Server-to-Server

Note: You should be fully PCI compliant if you want to use the Server-to-Server api (as it requires that you collect the card data). If you are not fully PCI compliant, you can use COPYandPAY to collect the payment data securely.

You can perform different types of initial payments using our server-to-server REST API.

Quick links

Card Payment (CC)

Preauthorization (PA) + Capture (CP)

A PA is created by sending a POST request over HTTPS to the /v1/payments resource. The request should include all required information such as your authentication credentials, the type of transaction, the amount and the payment information such as card details. A capture may be sent against a successful PA to request the funds being sent for clearing. See backoffice operations for more details.

Example Preauthorization (PA) Request
Response
Example Capture (CP) Request
Response
curl https://test.oppwa.com/v1/payments \
-d "authentication.entityId=8a8294174e918ca6014e9c6f5ae12a9c" \
-d "merchantTransactionId=Order Number 123" \
-d "amount=1.00" \
-d "currency=BRL" \
-d "paymentType=PA" \
-d "paymentBrand=VISA" \
-d "card.number=4111111111111111" \
-d "card.holder=Jose da Silva" \
-d "card.expiryMonth=05" \
-d "card.expiryYear=2025" \
-d "card.cvv=123" \
-d "customer.merchantCustomerId=12345678909" \
-d "customer.givenName=Jose" \
-d "customer.surname=da Silva" \
-d "customer.email= info@provider.com" \
-d "customer.ip=123.123.123.123" \
-d "descriptor=123 Usage" \
-d "billing.city=Sao Paulo" \
-d "billing.country=BR" \
-d "billing.state=SP" \
-d "billing.street1=Rua Itapeva 547" \
-d "billing.postcode=01332000" \
-d "customParameters[product]=1 month membership" \
-d "customParameters[merchant_website]=www.store.com" \
-d "recurringType=INITIAL" \
-d "testMode=EXTERNAL" \
-H "Authorization: Bearer OGE4Mjk0MTcyODFiOGVlMzAxMjgyOTkwNjZmNTBjZGJ8ZGVtbw=="
{
"id":"8ac7a4a06a00f56b016a03df1f6b5754",
"paymentType":"PA",
"paymentBrand":"VISA",
"amount":"1.00",
"currency":"BRL",
"descriptor":"123 Usage",
"merchantTransactionId":"Order Number 123",
"result":{
"code":"000.100.112",
"description":"Request successfully processed in 'Merchant in Connector Test Mode'"
},
"card":{
"bin":"411111",
"last4Digits":"1111",
"holder":"Jose da Silva",
"expiryMonth":"05",
"expiryYear":"2025"
},
"customer":{
"givenName":"Jose",
"surname":"da Silva",
"merchantCustomerId":"12345678909",
"email":" info@provider.com",
"ip":"123.123.123.123"
},
"billing":{
"street1":"Rua Itapeva 547",
"city":"Sao Paulo",
"state":"SP",
"postcode":"01332000",
"country":"BR"
},
"customParameters":{
"merchant_website":"www.store.com",
"product":"1 month membership"
},
"risk":{
"score":"0"
},
"buildNumber":"9530bc5348dcf347df44e234fa57653109617938@2019-04-09 04:42:22 +0000",
"timestamp":"2019-04-09 20:51:56+0000",
"ndc":"8a8294174e918ca6014e9c6f5ae12a9c_14eca79734c14f31b82f391b08e90b7b"
}
curl https://test.oppwa.com/v1/payments/8ac7a4a06a00f56b016a03df1f6b5754 \
-d "entityId=8a8294174e918ca6014e9c6f5ae12a9c" \
-d "amount=1.00" \
-d "currency=BRL" \
-d "paymentType=CP" \
-d "testMode=EXTERNAL" \
-H "Authorization: Bearer OGE4Mjk0MTcyODFiOGVlMzAxMjgyOTkwNjZmNTBjZGJ8ZGVtbw=="
{
"id": "8ac7a4a26a977d95016a99b9c15b00c8",
"referencedId": "8ac7a4a06a00f56b016a03df1f6b5754",
"paymentType": "CP",
"amount": "1.00",
"currency": "BRL",
"descriptor": "123 Usage",
"merchantTransactionId": "Order Number 123",
"result": {
"code": "000.100.112",
"description": "Request successfully processed in 'Merchant in Connector Test Mode'"
},
"customer": {
"merchantCustomerId": "12345678909"
},
"buildNumber": "e61441a649f53ee436210a78b3c5a713f3e54e8a@2019-05-08 08:36:44 +0000",
"timestamp": "2019-05-08 23:14:09+0000",
"ndc": "8a8294174e918ca6014e9c6f5ae12a9c_f9b9ee0131494621a93d186cbf8cca03"
}

