- New card brand return codes:
- Elo: codes 15, 66, 73, 79, 80;
- Amex: code 102;
- Updated descriptions of card brand return codes:
- Visa: code 46;
- Elo: code 78;
- Starting on 04/17/2026, it will be required to send the cryptogram in card verification transactions (VerifyCard) using tokenization with the Visa card brand:
- Send the DPAN (token) in the
Card.CardNumberfield; - Send the cryptogram in the
Card.SecurityCodefield.
- Send the DPAN (token) in the
- Warning that Click to Pay works only when card data or DPAN is included.
- New page about Merchant Advice Code (MAC) – Mastercard released:
- The Merchant Advice Code (MAC) is a code returned by Mastercard in declined transactions or other specific scenarios, such as cases involving virtual cards, card data updates (ABU), or token requirements.
- Provided a step-by-step guide for using the Bradesco boleto.
- Updated the documentation to expand the list of card brands compatible with Soft Descriptor. The available card brands are:
- Visa;
- Mastercard;
- Amex;
- Elo.
See more details at Soft Descriptor.
- Added guidance to the documentation about the
Payment.DigitalAssetfield for buy or sell transactions of cryptocurrencies and NFTs using the Visa card brand:- Supported values: Cryptocurrency and NFT;
- Applies exclusively to Visa transactions.
- Updated to state that the return of a card ending in 9 in the Sandbox environment will always be:
- 6 – Operation Successful, or
- 9 – Time Out
- Updated the maximum allowed size of the
bpmpi_totalamountparameter in the 3DS class mapping:- Updated from up to 15 characters to up to 11 characters.
- Updated the documentation with information about sending the cryptogram in tokenized MIT transactions for the Mastercard card brand:
- It is not necessary to send the cryptogram in tokenized MIT transactions for the Mastercard card brand, because the token was already validated in the original CIT transaction.
- Learn more at Transaction Initiator Indicator (CIT and MIT).
-
New certificate added for use on the domain api.cieloecommerce.com.br;
-
Updated contacts for Cielo E-commerce support;
-
New page about accreditation on the Cielo website added;
-
New page about Visa Intelligent Data Exchange (IDX): Visa solution for sharing data in card-not-present (CNP) transactions;
-
Error codes 220 and 233 added to the documentation;
-
Guidance for using Silent Order Post credentials added;
-
Guidance on using 3DS authentication for credit card and debit card:
- The validation and return of the
Payment.Ecifield occur only in the production environment at this initial stage;
- The validation and return of the
-
Guidance on error 389 – Registration Restriction for Zero Auth:
- If the API returns error 389, contact the commercial manager to check if the service is correctly enabled; if it is, the response indicates that this attempt cannot be validated due to Cielo's internal criteria. We recommend trying another card to complete the validation;
-
Guidance on payment with multi-benefit card added:
- Please refer to the standard voucher integration when using multibenefícios Alelo.
-
Guidance for Alelo voucher cancellation added:
- Full cancellation can only be performed on the transaction day (D0);
- To cancel after the transaction day (from D+1 onwards), you must contact Alelo.
- Guidance on using Click to Pay added:
- When the card is tokenized, Click to Pay returns the CAVV and sending the security code is not required.
- When the card is not tokenized, sending the security code is required.
- The usage flow for 3DS with Silent Order POST added to the documentation:
- An explanatory diagram of the process was included, covering the previous step and the authorization call.
- Added codes 100, BP900 and BP903 to the void return codes table:
- 100: Transaction not found for void. This occurs when a partial void attempt is made before settlement.
- BP900: Operation failed. Try again in 5 minutes. We recommend running a transaction status query before making a new request.
- BP903: Void failed. Try again.
- Guidance on authentication verification in 3DS in credit and debit transactions:
- To confirm if authentication was applied during authorization, check the ECI value in
Payment.Eci; - The API replicates the ECI provided by the merchant in
Payment.ExternalAuthentication, but the actual value used by the card brand is the one inPayment.Eci.
- To confirm if authentication was applied during authorization, check the ECI value in
- Information about the
SentOrderIdfield in credit and debit transactions:- When
MerchantOrderIddoes not comply with the acquirer’s rules, a new order number is generated and returned inSentOrderId. - If the format is valid,
SentOrderIdreturns the same value provided inMerchantOrderId.
- When
- Rule for the Visa Retry Program:
- Code 14 is now considered in Category 1 and also in Category 3 (Data Quality).
- Error code 100 in void operations:
- Occurs when a partial void attempt is made before the transaction is settled.
- Inclusion of error code 003 – Nonexistent transaction in ABECS return codes.
- New status lists for Pix, boleto, e-wallets, debit, and credit transactions.
- New scheduled recurrence amount update feature, allowing the client to schedule future adjustments to the subscription amount for a specific date.
- New enable and disable e-wallet functionality on the Cielo website, available for Apple Pay, Google Pay, and Samsung Pay.
- Information about Alelo voucher enablement: the request must be sent directly to Alelo.
- New content about the types of tokenization offered by Cielo.
- New content about payment facilitators;
- Debit card available for payments by e-wallets;
- Information about the minimum installment amount (R$ 5.00);
- Information about retroactive charges when scheduling recurring payments for a past date;
- The ServiceTaxAmount field is now accepted for travel agencies, in addition to airlines;
- Automatic Billing Update (ABU) is now supported for Visa and Elo brands, in addition to Mastercard.
- Instructions for integrating scripts for 3DS and Silent Order Post;
- Information that MCC 6540 is required for SDWO transactions with identified and unidentified boleto under the Mastercard brand;
- Added Alelo brand for payments with voucher;
- Included error code 228 in the possible API errors;
- New instructions on revoking 3DS credentials on the Cielo website;
- New instructions on revoking SOP credentials on the Cielo website;
- New payment method available: multibenefit voucher. Available for Visa, Mastercard and Elo;
- Inclusion of MAC CODE 43 in the Mastercard retry response table;
- Requirement to identify transactions originating from payment links for Elo-branded cards starting from 09/15/2025.
- More information about the MAC 02 code added;
- Example response for getting payment details by TId updated;
- New required field
PaymentFacilitator.SubEstablishment.EstablishmentUrlfor payment facilitator transactions; - The
Customer.Namefield does not accept numbers and special characters; - New ChangeType code = 25 for Notification Post. The new code indicates that the transaction was either canceled or partially refunded;
- Voucher Alelo is now available as a payment method;
- Instructions for sending the
bpmpi_billto_stateandbpmpi_shipTo_statefields in the script for 3DS authentication updated for different countries; - Code 14 from the Visa Retry Program moved from category 1 to category 3 following the brand's directive;
- New test cards available for 3DS Data Only.
- New page about obtaining the cancellation letter via the Cielo website;
- New page detailing how to cancel a sale via the Cielo website.