Edenred Direct Payment Services
Use Case: Brazil
Generalities
In Brazil, a user can spend the exact amount requested, with limitations.
These regulations are handled on the Edenred side. Please note that all amounts in our API are given in centavos (example: 9BRL = 900).
Ticket Restaurant local regulation
In Brazil, for the Ticket Restaurant product, a user can :
- Perform a transaction up to 500 BRL (which meaning that a transaction of 501 BRL will be declined). Note that the amount of the transaction can't be below 0,01cts
- Perform 5 transactions per day (which mean that the 6th transaction request of the day will be declined)
Note that all those checks are performed by the local authorization platform itself. Error code related to those limits are described in the specification of the transaction processing.
Ticket Alimentaçao local regulation (for grocery players)
In Brazil, for the Ticket Alimentaçao product, a user can :
- Perform a transaction up to 2000 BRL (which meaning that a transaction of 2001 BRL will be declined). Note that the amount of the transaction can't be below 0,25cts
- Perform 5 transactions per day (which meaning that the 6th transaction request of the day will be declined)
Note that all those checks are performed by the local authorization platform itself.
User Security Tokens
Please refer to this section for more details about security tokens.
1) To test the API in sandbox, you can get an authorization_code by clicking on the link bellow:
Example of account that can be used to test the API:
Username: StgEdps@Ticket.com.br
Password: Stg@2023
CVV: 046 (for card ending with ******6111)Login Page
Card selector
Confirm CVV code from the back of the card
Accept Agreement
2) After login, you'll be redirected to a url like :
http://nowhere.edenred.net/?code={authorization_code}&...
3) Copy the authorization_code and use the request "Get access_token from authorization_code" in the following collection of API calls : postman collection
Please note that an authorization_code is burned every time you try to use it. If your API call fails, you must get a new authorization_code.
Logout
Logout the Edenred account from your platform. All tokens are then invalid
GET /connect/endsession?id_token_hint=<idToken>=<postLogoutRedirectUri> HTTP/1.1
Host: {{authentication-URL}}Where
'authentication-URL' = sso.sbx.edenred.io
And idToken is retrieved from the refreshing token response
And postLogoutRedirectUri is a callback URL whitelisted on our side (to be provided in the configuration request)
eg: postLogoutRedirectUri = [http://nowhere.edenred.net/(http://nowhere.edenred.net/)
Direct Payment API
III. Direct Payment API
If you use the postman collection, the access_token will automatically be placed in your HTTP Authorization header.
Token Management:
| Operations | Endpoints | Description |
|---|---|---|
| Get access_token | POST /connect/token | Get a new access token |
| Get refresh_token | POST /connect/token | Refresh the access token |
Users Management:
| Operations | Endpoints | Description |
|---|---|---|
| Get Balance | GET /v2/users/{username} | Get user balance |
| Estimate Charge | POST /v2/users/{username}/actions/estimate-charge | Check if you can pay with the given amount |
Transaction Management
- Capture Mode auto:
| Operations | Endpoints | Description |
|---|---|---|
| Authorize + Capture | POST /v2/transactions | Authorize and Capture in one call |
| Refund | POST /v2/transactions/{authorization_id}/actions/refund | Refund the auto captured transaction |
- Capture Mode Manual:
a- Authorize > Cancel
| Operations | Endpoints | Description |
|---|---|---|
| Authorize Manual | POST /v2/transactions | Authorize a new payment |
| Cancel | POST /v2/transactions/{authorization_id}/actions/cancel | Cancel the authorized payment |
b- Authorize > Capture > Refund
| Operations | Endpoints | Description |
|---|---|---|
| Authorize Manual | POST /v2/transactions | Authorize a new payment |
| Capture | POST /v2/transactions/{authorization_id}/actions/capture | Capture the authorized payment |
| Refund | POST /v2/transactions/{authorization_id}/actions/refund | Refund the captured payment |
The postman configuration available here is set in auto-clearing mode => cancel and capture routes are not available.
You can request an access to our UAT environment in manual-clearing mode if you choose to implement the payment with Edenred this way.
Get Balance
Get the balance which is available on the user's account.
