Pay a QR Code
Pay a boleto or Pix QR Code with an already-linked account. The payer approves the payment on their device with the passkey registered during account linking — no redirection.
Method sequence
enrollments.listByUserJsr(cpf, { deviceId })— gate: confirm the payer has anAUTHORISEDenrollment and pick it.pix.getDetails({ qrCode })— decode the QR Code to show the payee, amount, and account before charging.consents.createJsr(req)— open a JSR consent with theqrCode. Returns{ id, consentId, fidoSignOptions }.idis thepaymentRequestIdyou pass in step 5.- [device] the device calls
navigator.credentials.get()withconsent.fidoSignOptionsand produces a FIDO2 assertion. payments.processJsr(req)— submit theassertionplusriskSignalsto execute the payment. Check the result with theisPaidhelper.
Steps 4–5 are identical across every JSR flow — see Execute a JSR payment for the full code.
Sequence diagram
Carregando diagrama…
Code
Steps 1–3: gate on the enrollment, decode the QR Code, and open the consent.
consents.createJsr requires the clientIp (the X-Client-IP header).
// 1) Gate: an AUTHORISED enrollment is required
const user = await client.enrollments.listByUserJsr(cpf, { deviceId: riskSignals.deviceId });
const enrollment = user.enrollments[0];
// 2) Decode the QR Code (display)
const details = await client.pix.getDetails({ qrCode });
// 3) Create the consent
const consent = await client.consents.createJsr({
enrollmentId: enrollment.enrollmentId,
payment: { qrCode, redirectUri: 'https://app.example.com/payment-success' },
fidoSignOptions: { platform: 'ANDROID' },
}, { clientIp });
// consent.id is the paymentRequestId — sign on device and call payments.processJsr,
// see Execute a JSR payment// 1) Gate: an AUTHORISED enrollment is required
UserEnrollments user = client.enrollments.listByUserJsr(cpf, ListEnrollmentsQuery.deviceId(deviceId));
EnrollmentSummary enrollment = user.enrollments().get(0);
// 2) Decode the QR Code (display)
PixDetails details = client.pix.getDetails(PixDetailsRequest.byQrCode(qrCode));
// 3) Create the consent
JsrConsentResult consent = client.consents.createJsr(
new CreateJsrConsentRequest()
.enrollmentId(enrollment.enrollmentId())
.payment(JsrPayment.qrCode(qrCode, "https://app.example.com/payment-success"))
.fidoSignOptions(new FidoSignOptionsInput("ANDROID")),
CallOptions.clientIp(ip));
// consent.id() is the paymentRequestId — sign on device and call payments.processJsr,
// see Execute a JSR payment// 1) Gate: an AUTHORISED enrollment is required
let user = try await client.enrollments.listByUserJsr(cpf, query: ListEnrollmentsQuery(deviceId: deviceId))
guard let enrollment = user.enrollments.first else { return }
// 2) Decode the QR Code (display)
let details = try await client.pix.getDetails(.byQrCode(qrCode))
// 3) Create the consent
let consent = try await client.consents.createJsr(
CreateJsrConsentRequest(
enrollmentId: enrollment.enrollmentId,
fidoSignOptions: FidoSignOptionsInput(platform: "IOS"),
payment: .qrCode(qrCode, redirectUri: "https://app.example.com/payment-success")),
options: .clientIp(ip))
// consent.id is the paymentRequestId — sign on device and call payments.processJsr,
// see Execute a JSR payment// 1) Gate: an AUTHORISED enrollment is required
var user = await client.Enrollments.ListByUserJsrAsync(cpf, new ListEnrollmentsQuery { DeviceId = deviceId });
var enrollment = user.Enrollments[0];
// 2) Decode the QR Code (display)
var details = await client.Pix.GetDetailsAsync(PixDetailsRequest.ByQrCode(qrCode));
// 3) Create the consent
var consent = await client.Consents.CreateJsrAsync(new CreateJsrConsentRequest
{
EnrollmentId = enrollment.EnrollmentId,
FidoSignOptions = new FidoSignOptionsInput { Platform = "ANDROID" },
Payment = JsrPayment.ForQrCode(qrCode, "https://app.example.com/payment-success"),
}, CallOptions.WithClientIp(ip));
// consent.Id is the paymentRequestId — sign on device and call payments.processJsr,
// see Execute a JSR paymentNext steps
- Execute a JSR payment — sign on device and run
processJsr. - Pix transfer by key — the same flow with a Pix key instead of a QR Code.
- Link an account — required before this flow.