Network Tokenization
This section explains what Network Tokenization is, all the benefits that it can bring to your commerce and an easy step by step to add it to your business.
What is PayU Network Token solution?
Network Tokenization processes card payments by replacing the card details with a network-issued token, this leads to higher approval rates and more secure sensitive customer card information. Tokenization provides an additional layer of security by replacing sensitive payment information with the unique token, thereby reducing the risk of data breaches, and enhancing customer experience.
We offer Network Tokenization using a pass-through model. This solution is available for Visa and Mastercard cards, specifically in Brazil, Argentina, and Colombia.
To use the Tokenization feature, it is necessary to enable it in your PayU account. To do so, contact your sales representative, or if you don’t have one, please send an email to:
Note
In a pass-through model, the merchant should tokenize the payment card in the first place with an external token requestor provider. After doing so, the merchant will be able to transact using the previously generated token as explained in the section How does Network Tokenization work? on this page.How does this solution benefit your business?
- Improve approval rates: The authorization process becomes more streamlined as the required token information is readily accessible to Mastercard and Visa franchises, resulting in improved conversion rates.
- Enhanced security: Tokenization adds an additional layer of security by replacing sensitive payment information with a unique token, thus reducing the risk of data breaches.
- Improved customer experience: By providing tokenized transactions, customers can enjoy a seamless and secure payment experience, thereby enhancing their trust and satisfaction.
- Increased payment options: Tokenization facilitates the acceptance of multiple payment methods through the acquirer, thereby expanding the available options for customers.
- Compliance with industry standards: Implementing tokenization aligns with the industry´s best practices and regulatory requirements, guaranteeing compliance with data security standards.
- There are no additional fees.
How does Network Tokenization work?
What do you need to use Network Tokens?
PayU supports payments with your tokenized card to let you make payments on a regular basis with a card stored in a token. A credit card token substitutes the sensitive information of a credit card and allows you to safely store it following PCI DSS (Payment Card Industry Data Security Standard) security standards.
PayU can process payments with the following services:
-
MasterCard Digital Enablement Service - MDES.
Tokenization service provided by Mastercard. This service lets you tokenize the Primary Account Number of the MasterCard credit cards to let you use them to make regular payments or build one-click payments features.
For more information, refer to MasterCard Digital Enablement Service (MDES). -
Visa Token Service - VTS.
Tokenization service provided by Visa. This service lets you store the sensitive information of the Visa credit cards in a token to let you use them to make regular payments or build one-click payments features.
For more information, refer to Visa Token Service (VTS).
Pay with MDES or VTS tokens
If you are tokenizing your customer’s credit cards using MDES or VTS, you can configure the information of the token in the parameter transaction.networkToken replacing the information of the credit card and send the parameter creditCard.processWithoutCvv2 as true.
By default, processing credit cards without security code is not enabled, contact your Sales representative to enable it.
The following example shows the body of the request in a high level for a one-step flow, the details of the request are not provided.
Request body:
{
"language": "es",
"command": "SUBMIT_TRANSACTION",
"merchant": {
"apiKey": "4Vj8eK4rloUd272L48hsrarnUA",
"apiLogin": "pRRXKOl8ikMmt9u"
},
"transaction": {
"order": {
"Information of the order":""
},
"payer": {
"Information of the payer":""
},
"networkToken": {
"tokenPan": "4097440000000004",
"cryptogram": "11223344556677889900112233445566778899",
"expiry": "2028/01"
},
"extraParameters": {
"Extra parameters of the request":""
},
"type": "AUTHORIZATION_AND_CAPTURE",
"paymentMethod": "Card franchise",
"paymentCountry": "Processing country",
"deviceSessionId": "vghs6tvkcle931686k1900o6e1",
"ipAddress": "127.0.0.1",
"cookie": "pt1t38347bs6jc9ruv2ecpv7o2",
"userAgent": "Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0"
},
"test": true
}
Request body:
<request>
<language>es</language>
<command>SUBMIT_TRANSACTION</command>
<merchant>
<apiKey>4Vj8eK4rloUd272L48hsrarnUA</apiKey>
<apiLogin>pRRXKOl8ikMmt9u</apiLogin>
</merchant>
<transaction>
<order>
<!-- Information of the order -->
</order>
<payer>
<!-- Information of the payer -->
</payer>
<networkToken>
<tokenPan>4097440000000004</tokenPan>
<cryptogram>11223344556677889900112233445566778899</cryptogram>
<expiry>2028/01</expiry>
</networkToken>
<extraParameters>
<!-- Extra parameters of the request -->
</extraParameters>
<type>AUTHORIZATION_AND_CAPTURE</type>
<paymentMethod>{Card franchise}</paymentMethod>
<paymentCountry>{Processing country}</paymentCountry>
<deviceSessionId>vghs6tvkcle931686k1900o6e1</deviceSessionId>
<ipAddress>127.0.0.1</ipAddress>
<cookie>pt1t38347bs6jc9ruv2ecpv7o2</cookie>
<userAgent>Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0</userAgent>
</transaction>
<isTest>false</isTest>
</request>
Find the description of the object transaction.networkToken and its parameters in the Variables section.