The authorization header is mandatory for this request.
Request:
GET /v2/users/{username} HTTP/1.1
Host: directpayment.stg.eu.edenred.io
Authorization: Bearer {token}
X-Client-Id: {payment-clientId}
X-Client-Secret: {payment-clientSecret}Response:
{
"meta": {
"status": "succeeded",
"messages": []
},
"data": {
"available_amount": 12000,
"currency": "BRL"
}
}Estimate Charge
Check if an amount can be spent and answer the possible amount that can be spent. If the requested amount is above the available balance, the service will provide the available amount in the response.
The authorization header is mandatory for this request.
Request:
POST /v2/users/{username}/actions/estimate-charge HTTP/1.1
Host: directpayment.stg.eu.edenred.io
Authorization: Bearer {token}
X-Client-Id: {payment-clientId}
X-Client-Secret: {payment-clientSecret}
Content-Type: application/json
{
"amount": 1900
}Response:
{
"meta": {
"status": "succeeded",
"messages": []
},
"data": {
"available_amount": 1500,
"currency": "BRL"
}
}Capture Mode - Auto
Step 1: Auto Capture a transaction
An auto capture can only be requested with an amount in cents of BRL.
The authorization header should be set for this operation.
In this mode, we can perform only the below operations:
| Operations | Endpoints | Description |
|---|---|---|
| Authorize & Capture | POST /v2/transactions | Create a transaction, the capture_mode MUST be auto |
| Refund | POST /v2/transactions/{authorization_id}/actions/refund | Refund a captured transaction. The authorization_id is returned by the Authorize operation |
All transactions requests must be sent with the following information to identify the merchant in the transaction : the "MID" and the corresponding "CNPJ". A check is performed during the authorization to validate that the MID belongs to the CNPJ (if not, the authorization will be declined with the reason "400 - The Merchant is invalid").
CNPJ must be provided in the body of the transaction request in the field "extra_field"
CNPJ must contain 14 digits (if CNPJ inferior to 14 digits, it must be fulfilled with “0” on the left). CNPJ must contain only numbers, no special caracters allowed such as “/” “.” or “-“
The idempotency/duplicate check is applied based on the "username / amount / MID / Date" check. Timestamp is not mandatory to trigger the idempotency/duplicate check on the Brazilian authorization platform.
Request:
POST /v2/transactions HTTP/1.1
Host: directpayment.stg.eu.edenred.io
Authorization: Bearer {token}
X-Client-Id: {payment-clientId}
X-Client-Secret: {payment-clientSecret}
Content-Type: application/json
{
"order_ref": "order-002",
"mid": "20290",
"extra_field"= "15596390000181",
"amount": 1,
"capture_mode": "auto",
"security_mode": "standard",
"currency": "BRL",
"tstamp": "2019-05-23T14:02:50Z",
}Response:
{
"meta": {
"status": "succeeded",
"messages": []
}
"data": {
"order_ref": "order-002",
"mid": "20290",
"authorization_id": "455211",
"authorized_amount": 1,
"capture_id": "455211",
"capture_amount": 1,
"status": "captured"
}
}Step 2: Refund a captured transaction
Once captured, a transaction can be refunded.
The authorization_id provided during the payment process must be provided in this request.
the exact "capture_amount" must be provided in the amount field. No partial refund supported
The authorization header is not for this operation. The authorization_id is used by the platform to retrieve the existing authorization and process the enrichment of the request with the information of this transaction.
Refund Request:
POST /v2/transactions/{authorization_id}/actions/refund HTTP/1.1
Host: directpayment.stg.eu.edenred.io
X-Client-Id: {payment-clientId}
X-Client-Secret: {payment-clientSecret}
Content-Type: application/json
{
"amount": 1,
"currency": "BRL",
"tstamp": "2019-05-23T14:02:50Z"
}Refund Response:
{
"meta": {
"status": "succeeded",
"messages": []
},
"data": {
"refund_id": "786653",
"refunded_amount": 1,
"status": "refunded"
}
}Capture Mode - Manual
In this mode, we can perform the below operations:
| Operations | Endpoints | Description |
|---|---|---|
| Authorize | POST /v2/transactions | Create a transaction, the capture_mode MUST be manual |
| Cancel | POST /v2/transactions/{authorization_id}/actions/cancel | Cancel an authorized transaction. The authorization_id is returned by the Authorize operation |
| Capture | POST /v2/transactions/{authorization_id}/actions/capture | Capture an authorized transaction. A Cancelled transaction can't be captured. The authorization_id is returned by the Authorize operation |
| Refund | POST /v2/transactions/{authorization_id}/actions/refund | Refund a captured transaction. The authorization_id is returned by the Captured operation |
Step 1: Autorize a transaction
An authorization is requested with an amount in cents of Euros (19€ = 1900 in the request).
