Network Tokenization

This section explains what Network Tokenization is, all the benefits that it can bring to your commerce and an easy step by step to add it to your business.

What is PayU Network Token solution?

Network Tokenization processes card payments by replacing the card details with a network-issued token, this leads to higher approval rates and more secure sensitive customer card information. Tokenization provides an additional layer of security by replacing sensitive payment information with the unique token, thereby reducing the risk of data breaches, and enhancing customer experience.

We offer Network Tokenization using a pass-through model. This solution is available for Visa and Mastercard cards, specifically in Brazil, Argentina, and Colombia.

To use the Tokenization feature, it is necessary to enable it in your PayU account. To do so, contact your sales representative, or if you don’t have one, please send an email to:

comercios.ar@payu.com

comercios.br@payu.com

comercios.co@payu.com

How does this solution benefit your business?

  • Improve approval rates: The authorization process becomes more streamlined as the required token information is readily accessible to Mastercard and Visa franchises, resulting in improved conversion rates.
  • Enhanced security: Tokenization adds an additional layer of security by replacing sensitive payment information with a unique token, thus reducing the risk of data breaches.
  • Improved customer experience: By providing tokenized transactions, customers can enjoy a seamless and secure payment experience, thereby enhancing their trust and satisfaction.
  • Increased payment options: Tokenization facilitates the acceptance of multiple payment methods through the acquirer, thereby expanding the available options for customers.
  • Compliance with industry standards: Implementing tokenization aligns with the industry´s best practices and regulatory requirements, guaranteeing compliance with data security standards.
  • There are no additional fees.

How does Network Tokenization work?

What do you need to use Network Tokens?

PayU supports payments with your tokenized card to let you make payments on a regular basis with a card stored in a token. A credit card token substitutes the sensitive information of a credit card and allows you to safely store it following PCI DSS (Payment Card Industry Data Security Standard) security standards.

PayU can process payments with the following services:

  • MasterCard Digital Enablement Service - MDES.
    Tokenization service provided by Mastercard. This service lets you tokenize the Primary Account Number of the MasterCard credit cards to let you use them to make regular payments or build one-click payments features.
    For more information, refer to MasterCard Digital Enablement Service (MDES).

  • Visa Token Service - VTS.
    Tokenization service provided by Visa. This service lets you store the sensitive information of the Visa credit cards in a token to let you use them to make regular payments or build one-click payments features.
    For more information, refer to Visa Token Service (VTS).

Pay with MDES or VTS tokens

If you are tokenizing your customer’s credit cards using MDES or VTS, you can configure the information of the token in the parameter transaction.networkToken replacing the information of the credit card and send the parameter creditCard.processWithoutCvv2 as true.
By default, processing credit cards without security code is not enabled, contact your Sales representative to enable it.

The following example shows the body of the request in a high level for a one-step flow, the details of the request are not provided.


Request body:

{
   "language": "es",
   "command": "SUBMIT_TRANSACTION",
   "merchant": {
      "apiKey": "4Vj8eK4rloUd272L48hsrarnUA",
      "apiLogin": "pRRXKOl8ikMmt9u"
   },
   "transaction": {
      "order": {
         "Information of the order":""
      },
      "payer": {
         "Information of the payer":""
      },
      "networkToken": {
          "tokenPan": "4097440000000004",
          "cryptogram": "11223344556677889900112233445566778899",
          "expiry": "2028/01"
      },
      "extraParameters": {
         "Extra parameters of the request":""
      },
      "type": "AUTHORIZATION_AND_CAPTURE",
      "paymentMethod": "Card franchise", 
      "paymentCountry": "Processing country",
      "deviceSessionId": "vghs6tvkcle931686k1900o6e1",
      "ipAddress": "127.0.0.1",
      "cookie": "pt1t38347bs6jc9ruv2ecpv7o2",
      "userAgent": "Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0"
   },
   "test": true
}

Request body:

<request>
   <language>es</language>
   <command>SUBMIT_TRANSACTION</command>
   <merchant>
      <apiKey>4Vj8eK4rloUd272L48hsrarnUA</apiKey>
      <apiLogin>pRRXKOl8ikMmt9u</apiLogin>
   </merchant>
   <transaction>
      <order>
         <!-- Information of the order -->
      </order>
      <payer>
         <!-- Information of the payer -->
      </payer>
      <networkToken>
         <tokenPan>4097440000000004</tokenPan>
         <cryptogram>11223344556677889900112233445566778899</cryptogram>
         <expiry>2028/01</expiry>
      </networkToken>
      <extraParameters>
         <!-- Extra parameters of the request -->
      </extraParameters>
      <type>AUTHORIZATION_AND_CAPTURE</type>
      <paymentMethod>{Card franchise}</paymentMethod>
      <paymentCountry>{Processing country}</paymentCountry>
      <deviceSessionId>vghs6tvkcle931686k1900o6e1</deviceSessionId>
      <ipAddress>127.0.0.1</ipAddress>
      <cookie>pt1t38347bs6jc9ruv2ecpv7o2</cookie>
      <userAgent>Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0</userAgent>
   </transaction>
   <isTest>false</isTest>
</request>

Find the description of the object transaction.networkToken and its parameters in the Variables section.

