Cardholder Registration

The programming interface referring to the Cardholder Registration is primarily composed of queries that return the `CardHolder` type and from these consult the field as name, documents, addresses, contacts and other information.

Feito para:  MerchantsIssuersAcquirersPayment Service ProvidersOther Developers

First steps

  1. Read Introduction to GraphQL, with real examples of our API.

  2. Create a user in the developer portal.

  3. Register your first application.

  4. Use the dashboard to access your access settings.

  5. To quickly explore the APIs here on the documentation page, use the GraphQL console in the References section. In it, you can view the sample queries, run them, and change them.

Getting Started on the Elo Developer Platform

Jaydson GomesDeveloper

The cardholder is a 'user' of the system which owns cards. This user is called CardHolder and manages Cards and Wallets. A CardHolder can register, consult, edit and delete their cards, as well as associate their cards with their wallets. This can be an individual, who owns cards, or legal entity that owns corporate cards.

query {
    user {
        id
        username
        cardHolders {
            companyName, 
            companyLegalName, 
            cards { 
                edges { 
                    node { 
                        transactions(filter: { 
                            startTimestamp: "2017-11-21T00:00:00Z", 
                            endTimestamp: "2017-12-30T00:00:00Z",
                            includeMerchantCategories: [{ min: 1,max: 3 }, { min: 4, max: 10 }], 
                            excludeMerchantCategories: [{ min: 10, max: 10 }], 
                            status: APPROVED
                        }) 
                        {
                            pageInfo { hasPreviousPage },
                            edges { 
                                cursor, 
                                node { 
                                    id, 
                                    bin { 
                                        number, 
                                        isInternational, 
                                        product { 
                                            id, 
                                            name
                                        }, 
                                        country
                                    }, 
                                    status, 
                                    capture { id, name }, 
                                    currency, 
                                    value, 
                                    installments
                                }
                            }
                        }
                    }
                }
            }
        }
    }
}

This section is intended to detail some processes and to bring step-by-step integration with items of the ELO Cardholder Registration API.

All requests made to the ELO API must use the HTTPS protocol and should have in their headers the data needed to access the service. They are:

  • client_id: Identifier generated when the developer creates an application in the portal and can be found in the application dashboard settings.

  • Authorization or access_token: Here is an important point that should get enough attention from the developer. While the user has not logged in to the API it is mandatory to send the Authorization. After login the developer should send only the obtained access_token.

Authorization

The Authorization can be obtained by concatenating the "Basic " text to the Base64 encoding result of the client_id and client_secret fields concatenated with :.

Here is an example of a pseudo-code to generate the Authorization:

var authorization = "Basic " + base64(client_id + ":" + client_secret);

and the following is an example of Authorization already defined in the request header:

Authorization : Basic ZjkyMTIxNzMtZTcwNS0zNzNiLWE2OTgtNjE5MjNlMzc4MzU5OjAyYWI1Mjg4LTkyZGItM2FiMy05OWZkLWZhYzRhZjg1N2Q4MQ==

To start the journey within the Elo APIs platform, a user must be created. For this process the developer should use the createUser function provided by the API. This function can be used in two ways:

  • The user will use the username and password as a form of authentication.

  • The user will use a social network supported by the ELO platform as a form of authentication.

The following is an overview of this process.

User creation flow

fluxoCreateUser

An example of using the createUser function using the username and password as authentication is shown below.

Request body example:

mutation{
  createUser(input:{
    clientMutationId: "123",
    username: "username",
    bcryptPassword: "$2a$12$oumE.pnRbsdi.c4KYsyNWOJoVyfi2jMKDe102Er5uGCdzd49SvE1Y",
    name: "name",
    firstName: "firstName",
    lastName: "lastName",
        contacts: [{
            type: PHONE
            context: "HOME"
            value: "+5519912345678"
        }]
    displayName: "displayName",
    legalIds:{
      cpf: "1234567890",
      rg:{
        number: "234567890",
        issuerOrganization: "SSP",
        issuerState: "SP",
        issueDate: "2020-12-03"
      }
    }
  })
  {
    clientMutationId,
    id,
    name
  }
}

API Response example:

{
   "data": {
        "createUser": {
            "id": "89bd51d6-8eaf-31a5-bd2c-1fve81d17db4",
            "name": "name"
        }
   }
}

In the example above the id field is the access_token that should be used in case the user makes any requests to an API resource. In this scenario it is not necessary for the user to login after creation because it has already been implicitly done by the createUser function and the access token can be used until it expires.

An example of using the createUser function using a social network is shown below.

Request body example:

mutation{
  createUser(input:{
    clientMutationId: "123",
    username: "username",
    socialNetwork:{
      provider: "FACEBOOK",
      username: "usernameFacebook@gmail.com"
    },
    oauth:{
      accessToken: "EAACEdEose0cBAPZAVQLY5qPqEfqPPPviCy5NYbYBX7zLndQWDiUZBOBMC5Ry...",
      refreshToken: "",
      scopes: "email",
      expiryTimestamp: "2018-03-01T00:00:00Z"
    },
    name: "name",
    firstName: "firstName",
    lastName: "lastName",
    displayName: "displayName",
    legalIds:{
      cpf: "1234567890",
      rg:{
        number: "234567890",
        issuerOrganization: "SSP",
        issuerState: "SP",
        issueDate: "2020-12-03"
      }
    }
  })
  {
    clientMutationId,
    id,
    name
  }
}

The response of user creation using a social network is the same as in the previous example.

Types of users

After creation, a specific user can assume 3 distinct types in the Elo platform, being:

  • Card Holder: A user holding one or more Elo cards;

  • Card Issuer: A user that issues Elo cards;

  • Merchant: A commercial establishment that carries out transactions with Elo cards;

Each type has its way of being associated, with information pertinent to each one. A user can only have one type associated at the same time, so if a user is associated with a CardHolder and tries to associate with a Merchant an error will be returned. In this case, it is necessary to remove the user's CardHolder membership and only then to associate with the new type.

To associate a CardHolder with the user just use the function createCardHolderForUser, the mutation below is an example of its use. For security purposes the userId field does not refer to the actual user id', but to youraccess_token`.

Request body example:

mutation{
    createCardHolderForUser(input:{
        clientMutationId: "123",
        userId: "33744898-9844-4864-a0ca-046d50fdaf15",
        companyName: "companyName",
        companyLegalName: "companyLegalName",
        companylegalIds: {
            cnpj: "1234567890"
        }
    })
    {
        clientMutationId,
        user{
            id,
            verified,
            name,
            displayName
        },
        cardHolder{
            id,
            name,
            companyName,
            companyLegalName
        }
    }
}

In this example we are creating the CardHolder and associating it with the user identified by the access_token, which is reflected in the userId field. The data returned after the creation and association of CardHolder to the user, will be the ones that were defined at the bottom of the mutation.

To associate a CardIssuer with the user just use the addCardIssuerToUser function, then we have the call for this mutation as an example of use. For security purposes the userId field does not refer to the user's actual id, but to the user's access_token.

Request body example:

mutation{
    addCardIssuerToUser(input:{
        clientMutationId: "123",
        userId: "97c7fb10-174c-4e23-8feb-926d1d23a035",
        cardIssuerId: "1b253372-8215-4567-a54d-4fa78dadf0f6"
    })
    {
        clientMutationId,
        user{
            id,
            verified,
            name,
            displayName
        },
        cardIssuer{
            id,
            name,
            legalName
        }
    }
}

In this example we are associating a CardIssuer with the user identified by the access_token, which is reflected in the userId field. The data returned after the association of CardIssuer to the user, will be those that were defined at the bottom of the mutation.

To associate a Mechant with the user just use the function addMerchantToUser, the following is an example of its use. For security purposes the userId field does not refer to the user's actual id, but to the user's access_token.

Request body example:

mutation{
    addMerchantToUser(input:{
        clientMutationId: "123",
        userId: "14991673-f5b9-43b8-8cb3-8da353b9b70c",
        merchantId: "b86eb0ef-0c21-4ea5-b407-9f113a229190"
    })
    {
        clientMutationId,
        user{
            id,
            verified,
            name,
            displayName
        },
        merchant{
            id,
            name,
            legalName
        }
    }
}

In this example we are associating a Merchant with the user identified by the access_token, which is reflected in the userId field. The data returned after the Merchant association to the user will be the ones that were defined at the bottom of the mutation.

Other Interactions

To consult a user data, just use a user query, as in the example below.

query {
   user(id: "70fa9e70-1b41-3f68-8df9-b207d76929f6") {
        id,
        username
        cardHolders{
            id
            name
            companyName
        }
    }
}

To update a user just use the function updateUser, the following is an example of its use. For security purposes, the id field does not refer to the user's real id, but to the user's access_token.

mutation {  
    updateUser(input:{
        id: "0c9cd95a-365e-40d3-89c2-63c35340a0fa",
        firstName: "firstName changed"
    }) {
        user{
            id
            firstName
        }
    }
}

In this example we are updating the user's firstName, but other attributes can also be updated.

To delete a user just use the function deleteUser, the following is an example of its use. For security purposes the userId field does not refer to the user’s real id, but to the user’s access_token.

mutation {  
    deleteUser(input:{
        userId: "e29e5d4b-c5f6-45c9-90e0-26b21fed43f9"
    }) {
        userId
        username
        displayName
    }
}

In this example we are deleting the user with the informed identification in the userId field.

The bcryptPassword field present in the user registry refers to the user's sensitive access data to the API. This data is the encrypted user name and password using the algorithm known as bcrypt. This is done to not store the passwords in the system. The steps for using this algorithm with the parameters requested by the ELO API are described below:

1st Step: Generate a salt from the user name:

  • Apply the SHA256 algorithm to the user name and reserve the first 16 characters.

  • Apply the Base64 encoding on the result of the previous item using the custom alphabet of the bcrypt algorithm. The alphabet used by bcrypt uses "." instead of "+" and start with "./". See below:

    ./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789

  • Concatenate the result of the previous item with the text "$2a$12". Example of result:

    $2a$12$N9qo8uLOickgx2ZMRZoMye

2nd Step: Apply the bcrypt algorithm using the user's password and the salt generated in the first step:

  • Apply the SHA256 algorithm to the user password.

  • Apply Base64 encoding on the result of the previous item.

  • Apply the bcrypt algorithm using the result of the previous item and the salt generated in the first step.

NOTE: The cost used by the bcrypt algorithm must be equal to 12.

O usuário pode complementar seu cadastro com suas informações de contato. Atualmente, é possível adicionar um contato para cada um dos tipos a seguir: EMAIL, PHONE e IM. Caso o usuário precise adicionar mais contatos, ele pode cadastrá-los utilizando o contato do tipo OTHER que não possui restrição de quantidade.

The contacts entered for the user during the registration remain with status UNVERIFIED until they are confirmed through a system-generated verificationCode. Here are the steps for verificationCode request and contact confirmation:

1st Step: Perform a contact verification request:

mutation{
  requestContactVerification(input:{
    clientMutationId: "123",
    userId: "",
    type: EMAIL,
    value: "email@provider.com"
  }) {
    clientMutationId
    user{
      id
      verified
      username
      name
      contacts{
        type
        value
        verified
      }
    }
    contact{
      type
      value
      verified
    }
  }
}

API response example:

{
  "data": {
    "requestContactVerification": {
      "clientMutationId": "123",
      "user": {
        "id": "fb9444fb-b9df-3cdd-a83e-808e0ce4b938",
        "verified": "UNVERIFIED",
        "username": "user1",
        "name": "User Name",
        "contacts": [
          {
            "type": "EMAIL",
            "value": "email@provider.com",
            "verified": "PENDING"
          }
        ]
      },
      "contact": {
        "type": "EMAIL",
        "value": "email@provider.com",
        "verified": "PENDING"
      }
    }
  }
}

After this step, the verification status of the contact changes to PENDING and the user will receive a verificationCode on the contact that is to be used in the next step.

2nd Step: Finalizing contact confirmation:

mutation{
  contactVerification(input:{
    clientMutationId: "456",
    userId: "",
    type: EMAIL,
    value: "email@provider.com",
    verificationCode: "5QI057"
  })
  {
    clientMutationId
    user{
      id
      verified
      username
      name
      contacts{
        type
        value
        verified
      }
    }
    contact{
      type
      value
      verified
    }    
  }
}

API response example:

{
  "data": {
    "contactVerification": {
      "clientMutationId": "456",
      "user": {
        "id": "fb9444fb-b9df-3cdd-a83e-808e0ce4b938",
        "verified": "VERIFIED",
        "username": "user1",
        "name": "User name",
        "contacts": {
          {
            "type": "EMAIL",
            "value": "email@provider.com",
            "verified": "VERIFIED"
          }
        ]
      },
      "contact": {
        "type": "EMAIL",
        "value": "email@provider.com",
        "verified": "VERIFIED"
      }
    }
  }
}

Upon receiving the successful response, the contact has its verification status changed to VERIFIED. In this way, we can guarantee that the user's contact is a valid contact.

To access the Elo APIs, the user must have a valid access_token and for this he must log in to the platform. The login process can be done in two ways: using a username and password via createLoginSalt or using a social network via socialNetworkOAuthLogin.

See the figure below the two examples:

login

If the user wants to use the username and password, he must first use the createLoginSalt request. This function returns a salt that must be used to generate the challenge that will be sent in the login process (More details on how to get the challenge will be described later). An example of this request can be seen below.

Request body example:

mutation {
    createLoginSalt(input:{
        username: "UserNameToLogin"
    }) 
    {
        username, 
        salt
    }
}

API Response example:

{
  "data": {
    "createLoginSalt": {
      "username": "UserNameToLogin",
      "salt": "$2a$05$J/dgZmXIN23mEZtvkxDYeO"
    }
  }
}

For the next steps is necessary to make use of the login request. This request is required to give the user access to the other API requests. In this way, the access_token that uniquely identifies the user is made available on the return of this request.

