Create Pre-Authorization
import ApiDoc from '../../../../../src/components/api-doc/ApiDoc';
import ResponseCodes from './codigos-de-resposta.md';
WARNING: This page is a document under construction, subject to change without notice, and still uncoupled from our full documentation. If you wish to access all our documentation, check here.
Pre-authorization interface that allows the merchant to perform pre-authorization requests in a single call. Click here for more information on pre-authorization capture.
Request details
- Resource:
/v2/preauthorizations/
- HTTP Method:
POST
- Request format:
JSON
- Response format:
JSON
- Header parameters:
Parameter | Description | Format | Mandatory |
---|---|---|---|
Content-Type | Fixed value application/json | = 15 AN | YES |
merchant_id | Merchant code on Carat Portal. The production and certification codes will be different. | < 15 AN | YES |
merchant_key | Merchant authentication key on Carat Portal. The production and certification keys will be different. | < 80 AN | YES |
Examples:
Request:
To use this example, don't forget to define the variable {{url}}
to the value
curl
--request POST "https://{{url}}/e-sitef/api/v2/preauthorizations/"
--header "Content-Type: application/json"
--header "merchant_id: xxxxxxxx"
--header "merchant_key: xxxxxxxxxxx"
--data-binary
{
"order_id":"123255",
"merchant_usn":"20190101",
"amount":"100",
"authorizer_id":"2",
"installments":"2",
"installment_type":"4",
"card":{
"number":"xxxxxxxxxxxxxxxx",
"expiry_date":"1225",
"security_code":"123"
}
}
--verbose
Response:
{
"code":"0",
"message":"OK. Transaction successful.",
"pre_authorization":{
"authorizer_code":"000",
"authorizer_message":"Transacao OK.",
"status":"CON",
"nit":"1234567890abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmnopqr",
"customer_receipt":"=== CUSTOMER RECEIPT ===",
"merchant_receipt":"=== MERCHANT RECEIPT ===",
"authorizer_id":"2",
"authorizer_date":"09/11/2018T19:40",
"acquirer_id":"229",
"acquirer_name":"Bin",
"authorization_number":"013245",
"merchant_usn":"20190101",
"esitef_usn":"181109017689784",
"order_id":"123255",
"sitef_usn":"212194",
"host_usn":"999212194",
"amount":"100",
"issuer":"2",
"payment_type":"C",
"authorizer_merchant_id":"000000000000000",
"standin_details": "000001",
"cvv_result_code": "M"
}
}
Pre-Authorization with CARD PAR Token
An object {{card}}
was created that receives the field {{par}}
: The Payment Account Reference, it is a value linked to the PAN: Primary Account Number of a Mastercard card.
Request:
It is worth emphasizing that it will only work if the variable {{cryptogram}}
is defined in the request.
curl
--request POST "https://{{url}}/e-sitef/api/v2/preauthorizations/"
--header "Content-Type: application/json"
--header "merchant_id: xxxxxxxx"
--header "merchant_key: xxxxxxxxxxx"
--data-binary
{
"merchant_usn":"1709151775",
"order_id":"0001709151774770",
"installments":"1",
"installment_type":"4",
"authorizer_id":"2",
"amount":"100",
"soft_descriptor": "Empresa Aluguel de carros XYZ",
"card":{
"number":"555555555555555",
"expiry_date":"1227",
"security_code":"157",
"cryptogram": "ALRzlt6NKQtPAAZAkOuIAAADFA==",
"wallet_type": "network_token"
}
}'
Response:
{
"code": "0",
"message": "OK. Transaction successful.",
"card": {
"par": "A80pcFJxz0FgEK6qDggFpM5KUl2Jf"
},
"pre_authorization": {
"authorizer_code": "000",
"authorizer_message": "TRANSACAO APROVADA",
"status": "CON",
"nit": "74e3fa7509d683c73240e4868ec7b75b14170547567b809f6f2698f234ab8f4f",
"order_id": "0001709151682784",
"customer_receipt": "====CUPOM COMPRADOR====",
"merchant_receipt": "====CUPOM ESTABELECIMENTO====",
"authorizer_id": "2",
"acquirer_id": "2651",
"acquirer_name": "Bin (Via Servicos TEF)",
"authorizer_date": "28/02/2024T17:21",
"authorization_number": "242440",
"merchant_usn": "1709151683",
"esitef_usn": "240228062687254",
"sitef_usn": "304331",
"host_usn": "43734572891",
"amount": "100",
"payment_type": "C",
"terminal_id": "ES000001",
"card_par": "A80pcFJxz0FgEK6qDggFpM5KUl2Jf",
"recurrency_tid": "969452034274685",
"standin_details": "000001",
"cvv_result_code": "M"
}
}
Pre-Authorization - Network Token
Some card brands have a tokenization solution that offers card storage encrypted in safes at the brand itself. This brand tokenization is intended to improve the security and quality of the transmitted card information, which may increase checkout conversion rates.