Variables for request and response

Request
Field name Format Size Description Mandatory
language Alphanumeric 2 Language used in the request, this language is used to display the error messages generated. See supported languages. Yes
command Alphanumeric Max:32 Set SUBMIT_TRANSACTION. Yes
test (JSON)
isTest (XML)
Boolean Set true if the request is in test mode. Otherwise, set false. Yes
merchant This object has the authentication data. Yes
merchant > apiLogin Alphanumeric Min:12 Max:32 User or login provided by PayU. How do I get my API Login Yes
merchant > apiKey Alphanumeric Min:6 Max:32 Password provided by PayU. How do I get my API Key Yes
transaction This object has the transaction data. Yes
transaction > order This object has the order data. Yes
transaction > order > accountId Number Identifier of your account. Yes
transaction > order > referenceCode Alphanumeric Min:1 Max:255 Represents the identifier of the order in your system. Yes
transaction > order > description Alphanumeric Min:1 Max:255 Description of the order. Yes
transaction > order > language Alphanumeric 2 Language used in emails sent to the buyer and the seller. Yes
transaction > order > notifyUrl Alphanumeric Max:2048 Confirmation URL of the order. No
transaction > order > partnerId Alphanumeric Max:255 Partner ID in PayU. No
transaction > order > signature Alphanumeric Max:255 The signature associated to the form. For more information refer Authentication signature. Yes
transaction > order > shippingAddress Shipping address. No
transaction > order > shippingAddress > street1 Alphanumeric Max:100 Address Line 1. No
transaction > order > shippingAddress > street2 Alphanumeric Max:100 Address Line 2. No
transaction > order > shippingAddress > city Alphanumeric Max:50 Address city. No
transaction > order > shippingAddress > state Alphanumeric Max:40 Address State. For Brazil, only send two characters, For example, set SP for São Paulo. No
transaction > order > shippingAddress > country Alphanumeric 2 Address country. No
transaction > order > shippingAddress > postalCode Alphanumeric Max:8 Address Zip code. For Brazil, use the format XXXXX-XXX or XXXXXXXX. Example: 09210-710 or 09210710. No
transaction > order > shippingAddress > phone Alphanumeric Max:11 Phone number associated to the address. For Brazil, use the format ddd(2)+number(7-9). Example: (11)756312633. No
transaction > order > buyer Buyer information. Yes
transaction > order > buyer > merchantBuyerId Alphanumeric Max:100 Buyer ID in your system. No
transaction > order > buyer > fullName Alphanumeric Max:150 Full name of the buyer. Yes
transaction > order > buyer > emailAddress Alphanumeric Max:255 E-mail of the buyer. Yes
transaction > order > buyer > contactPhone Alphanumeric Max:20 Phone number of the buyer. Yes
transaction > order > buyer > dniNumber Alphanumeric Max:20 Identification number of the buyer. You must use an algorithm to validate the CPF and must be set using the format XXX.XXX.XXX-XX. Example: 811.807.405-64. Yes
transaction > order > buyer > cnpj Alphanumeric Max:14 Identification number of the buyer (For Legal person in Brazil). You must use an algorithm to validate the CNPJ and must be set using the format XXXXXXXXXXXXXX. Example: 32593371000110. Yes
transaction > order > buyer > shippingAddress Alphanumeric Shipping address of the buyer. Yes
transaction > order > buyer > shippingAddress > street1 Alphanumeric Max:150 Buyer’s shipping address Line 1. Yes
transaction > order > buyer > shippingAddress > city Alphanumeric Max:50 Buyer’s shipping address city. Yes
transaction > order > buyer > shippingAddress > state Alphanumeric Max:40 Buyer’s shipping address state. For Brazil, only send two characters, For example, set SP for São Paulo. Yes
transaction > order > buyer > shippingAddress > country Alphanumeric 2 Buyer’s shipping address country in format ISO 3166 alpha-2. Yes
transaction > order > buyer > shippingAddress > postalCode Number Max:20 Buyer’s shipping address zip code. For Brazil, use the format XXXXX-XXX or XXXXXXXX. Example: 09210-710 or 09210710. Yes
transaction > order > buyer > shippingAddress > phone Number Max:20 Buyer’s shipping address phone number. For Brazil, use the format ddd(2)+number(7-9). Example: (11)756312633. Yes
transaction > order > additionalValues > 64 Amount of the order or its associated values. Yes
transaction > order > additionalValues > TX_VALUE Alphanumeric 64 Amount of the transaction. Yes
transaction > order > additionalValues > TX_VALUE > value Number 12, 2 Specifies the amount of the transaction, this value may have two decimal digits (Ex. 10000.00 or 10000). Yes
transaction > order > additionalValues > TX_VALUE > currency Alphanumeric 3 ISO code of the currency. See accepted currencies. Yes
transaction > order > additionalValues > TX_TAX Alphanumeric 64 Amount of the Value Added Tax (VAT). Yes
transaction > order > additionalValues > TX_TAX > value Number 12, 2 Specifies the amount of the VAT. No
transaction > order > additionalValues > TX_TAX > currency Alphanumeric 3 ISO code of the currency. See accepted currencies. No
transaction > order > additionalValues > TX_TAX_RETURN_BASE Alphanumeric 64 Base value to calculate the VAT.
If the amount does not have IVA, send 0.
This value may have two decimal digits.
No
transaction > order > additionalValues > TX_TAX_RETURN_BASE > value Number 12, 2 Specifies the base amount of the transaction. No
transaction > order > additionalValues > TX_TAX_RETURN_BASE > currency Alphanumeric 3 ISO code of the currency. See accepted currencies. No
transaction > order > submerchant Information of the sub-merchant. If you don’t send this parameter, PayU configures your merchant as sub-merchant. No
transaction > order > submerchant > id Alphanumeric Max:15 Internal ID of the sub-merchant if you use one to identify it. No
transaction > order > submerchant > fullName Alphanumeric Max:150 Full name of the sub-merchant. No
transaction > order > submerchant > address Sub-merchant address. The fields state, country, and postalCodeare mandatory when sending this object. No
transaction > order > submerchant > address > street1 Alphanumeric Max:100 Address Line 1. No
transaction > order > submerchant > address > street2 Alphanumeric Max:100 Address Line 2. No
transaction > order > submerchant > address > street3 Alphanumeric Max:100 Address Line 3. No
transaction > order > submerchant > address > city Alphanumeric Max:50 Address city. No
transaction > order > submerchant > address > state Alphanumeric Max:40 Address State. For Brazil, only send two characters, For example, set SP for São Paulo. Yes