Request body example:

mutation {
    login(input:{
        clientMutationId: "0123456789",
        username: "UserNameToLogin",
        challenge:"$2a$05$J/dgZmXIN23mEZtvkxDYeOtRsNEY4xMU9HHkcBVMpiUlFSFBuhtxy"
    }) 
    {
        clientMutationId,
        accessToken
    }
}

API Response example:

{
   "data": {
       "login": {
           "clientMutationId": "0123456789",
           "accessToken": "b64a0e34-24c5-39eb-b457-0c7331d176f0"
       }
   }
}

If the user wants to use a social network to authenticate himself in the Elo API he should make use of the socialNetworkOAuthLogin request. As in the stream described above, the access_token that uniquely identifies the user is also available on the return of the function.

Request body example:

mutation {
    socialNetworkOAuthLogin(input:{ 
        clientMutationId: "0123456789", 
        provider: "FACEBOOK", 
        username: "user.name@gmail.com",  
        accessToken:"AAECEdEose0cBANynsVcZChZBxB3ysAuxDeZC3ZB4eIzkUKJnvoaTO1Vf4gyj8sl9bFFNPlnGU0Qsnh2fys7gcymWE7lKL64ygGLCJAtgyJtNq4YSGBkdDZBcgnAGZBKaGiI6emZCap8WJYO8ex06ZAZB75IdWnDtPoGCF8yPQnW4JZALHgeL1A1o6ZC5nz5uLD2lnVoUpkxAr1CNQABCD"
    }) 
    {
        clientMutationId,
        accessToken
    }
}

API Response example:

{
    "data": {
        "login": {
            "clientMutationId": "0123456789",
            "accessToken": "120faef6-5f31-3e74-afb2-864151c52880"
        }
    }
}

The challenge field present in the user login refers to the result of the login(challenge). It is a hash using the bcrypt algorithm with salt (provided by createLoginSalt) and content being the bcryptPassword (specified in User).

The steps are the same as the bcryptPassword generation on user creation), but with two more steps.

After generating the bcryptPassword:

  • Generate a salt from the createLoginSalt function.

  • Apply the bcrypt algorithm using the bcryptPassword and the salt generated in the previous item.

NOTE: The final result must be in the standard format, with prefix, cost, salt and finally the value computed in Base64, totaling 60 characters.

challenge example: $2a$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy.

Através da mutation refreshAccessToken, é possível realizar o fluxo de Atualização do accessToken. Esse fluxo consiste no envio para a API do refreshToken que, após validar junto com o Authorization enviado no header da requisição, retornará um novo accessToken, e um novo refreshToken, como exemplificado a seguir:

mutation {
  refreshAccessToken(input: {
    clientMutationId: "860e72f2-d58f-4bee-ad3a-532085f6f3eb",
    refreshToken: "ccc0fba7-fa8d-3e85-a19e-2dc725bbb33d"
  }) {
    clientMutationId,
    oauthToken{
      accessToken,
      refreshToken
    }
  }
}

Exemplo da resposta da API:

{
  "data": {
    "refreshAccessToken": {
      "clientMutationId": "860e72f2-d58f-4bee-ad3a-532085f6f3eb",
      "oauthToken": {
        "accessToken": "ffd2b5cf-be8b-3a8a-802d-41983dea5872",
        "refreshToken": "88803449-7c41-3c3f-adb2-3b32ef1a85ff"
      }
    }
  }
}

Atenção! Após a chamada desta mutation, o accessToken e o refreshToken enviados na requisição serão revogados - passando a valer apenas os tokens do retorno da mutation.

If a user does not remember their password and needs to reset, there is a Password Reset that can be made. The first step is to request a password reset. This is done through the mutation requestPasswordReset:

mutation {
    requestPasswordReset(input: {
        clientMutationId: "123456",
        legalId: {
            cpf: "12345678900"
        },
        email: "your.email@provider.com"
    }) {
        clientMutationId
        maskedEmail
    }
}

This mutation can be accomplished by sending the email field or the phone field, but never both. They also need to be the same contacts sent at the registration.

After this, an email or an SMS will be sent to the specified contact, with a token that will be used to reset the password, , through the mutation passwordReset:

mutation {
    passwordReset(input: {
        clientMutationId: "1234567",
        legalId: {
            cpf: "12345678900"
        },
        email: "your.email@provider.com",
        bcryptPassword: "$2a$12$yOCCL/0cbkvc5Lj/.EfnKeHm3oBPq28rGYbs8ayG8tbRYw4qtXflW",
        token: "C68M59"
    }) {
        clientMutationId
        user {
            id
            verified
            username
            name
            firstName
        }
    }
}

The bcryptPassword sent in this mutation must be generated with the same username as the registered user and the new password. To know how to generate this field, see the section BcryptPassword.

To create a card, you must use the createCard function. This request is responsible for creating a new card associated with the user who created it. In order to use this function, the user must be a CardHolder. Below is an overview of the process of creating a card.

createCard fluxo1

An example of using the createCard can be seen below.

mutation {
    createCard(input: {
        clientMutationId: "123",             
        sensitive:"eyJhbGciOiJFQ0RILUVTIiwiZW5jIjoiQTEyOENCQy1IUzI1NiIsImVway...",
        holderId: "9e5d64e4-409f-4900-b3b6-28319950fe5b",
        billingAddress: {
            context: "Home",
            number: 123,
            country: "BRA",
            city: "Campinas",
            state: "São Paulo",
            zip: "1234",
            place: "via"
        }
    })
    {
        clientMutationId,
        card {
            id,
            last4,
            billingAddress{
            context,
            country,
            city
            }
        }
    }
}

Supporting the creation of the card will be returned the data requested by the user at the bottom of the mutation.

The sensitive field is the sensitive content (Card Number, Cardholder Name, Expiration, etc.) generated from a signature and encryption process, whose payload was signed from the use of a user's private key and the encryption of this content making use of a public key of the server. More details of this field in the [Sensitive] section(#cadastro-portado-ou-cartao-ou-sensitive).

The holderId field is the id of the CardHolder that was associated with the user. So, it's not the user's id (access_token), but the CardHolder associated with it.

Other interactions

To query cards using filters, use the query cards, below is an example of use.

query {  
    cards(filter:{
        status:ACTIVE
    }) {
        edges{
            node{
                id
                last4
                expiry{
                    month
                    year
                }
            }
        }
    }
}

In this example we are looking for all active cards. Other filters can be applied for this query, as well as other returns can be requested.

To query card by unique global identifier node query is used. Here is an example of usage.

query {  
    node(id: "b63dcf70-08ae-423f-9459-db580b3d6e95") {
        ... on Card {
            id
            last4
            status {
                status
            }
            bin {
                number
            }
        }
    }
}

In this example we are requesting a nodequery where the unique global identifier refers to a card. Other return information can be requested on this request.

You can also list the cards by the user query, as in the example below.

query {  
    user {
        cardHolders{
            cards{
                edges{
                    node{
                        id
                        last4
                        expiry{
                            month
                            year
                        }
                    }
                }
            }
        }
    }
}

In this request we are listing the cardholder cards using the user query. Further information may be requested upon return of this query.

To update a card, the updateCard function is used. Here is an example of usage.

mutation {
    updateCard(input:{
        holderId: "d6f9605c-8da9-484a-bdb4-3e483db232ee",
        billingAddress:{
            country: "country changed",
            city: "city changed",
            state: "SP changed",
            number: 32,
            place: "place changed"
        }
        status:SUSPENDED
    }) {
        card {
            id
            last4
            expiry{
                month
                year
            }
        }
    }
}

In this example we are updating some information on the card's billing address and its status. The card is identified by the holderId field. Other information can be updated beyond address and status.

To delete a card, deleteCard funcition is used. Here is an example of usage.

mutation {
    deleteCard(input:{
        cardId: "c049ac20-084b-46f1-ac03-817e855b5811"
    }) {
        cardId
        last4
        bin {
            number
        }
    }
}

In this example we are deleting the card identified by the cardId field, and requesting some information from it.

In the card register the sensitive field refers to the sensitive data of a card (card number, verification code, validity etc). This data will be signed and encrypted by an encryption process to ensure its security.

The first step in generating this field is to have the data in JSON format as described below:

  • pan: Primary Account Number, also known as "card number" physical. Exemplo: "1234567890123456".

  • expiry: Expiration date, i.e. when it expires. . It is an object composed of the month and year keys described below. Example: {"month": 2, "year": 2020}.

    month: Month of validity of the card. Full number between 1 (January) and 12 (December).
    year: Year of validity of the card. 4-digit integer (2017, not 17).

  • name: Name of cardholder. Example: "João da Silva".

  • csc: Card Security Code, usually printed on the back of the physical card.

  • cscEntryTime: Date and time when the CSC (Card Security Code) was entered. This is required when the CSC is generated by a time-based key/token. Must be in ISO 8601 format. Example: "2017-06-01T12:00:00-03:00".

  • authCode: Authorization code. This code is not the CSC (Card Security Code) because it is not printed on the card. Example: "AB123Z1Y".

  • authCodeEntryTime: Date and time when the authorization code (authCode) was entered. Must be in ISO 8601 format. Example: "2017-06-01T12:00:00-03:00".

NOTE: the authorization is made with the fields csc or authCode and their respective times of entrance. Only one of them must be specified.

The second step is to sign data using JSON Web Signature (JWS) in compact format and using Elliptic Curve (EC) as the signature algorithm.

The third step is to encrypt the data from the previous step using the public key of the server, which can be obtained from the query:

query {
    serverPublicKey {
        key
    }
}

Such encryption will be performed using JSON Web Encryption (JWE) in compact format, and EC as an encryption algorithm.

The signature and encryption structure follow the following idea:

JWE.Encrypt(recipient=ServerKey, format=compact,
     JWS.Sign(issuer=UserKey, format=compact,
         JSON.Stringify(CardSensitiveInput)
     )
)

The fourth step is to register the client public key which was used to sign the sensitive data. This way, the server can validate the client's signature in the sensitive field's decryption process. Here is an example of the public key registry mutation.

mutation {
    addPublicKeyToUser(input:{
        clientMutationId:"012", 
        userId:"bdc89491-f1f4-32f7-bad2-f44ae3b88aa6", 
        key:"{\"kty\":\"EC\", \"kid\":\"my-public-key-id-1\", \"x\":\"g_Sr4WwVDt5Qy3KonZyXqFwWykTR9KVMCt8Sx-dXSB8\",\"y\":\"ydSE-mUMtuhBTI_txDpd2ivb7e6FNzxq4e_18iHFZ2U\",\"crv\":\"P-256\"}",
        format:JWK
}) {
        clientMutationId, 
        user{
            id,
            firstName
            ,lastName
        }, 
        publicKey{
            key
        }
    }
}

NOTE: the fourth step is only necessary if the public key that signed the sensitive data has not been previously registered.

The wallet is a way for the user to organize their cards. To create a wallet using the ELO API, it is enough that the user is a CardHolder and uses the CreateWallet function. An example of using this function can be seen below:

mutation { 
    createWallet(
        input: { 
            clientMutationId: "123", 
            cardHolderId: "fdf9f98e-a6ac-4878-ad45-cc133e4ca168", 
            name: "My_Wallet"
        }
    ) {
        clientMutationId, 
        wallet{ 
            id, 
            name, 
            holder{
                name, 
                firstName, 
                displayName
            }
        }
    }
}

After the creation of the wallet , your data will be returned and from them you can manage it by adding or removing cards. Below is an example of each possible operation with the created wallet.

Add a card to the wallet:

mutation {
    addCardToWallet(
        input:{
            clientMutationId:"123", 
            walletId: "770d83de-f022-4c4e-b12d-e62f3d2d1d51", 
            cardId: "2fde85bf-6935-4e9b-8262-94d82e08e4bd"
        }
    ) { 
        clientMutationId, 
        wallet{ 
            id,
            name 
        }, 
        card{
            id
        }
    }
}

Remove card from wallet:

mutation{
    removeCardFromWallet(
        input:{
            clientMutationId: "012", 
            walletId: "770d83de-f022-4c4e-b12d-e62f3d2d1d51", 
            cardId: "2fde85bf-6935-4e9b-8262-94d82e08e4bd"}
    ) {
        clientMutationId, 
        wallet{
            name
        }, 
        card{
            id
        }
    }
}

Update wallet:

mutation{
  updateWallet(
      input: {
          clientMutationId: "123",
          walletId: "770d83de-f022-4c4e-b12d-e62f3d2d1d51",
          name: "Main Wallet"
        }
    ) {
        wallet {
            id,
            name
        }
    }
}

NOTE: You can only update the wallet name.