Request:
To use this example, don't forget to define the variable {{url}}
to the value
curl
--request POST "https://{{url}}/e-sitef/api/v2/preauthorizations/"
--header "Content-Type: application/json"
--header "merchant_id: xxxxxxxx"
--header "merchant_key: xxxxxxxxxxx"
--data-binary
{
"order_id":"1670945065929",
"merchant_usn":"16114726760",
"amount":"25255",
"authorizer_id":"2",
"installments":"2",
"installment_type":"4",
"card": {
"expiry_date": "1023",
"number": "xxxxxxxxxxxxxxxx",
"security_code": "123",
"cryptogram":"ALRzlt6NKQtPAAZAkOuIAAADFA=="
}
}'
Response:
{
"code": "0",
"message": "OK. Transaction successful.",
"pre_authorization": {
"authorizer_code": "000",
"authorizer_message": "Transacao Aprov.",
"status": "CON",
"nit": "8621c93b58e507d3fe0bda407f5cb0b1fe3971df591fd2652cc9f737134502d3",
"order_id": "1670945065929",
"customer_receipt":"=== CUSTOMER RECEIPT ===",
"merchant_receipt":"=== MERCHANT RECEIPT ===",
"authorizer_id": "2",
"acquirer_id": "229",
"acquirer_name": "Bin",
"authorizer_date": "13/12/2022T12:24",
"authorization_number": "136231",
"merchant_usn": "16114726760",
"esitef_usn": "221213115168264",
"sitef_usn": "136231",
"host_usn": "999136231 ",
"amount": "25255",
"payment_type": "C",
"issuer": "1",
"authorizer_merchant_id": "000000000000005",
"terminal_id": "ES000038",
"standin_details": "000001",
"cvv_result_code": "M"
}
}
Request Parameters
Parameter | Description | Format | Mandatory |
---|---|---|---|
amount | Total purchase amount (in cents). Example: 1.00 = 100 or 1,100.00 = 110000 – send amount without dots or commas | < 12N | Yes |
encrypted_card | This field must be sent with a value of "true" if the card number to be sent in the next step of the flow uses SiTef encryption. The option to send the encrypted card will only be available through routing via SiTef and prior SiTef setup is required. Options: 1. "true" 2. "false" (default) | < 5 AN | No |
merchant_usn | Unique sequential id for each order created by the merchant. NSU will be used in all communication with the merchant to identify the order. As this is a merchant-side access key, although it is optional for Carat Portal, it is strongly recommended that the field be formatted and sent by the merchant application. | < 12 N | No |
order_id | Order code defined by the merchant. It's advised that it is different for each order so that it becomes easier to track it. For transactions routed through the acquirer Bin, there's a 20 characters limit. | < 40 AN | Yes |
authorizer_id | Carat Portal authorizers ID. Learn more. | < 3 N | YES |
customer_id | Buyers' ID. Only alphanumerics are allowed (no dots, dashes or other special characters). | < 20 AN | NO |
discount | Discount amount in cents. In case of pre-authorizations with promotional values when using Visa Checkout, VISA recommends that this field should be submitted additionally. | < 12 N | NO |
installments | Number of installments. Send 1 for spot sales. | < 2 N | YES |
installment_type | Installment financing type: Value 3 = installments with interest. Value 4 = installments without interest (use this value also on spot sales). Value 6 = installments with interest (IATA). Value 7 = installments without interest (IATA). The IATA financing types are only used by companies that work with air transportation. | < 2 N | YES |
mcc | Merchant Category Code - Indicates the merchant category's ID. | < 4 N | Required only when using sub-acquirer Stone WS and it It is optional to send it to acquirers with sub-merchant funding via SiTef. |
merchant_email | Merchant e-mail. When this parameter is sent, it overwrites the merchant registered e-mail. | < 40 AN | NO |
promo_code | Visa Checkout promotion code used in pre-authorization. In case of pre-authorizations with promotional values when using Visa Checkout, VISA recommends that this field should be submitted additionally. | AN | NO |