Variables for request and response
Request
| Field name | Format | Size | Description | Mandatory |
|---|---|---|---|---|
| language | Alphanumeric | 2 | Language used in the request, this language is used to display the error messages generated. See supported languages. | Yes |
| command | Alphanumeric | Max:32 | Set SUBMIT_TRANSACTION. |
Yes |
| test (JSON) isTest (XML) |
Boolean | Set true if the request is in test mode. Otherwise, set false. |
Yes | |
| merchant | This object has the authentication data. | Yes | ||
| merchant > apiLogin | Alphanumeric | Min:12 Max:32 | User or login provided by PayU. How do I get my API Login | Yes |
| merchant > apiKey | Alphanumeric | Min:6 Max:32 | Password provided by PayU. How do I get my API Key | Yes |
| transaction | This object has the transaction data. | Yes | ||
| transaction > order | This object has the order data. | Yes | ||
| transaction > order > accountId | Number | Identifier of your account. | Yes | |
| transaction > order > referenceCode | Alphanumeric | Min:1 Max:255 | Represents the identifier of the order in your system. | Yes |
| transaction > order > description | Alphanumeric | Min:1 Max:255 | Description of the order. | Yes |
| transaction > order > language | Alphanumeric | 2 | Language used in emails sent to the buyer and the seller. | Yes |
| transaction > order > notifyUrl | Alphanumeric | Max:2048 | Confirmation URL of the order. | No |
| transaction > order > partnerId | Alphanumeric | Max:255 | Partner ID in PayU. | No |
| transaction > order > signature | Alphanumeric | Max:255 | The signature associated to the form. For more information refer Authentication signature. | Yes |
| transaction > order > shippingAddress | Shipping address. | No | ||
| transaction > order > shippingAddress > street1 | Alphanumeric | Max:100 | Address Line 1. | No |
| transaction > order > shippingAddress > street2 | Alphanumeric | Max:100 | Address Line 2. | No |
| transaction > order > shippingAddress > city | Alphanumeric | Max:50 | Address city. | No |
| transaction > order > shippingAddress > state | Alphanumeric | Max:40 | Address State. For Brazil, only send two characters, For example, set SP for São Paulo. |
No |
| transaction > order > shippingAddress > country | Alphanumeric | 2 | Address country. | No |
| transaction > order > shippingAddress > postalCode | Alphanumeric | Max:8 | Address Zip code. For Brazil, use the format XXXXX-XXX or XXXXXXXX. Example: 09210-710 or 09210710. |
No |
| transaction > order > shippingAddress > phone | Alphanumeric | Max:11 | Phone number associated to the address. For Brazil, use the format ddd(2)+number(7-9). Example: (11)756312633. |
No |
| transaction > order > buyer | Buyer information. | Yes | ||
| transaction > order > buyer > merchantBuyerId | Alphanumeric | Max:100 | Buyer ID in your system. | No |
| transaction > order > buyer > fullName | Alphanumeric | Max:150 | Full name of the buyer. | Yes |
| transaction > order > buyer > emailAddress | Alphanumeric | Max:255 | E-mail of the buyer. | Yes |
| transaction > order > buyer > contactPhone | Alphanumeric | Max:20 | Phone number of the buyer. | Yes |
| transaction > order > buyer > dniNumber | Alphanumeric | Max:20 | Identification number of the buyer. You must use an algorithm to validate the CPF and must be set using the format XXX.XXX.XXX-XX. Example: 811.807.405-64. |
Yes |
| transaction > order > buyer > cnpj | Alphanumeric | Max:14 | Identification number of the buyer (For Legal person in Brazil). You must use an algorithm to validate the CNPJ and must be set using the format XXXXXXXXXXXXXX. Example: 32593371000110. |
Yes |
| transaction > order > buyer > shippingAddress | Alphanumeric | Shipping address of the buyer. | Yes | |
| transaction > order > buyer > shippingAddress > street1 | Alphanumeric | Max:150 | Buyer’s shipping address Line 1. | Yes |
| transaction > order > buyer > shippingAddress > city | Alphanumeric | Max:50 | Buyer’s shipping address city. | Yes |
| transaction > order > buyer > shippingAddress > state | Alphanumeric | Max:40 | Buyer’s shipping address state. For Brazil, only send two characters, For example, set SP for São Paulo. |
Yes |
| transaction > order > buyer > shippingAddress > country | Alphanumeric | 2 | Buyer’s shipping address country in format ISO 3166 alpha-2. | Yes |
| transaction > order > buyer > shippingAddress > postalCode | Number | Max:20 | Buyer’s shipping address zip code. For Brazil, use the format XXXXX-XXX or XXXXXXXX. Example: 09210-710 or 09210710. |
Yes |
| transaction > order > buyer > shippingAddress > phone | Number | Max:20 | Buyer’s shipping address phone number. For Brazil, use the format ddd(2)+number(7-9). Example: (11)756312633. |
Yes |
| transaction > order > additionalValues > | 64 | Amount of the order or its associated values. | Yes | |
| transaction > order > additionalValues > TX_VALUE | Alphanumeric | 64 | Amount of the transaction. | Yes |
| transaction > order > additionalValues > TX_VALUE > value | Number | 12, 2 | Specifies the amount of the transaction, this value may have two decimal digits (Ex. 10000.00 or 10000). |
Yes |
| transaction > order > additionalValues > TX_VALUE > currency | Alphanumeric | 3 | ISO code of the currency. See accepted currencies. | Yes |
| transaction > order > additionalValues > TX_TAX | Alphanumeric | 64 | Amount of the Value Added Tax (VAT). | Yes |
| transaction > order > additionalValues > TX_TAX > value | Number | 12, 2 | Specifies the amount of the VAT. | No |
| transaction > order > additionalValues > TX_TAX > currency | Alphanumeric | 3 | ISO code of the currency. See accepted currencies. | No |
| transaction > order > additionalValues > TX_TAX_RETURN_BASE | Alphanumeric | 64 | Base value to calculate the VAT. If the amount does not have IVA, send 0. This value may have two decimal digits. |
No |
| transaction > order > additionalValues > TX_TAX_RETURN_BASE > value | Number | 12, 2 | Specifies the base amount of the transaction. | No |
