19
-d "customParameters[merchant_sitename]=http://www.yourstore.com" \
20
-d "customParameters[product]=product description" \
21
-d "shopperResultUrl=https://docs.allpago.com/intro/servertoserver-flow" \
22
-d "testMode=EXTERNAL" \
23
-H "Authorization: Bearer OGE4Mjk0MTcyODFiOGVlMzAxMjgyOTkwNjZmNTBjZGJ8ZGVtbw=="
Copied!
1
{
2
"id":"8ac7a49f6a303992016a3238975213be",
3
"paymentType":"DB",
4
"paymentBrand":"PAYPAL",
5
"amount":"1.00",
6
"currency":"BRL",
7
"descriptor":"8920.8131.8461 BR_Paypal ",
8
"merchantTransactionId":"100",
9
"merchantInvoiceId":"ORDERID 123",
10
"result":{
11
"code":"000.200.000",
12
"description":"transaction pending"
13
},
14
"resultDetails":{
15
"CORRELATIONID":"fdb9715a895be",
16
"AcquirerResponse":"Success"
17
},
18
"customer":{
19
"givenName":"Paulo",
20
"surname":"Souza",
21
"merchantCustomerId":"12345678909",
22
"email":"[email protected]",
23
"ip":"127.0.0.1"
24
},
25
"billing":{
26
"street1":"Rua um, 123",
27
"city":"São Paulo",
28
"state":"SP",
29
"postcode":"01332000",
30
"country":"BR"
31
},
32
"customParameters":{
33
"merchant_sitename":"http://www.yourstore.com",
34
"product":"product description"
35
},
36
"redirect":{
37
"url":"https://www.sandbox.paypal.com/cgi-bin/webscr",
38
"parameters":[
39
{
40
"name":"cmd",
41
"value":"_express-checkout"
42
},
43
{
44
"name":"useraction",
45
"value":"commit"
46
},
47
{
48
"name":"token",
49
"value":"EC-0K812030W0710811W"
50
}
51
]
52
},
53
"buildNumber":"[email protected] 07:26:11 +0000",
54
"timestamp":"2019-04-18 20:52:12+0000",
55
"ndc":"8a8294174e918ca6014e9c77fe772acb_b765a224bdd64563b10b0a690e1609ba"
56
}
Copied!
For a full list of Mandatory Parameters please, see the Mandatory parameters by country (Brazil - PayPal).

2. Redirect the shopper

The next step is to redirect the account holder. To do this you must parse the redirect.url from the Initial Payment response along with any parameters. If parameters are present they should be POST in the redirect, otherwise a straight forward redirect to the redirect.urlis sufficient.
1
<form action="{redirectUrl}" class="paymentWidgets">
2
<input type="text" name="{name-1}" value="{value-1}">
3
...
4
<input type="text" name="{name-2}" value="{value-2}">
5
</form>
Copied!
Redirect the shopper to the redirect.url
1
https://www.sandbox.paypal.com/cgi-bin/webscr&cmd=_express-checkout&useraction=commit&token=EC-0K812030W0710811
Copied!
Buyer test account:
password: buyer123