The authorization header should be set for this operation.
The field
tstampMUST be set in order to manage idempotency
Request:
POST /v2/transactions HTTP/1.1
Host: directpayment.stg.eu.edenred.io
Authorization: Bearer {token}
X-Client-Id: {payment-clientId}
X-Client-Secret: {payment-clientSecret}
Content-Type: application/json
{
"mid": "{{mid}}",
"order_ref": "89364043",
"security_level": "standard",
"amount": 100,
"capture_mode": "manual",
"tstamp": "{{tstamp}}"
}Response:
{
"meta": {
"status": "succeeded",
"messages": []
},
"data": {
"order_ref": "89364043",
"mid": "5423945122",
"authorization_id": "f4416a5e-f7bc-4dbb-9032-ed683ee775f6",
"authorized_amount": 100,
"status": "authorized"
}
}###
Step 2.1: Cancel an authorized transaction
An authorized payment can be cancelled or captured.
Cancel and capture are for the full amount authorized
The field
tstampMUST be set in order to manage idempotency
Cancel Request:
POST /v2/transactions/{authorization_id}/actions/cancel HTTP/1.1
Host: directpayment.stg.eu.edenred.io
X-Client-Id: {payment-clientId}
X-Client-Secret: {payment-clientSecret}
Content-Type: application/json
{
"amount": 100,
"tstamp": "2019-05-21T12:10:12Z"
}Cancel Response:
{
"meta": {
"status": "succeeded",
"messages": []
},
"data": {
"mid": "5423945122",
"cancel_id": "1c38564c-9986-4e69-b5e0-9c36c37f7cb8",
"cancelled_amount": 100,
"status": "cancelled"
}
}Step 2.2: Capture an authorized transaction
An authorized payment can be cancelled or captured.
Cancel and capture are for the full amount authorized
The field
tstampMUST be set in order to manage idempotency
Capture Request:
POST /v2/transactions/{authorization_id}/actions/capture HTTP/1.1
Host: directpayment.stg.eu.edenred.io
X-Client-Id: {payment-clientId}
X-Client-Secret: {payment-clientSecret}
Content-Type: application/json
{
"amount": 100,
"tstamp": "2019-05-21T12:15:29Z"
}Capture Response:
{
"meta": {
"status": "succeeded",
"messages": []
},
"data": {
"mid": "5423945122",
"capture_id": "1c5743c-9986-4e69-b5e0-9c36c37f7cb8",
"captured_amount": 100,
"status": "captured"
}
}Step 3: Refund a captured transaction
Once captured, a transaction can't be cancelled but have to be refunded.
The capture_mode is mandatory in the case of dual messaging (Authorize and Capture) and must be set to "manual".