soft_descriptor | Additional text that will be presented alongside the name of the establishment in the credit card invoice. Learn more | < 22 AN | NO |
subtotal | Subtotal amount, in cents. In case of pre-authorizations with promotional amounts by using Visa Checkout, VISA recommends that this field be submitted additionally. | < 12 N | NO |
subacquirer_merchant_id | Merchant identification for the subacquirer. | < 22 N | NO |
card | Sending card data is mandatory. Only one of these fields must be used: number , token or wallet_transaction_id | ||
holder | Cardholder's name. Required only for e-Rede, GetNet WS e VR (SmartNet) routings. | < 30 AN | COND. |
number | Customer's card number (PAN). Brand generated token (DPAN) for network token payment. | < 19 N | |
cryptogram | Cryptogram generated by the card brand | = 28 AN | NO |
token | Used for recurring pre-authorizations, when the card is already stored at Carat Portal database. | = 88 AN | COND. |
wallet_transaction_id | Wallet Visa Checkout transaction ID. | < 25 AN | COND. |
initial_wallet_transaction_id | Informs if the Wallet ID (wallet_transaction_id ) is being used for the first time. If it's the first time, send true , otherwise, send false . Required only for Visa Checkout.Default value: true | < 5 AN | COND. |
expiry_date | Card expiry date in MMYY format. | = 4 N | COND. |
security_code | Card security code. | < 5 N | COND. |
wallet_type | Field that specifies whether the transaction is processed with PAN or DPAN. If “type” is empty, the default value is PAN (non-tokenized card number). If there is a tokenized transaction, you must send the value “network_token”. | AN | NO |
external_authentication | This element receives MPI authentication fields. | ||
version | 3DS version used in the authentication process (only version 2 is currently being accepted). | < 1 AN | NO |
eci | Eletronic Commerce Indicator – Card holder authentication security level indicator. | < 3 N | NO |
xid | External card holder authentication transaction id. | < 40 N | NO |
cavv | Cardholder Authentication Verification Value - Codes that refers to card holder authentication result data. | < 40 N | NO |
acquirer | Data required only to specific acquirers / routings. | ||
terminal | Sitef terminal code. In absence Carat Portal will generate a random terminal code. | = 14 N | NO |
mid | Sitef terminal code. In absence Carat Portal will generate a random terminal code. | < 15 AN | COND. |
company_code | Sitef company code. In absence Carat Portal will use company code from merchant configuration. | = 8 N | NO |
additional_data | Element for sending additional data. | ||
ecomm_pos_ref | This field will send and identification that will appear in the PDV field of the SiTef Web report for e-commerce transactions. | < 8 AF | NO |
iata | This element contains specific fields for IATA transactions. | ||
departure_tax | Departure tax in cents. | < 12 N | YES only for installment_type = 6 or 7 |
first_installment | Amount of the first installment on IATA transactions in cents. This functionality is available only for GetNet acquirer. | < 12 N | NO |
(*) Installments funding routed by GetNetLac via SiTef : In this case, the merchant will be responsible for the installment control, so the installment rules set up for the Carat Portal HTML payment interface won't take effect, only the authorizing installment rules will be verified and applied. For these mentioned networks, if pre-authorization is made at spot, the capture cannot be split. Also, pre-authorizations routed by GetNetLac via SiTef, when splitted, are only accepted without interest, that is, with the parameter installment_type
= 4
. Interest-free installments are not accepted on this routing.
