Method: POST
URL: https://test-intgapi.efevoopay.com/v1/apiservice
This endpoint is designed to retrieve a client token for authentication purposes. It allows clients to securely obtain a token that can be used for subsequent API requests.
\nThe request body must be in JSON format and contain the following parameters:
\npayload (object): Contains the details required for generating the client token.
\nhash (string): Unique value calculated using HMAC-SHA256 from the TOTP code and the provided key, used to verify the request.
\ncliente (string): Identifier of the client requesting the token, assigned by the IT team.
\nmethod (string): Specifies the action to be performed. For this request, the value should be \"getClientToken\".
The IT team will provide the client with the following data:
\n\"secret\": \"D7JWCMSYRIMOOC7PO6I4VGD4EXKPOAOM\" //Used to generate the TOTP key via an authenticator app or code.
\n\"cliente\": \"postmanTest\" //Client identifier
\n\"clave\": \"ZXgHZQuYKnm4qSAx\" //Used to generate the hash
\n\"vector\": \"t3risf7JCa1hch2Z\" //Used to tokenize transaction, query, and related dat
\nExample code to generate a hash:
\nclass Program\n{\n static void Main()\n {\n string key = \"totp\"; // Generated by an authentication app using the secret provided by IT or generated by code\n string message = \"clave\"; // Key provided by IT\n string hashBase64 = ComputeHmacSha256Base64(key, message);\n Console.WriteLine(\"Hash Base64: \" + hashBase64);\n }\n static string ComputeHmacSha256Base64(string key, string message)\n {\n byte[] keyBytes = Encoding.UTF8.GetBytes(key);\n byte[] dataBytes = Encoding.UTF8.GetBytes(message);\n using var hmac = new HMACSHA256(keyBytes);\n byte[] hash = hmac.ComputeHash(dataBytes);\n return Convert.ToBase64String(hash);\n }\n}\n//TOTP generated by code\nvar secretBytes = Base32Encoding.ToBytes(secret); // The secret is provided by IT\nvar totp = new Totp(secretBytes, step: 30, totpSize: 6);\nstring code = totp.ComputeTotp();\nConsole.WriteLine($\"\\nTOTP calculado automáticamente (válido ~30s): {code}\");\n\n//Node.js\nimport crypto from \"crypto\";\nconst key = \"totp\"; // Generated by an authentication app using the secret provided by IT or generated by code\nconst message = \"clave\"; // Key provided by IT\nconst hmac = crypto.createHmac(\"sha256\", key);\nhmac.update(message);\nconst hashBase64 = hmac.digest(\"base64\");\nconsole.log(\"Hash Base64:\", hashBase64);\n\n{\n \"payload\": {\n \"hash\": \"cx3wr!$XE1dq5aweRDxdseafdEFESf...\",\n \"cliente\": \"clientePrueba.com\"\n },\n \"method\": \"getClientToken\"\n}\n\nhash and cliente values are correctly provided to avoid authentication errors.Method: POST
URL: https://test-intgapi.efevoopay.com/v1/apiservice
This endpoint is used to tokenize payment cards. A payment request is made, and if the transaction is approved, the card is successfully tokenized and the token is returned in the response. If the payment is not approved, the card is not tokenized.
\nThe request body must be formatted as JSON and include the following parameters:
\npayload: An object that contains the necessary data for tokenization.
\ntoken (string): The token generated in the “TokenCliente” endpoint. It serves as a unique identifier for the client.
\nencrypt (string): An encrypted payload generated with AES using a predefined key (clave) and initialization vector provided by Efevoo that include:
\ntrack2 (string): The card track data, which contains the card number and expiration date.
\namount (string): The transaction amount to be charged.
\nEj. {
\"track2\":\"1234567891234567=YYMM\",
\"amount\": \"1.11\"
}
method (string): Indicates the operation to execute. For tokenization requests, it must be set to \"getTokenize\".
