3DS Payment
API data
API Gateway
This API is used for payment gateway operations:
- Production: https://api.sopague.com.br/gateway
- Sandbox: https://api-hmg.sopague.com.br/gateway
- Architecture: Representational State Transfer (REST)
Perform 3DS payment
To create a transaction that will use a debit card, send a POST request to v1/payments/3ds. Make sure the Anti-fraud and 3DS libraries are correctly implemented. See the corresponding sections in this documentation for more information.
POST /v1/payments/3ds
Via REST request with the following body:
Request
{
"cardInfo": {
"cardholderName": "string",
"expirationMonth": "string",
"expirationYear": "string",
"numberToken": "string",
"securityCode": "string",
"encryptedCard": "string"
},
"customer": {
"documentNumber": "string",
"address": "string",
"city": "string",
"complement": "string",
"country": "string",
"email": "string",
"firstName": "string",
"ipAddress": "string",
"lastName": "string",
"mobilePhoneNumber": "string",
"phoneNumber": "string",
"state": "string",
"zipCode": "string"
},
"deviceInfo": {
"httpAcceptBrowserValue": "string",
"httpAcceptContent": "string",
"httpBrowserColorDepth": 0,
"httpBrowserJavaEnabled": "string",
"httpBrowserJavaScriptEnabled": true,
"httpBrowserLanguage": "string",
"httpBrowserScreenHeight": 0,
"httpBrowserScreenWidth": 0,
"httpBrowserTimeDifference": 0,
"ipAddress": "string",
"userAgentBrowserValue": "string"
},
"payment": {
"amount": 0,
"installments": 0,
"productType": "string",
"recurrent": true,
"transactionType": "string"
},
"referenceTransaction": "string",
"urlCallBack": "string",
"sellerInfo": {
"code3DS": "string",
"codeAntiFraud": "string",
"urlSite3DS": "string"
},
"configSplit": [
{
"documentNumberBeneficiary": "string",
"percent": 0,
"type": "string"
}
]
}
Data dictionary - Parameters
| PROPERTY | DESCRIPTION | TYPE | LOCATION | REQUIRED | SIZE |
|---|---|---|---|---|---|
| Payment.TransactionType | Transaction type. | string | body | yes | fixed |
| Payment.Amount | Order amount (in cents). | integer | body | yes | 10 |
| Payment.ProductType | Product type – avista / lojista. | string | body | yes | fixed |
| Payment.Installments | Number of installments. | integer | body | yes | 2 |
| ReferenceTransaction | Payment reference provided by the integrator (returned in reconciliation). | string | body | no | 50 |
| UrlCallBack | Merchant callback URL for the payment/3DS flow. | string | body | no | 500 |
| SellerInfo.codeAntiFraud | Code obtained via the anti-fraud library. | guid | body | yes | 36 |
| SellerInfo.code3DS | Code obtained via the 3DS library. | string | body | yes | 36 |
| SellerInfo.urlSite3DS | Merchant site URL used for 3DS. | string | body | yes | 2048 |
| ConfigSplit | Payment split configuration list (splits the amount between multiple beneficiaries). | array | body | no | - |
| ConfigSplit[].documentNumberBeneficiary | Beneficiary CPF/CNPJ (numbers only, no mask). | string | body | no | 14 |
| ConfigSplit[].percent | Split percentage (0–100). | decimal | body | no | 5,2 |
| ConfigSplit[].type | Split type: bruto (gross amount) or liquido (after fees). | string | body | no | 10 |
| CardInfo.NumberToken | Tokenized card identifier. | string | body | no | fixed |
| CardInfo.CardholderName | Cardholder name printed on the card. | string | body | yes | 30 |
| CardInfo.SecurityCode | Security code (CVV). | string | body | no | 4 |
| CardInfo.Brand | Card brand (optional). | string | body | no | fixed |
| CardInfo.ExpirationMonth | Card expiration month (two digits). | string | body | no | 2 |
| CardInfo.ExpirationYear | Card expiration year (two digits). | string | body | no | 2 |
| CardInfo.EncryptedCard | Card data encrypted with the RSA public key obtained from /cards/public-key (safe alternative to sending card data in plain text). | string | body | no | 2048 |
| Customer.DocumentNumber | Customer document number (numbers only, no mask). | string | body | no | 20 |
| Customer.FirstName | Customer first name. | string | body | no | 60 |
| Customer.LastName | Customer last name. | string | body | no | 60 |
| Customer.Email | Customer email. | string | body | no | 255 |
| Customer.PhoneNumber | Customer phone number. | string | body | no | 15 |
| Customer.MobilePhoneNumber | Customer mobile phone number. | string | body | no | 25 |