| transaction > order > additionalValues > TX_TAX_RETURN_BASE > currency | Alphanumeric | 3 | ISO code of the currency. See accepted currencies. | No |
| transaction > order > submerchant | Information of the sub-merchant. If you don’t send this parameter, PayU configures your merchant as sub-merchant. | No | ||
| transaction > order > submerchant > id | Alphanumeric | Max:15 | Internal ID of the sub-merchant if you use one to identify it. | No |
| transaction > order > submerchant > fullName | Alphanumeric | Max:150 | Full name of the sub-merchant. | No |
| transaction > order > submerchant > address | Sub-merchant address. The fields state, country, and postalCodeare mandatory when sending this object. |
No | ||
| transaction > order > submerchant > address > street1 | Alphanumeric | Max:100 | Address Line 1. | No |
| transaction > order > submerchant > address > street2 | Alphanumeric | Max:100 | Address Line 2. | No |
| transaction > order > submerchant > address > street3 | Alphanumeric | Max:100 | Address Line 3. | No |
| transaction > order > submerchant > address > city | Alphanumeric | Max:50 | Address city. | No |
| transaction > order > submerchant > address > state | Alphanumeric | Max:40 | Address State. For Brazil, only send two characters, For example, set SP for São Paulo. |
Yes |
| transaction > order > submerchant > address > country | Alphanumeric | 2 | Address country. | Yes |
| transaction > order > submerchant > address > postalCode | Alphanumeric | Max:8 | Address Zip code. For Brazil, use the format XXXXX-XXX or XXXXXXXX. Example: 09210-710 or 09210710. |
Yes |
| transaction > order > submerchant > address > phone | Alphanumeric | Max:11 | Phone number associated to the address. For Brazil, use the format ddd(2)+number(7-9). Example: (11)756312633. |
No |
| transaction > order > submerchant > identification | Alphanumeric | Max:14 | Identification number of the buyer (For Legal person in Brazil). You must use an algorithm to validate the CNPJ and must be set using the format XXXXXXXXXXXXXX. Example: 32593371000110. |
No |
| transaction > order > submerchant > identificationType | Alphanumeric | Max:4 | Identification type of the sub-merchant. The possible values are cnpj or cpf. |
No |
| transaction > creditCardTokenId | Include this parameter when the transaction is done using a tokenized card using the PayU Tokenization; moreover, it is mandatory to also send the parameter transaction.creditCard.expirationDate.For more information, refer to Tokenization API. |
No | ||
| transaction > creditCard | Credit card information. This object and its parameters are mandatory when the payment is performed using not tokenized credit card. | No | ||
| transaction > creditCard > number | Alphanumeric | Min:13 Max:20 | Credit card number. | No |
| transaction > creditCard > securityCode | Alphanumeric | Min:1 Max:4 | Credit card security code (CVC2, CVV2, CID). | No |
| transaction > creditCard > expirationDate | Alphanumeric | 7 | Credit card expiration date. Format YYYY/MM. This parameter is mandatory when the payment is performed using a tokenized credit card. |
No |
| transaction > creditCard > name | Alphanumeric | Min:1 Max:255 | Holder’s name displayed in the credit card. *Mandatory just for Google Pay transactions. | No* |
| transaction > creditCard > processWithoutCvv2 | Boolean | Max:255 | Allows you to process transactions without including the credit card security code. Your commerce requires PayU’s authorization before using this feature. | No |
| transaction > payer | Payer information. | No | ||
| transaction > payer > emailAddress | Alphanumeric | Max:255 | Payer e-mail address. | No |
| transaction > payer > merchantPayerId | Alphanumeric | Max:100 | Identifier of the payer in your system. | No |
| transaction > payer > fullName | Alphanumeric | Max:150 | Name of the payer which must meet the name sent in the parameter transaction.creditCard.name for credit card payments. |
No |
| transaction > payer > billingAddress | Billing address. | No | ||
| transaction > payer > billingAddress > street1 | Alphanumeric | Max:100 | Billing Address Line 1. | No |
| transaction > payer > billingAddress > street2 | Alphanumeric | Max:100 | Billing Address Line 2. | No |
| transaction > payer > billingAddress > city | Alphanumeric | Max:50 | Billing address city. | No |
| transaction > payer > billingAddress > state | Alphanumeric | Max:40 | Billing address state. For Brazil, only send two characters, For example, set SP for São Paulo. |
No |
| transaction > payer > billingAddress > country | Alphanumeric | 2 | Billing address country in format ISO 3166 Alpha-2. | No |
| transaction > payer > billingAddress > postalCode | Alphanumeric | Max:20 | Billing address zip code. For Brazil, use the format XXXXX-XXX or ´. Example: 09210-710 or 09210710. |
No |
| transaction > payer > billingAddress > phone | Alphanumeric | Max:20 | Billing address phone number. For Brazil, use the format ddd(2)+number(7-9). Example: (11)756312633. |
No |
| transaction > payer > birthdate | Alphanumeric | Max:10 | Payer’s date of birth. | No |
| transaction > payer > contactPhone | Alphanumeric | Max:20 | Payer’s phone number. For Brazil, use the format ddd(2)+number(7-9). Example: (11)756312633. |
No |
| transaction > payer > dniNumber | Alphanumeric | Max:20 | Identification number of the buyer. You must use an algorithm to validate the CPF and must be set using the format XXX.XXX.XXX-XX. Example: 811.807.405-64. |
No |
| transaction > payer > cnpj | Alphanumeric | Max:14 | Identification number of the buyer (For Legal person in Brazil). You must use an algorithm to validate the CNPJ and must be set using the format XXXXXXXXXXXXXX. Example: 32593371000110. |
No |
| transaction > payer > dniType | Alphanumeric | 2 | Identification type of the buyer. See Document types. | No |
| transaction > networkToken | Information of the token. Include this parameter when the transaction is done using a tokenized card using the VTS or MDES Tokenization. For more information, refer to Pay with MDES or VTS tokens. *When sending this object, all its parameters are mandatory. |