Remove wallet:

mutation{
    deleteWallet(
        input:{
            clientMutationId: "012", 
            walletId: "770d83de-f022-4c4e-b12d-e62f3d2d1d51"
        }
    ) { 
        clientMutationId, 
        walletId, 
        name
    }
}

Terms of Use may be added to the user, this means that the user has accepted the term. To list the terms of use just use the agreementTermsquery.

query{
  agreementTerms(filter:{
    nameContains: "",
    agreementTermIds: [
      "",
      ""
    ]
  })
  {
    pageInfo{
      hasPreviousPage
      hasNextPage
    }
    totalCount
    edges{
      cursor
      node{
        id
        title
        description
        url
      }
    }
  }
}

Note: Filters can be applied in the terms of use query, more details can be found in the AgreementTermFilterInput argument filter

Add User's Terms of Use:

To add a term of use to the user the mutation addAgreementToUser is used.

mutation {
  addAgreementToUser(input: {
    clientMutationId: "012", 
    userId: "b1ca0944-7822-3538-920d-58b233154608", 
    agreementTermId: "e32a7918-eef5-41af-909b-f4c93cee2e22"
  }) {
    clientMutationId
    user {
      id
      username
      firstName
      lastName
      displayName
    }
    agreement {
      agreementTerm {
        id
        title
        description
        url
      }
    }
  }
}

Remove User's Term of Use:

To remove User’s term of use, use mutation removeAgreementFromUser

mutation {
  removeAgreementFromUser(input: {
    clientMutationId: "013", 
    userId: "b1ca0944-7822-3538-920d-58b233154608", 
    agreementTermId: "e32a7918-eef5-41af-909b-f4c93cee2e22"
  }) {
    user {
      id
      firstName
      lastName
    }
    agreementTerm {
      id
      description
      url
    }
  }
}

Query

Query cardholder data using the user query:

query {
   user(id: "70fa9e70-1b41-3f68-8df9-b207d76929f6") {
        id,
        username
        cardHolders{
            id
            name
            companyName
        }
    }
}

NOTE: the id parameter refers to the user's access_token.

Cardholder data via ID

Query the name, CPF, RG and date of birth of a cardholder, given the unique global identifier:

query {
   node(id: "B8B1582B-1C2C-406B-9FC3-ACA842049207") {
      ... on CardHolder {
         firstName
         lastName
         legalIds {
            cpf {
               number
            }
            rg {
               number
               issuerOrganization
               issuerState
               issueDate
            }
         }
         birthday
      }
   }
}

NOTE: the id parameter refers to the cardholder's unique global identifier. (CardHolder).

  • Access_token:: Access code made available by the API after the login and that should be used by the developer when making the requests to the resources made available. It is used to validate the access and identification of the user who is performing the operations in the API.

  • Bcrypt: hash encryption algorithm used for password security (Wikipedia). In the context of this API is the result of the bcrypt algorithm on username and password.

  • BIN: (Bank Identification Number). The BIN is relative to the initial numbers of a card and identifies the issuer and products associated with it.

  • CardIssuer: A corporate type user who issues cards. Also known as Issuer.

  • CardHolder: A user of the physical or legal type that owns cards.

  • Challenge: Result of the bcrypt algorithm applied over the bcrypt of the username and password, and of the salt generated.

  • Client_id: Identifier used by the API to verify and validate which application is making use of the resources available. Its generation is done at the moment that the developer creates a new application in the portal of developers.

  • Merchant: A user of the type legal entity that is a commercial establishment and carries out transactions with cards.

  • PAN: (Primary Account Number), also known as "card number".

  • Salt: Randomly generated data that is used in the encryption algorithm next to the password as a form of protection preventing the hash of two equal data from generating the same result.

  • Sensitive: Sensitive content (card number, cardholder name, expiration, etc.) generated from a signature process and encryption, whose payload was signed with a private key of the user and encrypted making use of a key server.

  • Wallet: Digital wallet used to organize cards created by the cardholder within the ELO API.




Query compatible with the identification of Relay objects

IDs are protected by context permissions. A node can only be searched for by its identifier if it is authorized by the user's permissions.

The return specifies the Node interface that contains only the id field, which is already designated as a parameter. So to use this call use fragment to specify which fields return for each type that implements this interface.

Fragments inline:

node(id: "id-global-123") {
  __typename
  ... on Card {
    last4
  }
}

Reusable fragments:

fragment CardLast4Fragment on Card {
  last4
}

node(id: "global-identifier-123") {
  __typename
  ...CardLast4Fragment
}

Global object identifier specification (Relay Global Object Identification Specification).

Argumentos:

id: ID obrigatório

Unique global identifier of the node (object) to be queried.



Query cards Card

If executed by a cardholder, all the cards that it has will be returned. Same that query this cardholder cards.

If executed by a cardissuer, all the cards issued by it will be returned. The same as querying issued cards by this issuer.

In other cases, such as when executed by a merchant, an error is produced

Argumentos:

first: Int

Limit the list to the first entries, if provided. If it is null, the listing is unlimited. Used in forward navigation.

after: String

Starts after the opaque cursor, if provided. Used in forward navigation.

last: Int

Limits the list to the last entries, if provided. If null, the listing is unlimited. Used in back navigation.

before: String

Starts before the opaque cursor, if provided. Used in backward navigation.

filter: CardFilterInput

Apply filter, if provided.



Query CardHolder

Argumentos:

first: Int

Limits the list to the first entries, if defined. If null, the listing is unlimited. Used in forward navigation.

after: String

Starts after the opaque cursor, if defined. Used in forward navigation.

last: Int

Limits the list to the last entries, if defined. If null, the listing is unlimited. Used in back navigation.

before: String

Starts before the opaque cursor, if defined. Used in back navigation.

filter: SearchFilterInput

Apply filter, if defined.



User Query by various input means.

This query should be done with only one non-null parameter to designate the search method. Using more than one can generate distinct results on each request.

Argumentos:

id: String

Search the user by the unique global identifier

username: String

Search the user by your username

legalId: LegalIdsInput

Search the user by your document

socialNetwork: SocialNetworkInput

It looks for the user by his username in the specified social network

cardHolderId: String

Searches for the user with the cardholder associated by the unique global identifier specified.

merchantId: String

Searches for the user associated with the merchant by the unique global identifier specified.

If the merchant has more than one responsible user, it returns the oldest one.



Lists all Terms of Use known in the system.

Argumentos:

first: Int

Limit the list to the first entries, if provided. If it is null, the listing is unlimited. Used in forward navigation.

after: String

Starts after the opaque cursor, if provided. Used in forward navigation.

last: Int

Limits the list to the last entries, if provided. If null, the listing is unlimited. Used in back navigation.

before: String

Starts before the opaque cursor, if provided. Used in backward navigation.

filter: AgreementTermFilterInput

Apply filter, if provided.






Add an existing card to a digital wallet

Usable By:

  • Cardholders

Argumentos:

input: AddCardToWalletInput obrigatório



remove an existing card from a digital wallet

Usable by:

  • Cardholders

Argumentos:

input: RemoveCardFromWalletInput obrigatório



Creates Digital Wallet for a cardholder.

Usable by:

  • Cardholders

Argumentos:

input: CreateWalletInput obrigatório



Delete a Digital Wallet.

Information associated with the wallet will be deleted automatically.

Information that is being used by other entities such as Card or CardToken will stay alive until they have no more references and are collected automatically.

Usable by:

  • Cardholders (The owner of the wallet)

Argumentos:

input: DeleteWalletInput obrigatório



Updates (Edits) information from a digital wallet.

Cards and tokens are not manipulated by this mutation, but by specific mutations:

  • addCardToWallet()

  • removeCardFromWallet()

  • createCardToken()

  • suspendCardToken()

Argumentos:

input: UpdateWalletInput obrigatório



Create a salt to be used in thelogin ()challenge.

In order to avoid password traffic we use a (challenge) that is based on asalt returned by this mutation.

The salt returned will be associated withusername and will have expiry pecified in expiry

Argumentos:

input: CreateLoginSaltInput obrigatório



It makes a new access to the system using username and password.

In case of success this call returns access key (accessToken), which must be stored and sent throughout HTTP request in the access_token. Example: XXXYYYZZZ is the value returned in this field:

GET / graphql HTTP / 1.1 [...] access_token: XXXYYYZZZ [...]. New access does not undo other existing accesses, to do this use logout () by passing the access key returned.

To access using social networks, use socialNetworkOAuthLogin ().

NOTE: for the purpose of avoiding password traffic we use a challenge (challenge) which is based on a salt obtained with the createLoginSalt () mutation. It is therefore necessary to start the login process () with that mutation.

Argumentos:

input: LoginInput obrigatório



It makes a new access to the system using social networks (OAuth).

A new access does not undo other existing accesses, to do this use logout () by passing the access key returned.

To access using username and password , use login ().

Argumentos:

input: SocialNetworkOAuthLoginInput obrigatório



Creates a user.

The information can be later changed with updateUser ()and the image with setImage ().

Argumentos:

input: CreateUserInput obrigatório



Register a Card to a Cardholder.

Your card or card holder must be registered with a card and checked:

  • Cardholder: if the system user is associated with the (CardHolder), either its own or one of the associated companies.

  • Issuer: if the issuer is responsible for the BIN of the card, obtained from the card number (pan) in the encrypted sensitive fields. The issuer must be allowed to create cards for the cardholder, thus obtaining its holderId (CardHolder { id}).

The card data is inferred from the BIN, Prefix of the card number (pan) described insensitive.

Argumentos:

input: CreateCardInput obrigatório



Delete a card

And all associated information will be automatically deleted.

Information that are being used by other entities, such as CardToken will be alive until they have no references, and they will be automatically collected.

Argumentos:

input: DeleteCardInput obrigatório



Update a Card from a cardholder.

The update of a card must be done by the cardholder or by the card issuer,

  • Cardholder: if the system user is associated with the cardholder (CardHolder ), either your personal or one of the associated business.

  • Issuer: if the issuer is responsible for the BIN of the card.

Argumentos:

input: UpdateCardInput obrigatório



It initiates the password recovery process for a user.

The password recovery is a process in which a password recovery code is sent to the user's email or phone, as registered in the system.

The user then accesses a link which displays a form containing the sent code and asking for the new password. Both must be referred to the passwordReset() mutation.

The traditional password recovery process requires a legal document, such as the CPF, and then sends an email with a link leading to the change the password in our system.

But many users forget the email or telephone number that have been covered and are not sure which one to look for. For this the contact medium is masked, that is, partially visible in order to remind the user without disclosing confidential information and prevents use of the password recovery system for the user \ 's data mining. An email `user@gmail.comwould be masked asuxxx@gmail.com, sincefirst.last@company.comwould befxxxx.lxxx@company.com. Similarly, a+55 (11) 99123-4567cell phone would be dressed as+55 (11) 9xxx3-xx67`.

Other cases we deal with users associated with multiple emails and phones and have lost access to them. For example a person had registered his corporate and personal email, however and left the company and consequently lost access to corporate email. In this case you are offered the option of specifying another meeting contact, with the restriction that it must be previously registered in the system, avoiding fraud.

In addition, instead of using link to form on our system, you can create a form itself, ask for the manual input of the recovery key sent and make the call passwordReset().

Argumentos:

input: RequestPasswordResetInput obrigatório



Terminates the password recovery process for a user by resetting it.

Password recovery is a process initiated by the requestPasswordReset ()mutation in which a password recovery code is sent to the email or

The user then accesses a link which displays a form containing the sent code and asking for the new password. Both must be referred to this mutation, which will change the password saved in the system.

In general this call is made from the form in our system, which was sent in the form of link to the \ you want to recover the password.

Argumentos:

input: PasswordResetInput obrigatório



Delete a user

All the associated information such as cardholder name, wallets, contacts, social networks, accepted terms and others will be \ automatically deleted.

Information being used by other entities, such as Card or CardToken will remain alive until they have no more references and are collected automatically.

Associations with CardIssuer and Merchant will be automatically disappeared.

Argumentos:

input: DeleteUserInput obrigatório



Set (change) user fields

For the image see setImage ()

Argumentos:

input: UpdateUserInput obrigatório



Adds a cardholder to the user

A user can only have one cardholder for his/her physical person (fields companyName,companyLegalName being null) and \ others should contain data from legal entities ).

ALL: event notification

Argumentos:

input: CreateCardHolderForUserInput obrigatório



Adds a card issuer to the user

A sender can be managed by multiple users and a user can manage multiple senders.

After the sender is already associated, it returns an error.

ALL: event (subscription) of the event

Argumentos:

input: AddCardIssuerToUserInput obrigatório



Add a merchant to the user

A merchant can be managed by multiple users and a user can manage multiple merchants.

After the merchant is already associated, it returns an error.

ALL: notification ( subscription) of the event.

Argumentos:

input: AddMerchantToUserInput obrigatório



Adds a public key to the user

In general, each device or server associated with the user must export a public key in order to send or receive sensitive data, such as CardInterface { sensitive(keyId: "X") }

The keys must have a uniqueid identifier for the user and will be provided as keyId for queries or mutations that use the public key, for example for signatures (JSON Web Signature - JWS) or (\ JSON Web Encryption_ - JWE).

The keys associated with a user are available in publicKeys.

Argumentos:

input: AddPublicKeyToUserInput obrigatório



Adds a term accepted by the user

In the case when the terms is already previously accepted, it returns an error message.

Argumentos:

input: AddAgreementToUserInput obrigatório



Removes a term accepted by the user

Indicates that the user no longer accepts the terms. It may return error if the term can not be removed.

Argumentos:

input: RemoveAgreementFromUserInput obrigatório






Entry filtering cards to be returned

Campos:

status

:

CardStatus

If non-null, returns only cards with given state. Example: ACTIVE. If null, returns cards in all states.


cardHolderServiceId

:

ID

If non-null, it returns only cards offering a certain service (CardHolderService), for availableServices. If null, returns cards that offer any services.


funding

:

CardFunding

If non-null, returns only cards with given funding. Example: DEBIT If null, returns cards of all types.


cardProductId

:

ID

If non-null, it returns only cards of a certain product (CardProduct). If null, returns cards of all products.


cardBrandId

:

ID

If non-null, returns only cards of a certain brand (CardBrand). If null, returns cards of all brands.