Parameter | Description | Format | Mandatory |
---|---|---|---|
amount | Total purchase amount (in cents). Example: 1.00 = 100 or 1,100.00 = 110000 – send amount without dots or commas | < 12N | Yes |
encrypted_card | This field must be sent with a value of "true" if the card number to be sent in the next step of the flow uses SiTef encryption. The option to send the encrypted card will only be available through routing via SiTef and prior SiTef setup is required. Options: 1. "true" 2. "false" (default) | < 5 AN | No |
merchant_usn | Unique sequential id for each order created by the merchant. NSU will be used in all communication with the merchant to identify the order. As this is a merchant-side access key, although it is optional for Carat Portal, it is strongly recommended that the field be formatted and sent by the merchant application. | < 12 N | No |
order_id | Order code defined by the merchant. It's advised that it is different for each order so that it becomes easier to track it. For transactions routed through the acquirer Bin, there's a 20 characters limit. | < 40 AN | Yes |
authorizer_id | Carat Portal authorizers ID. Learn more. | < 3 N | YES |
customer_id | Buyers' ID. Only alphanumerics are allowed (no dots, dashes or other special characters). | < 20 AN | NO |
discount | Discount amount in cents. In case of pre-authorizations with promotional values when using Visa Checkout, VISA recommends that this field should be submitted additionally. | < 12 N | NO |
installments | Number of installments. Send 1 for spot sales. | < 2 N | YES |
installment_type | Installment financing type: Value 3 = installments with interest. Value 4 = installments without interest (use this value also on spot sales). Value 6 = installments with interest (IATA). Value 7 = installments without interest (IATA). The IATA financing types are only used by companies that work with air transportation. | < 2 N | YES |
mcc | Merchant Category Code - Indicates the merchant category's ID. | < 4 N | Required only when using sub-acquirer Stone WS and it It is optional to send it to acquirers with sub-merchant funding via SiTef. |
merchant_email | Merchant e-mail. When this parameter is sent, it overwrites the merchant registered e-mail. | < 40 AN | NO |
promo_code | Visa Checkout promotion code used in pre-authorization. In case of pre-authorizations with promotional values when using Visa Checkout, VISA recommends that this field should be submitted additionally. | AN | NO |
soft_descriptor | Additional text that will be presented alongside the name of the establishment in the credit card invoice. Learn more | < 22 AN | NO |
subtotal | Subtotal amount, in cents. In case of pre-authorizations with promotional amounts by using Visa Checkout, VISA recommends that this field be submitted additionally. | < 12 N | NO |
subacquirer_merchant_id | Merchant identification for the subacquirer. | < 22 N | NO |
card | Sending card data is mandatory. Only one of these fields must be used: number , token or wallet_transaction_id | ||
holder | Cardholder's name. Required only for e-Rede, GetNet WS e VR (SmartNet) routings. | < 30 AN | COND. |
number | Customer's card number (PAN). Brand generated token (DPAN) for network token payment. | < 19 N | |
cryptogram | Cryptogram generated by the card brand | = 28 AN | NO |
token | Used for recurring pre-authorizations, when the card is already stored at Carat Portal database. | = 88 AN | COND. |
wallet_transaction_id | Wallet Visa Checkout transaction ID. | < 25 AN | COND. |
initial_wallet_transaction_id | Informs if the Wallet ID (wallet_transaction_id ) is being used for the first time. If it's the first time, send true , otherwise, send false . Required only for Visa Checkout.Default value: true | < 5 AN | COND. |
expiry_date | Card expiry date in MMYY format. | = 4 N | COND. |
security_code | Card security code. | < 5 N | COND. |
