# Authorization ## Authorization `POST` `https://gateway-test.pagsmile.com/trade/pre-authorization` This endpoint allows you to create an authorization. #### Headers | Name | Type | Description | | ----------------------------------------------- | ------ | ------------------------------------------ | | Content-Type\* | string | application/json; chartset=UTF-8 | | Authorization\* | string | Basic Base($app\_*id:$security\_*key) | #### Request Body | Name | Type | Description | | -------------------------------------------------------------- | ------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | app\_id\* | string |

created app's id at dashboard

- Max. 32 chars -

| | timestamp\* | string |

yyyy-MM-dd HH:mm:ss
- Max. 19 chars -

| | buyer\_id\* | string | buyer id | | content | string | | | format\* | string | Fixed value: JSON | | notify\_url\* | string | Where Pagsmile will send notification to | | order\_amount\* | number | payment amount | | order\_currency\* | string | | | out\_trade\_no\* | string |

ID given by the merchant in their system
- Max. 64 chars -

| | return\_url | string | Redirect to Merchant's url when user finished checkout | | subject\* | string | | | timeout\_express | string |

m(minutes), h(hours), d(days), c(always end in current day).

Used to control the expiration time of submitting an order (from initial to processing). (90m in default, max 15d)

| | version | string | Fixed value: 2.0 | | token\* | string | The token received from Tokenization API. | | website\_url | string | | | threeds.sli | string | Security level indicator | | threeds.status\* | string | 3DSecure - Status text received from 3D secure vendor | | threeds.liability\_shift\* | string | liability shift - indicate whether the chargeback liability shifted to the card issuer | | threeds.status\_reason\_code\* | string | String EMVCO Indicator of the reason for the 3DS status code provided during the authentication, (Possible values: 01, 02, 03, 04, 05, 06, 07, 08, 09, 10, 11, 12, 13, 14, 15, 16) | | threeds.status\_code\* | string | 3DSecure - Status code recieved from authorization/authentication response, (Possible values: U, N, Y, A, C, D, R, I) | | threeds.eci\* | string | ECI value recieved from authorization/authentication response | | threeds.cavv\* | string | Authentication Value (CAVV / AAV for 3DS1) recieved from authorization/Authentication response | | threeds.version\* | string | The version of the 3D Secure that was used for authentication | | threeds.acs\_trans\_id\* | string | This field contains a universally unique transaction identifier assigned by the ACS to identify a single transaction. | | threeds.ds\_trans\_id\* | string | A universally unique transaction identifier is assigned by the DS to identify a single transaction. | | method\* | string | Fixed value: CreditCard | | trade\_type\* | string | Fixed value: API | | issuer\* | string | issuer of the card. | {% tabs %} {% tab title="200: OK submit successfully" %} ```json { "msg": "Success", "code": "10000", "out_trade_no": "8335***600", "web_url": "", "trade_no": "2022***215", "prepay_id": "MnFrV****OD0=-a220184D" } ``` {% endtab %} {% tab title="400: Bad Request invalid signature" %} ```json { "code":"40002", "msg":"Business Failed", "sub_code":"invalid-signature", "sub_msg":"invalid signature" } ``` {% endtab %} {% endtabs %} {% hint style="info" %} If the pre-authorization is successfully created, a callback with `"trade_status":"AUTHORIZED"` will be sent. If the pre-authorization fails to be created, a callback with `"trade_status":"REFUSED"` will be sent. {% endhint %} ### Example ``` curl --location --request POST 'https://gateway-test.pagsmile.com/trade/pre-authorization' \ --header 'Authorization: Basic MTYyNTgyOTIxNDUzMTY2Mzg6UGFnc21pbGVfc2tfZDUwMWQ1ZGNkNTI5OGQ5N2MwNmUzYjI4YjA2OWZjZmY3NDU5ZjY2NzNiMjFjMTFlYTY3NDM5MDgzOTZkOTYxNQ==' \ --header 'Content-Type: application/json' \ --data-raw '{ * "app_id": "1617****8052", * "timestamp": "2022-08-11 10:25:46", * "format": "JSON", * "out_trade_no": "out_181***1300", * "method": "CreditCard", * "order_amount": "120", * "order_currency": "BRL", * "subject": "Cobrança Ășnica digital", * "content": "trade pay test conent", * "trade_type": "API", * "notify_url": "http://demo.gemini-tiger.cn/callback/success", "return_url": "http://demo.gemini-tiger.cn/test", * "buyer_id": "buyer_0810", "timeout_express":"30m", * "token":"psct_b67******ecad89a5de", "version": "2.0", "website_url": "www.xcloud.com", * "issuer": "VISA", * "threeds": { * "version":"2", * "cavv":"MTIzNDU2Nzg5MDEyMzQ1Njc4OTA", * "eci":"05", * "acs_trans_id":"7777-8797-4645-1233", * "ds_trans_id":"7777-8797-4645-1233", * "status":"Cardholder authenticated", * "status_code":"Y", * "status_reason_code":"15", * "liability_shift":"true" }, }' ``` {% hint style="info" %} Note: **162\*\*\*\*\*\*\*\*\*\*\*\*38** is pagsmile's test app id for sandbox, and **MTYyNTgyOTIxNDUzMTY2Mzg6UGFnc21pbGVfc2tfZDUwMWQ1ZGNkNTI5OGQ5N2MwNmUzYjI4YjA2OWZjZmY3NDU5ZjY2NzNiMjFjMTFlYTY3NDM5MDgzOTZkOTYxNQ==** is authorization token associated with the test app id. {% endhint %} {% hint style="danger" %} Please use your own **app\_id** and generate your own **authorization token** when testing. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.pagsmile.com/payin/pci-direct-integration/authorization.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.