\nExample code to generate a encrypt:
\nclass Program\n{\n static void Main()\n {\n // JSON a encriptar\n var data = new\n {\n track2 = \"1234567896587458=3005\",\n amount = \"1.00\"\n };\n string jsonData = JsonConvert.SerializeObject(data);\n // Clave y vector proporcionados por IT\n string keyBase64 = \"CLAVE\";\n string vectorBase64 = \"VECTOR\";\n byte[] keyBytes = Encoding.UTF8.GetBytes(keyBase64);\n byte[] ivBytes = Encoding.UTF8.GetBytes(vectorBase64);\n string encryptedBase64 = EncryptAes128(jsonData, keyBytes, ivBytes);\n static string EncryptAes128(string plainText, byte[] key, byte[] iv)\n {\n using var aes = Aes.Create();\n aes.KeySize = 128;\n aes.BlockSize = 128;\n aes.Mode = CipherMode.CBC;\n aes.Padding = PaddingMode.PKCS7;\n aes.Key = key;\n aes.IV = iv;\n using var encryptor = aes.CreateEncryptor();\n byte[] plainBytes = Encoding.UTF8.GetBytes(plainText);\n byte[] encryptedBytes = encryptor.TransformFinalBlock(plainBytes, 0, plainBytes.Length);\n return Convert.ToBase64String(encryptedBytes);\n }\n}\n\nEnsure that the token value are valid and correctly formatted to avoid authentication errors.
Ensure that the request is properly formatted and that all required parameters are included to avoid errors in the response.
\nMethod: POST
URL: https://test-intgapi.efevoopay.com/v1/apiservice
This endpoint is designed to facilitate interaction with the payment service by allowing clients to retrieve payment information. The request requires a payload that specifies the method to be executed and includes necessary authentication details.
\nThe request body must be sent in JSON format and should contain the following parameters:
\npayload: An object that includes:
\ntoken (string): The token generated in the “TokenCliente” endpoint. It serves as a unique identifier for the client.
\nencrypt (string): An encrypted payload generated with AES using a predefined key (clave) and initialization vector provided by Efevoo. The payload must include the following fields:
\ntrack2 (string): The card track data, which contains the card number and expiration date, or the encrypted card token.
\namount (string): The transaction amount to be charged.
\ncvv (string): The security code of the payment card. If the encrypted card token is sent in the \"track2\" field, this parameter must be left empty.
\ncav (string): A unic alphanumeric value (uppercase and lowercase letters allowed, no special characters), minimum length of 8 and maximum length of 20.
\nmsi (integer): Installment payments. Use 0 if not applicable, or one of 3, 6, 9, 12, 18 depending on the number of months without interest.
\ncontrato (string): Contract identifier for recurring payments. Must be alphanumeric with no special characters, minimum length of 5 and maximum of 16. NOTE: Send empty if it is not a recurring payment
\nfiid_comercio (string): Merchant FIID code.
\nreferencia (string): Merchant name associated with the transaction.
\nmethod (string): The method to be executed; in this case, it should be set to \"getPayment\" to retrieve payment details.
{
\"track2\":\"1234567812345678=YYMM\",
\"amount\":\"1.00\",
\"cvv\":\"123\",
\"cav\":\"MNFJJS21\",
\"msi\": 6,
\"contrato\": \"DK2DD45SS2\",
'fiid_comercio':'123456',
'referencia':'comercio_x'
}
Example code to generate a encrypt:
\nclass Program\n{\n static void Main()\n {\n // JSON to encrypt\n var data = new\n {\n track2 = \"1234567896587458=3005\",\n amount = \"1.00\",\n cvv = \"123\",\n cav = \"R4aDeudtgY\",\n msi = 0,\n contrato = \"contrato\",\n fiid_comercio = \"\"\n };\n string jsonData = JsonConvert.SerializeObject(data);\n // CLAVE and VECTOR provided by IT\n string keyBase64 = \"CLAVE\";\n string vectorBase64 = \"VECTOR\";\n byte[] keyBytes = Encoding.UTF8.GetBytes(keyBase64);\n byte[] ivBytes = Encoding.UTF8.GetBytes(vectorBase64);\n string encryptedBase64 = EncryptAes128(jsonData, keyBytes, ivBytes);\n static string EncryptAes128(string plainText, byte[] key, byte[] iv)\n {\n using var aes = Aes.Create();\n aes.KeySize = 128;\n aes.BlockSize = 128;\n aes.Mode = CipherMode.CBC;\n aes.Padding = PaddingMode.PKCS7;\n aes.Key = key;\n aes.IV = iv;\n using var encryptor = aes.CreateEncryptor();\n byte[] plainBytes = Encoding.UTF8.GetBytes(plainText);\n byte[] encryptedBytes = encryptor.TransformFinalBlock(plainBytes, 0, plainBytes.Length);\n return Convert.ToBase64String(encryptedBytes);\n }\n}\n\n{\n \"payload\": {\n \"token\": \"djREWTB4ZVVFMW5kazZ0VFdMSm5Uam ...\",\n \"encrypt\": \"ba4LKZxPEeVgeSOvSxfsg2dly90iez ...\"\n },\n \"method\": \"getPayment\"\n}\n\nThe response will typically contain the results of the payment retrieval operation. The structure of the response will vary depending on the success or failure of the request. A successful response will include payment details, while an error response will provide relevant error codes and messages.