No | ||
| transaction > networkToken > tokenPan | Alphanumeric | Max:32 | Token number generated either by MDES or VTS. | Yes* |
| transaction > networkToken > cryptogram | Alphanumeric | Max:28 | Unique key generated by MDES or VTS to decrypt the information of the credit card. | Yes* |
| transaction > networkToken > expiry | Alphanumeric | 7 | Expiration date of the token. Format YYYY/MM. |
Yes* |
| transaction > digitalWallet | Include this parameter when the transaction is done using a Digital Wallet. *When sending this object, all its parameters are mandatory. | No | ||
| transaction > digitalWallet > type | Alphanumeric | —- | Set this value according to the digital wallet that you are processing: GOOGLE_PAY | Yes* |
| transaction > digitalWallet > message | Alphanumeric | —- | Include the information of the Google Pay Token that Google will return to you for each transaction. For more information consult here. | Yes* |
| transaction > type | Alphanumeric | 32 | Set this value according to the transaction you want:
|
Yes |
| transaction > paymentMethod | Alphanumeric | 32 | Select a valid Credit card Payment Method. See the available Payment Methods for Brazil. | Yes |
| transaction > paymentCountry | Alphanumeric | 2 | Set BR for Brazil. |
Yes |
| transaction > deviceSessionId | Alphanumeric | Max:255 | Session identifier of the device where the customer performs the transaction. For more information, refer to this topic. | Yes |
| transaction > ipAddress | Alphanumeric | Max:39 | IP address of the device where the customer performs the transaction. | Yes |
| transaction > cookie | Alphanumeric | Max:255 | Cookie stored by the device where the customer performs the transaction. | Yes |
| transaction > userAgent | Alphanumeric | Max:1024 | The User agent of the browser where the customer performs the transaction. | Yes |
| transaction > extraParameters | Additional parameters or data associated with the request. The maximum size of each extraParameters name is 64 characters. In JSON, the extraParameters parameter follows this structure: "extraParameters": {"INSTALLMENTS_NUMBER": 1}In XML, the extraParameters parameter follows this structure: <extraParameters><entry><string>INSTALLMENTS_NUMBER</string><string>1</string></entry></extraParameters> |
No | ||
| transaction > termsAndConditionsAcepted | Boolean | PayU terms and conditions that the payers must accept. *This parameter is only mandatory if your Brazilian PayU account is associated to a foreign bank account. | No* | |
| transaction > threeDomainSecure | This object contains the information of 3DS 2.0. | No | ||
| transaction > threeDomainSecure > embedded | Boolean | Set true if you want to use and embedded MPI for the Authorization process. By default, this value is set as false. |
No | |
| transaction > threeDomainSecure > eci | Number | Max:2 | Electronic Commerce Indicator. Value returned by the directory servers showing the authentication attempt. This parameter is mandatory when transaction.threeDomainSecure.embedded is false and transaction.threeDomainSecure.xid has been set. |
No |
| transaction > threeDomainSecure > cavv | Alphanumeric | Max:28 | Cardholder Authentication Verification Value. Code of the cryptogram used in the transaction authentication in Base64. Depending on the specific ECI codes established by the process network, this value may be optional. |
No |
| transaction > threeDomainSecure > xid | Alphanumeric | Max:28 | Transaction ID sent by the MPI in Base64. This parameter is mandatory when transaction.threeDomainSecure.embedded is false and transaction.threeDomainSecure.eci has been set. |
No |
| transaction > threeDomainSecure > directoryServerTransactionId | Alphanumeric | Max:36 | Transaction ID generated by the Directory Server during the Authentication. | No |
Response
| Field name | Format | Size | Description |
|---|---|---|---|
| code | Alphanumeric | The response code of the transaction. Possible values are ERROR and SUCCESS. |
|
| error | Alphanumeric | Max:2048 | The error message associated when the response code is ERROR. |
| transactionResponse | The response data. | ||
| transactionResponse > orderId | Number | The generated or existing order Id in PayU. | |
| transactionResponse > transactionId | Alphanumeric | 36 | The identifier of the transaction in PayU. |
| transactionResponse > state | Alphanumeric | Max:32 | The status of the transaction. |
| transactionResponse > responseCode | Alphanumeric | Max:64 | The response code associated with the status. |
| transactionResponse > paymentNetworkResponseCode | Alphanumeric | Max:255 | The response code returned by the financial network. |
| transactionResponse > paymentNetworkResponseErrorMessage | Alphanumeric | Max:255 | The error message returned by the financial network. |
| transactionResponse > trazabilityCode | Alphanumeric | Max:32 | The traceability code returned by the financial network. |
| transactionResponse > authorizationCode | Alphanumeric | Max:12 | The authorization code returned by the financial network. |
| transactionResponse > responseMessage | Alphanumeric | Max:2048 | Message associated with the response code. |
| transactionResponse > operationDate | Date | Creation date of the response in the PayU´s system. | |
| transactionResponse > extraParameters | Additional parameters or data associated with the response. In JSON, the extraParameters parameter follows this structure: "extraParameters": {"BANK_REFERENCED_CODE": "CREDIT"}In XML, the extraParameters parameter follows this structure: <extraParameters><entry><string>BANK_REFERENCED_CODE</string><string>CREDIT</string></entry></extraParameters> |
Considerations
- If your commerce does not have a local entity, it is mandatory to send either the CPF (parameter
transaction.[payer|buyer].dniNumber) or the CNPJ (parametertransaction.[payer|buyer].cnpj) when using Authorization or Charge. - If you don’t send any information for the sub-merchants, PayU configures your merchant as sub-merchant.