Debit (DB)

A DB is created by sending a POST request over HTTPS to the /v1/payments resource. The request should include all required information such as your authentication credentials, the type of transaction, the amount and the payment information such as card details. A DB request effectively combines a PA and capture (CP) request, automatically requesting that the funds are cleared if the authorization was successful.

Example Debit (DB) Request
Response
curl https://test.oppwa.com/v1/payments \
-d "authentication.entityId=8a8294174e918ca6014e9c6f5ae12a9c" \
-d "amount=1.00" \
-d "currency=BRL" \
-d "paymentType=DB" \
-d "paymentBrand=VISA" \
-d "card.number=4111111111111111" \
-d "card.holder=Jose da Silva" \
-d "card.expiryMonth=05" \
-d "card.expiryYear=2025" \
-d "card.cvv=123" \
-d "merchantTransactionId=Order Number 123" \
-d "customer.merchantCustomerId=12345678909" \
-d "customer.givenName=Jose" \
-d "customer.surname=da Silva" \
-d "customer.email= info@provider.com" \
-d "customer.ip=123.123.123.123" \
-d "descriptor=123 Usage" \
-d "billing.city=Sao Paulo" \
-d "billing.country=BR" \
-d "billing.state=SP" \
-d "billing.street1=Rua Itapeva 547" \
-d "billing.postcode=01332000" \
-d "customParameters[product]=1 month membership" \
-d "customParameters[merchant_website]=www.store.com" \
-d "recurringType=INITIAL" \
-d "testMode=EXTERNAL" \
-H "Authorization: Bearer OGE4Mjk0MTcyODFiOGVlMzAxMjgyOTkwNjZmNTBjZGJ8ZGVtbw=="
{
"id":"8ac7a4a16a00e9b3016a03f1daf52030",
"paymentType":"DB",
"paymentBrand":"VISA",
"amount":"1.00",
"currency":"BRL",
"descriptor":"123 Usage",
"merchantTransactionId":"Order Number 123",
"result":{
"code":"000.100.112",
"description":"Request successfully processed in 'Merchant in Connector Test Mode'"
},
"card":{
"bin":"411111",
"last4Digits":"1111",
"holder":"Jose da Silva",
"expiryMonth":"05",
"expiryYear":"2025"
},
"customer":{
"givenName":"Jose",
"surname":"da Silva",
"merchantCustomerId":"12345678909",
"email":" info@provider.com",
"ip":"123.123.123.123"
},
"billing":{
"street1":"Rua Itapeva 547",
"city":"Sao Paulo",
"state":"SP",
"postcode":"01332000",
"country":"BR"
},
"customParameters":{
"merchant_website":"www.store.com",
"product":"1 month membership"
},
"risk":{
"score":"0"
},
"buildNumber":"9530bc5348dcf347df44e234fa57653109617938@2019-04-09 04:42:22 +0000",
"timestamp":"2019-04-09 21:12:24+0000",
"ndc":"8a8294174e918ca6014e9c6f5ae12a9c_442a40ed22984abdad86b19afa0e6bc8"
}

For a full list of Mandatory Parameters please, see the Mandatory parameters by country.

Please note that for a HTTP POST request all the parameters are expected to go into the message body and not into the URL.

For a full list of parameters that can be sent in the initial payment request, please see the API Reference.

Boleto (PP) - (Brazil only)

  • Boleto Bancário is a PrePayment (PP) method (invoice/slip/voucher), which is widely used in Brazil to pay offline and online. Boleto represents 20% of payments in e-Commerce.

  • Boletos are payment slips, issued by sending a PA to the allpago system. A Boleto is displayed at end customer’s browser where the Boleto can be printed out and paid in any bank in Brazil.

  • Clearing could take up to D+3.

  • allpago matches bank return and generates a payment confirmation transaction type (RC) in the system. The merchant receives a report including Receipts (RC) for paid Boletos through a pre-defined SFTP server or webhook.