\nEnsure that the token value are valid and correctly formatted to avoid authentication errors.
Ensure that the request is properly formatted and that all required parameters are included to avoid errors in the response.
\nMethod: POST
URL: https://test-intgapi.efevoopay.com/v1/apiservice
This endpoint is designed to facilitate interaction with the payment service by allowing clients to retrieve payment information. The request requires a payload that specifies the method to be executed and includes necessary authentication details.
\nThe request body must be sent in JSON format and should contain the following parameters:
\npayload: An object that includes:
\ntoken (string): The token generated in the “TokenCliente” endpoint. It serves as a unique identifier for the client.
\nencrypt (string): An encrypted payload generated with AES using a predefined key (clave) and initialization vector provided by Efevoo. The payload must include the following fields:
\ntpv(string) : tpv(string): Terminal model (maximum 20 characters)
\ndeviceid (string): POS serial number (maximum 20 characters).
\nemv (string): Card tracking data generated by the POS kernel.
\namount (string): Transaction amount to be charged (value with 2 decimal places e.g. [350.00]).
\nnip (integer): If the cardholder entered the PIN at the terminal [1] or their payment was continuously approved [0].
\nmsi (integer): Installment payments. Use 0 if not applicable, or one of the following: 3, 6, 9, 12, or 18, depending on the number of interest-free months.
\nemisor(string): Financial institution of the card.
\ntipotxn(string): specification if it was a standard sale [VN] or interest-free months [MSI].
\npropina(string): amount given to the establishment for the service (value with 2 decimal places e.g. [75.00]) otherwise e.g. [0.00].
\nredtarj(string): card brand (Visa, Mastercard, Amex).
\ntipotarj(string): Card type (credit, debit).
\ntime_txn(string): transaction time (24-hour format [hh:mm:ss(14:25:10)]
\nentrada (string): entrada de una terminal de pago usando una tarjeta bancaria[Chip(ICC),Contactless(NFC),Banda magnética(MCR)]
\nmethod (string): The method to be executed; in this case, it should be set to \"getPaymentPOS\" to retrieve payment details.
{
\"tpv\":\"D60Android smart POS\",
\"deviceid\":\"1004PP35272204003250\",
\"emv\":\"4F07A00000000....15200000000\",
\"amount\":\"25.50\",
\"nip\":1,
\"msi\":0,
\"emisor\":\"NU MEXICO FINANCIERA\",
\"tipotxn\":\"VN\",
\"propina\":\"0.00\",
\"redtarj\":\"MC\",
\"tipotarj\":\"Débito\",
\"time_txn\":\"121702\",
\"entrada\":\"ICC\"
}
Example Request Body
\n{\n \"payload\": {\n \"token\": \"djREWTB4ZVVFMW5kazZ0VFdMSm5Uam ...\",\n \"encrypt\": \"ba4LKZxPEeVgeSOvSxfsg2dly90iez ...\"\n },\n \"method\": \"getPayment\"\n}\n\nThe response will typically contain the results of the payment retrieval operation. The structure of the response will vary depending on the success or failure of the request. A successful response will include payment details, while an error response will provide relevant error codes and messages.