- For payments with credit card tokens generated by PayU, include the parameters
transaction.creditCardTokenIdandtransaction.creditCard.securityCode(if you process with security code) replacing the information of the credit card. For more information, refer to Tokenization API. - For payments with credit card tokens generated using MDES or VTS, include the object
transaction.networkTokenand its parameters. - By default, processing credit cards without security code is not enabled. If you want to enable this feature, contact your Sales representative. After this feature is enabled for you, send in the request the variable
creditCard.processWithoutCvv2as true and remove the variablecreditCard.securityCode.
Having this feature enable is mandatory when using credit card tokens generated using MDES or VTS. - The extra parameter
CIELO_TIDidentifies the transaction, this parameter is needed when you want to process voids. - The variable
transaction.threeDomainSecuredoes not replace the card information nor any of the mandatory fields of the transaction. This object is additional and not mandatory. - The variable
transaction.threeDomainSecurecorresponds to a Pass Through scenario where the commerce performs the authentication by their own.
Authorization
Use this method to perform the Authorization step of a two-step flow. In this step, you authorize the payment but the amount is not debited until you capture the funds.
The following are the request and response bodies for this transaction type.
Request body:
{
"language": "es",
"command": "SUBMIT_TRANSACTION",
"merchant": {
"apiKey": "4Vj8eK4rloUd272L48hsrarnUA",
"apiLogin": "pRRXKOl8ikMmt9u"
},
"transaction": {
"order": {
"accountId": "512327",
"referenceCode": "PRODUCT_TEST_2021-06-17T19:11:57.179Z",
"description": "Payment test description",
"language": "es",
"signature": "fbc089272288edc52c332395d9566f4c",
"notifyUrl": "http://www.payu.com/notify",
"additionalValues": {
"TX_VALUE": {
"value": 1000,
"currency": "BRL"
}
},
"submerchant": {
"fullName": "ROBSON BATISTA DE OLIVEIRA",
"address": {
"street1": "Rua Alsácia",
"street2": null,
"street3": null,
"city": "São Paulo",
"state": "SP",
"country": "BR",
"postalCode": "04630010",
"phone": null
},
"identification": "17126661851",
"identificationType": "CNPJ"
},
"buyer": {
"merchantBuyerId": "1",
"fullName": "First name and second buyer name",
"emailAddress": "buyer_test@test.com",
"contactPhone": "7563126",
"dniNumber": "811.807.405-64",
"cnpj": "32593371000110",
"shippingAddress": {
"street1": "Quadra QNP 34 Conjunto G 780",
"street2": "5555487",
"city": "Manaos",
"state": "SP",
"country": "BR",
"postalCode": "10012545",
"phone": "(11)756312633"
}
},
"shippingAddress": {
"street1": "Quadra QNP 34 Conjunto G 780",
"street2": "5555487",
"city": "Manaos",
"state": "SP",
"country": "BR",
"postalCode": "10012545",
"phone": "(11)756312633"
}
},
"creditCard": {
"number": "5253203387684619",
"securityCode": "777",
"expirationDate": "2022/12",
"name": "APPROVED"
},
"extraParameters": {
"INSTALLMENTS_NUMBER": 1
},
"type": "AUTHORIZATION",
"paymentMethod": "MASTERCARD",
"paymentCountry": "BR",
"deviceSessionId": "vghs6tvkcle931686k1900o6e1",
"ipAddress": "127.0.0.1",
"cookie": "pt1t38347bs6jc9ruv2ecpv7o2",
"userAgent": "Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0",
"threeDomainSecure": {
"embedded": false,
"eci": "01",
"cavv": "AOvG5rV058/iAAWhssPUAAADFA==",
"xid": "Nmp3VFdWMlEwZ05pWGN3SGo4TDA=",
"directoryServerTransactionId": "00000-70000b-5cc9-0000-000000000cb"
}
},
"test": false
}
Response body:
{
"code": "SUCCESS",
"error": null,
"transactionResponse": {
"orderId": 1400434770,
"transactionId": "79de715b-fe77-401e-8b18-241820afb375",
"state": "APPROVED",
"paymentNetworkResponseCode": "00",
"paymentNetworkResponseErrorMessage": null,
"trazabilityCode": "282856",
"authorizationCode": "MOCK-CIELO-1623957118463",
"pendingReason": null,
"responseCode": "APPROVED",
"errorCode": null,
"responseMessage": null,
"transactionDate": null,
"transactionTime": null,
"operationDate": 1623939118784,
"referenceQuestionnaire": null,
