1. Creating the access token
Get 3DS credentials for each environment
- Production environment
Get the credentials with Support.
- Sandbox environment
For testing in the sandbox, use:
ClientId: dba3a8db-fa54-40e0-8bab-7bfb9b6f2e2e
ClientSecret: D/ilRsfoqHlSUChwAMnlyKdDNd7FMsM7cU/vo02REag=
To gain access to Cielo services that use Cielo Oauth, you will need to obtain an access token, following the steps below:
- Concatenate the
ClientIdandClientSecret,**ClientId:ClientSecret**; - Encode the result in Base64;
- Send the token creation request using the HTTP POST method.
Example of Concatenation
| FIELDS | FORMAT |
|---|---|
| ClientId | dba3a8db-fa54-40e0-8bab-7bfb9b6f2e2e |
| ClientSecret | D/ilRsfoqHlSUChwAMnlyKdDNd7FMsM7cU/vo02REag= |
| ClientId:ClientSecret | dba3a8db-fa54-40e0-8bab-7bfb9b6f2e2e:D/ilRsfoqHlSUChwAMnlyKdDNd7FMsM7cU/vo02REag= |
| Base64 | ZGJhM2E4ZGItZmE1NC00MGUwLThiYWItN2JmYjliNmYyZTJlOkQvaWxSc2ZvcUhsU1VDaHdBTW5seUtkRE5kN0ZNc003Y1Uvdm8wMlJFYWc9 |
Authentication follows the Basic Authentication standard, so the Authorization field will be filled with the following value:
Basic YjUyMWI2YjItYjliNC00YTMwLTg4MWQtM2I2M2RlY2UwMDA2OjA4UWtqZTc5TndXUng1QmRnTkpzSWtCdUlUdDVjSVZPRequest
| Environment | Method | Endpoint |
|---|---|---|
| Sandbox | post | https://mpisandbox.braspag.com.br/v2/auth/token |
| Produção | post | https://mpi.braspag.com.br/v2/auth/token |
{
"EstablishmentCode": ,
"MerchantName":,
"MCC":
}curl
--request POST "https://mpisandbox.braspag.com.br/v2/auth/token"
--header "Content-Type: application/json"
--header "Authorization: Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
--data-binary
--verbose
{
"EstablishmentCode": ,
"MerchantName": ,
"MCC":
}Body parameters
| Parameter | Description | Type | Size |
|---|---|---|---|
| EstablishmentCode | Acquirer merchant identifier | Numeric | 10 positions |
| MerchantName | Merchant name as registered with the acquirer. | Alphanumeric | up to 25 positions |
| MCC | Merchant Category Code. MCC code registered with the acquirer. | Numeric | 4 positions |
Response
{
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJjbGllbnRfbmFtZSI6IlFBXzNEU19BdXRoZW50aWNhdG9yIiwiY2xpZW50X2lkIjoiZGJhM2E4ZGItZmE1NC00MGUwLThiYWItN2JmYjliNmYyZTJlIiwic2NvcGVzIjoie1wiU2NvcGVcIjpcIjNEU0F1dGhlbnRpY2F0b3JcIixcIkNsYWltc1wiOlt7XCJOYW1lXCI6XCJNZXJjaGFudE5hbWVcIixcIlZhbHVlc1wiOFwiVmFsdWVzXCI6W1wiNTU1NVwiXX0se1wiTmFtZVwiOlwiUmVmZXJlbmNlSWRcIixcIlZhbHVlc1wiOltcImY3MjE1YmQ3LWM0OTQtNGQ5Yi1NzEyfQ.daMqXko3dZOV0TzNFQ2vSsVSKqOsrwuswg7RB82ecAASSSSSSSSSSSSFFFFFFFFFFFFFGGGGGGGGGGGGGGGGGGGGGGGG",
"token_type": "barear",
"expires_in": "86399"
}--header "Content-Type: application/json"
--data-binary
{
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJjbGllbnRfbmFtZSI6IlFBXzNEU19BdXRoZW50aWNhdG9yIiwiY2xpZW50X2lkIjoiZGJhM2E4ZGItZmE1NC00MGUwLThiYWItN2JmYjliNmYyZTJlIiwic2NvcGVzIjoie1wiU2NvcGVcIjpcIjNEU0F1dGhlbnRpY2F0b3JcIixcIkNsYWltc1wiOlt7XCJOYW1lXCI6XCJNZXJjaGFudE5hbWVcIixcIlZhbHVlc1wiOFwiVmFsdWVzXCI6W1wiNTU1NVwiXX0se1wiTmFtZVwiOlwiUmVmZXJlbmNlSWRcIixcIlZhbHVlc1wiOltcImY3MjE1YmQ3LWM0OTQtNGQ5Yi1NzEyfQ.daMqXko3dZOV0TzNFQ2vSsVSKqOsrwuswg7RB82ecAASSSSSSSSSSSSFFFFFFFFFFFFFGGGGGGGGGGGGGGGGGGGGGGGG",
"token_type": "barear",
"expires_in": "2018-07-23T11:29:32"
}| Parameter | Description | Type |
|---|---|---|
| access_token | Token required to continue with authentication | Alphanumeric |
| token_type | Fixed "Bearer" | Alphanumeric |
| expires_in | Token expiration time (seconds) | Numeric |
Theaccess_tokencreated at this step should be parameterized in Class mapping in fieldbpmpi_accesstoken.
Attention
- For each 3DS authentication, it is necessary to obtain and provide a new access token;
- Testing in the sandbox environment via Postman: When performing tests, enter the
ClientIdandClientSecretdirectly in Postman. The tool will automatically encode these credentials in Base64 for authentication.
Updated 8 days ago