  • Advantage: Boleto payments are not subject to chargebacks. Once the payment has been made it is final and may only be refunded via bank transfer.

  • Boletos have due dates, up to which a payment is possible. Please discuss the optimal due dates (expiry dates) with your Account Manager, as it depends on the industry. Reminder emails sent to the customer up to 3 days before due date improve conversion significantly.

Preauthorization (PA) - Issue the Boleto

1. Send an Initial Payment

The first step is to send a Server-to-Server initial payment request with the paymentBrand and shopperResultUrl. The shopperResultUrl must be url-encoded.

Example Boleto (PA) Request
Response
curl https://test.oppwa.com/v1/payments \
-d "authentication.entityId=8a8294174e918ca6014e9c6e44672a96" \
-d "paymentType=PA" \
-d "paymentBrand=BOLETO" \
-d "amount=1.00" \
-d "currency=BRL" \
-d "descriptor=yourstore.com - product description - order number 1234" \
-d "customer.givenName= Jose" \
-d "customer.surname=da Silva" \
-d "merchantTransactionId=Order-123" \
-d "customer.merchantCustomerId=12345678909" \
-d "billing.city=São Paulo" \
-d "billing.country=BR" \
-d "billing.state=SP" \
-d "billing.street1=Rua Itapeva, 574" \
-d "billing.postcode=01332000" \
-d "customer.email=email@email.com" \
-d "customer.ip=123.123.123.123" \
-d "customParameters[CUSTOM_CPF_number]=12345678909" \
-d "customParameters[CUSTOM_due_date]=31/12/2019" \
-d "customParameters[merchant_sitename]= www.yourstore.com" \
-d "customParameters[product]=product description" \
-d "testMode=EXTERNAL" \
-d "shopperResultUrl=https://allpago.docs.oppwa.com/tutorials/server-to-server" \
-H "Authorization: Bearer OGE4Mjk0MTcyODFiOGVlMzAxMjgyOTkwNjZmNTBjZGJ8ZGVtbw=="
{
"id":"8ac7a4a26a26c733016a2725a8260f0e",
"paymentType":"PA",
"paymentBrand":"BOLETO",
"amount":"1.00",
"currency":"BRL",
"descriptor":"Demo 4196.0450.7155 Order-123",
"merchantTransactionId":"Order-123",
"result":{
"code":"000.100.112",
"description":"Request successfully processed in 'Merchant in Connector Test Mode'"
},
"resultDetails":{
"ExtendedDescription":"User redirected to Itau",
"ConnectorTxID1":"8ac7a4a26a26c733016a2725a8260f0e",
"merchantAccount":"BR_Itau_ACON4_STAGING_AP",
"connectorInstanceId":"10.2.3.225",
"acquirerReturnCode":"0",
"connectorVersion":"1.0.25",
"AcquirerResponse":"000.000.000",
