Notification

IPN (Instant Payment Notification) is a notification sent from one server to another through an HTTP POST request informing your transactions.

To receive notifications about the events in your platform, you have to previously configure the notification when you do the POST of the payment, indicating the URL in the field notify_url.

Notification

POST $notify_url which defined when submitting the payin transaction.

Notification Parameters

Headers

Name	Type	Description
Content-Type*	String	application/json
Pagsmile-Signature*	String	t=$timestamp,v2=HMAC SHA256($RequestBody)

Name

Type

Description

Content-Type*

String

application/json

Pagsmile-Signature*

String

t=$timestamp,v2=HMAC SHA256($RequestBody)

Request Body

Name	Type	Description
trade_no*	String	Pagsmile transaction id
out_trade_no*	String	merchant out_trade_no
out_request_no	String	Pagsmile refund transaction id. Only for refund order
app_id*	String
trade_status*	String	trade status.
amount*	String
method*	String
currency*	String
timestamp*	String
channel	String

Name

Type

Description

trade_no*

String

Pagsmile transaction id

out_trade_no*

String

merchant out_trade_no

out_request_no

String

Pagsmile refund transaction id. Only for refund order

app_id*

String

trade_status*

String

trade status.

amount*

String

method*

String

currency*

String

timestamp*

String

channel

String

success

Events

Whenever an event occurs, we will send you a notification in json format using HTTP POST to the URL that you specified.

We will notify the following events:

Action	Description
SUCCESS	Trade has been successful
CANCEL	Trade has been cancelled
EXPIRED	Trade is expired
REFUSED	Trade has been refused
CHARGEBACK	Chargeback occurred
CHARGEBACK_REVERSED	Chargeback reversed
REFUND_REVOKE	Refund revoke
REFUND_REFUSED	Refund is refused
REFUNDED	Trade has been refunded
DISPUTE	Dispute occurred

Action

Description

SUCCESS

Trade has been successful

CANCEL

Trade has been cancelled

EXPIRED

Trade is expired

REFUSED

Trade has been refused

CHARGEBACK

Chargeback occurred

CHARGEBACK_REVERSED

Chargeback reversed

REFUND_REVOKE

Refund revoke

REFUND_REFUSED

Refund is refused

REFUNDED

Trade has been refunded

DISPUTE

Dispute occurred

We can notify the following events, contact us to set up if needed:

Action	Description
PROCESSING	User has submitted the payment information
RISK_CONTROLLING	Trade is considered high risk or there is unclear billing information
REFUND_VERIFYING	Waiting for the user to submit refund information
REFUND_PROCESSING	Refund information is received. Waiting for processing the refund.

Action

Description

PROCESSING

User has submitted the payment information

RISK_CONTROLLING

Trade is considered high risk or there is unclear billing information

REFUND_VERIFYING

Waiting for the user to submit refund information

REFUND_PROCESSING

Refund information is received. Waiting for processing the refund.

Pagsmile will send notifications with the following schedule of retries and confirmation waiting times. You must return an HTTP STATUS 200 (OK) with response data "success" before the corresponding time expires. If not, it will be assumed that you did not receive it correctly and you will be notified again.

It is recommended that you respond to the notification before executing business logic or before accessing external resources so as not to exceed the estimated response times.

This communication is exclusively between the servers of Pagsmile and your server, so there will not be a physical user seeing any type of result.

Event	Time after the first dispatch
Dispatch	-
1st retry	10 minutes
2nd retry	30 minutes
3rd retry	60 minutes
4th retry	120 minutes
5th retry	360 minutes
6th retry	840 minutes

Event

Time after the first dispatch

Dispatch

1st retry

10 minutes

2nd retry

30 minutes

3rd retry

60 minutes

4th retry

120 minutes

5th retry

360 minutes

6th retry

840 minutes

Verifying signatures (optional)

The approximate content of the Pagsmile-Signature header is as follows (here with line breaks for easy viewing, the actual content is all on one line):

Pagsmile-Signature:
t=1577808000,
v2=5257a869e7ecebeda32affa62cdca3fa51cad7e77a0e56ff536d0ce8e108d8bd

The Pagsmile-Signature header contains a timestamp and a signature. The timestamp is prefixed by t=, followed by a UNIX timestamp; the signature is prefixed by v2=, followed by the signature content.

Step 1 : Extract the timestamp and signatures from the header

Split the header using the [,] character as the separator, to get a list of elements. Then split each element using the [=] character as the separator, to get a prefix and value pair.

The value for the prefix [t] corresponds to the timestamp, and [v2] corresponds to the signature. You can discard all other elements.

Step 2 : Prepare the original RequestBody string

Get all the content in the RequestBody. Please pay attention here. Please do not use the program's self-built structure to format and/or serialize the RequestBody content. If you have similar requirements, please do it after getting the original data for verification to avoid unnecessary sorting of fields and the addition of characters affecting the signature.

Step 3 : Determine the expected signature

Compute an HMAC with the SHA256 hash function. Use the SecretKey get from The merchant dashboard as the key(salt), and use the original RequestBody string as the message.

Step 4 : Compare the signatures

Compare the signature in the header to the expected signature. For an equality match, compute the difference between the current timestamp and the received timestamp, then decide if the difference is within your tolerance.

Notification Example

The following notification is only an example. Different methods can have more or less parameters in the real notification. Please refer to what you received when testing.

Content-Type: application/json
Method: POST
Header: t=1645516741, v2=f6e345eca80d74c470ba456b7b559046f22b49fcaad9b81938ff1488b0f497ac
Body:
  {
    "amount": "12.01",
    "out_trade_no": "202201010354002",
    "method": "PIX",
    "channel": "",
    "trade_status": "SUCCESS",
    "trade_no": "2022022201111100011",
    "currency": "BRL",
    "out_request_no": "",
    "app_id": "162************38",
    "timestamp": "1645516741",
    "user": {
        "buyer_id": "",
        "identify":{
            "type": "CPF",
            "number": "50284414727"
        },
        "username": "test user name",
        "phone": "75991435892",
        "email": "test@pagsmile.com",
        "ip": ""
    },
    //Currently only PIX and SPEI return the payer's information. 
    "payer": { 
	"account": {
	    "number": "",
	    "type": ""
	},
	"identification": {
	    "number": "",
	    "type": ""
	},
	"username": "",
	//Currently Only PIX return the payer's bank account information.
	"bank": {
	    "agency": "",
	    "bank_id": "",
	    "bank_name": ""
	}
    },
    //Currently only CreditCard methods return the payer's card information.
    "card": {
        "card_no": "",
        "first_six_digits": "",
        "last_four_digits": ""
    },
    //Currently only CreditCard methods may return chargeback reasons.
    "chargeback_reason": {
        "code": "",
        "card_brand": "",
        "description": "",
        "type": ""
    }
  }

Please contact us to get the IP addresses that our notifications will be sent from.

PreviousWallet NextSecurity

Last updated 1 month ago