transaction > order > submerchant > address > country Alphanumeric 2 Address country. Yes
transaction > order > submerchant > address > postalCode Alphanumeric Max:8 Address Zip code. For Brazil, use the format XXXXX-XXX or XXXXXXXX. Example: 09210-710 or 09210710. Yes
transaction > order > submerchant > address > phone Alphanumeric Max:11 Phone number associated to the address. For Brazil, use the format ddd(2)+number(7-9). Example: (11)756312633. No
transaction > order > submerchant > identification Alphanumeric Max:14 Identification number of the buyer (For Legal person in Brazil). You must use an algorithm to validate the CNPJ and must be set using the format XXXXXXXXXXXXXX. Example: 32593371000110. No
transaction > order > submerchant > identificationType Alphanumeric Max:4 Identification type of the sub-merchant. The possible values are cnpj or cpf. No
transaction > creditCardTokenId Include this parameter when the transaction is done using a tokenized card using the PayU Tokenization; moreover, it is mandatory to also send the parameter transaction.creditCard.expirationDate.
For more information, refer to Tokenization API.
No
transaction > creditCard Credit card information. This object and its parameters are mandatory when the payment is performed using not tokenized credit card. No
transaction > creditCard > number Alphanumeric Min:13 Max:20 Credit card number. No
transaction > creditCard > securityCode Alphanumeric Min:1 Max:4 Credit card security code (CVC2, CVV2, CID). No
transaction > creditCard > expirationDate Alphanumeric 7 Credit card expiration date. Format YYYY/MM. This parameter is mandatory when the payment is performed using a tokenized credit card. No
transaction > creditCard > name Alphanumeric Min:1 Max:255 Holder’s name displayed in the credit card. *Mandatory just for Google Pay transactions. No*
transaction > creditCard > processWithoutCvv2 Boolean Max:255 Allows you to process transactions without including the credit card security code. Your commerce requires PayU’s authorization before using this feature. No
transaction > payer Payer information. No
transaction > payer > emailAddress Alphanumeric Max:255 Payer e-mail address. No
transaction > payer > merchantPayerId Alphanumeric Max:100 Identifier of the payer in your system. No
transaction > payer > fullName Alphanumeric Max:150 Name of the payer which must meet the name sent in the parameter transaction.creditCard.name for credit card payments. No
transaction > payer > billingAddress Billing address. No
transaction > payer > billingAddress > street1 Alphanumeric Max:100 Billing Address Line 1. No
transaction > payer > billingAddress > street2 Alphanumeric Max:100 Billing Address Line 2. No
transaction > payer > billingAddress > city Alphanumeric Max:50 Billing address city. No
transaction > payer > billingAddress > state Alphanumeric Max:40 Billing address state. For Brazil, only send two characters, For example, set SP for São Paulo. No
transaction > payer > billingAddress > country Alphanumeric 2 Billing address country in format ISO 3166 Alpha-2. No
transaction > payer > billingAddress > postalCode Alphanumeric Max:20 Billing address zip code. For Brazil, use the format XXXXX-XXX or ´. Example: 09210-710 or 09210710. No
transaction > payer > billingAddress > phone Alphanumeric Max:20 Billing address phone number. For Brazil, use the format ddd(2)+number(7-9). Example: (11)756312633. No
transaction > payer > birthdate Alphanumeric Max:10 Payer’s date of birth. No
transaction > payer > contactPhone Alphanumeric Max:20 Payer’s phone number. For Brazil, use the format ddd(2)+number(7-9). Example: (11)756312633. No
transaction > payer > dniNumber Alphanumeric Max:20 Identification number of the buyer. You must use an algorithm to validate the CPF and must be set using the format XXX.XXX.XXX-XX. Example: 811.807.405-64. No
transaction > payer > cnpj Alphanumeric Max:14 Identification number of the buyer (For Legal person in Brazil). You must use an algorithm to validate the CNPJ and must be set using the format XXXXXXXXXXXXXX. Example: 32593371000110. No
transaction > payer > dniType Alphanumeric 2 Identification type of the buyer. See Document types. No
transaction > networkToken Information of the token. Include this parameter when the transaction is done using a tokenized card using the VTS or MDES Tokenization. For more information, refer to Pay with MDES or VTS tokens.
*When sending this object, all its parameters are mandatory.
No
transaction > networkToken > tokenPan Alphanumeric Max:32 Token number generated either by MDES or VTS. Yes*
transaction > networkToken > cryptogram Alphanumeric Max:28 Unique key generated by MDES or VTS to decrypt the information of the credit card. Yes*
transaction > networkToken > expiry Alphanumeric 7 Expiration date of the token. Format YYYY/MM. Yes*
transaction > digitalWallet Include this parameter when the transaction is done using a Digital Wallet. *When sending this object, all its parameters are mandatory. No
transaction > digitalWallet > type Alphanumeric —- Set this value according to the digital wallet that you are processing: GOOGLE_PAY Yes*
transaction > digitalWallet > message Alphanumeric —- Include the information of the Google Pay Token that Google will return to you for each transaction. For more information consult here. Yes*
transaction > type Alphanumeric 32 Set this value according to the transaction you want:
  • AUTHORIZATION
  • CAPTURE
  • AUTHORIZATION_AND_CAPTURE for one-step flows.
Yes
transaction > paymentMethod Alphanumeric 32 Select a valid Credit card Payment Method. See the available Payment Methods for Brazil. Yes
transaction > paymentCountry Alphanumeric 2 Set BR for Brazil. Yes
transaction > deviceSessionId Alphanumeric Max:255 Session identifier of the device where the customer performs the transaction. For more information, refer to this topic. Yes
transaction > ipAddress Alphanumeric Max:39 IP address of the device where the customer performs the transaction. Yes
transaction > cookie Alphanumeric Max:255 Cookie stored by the device where the customer performs the transaction. Yes
transaction > userAgent Alphanumeric Max:1024 The User agent of the browser where the customer performs the transaction. Yes
transaction > extraParameters Additional parameters or data associated with the request. The maximum size of each extraParameters name is 64 characters.
In JSON, the extraParameters parameter follows this structure:
"extraParameters": {
"INSTALLMENTS_NUMBER": 1
}