NOTE: in cardBrandId only have available ELO.


cardCaptureId

:

ID

If non-null, it returns only cards that allow a given capture (CardCapture). If null, returns cards of all captures.


cardUsageId

:

ID

If non-null, it returns only cards of a certain use (CardUsage). If null, returns cards of all uses.


cardNetworkId

:

ID

If non-null, it returns only cards from a certain network (CardNetwork). If null, it returns cards from all networks.


cardIssuerId

:

ID

If non-null, it returns only cards from a certain issuer (CardIssuer). If null, returns cards from all issuers.



Entry for search filtering with textual information.

Campos:

filter

:

String

TODO: document filter language, something like Google or GMail



Entry to RG

Campos:

number

:

String obrigatório

RG number (digits) without hyphen or periods.


issuerOrganization

:

String

Organization issuing the document (example: SSP)


issuerState

:

String

Federative State issuing the document (example: SP)


issueDate

:

Date

document issue date



Entry to LegalIds

Campos:

cpf

:

String

CPF number without hyphen or periods


cnpj

:

String

CNPJ number without hyphen or points


rg

:

RGInput

General Registration Document



Input with basic data for social networks.

Campos:

provider

:

String obrigatório

Name of social network provider, eg Facebook, Twitter ...


username

:

String obrigatório

Social network username



Input for search filtering by term of use.

All fields specified (non-null) are applied (AND behavior), to get OR behavior, use multiple queries.

Campos:

nameContains

:

String

If null or empty, it does not perform filtering.

Otherwise, define text that must be contained in the term of use name.


agreementTermIds

:

list de ID obrigatório

List of unique global identifiers of terms (AgreementTerm) If null or empty, it does not perform filtering.


isWalletDigital

:

Boolean

Perform filtering by the term of use, which are referring to the digital wallet. If the value entered is "true", only the terms in the digital wallet will be returned. If the value entered is "false", only the terms that do not belong to the digital wallet, will be returned. If the attribute is not informed in the query, all terms of use will be returned, regardless of whether they are from digital wallets or not.



Mutation entry addCardToWallet().

Sensitive information needs to be transmitted in encrypted form using the compact JSON Web Encryption (JWE) form.

Compatible with Relay.

Campos:

clientMutationId

:

String

Opaque client identifier using the format UUIDv4.

It should be used by clients to track mutations and responses,

Can be used by the server to lose duplicate requests due to network failures and retransmissions.

Compatible with Relay.


walletId

:

ID obrigatório

The global identifier of the wallet where you want to add the card.


cardId

:

ID

The unique global identifier of the card.

If you have access to the card ID, this field is preferably used to reduce the traffic of sensitive information.

Otherwise you can use the sensitive field.

Example: "3417E346-49A3-47A8-8196-37BBA09E27A5"


sensitive

:

String

Sensitive content which was signed and then encrypted according to the following structure. It should only be used if you do not have access to the unique global identifier of the card, in this case it should be used cardId.

Signature structure and encryption:

JWE.Encrypt(recipient=ServerKey, format=compact,
    JWS.Sign(issuer=UserKey, format=compact,
        JSON.Stringify(CardSensitiveInput)
    )
)

That is, the data according to the JSON schema CardSensitiveInput should be serialized and then signed using JSON Web Signature (JWS) in compact format and then encrypted using JSON Web Encryption (JWE) also in compact format. The final result should be used as the value of this parameter.

The schema defines the following keys for the input object (CardSensitiveInput):

  • pan: (Primary Account Number), also known as \"card number\" physical. Example: "1234567890123456"

  • expiry: Expiration date of the card, that is, when it expires. It is an object consisting of the month and year keys described below. Example: {"month": 2, "year": 2020}

    • month: Card expiration month. Integer between 1 (January) and 12 (December).

    • year: Expiration year. Integer with 4 digits (2017, not 17).

  • name: Cardholder name. Example: "João da Silva".

Authorization is performed with the csc or authCode and their respective times of entry. Note that only one of them must be specified:

  • csc: (Card Security Code), usually printed on the back of the physical card.

  • cscEntryTime: Date and time when CSC (Card Security Code) was entered. This is required when the CSC is generated by a/token based on time. Must be in ISO 8601 format. Example: "2017-06-01T12:00:00-03:00"

  • authCode: Authorization code. This code is not the CSC (Card Security Code) because is not printed in the card. Example: "AB123Z1Y"

  • authCodeEntryTime: Date and time when authorization code (authCode) was entered. Must be in ISO 8601 format. Example: "2017-06-01T12:00:00-03:00"



Mutation entry removeCardFromWallet().

Compatible with Relay.

Campos:

clientMutationId

:

String

Opaque client identifier using the format UUIDv4.

It should be used by clients to track mutations and responses,

Can be used by the server to lose duplicate requests due to network failures and retransmissions.

Compatible with Relay.


walletId

:

ID obrigatório

The global identifier of the wallet from which you want to remove the card.


cardId

:

ID obrigatório

The global identifier of the card to be removed. Must have been previously added to wallet.



Mutation entry createWallet().

Compatible with Relay.

Campos:

clientMutationId

:

String

Opaque client identifier using the format UUIDv4.

It should be used by clients to track mutations and responses,

Can be used by the server to lose duplicate requests due to network failures and retransmissions.

Compatible with Relay.


name

:

String obrigatório

Specifies new wallet name.



Mutation entry deleteWallet().

Compatible with Relay.

Campos:

clientMutationId

:

String

Opaque client identifier using the format UUIDv4.

It should be used by clients to track mutations and responses,

Can be used by the server to lose duplicate requests due to network failures and retransmissions.

Compatible with Relay.


walletId

:

ID obrigatório

The global identifier of the wallet to be deleted.

The system user must be allowed to delete wallets from the wallet holder to be deleted (Wallet { holder }).



Mutation entry updateWallet().

Compatible with Relay.

Campos:

clientMutationId

:

String

Opaque client identifier using the format UUIDv4.

It should be used by clients to track mutations and responses,

Can be used by the server to lose duplicate requests due to network failures and retransmissions.

Compatible with Relay.


walletId

:

ID obrigatório

The global identifier of the wallet in which you want to edit information.


name

:

String obrigatório

If provided, specifies the new wallet name.



Mutation entry createLoginSalt().

Compatible with Relay.

Campos:

clientMutationId

:

String

Opaque client identifier using the format UUIDv4.

It should be used by clients to track mutations and responses,

Can be used by the server to lose duplicate requests due to network failures and retransmissions.

Compatible with Relay.


username

:

String obrigatório

User name for system access

Note that salt will always be returned, even if the user does not exist.



Mutation Entry login().

Compatible with Relay.

Campos:

clientMutationId

:

String

Opaque client identifier using the format UUIDv4.

It should be used by clients to track mutations and responses,

Can be used by the server to lose duplicate requests due to network failures and retransmissions.

Compatible with Relay.


username

:

String obrigatório

User name for system access


challenge

:

String obrigatório

(challenge) Result of login().

Hash using the algorithm bcrypt with salt provided by createLoginSalt() and content being the bcryptPassword specified in createUser() or updateUser(). Code using the libraries crypto and bcrypt com Node.js:

var crypto = require('crypto');
var bcrypt = require('bcrypt'); // or bcryptjs

function sha256AsBase64(data) {
  return crypto.createHash('sha256')
    .update(data)
    .digest('base64');
}

function bcryptSaltFromUsername(username) {
  var hash = crypto.createHash('sha256').update(username).digest();
  return '$2a$12$' + bcrypt.encodeBase64(hash, 16);
}

function bcryptUserPassword(username, password) {
  var userSalt = bcryptSaltFromUsername(username);
  return bcrypt.hashSync(sha256AsBase64(password), userSalt);
}

var username = input(); // Ask the user name
var password = input(); // Ask the password
var bcryptPassword = bcryptUserPassword(username, password);

var challengeSalt = createLoginSalt(username);
var challenge = bcrypt.hashSync(bcryptPassword, challengeSalt);

The final String final must be in the default format, with prefix, cost, salt and finally the value computed in Base64, totaling 60 characters. For example: $2a$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy



Mutation entry socialNetworkOAuthLogin().

Compatible with Relay.

Campos:

clientMutationId

:

String

Opaque client identifier using the format UUIDv4.

It should be used by clients to track mutations and responses,

Can be used by the server to lose duplicate requests due to network failures and retransmissions.

Compatible with Relay.


provider

:

String obrigatório

Name of social network provider, eg Facebook, Twitter ...


username

:

String obrigatório

User name in the social network

NOTE: do not confuse the user with the User {username} system.


accessToken

:

String

User access key maintained by the application in social network

NOTE: not to be confused with the access key returned in LoginPayload with login() or socialNetworkOAuthLogin().



Entry with extra data for OAuth-based on social networks

Campos:

accessToken

:

String obrigatório

If the OAuth process was successful, it contains the access code


refreshToken

:

String

If the OAuth process was successful, it contains the request renewal code


scopes

:

list de String obrigatório

If the OAuth process was successful, it contains the authorized scope


expiryTimestamp

:

DateTime

If the OAuth process was successful, it contains the date and time the access code (accessToken) expires.



Entry for annual income of an individual.

Campos:

personal

:

Float obrigatório

Annual personal income (individual)


family

:

Float obrigatório

Total annual household income of the individual.


currency

:

String obrigatório

Currency associated with the reported values ​​

Currency code with 3 letters ISO4217 Example: EUR,USD, BRL. ..



Entry for contact item with cardholder, such as email or the phone...

Campos:

type

:

PersonContactType obrigatório

This type designates how to interpret the value, which can be telephone, email, or instant messaging application


context

:

String

Context of the contact, which varies with type:

  • If the type is PHONE or EMAIL, this could be: sales, support ...

  • If the type is IM, it can be: skype , whatsapp, facebook messenger ...

  • If it is OTHER, it can be any text


value

:

String obrigatório

Value of the contact. Examples: + 12345678 for telephone, `user@server.com` for email, etc.



World Physical Address Entry, which can be used for submissions or accounts

Campos:

context

:

String

Context of the address, for example: home, Office, work, headquarters

Analog to field of the same name in PersonContact and CompanyContact.


country

:

String obrigatório

Country code with 3 letters (ISO3166-alpha3). Examples: USA, BRA...


city

:

String obrigatório

UTF-8 city name


state

:

String obrigatório

state full name


stateAbbrev

:

String

Abbreviated state name (optional).


zip

:

String

Postal code (optional).


district

:

String

District optional


kind

:

String

The type must be Av. (Avenue),S. (Street), Hw. (Highway) ...


number

:

Int obrigatório

Construction number


place

:

String obrigatório

Road name, to be used in conjunction with kind and number, composing the first line of address.


complement

:

String

Optional add-on, such as apartment number.


reference

:

String

Reference point (example: near the gas station)


instructions

:

String

Instructions (example: receiver authorization)


lon

:

Float

Longitude, optional: in degrees.

Contains the longitude if it is manually provided or automatically covered from the address. If it is not possible to provide, it will null.


lat

:

Float

Latitude, optional: in degrees.

Contains the latitude if it is manually provided or automatically covered from the address. If it is not possible to provide, it will null.



Mutation entry createUser ().

Note: there is no image field to be sent, so use the setImage () mutation.

Compatible with Relay.

Campos:

clientMutationId

:

String

Opaque client identifier using the format UUIDv4.

It should be used by clients to track mutations and responses,

Can be used by the server to lose duplicate requests due to network failures and retransmissions.

Compatible with Relay.


username

:

String

User name for system access

It can be null if and only if 'socialNetwork` is specified, or se, the user will be created based on the social network.


bcryptPassword

:

String

Hash using the user password algorithm bcrypt.

The parameters for hash calculation are:

  • cost: 12

  • salt: the first 16 _Hash_bytes_ using the user name algorithm SHA256, encoded as base64 using the private alphabet of bcrypt.

  • data : The Base64 representation of Hash using SHA256 from the user password. This is necessary because bcrypt has a limit of

72 characters.

That is:

var crypto = require('crypto');
var bcrypt = require('bcrypt'); // or bcryptjs

function sha256AsBase64(data) {
 return crypto.createHash('sha256')
 .update(data)
 .digest('base64');
}


function bcryptSaltFromUsername(username) {
 var hash = crypto.createHash('sha256').update(username).digest();
 return '$2a$12$' + bcrypt.encodeBase64(hash, 16);
}

function bcryptUserPassword(username, password) {
 var userSalt = bcryptSaltFromUsername(username);
 return bcrypt.hashSync(sha256AsBase64(password), userSalt);
}

var username = input(); // Ask the user name
var password = input(); // ask the password
var bcryptPassword = bcryptUserPassword(username, password);

The String should be serialized in standard bcrypt format containing the prefix, cost, the hash serialized in Base64, setting 60 characters. For example: $2a$12$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy

Can be null if and only if socialNetwork is specified, or if the user will be created based on the social network.


socialNetwork

:

SocialNetworkInput

User associated with a social network.

Contains only the basic information of the social network (provider and user of the network). If it is a social network based on OAuth, then send the oauth field with the private extensions of this protocol.

It can be null if and only if bothbcryptPassword and username re specified, , the traditional user with a name and has been kept in the system.

If username orbcryptPassword are provided together with socialNetwork, then it is similar to creating a user and then clickaddSocialNetworkToUser () .

If bcryptPassword is null, the password will be undefined and login ()will not work, only socialNetworkOAuthLogin ().

If username is null, a name will be generated user.


oauth

:

SocialNetworkOAuthInput

User associated with an OAuth social network.