"EXTERNAL_SYSTEM_LINK":"https://shopline.itau.com.br/shopline/itaubloqueto.asp?DC=Y183Y175P209L12G238U104I153A172Q232U63P165W217G103N205O5O138Y92A103G208F14V7Q146V37P98V254R251U59Q108Q144J66S46M4I56H227Y195F163Z172D72Q162V223U164L99Y221S137M150M94Y217J195Q42R125Z61A101P114O253Y20D176C143P113U244L25M99H184P9C121C177D38W211B218N224V25I239X81J245H48T21R187H216O184W103D64J209O89J101K226R148Z16K193F215T219E32V150P143K185R224F226A219V219V85X172M62S247K129W20T172E47K117R97Q3D223N92T212M48X73X85Z249U20W11P2J176S216W90L120G117S236A60R76L213P186R150I193S67B164I44Y216I75U97M242Q70P148J12A117J151N187H5F3F255L220Z52C14T72B243Z254Z199O9F182D224G243J81U224Y214O39X141J6K9D136P112D91P54W62L171R217D128P28C128W201T47P198H163U76I244C215S206A130H0Y75Z255M236W180U11I89P63R31W27M131Q166E37L78P131W158Y152V27R13P17U19L128A65B253G184V71K165X143R73U239Z209Q130U195W207D109B6M194J159H117E230G104K165R176T45R157B228Y10J7J254N184B184C36Q128W184Y164R63Y2T254C208T192A201P168B81U44P46P46H79O112O188S46G244O222H115L185Y13L59Z126D50Z178C218Y193P146J48T33D107N0T131A92W156Y15Q2W173D164A43G87Z65G203E116L74N134X25E162P77C16K81F5Y122D194J110Q231X127V141G57L79I74X247I14Q21K58L163H76V207D16I142P206R74Z203L145G214R96Y104Z34V244M67P253U196X195H144D90H30S229Q84L92L18R240P104I226C105U53I95Z35Y231H190T87W150S177Y182N47B92R206X191G12S210N99P249P203E234E221G88U94R241E207Q19J128X111Z15U99M251Z222K31Y82F19A23D204M190T230S124N93G82Z128M90D53O61P120K186G41F205X48X91G107G149G132Q117Y65F195C140R12C67G6H139D129L131E198F9C71P70B221B67Z40T14Q211Y61G179K217V90H208G60K170O183Y255C111E55X82C163H137R11S7K145L141U84Q74H80Y144C198V82S42T82A117I18E6K114R120L61K130Q159E198K109T160M200U100L192U15N229F246G232J160U199V26V29V204I192X213W5B67R66B",
"connectorName":"acon4-itau",
"acquirerReturnMessage":"BOLETO LINK SUCCESSFULLY GENERATED",
"acquirerTxId1":"4196.0450.7155",
"acquirerTxId2":"41960450"
},
"customer":{
"givenName":" Jose",
"surname":"da Silva",
"merchantCustomerId":"12345678909",
"email":"email@email.com",
"ip":"123.123.123.123"
},
"billing":{
"street1":"Rua Itapeva, 574",
"city":"São Paulo",
"state":"SP",
"postcode":"01332000",
"country":"BR"
},
"customParameters":{
"CUSTOM_CPF_number":"12345678909",
"CUSTOM_due_date":"31/12/2019",
"merchant_sitename":" www.yourstore.com",
"product":"product description"
},
"buildNumber":"5722481a6ed3a5cfea3c8e48d1d62348dde956b8@2019-04-16 11:07:00 +0000",
"timestamp":"2019-04-16 17:15:40+0000",
"ndc":"8a8294174e918ca6014e9c6e44672a96_c1ed88adddbf464a9de1970d48e5d56e"
}