"extraParameters": {
"BANK_REFERENCED_CODE": "CREDIT",
"CIELO_TID": "1006993069000509C28A"
},
"additionalInfo": null
}
}
Request body:
<request>
<language>es</language>
<command>SUBMIT_TRANSACTION</command>
<merchant>
<apiKey>4Vj8eK4rloUd272L48hsrarnUA</apiKey>
<apiLogin>pRRXKOl8ikMmt9u</apiLogin>
</merchant>
<transaction>
<order>
<accountId>512327</accountId>
<referenceCode>PRODUCT_TEST_2021-06-17T19:11:57.179Z</referenceCode>
<description>Payment test description</description>
<language>es</language>
<signature>fbc089272288edc52c332395d9566f4c</signature>
<notifyUrl>http://www.payu.com/notify</notifyUrl>
<additionalValues>
<entry>
<string>TX_VALUE</string>
<additionalValue>
<value>1000</value>
<currency>BRL</currency>
</additionalValue>
</entry>
</additionalValues>
<submerchant>
<address>
<city>São Paulo</city>
<country>BR</country>
<postalCode>04630010</postalCode>
<state>SP</state>
<street1>Rua Alsácia</street1>
</address>
<fullName>ROBSON BATISTA DE OLIVEIRA</fullName>
<identification>17126661851</identification>
<identificationType>cnpj</identificationType>
</submerchant>
<buyer>
<merchantBuyerId>1</merchantBuyerId>
<fullName>First name and second buyer name</fullName>
<emailAddress>buyer_test@test.com</emailAddress>
<contactPhone>7563126</contactPhone>
<dniNumber>811.807.405-64</dniNumber>
<cnpj>32593371000110</cnpj>
<shippingAddress>
<street1>Quadra QNP 34 Conjunto G 780</street1>
<street2>5555487</street2>
<city>Manaos</city>
<state>SP</state>
<country>BR</country>
<postalCode>10012545</postalCode>
<phone>(11)756312633</phone>
</shippingAddress>
</buyer>
<shippingAddress>
<street1>Quadra QNP 34 Conjunto G 780</street1>
<street2>5555487</street2>
<city>Manaos</city>
<state>SP</state>
<country>BR</country>
<postalCode>0000000</postalCode>
<phone>(11)756312633</phone>
</shippingAddress>
</order>
<creditCard>
<number>5253203387684619</number>
<securityCode>777</securityCode>
<expirationDate>2022/12</expirationDate>
<name>APPROVED</name>
</creditCard>
<extraParameters>
<entry>
<string>INSTALLMENTS_NUMBER</string>
<string>1</string>
</entry>
</extraParameters>
<type>AUTHORIZATION</type>
<paymentMethod>MASTERCARD</paymentMethod>
<paymentCountry>BR</paymentCountry>
<deviceSessionId>vghs6tvkcle931686k1900o6e1</deviceSessionId>
<ipAddress>127.0.0.1</ipAddress>
<cookie>pt1t38347bs6jc9ruv2ecpv7o2</cookie>
<userAgent>Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0</userAgent>
<threeDomainSecure>
<embedded>false</embedded>
<eci>01</eci>
<cavv>AOvG5rV058/iAAWhssPUAAADFA==</cavv>
<xid>Nmp3VFdWMlEwZ05pWGN3SGo4TDA=</xid>
<directoryServerTransactionId>00000-70000b-5cc9-0000-000000000cb</directoryServerTransactionId>
</threeDomainSecure>
</transaction>
<isTest>false</isTest>
</request>
Response body:
<paymentResponse>
<code>SUCCESS</code>
<transactionResponse>
<orderId>1400434942</orderId>
<transactionId>1af49d5d-464a-4efb-98db-f7875e3c580b</transactionId>
<state>APPROVED</state>
<paymentNetworkResponseCode>00</paymentNetworkResponseCode>
<trazabilityCode>282856</trazabilityCode>
<authorizationCode>MOCK-CIELO-1623962788239</authorizationCode>
<responseCode>APPROVED</responseCode>
<operationDate>2021-06-17T10:46:28</operationDate>
<extraParameters>
<entry>
<string>BANK_REFERENCED_CODE</string>
<string>CREDIT</string>
</entry>
<entry>
<string>CIELO_TID</string>
<string>1006993069000509C28A</string>
</entry>
</extraParameters>
</transactionResponse>
</paymentResponse>
Capture
Use this method to perform the Capture step of a two-step flow. In this step, you capture the funds previously Authorized to transfer them to your PayU account.
Considerations
Take into account the following considerations for capture.
- The maximum time to capture an approved transaction is seven (7) days. After this time, the transaction is cancelled.
- Only the parameters displayed in the request body are mandatory to invoke a Capture transaction. Recall that the order and transaction ids must meet with a currently authorized transaction.
The following are the request and response bodies for this transaction type.