If socialNetwork refers to a network using the OAuth protocol, then this field offers specific data such as accessToken,refreshToken, scopes and expiryTimestamp.


name

:

String obrigatório

Full name of the cardholder as in the official documents (RG, CPF)


firstName

:

String

Frist name of the user


lastName

:

String

Last name of the user


displayName

:

String

Username to be displayed (example: shortened, alias ...)


legalIds

:

LegalIdsInput obrigatório

All legal documents that identify the user.


birthday

:

Date

Date of birth


gender

:

Gender

Male or Female, according to offical documents


maritalStatus

:

MaritalStatus

Marital status


income

:

PersonYearlyIncomeInput

Annual income of the user (individual and family).


occupationId

:

ID

User's profession.

Use known and returned values ​​in the query personOccupations, membros id.

Sending an unknown occupation will result in an error.


contacts

:

list de PersonContactInput obrigatório

User contacts


verifyContact

:

TypeContactVerification

Indicates if the contact will be verified or not in user creation. If sended, indicates the type of contact.


addresses

:

list de AddressInput obrigatório

Postal Addresses


origin

:

String

Identifies the origin of user registration.



Mutation entry createCard().

Compatible with Relay.

Campos:

clientMutationId

:

String

Opaque client identifier using the format UUIDv4.

It should be used by clients to track mutations and responses,

Can be used by the server to lose duplicate requests due to network failures and retransmissions.

Compatible with Relay.


sensitive

:

String obrigatório

Sensitive content (card number, verification code and validity) which was signed and then encrypted according to the structure \in the following.

Signature structure and encryption:

` JWE.Encrypt (recipient

)

Within this case, the data according to the JSON CardSensitiveInput should be serialized and then signed using JSON Web Signature (JWS) in compact format and then encrypted using JSON Web Encryption (JWE) also in compact format. The final result should be used as the value of this parameter.

The schema defines the following keys for the input object (CardSensitiveInput):

-pan: The primary account number (_Primary Account Number _), also known as \"physical card number \". Example: " 1234567890123456 \`

  • expiry: Expiration date of the card, that is, when it \expires.It is an object consisting of themonth and year keys described below. \ N: year: 2020}`

  • month: Month of card validity Integer between 1 (January) and 12 (December). of the validity of the card Integer with 4 digits (2017, not 17)

  • name: Cardholder name Example:\ "João da Silva ". \ cscorauthCode` fields and their respective entry times, Note that only one of them should be specified:

    -csc: _Card Security Code _ n usually printed on the back of the physical card.

  • cscEntryTime: Date and time when the CSC (Card Security Code) was entered.It is required when the CSC is generated by a keyring / token based on time.It must be in the ISO 8601 format. Example: " 2017-06- 01T12: 00: 00-03: 00 \"

  • authCode: Authorization code. This code is not the CSC (Card Security Code) because it is not printed on the card. Example: " AB123Z1Y \"

  • authCodeEntryTime: Date and time when the authorization code (authCode) was entered. It must be in the format ISO 8601. Example: " 2017-06-01T12: 00: 00-03: 00 \"

JSON Schema: [CardSensitiveInput.json](https://github.com/

The card number (pan) will be used to find the other fields of the card, such asavailableServices, bin, funding, product,isInternational, isCompany,isToken, brand, allowedCaptures,usages, network,issuer and metadata.


holderId

:

ID obrigatório

Unique global cardholder identifier (CardHolder {id}).

The system user must be allowed to create cards for this cardholder, ie:

  • Cardholder: if the system user is a cardholder, it must be the CardHolder {id} of the individual or an associated legal entity.

  • Issuer: if the cardholder has authorized the creation of cards.


billingAddress

:

AddressInput

Card billing address.



Mutation entry deleteCard().

Compatible with Relay.

Campos:

clientMutationId

:

String

Opaque client identifier using the format UUIDv4.

It should be used by clients to track mutations and responses,

Can be used by the server to lose duplicate requests due to network failures and retransmissions.

Compatible with Relay.


cardId

:

ID obrigatório

Unique global identifier of the card to be deleted



Mutation entry updateCard().

Compatible with Relay.

Campos:

clientMutationId

:

String

Opaque client identifier using the format UUIDv4.

It should be used by clients to track mutations and responses,

Can be used by the server to lose duplicate requests due to network failures and retransmissions.

Compatible with Relay.


holderId

:

ID obrigatório

Unique global identifier of the card (Card { id }).

the system user must be allowed to perform the update:

  • Cardholder: if the user os the system is the cardholder,it must be it CardHolder { id } of the individual or an associated legal entity.

  • Issuer: are responsible for the BIN of the card.


billingAddress

:

AddressInput

Card billing address.

If null, will not be changed.


status

:

CardStatus

Card status.

If null, will not be changed.


sensitive

:

String

Conteúdo sensível o qual foi assinado e então cifrado conforme a estrutura a seguir. Deve ser utilizado apenas se não tiver acesso ao identificador global único do cartão, neste caso deverá ser utilizado cardId.

Estrutura de assinatura e criptografia:

JWE.Encrypt(recipient=ServerKey, format=compact,
    JWS.Sign(issuer=UserKey, format=compact,
        JSON.Stringify(CardSensitiveInput)
    )
)

Ou seja, os dados conforme o esquema JSON CardSensitiveInput devem ser serializados e então assinados utilizando JSON Web Signature (JWS) em formato compacto e então cifrados utilizando JSON Web Encryption (JWE) também em formato compacto. O resultado final deve ser utilizado como valor deste parâmetro.

O esquema define as seguintes chaves para o objeto de entrada (CardSensitiveInput):

  • pan: (esse campo é obrigatório) O número da conta primária (Primary Account Number), também conhecido como "número do cartão" físico. Exemplo: "1234567890123456"

  • expiry: (esse campo é obrigatório) Data de validade do cartão, ou seja, quando ele expira. É um objeto composto pelas chaves month e year descritas a seguir. Exemplo: {"month": 2, "year": 2020}

    • month: Mês da validade do cartão. Número inteiro entre 1 (Janeiro) e 12 (Dezembro).

    • year: Ano da validade do cartão. Número inteiro com 4 dígitos (2017, não 17).

  • name: Nome do portador do cartão. Exemplo: "Joao da Silva". (não utilizar caracteres especiais ou acentos)

A autorização é feita com os campos csc ou authCode e seus respectivos horários de entrada. Note que apenas um deles deve ser especificado:

  • csc: Código de segurança do cartão (Card Security Code), usualmente impresso na parte de trás do cartão físico.

  • cscEntryTime: Data e horário quando o CSC (Código de Segurança do Cartão) foi digitado. É necessário quando o CSC é gerado por um chaveiro/token baseado em tempo. Deve estar no formato ISO 8601. Exemplo: "2017-06-01T12:00:00-03:00"

  • authCode: Código de autorização. Este código não é o CSC (Código de Segurança do Cartão) pois não está impresso no cartão. Exemplo: "AB123Z1Y"

  • authCodeEntryTime: Data e horário quando o código de autorização (authCode) foi digitado. Deve estar no formato ISO 8601. Exemplo: "2017-06-01T12:00:00-03:00"



Mutation entry requestPasswordReset().

A At least one document, email or telephone must be used to identify the user on the system.

Compatible with Relay.

Campos:

clientMutationId

:

String

Opaque client identifier using the format UUIDv4.

It should be used by clients to track mutations and responses,

Can be used by the server to lose duplicate requests due to network failures and retransmissions.

Compatible with Relay.


legalId

:

LegalIdsInput obrigatório

User document which you want to recover password

You can specify only one document, for example only the CPF or CNPJ.


email

:

String

Email of the user who wants to recover the password.

If it is supplied and registered in the system it will be the means used for sending the password recovery key, as required in passwordReset ().


phone

:

String

Phone number of the user who wants to recover the password.

If it is supplied and registered in the system it will be the means used for sending the password recovery key, as required in passwordReset ().


type

:

PersonContactType

Contact type in which TOKEN will be sent to reset the password.

The TOKEN will only be sent to the contact if it has been previously validated.

NOTE: only the types of contact. PHONE and EMAIL contacts are verifiable.



Mutation entrypasswordReset().

Compatible with Relay.

Campos:

clientMutationId

:

String

Opaque client identifier using the format UUIDv4.

It should be used by clients to track mutations and responses,

Can be used by the server to lose duplicate requests due to network failures and retransmissions.

Compatible with Relay.


legalId

:

LegalIdsInput obrigatório

User document of the user that wants to retrieve the password

This field must contain the same values ​​passed by RequestPasswordResetInput to requestPasswordReset ().


email

:

String

E-mail of the user who wishes to recover the password.

This field must contain the same value passed by RequestPasswordResetInput to requestPasswordReset ()..


phone

:

String

Phone number of the user to retrieve the password for.

This field must contain the same value as RequestPasswordResetInput for requestPasswordReset ().


token

:

String obrigatório

The password recovery key sent by email or phone is the process started with requestPasswordReset ()


type

:

PersonContactType

Tipo do contato do usuário o qual deseja recuperar a senha.

NOTA: apenas os tipos de contatos PHONE e EMAIL são verificáveis.


bcryptPassword

:

String obrigatório

Hash utilized on the algorithm bcrypt da new password of the user.

Os parameters for the calculation the hash are:

  • cost: 12

  • salt: the 16 firsts bytes of the Hash using the algorithm

    SHA256 name of the user, coded with base64 using the particular alphabet of bcrypt.

  • data: the representation on Base64 of the Hash using SHA256 of user password. This is necessary because bcrypt has a limit of 72 characters.

by that means:

var crypto =
require('crypto');
var bcrypt = require('bcrypt'); // or bcryptjs

function
sha256AsBase64(data) {
  return crypto.createHash('sha256')

 .update(data)
    .digest('base64');
}


function bcryptSaltFromUsername(username)
{
  var hash = crypto.createHash('sha256').update(username).digest();

 return '$2a$12$' + bcrypt.encodeBase64(hash, 16);
}

function
bcryptUserPassword(username, password) {
  var userSalt =
bcryptSaltFromUsername(username);
  return bcrypt.hashSync(sha256AsBase64(password),
userSalt);
}

var username = input(); // Ask the name of the user
var
password = input(); // Ask the password of the user
var bcryptPassword =
bcryptUserPassword(username, password);

The String Must be serialized with the standart format bcrypt That has the prefix, cost, salt and the hash serialized in Base64, Giving a total of 60 characters. For example: $2a$12$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy



Mutation entrydeleteUser().

Compatible with Relay.

Campos:

clientMutationId

:

String

Opaque client identifier using the format UUIDv4.

It should be used by clients to track mutations and responses,

Can be used by the server to lose duplicate requests due to network failures and retransmissions.

Compatible with Relay.


userId

:

ID obrigatório

Unique global user id to be deleted



Mutation entry updateUser().

P.s: It does not exist a field 'image' to be altered, for such field use the mutationo setImage().

Compatible with Relay.

Campos:

clientMutationId

:

String

Opaque client identifier using the format UUIDv4.

It should be used by clients to track mutations and responses,

Can be used by the server to lose duplicate requests due to network failures and retransmissions.

Compatible with Relay.


id

:

ID obrigatório

Unique global identifier for the user to be modified


username

:

String

Username of the user to access the systema

If null, will not be changed


name

:

String

Full name of the cardholder just like displayed on its legal documents(RG, CPF)

If null, will not be changed


firstName

:

String

First name of the user

If null, will not be changed


lastName

:

String

Last name of the user

If null, will not be changed


displayName

:

String

User name to be displayed (example: shortened, alias ...)

If null, will not be changed


legalIds

:

LegalIdsInput

All legal documents identifying the user.

If null, will not be changed

If non-null then it should contain all the documents, this allows to remove documents, keep them or then add new ones to \ in a single entry


birthday

:

Date

Date of birth

If null, will not be changed


gender

:

Gender

Male or female, according to offical documentations

If null, will not be changed.


maritalStatus

:

MaritalStatus

Marital status

If null, will not be changed


income

:

PersonYearlyIncomeInput

Annual income of the user (individual and family).

If null, will not be changed.


occupationId

:

ID

User profession

Use known and returned values​​in the query personOccupations, members id.

Sending an unknown occupation will result in an error.

If null, will not be changed.


contacts

:

User contacts

if null, will not be altered

if non-null then it should contain ALL contacts,this allows to remove contacts, keep them or add new ones to \ in a single entry.


addresses

:

list de AddressInput

Postal codes

` will not be changed

In case of a non-null then it should contain all PostalCodes, this allows to remove addresses, keep them or add new ones to \ in a single input.



Entry to CompanyLegalIds

Campos:

cnpj

:

String

CNPJ number without hyphen or points



Mutation entry createCardHolderForUser ().

A user can only have one cardholder for his/her person ('companyNamefields,companyLegalNamebeing null`) and \ others must contain data of legal entities (companies).

Compatible with Relay.

Campos:

clientMutationId

:

String

Opaque client identifier using the format UUIDv4.

It should be used by clients to track mutations and responses,

Can be used by the server to lose duplicate requests due to network failures and retransmissions.

Compatible with Relay.


userId

:

ID obrigatório

Unique global identifier of the User that will have an associated cardholder


companyName

:

String

Legal name of the company, as written in documents.

For corporate cards (legal entity), this field informs the company’s social relationship. For fantasy name, see companyName

For personal cards will always benull. Note that only a individual cardholder will exist for the user


companyLegalName

:

String

Nome legal da empresa, como escrito em documentos.

Para cartões corporativos (pessoa jurídica), este campo informa a razão social da empresa. Para nome fantasia, veja companyName

Para cartões de pessoa física será sempre null. Note que apenas um portador de cartões pessoa física existirá para o usuário.


companylegalIds

:

CompanyLegalIdsInput

Legal identification documents of the company.

For personal cards will always be null. Note that only a individual cardholder will exist for the user



Mutation entry addCardIssuerToUser().

Compatible with Relay.

Campos:

clientMutationId

:

String

Opaque client identifier using the format UUIDv4.

