Skip to main content
CertoPay supports credit card payments for the three most widely issued card brands in Brazil — Visa, Mastercard, Elo, Hipercard, Hiper, American Express, Diners Club, JCB, Aura, Discover. Charges are authorized and captured in a single step, so an approved response with status: CAPTURED means funds are already reserved. You can split payments into up to 12 installments (parcelamento), and for repeat customers or subscription products you can tokenize the card and charge the stored token on future orders without asking the buyer to re-enter their details.

Supported Brands

BrandSingle chargeInstallmentsTokenization
Visa✅ Up to 12×
Mastercard✅ Up to 12×
Elo✅ Up to 12×
Hipercard✅ Up to 12×
Hiper✅ Up to 12×
American Expess✅ Up to 12×
Diners Club✅ Up to 12×
JCB✅ Up to 12×
Aura✅ Up to 12×
Discover✅ Up to 12×

Two Ways to Charge a Card

Send the full card details in the payment request. This is the simplest integration path for one-time purchases.
Your server must handle raw card numbers only over HTTPS. Never log or store card numbers, CVVs, or expiry dates — this is a PCI DSS requirement. For repeat customers, use Option B (tokenization) instead.

Request

POST /api/payment-gateway/process
X-Api-Key: sk_live_sua_chave_aqui
Idempotency-Key: 550e8400-e29b-41d4-a716-446655440003
Content-Type: application/json

{
  "orderId": "uuid-do-pedido",
  "method": "CARD",
  "amount": 29700,
  "installments": 3,
  "cardHolderName": "JOAO DA SILVA",
  "cardNumber": "4111111111111111",
  "cardExpirationMonth": "12",
  "cardExpirationYear": "28",
  "cardSecurityCode": "123",
  "cardBrand": "Visa",
  "buyerDoc": "12345678900",
  "buyerBirthdate": "1990-05-20",
  "buyerCellNumber": "(11) 99999-9999",
  "buyerAddress": {
    "postal_code": "01310930",
    "street": "Avenida Paulista",
    "number": "100",
    "neighborhood": "Bela Vista",
    "city": "São Paulo",
    "state": "SP"
  }
}

Request Fields

orderId
string
required
The unique identifier for the order, obtained from POST /api/orders.
method
string
required
Must be "CARD" to route the charge through the credit card rail.
amount
integer
required
The total charge amount in centavos. Example: R$ 297,00 → 29700.
installments
integer
required
Number of installments. Use 1 for a single charge, or 212 to split the payment. The total amount is divided equally across installments.
cardHolderName
string
required
Cardholder name exactly as printed on the card, in uppercase. Example: "JOAO DA SILVA".
cardNumber
string
required
Full card number, digits only, no spaces or dashes. Example: "4111111111111111".
cardExpirationMonth
string
required
Two-digit expiration month. Example: "12".
cardExpirationYear
string
required
Two-digit expiration year. Example: "28" for 2028.
cardSecurityCode
string
required
Card security code (CVV/CVC) — 3 digits for Visa/Mastercard/Elo. Never store this value.
cardBrand
string
required
Card brand. Accepted values: "Visa", "Mastercard", "Elo".
buyerDoc
string
required
Buyer’s CPF — exactly 11 numeric digits, no punctuation. Example: "12345678900".
buyerBirthdate
string
required
Buyer’s date of birth in YYYY-MM-DD format. Example: "1990-05-20".
buyerCellNumber
string
required
Buyer’s mobile phone number with area code (DDD). Example: "(11) 99999-9999".
buyerAddress
object
required
Buyer’s billing address.

Response

Both Option A and Option B return the same response shape: 
{
  "transactionId": "uuid-da-transacao",
  "status": "CAPTURED",
  "method": "CARD",
  "amount": 29700,
  "installments": 3
}

Response Fields

transactionId
string
CertoPay’s unique identifier for this transaction. Store this for refund requests and dispute resolution.
status
string
The outcome of the charge attempt:
  • CAPTURED — The card was approved and funds have been reserved. Fulfill the order.
  • REFUSED — The card issuer declined the charge. Prompt the buyer to try a different card.
method
string
Echoes back "CARD".
amount
integer
Total charge amount in centavos, as submitted.
installments
integer
Number of installments the charge was split into.

Handling Declined Cards

When a card is declined, the response returns status: REFUSED: 
{
  "transactionId": "uuid-da-transacao",
  "status": "REFUSED",
  "method": "CARD",
  "amount": 29700,
  "installments": 3
}
A REFUSED status means the issuing bank rejected the charge. Do not retry the same card automatically — show the buyer a message and invite them to use a different card or payment method. Repeated automatic retries on a declined card may result in the card being permanently blocked by the issuer.
Common reasons for refusal include insufficient credit limit, security blocks from the issuing bank, or incorrect card details. You should not expose the raw decline reason to the buyer — a generic “cartão recusado” message is sufficient.