Transaction
Pix Hub Transaction
General Information
This document specifies the Pix Hub API for transactional operations involving collections and payments via Pix. Key features include:
- Authentication: Obtaining a token for all operations.
- Generation of Pix Collections: Create Pix collections efficiently and securely.
- Pix Payment Consultation: Check the status and details of payments made via Pix.
- Return: Return payments via Pix efficiently.
Environments
- Production:
https://connect.latam.fiservapis.com - Certification:
https://connect-cert.latam.fiservapis.com
Error Structure
All errors handled are returned in the following standard format:
{
"message": "Error message",
"details": [
{
"errorCode": 0,
"error": "Description of the error"
}
]
}
Default Headers
Some information is required in all requests:
| Header | Description |
|---|---|
| Authorization | Authentication token. See POST /token |
| apikey | Made available by Fiserv after accreditation |
| x-timestamp | Timestamp of the request. Also used for the generation of HMAC signature |
| x-hmac-signature | HMAC signature generated. See HMAC Calculation section |
POST /token
Authentication endpoint required for all calls. Get the authentication token through a client_secret and client_id. Send via application/x-www-form-urlencoded and use the Bearer token for subsequent requests.
See Authentication Documentation
HMAC Calculation
The HMAC must be calculated using the SHA256 algorithm and the private key provided by Fiserv, containing the following concatenated fields:
APIKEY + TIMESTAMP + REQUEST_BODY + URL_PATH
Postman Script Example
var CryptoJS = require("crypto-js");
function setHMACAuth(request) {
const currentDate = new Date();
var API_KEY = pm.collectionVariables.get('apikey');
var SECRET = pm.collectionVariables.get('secret');
var requestId = generateUUID();
const timestamp = currentDate.getTime().toString();
var rawData = API_KEY + timestamp + request.body.toString() + '/' + pm.request.url.path.toString().replaceAll(',', '/');
var signedValue = CryptoJS.algo.HMAC.create(CryptoJS.algo.SHA256, SECRET).update(rawData).finalize();
hashedStringRequest = CryptoJS.enc.Base64.stringify(signedValue);
pm.request.headers.add({ key: "x-timestamp", value: timestamp });
pm.request.headers.add({ key: "x-hmac-signature", value: hashedStringRequest });
pm.request.headers.add({ key: "x-request-id", value: requestId });
}
function generateUUID() {
return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function(c) {
var r = Math.random() * 16 | 0, v = c == 'x' ? r : (r & 0x3 | 0x8);
return v.toString(16);
});
}
setHMACAuth(pm.request);
Charges (Collections)
POST /apm/pix/v1/charges
Create a Pix charge (QR Code).
Request Fields
| Field | Type | Description | Mandatory |
|---|---|---|---|
| omniPaymentId | string | Fiserv OmniPayment ID | yes |
| amount | decimal | Payment amount | yes |
| providers | object | PSP list and Credential Alias. If not provided, default values from onboarding are used | no |
| providers.providerCode | string | Code provided by the Central Bank for each PSP | no |
| providers.credentialAlias | string | Credential alias earned after registering a PSP credential during the onboarding process | no |
| expiration | number | QR Code expiration time in seconds. Default: 900 | no |
| payerRequest | string | Text presented to the payer for entering related information (up to 140 characters in pacs.008) | no |
| additionalInfo[].name | string | Additional information label presented to the payer | no |
| additionalInfo[].value | string | Additional information value presented to the payer | no |
Response Fields
| Field | Type | Description |
|---|---|---|
| tid | string | Fiserv transaction ID, alphanumeric up to 60 characters |
| txid | string | Pix payment transaction ID with BACEN, alphanumeric up to 36 characters |
| provider.providerCode | string | PSP used to carry out the transaction |
| provider.credentialAlias | string | Credential used to perform the transaction |
| pixCopyPaste | string | Payment QR code, alphanumeric up to 750 characters |
| status | string | Payment status. Possible values: PENDING, DENIED |
GET /apm/pix/v1/charges/{tid}
Query a charge by transaction ID.
