Pular para o conteúdo

Tap on Pix (NFC)

Tap on Pix lets the initiating institution start a Pix payment after reading a proximity (NFC) payload from the payer’s device or tag. The institution parses the Tap to Pix URI, derives the Pix Copia e Cola (EMV BR Code string), then continues with JSR (redirectless): either complete enrollment once or reuse an AUTHORISED enrollment and run Part 2 — Redirectless payment.

Tap to Pix URI (BCB pattern)

The NFC payload uses a URI shaped like:

pix://<hostname>?qr=<uri-encoded-emv-qr-string>&sig=<signature>

Replace the placeholders as follows:

PartMeaning
<hostname>Domain identification for the party that published the QR Code.
<uri-encoded-emv-qr-string>Pix Copia e Cola content URI-encoded (same idea as encodeURIComponent() before placing it in the query string). Your app must decode this parameter (for example decodeURIComponent() in JavaScript) to obtain the raw EMV string used as Copia e Cola.
<signature>Optional, reserved for future use: signature of the decoded Copia e Cola using PS256, consistent with Open Finance practice. How the receiver obtains the public key for validation is not fixed in this documentation — follow institutional or regulator guidance when available.

Normative reference (Android proximity specification): BCB — Especificações Pix aproximação (PDF).

Processing on the institution side

  1. Read the NFC record and obtain the pix://… URI (and validate transport/security policies your product requires).
  2. Parse the URI; read query parameters qr and, if present, sig.
  3. Decode qr with the appropriate URI decoder so the result is the Copia e Cola string (EMV BR Code payload).
  4. If you adopt signature verification later, use sig only once PS256 and public-key distribution are defined for your integration — until then treat it as optional metadata.

JSR journey after NFC

No AUTHORISED enrollment yet

Run Part 1 — Enrollment from JSR (Redirectless): registered participants, create enrollment, bank redirect, fragment handling, FIDO2 registration, register device — until Get enrollment shows AUTHORISED.

Enrollment already AUTHORISED

Follow Part 2 — Redirectless payment in JSR (Redirectless):

  1. Call POST /api/v1/jsr/consents (Create payment consent) with the usual enrollment and payment fields plus:
    • isNFC: true
    • qrCode: the Copia e Cola string (decoded from the qr query parameter)
  2. Complete navigator.credentials.get() using returned fidoSignOptions.
  3. Call POST /api/v1/jsr/payments (Authorise payment) as today.
Tap on Pix — NFC URI decoding, enrollment gate, redirectless consent with isNFC and qrCode
Tap on Pix — sequence from NFC tap through JSR consent and settlement

Prerequisites

Next steps