3. Get Payment Status

Once the payment has been processed, the customer is redirected to your shopperResultUrl along with a GET parameter resourcePath.
Important: The baseUrl must end in a "/", e.g. "https://test.oppwa.com/".
Then, to get the status of the payment, you make a GET request to the baseUrl + resourcePath, including your authentication parameters. Example of a resourcePath:
resourcePath=/v1/ payments/{id}
Get status request
Get status response
1
curl -G https://test.oppwa.com/v1/payments/8a8294495baf2abe015bb603a5036098 \
2
\
3
-d "entityId=8a8294174e918ca6014e9c77fe772acb" \
4
-H "Authorization: Bearer OGE4Mjk0MTcyODFiOGVlMzAxMjgyOTkwNjZmNTBjZGJ8ZGVtbw=="
Copied!
1
Response:
2
{
3
"id":"8a8294495baf2abe015bb603a5036098",
4
"paymentType":"DB",
5
"paymentBrand":"PAYPAL",
6
"amount":"1.00",
7
"currency":"BRL",
8
"descriptor":"9226.4459.5362 BR_Paypal",
9
"merchantTransactionId":"100",
10
"merchantInvoiceId":"ORDERID 123",
11
"result":{
12
"code":"000.100.112",
13
"description":"Request successfully processed in 'Merchant in Connector Test Mode'"
14
},
15
"resultDetails":{
16
"PAYERID":"4UNBGJQE9AUX6",
17
"TAXIDTYPE":"BR_CPF",
18
"AcquirerResponse":"Success",
19
"ConnectorTxID1":"0GY99688DD5155316",
20
"SHIPTOSTATE":"SP",
21
"TAXID":"30949017787"
22
},
23
"customer":{
24
"givenName":"Paulo",
25
"surname":"Souza",
26
"merchantCustomerId":"12345678909",
27
28
"ip":"127.0.0.1"
29
},
30
"billing":{
31
"street1":"Rua um, 123",
32
"city":"São Paulo",
33
"state":"SP",
34
"postcode":"01332000",
35
"country":"BR"
36
},
37
"customParameters":{
38
"product":"produc description",
39
"merchant_sitename":"http://www.yourstore.com"
40
},
41
"buildNumber":"[email protected] 08:46:08 +0000",
42
"timestamp":"2017-04-28 19:29:59+0000",
43
"ndc":"8a8294174e918ca6014e9c77fe772acb_c68f93a382da4bd6b45220b56ecbe4a2",
44
"virtualAccount":{
45
"accountId":"[email protected]",
46
"holder":"Paulo Souza"
47
}
48
}
Copied!

PIX - (Brazil only)

  • PIX is the first instant payment system available to Brazilian consumers, developed by the Central Bank of Brazil.
  • PIX is a PrePayment (PP) method, which allows transfers and payments between different financial institutions in up to 10 seconds, 24 hours a day and every day of the year, including weekends and holidays (funds are transferred in real-time from the customer’s account to the payee).
  • PIX is issued by sending a PA to the PPRO system. PPRO can offer two different PIX solutions:
    1. 1.
      A complete solution: PPRO generates and hosts a complete page containing all elements (dynamic QR code image, EMV code - including the Copy EMV code button and merchant logo);
    2. 2.
      QR Code (dynamic) URL/Image: gives to merchant full flexibility to build its own PIX checkout page based on a QR code image.
  • PPRO receives the bank confirmation and generates a payment confirmation transaction type (RC) in the system. The merchant receives via webhook a notification about the payment confirmation. (The merchant should provide its webhook URL).
Example Webhook object
1
{
2
"type": "PAYMENT",
3
"payload": {
4
"id": "8ac7a4a180f46dd40180f64fff9758f4",
5
"referencedId": "8ac7a49f80f46dd40180f64ffd575919",
6
"paymentType": "RC",
7
"paymentBrand": "PIX",
8
"amount": "2.99",
9
"currency": "BRL",
10
"presentationAmount": "2.99",
11
"presentationCurrency": "BRL",
12
"descriptor": "4665.9054.5519 BR_PIX CNL-T331 Test PIX Transaction",
13
"merchantTransactionId": "d58580f6-4dca-4a7f-8629-81784352df5d",
14
"result": {
15
"code": "000.100.112",
16
"description": "Request successfully processed in 'Merchant in Connector Test Mode'",
17
"randomField958178183": "Please allow for new unexpected fields to be added"
18
},
19
"customer": {
20
"givenName": "P",
21
"surname": "PRO - IT"
22
},
23
"billing": {
24
"street1": "Rua Nenhuma **** Bloco 29",
25
"city": "Fortaleza",
26
"state": "CE",
27
"postcode": "12345678",
28
"country": "BR"
29
},
30
"authentication": {
31
"entityId": "8a8294186242c2be01624d0416f620ed"
32
},
33
"redirect": {
34
"parameters": []
35
},
36
"risk": {
37
"score": ""
38
},
39
"timestamp": "2022-05-24 13:44:39+0000",
40
"ndc": "8a8294186242c2be01624d0416f620ed_c0e0eadf0f7b4c00ab08e546a7474642",
41
"merchantAccountId": "8ac7a4c8675ffec1016779db30f325ef",
42
"channelName": "BR_PIX",
43
"source": "OPP"
44
}
45
}
Copied!
  • Advantage: Besides the instant confirmation, PIX payments are not subject to chargebacks. Once the payment has been made it is final and can be refunded only by the merchant.
  • PIX has due dates, up to which a payment is possible. Please discuss the optimal due dates (expiry dates) with your Account Manager, as it depends on the industry. Reminder emails sent to the customer up to 3 days before the due date improve conversion significantly.