Request Fields
| Field | Type | Description | Mandatory |
|---|---|---|---|
| tid | string | Fiserv Transaction ID | yes |
Response Fields
| Field | Type | Description |
|---|---|---|
| tid | string | Fiserv transaction ID, alphanumeric up to 60 characters |
| txid | string | Pix payment transaction ID with BACEN, alphanumeric up to 36 characters |
| endToEndId | string | Transaction ID between PSPs, alphanumeric up to 36 characters |
| provider.providerCode | string | PSP used to carry out the transaction |
| provider.credentialAlias | string | Credential used to perform the transaction |
| refunds[].rtrId | string | Chargeback transaction ID between PSPs, alphanumeric up to 32 characters |
| refunds[].amount | decimal | Reversed amount |
| refunds[].solicitedAt | string | Chargeback date and time |
| refunds[].status | string | Chargeback status |
| status | string | Payment status. Possible values: PENDING, CANCELLED, EXPIRED, FINISHED, REVERSED |
| amount | number | Payment amount. Format: DDDDDDDD.DD |
| pixCopyPaste | string | Payment QR code, alphanumeric up to 750 characters |
PUT /apm/pix/v1/charges/{tid}/refund
Request a reversal (chargeback) of the charge amount. Should only be used after the customer has already made the payment and the transaction is finalized.
Request Fields
| Field | Type | Description | Mandatory |
|---|---|---|---|
| amount | number | Amount to be refunded | yes |
Response Fields
| Field | Type | Description |
|---|---|---|
| tid | string | Fiserv transaction ID, alphanumeric up to 60 characters |
| txid | string | Pix payment transaction ID with BACEN, alphanumeric up to 36 chars |
| rtrId | string | Chargeback transaction ID between PSPs, alphanumeric up to 32 chars |
| amount | decimal | Reversed amount |
| solicitedAt | string | Date and time of the request |
| status | string | Chargeback status. Possible values: CONFIRMED |
Charges with Due Date (Pix COBV)
POST /apm/pix/v2/charges-duedate
Create a Pix charge with a due date (COBV format).
Request Fields
| Field | Type | Description | Mandatory |
|---|---|---|---|
| omniPaymentId | string | Fiserv OmniPayment ID | yes |
| amount | decimal | Payment amount | yes |
| providers | object | PSP list and Credential Alias. If not provided, default values from onboarding are used | no |
| providers.providerCode | string | Code provided by the Central Bank for each PSP | no |
| providers.credentialAlias | string | Credential alias earned after registering a PSP credential during the onboarding process | no |
| dueDate | date | Payment due date (ISO 8601, e.g. 2026-12-01). Payment can be made up to and including this date | yes |
| expirationDate | date | Deadline for payment after the due date (ISO 8601). Must be greater than dueDate. Defaults to dueDate + 30 days | no |
| payerRequest | string | Text presented to the payer for entering related information (up to 140 characters in pacs.008) | no |
| additionalInfo[].name | string | Additional information label presented to the payer | no |
| additionalInfo[].value | string | Additional information value presented to the payer | no |
| interestModality | string | Interest calculation method. Possible values: DAILY_FIXED_VALUE, DAILY_PERCENTAGE, MONTHLY_PERCENTAGE, YEARLY_PERCENTAGE, BUSINESS_DAY_VALUE, BUSINESS_DAY_PERCENT, BUSINESS_MONTH_PERCENT, BUSINESS_YEAR_PERCENT | no |
| interestValue | string | Interest value (absolute or percentage, per interestModality). Pattern: \d{1,10}\.\d{2} | no |
| penaltyModality | string | Penalty value format: FIXED or PERCENTAGE. Mandatory when penaltyValue is informed | no |
| penaltyValue | string | Penalty value (absolute or percentage, per penaltyModality). Pattern: \d{1,10}\.\d{2} | no |
| discountModality | string | Discount calculation method. Possible values: FIXED_AMOUNT_WITH_DATE, PERCENTAGE_WITH_DATE, VALUE_ADVANCE_CALENDAR, VALUE_ADVANCE_BUSINESS, PERCENT_ADVANCE_CALENDAR, PERCENT_ADVANCE_BUSINESS | no |
| discounts[].discountDate | date | Mandatory when discountModality is FIXED_AMOUNT_WITH_DATE or PERCENTAGE_WITH_DATE (ISO 8601) | no |
| discounts[].discountValue | string | Discount value (absolute or percentage). Pattern: \d{1,10}\.\d{2} | no |
| rebateModality | string | Rebate value format: FIXED or PERCENTAGE. Mandatory when interestValue is informed | no |