Request body:
{
"language": "es",
"command": "SUBMIT_TRANSACTION",
"merchant": {
"apiLogin": "pRRXKOl8ikMmt9u",
"apiKey": "4Vj8eK4rloUd272L48hsrarnUA"
},
"transaction": {
"order": {
"id": "1400434770"
},
"type": "CAPTURE",
"parentTransactionId": "79de715b-fe77-401e-8b18-241820afb375"
},
"test": false
}
Response body:
{
"code": "SUCCESS",
"error": null,
"transactionResponse": {
"orderId": 1400434770,
"transactionId": "2e753a5e-0eba-4a4c-9778-6880b5f16605",
"state": "APPROVED",
"paymentNetworkResponseCode": "6",
"paymentNetworkResponseErrorMessage": null,
"trazabilityCode": "282856",
"authorizationCode": "BR-456",
"pendingReason": null,
"responseCode": "APPROVED",
"errorCode": null,
"responseMessage": null,
"transactionDate": null,
"transactionTime": null,
"operationDate": 1624029247864,
"referenceQuestionnaire": null,
"extraParameters": {
"CIELO_TID": "1006993069000509C28A"
},
"additionalInfo": null
}
}
Request body:
<request>
<language>es</language>
<command>SUBMIT_TRANSACTION</command>
<merchant>
<apiKey>4Vj8eK4rloUd272L48hsrarnUA</apiKey>
<apiLogin>pRRXKOl8ikMmt9u</apiLogin>
</merchant>
<transaction>
<order>
<id>1400436982</id>
</order>
<type>CAPTURE</type>
<parentTransactionId>2cb57976-31d1-4563-b014-8047bd1b2b2a</parentTransactionId>
</transaction>
<isTest>false</isTest>
</request>
Response body:
<paymentResponse>
<code>SUCCESS</code>
<transactionResponse>
<orderId>1400436982</orderId>
<transactionId>78d4c328-7157-4b50-9fa9-12e019e7df58</transactionId>
<state>APPROVED</state>
<paymentNetworkResponseCode>6</paymentNetworkResponseCode>
<trazabilityCode>282856</trazabilityCode>
<authorizationCode>BR-456</authorizationCode>
<responseCode>APPROVED</responseCode>
<operationDate>2021-06-18T10:19:01</operationDate>
<extraParameters>
<entry>
<string>BANK_REFERENCED_CODE</string>
<string>CREDIT</string>
</entry>
<entry>
<string>CIELO_TID</string>
<string>1006993069000509C28A</string>
</entry>
</extraParameters>
</transactionResponse>
</paymentResponse>
Charge
Use this method to perform a one-step flow, namely a charge. In this step, both steps of the two-step flow are combined in a single transaction and the funds are transferred from the customers account to your PayU account once they have been approved:
The following are the request and response bodies for this transaction type.
Request body:
{
"language": "es",
"command": "SUBMIT_TRANSACTION",
"merchant": {
"apiKey": "4Vj8eK4rloUd272L48hsrarnUA",
"apiLogin": "pRRXKOl8ikMmt9u"
},
"transaction": {
"order": {
"accountId": "512327",
"referenceCode": "PRODUCT_TEST_2021-06-17T19:11:57.179Z",
"description": "Payment test description",
"language": "es",
"signature": "fbc089272288edc52c332395d9566f4c",
"notifyUrl": "http://www.payu.com/notify",
"additionalValues": {
"TX_VALUE": {
"value": 1000,
"currency": "BRL"
}
},
"submerchant": {
"fullName": "ROBSON BATISTA DE OLIVEIRA",
"address": {
"street1": "Rua Alsácia",
"street2": null,
"street3": null,
"city": "São Paulo",
"state": "SP",
"country": "BR",
"postalCode": "04630010",
"phone": null
},
"identification": "17126661851",
"identificationType": "CNPJ"
},
"buyer": {
"merchantBuyerId": "1",
"fullName": "First name and second buyer name",
"emailAddress": "buyer_test@test.com",
"contactPhone": "7563126",
"dniNumber": "811.807.405-64",
"cnpj": "32593371000110",
"shippingAddress": {
"street1": "Quadra QNP 34 Conjunto G 780",
"street2": "5555487",
"city": "Manaos",
"state": "SP",
"country": "BR",
"postalCode": "10012545",
"phone": "(11)756312633"
}
},
"shippingAddress": {
"street1": "Quadra QNP 34 Conjunto G 780",
"street2": "5555487",
"city": "Manaos",
"state": "SP",
"country": "BR",
"postalCode": "10012545",
"phone": "(11)756312633"
}
},
"creditCard": {
"number": "5178151142107990",
"securityCode": "777",
"expirationDate": "2022/12",
"name": "APPROVED"
},
"extraParameters": {
"INSTALLMENTS_NUMBER": 1
},
"type": "AUTHORIZATION_AND_CAPTURE",
"paymentMethod": "MASTERCARD",
"paymentCountry": "BR",
"deviceSessionId": "vghs6tvkcle931686k1900o6e1",
"ipAddress": "127.0.0.1",
"cookie": "pt1t38347bs6jc9ruv2ecpv7o2",
"userAgent": "Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0",
"threeDomainSecure": {
"embedded": false,
"eci": "01",
"cavv": "AOvG5rV058/iAAWhssPUAAADFA==",
"xid": "Nmp3VFdWMlEwZ05pWGN3SGo4TDA=",
"directoryServerTransactionId": "00000-70000b-5cc9-0000-000000000cb"