Preauthorization (PA) - Issue the PIX

1. Send an Initial Payment
Example PIX (PA) Request
Response
1
curl --location --request POST 'https://test.oppwa.com/v1/payments' \
2
--header 'Content-Type: application/x-www-form-urlencoded' \
3
--header 'Authorization: Bearer OGFjN2E0Y2E2NmM1OTMwMDAxNjZjNWRiMjQwMDAwOTF8QjloanhBe3DBCJs==' \
4
--data-urlencode 'entityId=8ac7a4c87e6fdf6f017e738f136703b9' \
5
--data-urlencode 'amount=0.01' \
6
--data-urlencode 'currency=BRL' \
7
--data-urlencode 'paymentBrand=PIX' \
8
--data-urlencode 'paymentType=PA' \
9
--data-urlencode 'customer.merchantCustomerId=15351770806' \
10
--data-urlencode 'merchantTransactionId=90a1e944-e7a7-42f3-8d9a-4737bd71aa44' \
11
--data-urlencode 'customer.givenName=PPRO' \
12
--data-urlencode 'customer.surname=LATAM' \
13
--data-urlencode '[email protected]' \
14
--data-urlencode 'descriptor=PPRO descriptor' \
15
--data-urlencode 'customParameters[product]=PPRO product' \
16
--data-urlencode 'customParameters[merchant_website]=www.ppro.com' \
17
--data-urlencode 'recurringType=INITIAL' \
18
--data-urlencode 'billing.state=SP' \
19
--data-urlencode 'billing.city=Ernestton' \
20
--data-urlencode 'billing.country=BR' \
21
--data-urlencode 'billing.street1=5577 Breanne Corner' \
22
--data-urlencode 'billing.postcode=12345609' \
23
--data-urlencode 'customer.ip=130.225.128.202' \
24
--data-urlencode 'testMode=EXTERNAL'
Copied!
1
{
2
"id": "8ac7a49f80479b6d01804845887326c6",
3
"paymentType": "PA",
4
"paymentBrand": "PIX",
5
"amount": "0.01",
6
"currency": "BRL",
7
"descriptor": "",
8
"merchantTransactionId": "90a1e944-e7a7-42f3-8d9a-4737bd71aa44",
9
"result": {
10
"code": "000.100.112",
11
"description": "Request successfully processed in 'Merchant in Connector Test Mode'"
12
},
13
"resultDetails": {
14
"ConnectorTxID1": "8ac7a49f80479b6d01804845887326c6",
15
"connectorInstanceId": "127.0.0.1",
16
"acquirerReturnCode": "ATIVA",
17
"EXTERNAL_SYSTEM_LINK": "https://pix-itau.dev.lpm.latam.ppro.com/pix-itau/rest/acon4/v1/qrcode/6892721e-b8fd-44a9-a308-3266dbf6a2ea/8ac7a49f80479b6d01804845887326c6",
18
"ExtendedDescription": "Transaction succeeded",
19
"recurrence": "true",
20
"merchantAccount": "pix-itau-local-dev",
21
"aprId": "6892721e-b8fd-44a9-a308-3266dbf6a2ea",
22
"installments": "1",