| rebateValue | string | Rebate value (absolute or percentage, per rebateModality) | no |
| payer.personType | string | Payer type: COMPANY for companies or INDIVIDUAL for individuals | yes |
| payer.taxNumber | string | Payer's tax number. CPF (11 digits) for individuals or CNPJ (^[0-9A-Z]{14}$) for companies | yes |
| payer.name | string | Payer's name | yes |
| payer.email | string | Payer's email (up to 100 characters) | no |
| payer.address.street | string | Payer's street (up to 200 characters) | no |
| payer.address.city | string | Payer's city (up to 100 characters) | no |
| payer.address.state | string | Payer's state abbreviation (UF, 2 characters) | no |
| payer.address.postalCode | string | Payer's postal code (up to 8 characters) | no |
| receiver.pixKey | string | Receiver's Pix key (CPF/CNPJ, mobile phone with country code, email, or random UUID key - 36 characters) | yes |
Response Fields
| Field | Type | Description |
|---|---|---|
| tid | string | Fiserv transaction ID, alphanumeric up to 60 characters |
| txid | string | Pix payment transaction ID with BACEN, alphanumeric up to 36 characters |
| provider.providerCode | string | PSP used to carry out the transaction |
| provider.credentialAlias | string | Credential used to perform the transaction |
| pixCopyPaste | string | Payment QR code, alphanumeric up to 750 characters |
| status | string | Payment status. Possible values: PENDING, DENIED |
| dueDate | date | Payment due date |
| expirationDate | date | Payment expiration date |
| payer.email | string | Payer's email |
| payer.address.street | string | Payer's street |
| payer.address.city | string | Payer's city |
| payer.address.state | string | Payer's state (UF) |
| payer.address.postalCode | string | Payer's postal code |
| receiver.pixKey | string | Receiver's Pix key |
| interestValue | number | Interest value. Format: DDDDDDDD.DD |
| penaltyValue | number | Penalty value. Format: DDDDDDDD.DD |
| rebateValue | number | Rebate value. Format: DDDDDDDD.DD |
| discounts[].discountDate | date | Discount date |
| discounts[].discountValue | number | Discount value |
GET /apm/pix/v2/charges-duedate/{tid}
Query a Pix COBV charge by transaction ID.
Request Fields
| Field | Type | Description | Mandatory |
|---|---|---|---|
| tid | string | Fiserv Transaction ID | yes |
Response Fields
| Field | Type | Description |
|---|---|---|
| tid | string | Fiserv transaction ID, alphanumeric up to 60 characters |
| txid | string | Pix payment transaction ID with BACEN, alphanumeric up to 36 characters |
| endToEndId | string | Transaction ID between PSPs, alphanumeric up to 36 characters |
| provider.providerCode | string | PSP used to carry out the transaction |
| provider.credentialAlias | string | Credential used to perform the transaction |
| refunds[].rtrId | string | Chargeback transaction ID between PSPs |
| refunds[].amount | decimal | Reversed amount |
| refunds[].solicitedAt | string | Chargeback date and time |
| refunds[].status | string | Chargeback status |
| status | string | Payment status. Possible values: PENDING, CANCELLED, EXPIRED, FINISHED, REVERSED |
| amount | number | Payment amount. Format: DDDDDDDD.DD |
| dueDate | date | Payment due date |
| expirationDate | date | Payment expiration date |
| pixCopyPaste | string | Payment QR code, alphanumeric up to 750 characters |
| payer.email | string | Payer's email |
| payer.address.street | string | Payer's street |
| payer.address.city | string | Payer's city |
| payer.address.state | string | Payer's state (UF) |
| payer.address.postalCode | string | Payer's postal code |
| payer.taxNumber | string | Payer's tax number (CPF or CNPJ) |
| payer.name | string | Payer's name |
| receiver.pixKey | string | Receiver's Pix key |
| interestValue | number | Interest value. Format: DDDDDDDD.DD |
| penaltyValue | number | Penalty value. Format: DDDDDDDD.DD |
| rebateValue | number | Rebate value. Format: DDDDDDDD.DD |
| discounts[].discountDate | date | Discount date |
| discounts[].discountValue | number | Discount value |
PUT /apm/pix/v1/charges/{tid}/cancel
Cancel the QR Code of the generated charge. Use this to cancel before the customer makes the payment, or when the transaction status has not yet been returned. If the transaction has already been paid, a refund will be requested automatically.