The refund can only be performed for the full amount that has been captured
The field
tstampMUST be set in order to manage idempotency
Refund Request:
POST /v2/transactions/{authorization_id}/actions/refund HTTP/1.1
Host: directpayment.stg.eu.edenred.io
X-Client-Id: {payment-clientId}
X-Client-Secret: {payment-clientSecret}
Content-Type: application/json
{
"amount": 100,
"capture_mode": "manual",
"tstamp": "2019-05-21T12:17:53Z"
}Refund Response:
{
"meta": {
"status": "succeeded",
"messages": []
},
"data": {
"mid": "5423945122",
"refund_id": "314f8e0f-6952-4695-91a7-4f0c11f83da6",
"refunded_amount": 100,
"status": "refunded"
}
}Mapped status codes
| Status Code | Status | Code | Level | Description |
|---|---|---|---|---|
| 200 | succeded | SUCCESS | Success | SUCCEEDED |
| 200 | succeded | OK | Success | OK |
| 200 | succeded | TRANSACTION_OK | Success | OK |
| 200 | succeded | AUTH | Success | The transaction has been authorized. |
| 200 | succeded | AUTH_PENDING | Success | The transaction authorization is pending. |
| 200 | succeded | PARTIAL_AUTH | Success | The transaction has been partially authorized. |
| 400 | failed | CARD_NOT_FOUND | Error | Card not found |
| 400 | failed | INVALID_INFORMATION | Error | The provided information is invalid |
| 400 | failed | INVALID_CARD | Error | Blocked card |
| 400 | failed | INVALID_MERCHANT | Error | Merchant and DocNumber do not match |
| 400 | failed | INVALID_CARD_NUMBER | Error | Invalid card serial number |
| 400 | failed | LIMIT_EXCEEDED | Error | The Amount is invalid |
| 400 | failed | INVALID_MERCHANT | Error | The Merchant is invalid |
| 400 | failed | TRANSACTION_DUPLICATED | Error | The transaction is duplicated |
| 400 | failed | INSUFFICIENT_FUNDS | Error | Insufficient funds |
| 400 | failed | TRANSACTION_LIMIT_EXCEEDED | Error | Exceeded the limit of quantity of transactions per day |
| 400 | failed | CARD_NOT_FOUND | Error | Card not found |
| 400 | failed | TRANSACTION_NOT_FOUND | Error | The transaction is not found |
| 400 | failed | PARTIAL_REVERSALS_NOT_ALLOWED | Error | The partial reversal is not allowed |
| 400 | failed | INVALID_CURRENCY_CODE | Error | The currency must be ISO 4217 |
| 400 | failed | INVALID_CAPTURE_MODE | Error | The property Capture_Mode must contains (auto / manual) |
| 400 | failed | BAD_REQUEST | Error | The property CardNumberID is required |
| 400 | failed | INVALID_TOKEN | Error | The token is not valid |
| 400 | failed | ONLINE_TRANSACTIONS_DISABLED | Error | Online transactions for the card provided is disabled |
| 400 | failed | CARD_NOT_ACTIVATED | Error | The card status is different from active. The transaction can't be processed with the given default card |
| 400 | failed | BAD_REQUEST | Error | The input doesn't respect the contract expected (required fields, type, etc.) |
| 400 | failed | EMPTY_AUTHORIZATION_TOKEN | Error | Unable to retrieve the OpenId token from the request. Please verify your request and, if required, contact the API administrator for assistance. |
| 400 | failed | INVALID_SEARCH_PERIOD | Error | The search period is longer than 3 months. |
| 400 | failed | BAD_REQUEST | Error | The server cannot or will not process the request due to an apparent client error. Check messages field for more details. |
| 400 | failed | DECLINED | Error | Transaction declined. |
| 400 | failed | INVALID_REQUEST | Error | The configuration allows only single/dual messaging requests. |
| 400 | failed | CARD_NOT_ACTIVE | Error | No active card found for the username. |
| 400 | failed | INVALID_AMOUNT | Error | Insufficient funds or amount too small/big. |
| 400 | failed | INVALID_MERCHANT | Error | The merchant is not valid, please check the given mid. |
| 400 | failed | INVALID_VOUCHER | Error | Voucher not valid. |
| 400 | failed | LIMIT_EXCEEDED | Error | The amount is incorrect according your past orders. |
| 400 | failed | LOCKOUT | Error | Max PIN tries exceeded. |
| 400 | failed | PARTIAL_REVERSALS_NOT_ALLOWED | Error | Partial refunds are not allowed. |
| 400 | failed | TEMPORARY_HOLD | Error | Transaction temprorary hold. |
| 400 | failed | TRANSACTION_DUPLICATED | Error | A same transaction already exists. |