23
"EXTERNAL_SYSTEM_EMV": "00020101021226770014BR.GOV.BCB.PIX2555api.itau/pix/qr/v2/91475506-141a-4c89-8cde-b766741d2fcd5204000053039865802BR5916PPRO BRASIL LTDA6009SAO PAULO62070503***630477B3",
24
"connectorVersion": "1.1.5",
25
"AcquirerResponse": "000.000.000",
26
"EXTERNAL_SYSTEM_QRCODE_IMAGE": "https://pix-itau.dev.lpm.latam.ppro.com/pix-itau/rest/acon4/v1/image/6892721e-b8fd-44a9-a308-3266dbf6a2ea/8ac7a49f80479b6d01804845887326c6",
27
"connectorName": "Pix-Itau",
28
"acquirerReturnMessage": "Success",
29
"acquirerTxId1": "8ac7a49f80479b6d01804845887326c6"
30
},
31
"customer": {
32
"givenName": "PPRO",
33
"surname": "LATAM",
34
"merchantCustomerId": "15351770806",
35
"email": "[email protected]",
36
"ip": "130.225.128.202"
37
},
38
"billing": {
39
"street1": "5577 Breanne Corner",
40
"city": "Ernestton",
41
"state": "SP",
42
"postcode": "12345609",
43
"country": "BR"
44
},
45
"customParameters": {
46
"merchant_website": "www.ppro.com",
47
"product": "PPRO product"
48
},
49
"buildNumber": "[email protected] 12:32:39 +0000",
50
"timestamp": "2022-04-20 18:39:22+0000",
51
"ndc": "8ac7a4c87e6fdf6f017e738f136703b9_2c23e4048831473d927257f4b2cc56e0"
52
}
Copied!
List of mandatory fields: --data-urlencode 'authentication.entityId=8ac9a4cb7859e48801785f9debcd53af' \ --data-urlencode 'amount=0.01' \ --data-urlencode 'currency=BRL' \ --data-urlencode 'paymentBrand=PIX' \ --data-urlencode 'paymentType=PA' \ --data-urlencode 'billing.country=BR' --data-urlencode customParameters[referencedTxUuid]=(Parente UUID)' {ONLY FOR RF}
Note: Brazilian banks do not support special characters. i.e: !, @, #, $, %, ¨, &, , (, ), _ , +, = , ´ , “ , ‘ , ] ,[ , ^,? ,: , >, <, TM, ®, º, °, /, |, \, {, }, ª, ¢, ¬, £, etc, then you must ensure that the customer does not enter a special character in these fields.
2. Redirect the shopper The PIX QR Code can be displayed both on desktop and mobile devices. Typically the user will expect to receive an email containing the order information and the link to display the PIX QR Code.
Redirect the shopper to the EXTERNAL_SYSTEM_LINK.
1
"EXTERNAL_SYSTEM_LINK":"https://pix-itau.allpago.com/pix-itau/rest/acon4/v1/qrcode/e72c8102-2909-4758-be5a-efbfc381953b/8ac9a4a37c3097b3017c521022ca0174",
Copied!
Sample of PIX:
Sample of PIX