| Customer.Address | Customer address. | string | body | no | 60 |
| Customer.Complement | Address complement. | string | body | no | 60 |
| Customer.City | Customer city. | string | body | no | 50 |
| Customer.State | Customer state. | string | body | no | 2 |
| Customer.ZipCode | Customer ZIP/postal code. | string | body | no | 10 |
| Customer.IpAddress | Customer device IP address. | string | body | no | 48 |
| Customer.Country | Customer country. | string | body | no | 2 |
| DeviceInfo.httpAcceptBrowserValue | 3DS - Browser Accept header value (required for 3DS). | string | body | no | 255 |
| DeviceInfo.httpAcceptContent | 3DS - Exact HTTP Accept header value (required for 3DS). | string | body | no | 256 |
| DeviceInfo.httpBrowserLanguage | 3DS - Browser language (IETF language tag). See: https://www.techonthenet.com/js/language_tags.php | string | body | no | 8 |
| DeviceInfo.httpBrowserJavaEnabled | 3DS - Whether Java is enabled (Y or N). | string | body | no | 1 |
| DeviceInfo.httpBrowserJavaScriptEnabled | 3DS - Whether JavaScript is enabled (Y or N). | string | body | no | 1 |
| DeviceInfo.httpBrowserColorDepth | 3DS - Screen color depth in bits. | string | body | no | 3 |
| DeviceInfo.httpBrowserScreenHeight | 3DS - Screen height in pixels. | string | body | no | 4 |
| DeviceInfo.httpBrowserScreenWidth | 3DS - Screen width in pixels. | string | body | no | 4 |
| DeviceInfo.httpBrowserTimeDifference | 3DS - Timezone offset in minutes between GMT and the browser. | string | body | no | 4 |
| DeviceInfo.userAgentBrowserValue | 3DS - Exact User-Agent header value (required for 3DS). | string | body | no | 255 |
Note
Installment payments: For installment payments, use productType as lojista. For one-time payments (single installment), use avista.
Domains
| PROPERTY | VALUES |
|---|---|
| Payment.TransactionType | debit |
| Payment.ProductType | debito |
| CardInfo.Brand | visa, mastercard, amex, elo, hipercard |
| Customer.DocumentType | cpf, cnpj |
- 🟢 200
- 🔴 400
- 🔴 500
Payment completed successfully
{
"paymentAuthorization": {
"amount": 10,
"authorizationCode": "727874",
"description": "Sucesso",
"orderNumber": "956a3013-c9a7",
"paymentId": "020062004408221314340001417728510000000000",
"releaseAt": "2024-08-22T10:14:34.0772056-03:00",
"returnCode": "0"
},
"threeDs": {
"eci": "05",
"paresStatus": "Y",
"status": "Silent",
"threeDsStatus": "AUTHENTICATION_SUCCESSFUL",
"threeDsVersion": "2.1.0",
"veresEnrolled": "Y"
}
}
Data dictionary - Response
| PROPERTY | DESCRIPTION | TYPE |
|---|---|---|
| ReturnCode | Return code. | string |
| Description | Return description. | string |
| PaymentId | Payment identifier (also known as TID). | string |
| AuthorizationCode | Authorization code. | string |
| OrderNumber | orderNumber provided by the client in the payment request. | string |
| ExpireAt | Expiration date/time for pre-authorizations. | datetime |
| Amount | Order amount (in cents). | integer |
| ReleaseAt | Payment timestamp. | datetime |
| ThreeDs.Status | 3DS challenge status (when 3DS requests a challenge). | string |
| ThreeDs.ThreeDsVersion | 3DS version (in challenge flows). | string |
| ThreeDs.AcsUrl | ACS URL returned for challenge flows; pass it to initChallenge(acsUrl, pareq, authenticationTransactionId). | string |
| ThreeDs.Pareq | PaReq returned for challenge flows; pass it to initChallenge(acsUrl, pareq, authenticationTransactionId). | string |
| ThreeDs.AuthenticationTransactionId | Authentication transaction id returned for challenge flows; pass it to initChallenge(acsUrl, pareq, authenticationTransactionId). | string |
Request error or 3DS validation error
[
{
"tag": "3DS Fail",
"description": "eci: 00 - threeDsVersion: 2.1.0 - threeDsStatus:
AUTHENTICATION_SUCCESSFUL - veresEnrolled: U - directoryServerErrorCode: 203 -
directoryServerErrorDescription: Format of one or more elements is invalid according to
the specification threeDSRequestorURL,"
}
]
Data dictionary - Response
| PROPERTY | DESCRIPTION | TYPE |
|---|---|---|
| tag | Error tag. | string |
| description | Error description. | string |
Internal error
[
{
"tag": "",
"description": "Não foi possível executar comando. Erro desconhecido."
}
]
Data dictionary - Response
| PROPERTY | DESCRIPTION | TYPE |
|---|---|---|
| tag | Error tag. | string |
| description | Error description. | string |