For a full list of Mandatory Parameters please, see the Mandatory parameters by country (Brazil - Boleto).

Note:

Brazilian banks do not support special characters for Boletos. i.e: !, @, #, $, %, ¨, &, , (, ), _ , +, = , ´ , “ , ‘ , ] ,[ , ^,? ,: , >, <, TM, ®, º, °, /, |, \, {, }, ª, ¢, ¬, £, etc, then you must ensure that the customer does not enter special character in these fields.

Expiry date. Payment of the Boleto is possible up to this date. At least 3 days from issuing date is recommended, so that the customer has enough time to conclude the payment.

2. Redirect the shopper

The boleto can be displayed both on desktop and mobile devices. Typically the user will expect to receive an email containing the order information and the link to display the boleto.

Redirect the shopper to the EXTERNAL_SYSTEM_LINK.

"EXTERNAL_SYSTEM_LINK":"https://shopline.itau.com.br/shopline/itaubloqueto.asp?DC=Y183Y175P209L12G238U104I153A172Q232U63P165W217G103N205O5O138Y92A103G208F14V7Q146V37P98V254R251U59Q108Q144J66S46M4I56H227Y195F163Z172D72Q162V223U164L99Y221S137M150M94Y217J195Q42R125Z61A101P114O253Y20D176C143P113U244L25M99H184P9C121C177D38W211B218N224V25I239X81J245H48T21R187H216O184W103D64J209O89J101K226R148Z16K193F215T219E32V150P143K185R224F226A219V219V85X172M62S247K129W20T172E47K117R97Q3D223N92T212M48X73X85Z249U20W11P2J176S216W90L120G117S236A60R76L213P186R150I193S67B164I44Y216I75U97M242Q70P148J12A117J151N187H5F3F255L220Z52C14T72B243Z254Z199O9F182D224G243J81U224Y214O39X141J6K9D136P112D91P54W62L171R217D128P28C128W201T47P198H163U76I244C215S206A130H0Y75Z255M236W180U11I89P63R31W27M131Q166E37L78P131W158Y152V27R13P17U19L128A65B253G184V71K165X143R73U239Z209Q130U195W207D109B6M194J159H117E230G104K165R176T45R157B228Y10J7J254N184B184C36Q128W184Y164R63Y2T254C208T192A201P168B81U44P46P46H79O112O188S46G244O222H115L185Y13L59Z126D50Z178C218Y193P146J48T33D107N0T131A92W156Y15Q2W173D164A43G87Z65G203E116L74N134X25E162P77C16K81F5Y122D194J110Q231X127V141G57L79I74X247I14Q21K58L163H76V207D16I142P206R74Z203L145G214R96Y104Z34V244M67P253U196X195H144D90H30S229Q84L92L18R240P104I226C105U53I95Z35Y231H190T87W150S177Y182N47B92R206X191G12S210N99P249P203E234E221G88U94R241E207Q19J128X111Z15U99M251Z222K31Y82F19A23D204M190T230S124N93G82Z128M90D53O61P120K186G41F205X48X91G107G149G132Q117Y65F195C140R12C67G6H139D129L131E198F9C71P70B221B67Z40T14Q211Y61G179K217V90H208G60K170O183Y255C111E55X82C163H137R11S7K145L141U84Q74H80Y144C198V82S42T82A117I18E6K114R120L61K130Q159E198K109T160M200U100L192U15N229F246G232J160U199V26V29V204I192X213W5B67R66B",

Sample of Boleto:

Receipt (RC) - Payment confirmation

Important: Not every boleto will in fact be paid by your customer. Depending on the industry, up to 50% of the issued boletos will not receive a payment. Note that these will remain on the platform, even if already overdue.

Payment confirmations can be received by:

  • Instant Payment Notification (IPN) / Webhooks, (push)

  • XML Query (pull)

  • Business Intelligence Platform (BIP), (search)

Boleto Refund (RF)

Most boletos are paid with cash at any of the acceptance places in Brazil (post offices, gas stations etc). Since the boleto does not have a native method to refund a transaction, allpago enables the merchant to refund these transactions via bank transfer. For that it is required for the merchant to collect and provide the customers bank account data, either: programmatically via API or manually via Business Intelligence Platform (BIP).

Boleto RF via API

A refund is performed against a previous payment (RC), referencing its payment.id by sending a POST request over HTTPS to the /v1/payments/{id} endpoint.

A refund is performed

Example Boleto RF Request
Response
curl https://test.oppwa.com/v1/payments/{id} \
-d "entityId=8a8294185b674555015b7ce34a9a17d3" \
-d "amount=1" \
-d "currency=BRL" \
-d "paymentType=RF" \
-d "merchantMemo=Name: João Comprador CPF:12345678909 Bank Name: Banco Santander Agency Number: 1234 Account Number: 123456789" \
-d "testMode=EXTERNAL" \
-H "Authorization: Bearer OGE4Mjk0MTg1YjY3NDU1NTAxNWI3Y2UzMGFjZTE3ZDF8d1N6NG1nNzZYUQ=="
{
"id":"8ac7a4a06cf2812c016cfda0c3a216ed",
"referencedId":"8ac7a4a16cf27265016cfd9d00e9293f",
"paymentType":"RF",
"amount":"1.00",
"currency":"BRL",
"descriptor":"3460.2304.5751 Produto 1",
"merchantInvoiceId":"ADB065957000B",
"result":{
"code":"000.100.112",
"description":"Request successfully processed in 'Merchant in Connector Test Mode'"
},
"customer":{
"merchantCustomerId":"56359439000160"
},
"buildNumber":"26c2d6b9c96c447b626bf1480d38a81508aefd69@2019-09-04 09:39:42 +0000",
"timestamp":"2019-09-04 18:54:27+0000",
"ndc":"8a8294185b674555015b7ce34a9a17d3_46f0168f2e80436997c285ca8acc8636"
}

Boleto RF via Business Intelligence Platform (BIP)

Required data from the customer:

Name
Brazilian CPF (see compliance (Customer ID number by country))
Bank name
Bank agency number
Bank account data

Oxxo (PP) - (Mexico only)

  • Oxxo is a PrePayment (PP) method (invoice/slip/voucher), which is widely used in Mexico to pay offline (Oxxo store).

  • Oxxo are payment slips, issued by sending a PA request to allpago’s system. The slip is displayed on the end customer’s browser where it can be either printed out or scanned off a mobile device.