}
},
"test": false
}
Response body:
{
"code": "SUCCESS",
"error": null,
"transactionResponse": {
"orderId": 1400437001,
"transactionId": "f0f8c441-43e8-490a-b4f2-c14d2c403175",
"state": "APPROVED",
"paymentNetworkResponseCode": "6",
"paymentNetworkResponseErrorMessage": null,
"trazabilityCode": "282856",
"authorizationCode": "MOCK-CIELO-1624047897817",
"pendingReason": null,
"responseCode": "APPROVED",
"errorCode": null,
"responseMessage": null,
"transactionDate": null,
"transactionTime": null,
"operationDate": 1624029898077,
"referenceQuestionnaire": null,
"extraParameters": {
"BANK_REFERENCED_CODE": "CREDIT",
"CIELO_TID": "1006993069000509C28A"
},
"additionalInfo": null
}
}
Request body:
<request>
<language>es</language>
<command>SUBMIT_TRANSACTION</command>
<merchant>
<apiKey>4Vj8eK4rloUd272L48hsrarnUA</apiKey>
<apiLogin>pRRXKOl8ikMmt9u</apiLogin>
</merchant>
<transaction>
<order>
<accountId>512327</accountId>
<referenceCode>PRODUCT_TEST_2021-06-17T19:11:57.179Z</referenceCode>
<description>Payment test description</description>
<language>es</language>
<signature>fbc089272288edc52c332395d9566f4c</signature>
<notifyUrl>http://www.payu.com/notify</notifyUrl>
<additionalValues>
<entry>
<string>TX_VALUE</string>
<additionalValue>
<value>1000</value>
<currency>BRL</currency>
</additionalValue>
</entry>
</additionalValues>
<submerchant>
<address>
<city>São Paulo</city>
<country>BR</country>
<postalCode>04630010</postalCode>
<state>SP</state>
<street1>Rua Alsácia</street1>
</address>
<fullName>ROBSON BATISTA DE OLIVEIRA</fullName>
<identification>17126661851</identification>
<identificationType>cnpj</identificationType>
</submerchant>
<buyer>
<merchantBuyerId>1</merchantBuyerId>
<fullName>First name and second buyer name</fullName>
<emailAddress>buyer_test@test.com</emailAddress>
<contactPhone>7563126</contactPhone>
<dniNumber>811.807.405-64</dniNumber>
<cnpj>32593371000110</cnpj>
<shippingAddress>
<street1>Quadra QNP 34 Conjunto G 780</street1>
<street2>5555487</street2>
<city>Manaos</city>
<state>SP</state>
<country>BR</country>
<postalCode>10012545</postalCode>
<phone>(11)756312633</phone>
</shippingAddress>
</buyer>
<shippingAddress>
<street1>Quadra QNP 34 Conjunto G 780</street1>
<street2>5555487</street2>
<city>Manaos</city>
<state>SP</state>
<country>BR</country>
<postalCode>0000000</postalCode>
<phone>(11)756312633</phone>
</shippingAddress>
</order>
<creditCard>
<number>5178151142107990</number>
<securityCode>777</securityCode>
<expirationDate>2022/12</expirationDate>
<name>APPROVED</name>
</creditCard>
<extraParameters>
<entry>
<string>INSTALLMENTS_NUMBER</string>
<string>1</string>
</entry>
</extraParameters>
<type>AUTHORIZATION_AND_CAPTURE</type>
<paymentMethod>MASTERCARD</paymentMethod>
<paymentCountry>BR</paymentCountry>
<deviceSessionId>vghs6tvkcle931686k1900o6e1</deviceSessionId>
<ipAddress>127.0.0.1</ipAddress>
<cookie>pt1t38347bs6jc9ruv2ecpv7o2</cookie>
<userAgent>Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0</userAgent>
<threeDomainSecure>
<embedded>false</embedded>
<eci>01</eci>
<cavv>AOvG5rV058/iAAWhssPUAAADFA==</cavv>
<xid>Nmp3VFdWMlEwZ05pWGN3SGo4TDA=</xid>
<directoryServerTransactionId>00000-70000b-5cc9-0000-000000000cb</directoryServerTransactionId>
</threeDomainSecure>
</transaction>
<isTest>false</isTest>
</request>
Response body:
<paymentResponse>
<code>SUCCESS</code>
<transactionResponse>
<orderId>1400437005</orderId>
<transactionId>5d3cea31-c5e5-4105-9359-984edcaede37</transactionId>
<state>APPROVED</state>
<paymentNetworkResponseCode>6</paymentNetworkResponseCode>
<trazabilityCode>282856</trazabilityCode>
<authorizationCode>MOCK-CIELO-1624047952405</authorizationCode>
<responseCode>APPROVED</responseCode>
<operationDate>2021-06-18T10:25:52</operationDate>
<extraParameters>
<entry>
<string>BANK_REFERENCED_CODE</string>
<string>CREDIT</string>
</entry>
<entry>
<string>CIELO_TID</string>
<string>1006993069000509C28A</string>
</entry>
</extraParameters>
</transactionResponse>
</paymentResponse>
What´s next?
- Contact your sales representative.
- Update your integration code. Please keep in mind that this functionality is supported only through API integration.
- Test the functionality and go live.
Everything else remains the same!
Last modified
June 13, 2024:
Documentation updates (e7dea052c)