| 400 | failed | TRANSACTION_NOT_AUTHORISED | Error | The transaction has not been authorized. |
| 400 | failed | TRANSACTION_STATUS_MUST_BE_AUTHORIZED | Error | Invalid operation, the status of the transaction must be authorized |
| 400 | failed | INVALID_AMOUNT | Error | Ensure that the amount you want to cancel matches the authorized amount. |
| 400 | failed | TRANSACTION_NOT_AUTHORISED | Error | Transaction not authorised. |
| 400 | failed | TRANSACTION_STATUS_MUST_BE_CAPTURED | Error | Invalid operation, the status of the transaction must be captured |
| 401 | failed | UNAUTHORIZED | Error | Unauthorized User |
| 401 | failed | INVALID_TOKEN | Error | Invalid, revoked or expired token. You should try to re-authenticate the user. |
| 401 | failed | UNAUTHORIZED | Error | Missing, invalid or expired token. To fix, you should re-authenticate the user. |
| 401 | failed | USER_INACTIVE | Error | User Inactive. |
| 401 | failed | INVALID_TOKEN_ISSUER | Error | The token has not been issued (tokenUsername) for the current user (username) |
| 403 | failed | ENDPOINT_SUSPENDED | Error | Currently this endpoint is suspended |
| 403 | failed | FORBIDDEN | Error | Bad OAuth request (wrong consumer key, bad nonce, expired timestamp...) |
| 403 | failed | FORBIDDEN | Error | The request was valid, but the server is refusing action. The user might not have the necessary permissions for this resource. |
| 404 | failed | TRANSACTION_NOT_FOUND | Error | No transaction found for the given transaction_id. |
| 404 | failed | ORIGIN_TRANSACTION_ID_NOT_FOUND | Error | The origin transaction_id is not found. |
| 404 | failed | NOT_FOUND | Error | If no transaction is linked to the transaction_id given as input. |
| 405 | failed | METHOD_NOT_ALLOWED | Error | A request was made of a resource using a request method not supported by that resource; for example, using GET on a form which requires data to be presented via POST, or using PUT on a read-only resource. |
| 405 | failed | METHOD_NOT_ALLOWED | Error | A request was made of a resource using a request method not supported by that resource. |
| 406 | failed | NOT_ACCEPTABLE | Error | The requested resource is only capable of generating content not acceptable according to the Accept headers sent in the request. |
| 412 | failed | PRECONDITION_FAILED | Error | One of the user data is not valid to process the given request |
| 412 | failed | PRECONDITION_FAILED | Error | A business precondition has not been; for example, the user has no active cards. |
| 412 | failed | PRECONDITION_FAILED | Error | A business precondition has not been. |
| 415 | failed | UNSUPPORTED_MEDIA_TYPE | Error | The request entity has a media type which the server or resource does not support. |
| 429 | failed | TOO_MANY_REQUEST | Error | Your request has been rejected due to rate limitation. Please check your subscribed service level agreement. |
| 500 | failed | INTERNAL_ERROR | Error | Internal server error |
| 500 | failed | INTERNAL_ERROR | Error | We had a problem with our server. Please to try again later. |
| 500 | failed | TRANSACTION_MUST_BE_AUTHORIZED | Error | Invalid operation, the status of the transaction must be authorized |
| 501 | failed | NOT_IMPLEMENTED | Error | The server either does not recognize the request method, or it lacks the ability to fulfill the request |
| 501 | failed | NOT_IMPLEMENTED | Error | For the context of the current business unit, this feature is not supported. |
| 502 | failed | TIMEOUT | Error | Send timeout |
| 502 | failed | BAD_GATEWAY | Error | Oups... Something wrong on one of the underlying servers! Please contact the administrator to report the issue |
| 502 | failed | BAD_GATEWAY | Error | We had a problem with one of our backends that returns a http 500 status. Please to try again later. |
| 503 | failed | SERVICE_UNAVAILABLE | Error | Oups... Something wrong on one of the underlying servers! Please contact the administrator to report the issue |
| 503 | failed | CONNECTIVITY | Error | Indicates that there was a problem establishing a connection |
| 504 | failed | GATEWAY_TIMEOUT | Error | The server, while acting as a gateway or proxy, did not receive a timely response from an upstream server it needed to access in order to complete the request. |