  • The Oxxo slip has two important elements: barcode & reference number (numerical representation of the barcode). The customer is able to pay by either of them. It is a question of which design fits your checkout better. In addition, allpago provides a hosted page containing both elements.

  • Clearing usually happens the next day, but can be delayed (in case of weekends and public holidays in Mexico).

  • Oxxo due dates are configurable. Please discuss the optimal due dates (expiry dates) with your Account Manager. Reminder emails sent to the customer up to 3 days before due date improve conversion significantly.

Preauthorization (PA) - Issue the payment slip

1. Send an Initial Payment

The first step is to send a Server-to-Server initial payment request with the paymentBrand .

Example Oxxo (PA) Request
Response
curl https://test.oppwa.com/v1/payments \
-d "authentication.entityId=8a829417545c8cf1015476ec405c23b7" \
-d "paymentType=PA" \
-d "paymentBrand=OXXO" \
-d "amount=1.00" \
-d "currency=MXN" \
-d "descriptor=yourstore.com - product description - order number 1234" \
-d "merchantTransactionId=Order-123" \
-d "customer.givenName=Juan" \
-d "customer.surname=Uribe" \
-d "customer.email= info@provider.com" \
-d "customer.ip=123.123.123.123" \
-d "billing.city=Mexico City" \
-d "billing.country=MX" \
-d "billing.state=MX" \
-d "billing.street1=Calle 1, 232" \
-d "billing.postcode=01309" \
-d "customParameters[url_logo]=https://www.allpago.com/logos/demo-logo.jpg" \
-d "customParameters[due_date]=14/12/2020" \
-d "customParameters[merchant_sitename]= www.yourstore.com" \
-d "customParameters[product]=product description" \
-d "testMode=EXTERNAL" \
-H "Authorization: Bearer OGE4Mjk0MTcyODFiOGVlMzAxMjgyOTkwNjZmNTBjZGJ8ZGVtbw=="
{
"id":"8ac7a4a26a304583016a46f8fe2624ee",
"paymentType":"PA",
"paymentBrand":"OXXO",
"amount":"1.00",
"currency":"MXN",
"descriptor":"3503.1119.7264 MX_Oxxo yourstore.com - product description - order number 1234",
"merchantTransactionId":"Order-123",
"result":{
"code":"000.100.112",
"description":"Request successfully processed in 'Merchant in Connector Test Mode'"
},
"resultDetails":{
"ConnectorTxID1":"8ac7a4a26a304583016a46f8fe2624ee",
"connectorInstanceId":"10.2.4.221",
"acquirerReturnCode":"-",
"EXTERNAL_SYSTEM_BARCODE_IMAGE":"https://staging-oxxo-batch.allpago.com/rest/acon2/v1/barcode/image/8ac7a4a26a304583016a46f8fe2624ee",
"EXTERNAL_SYSTEM_LINK":"https://staging-oxxo-batch.allpago.com/rest/acon2/v1/barcode/8ac7a4a26a304583016a46f8fe2624ee",
"EXTERNAL_SYSTEM_BARCODE_NUMBER":"46350311197264520201214000010004",
"ExtendedDescription":"Transaction succeeded",
"merchantAccount":"Oxxo_Batch_ACON3_STAGING",
"connectorVersion":"1.0.15",
"AcquirerResponse":"000.000.000",
"connectorName":"Oxxo-Batch",
"acquirerInitialTxId":"3503.1119.7264",
"acquirerReturnMessage":"-",
"acquirerTxId1":"3503.1119.7264"
},
"customer":{
"givenName":"Juan",
"surname":"Uribe",
"email":" info@provider.com",
"ip":"123.123.123.123"
},
"billing":{
"street1":"Calle 1, 232",
"city":"Mexico City",
"state":"MX",
"postcode":"01309",
"country":"MX"
},
"customParameters":{
"due_date":"14/12/2020",
"merchant_sitename":" www.yourstore.com",
"product":"product description",
"url_logo":"https://www.allpago.com/logos/demo-logo.jpg"
},
"buildNumber":"08ae206a84afb5098e11e974146f478e5c8e307e@2019-04-18 07:26:11 +0000",
"timestamp":"2019-04-22 21:34:44+0000",
"ndc":"8a829417545c8cf1015476ec405c23b7_66c555e58d7a42249294bc382abac905"
}

For a full list of Mandatory Parameters please, see the Mandatory parameters by country (Mexico - Oxxo).

