Card Payment Notifications

Card payment notifications

When a card payment changes its transaction_status, the system sends a notification to the URL provided by the client informing the update.

The URL that will receive notifications must be configured via the Register/Update Webhook endpoint.

Request

The notification is sent using the POST method and expects an HTTP 200 response.

Below is the JSON structure sent as the request body:

{
  "notification_type": "card_payment",
  "message": {
    "muid": "c9a2f8d1-6d4e-4e83-9b42-8c39bfa12345",
    "rrn": "123456789012",
    "amount": 25990,
    "currency": "BRL",
    "status": "accepted",
    "last_digits": "4821",
    "installments": 3,
    "tracking_number": "TRX-20250930-001",
    "card_holder_name": "Joao Silva",
    "card_holder_email": "joao.silva@example.com",
    "card_holder_document": "123.456.789-00",
    "brand": "VISA",
    "request_token": "tok_7f2b91c3e8ab4a7fa8f39f123456",
    "payment_type": "credit",
    "authorization_code": "AUTH987654",
    "first_digits": "411111",
    "active": true,
    "slug_authorizer": "stone",
    "slug_customer": "customer_001",
    "slug_terminal": "terminal_123",
    "slug_merchant": "merchant_456",
    "sales_channel": "ecommerce",
    "authorizer_merchant_id": "MRC123456",
    "authorizer_terminal_id": "TERM7890",
    "transaction_status": "authorized",
    "product_or_issuer": "Banco XPTO",
    "settlement_management_type": "automatic",
    "transaction_method": "cnp",
    "cancelling": false,
    "created_at": "2025-09-30T17:45:12Z",
    "updated_at": "2025-09-30T17:46:00Z"
  },
  "md5": "679f3ff14b8eadd1e504f2a35c0d8fb3"
}

Note: To generate the MD5 hash for the message, build the string to be encoded in the following format.

STRING

    card_payment.{muid}.{end_to_end}.{rrn}.{amount}.{secret_key}

Where:

card_payment: the word "card_payment" in lowercase
{muid}: unique transaction identifier
{rrn}: Retrieval Reference Number (acquirer/bank reference)
{amount}: value in cents
{secret_key}: client-specific secret key used to generate the hash. It is created by requesting the MD5 Hash for the account.

Build the string below to generate the MD5 hash of the example message above, assuming the client's secret key is the word SECRETKEY:

STRING – Example

    card_payment.7c2cb2e0a9004a8893358b1dd7ae5b1d.999999999999.1000.SECRETKEY

Error Handling

If the response is different from 200, the system will retry for the next 10 minutes, once per minute, until a successful result is obtained.

If the error persists across 10 attempts, the notification will be marked as canceled in the system and our team will get in touch to investigate any integration issues.

Note

Resending notifications after the first failed attempt occurs only in the production environment.

Attribute Description

PARAMETER	TYPE	DESCRIPTION	REQUIRED
`notification_type`	STRING	Indicates the type of transmitted message (25-character limit)	Yes
`message`	OBJECT	Updated CardPayment object, as returned by the Card → Search Payment endpoint	Yes
`md5`	STRING	MD5 hash used to authenticate the notification	No