Receipt (RC) - Payment confirmation

Important: Not every PIX will in fact be paid by your customer.Note that these will remain on the platform, even if already overdue.
Payment confirmations can be received by:
  • Instant Payment Notification (IPN) / Webhooks, (push)
  • XML Query (pull)
  • Business Intelligence Platform (BIP), (search)

PIX Refund (RF)

PIX has its native Refund solution that can be triggered via API. PIX RF via API A refund is performed against a previous payment (RC), referencing its e2e id by sending a POST request over HTTPS to the /v1/payments/{id} endpoint.
Example PIX RF Request
Response
1
curl --location --request POST 'https://test.oppwa.com/v1/payments/8ac9a4a37c3097b3017c521022ca0174' \
2
--header 'Content-Type: application/x-www-form-urlencoded' \
3
--header 'Authorization: Bearer OGE4Mjk0MTcyODFiOGVlMzAxMjgyOTkwNjZmNTBjZGJ8ZGVtbw==' \
4
--data-urlencode 'entityId=8ac9a4cb7859e48801785f9debcd53af' \
5
--data-urlencode 'amount=0.01' \
6
--data-urlencode 'currency=BRL' \
7
--data-urlencode 'paymentBrand=PIX' \
8
--data-urlencode 'paymentType=RF' \
9
--data-urlencode 'customParameters[referencedTxUuid]=8ac9a4a37c3097b3017c521022ca0174'
Copied!
1
{
2
"id": "8ac9a4a77c3097b4017c5212c4a97a17",
3
"referencedId": "8ac9a4a37c3097b3017c521022ca0174",
4
"paymentType": "RF",
5
"amount": "0.01",
6
"currency": "BRL",
7
"descriptor": "LTest PPRO descriptor",
8
"merchantTransactionId": "74b490be-9e79-4999-af9a-4e750bc35205",
9
"result": {
10
"code": "000.000.000",
11
"description": "Transaction succeeded"
12
},
13
"resultDetails": {
14
"ConnectorTxID1": "8ac9a4a77c3097b4017c5212c4a97a17",
15
"connectorInstanceId": "10.3.4.67",
16
"acquirerReturnCode": "DEVOLVIDO",
17
"ExtendedDescription": "Transaction succeeded",
18
"merchantAccount": "pix-itau-production",
19
"aprId": "e72c8102-2909-4758-be5a-efbfc381953b",
20
"installments": "1",
21
"connectorVersion": "1.0.3",
22
"AcquirerResponse": "000.000.000",
23
"connectorName": "Pix-Itau",
24
"acquirerReturnMessage": "Success",
25
"acquirerTxId1": "8ac9a4a77c3097b4017c5212c4a97a17",
26
"acquirerTxId2": "D6070119020211005200829246133773"
27
},
28
"customer": {
29
"merchantCustomerId": "15351770806"
30
},
31
"customParameters": {
32
"referencedTxUuid": "8ac9a4a37c3097b3017c521022ca0174"
33
},
34
"buildNumber": "[email protected] 07:00:38 +0000",
35
"timestamp": "2021-10-05 20:09:01+0000",
36
"ndc": "8ac9a4cb7859e48801785f9debcd53af_ae474ce950d2450b8b35dbdea58137a2"
37
}
Copied!

PIX Reversal (RV)

As well as the RF, PIX has its native Reversal solution that can be triggered via API, to be used to invalidate a QR Code that has not been paid yet. In this case, the PA uuid should be used to reference the QR Code to be reversed.
Example PIX RV Request
Response
1
curl curl --location --request POST 'https://test.oppwa.com/v1/payments/8ac9a4a47c30b11c017c5207dba31d91' \
2
--header 'Content-Type: application/x-www-form-urlencoded' \
3
--header 'Authorization: Bearer OGE4Mjk0MTcyODFiOGVlMzAxMjgyOTkwNjZmNTBjZGJ8ZGVtbw==' \
4
--data-urlencode 'entityId=8ac9a4cb7859e48801785f9debcd53af' \
5
--data-urlencode 'amount=0.01' \
6
--data-urlencode 'currency=BRL' \
7
--data-urlencode 'paymentBrand=PIX' \
8
--data-urlencode 'paymentType=RV'
Copied!
1
{
2
"id": "8ac9a4a47c30b11c017c5207dba31d91",
3
"referencedId": "8ac9a4a17c3097b3017c51bf49092079",
4
"paymentType": "RV",
5
"amount": "0.01",
6
"currency": "BRL",
7
"descriptor": "LTest PPRO descriptor",
8
"merchantTransactionId": "e2a3ae44-cef1-4b50-9e07-0c892b6151c7",
9
"result": {
10
"code": "000.000.000",
11
"description": "Transaction succeeded"
12
},
13
"resultDetails": {
14
"ConnectorTxID1": "8ac9a4a47c30b11c017c5207dba31d91",
15
"connectorInstanceId": "10.3.4.67",
16
"acquirerReturnCode": "REMOVIDA_PELO_USUARIO_RECEBEDOR",
17
"ExtendedDescription": "Transaction succeeded",
18
"recurrence": "true",
19
"merchantAccount": "pix-itau",
20
"aprId": "e72c8102-2909-4758-be5a-efbfc381953b",
21
"installments": "1",
22
"connectorVersion": "1.0.3",
23
"AcquirerResponse": "000.000.000",
24
"acquirerParentTxId": "8ac9a4a17c3097b3017c51bf49092079",
25
"connectorName": "Pix-Itau",
26
"acquirerReturnMessage": "Success",
27
"acquirerTxId1": "8ac9a4a17c3097b3017c51bf49092079"
28
},
29
"customer": {
30
"merchantCustomerId": "15351770806"
31
},
32
"buildNumber": "[email protected] 07:00:38 +0000",
33