Gateway Providers
The system supports three payment providers, each with specific capabilities.
Available Providers
Pagar.me (PAGARME)
- Purpose: Credit card processing
- Supported methods: Credit card only
- API: Pagar.me v5 (https://api.pagar.me/core/v5)
- Environment: Sandbox and Production
Required credentials:
| Field | Required | Description |
|---|---|---|
secretKey | Yes | API secret key |
publicKey | No | Public key for tokenization |
merchantId | No | Merchant ID |
accountId | No | Account ID |
Features:
- Card tokenization (client → token → gateway)
- Authorization and capture
- Full and partial refunds
- Customer and card management on the gateway
Kobana (KOBANA)
- Purpose: Brazilian payment methods
- Supported methods: Boleto and PIX
- Environment: Sandbox and Production
Required credentials:
| Field | Required | Description |
|---|---|---|
accessToken | Yes | API access token |
billetAccountId | No | Boleto account ID |
pixAccountUid | No | PIX account UID (required for PIX) |
webhookSecret | No | Secret for webhook validation |
Features:
- Boleto issuance with barcode and PDF
- PIX QR Code generation (EMV)
- Charge cancellation
- Webhooks for payment confirmation
Mock (MOCK)
- Purpose: Development and testing
- Supported methods: Card, Boleto, and PIX
- Credentials: None required
- Activation: Automatic upon creation
Simulates all payment types for the development environment.
Payment Methods by Provider
| Method | Pagar.me | Kobana | Mock |
|---|---|---|---|
| Credit card | Yes | - | Yes |
| Boleto | - | Yes | Yes |
| PIX | - | Yes | Yes |
| Bank transfer | - | - | - |
Credential Security
- All credentials are encrypted at rest using AES-256-GCM
- Credentials are decrypted only at the time of the API call
- API responses mask credentials (format:
****[last 4]) - Sensitive fields are filtered from logs