It should be used by clients to track mutations and responses,

Can be used by the server to lose duplicate requests due to network failures and retransmissions.

Compatible with Relay.


userId

:

ID obrigatório

Unique global identifier of the User that will be associated with the issuer


cardIssuerId

:

ID obrigatório

Unique Global Card Issuer Identifier



Mutation entry addMerchantToUser().

Compatible withRelay.

Campos:

clientMutationId

:

String

Opaque client identifier using the format UUIDv4.

It should be used by clients to track mutations and responses,

Can be used by the server to lose duplicate requests due to network failures and retransmissions.

Compatible with Relay.


userId

:

ID obrigatório

Unique global identifier of the User that will be associated with the merchant


merchantId

:

ID obrigatório

Unique Global Merchant ID



Mutation entry addPublicKeyToUser()

Compatible with Relay.

Campos:

clientMutationId

:

String

Opaque client identifier using the format UUIDv4.

It should be used by clients to track mutations and responses,

Can be used by the server to lose duplicate requests due to network failures and retransmissions.

Compatible with Relay.


userId

:

ID obrigatório

Unique global user identifier to add public key


key

:

String obrigatório

Public Key Content. The format is specified in format.

If the key is already associated with the user it will not be renamed again and the mutation will return thepublicKey already existent, with the same id.


format

:

CryptoKeyFormat

Format of the key key.

If null, try to discover from the content of key.



Mutation entry addAgreementToUser().

Compatible with Relay.

Campos:

clientMutationId

:

String

Opaque client identifier using the format UUIDv4.

It should be used by clients to track mutations and responses,

Can be used by the server to lose duplicate requests due to network failures and retransmissions.

Compatible with Relay.


userId

:

ID obrigatório

Unique global identifier of User that accepted the term


agreementTermId

:

ID obrigatório

Unique global identifier of the accepted term


timestamp

:

DateTime

When the term was accepted. If 'null' then auto-generated.



Entry for mutation removeAgreementFromUser().

Compatible with Relay.

Campos:

clientMutationId

:

String

Opaque client identifier using the format UUIDv4.

It should be used by clients to track mutations and responses,

Can be used by the server to lose duplicate requests due to network failures and retransmissions.

Compatible with Relay.


userId

:

ID obrigatório

Unique global identifier of the User which no longer accepts the term


agreementTermId

:

ID obrigatório

Unique global identifier of the previously accepted term






PageInfo compatible with Relay.

Campos:

hasPreviousPage

:

Boolean obrigatório

hasNextPage

:

Boolean obrigatório

startCursor

:

String

endCursor

:

String


Connection edge containing a Card in accordance with Relay.

Campos:

cursor

:

String obrigatório

Opaque cursor for use with queries after or before.


node

:

Card

The Card object that makes up this connection edge.



Card connection in accordance with Relay.

Campos:

pageInfo

:

PageInfo obrigatório

'Card` connection in accordance with the Relay.


edges

:

list de CardsEdge

List of edges that make up this connection.


totalCount

:

Int

Total count of objects in this connection.

Edges are limited to before and after cursors, as well as first and last count. Thus the size of edges is possibly smaller than the connection as a whole.

totalCount, if it is not null, indicates the total number of items in the connection considering the filter.



Edge connection containing a CardHolder in accordance with Relay.

Campos:

cursor

:

String obrigatório

Opaque cursor for use with queries after or before.


node

:

CardHolder

The CardHolder object that makes up this connection edge.



CardHolder connection in accordance with Relay.

Campos:

pageInfo

:

PageInfo obrigatório

Opaque cursor for use with queries after or before.


edges

:

List of edges that make up this connection.


totalCount

:

Int

Total count of objects in this connection.

Edges are limited to before and after cursors, as well as first and last count. Thus the size of edges is possibly smaller than the connection as a whole.

totalCount, if it is not null, indicates the total number of items in the connection considering the filter.



Any possible legal identification of a person or company

Campos:

cnpj

:

CNPJ

cpf

:

CPF

rg

:

RG


Annual income of a physical person (individual and family).

Campos:

personal

:

Float

Annual personal income (individual)


family

:

Float

Total annual household income of the individual.


currency

:

String

Currency associated with the reported values ​​

Currency code with 3 letters ISO4217 Example: EUR,USD, BRL. ..



Occupation of an individual.

Campos:

id

:

ID obrigatório

Opaque Identifier of the Profession

Must be informed as input in mutations that need profession.


display

:

String obrigatório

Text to be displayed to the user in forms and queries.

This text is translated into the language you entered in the query.



Image URL with size and mimeType.

Campos:

url

:

String obrigatório

URL to access the image


width

:

Int obrigatório

width in pixels


height

:

Int obrigatório

height in pixels


mimeType

:

String obrigatório

Type of the file in the convention (MIME - Multipurpose Internet Mail Extensions), as image/png, image/jpeg



Contact person, such as email or phone...

In order to maintain privacy, the value field can be masked.

Campos:

type

:

PersonContactType obrigatório

This type designates how to interpret the value, which can be telephone, email, or instant messaging application


context

:

String

Context of the contact, which varies with type:

  • If the type is PHONE or EMAIL, this could be: sales, support ...

  • If the type is IM, it can be: skype , whatsapp, facebook messenger ...

  • If it is OTHER, it can be any text


value

:

String obrigatório

Value of the contact. Examples: +12345678 for telephone, `user@server.com` for email, etc.

This field can be transformed depending on access rules and permissions. A merchant can receive ​​masked values with the notion of maintaining the privacy of the individual. An example would be to

receive only the last 4 digits of the phone, or just the first few letters of the email followed by the domain.


verified

:

VerifiedStatus

The verification process is done by our system by sending a message to the contact and then asking that the sent key to be return to the system.

NOTE: only the PHONE and EMAILare verifiable. The others will always return NOT_APPLICABLE.



World Physical Address, which can be used for submissions or accounts

Campos:

context

:

String

Context of the address, for example: home, Office, work, headquarters

Analog to field of the same name in PersonContact and CompanyContact.


country

:

String obrigatório

Country code with 3 letters (ISO3166-alpha3). Examples: USA, BRA...


city

:

String obrigatório

UTF-8 city name


state

(


abbrev:

Boolean

)

:

String

Full or abbreviated state name (optional).

State abbreviations may not be available for some countries, where the name is completely returned.


zip

:

String

Postal code (optional)


district

:

String

District optional


kind

:

String

The type must be Av. (Avenue),S. (Street), Hw. (Highway) ...


number

:

Int

Construction number


place

:

String obrigatório

Road name, to be used in conjunction with kind and number, composing the first line of address.


complement

:

String

Optional add-on, such as apartment number.


reference

:

String

Reference point (example: near the gas station)


instructions

:

String

Instructions (example: receiver authorization)


lon

:

Float

Longitude, optional: in degrees.

Contains the longitude if it is manually provided or automatically covered from the address. If it is not possible to provide, it will null.


lat

:

Float

Latitude, optional: in degrees.

Contains the latitude if it is manually provided or automatically covered from the address. If it is not possible to provide, it will null.



Cardholder

Usually a person

Campos:

id

:

ID obrigatório

Unique Global Identifier for this object


name

:

String

Full name of the cardholder as in the official documents (RG, CPF)


firstName

:

String

First name of cardholder


lastName

:

String

Last name of cardholder


displayName

:

String

Username to be displayed (example: shortened, alias ...)


companyName

:

String

Company name.

For corporate cards (legal entity), this field informs the company fancy name. For the business name, see companyLegalName.

For individual cards, it will always be null.


companyLegalName

:

String

Legal name of the company, as written in documents.

For corporate cards (legal entity), this field informs the corporate name. For fancy name, see companyName

For personal cards it will always be null.


legalIds

:

LegalIds

All legal documents identifying companies or individuals.


birthday

:

Date

Date of birth


age

:

Int

Age in years


gender

:

Gender

Male or Female, according to offical documents


maritalStatus

:

MaritalStatus

Marital status


income

:

PersonYearlyIncome

Annual income of the cardholder (individual and family).

This field is informational and can be used to fill out forms for other services, for example for issuing insurance.


occupation

(


language:

String

Language to be used when returning a query.

By default the language of the person making the request is adopted, however a different one can be requested and will be used, or the closest available. The format is: en_US (US English), en (generic English), pt_BR (Brazilian Portuguese), pt (generic portuguese). The format is the same as IETF language tag.

)

:

PersonOccupation

Cardholder occupation.

This field is informational and can be used to fill out forms for other services, for example for issuing insurance.

By default the language of the person making the request is adopted, however a different can be requested and will be used, or the closest available. The format is: en_US (US English), en (generic English), pt_BR (Brazilian Portuguese), pt (generic portuguese). The format is the same as IETF language tag.


image

(


width:

Int

If provided, width of the image in pixels.

height:

Int

If provided, image height, in pixels.

mimeType:

String

If provided, the type of file you want (mime-type).

)

:

ImageUrl

URL for profile photo. If height and width (optional) suggestions are provided for the size to be displayed, the server will return the URL to the image with the size closest to the requested one. If mimeType is provided, preference will be given to this, which is very useful on devices that deal with a single image format. Both the size and the mimeType of the image pointed to by the URL are returned.


contacts

:

list de PersonContact obrigatório

Cardholder contacts


addresses

:

list de Address obrigatório

Postal code


wallets

:

list de Wallet obrigatório

Wallets kept by this cardholder.


cards

(


first:

Int

Limit the list to the first entries, if provided. If it is null, the listing is unlimited. Used in forward navigation.

after:

String

Starts after the opaque cursor, if provided. Used in forward navigation.

last:

Int

Limits the list to the last entries, if provided. If null, the listing is unlimited. Used in back navigation.

before:

String

Starts before the opaque cursor, if provided. Used in backward navigation.

filter:

CardFilterInput

Apply filter, if provided.

)

:

CardsConnection

Cards in possession.

List all cards of a cardholder using pagination and an optional filter.

Note that not all fields on a card will be returned because they have privacy restricted to the cardholder, issuer or other entities authorized by the platform.

Optionally you can use filter to select only cards from a certain issuer, product, that offers some service or that has some restrictions of use.


cardTokens

(


first:

Int

Limit the list to the first entries, if provided. If it is null, the listing is unlimited. Used in forward navigation.

after:

String

Starts after the opaque cursor, if provided. Used in forward navigation.

last:

Int

Limits the list to the last entries, if provided. If null, the listing is unlimited. Used in back navigation.

before:

String

Starts before the opaque cursor, if provided. Used in backward navigation.

filter:

CardTokenFilterInput

Apply filter, if provided.

)

:

CardTokensConnection

Query tokens CardToken


travelInsurances

(


first:

Int

Limit the list to the first entries, if provided. If it is null, the listing is unlimited. Used in forward navigation.

after:

String

Starts after the opaque cursor, if provided. Used in forward navigation.

last:

Int

Limits the list to the last entries, if provided. If null, the listing is unlimited. Used in back navigation.

before:

String

Starts before the opaque cursor, if provided. Used in backward navigation.

filter:

TravelInsuranceFilter

Apply filter, if provided.

)

:

TravelInsurancesConnection

Insurance Travel related to the cardholder.

Lists all travel related travel insurance using paging and an optional filter.

The order of the listing is from the most recent to the oldest.

Optionally, you can use the filter to select only active, expired, canceled, and restricted to a certain range of dates.


extendedWarrantyInsurances

(


first:

Int

Limit the list to the first entries, if provided. If it is null, the listing is unlimited. Used in forward navigation.

after:

String

Starts after the opaque cursor, if provided. Used in forward navigation.

last:

Int

Limits the list to the last entries, if provided. If null, the listing is unlimited. Used in back navigation.

before:

String

Starts before the opaque cursor, if provided. Used in backward navigation.

filter:

ExtendedWarrantyInsuranceFilter

Apply filter, if provided.

)

:

ExtendedWarrantyInsurancesConnection

Extended Warranty Insurance related to the cardholder.

Lists all extended warranty insurance for cardholder-related products using paging and an optional filter.

The order of the listing is from the most recent to the oldest.

Optionally, you can use the filter to select only active, expired, canceled, and restricted to a certain range of dates.


purchaseProtectionInsurances

(


first:

Int

Limit the list to the first entries, if provided. If it is null, the listing is unlimited. Used in forward navigation.

after:

String

Starts after the opaque cursor, if provided. Used in forward navigation.

last:

Int

Limits the list to the last entries, if provided. If null, the listing is unlimited. Used in back navigation.

before:

String

Starts before the opaque cursor, if provided. Used in backward navigation.

filter:

PurchaseProtectionInsuranceFilter

Apply filter, if provided.

)

:

PurchaseProtectionInsurancesConnection

Purchase Protection Insurance related to the cardholder.

Lists all purchase-protection insurance for cardholder-related products using paging and an optional filter.

The order of the listing is from the most recent to the oldest.

Optionally, you can use the filter to select only active, expired, canceled, and restricted to a certain range of dates.


homeAssistences

(


first:

Int

Limit the list to the first entries, if provided. If it is null, the listing is unlimited. Used in forward navigation.

after:

String

Starts after the opaque cursor, if provided. Used in forward navigation.

last:

Int

Limits the list to the last entries, if provided. If null, the listing is unlimited. Used in back navigation.

before:

String

Starts before the opaque cursor, if provided. Used in backward navigation.

filter:

HomeAssistenceFilter

Apply filter, if provided.

)

:

HomeAssistencesConnection

Home assistance requested by the cardholder.

List all home assistance related to cardholder using pagination and an optional filter.

The order of the listing is from the most recent to the oldest.

