In this section, you will find all the technical specifications of the IDPay product REST APIs for managing payment transactions.
Your API requests are authenticated using an access token. Any request that does not include a valid access token will return an error.
You can learn more about how to generate an access token here.
The orderNumber field must be filled with the UNIQUE order number of that purchase in the e-commerce system, and using a distinct transactional ID is incorrect.
It is important to pay attention to this field, as it may negatively impact the user experience in the final flow, causing issues with product usage.
Possible impacts include:
Low Conversion:
The order number is used to help the end user complete the flow.
API Errors:
You might encounter errors such as "replicated transaction" if the same order number, BIN, and last4 digits are used.
Note: If the company is configured to reuse transactions with the same data, please refer to the "Transaction Reuse" section.
If the validations determine that biometric capture is not required, the response will have a different status, and a capture link will not be generated, as shown below:
This scenario will occur if you use the Pre or Super Pre modules, for cases where you use IDPay in the Checkout, as specified in the Features section.
It is possible to configure the company to reuse transactions that have the same data, avoiding "replicated transaction" errors. The reuse will occur under the following conditions:
A transaction is being created with the same orderNumber, identity.key, identity.value, company, card.binDigits, card.lastDigits, and value of a previously created transaction.
The previous transaction has not yet exceeded the expiration time configured for the company.
If the transaction to be created and the previous transaction do not meet these conditions, a new transaction will be created. Otherwise, the following are the possible responses:
If the previous transaction is in a final status, such as approved or inconclusive:
If the previous transaction is still in an initial status, such as waiting or shared:
In this last case, the transaction still in an initial status will have its expiration date recalculated, based on the date of this request.
To see all possible statuses, refer to the Enumerated section.
To optimize the performance of your application, you can also implement our Webhook to know when to check the transaction status. See more in the Webhook section.
The evidence set can only be generated for approved transactions.
The link returned for the evidence set is valid for five minutes after it is obtained. Therefore, it is important that this link is not saved, but rather used to download the evidence set.
It is also possible to configure the resending of notifications through the portal, without the need to implement it via API. To understand the possibilities, speak with the person responsible for your project.
For a transaction to be canceled, it must be in the initial status (waiting).
To see all possible statuses, refer to the Enumerated section.
Didn't find something or still need help? If you're already a client or partner, you can reach out through our Help Center.
Endpoint to resend notifications via email and/or phone for a specific transaction.
Transaction ID for which the notification will be sent.
A valid access token. The value must be sent in the format Bearer {token}.
Phone number to send the notification.
"NOTIFICATION_PHONE"Email address to send the notification.
"NOTIFICATION_EMAIL"Notification sent successfully.
Unique ID of the generated notification.
"b50ee24c-71eb-4a5d-ade1-41c48b44c240"Generated link for the notification.
"https://aces.so/example"Endpoint to check the current status of a specific transaction.
Transaction ID to check the status.
Valid access token. The value must be sent in the format Bearer {token}.
Transaction status retrieved successfully.
Current status of the transaction.
"processing"Endpoint to get the evidence set of a specific transaction.
ID of the transaction for which the evidence set will be retrieved.
Valid access token. The value must be sent in the format Bearer {token}.
Probative file link retrieved successfully.
URL of the probative file.
"https://unico.io/probative.pdf"Endpoint to cancel a specified credit transaction.
Transaction ID to be canceled.
A valid access token. The value must be sent in the format Bearer {token}.
Transaction successfully canceled.
Updated transaction status.
"canceled"Endpoint to create a new transaction.
Valid access token. The value must be sent in the format "Bearer {token}".
User identification data.
Type of user identification key.
"cpf"User identification key value. Must be sent without dots or dashes.
"USER_CPF"Order number associated with the transaction. This data will be used as an index in the portal and can be used as a foreign key between your system and IDPay.
"123456"ID of the company responsible for the transaction. This field is provided by Unico.
"f44f02e5-320e-497b-b346-8cf19b3ee2a4"URL to which the user will be redirected after completing the transaction. Possible values are: An https URL to redirect web pages or a URL Schema for redirection in native mobile applications.
"https://example.com/redirect"Information about the card used in the transaction.
First 6 or 8 digits of the card.
"12345678"Last 4 digits of the card.
"7890"Card expiration date.
"12/24"Cardholder's name. The name field must be sent correctly, avoiding encoding issues, incorrect or invalid values, which may cause problems with approval in the flow, as this data is used in the user experience and communication.
"João da Silva"Total purchase value.
100.5Notification phone number. This parameter is optional, and if provided, a WhatsApp notification will be sent to the user.
"5511998551010"Notification email. This parameter is optional, and if provided, an email notification will be sent to the user.
"user@example.com"Capture behavior defined for the transaction. Options available: 'biometric': The identity authentication model used is biometric only, for flows that always require biometric capture. 'silent': The identity authentication model is silent, validating only device metadata, for flows where no friction is desired (approval rate is lower). 'adaptive': A hybrid between the two above, using adaptive validation and biometrics. This flow has lower friction, security, and a better approval rate (default).
"biometric"Additional information about the transaction. Currently, the following additional information can be sent: Seller: Information about the seller of that transaction. Seller identification (CPF or CNPJ) can be provided.
Seller information.
Type of seller identification key.
"cpf"Seller identification key value.
"12345678909"Transaction successfully created.
ID of the created transaction.
"6ab1771e-dfab-4e47-8316-2452268e5481"Current transaction status.
"waiting"Link related to the transaction.
"https://aces.so/test"Signed token containing the necessary parameters to initialize Unico IDPay web SDK.
"eyJhbGciOiJIUzI1NiIsInR5cC[...]Ok6yJV_adQssw5c"