Authorise payment
Completes the JSR payment after the payer performs the FIDO2 gesture
(navigator.credentials.get()). Send enrollmentId, optional
paymentRequestId (the id from Create payment consent),
riskSignals, and fidoAssertion matching the WebAuthn credential.
The ASPSP authorises and settles the Pix; the envelope data follows
RetornoPaymentRequestDto (request-level status, payments[], etc.).
/api/v1/jsr/paymentsAuthorise consent and make payment
Submits FIDO assertion and risk signals to execute the JSR Pix payment.
Cabeçalhos
2 campossubTenantId●Subtenant identifier.
x-client-ip●End-user client IP.
Corpo da requisição
4 camposenrollmentId●Authorised enrollment used for this payment.
paymentRequestIdPayment request id from Create payment consent (`data.id`). Optional in OpenAPI — send when your integration requires it.
riskSignals●Risk signals. OpenAPI lists many optional fields (geolocation, integrity, etc.); below are commonly required ones.
deviceId●osVersion●userTimeZoneOffset●language●screenDimensions●width●height●accountTenure●User registration date on your platform.
isRootedDeviceAndroid/iOS restrictions may apply.
screenBrightnessPlatform-specific brightness.
elapsedTimeSinceBootMilliseconds since boot.
geolocationOptional — latitude, longitude, type COARSE|FINE|INFERRED.
latitudelongitudetypefidoAssertion●WebAuthn assertion from navigator.credentials.get.
id●Credential id base64url.
rawId●Same as id mapping.
type●response●clientDataJSON●Base64url.
authenticatorData●Base64url.
signature●Base64url.
userHandle●Base64url or empty string if absent.
clientExtensionResultsBrowser extension results.
curl --request POST \
--url 'https://embedded-payment-manager.hml.linaob.com.br/api/v1/jsr/payments' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <SEU_TOKEN>' \
--header 'subTenantId: subtenant_abc123' \
--header 'x-client-ip: 198.21.104.1' \
--data '{
"enrollmentId": "enr_abc123",
"paymentRequestId": "pay_req_xyz",
"riskSignals": {
"deviceId": "00aa11bb22cc33dd",
"osVersion": "17.2",
"userTimeZoneOffset": "-03:00",
"language": "pt",
"screenDimensions": {
"width": 390,
"height": 844
},
"accountTenure": "2023-01-01",
"geolocation": {
"latitude": -23.5,
"longitude": -46.6,
"type": "COARSE"
}
},
"fidoAssertion": {
"type": "public-key"
}
}'Response
- dataobjectrequired
RetornoPaymentRequestDto — full creditor/debitor in OpenAPI.
- idstringrequired
Payment request id.
- consentIdstring· nullable
Consent id.
- valuenumberrequired
Total value BRL.
- statusstringrequired
PENDENTE | EM_PROCESSAMENTO | CONSUMIDO | EXPIRADO | CANCELADO | ERRO_NA_DETENTORA | ERRO
- creditorobjectrequired
- paymentsarray of objectsrequired
Installments / legs with statuses.
- messagestring
Response message.
- typestring
Envelope type.
- statusCodeinteger· nullable
HTTP status in envelope.
{
"data": {
"id": "pay_req_xyz",
"consentId": "consent_xyz",
"value": 1500.5,
"status": "CONSUMIDO",
"creditor": {
"name": "Merchant SA",
"personType": "PESSOA_JURIDICA",
"cpfCnpj": "12345678000195",
"accountNumber": "1234567890",
"accountIssuer": "0001",
"accountIspb": "12345678",
"accountType": "CACC"
},
"payments": [
{
"id": "pay_leg_1",
"dueDate": "2024-06-01T12:00:00Z",
"status": "PAGO",
"txId": "E12345678202406101200abcd1234"
}
]
},
"message": "OK",
"type": "success",
"statusCode": 200
}Next steps
- Compare payment leg
statusvalues with Instant Pix status tables for UX copy.