In XML, the extraParameters parameter follows this structure:
<extraParameters>
<entry>
  <string>INSTALLMENTS_NUMBER</string>
  <string>1</string>
</entry>
</extraParameters>
No
transaction > termsAndConditionsAcepted Boolean PayU terms and conditions that the payers must accept. *This parameter is only mandatory if your Brazilian PayU account is associated to a foreign bank account. No*
transaction > threeDomainSecure This object contains the information of 3DS 2.0. No
transaction > threeDomainSecure > embedded Boolean Set true if you want to use and embedded MPI for the Authorization process. By default, this value is set as false. No
transaction > threeDomainSecure > eci Number Max:2 Electronic Commerce Indicator.
Value returned by the directory servers showing the authentication attempt.
This parameter is mandatory when transaction.threeDomainSecure.embedded is false and transaction.threeDomainSecure.xid has been set.
No
transaction > threeDomainSecure > cavv Alphanumeric Max:28 Cardholder Authentication Verification Value.
Code of the cryptogram used in the transaction authentication in Base64.
Depending on the specific ECI codes established by the process network, this value may be optional.
No
transaction > threeDomainSecure > xid Alphanumeric Max:28 Transaction ID sent by the MPI in Base64.
This parameter is mandatory when transaction.threeDomainSecure.embedded is false and transaction.threeDomainSecure.eci has been set.
No
transaction > threeDomainSecure > directoryServerTransactionId Alphanumeric Max:36 Transaction ID generated by the Directory Server during the Authentication. No
Response
Field name Format Size Description
code Alphanumeric The response code of the transaction. Possible values are ERROR and SUCCESS.
error Alphanumeric Max:2048 The error message associated when the response code is ERROR.
transactionResponse The response data.
transactionResponse > orderId Number The generated or existing order Id in PayU.
transactionResponse > transactionId Alphanumeric 36 The identifier of the transaction in PayU.
transactionResponse > state Alphanumeric Max:32 The status of the transaction.
transactionResponse > responseCode Alphanumeric Max:64 The response code associated with the status.
transactionResponse > paymentNetworkResponseCode Alphanumeric Max:255 The response code returned by the financial network.
transactionResponse > paymentNetworkResponseErrorMessage Alphanumeric Max:255 The error message returned by the financial network.
transactionResponse > trazabilityCode Alphanumeric Max:32 The traceability code returned by the financial network.
transactionResponse > authorizationCode Alphanumeric Max:12 The authorization code returned by the financial network.
transactionResponse > responseMessage Alphanumeric Max:2048 Message associated with the response code.
transactionResponse > operationDate Date Creation date of the response in the PayU´s system.
transactionResponse > extraParameters Additional parameters or data associated with the response.
In JSON, the extraParameters parameter follows this structure:
"extraParameters": {
"BANK_REFERENCED_CODE": "CREDIT"
}

In XML, the extraParameters parameter follows this structure:
<extraParameters>
<entry>
  <string>BANK_REFERENCED_CODE</string>
  <string>CREDIT</string>
</entry>
</extraParameters>