\nEnsure that the token value are valid and correctly formatted to avoid authentication errors.
Ensure that the request is properly formatted and that all required parameters are included to avoid errors in the response.
\nThis Call is used to send a payment using 3DS if possible. It returns an URL, a token and the order id. You must show this in an IFrame to the client.
\nNote: If url_3dsecure and token_3dsecure are empty (\"\"), proceed to GetStatus Call.
\nEncryption:
\nYou must encrypt the body using AES-CBC using your key and vector.
\n{\n \"track\":\"5123000011112222\",\n \"cvv\":\"111\",\n \"exp\":\"11/11\",\n \"fiid_comercio\":\"123678\",\n \"msi\":0,\n \"amount\":\"1.00\",\n \"browser\":{\n \"browserAcceptHeader\": \"application/json\",\n \"browserJavaEnabled\": false,\n \"browserJavaScriptEnabled\": true,\n \"browserLanguage\": \"es-419\",\n \"browserTZ\": \"360\",\n \"browserUserAgent\": \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36\"\n }\n}\n\nIFrame Example:
\n<iframe style=\"height: 100vh; width: 100vw;\" srcdoc=\"<form id='subscription-form' action='{url_3dsecure}' method='POST'>\n id='creq'\n name='creq'\n value='{token_3dsecure}'\n />\n </form>\n <script>\n const form = document.getElementById('subscription-form');\n form.submit();\n </script>\n \">\n</iframe>\n\nThis call is used to request the status of a 3ds payment, must be used after GetLink.
\nEncryption:
\nYou must encrypt the body using AES-CBC using your key and vector.
\n{\n \"track\":\"5123000011112222\",\n \"cvv\":\"111\",\n \"exp\":\"11/11\",\n \"order_id\":290\n}\n\nMethod: POST
URL: https://test-intgapi.efevoopay.com/v1/apiservice
This endpoint is used to retrieve transaction data based on specified parameters. The request must include a payload containing the necessary details to process the transaction query.
\nThe request body should be in JSON format and must include the following parameters:
\npayload (object): Contains the details for the transaction request.
\ntoken (string): The token generated in the “TokenCliente” endpoint. It serves as a unique identifier for the client.
\nid (integer): An identifier for the transaction request, used when searching for a specific transaction.
\nrange1 (string): The start date and time for the transaction range in the formatYYYY-MM-DD HH:MM:SS,used when searching within a specific time period.
range2 (string): The end date and time for the transaction range in the format YYYY-MM-DD HH:MM:SS, used when searching within a specific time period.
method (string): Specifies the action to be performed. In this case, it should be set to \"getTransactions\".
The response will contain the transaction data based on the specified date range or ID.
\nEnsure that the token values are valid and correctly formatted to avoid authentication errors.
Ensure that the request is properly formatted and that all required parameters are included to avoid errors in the response.
\nThe date range specified by rango1 and rango2 must be logical (i.e., range1 should be earlier than range2).
Method: POST
URL: https://test-intgapi.efevoopay.com/v1/apiservice
This endpoint is used to interact with the API service, allowing clients to perform various operations based on the specified method. In this case, the method being invoked is getRefund, which is intended to retrieve refund details.
The request body must be formatted as JSON and includes the following parameters:
\npayload: An object that contains the following keys:
\ntoken (string): The token generated in the “TokenCliente” endpoint. It serves as a unique identifier for the client.
\nid (integer): An identifier for the transaction request, used when searching for a specific transaction.
\nmethod (string): Specifies the action to be performed. In this case, it should be set to \"getRefund\".
The response from this endpoint will typically include details regarding the refund status and any associated information. The exact structure of the response will depend on the implementation but will generally confirm the success or failure of the refund retrieval operation.
\nEnsure that the token values are valid and correctly formatted to avoid authentication errors.
The response may vary based on the state of the refund and the parameters provided in the request.
\nThis endpoint is designed for secure communication; ensure that sensitive information is handled appropriately.
\n