wallet_type | Field that specifies whether the transaction is processed with PAN or DPAN. If “type” is empty, the default value is PAN (non-tokenized card number). If there is a tokenized transaction, you must send the value “network_token”. | AN | NO |
external_authentication | This element receives MPI authentication fields. | ||
version | 3DS version used in the authentication process (only version 2 is currently being accepted). | < 1 AN | NO |
eci | Eletronic Commerce Indicator – Card holder authentication security level indicator. | < 3 N | NO |
xid | External card holder authentication transaction id. | < 40 N | NO |
cavv | Cardholder Authentication Verification Value - Codes that refers to card holder authentication result data. | < 40 N | NO |
acquirer | Data required only to specific acquirers / routings. | ||
terminal | Sitef terminal code. In absence Carat Portal will generate a random terminal code. | = 14 N | NO |
mid | Sitef terminal code. In absence Carat Portal will generate a random terminal code. | < 15 AN | COND. |
company_code | Sitef company code. In absence Carat Portal will use company code from merchant configuration. | = 8 N | NO |
additional_data | Element for sending additional data. | ||
ecomm_pos_ref | This field will send and identification that will appear in the PDV field of the SiTef Web report for e-commerce transactions. | < 8 AF | NO |
iata | This element contains specific fields for IATA transactions. | ||
departure_tax | Departure tax in cents. | < 12 N | YES only for installment_type = 6 or 7 |
WARNING:
In addition to the return parameters of the services described in this specification, Carat may return other parameters without prior notice.
It is important that the application is prepared to receive unknown parameters in addition to the parameters already specified and simply ignore them.
The
terminal
ecompany_code
parameters must be used only for SiTef routings and must be sent simultaneously.
It is also necessary send a request to the Carat Portal Support Team for the permission Allows the sending of Company and SiTef Terminal through REST.
Response Parameters
The table below contains the response parameters of the pre-authorization effectuation service. The app should merchant the parameters that finds necessary. We suggest storing the parameters:order_id, authorization_number, merchant_usn, esitef_usn, sitef_usn, host_usn, status, code, amount, message
(the message
parameter can be displayed to the customer).
Parameter | Description | Format |
---|---|---|
code | Carat Portal response code. Anything besides 0 means failure. Learn more. | < 4 N |
message | Carat Portal response message. | < 500 AN |
pre_authorization | ||
acquirer_id | Acquirer/routing ID used in transaction. | < 4 N |
acquirer_name | Acquirer/routing name used in transaction. | < 100 AN |
amount | Purchase amount specified by merchant (in cents) on transaction creation. | < 12 AN |
authorization_number | Authorization number | < 6 AN |
authorizer_code | Authorizer responde code. | < 10 AN |
authorizer_date | Authorizer pre-auth effectuation date, returned by the authorizer on the format DD/MM/AAAA’T’HH:mm . Example: 13/07/2017T16:03 | = 16 AN |
authorizer_id | Authorizer ID use in transaction. | < 4 N |
authorizer_merchant_id | Merchant ID from authorizer. | < 100 AN |
authorizer_message | Reponse message from authorizer. | < 500 AN |
customer_receipt | Customer receipt. | < 4000 AN |
eci | Eletronic Commerce Indicator (pre-authorization security level indicator). | < 3 AN |
esitef_usn | Carat Portal pre-authorization's unique sequential number. | = 15 N |
host_usn | Authorizer NSU. | < 15 AN |
issuer | Issuer code returned by the authorizer. | < 5 AN |
merchant_receipt | Merchant receipt. | < 4000 AN |
merchant_usn | Unique sequential number sent by merchant at the transaction creation. | < 12 AN |
nit | Carat Portal pre-authorization transaction ID. | = 64 AN |