Considerations

  • If your commerce does not have a local entity, it is mandatory to send either the CPF (parameter transaction.[payer|buyer].dniNumber) or the CNPJ (parameter transaction.[payer|buyer].cnpj) when using Authorization or Charge.
  • If you don’t send any information for the sub-merchants, PayU configures your merchant as sub-merchant.
  • For payments with credit card tokens generated by PayU, include the parameters transaction.creditCardTokenId and transaction.creditCard.securityCode (if you process with security code) replacing the information of the credit card. For more information, refer to Tokenization API.
  • For payments with credit card tokens generated using MDES or VTS, include the object transaction.networkToken and its parameters.
  • By default, processing credit cards without security code is not enabled. If you want to enable this feature, contact your Sales representative. After this feature is enabled for you, send in the request the variable creditCard.processWithoutCvv2 as true and remove the variable creditCard.securityCode.
    Having this feature enable is mandatory when using credit card tokens generated using MDES or VTS.
  • The extra parameter CIELO_TID identifies the transaction, this parameter is needed when you want to process voids.
  • The variable transaction.threeDomainSecure does not replace the card information nor any of the mandatory fields of the transaction. This object is additional and not mandatory.
  • The variable transaction.threeDomainSecure corresponds to a Pass Through scenario where the commerce performs the authentication by their own.

Authorization

Use this method to perform the Authorization step of a two-step flow. In this step, you authorize the payment but the amount is not debited until you capture the funds.
The following are the request and response bodies for this transaction type.


Request body:

{
   "language": "es",
   "command": "SUBMIT_TRANSACTION",
   "merchant": {
      "apiKey": "4Vj8eK4rloUd272L48hsrarnUA",
      "apiLogin": "pRRXKOl8ikMmt9u"
   },
   "transaction": {
      "order": {
         "accountId": "512327",
         "referenceCode": "PRODUCT_TEST_2021-06-17T19:11:57.179Z",
         "description": "Payment test description",
         "language": "es",
         "signature": "fbc089272288edc52c332395d9566f4c",
         "notifyUrl": "http://www.payu.com/notify",
         "additionalValues": {
            "TX_VALUE": {
               "value": 1000,
               "currency": "BRL"
            }
         },
         "submerchant": {
            "fullName": "ROBSON BATISTA DE OLIVEIRA",
            "address": {
               "street1": "Rua Alsácia",
               "street2": null,
               "street3": null,
               "city": "São Paulo",
               "state": "SP",
               "country": "BR",
               "postalCode": "04630010",
               "phone": null
            },
            "identification": "17126661851",
            "identificationType": "CNPJ"
        },
         "buyer": {
            "merchantBuyerId": "1",
            "fullName": "First name and second buyer name",
            "emailAddress": "buyer_test@test.com",
            "contactPhone": "7563126",
            "dniNumber": "811.807.405-64",
            "cnpj": "32593371000110",
            "shippingAddress": {
               "street1": "Quadra QNP 34 Conjunto G 780",
               "street2": "5555487",
               "city": "Manaos",
               "state": "SP",
               "country": "BR",
               "postalCode": "10012545",
               "phone": "(11)756312633"
            }
         },
         "shippingAddress": {
            "street1": "Quadra QNP 34 Conjunto G 780",
            "street2": "5555487",
            "city": "Manaos",
            "state": "SP",
            "country": "BR",
            "postalCode": "10012545",
            "phone": "(11)756312633"
         }
      },
      "creditCard": {
         "number": "5253203387684619",
         "securityCode": "777",
         "expirationDate": "2022/12",
         "name": "APPROVED"
      },
      "extraParameters": {
         "INSTALLMENTS_NUMBER": 1
      },
      "type": "AUTHORIZATION",
      "paymentMethod": "MASTERCARD",
      "paymentCountry": "BR",
      "deviceSessionId": "vghs6tvkcle931686k1900o6e1",
      "ipAddress": "127.0.0.1",
      "cookie": "pt1t38347bs6jc9ruv2ecpv7o2",
      "userAgent": "Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0",
      "threeDomainSecure": {
         "embedded": false,
         "eci": "01",
         "cavv": "AOvG5rV058/iAAWhssPUAAADFA==",
         "xid": "Nmp3VFdWMlEwZ05pWGN3SGo4TDA=",
         "directoryServerTransactionId": "00000-70000b-5cc9-0000-000000000cb"
      }
   },
   "test": false
}

Response body:

{
    "code": "SUCCESS",
    "error": null,
    "transactionResponse": {
        "orderId": 1400434770,
        "transactionId": "79de715b-fe77-401e-8b18-241820afb375",
        "state": "APPROVED",
        "paymentNetworkResponseCode": "00",
        "paymentNetworkResponseErrorMessage": null,
        "trazabilityCode": "282856",
        "authorizationCode": "MOCK-CIELO-1623957118463",
        "pendingReason": null,
        "responseCode": "APPROVED",
        "errorCode": null,
        "responseMessage": null,
        "transactionDate": null,
        "transactionTime": null,
        "operationDate": 1623939118784,
        "referenceQuestionnaire": null,
        "extraParameters": {
            "BANK_REFERENCED_CODE": "CREDIT",
            "CIELO_TID": "1006993069000509C28A"
        },
        "additionalInfo": null
    }
}

Request body:

<request>
   <language>es</language>
   <command>SUBMIT_TRANSACTION</command>
   <merchant>
      <apiKey>4Vj8eK4rloUd272L48hsrarnUA</apiKey>
      <apiLogin>pRRXKOl8ikMmt9u</apiLogin>
   </merchant>
   <transaction>
      <order>
         <accountId>512327</accountId>
         <referenceCode>PRODUCT_TEST_2021-06-17T19:11:57.179Z</referenceCode>
         <description>Payment test description</description>
         <language>es</language>
         <signature>fbc089272288edc52c332395d9566f4c</signature>
         <notifyUrl>http://www.payu.com/notify</notifyUrl>
         <additionalValues>
            <entry>
               <string>TX_VALUE</string>
               <additionalValue>
                  <value>1000</value>
                  <currency>BRL</currency>
               </additionalValue>
            </entry>
         </additionalValues>
         <submerchant>
            <address>
               <city>São Paulo</city>
               <country>BR</country>
               <postalCode>04630010</postalCode>
               <state>SP</state>
               <street1>Rua Alsácia</street1>
            </address>
            <fullName>ROBSON BATISTA DE OLIVEIRA</fullName>
            <identification>17126661851</identification>
            <identificationType>cnpj</identificationType>
         </submerchant>
         <buyer>
            <merchantBuyerId>1</merchantBuyerId>
            <fullName>First name and second buyer name</fullName>
            <emailAddress>buyer_test@test.com</emailAddress>
            <contactPhone>7563126</contactPhone>
            <dniNumber>811.807.405-64</dniNumber>
            <cnpj>32593371000110</cnpj>
            <shippingAddress>
               <street1>Quadra QNP 34 Conjunto G 780</street1>
               <street2>5555487</street2>
               <city>Manaos</city>
               <state>SP</state>
               <country>BR</country>
               <postalCode>10012545</postalCode>
               <phone>(11)756312633</phone>
            </shippingAddress>
         </buyer>
         <shippingAddress>
            <street1>Quadra QNP 34 Conjunto G 780</street1>
            <street2>5555487</street2>
            <city>Manaos</city>
            <state>SP</state>
            <country>BR</country>
            <postalCode>0000000</postalCode>
            <phone>(11)756312633</phone>
         </shippingAddress>
      </order>
      <creditCard>
         <number>5253203387684619</number>
         <securityCode>777</securityCode>
         <expirationDate>2022/12</expirationDate>
         <name>APPROVED</name>
      </creditCard>
      <extraParameters>
         <entry>
            <string>INSTALLMENTS_NUMBER</string>
            <string>1</string>
         </entry>
      </extraParameters>
      <type>AUTHORIZATION</type>
      <paymentMethod>MASTERCARD</paymentMethod>
      <paymentCountry>BR</paymentCountry>
      <deviceSessionId>vghs6tvkcle931686k1900o6e1</deviceSessionId>
      <ipAddress>127.0.0.1</ipAddress>
      <cookie>pt1t38347bs6jc9ruv2ecpv7o2</cookie>
      <userAgent>Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0</userAgent>
      <threeDomainSecure>
         <embedded>false</embedded>
         <eci>01</eci>
         <cavv>AOvG5rV058/iAAWhssPUAAADFA==</cavv>
         <xid>Nmp3VFdWMlEwZ05pWGN3SGo4TDA=</xid>
         <directoryServerTransactionId>00000-70000b-5cc9-0000-000000000cb</directoryServerTransactionId>
      </threeDomainSecure>
   </transaction>
   <isTest>false</isTest>
</request>

Response body:

<paymentResponse>
    <code>SUCCESS</code>
    <transactionResponse>
        <orderId>1400434942</orderId>
        <transactionId>1af49d5d-464a-4efb-98db-f7875e3c580b</transactionId>
        <state>APPROVED</state>
        <paymentNetworkResponseCode>00</paymentNetworkResponseCode>
        <trazabilityCode>282856</trazabilityCode>
        <authorizationCode>MOCK-CIELO-1623962788239</authorizationCode>
        <responseCode>APPROVED</responseCode>
        <operationDate>2021-06-17T10:46:28</operationDate>
        <extraParameters>
            <entry>
                <string>BANK_REFERENCED_CODE</string>
                <string>CREDIT</string>
            </entry>
            <entry>
                <string>CIELO_TID</string>
                <string>1006993069000509C28A</string>
            </entry>
        </extraParameters>
    </transactionResponse>
</paymentResponse>

Capture

Use this method to perform the Capture step of a two-step flow. In this step, you capture the funds previously Authorized to transfer them to your PayU account.

Considerations

Take into account the following considerations for capture.

  • The maximum time to capture an approved transaction is seven (7) days. After this time, the transaction is cancelled.
  • Only the parameters displayed in the request body are mandatory to invoke a Capture transaction. Recall that the order and transaction ids must meet with a currently authorized transaction.

The following are the request and response bodies for this transaction type.


Request body:

{
   "language": "es",
   "command": "SUBMIT_TRANSACTION",
   "merchant": {
      "apiLogin": "pRRXKOl8ikMmt9u",
      "apiKey": "4Vj8eK4rloUd272L48hsrarnUA"
   },
   "transaction": {
      "order": {
         "id": "1400434770"
      },
      "type": "CAPTURE",
      "parentTransactionId": "79de715b-fe77-401e-8b18-241820afb375"
   },
   "test": false
}

Response body:

{
    "code": "SUCCESS",
    "error": null,
    "transactionResponse": {
        "orderId": 1400434770,
        "transactionId": "2e753a5e-0eba-4a4c-9778-6880b5f16605",
        "state": "APPROVED",
        "paymentNetworkResponseCode": "6",
        "paymentNetworkResponseErrorMessage": null,
        "trazabilityCode": "282856",
        "authorizationCode": "BR-456",
        "pendingReason": null,
        "responseCode": "APPROVED",
        "errorCode": null,
        "responseMessage": null,
        "transactionDate": null,
        "transactionTime": null,
        "operationDate": 1624029247864,
        "referenceQuestionnaire": null,
        "extraParameters": {
            "CIELO_TID": "1006993069000509C28A"
        },
        "additionalInfo": null
    }
}

Request body:

<request>
   <language>es</language>
   <command>SUBMIT_TRANSACTION</command>
   <merchant>
      <apiKey>4Vj8eK4rloUd272L48hsrarnUA</apiKey>
      <apiLogin>pRRXKOl8ikMmt9u</apiLogin>
   </merchant>
   <transaction>
      <order>
         <id>1400436982</id>
      </order>
      <type>CAPTURE</type>
      <parentTransactionId>2cb57976-31d1-4563-b014-8047bd1b2b2a</parentTransactionId>
   </transaction>
   <isTest>false</isTest>
</request>

Response body:

<paymentResponse>
    <code>SUCCESS</code>
    <transactionResponse>
        <orderId>1400436982</orderId>
        <transactionId>78d4c328-7157-4b50-9fa9-12e019e7df58</transactionId>
        <state>APPROVED</state>
        <paymentNetworkResponseCode>6</paymentNetworkResponseCode>
        <trazabilityCode>282856</trazabilityCode>
        <authorizationCode>BR-456</authorizationCode>
        <responseCode>APPROVED</responseCode>
        <operationDate>2021-06-18T10:19:01</operationDate>
        <extraParameters>
            <entry>
                <string>BANK_REFERENCED_CODE</string>
                <string>CREDIT</string>
            </entry>
            <entry>
                <string>CIELO_TID</string>
                <string>1006993069000509C28A</string>
            </entry>
        </extraParameters>
    </transactionResponse>
</paymentResponse>

Charge

Use this method to perform a one-step flow, namely a charge. In this step, both steps of the two-step flow are combined in a single transaction and the funds are transferred from the customers account to your PayU account once they have been approved:

The following are the request and response bodies for this transaction type.


Request body:

{
   "language": "es",
   "command": "SUBMIT_TRANSACTION",
   "merchant": {
      "apiKey": "4Vj8eK4rloUd272L48hsrarnUA",
      "apiLogin": "pRRXKOl8ikMmt9u"
   },
   "transaction": {
      "order": {
         "accountId": "512327",
         "referenceCode": "PRODUCT_TEST_2021-06-17T19:11:57.179Z",
         "description": "Payment test description",
         "language": "es",
         "signature": "fbc089272288edc52c332395d9566f4c",
         "notifyUrl": "http://www.payu.com/notify",
         "additionalValues": {
            "TX_VALUE": {
               "value": 1000,
               "currency": "BRL"
            }
         },
         "submerchant": {
            "fullName": "ROBSON BATISTA DE OLIVEIRA",
            "address": {
               "street1": "Rua Alsácia",
               "street2": null,
               "street3": null,
               "city": "São Paulo",
               "state": "SP",
               "country": "BR",
               "postalCode": "04630010",
               "phone": null
            },
            "identification": "17126661851",
            "identificationType": "CNPJ"
        },
         "buyer": {
            "merchantBuyerId": "1",
            "fullName": "First name and second buyer name",
            "emailAddress": "buyer_test@test.com",
            "contactPhone": "7563126",
            "dniNumber": "811.807.405-64",
            "cnpj": "32593371000110",
            "shippingAddress": {
               "street1": "Quadra QNP 34 Conjunto G 780",
               "street2": "5555487",
               "city": "Manaos",
               "state": "SP",
               "country": "BR",
               "postalCode": "10012545",
               "phone": "(11)756312633"
            }
         },
         "shippingAddress": {
            "street1": "Quadra QNP 34 Conjunto G 780",
            "street2": "5555487",
            "city": "Manaos",
            "state": "SP",
            "country": "BR",
            "postalCode": "10012545",
            "phone": "(11)756312633"
         }
      },
      "creditCard": {
         "number": "5178151142107990",
         "securityCode": "777",
         "expirationDate": "2022/12",
         "name": "APPROVED"
      },
      "extraParameters": {
         "INSTALLMENTS_NUMBER": 1
      },
      "type": "AUTHORIZATION_AND_CAPTURE",
      "paymentMethod": "MASTERCARD",
      "paymentCountry": "BR",
      "deviceSessionId": "vghs6tvkcle931686k1900o6e1",
      "ipAddress": "127.0.0.1",
      "cookie": "pt1t38347bs6jc9ruv2ecpv7o2",
      "userAgent": "Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0",
      "threeDomainSecure": {
         "embedded": false,
         "eci": "01",
         "cavv": "AOvG5rV058/iAAWhssPUAAADFA==",
         "xid": "Nmp3VFdWMlEwZ05pWGN3SGo4TDA=",
         "directoryServerTransactionId": "00000-70000b-5cc9-0000-000000000cb"
      }
   },
   "test": false
}

Response body:

{
    "code": "SUCCESS",
    "error": null,
    "transactionResponse": {
        "orderId": 1400437001,
        "transactionId": "f0f8c441-43e8-490a-b4f2-c14d2c403175",
        "state": "APPROVED",
        "paymentNetworkResponseCode": "6",
        "paymentNetworkResponseErrorMessage": null,
        "trazabilityCode": "282856",
        "authorizationCode": "MOCK-CIELO-1624047897817",
        "pendingReason": null,
        "responseCode": "APPROVED",
        "errorCode": null,
        "responseMessage": null,
        "transactionDate": null,
        "transactionTime": null,
        "operationDate": 1624029898077,
        "referenceQuestionnaire": null,
        "extraParameters": {
            "BANK_REFERENCED_CODE": "CREDIT",
            "CIELO_TID": "1006993069000509C28A"
        },
        "additionalInfo": null
    }
}

Request body:

<request>
   <language>es</language>
   <command>SUBMIT_TRANSACTION</command>
   <merchant>
      <apiKey>4Vj8eK4rloUd272L48hsrarnUA</apiKey>
      <apiLogin>pRRXKOl8ikMmt9u</apiLogin>
   </merchant>
   <transaction>
      <order>
         <accountId>512327</accountId>
         <referenceCode>PRODUCT_TEST_2021-06-17T19:11:57.179Z</referenceCode>
         <description>Payment test description</description>
         <language>es</language>
         <signature>fbc089272288edc52c332395d9566f4c</signature>
         <notifyUrl>http://www.payu.com/notify</notifyUrl>
         <additionalValues>
            <entry>
               <string>TX_VALUE</string>
               <additionalValue>
                  <value>1000</value>
                  <currency>BRL</currency>
               </additionalValue>
            </entry>
         </additionalValues>
         <submerchant>
            <address>
               <city>São Paulo</city>
               <country>BR</country>
               <postalCode>04630010</postalCode>
               <state>SP</state>
               <street1>Rua Alsácia</street1>
            </address>
            <fullName>ROBSON BATISTA DE OLIVEIRA</fullName>
            <identification>17126661851</identification>
            <identificationType>cnpj</identificationType>
         </submerchant>
         <buyer>
            <merchantBuyerId>1</merchantBuyerId>
            <fullName>First name and second buyer name</fullName>
            <emailAddress>buyer_test@test.com</emailAddress>
            <contactPhone>7563126</contactPhone>
            <dniNumber>811.807.405-64</dniNumber>
            <cnpj>32593371000110</cnpj>
            <shippingAddress>
               <street1>Quadra QNP 34 Conjunto G 780</street1>
               <street2>5555487</street2>
               <city>Manaos</city>
               <state>SP</state>
               <country>BR</country>
               <postalCode>10012545</postalCode>
               <phone>(11)756312633</phone>
            </shippingAddress>
         </buyer>
         <shippingAddress>
            <street1>Quadra QNP 34 Conjunto G 780</street1>
            <street2>5555487</street2>
            <city>Manaos</city>
            <state>SP</state>
            <country>BR</country>
            <postalCode>0000000</postalCode>
            <phone>(11)756312633</phone>
         </shippingAddress>
      </order>
      <creditCard>
         <number>5178151142107990</number>
         <securityCode>777</securityCode>
         <expirationDate>2022/12</expirationDate>
         <name>APPROVED</name>
      </creditCard>
      <extraParameters>
         <entry>
            <string>INSTALLMENTS_NUMBER</string>
            <string>1</string>
         </entry>
      </extraParameters>
      <type>AUTHORIZATION_AND_CAPTURE</type>
      <paymentMethod>MASTERCARD</paymentMethod>
      <paymentCountry>BR</paymentCountry>
      <deviceSessionId>vghs6tvkcle931686k1900o6e1</deviceSessionId>
      <ipAddress>127.0.0.1</ipAddress>
      <cookie>pt1t38347bs6jc9ruv2ecpv7o2</cookie>
      <userAgent>Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0</userAgent>
      <threeDomainSecure>
         <embedded>false</embedded>
         <eci>01</eci>
         <cavv>AOvG5rV058/iAAWhssPUAAADFA==</cavv>
         <xid>Nmp3VFdWMlEwZ05pWGN3SGo4TDA=</xid>
         <directoryServerTransactionId>00000-70000b-5cc9-0000-000000000cb</directoryServerTransactionId>
      </threeDomainSecure>
   </transaction>
   <isTest>false</isTest>
</request>

Response body:

<paymentResponse>
    <code>SUCCESS</code>
    <transactionResponse>
        <orderId>1400437005</orderId>
        <transactionId>5d3cea31-c5e5-4105-9359-984edcaede37</transactionId>
        <state>APPROVED</state>
        <paymentNetworkResponseCode>6</paymentNetworkResponseCode>
        <trazabilityCode>282856</trazabilityCode>
        <authorizationCode>MOCK-CIELO-1624047952405</authorizationCode>
        <responseCode>APPROVED</responseCode>
        <operationDate>2021-06-18T10:25:52</operationDate>
        <extraParameters>
            <entry>
                <string>BANK_REFERENCED_CODE</string>
                <string>CREDIT</string>
            </entry>
            <entry>
                <string>CIELO_TID</string>
                <string>1006993069000509C28A</string>
            </entry>
        </extraParameters>
    </transactionResponse>
</paymentResponse>

What´s next?

  1. Contact your sales representative.
  2. Update your integration code. Please keep in mind that this functionality is supported only through API integration.
  3. Test the functionality and go live.

Everything else remains the same!

Last modified June 13, 2024: Documentation updates (e7dea052c)