Optionally you can use the filter to select assists by its status, type or ID.


documents

(


first:

Int

Limit the list to the first entries, if provided. If it is null, the listing is unlimited. Used in forward navigation.

after:

String

Starts after the opaque cursor, if provided. Used in forward navigation.

last:

Int

Limits the list to the last entries, if provided. If null, the listing is unlimited. Used in back navigation.

before:

String

Starts before the opaque cursor, if provided. Used in backward navigation.

filter:

DocumentsFilterInput

Apply filter, if provided.

)

:

DocumentConnection

Query documents sent for verification



A commercial establishment that carries out transactions with Elo cards.

Campos:

id

:

ID obrigatório

name

:

String obrigatório

legalName

:

String obrigatório

description

:

String

image

(


width:

Int

height:

Int

mimeType:

String

)

:

ImageUrl

legalIds

:

CompanyLegalIds obrigatório

contacts

:

lista obrigatória de CompanyContact obrigatório

addresses

:

lista obrigatória de Address obrigatório

url

:

String

categories

:

lista obrigatória de MerchantCategory obrigatório

Merchant categories (ISO code, name)


transactionFees

:

list de MerchantTransactionFees obrigatório

Effective Transactions Prices for the Merchant he fees and costs are associated with a use (i.e .: Credit, Credit installment by store ...), amount of installments and has a expiration, that is, they are dynamic. They should be queried and after refreshed for this merchant.

Some merchants have values ​​traded individually for their CNPJ, these are returned preferentially. However most merchants do not have individual trading for these category values (MerchantCategory), which is returned in the absence of the individually traded values.

Note that if the merchant is not in the database or can not determine its category it will be returned null. For these cases, should use the prices established for their category by looking directly for merchantCategory(iso: X) { transactionFees }.

Costs are dynamic: they have been changed in MerchantTransactionFees { lastModified } and are valid until MerchantTransactionFees { expiry }. The user should use expiry to invalidate the local cache, refreshing the information after that date and time.


cardTransactions

(


first:

Int

Limit the list to the first entries, if provided. If it is null, the listing is unlimited. Used in forward navigation.

after:

String

Starts after the opaque cursor, if provided. Used in forward navigation.

last:

Int

Limits the list to the last entries, if provided. If null, the listing is unlimited. Used in back navigation.

before:

String

Starts before the opaque cursor, if provided. Used in backward navigation.

filter:

CardTransactionFilterInput

Apply filter, if provided.

)

:

CardTransactionsConnection

Query transactions from this merchant.

Paged query allows you to get transactions made by this merchant with an optional filter.

When requested by a CardHolder, only your transactions with this merchant will be displayed (implicit filter).

For transactions on a specific card, use CardInterface { transactions }, first getting Card or CardToken for other queries, for example cardInterfaceByHash(hash)

It can be null in case of lack of permission, for example another merchant.



Card Issuer Entity

Campos:

id

:

ID obrigatório

name

:

String obrigatório

legalName

:

String obrigatório

description

:

String

image

(


width:

Int

height:

Int

mimeType:

String

)

:

ImageUrl

legalIds

:

CompanyLegalIds obrigatório

contacts

:

lista obrigatória de CompanyContact obrigatório

addresses

:

lista obrigatória de Address obrigatório

url

:

String

cards

(


first:

Int

Limit the list to the first entries, if provided. If it is null, the listing is unlimited. Used in forward navigation.

after:

String

Starts after the opaque cursor, if provided. Used in forward navigation.

last:

Int

Limits the list to the last entries, if provided. If null, the listing is unlimited. Used in back navigation.

before:

String

Starts before the opaque cursor, if provided. Used in backward navigation.

filter:

CardFilterInput

Apply filter, if provided.

)

:

CardsConnection

Queries all card objects (Card) available in the context.

If executed by a cardholder, all cards that the cardholder has issued and issued by this issuer will be returned.

If executed by a cardissuer, all issued cards will be returned.

In other cases, such as when executed by a merchant, an error is produced.



Redes Social

Campos:

provider

:

String obrigatório

Name of social network provider, eg Facebook, Twitter ...


username

:

String obrigatório

Username on social network



User-accepted usage terms

Campos:

agreementTerm

:

AgreementTerm obrigatório

The term that was accepted


timestamp

:

DateTime obrigatório

When the term was accepted



Access key (accessToken) and information about its origin.

Campos:

accessToken

:

String obrigatório

The access key (accessToken) active for this user


timestamp

:

DateTime obrigatório

When the access key (accessToken) was created


ip

(


ipv6Mapped:

Boolean

)

:

String

IPv4 or IPv6 network addresses from which the creation request originated.

If it is IPv6, it must be enclosed in brackets. Example: [::1] If it is IPv4, it should follow dotted notation: 127.0.0.1

The optionall ipv6Mapped establish that IPv4 addresses will always be coded as IPv6 using mapping rules: [::ffff:127.0.0.1]

It may be null if the IP address was unknown at the time the access key was created.


geolocation

:

Geolocation

Geographic location from where the request for creating the access key (accessToken) was sent. Can be approximated from IP.

Can be null.


device

:

Device

Device used to create the access key (accessToken). It can be approximated, for example, by using the User Agent (User-Agent) to identify operating system, brand and model ...



Campos:

id

:

String obrigatório

Key identifier for this user.

In operations that return encrypted data this will be the identifier of the key to be specified, as in the query CardInterface { sensitive(keyId: "X") }

This identifier is generated at the time the key is added, see addPublicKeyToUser()

NOTE: has user scope, is not global system.


key

:

String obrigatório

The serialized key in the required format.

If no format is specified, it will be returned as JSON Web Key - JWK



Entidade do Credenciador

Campos:

id

:

ID obrigatório

name

:

String obrigatório

legalName

:

String obrigatório

description

:

String

code

:

String obrigatório

Identificador Global Único do Credenciador junto a Elo.

Este campo identifica unicamente os números designados pela Elo para Estabelecimentos/Credenciador.


countryCode

:

String obrigatório

Identificador Global Único do país onde está localizado o Credenciador. Transações nacionais utiliza-se o código 076 (Brasil). ISO 3166-1 numeric


image

(


width:

Int

height:

Int

mimeType:

String

)

:

ImageUrl

legalIds

:

CompanyLegalIds obrigatório

contacts

:

lista obrigatória de CompanyContact obrigatório

addresses

:

lista obrigatória de Address obrigatório

url

:

String

fraudTransactions

(


first:

Int

Limit the list to the first entries, if provided. If it is null, the listing is unlimited. Used in forward navigation.

after:

String

Starts after the opaque cursor, if provided. Used in forward navigation.

last:

Int

Limits the list to the last entries, if provided. If null, the listing is unlimited. Used in back navigation.

before:

String

Starts before the opaque cursor, if provided. Used in backward navigation.

filter:

CardFraudTransactionFilterInput

Apply filter, if provided. Consult fraudulent transactions that have already been processed. Only Cardissuer can perform these queries.

)

:

CardFraudTransactionsConnection

Lista de transações fraudulentas



System User

The user can be associated with a merchant, cardissuer or can be a cardholder.

Also listed are the social networks that the user related and authorized, for example via OAuth.

Private API

Campos:

id

:

ID obrigatório

Unique Global Identifier for this object


verified

:

VerifiedStatus

The user has been verified through a social network, mail, SMS or other method.

It is the same as checking all the user's contacts and verifying that at least one of them has been verified (contacts { verified }).


username

:

String

User name for system access


name

:

String

Full name of the cardholder as in the official documents (RG, CPF)


firstName

:

String

Frist name of the user


lastName

:

String

Last name of the user


displayName

:

String

Username to be displayed (example: shortened, alias ...)


legalIds

:

LegalIds

All legal documents that identify the user.


birthday

:

Date

Date of birth


age

:

Int

Age in years


gender

:

Gender

Male or Female, according to offical documents


maritalStatus

:

MaritalStatus

Marital status


income

:

PersonYearlyIncome

Annual income of the user (individual and family).


occupation

(


language:

String

Language to be used when returning a query.

By default the language of the person making the request is adopted, however a different one can be requested and will be used, or the closest available. The format is: en_US (US English), en (generic English), pt_BR (Brazilian Portuguese), pt (generic portuguese). The format is the same as IETF language tag.

)

:

PersonOccupation

User occupation.

By default the language of the person making the request is adopted, however a different one can be requested and will be used, or the one closest available. The format is: en_US (US English), en (Generic English), pt_BR (Brazilian Portuguese), pt (Generic Portuguese). The format is the same as IETF language tag.


image

(


width:

Int

If provided, width of the image in pixels.

height:

Int

If provided, image height, in pixels.

mimeType:

String

If provided, the type of file you want (mime-type).

)

:

ImageUrl

URL for profile photo. If height and width (optional) suggestions are provided for the size to be displayed, the server will return the URL to the image with the size closest to the requested one. If mimeType is provided, preference will be given to this, which is very useful on devices that deal with a single image format. Both the size and the mimeType of the image pointed to by the URL are returned.


contacts

:

list de PersonContact obrigatório

User Contacts


addresses

:

list de Address obrigatório

Postal Addresses


cardHolders

:

list de CardHolder obrigatório

Cardholders associated with the user

A user can have more than one associated cardholder in case of different legal entities, as well as a cardholder for their physical person.

Relationship: 1:n


merchants

:

list de Merchant obrigatório

Merchant associated with the user

A user can be responsible for several merchants. A merchant can have multiple users responsible.

Relationship: n:n


cardIssuers

:

list de CardIssuer obrigatório

Cardissuers associated with the user

A issuer can have multiple users responsible. In general a user will be responsible for only one issuer. However it is modeled as being possible for the user to be responsible for multiple issuers (prevents the API from changing if this case becomes a reality).

Relationship: n:n


socialNetworks

:

list de SocialNetwork obrigatório

Social networks related to the user


agreements

:

list de UserAgreement obrigatório

User-accepted terms of use


accessTokens

:

list de AccessTokenInfo obrigatório

List of active access keys for this user


publicKeys

:

list de PublicKey obrigatório

Known Public Keys List, for this user


origin

:

String

Identifies the origin of user registration.


analyticsId

:

ID obrigatório

Unique Global Identifier for this object


acquirer

:

Acquirer


Connection edge containing an AgreementTerms conforming to Relay.

Campos:

cursor

:

String obrigatório

Opaque cursor for use with queries after or before.


node

:

AgreementTerm

The AgreementTerm object that makes up this connection edge.



Connection of AgreementTerms in accordance with Relay.

Campos:

pageInfo

:

PageInfo obrigatório

Opaque cursor for use with queries after or before.


edges

:

List of edges that make up this connection.


totalCount

:

Int

Total count of objects in this connection.

Edges are limited to before and after cursors, as well as first and last count. Thus the size of edges is possibly smaller than the connection as a whole.

totalCount, if it is not null, indicates the total number of items in the connection considering the filter.



(Digital Wallet)

Campos:

id

:

ID obrigatório

Unique Global Identifier for this object


name

:

String obrigatório

Wallet name


holder

:

CardHolder obrigatório

Cardholder name and contact


cards

(


first:

Int

Limit the list to the first entries, if provided. If it is null, the listing is unlimited. Used in forward navigation.

after:

String

Starts after the opaque cursor, if provided. Used in forward navigation.

last:

Int

Limits the list to the last entries, if provided. If null, the listing is unlimited. Used in back navigation.

before:

String

Starts before the opaque cursor, if provided. Used in backward navigation.

filter:

CardFilterInput

Apply filter, if provided.

)

:

CardsConnection

Query all available cards in the context.

If executed by a cardholder, then it returns all the cards contained in the wallet.

Otherwise, if requested by issuers or merchants, it produces an error.



A Credit card or Debit card.

Campos:

id

:

ID obrigatório

sensitive

(


keyId:

String

)

:

String

last4

:

String

expiry

:

CardExpiry

holder

:

CardHolder

billingAddress

:

Address

status

:

CardStatusInterface obrigatório

availableServices

:

list de CardHolderService obrigatório

usedServices

:

list de CardHolderService obrigatório

bin

:

BIN

funding

:

CardFunding

product

:

CardProduct

isInternational

:

Boolean

isCompany

:

Boolean

isToken

:

Boolean

cardTokens

:

CardTokensConnection

Returns a connection for tokens related to this card


brand

:

CardBrand

allowedCaptures

:

list de CardCapture obrigatório

usages

:

list de CardUsage obrigatório

network

:

CardNetwork

issuer

:

CardIssuer

metadata

:

CardMetadata

trackings

:

list de Track

It will only return the data if it is a CardIssuer performing the query, if another type of user does this query the field should return empty.


transactions

(


first:

Int

Limit the list to the first entries, if provided. If it is null, the listing is unlimited. Used in forward navigation.

after:

String

Starts after the opaque cursor, if provided. Used in forward navigation.

last:

Int

Limits the list to the last entries, if provided. If null, the listing is unlimited. Used in back navigation.

before:

String

Starts before the opaque cursor, if provided. Used in backward navigation.

filter:

CardTransactionFilterInput

Apply filter, if provided.

)

:

CardTransactionsConnection

transactionsSummary

(


filter:

CardTransactionSummaryFilterInput

Apply filter, if provided.

)

:

list de CardTransactionCategorySummary obrigatório

fraudTransactions

(


first:

Int

Limit the list to the first entries, if provided. If it is null, the listing is unlimited. Used in forward navigation.

after:

String

Starts after the opaque cursor, if provided. Used in forward navigation.

last:

Int

Limits the list to the last entries, if provided. If null, the listing is unlimited. Used in back navigation.

before:

String

Starts before the opaque cursor, if provided. Used in backward navigation.

filter:

CardFraudTransactionFilterInput

Apply filter, if provided. Consult fraudulent transactions that have already been processed. Only Cardissuer can perform these queries.