order_id | Order ID sent by the merchant at transaction creation. | < 4020 AN |
payment_type | Payment type from the selected authorizer: B = boleto, C = credit, D = debit, P = Private Label credit card, T = bank transfer, G = gift card, O = other payment methods, W = Boleto NR via Web Service | = 1 AN |
sitef_usn | SiTef pre-authorization's unique sequential number. | = 6 N |
status | Carat Portal pre-authorization transaction status. | = 3 AN |
tid | Acquirer/routing transaction ID. This field is only returned in transactions with external acquirer's. | < 40 AN |
xid | XID field returned on 3DS authentications or certain acquirers/routings. | < 40 AN |
retryable_code | Reversibility indicator of a transaction whose authorization was denied by the authorizer. This field will be returned in the response to the card payment request and must be taken into account in the online merchant's transaction retry mechanism. Valid codes:01 – Reversible Denied Transaction, Retain Later.02 – Irreversible Denied Transaction, Non-Retentive. | = 2 N |
Parameter | Description | Format |
---|---|---|
code | Carat Portal response code. Anything besides 0 means failure. Learn more. | < 4 N |
message | Carat Portal response message. | < 500 AN |
pre_authorization | ||
acquirer_id | Acquirer/routing ID used in transaction. | < 4 N |
acquirer_name | Acquirer/routing name used in transaction. | < 100 AN |
amount | Purchase amount specified by merchant (in cents) on transaction creation. | < 12 AN |
authorization_number | Authorization number | < 6 AN |
authorizer_code | Authorizer responde code. | < 10 AN |
authorizer_date | Authorizer pre-auth effectuation date, returned by the authorizer on the format DD/MM/AAAA’T’HH:mm . Example: 13/07/2017T16:03 | = 16 AN |
authorizer_id | Authorizer ID use in transaction. | < 4 N |
authorizer_merchant_id | Merchant ID from authorizer. | < 100 AN |
authorizer_message | Reponse message from authorizer. | < 500 AN |
customer_receipt | Customer receipt. | < 4000 AN |
esitef_usn | Carat Portal pre-authorization's unique sequential number. | = 15 N |
host_usn | Authorizer NSU. | < 15 AN |
issuer | Issuer code returned by the authorizer. | < 5 AN |
merchant_receipt | Merchant receipt. | < 4000 AN |
merchant_usn | Unique sequential number sent by merchant at the transaction creation. | < 12 AN |
nit | Carat Portal pre-authorization transaction ID. | = 64 AN |
order_id | Order ID sent by the merchant at transaction creation. | < 4020 AN |
payment_type | Payment type from the selected authorizer: B = boleto, C = credit, D = debit, P = Private Label credit card, T = bank transfer, G = gift card, O = other payment methods, W = Boleto NR via Web Service | = 1 AN |
sitef_usn | SiTef pre-authorization's unique sequential number. | = 6 N |
status | Carat Portal pre-authorization transaction status. | = 3 AN |
tid | Acquirer/routing transaction ID. This field is only returned in transactions with external acquirer's. | < 40 AN |
xid | XID field returned on 3DS authentications or certain acquirers/routings. | < 40 AN |
retryable_code | Reversibility indicator of a transaction whose authorization was denied by the authorizer. This field will be returned in the response to the card payment request and must be taken into account in the online merchant's transaction retry mechanism. Valid codes:01 – Reversible Denied Transaction, Retain Later.02 – Irreversible Denied Transaction, Non-Retentive. | = 2 N |
standin_details | This field provides additional information to identify whether a transaction was performed by the Stand-in on behalf of the issuer. Learn more. | < 6 AN |
cvv_result_code | CVV result code (present only in Mastercard and Visa transactions). Values: M = Valid (match) N = Invalid (not matching) P = Not processed (issuer temporarily unavailable) U = not verified S = CVV2 must be on card | = 1 N |
Updated about 2 months ago