The PA’s response has 3 elements:

  • ConnectorDetails.EXTERNAL_SYSTEM_LINK: allpago hosted complete page containing all elements (barcode, reference number)

  • ConnectorDetails.EXTERNAL_SYSTEM_BARCODE_IMAGE: barcode url of allpago hosted png.

  • ConnectorDetails.EXTERNAL_SYSTEM_BARCODE_NUMBER: reference number (can be used equally for paying the oxxo slip). The first option is a complete solution, options 2&3 offer the merchant full flexibility to build his own oxxo page by using the elements to this end.

2. Redirect the shopper

The Oxxo slip can be displayed both on desktop and mobile devices. Typically the user will expect to receive an email containing the order information and the link to display the Oxxo slip.

Redirect the shopper to the EXTERNAL_SYSTEM_LINK.

EXTERNAL_SYSTEM_LINK:"https://staging-oxxo-batch.allpago.com/rest/acon2/v1/barcode/8ac7a49f6a8bd5d4016a8e0dd0bf2c6e"

Sample of Oxxo slip:

Oxxo sample

Receipt (RC) - Payment confirmation

Payment confirmations can be received by:

  • Instant Payment Notification (Webhooks), (push)

  • XML Query (pull)

  • Business Intelligence Platform (BIP), (search)

Oxxo Refund (RF)

Most slips are paid with cash at any of the acceptance places in Mexico (Oxxo stores). Since the slip does not have a native method to refund a transaction, allpago enables the merchant to refund these transactions via bank transfer. For that it is required for the merchant to collect and provide the customers bank account data, via Business Intelligence Platform (manual):

Oxxo RF via BIP

Select RC and then click on RF
Add the information required and then click on Submit.
Transaction processed successfully.
Confirm success on the flow.

PayPal (VA) - (Brazil and Mexico)

PayPal is one of the most popular alternative payment methods. In an asynchronous workflow a redirect takes place to allow the account holder to complete/verify the payment. After this the account holder is redirected back to the shopperResultUrl and the status of the payment can be queried.

Debit (DB)

In an asynchronous workflow a redirect takes place to allow the account holder to complete/verify the payment. After this the account holder is redirected back to the shopperResultUrl and the status of the payment can be queried.

1. Send an Initial Payment

The first step is to send a Server-to-Server initial payment request with the paymentBrand and shopperResultUrl. The shopperResultUrl must be url-encoded.

Example Debit (DB) Request
Response
curl https://test.oppwa.com/v1/payments \
-d "authentication.entityId=8a8294174e918ca6014e9c77fe772acb" \
-d "merchantTransactionId=100" \
-d "merchantInvoiceId=ORDERID 123" \
-d "paymentBrand=PAYPAL" \
-d "paymentType=DB" \
-d "amount=1.00" \
-d "currency=BRL" \
-d "customer.givenName=Paulo" \
-d "customer.surname=Souza" \
-d "billing.city=São Paulo" \
-d "billing.country=BR" \
-d "billing.state=SP" \
-d "billing.street1=Rua um, 123" \
-d "billing.postcode=01332000" \
-d "customer.email=buyer@yourstore.com" \
-d "customer.ip=127.0.0.1" \
-d "customer.merchantCustomerId=12345678909" \
-d "customParameters[merchant_sitename]=http://www.yourstore.com" \
-d "customParameters[product]=product description" \
-d "shopperResultUrl=https://allpago.docs.oppwa.com/tutorials/server-to-server" \
-d "testMode=EXTERNAL" \
-H "Authorization: Bearer OGE4Mjk0MTcyODFiOGVlMzAxMjgyOTkwNjZmNTBjZGJ8ZGVtbw=="
{
"id":"8ac7a49f6a303992016a3238975213be",
"paymentType":"DB",
"paymentBrand":"PAYPAL",
"amount":"1.00",
"currency":"BRL",
"descriptor":"8920.8131.8461 BR_Paypal ",
"merchantTransactionId":"100",
"merchantInvoiceId":"ORDERID 123",
"result":{
"code":"000.200.000",
"description":"transaction pending"
},
"resultDetails":{
"CORRELATIONID":"fdb9715a895be",
"AcquirerResponse":"Success"
},
"customer":{
"givenName":"Paulo",
"surname":"Souza",
"merchantCustomerId":"12345678909",
"email":"buyer@yourstore.com",
"ip":"127.0.0.1"
},
"billing":{
"street1":"Rua um, 123",
"city":"São Paulo",
"state":"SP",
"postcode":"01332000",
"country":"BR"
},
"customParameters":{
"merchant_sitename":"http://www.yourstore.com",
"product":"product description"
},
"redirect":{
"url":"https://www.sandbox.paypal.com/cgi-bin/webscr",
"parameters":[
{
"name":"cmd",
"value":"_express-checkout"
},
{
"name":"useraction",
"value":"commit"
},
{
"name":"token",
"value":"EC-0K812030W0710811W"
}
]
},
"buildNumber":"08ae206a84afb5098e11e974146f478e5c8e307e@2019-04-18 07:26:11 +0000",
"timestamp":"2019-04-18 20:52:12+0000",
"ndc":"8a8294174e918ca6014e9c77fe772acb_b765a224bdd64563b10b0a690e1609ba"
}

