Authorization with Authentication (API 3.0)
After authentication is completed, submit to the authorization procedure, sending the authentication data in the model of quot;external authentication" (node ExternalAuthentication ). This procedure is also valid for establishments that performed authentication outside Cielo (External MPI).
See example below, describing the sending of Cielo 3.0 API authorization request authentication data:
Request
{
"MerchantOrderId":"2017051002",
"Customer":
{
(...)
},
"Payment":
{
(...)
"Authenticate":true,
"ReturnUrl":"http://www.loja.com.br",
"CreditCard":{
"CardNumber":"4000000000001000",
"Holder":"Nome do Portador",
"ExpirationDate":"12/2021",
"SecurityCode":"123",
"Brand":"Visa",
"SaveCard":"false"
},
"ExternalAuthentication":{
"Cavv":"AAABB2gHA1B5EFNjWQcDAAAAAAB=",
"Xid":"Uk5ZanBHcWw2RjRCbEN5dGtiMTB=",
"Eci":"5",
"Version":"2",
"ReferenceID":"a24a5d87-b1a1-4aef-a37b-2f30b91274e6"
}
}
}
curl
--request POST "https://apisandbox.cieloecommerce.cielo.com.br/1/sales"
--header "Content-Type: application/json"
--header "MerchantId: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
--header "MerchantKey: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
--data-binary
--verbose
{
"MerchantOrderId":"2017051002",
"Customer":
{
(...)
},
"Payment":
{
(...)
"Authenticate":true,
"ReturnUrl":"http://www.loja.com.br",
"CreditCard":{
"CardNumber":"4000000000001000",
"Holder":"Nome do Portador",
"ExpirationDate":"12/2021",
"SecurityCode":"123",
"Brand":"Visa",
"SaveCard":"false"
},
"ExternalAuthentication":{
"Cavv":"AAABB2gHA1B5EFNjWQcDAAAAAAB=",
"Xid":"Uk5ZanBHcWw2RjRCbEN5dGtiMTB=",
"Eci":"5",
"Version":"2",
"ReferenceId":"a24a5d87-b1a1-4aef-a37b-2f30b91274e6"
}
}
}
Field | Description | Type/Size | Required |
---|---|---|---|
Payment.Authenticate | Boolean which defines whether the buyer will be directed to the issuing Bank for card authentication | Boolean | Yes, for authentication to be performed it is required to send as true |
Payment.ExternalAuthentication.Cavv | Signature that is returned in authentication success scenarios | Text | Yes, when authentication was a success |
Payment.ExternalAuthentication.Xid | XID returned in authentication process | Text | Yes, when the 3DS version is "1" |
Payment.ExternalAuthentication.Eci | E-Commerce Indicator returned in authentication process | Numeric [1 character] | Yes |
Payment.ExternalAuthentication.Version | 3DS version used in authentication process | Alphanumeric [1 character] | Yes, when the 3DS version is "2" |
Payment.ExternalAuthentication.ReferenceId | RequestID returned in authentication process | GUID [36 characters] | Yes, when the 3DS version is "2" |
Response
See more: https://developercielo.github.io/en/manual/cielo-ecommerce#response
Authorization with Authentication (Webservice 1.5)
See example below, describing the submission of the Cielo 1.5 API authorization request authentication data.
Request
<?xml version="1.0" encoding="UTF-8"?>
<requisicao-transacao xmlns="http://ecommerce.cbmp.com.br" id="1" versao="1.2.1">
<dados-ec>
(...)
</dados-ec>
<dados-portador>
(...)
</dados-portador>
<dados-pedido>
(...)
</dados-pedido>
<forma-pagamento>
(...)
</forma-pagamento>
<autorizar>3</autorizar>
<capturar>true</capturar>
<gerar-token>false</gerar-token>
<dados-autenticacao-mpi-externa>
<cavv>A901234A5678A0123A567A90120=</cavv>
<xid>A90123A45678A0123A567A90123</xid>
<eci>3</eci>
<versao>1</versao>
<dstid>3</dstid>
</dados-autenticacao-mpi-externa>
</requisicao-transacao>
Field | Description | Type/Size | Required |
---|---|---|---|
cavv | Signature that is returned in authentication success scenarios | Text | Yes, when authentication was a success |
xid | XID returned in authentication process | Text | Yes, when the 3DS version is "1" |
eci | E-Commerce Indicator returned in authentication process | Numeric [1 character] | Yes |
versao | 3DS version used in authentication process | Alphanumeric [1 character] | Yes, when the 3DS version is "2" |
dstid | RequestID returned in authentication process | GUID [36 characters] | Yes, when the 3DS version is "2" |
Response
See more: https://developercielo.github.io/en/manual/webservice-1-5#return-types
ECI Table
Brand | ECI | Transaction Meaning |
---|---|---|
Visa | 06 | Authenticated by the brand - risk of chargeback is from the issuer |
Visa | 05 | Authenticated by the issuer – risk of chargeback is from the issuer |
Visa | Different from 05 and 06 | Not authenticated – risk of chargeback remains with the establishment |
Mastercard | 01 | Authenticated by the brand - risk of chargeback is from the issuer |
Mastercard | 02 | Authenticated by the issuer – risk of chargeback is from the issuer |
Mastercard | 04 | Not authenticated, transaction characterized as Data Only - risk of chargeback remains with the establishment |
Mastercard | Different from 01, 02 and 04 | Not authenticated – risk of chargeback remains with the establishment |