Request Fields
| Field | Type | Description | Mandatory |
|---|---|---|---|
| tid | string | Fiserv Transaction ID | yes |
Response Fields
| Field | Type | Description |
|---|---|---|
| tid | string | Pix Hub transaction ID, alphanumeric up to 60 characters |
| txid | string | Pix payment transaction ID with BACEN, alphanumeric up to 36 characters |
| status | string | Payment status. Possible values: PENDING, CANCELLED, DENIED, FINISHED |
| provider.providerCode | string | PSP used to carry out the transaction |
| provider.credentialAlias | string | Credential used to perform the transaction |
Transaction Callback
After the payment is made or the QR Code expires, the registered URL will receive the following notification.
For security reasons, when receiving a callback, validate the
Api-Keyand theAuthorization(HMAC signature).
Callback Request Headers
| Field | Type | Description |
|---|---|---|
| Client-Request-Id | string | Request ID (UUID) |
| Api-Key | string | API Key registered during the onboarding process |
| Timestamp | string | Date and time of submission of the request |
| Auth-Token-Type | string | Always HMAC |
| Authorization | string | HMAC Signature: SHA256(Api-Key + Client-Request-Id + Timestamp + RequestBody) |
Callback HMAC Calculation
The HMAC must be calculated using the SHA256 algorithm and the private key registered during onboarding, containing the following concatenated fields:
Api-Key + Client-Request-Id + Timestamp + RequestBody
Note: The JSON of the request body must be in compact format (inline), without line breaks or extra formatting. Do not include invisible characters such as
\r,\n, or unnecessary spaces.
const crypto = require('crypto');
function guid() {
function s4() {
return Math.floor((1 + Math.random()) * 0x10000).toString(16).substring(1);
}
return s4() + s4() + s4() + s4() + s4() + s4() + s4() + s4();
}
const apiKey = "API_KEY";
const secret = "SECRET";
const clientRequestId = guid();
const timeStamp = new Date().getTime();
const requestBody = JSON.stringify(request.data);
const rawSignature = apiKey + clientRequestId + timeStamp + requestBody;
const hmac = crypto.createHmac('sha256', secret);
hmac.update(rawSignature);
const computedHmac = hmac.digest('base64');
const headers = {
"content-type": "application/json",
"client-request-id": clientRequestId,
"Api-Key": apiKey,
"Timestamp": timeStamp,
"Auth-Token-Type": "HMAC",
"Authorization": computedHmac
};
Callback Fields
| Field | Type | Description |
|---|---|---|
| tid | string | Fiserv transaction ID, alphanumeric up to 60 characters |
| txid | string | Pix payment transaction ID with BACEN, up to 36 characters |
| endToEndId | string | Transaction ID between PSPs, alphanumeric up to 36 characters |
| status | string | Payment status. Possible values: FINISHED, EXPIRED |
| operationType | number | Transaction type: 0 – Charge, 3 – Expiration |
| rtrId | string | Chargeback ID (for chargeback confirmation only) |
| provider.providerCode | string | PSP used to carry out the transaction |
| provider.credentialAlias | string | Credential used to perform the transaction |
Updated 5 days ago