)

:

CardFraudTransactionsConnection

queueFraudTransactions

(


first:

Int

Limit the list to the first entries, if provided. If it is null, the listing is unlimited. Used in forward navigation.

after:

String

Starts after the opaque cursor, if provided. Used in forward navigation.

last:

Int

Limits the list to the last entries, if provided. If null, the listing is unlimited. Used in back navigation.

before:

String

Starts before the opaque cursor, if provided. Used in backward navigation.

filter:

CardFraudTransactionFilterInput

Apply filter, if provided. Consult the fraudulent transactions that are in the processing queue. Only Cardissuer can perform these queries.

)

:

CardFraudTransactionsConnection


Return of the mutation addCardToWallet().

Compatible with Relay.

Campos:

clientMutationId

:

String

wallet

:

Wallet

The wallet where the card was added, or null in case of error.


card

:

Card

The card added, or null in case of error.



Return of the mutation removeCardFromWallet().

Compatible with Relay.

Campos:

clientMutationId

:

String

wallet

:

Wallet

The wallet from where the card was removed, or null in case of error.


card

:

Card

The card is removed, or null in case of error.



Return of the mutation createWallet().

Compatible with Relay.

Campos:

clientMutationId

:

String

wallet

:

Wallet

The wallet created or null in case of error.


holder

:

CardHolder

The cardholder who received the wallet or null in case of error.



Return of the mutation deleteWallet().

Compatible with Relay.

Campos:

clientMutationId

:

String

walletId

:

ID

The unique global identifier of the wallet deleted or null in case of error.


name

:

String

The name of the wallet deleted or null in case of error.


holder

:

CardHolder

The holder that had the wallet deleted or null in case of error.



Return mutation updateWallet().

Compatible with Relay

Campos:

clientMutationId

:

String

wallet

:

Wallet

The wallet whose information was edited, or null in case of error.



Return of mutation createLoginSalt ()

Compatible with Relay.

Campos:

clientMutationId

:

String

username

:

String obrigatório

User name for system access.

Even provided for createLoginSalt ().


salt

:

String obrigatório

Value to be used in the login () (challenge).

Note that salt has an expiry specified in expiry, when arriving at the defined date and timesalt will no longer be valid.

The salt value includes a prefix (ie:$ 2a) followed by the number of iterations to be made, also referred to as' costorsaltRounds- ie: $ 10 , followed by $ `and 22 characters presenting the Base64 of 128 bits with the actual _salt _, topping 29 characters. This is the format used by most libraries. Example: $ 2a $ 10 $ XDIZcWCyQ1dlF24wQplooO


expiry

:

DateTime obrigatório

expiration date and time of 'Salt'.



Retorno da mutação logout().

Compatível com Relay.

Campos:

accessToken

:

String obrigatório

A chave de acesso expirada (accessToken) de identificação do usuário.


refreshToken

:

String obrigatório

Informação que deve ser utilizada para gerar uma nova chave de accesso do usuário.



Return from mutations login () or socialNetworkOAuthLogin ().

Compatible with Relay.

Campos:

clientMutationId

:

String

accessToken

:

String

The user's access key (accessToken). It must be stored and sent in every HTTP request in the access_token header. Example (XXXYYYZZZ is the value required in this field):

GET /graphql HTTP/1.1
...
access_token: XXXYYYZZZ
...

oauthToken

:

AccessTokenPayload

Informações para autenticação e geração de uma nova chave de acesso



Mutation response createUser().

Compatible with Relay.

Campos:

clientMutationId

:

String

id

:

ID obrigatório

Unique Global Identifier for this user


name

:

String

Full name of the cardholder as in the official documents (RG, CPF)


oauthToken

:

AccessTokenPayload

Informações para autenticação e geração de uma nova chave de acesso



Mutation response createCard().

Compatible with Relay.

Campos:

clientMutationId

:

String

card

:

Card

The card created and associated with the cardholder.

Note that the cardholder can be consulted in Card {holder}.



Card expiring date: Month and Year

Campos:

month

:

Int obrigatório

Month - January is 1, December is 12


year

:

Int obrigatório

Year - 4 digits, example: 2017, not 17.



Represents a BIN (Bank Identification Number or Bank Identification Number) in the system.

The BIN is relative to the initial numbers of a card and identifies \in the issuer and associated products.

Each banner has tracks BINs reserved for their use, these are vailable as reserved in thebinTable query.

But the greatest interest is for BIN in use (allocated), which will load information about the sender (bank), financing (payment, debit or both), products (term payments, prepaid, Card for construction - Construcard ...) and even services such as insurance ninety or access to WiFi.

The BIN table is dynamic:

  • As cards from the same prefix (BIN) are unusable and run out of users, the BIN can then be recycled for a new use.

  • As new products are inserted, a previously reserved BIN without users will then be allocated, entering into use.

For i So it's important to keep the BIN table up to date, see binTable. To find out if the table has been updated use \in the name fields similar to HTTP lastModified (date and time the last modification) and etag (entity tag or label of think), which offers a unique identifier on the table , if he changeed then the table change as well.

Campos:

number

:

String obrigatório

panSizeRange

:

IntRange obrigatório

funding

:

CardFunding obrigatório

product

:

CardProduct obrigatório

country

:

String obrigatório

isInternational

:

Boolean obrigatório

regexp

:

String obrigatório

isCompany

:

Boolean obrigatório

Iftrue, then the card is a corporate, used for legal companies. If false, then the card is for a person.".


isToken

:

Boolean obrigatório

It says if the card is virtual (token, see CardToken). \ n Tokens are often understood as " virtual cards \ "(VCN - Virtual Card Numbers), they are associated with a real card and can have greater control such as currency restriction, purchase number, purchase value, merchant category, and others.

The largest use of tokens is to reduce security problems, before a merchant or cardholder.

If true, then this BIN is used for tokens instead of physical (plastic) cards. Iffalse then this BIN is used for traditional, physical (plastic) cards.


brand

:

CardBrand obrigatório

The scheme of the Card

The scheme responsible for the Card. For Elo cards, it will always be Elo.


allowedCaptures

:

lista obrigatória de CardCapture obrigatório

Capture modes allowed for the card.

This list tells you which capture modes are allowed for the card, for example if POS can then be used at a point of sale (Point Of Sale), otherwise attempting to use it with this will result on a rejected transaction.


usages

:

lista obrigatória de CardUsage obrigatório

Case use allowed for the card.

This list tells you if the card can be used for debit, for credited cash, credit installment by store, among others.


network

:

CardNetwork obrigatório

Network for Card use.

Each card should be used on a network, which is listed in this field. For example the Elo cards use the networks:

  • Elo: home use (isInternational = false);

  • Elo-Discovery: international use.


issuer

:

CardIssuer obrigatório

Card issuer.

All BINs are associated with one and only one issuer, which can be referred to this field to obtain the global identifier Unique, social name, fantasy name, CNPJ, address, contacts, and finals..


metadata

:

CardMetadata obrigatório

Metadata for the presentation of the card to the user

Measures such as:

  • image

  • colors These should be used to present a card to the user in order to clarify the information and avoid errors.


services

:

lista obrigatória de CardHolderService obrigatório

Services (benefits) available to the cardholder.

Services, also known as benefits, cardholder. For example:

  • Travel Insurance, to purchase air tickets;

  • Purchase Protection, to purchase goods;

  • Extended Warranty, to purchase goods;

  • WiFi access.


creditSettlementBankNumber

:

Int

Bank Settlement Bank Number

Indicates which bank code should be used to settle the credit transactions.

Private API


debitSettlementBankNumber

:

Int

Bank Settlement Bank Number

Indicates which bank code should be used to settle the credit transactions.

Private API



Mutation response deleteCard().

Compatible with Relay.

Campos:

clientMutationId

:

String

cardId

:

ID obrigatório

Unique global identifier of the deleted card


last4

:

String

Last 4 digits of the card, is to be showned to user \n\nCan be null depending on permissions and access.


expiry

:

CardExpiry

Card expiration date

Can be null depending on permissions and access


holder

:

CardHolder

Cardholder name and contact

It can be null depending on permissions and access.


bin

:

BIN

BIN information of the card.

BIN (Bank Identification Number or Bank Identification Number) demonstrate various card properties, eg: bank \ nIssuer, usage, metadata (images) and so on.

Can be `null in case of lack of permission



Mutation responseupdateCard().

Compatible with Relay.

Campos:

clientMutationId

:

String

card

:

Card

The updated card



Mutation response requestPasswordReset().

Compatible with Relay.

Campos:

clientMutationId

:

String

maskedEmail

:

String

Returns a masked version of the email that will receive the access recover password.

This information allows the user to distinguish between multiple emails which can be registered in the system and identify which should see the key. For example, a user has registered the following emails:

The masking of emails will allow to identify which was sent:

It can be null if the code has been sent to a phone, in this case verify maskedPhone


maskedPhone

:

String

Returns a masked version of the phone that will receive the access recover key.

This information allows the user to distinguish between several

telephone numbers that can be registered in the system and identify which should see the key. For example, a user has registered the following phones:

  • +55 (11) 99123-4567 -+55 (21) 99999-1234

The masking of telephones will allow to identify which was sent:

  • +55 (11) 9xxx3-xx67

    -+55 (21) 9xxx9-xx34

Can be null if the code was sent to an email, in this case verify maskedEmail



Mutation response passwordReset().

Compatible with Relay.

Campos:

clientMutationId

:

String

user

:

User

If successful, it contains the user whose password was changed.

In case of failure, such as an invalid token or password outside of the given standards,null will be returned.



Mutation Response deleteUser().

Compatible with Relay.

Campos:

clientMutationId

:

String

userId

:

ID obrigatório

Deleted Unique global user id


username

:

String obrigatório

Name of the deleted user


name

:

String

Full name of the cardholder as in the official documents (RG, CPF)


firstName

:

String

First name of the deleted user


lastName

:

String

User display name deleted


displayName

:

String

Nome de exibição do usuário apagado



Mutation responseupdateUser().

Compatible withRelay

Campos:

clientMutationId

:

String

user

:

User

The user modified with the new fields



Mutation Response createCardHolderForUser().

Compatible with Relay.

Campos:

clientMutationId

:

String

user

:

User

The user who created an associated cardholder.


cardHolder

:

CardHolder

The cardholder that was created for the user.



Mutation reponse request addCardIssuerToUser().

Compatile with Relay.

Campos:

clientMutationId

:

String

user

:

User

The user who was associated with the issuer (Bank)


cardIssuer

:

CardIssuer

The issuer (bank) that was associated with the user



Mutation EntryaddMerchantToUser().

Compatible withRelay.

Campos:

clientMutationId

:

String

user

:

User

The user who was associated with the merchant


merchant

:

Merchant

The merchant which has been associated with the user



Mutation response request addPublicKeyToUser().

Compatible with Relay.

Campos:

clientMutationId

:

String

user

:

User

The user who had the key added


publicKey

:

PublicKey

The key added.

Please note that thepublicKey {id}field contains the key identifier removePublicKeyFromUser (keyId: " X \ ") or \ nCardInterface {sensitive (keyId: \ "X ")}



Response of mutation request addAgreementToUser().

Compatible with Relay.

Campos:

clientMutationId

:

String

user

:

User

The user who accepted the term


agreement

:

UserAgreement

The acceptance and its information like'agreementTerm' and 'timestamp'



Terms of use

Campos:

id

:

ID obrigatório

Unique Global Identifier for this object


title

:

String obrigatório

Title of the term


description

:

String

Terms Description


url

:

String

Page address with information about the terms


isWalletDigital

:

Boolean

Identifies whether the terms of use refers to a digital wallet or not.



Return of the mutation removeAgreementFromUser().

Compatible with Relay.

Campos:

clientMutationId

:

String

user

:

User

The user that no longer accepts the terms of use


agreementTerm

:

AgreementTerm

The previously accepted term that is no longer listed in `User {agreements}






Node compatible with Relay.

Campos:

id

:

ID obrigatório

Unique Global Identifier for this object





Card Status

Each state has its own payload in specific implementations of CardStatusInterface. Use fragments to query its fields.


Valores possíveis:


INACTIVE

Card was not activated


ACTIVE

Card has been activated and is ready for use


SUSPENDED

Card has been suspended and can not be used




Card Funding: credit, debit, multiple, Food and Meal.


Valores possíveis:


CREDIT

Credit Card


DEBIT

Debit Card


MULTIPLE

Credit and Debit Card (both simultaneously).


MEAL

Benefit Card (Meal)


FOOD

Benefit Card (Food)




Verification Status.

Used, for example, to check the contacts of a cardholder.


Valores possíveis:


UNVERIFIED

The item has not yet been verified.


PENDING

The verification process has started, but it has not yet been completed. After the completion it will change to VERIFIED orFAILED.


VERIFIED

The item has been verified successfully.


FAILED

The item failed verification.


NOT_APPLICABLE

The verification process does not apply to this item.




Gender options


Valores possíveis:


FEMALE


MALE




Marital status options


Valores possíveis:


DIVORCED

Divorced


MARRIED

Married


SINGLE

Single


WIDOWED

Widowed


COMMON_LAW_MARRIED

Stable union




Tipos de contato válidos para a verificação de contato.


Valores possíveis:


PHONE

Telefone


EMAIL

E-mail




type of contact with the person.


Valores possíveis:


PHONE

value is a phone, mobile or fax number


EMAIL

the value is an e-mail address


IM

instant messaging application The value is a user identifier with the context field


OTHER

value following free text




Cryptographic key format to be serialized or interpreted.


Valores possíveis:


PEM

Privacy Enhanced Mail PEM


X509

Certified X.509