For a full list of Mandatory Parameters please, see the Mandatory parameters by country (Brazil - PayPal).

2. Redirect the shopper

The next step is to redirect the account holder. To do this you must parse the redirect.url from the Initial Payment response along with any parameters. If parameters are present they should be POST in the redirect, otherwise a straight forward redirect to the redirect.urlis sufficient.

<form action="{redirectUrl}" class="paymentWidgets">
<input type="text" name="{name-1}" value="{value-1}">
...
<input type="text" name="{name-2}" value="{value-2}">
</form>

Redirect the shopper to the redirect.url

https://www.sandbox.paypal.com/cgi-bin/webscr&cmd=_express-checkout&useraction=commit&token=EC-0K812030W0710811

Buyer test account:

e-mail: buyer@allpago.com

password: buyer123

3. Get Payment Status

Once the payment has been processed, the customer is redirected to your shopperResultUrl along with a GET parameter resourcePath.

Important: The baseUrl must end in a "/", e.g. "https://test.oppwa.com/".

Then, to get the status of the payment, you make a GET request to the baseUrl + resourcePath, including your authentication parameters. Example of a resourcePath:

resourcePath=/v1/ payments/{id}

endpoint: https://test.oppwa.com/v1/payments/8a8294495baf2abe015bb603a5036098

Get status request
Get status response
curl -G https://test.oppwa.com/v1/payments/8a8294495baf2abe015bb603a5036098 \
\
-d "authentication.entityId=8a8294174e918ca6014e9c77fe772acb" \
-H "Authorization: Bearer OGE4Mjk0MTcyODFiOGVlMzAxMjgyOTkwNjZmNTBjZGJ8ZGVtbw=="
Response:
{
"id":"8a8294495baf2abe015bb603a5036098",
"paymentType":"DB",
"paymentBrand":"PAYPAL",
"amount":"1.00",
"currency":"BRL",
"descriptor":"9226.4459.5362 BR_Paypal",
"merchantTransactionId":"100",
"merchantInvoiceId":"ORDERID 123",
"result":{
"code":"000.100.112",
"description":"Request successfully processed in 'Merchant in Connector Test Mode'"
},
"resultDetails":{
"PAYERID":"4UNBGJQE9AUX6",
"TAXIDTYPE":"BR_CPF",
"AcquirerResponse":"Success",
"ConnectorTxID1":"0GY99688DD5155316",
"SHIPTOSTATE":"SP",
"TAXID":"30949017787"
},
"customer":{
"givenName":"Paulo",
"surname":"Souza",
"merchantCustomerId":"12345678909",
"email":"buyer@allpago.com",
"ip":"127.0.0.1"
},
"billing":{
"street1":"Rua um, 123",
"city":"São Paulo",
"state":"SP",
"postcode":"01332000",
"country":"BR"
},
"customParameters":{
"product":"produc description",
"merchant_sitename":"http://www.yourstore.com"
},
"buildNumber":"660cde0fae70ab0b5deb72d13560b661be0706de@2017-04-27 08:46:08 +0000",
"timestamp":"2017-04-28 19:29:59+0000",
"ndc":"8a8294174e918ca6014e9c77fe772acb_c68f93a382da4bd6b45220b56ecbe4a2",
"virtualAccount":{
"accountId":"buyer@allpago.com",
"holder":"Paulo Souza"
}
}