Create a Single-Step Card Payment
This guide walks you through processing a complete single-step payment transaction using the Getnet Regional API. The flow involves direct capturing the payment without a previous authorization.
Requirements
Before following the steps, you need to:
- Create your account by contacting the Integration Support team to get your API credentials
client_idandclient_secret. - Generate your token with your credentials using the Authentication endpoint.
Getnet provides a Postman Collection to help you to replicate these use cases locally.You can also test the API in sandbox using the API Reference available in the documentation.
Use Cases Specifics
When integrating any Getnet solution, market-specific requirements apply. Be sure to review the resources below before you go live:
You can also use test cards to simulate specific scenarios. More information about specific requirements for each country can be found in the Developer Resources section of the Getnet documentation.
Single-Step Payment Process
This section guides you through the process of creating a single-step payment transaction with the Getnet Regional API. You'll learn how to capture payment directly in one step and optionally verify the transaction status.
The following diagram provides an overview of the single-step payment process:
Tokenize Card Data (Optional)
Instead of sending the raw card number in your payment request, you can use tokenization to enhance security and reduce PCI DSS compliance scope. To use a tokenized card:
- Tokenize the card by calling the Card Tokenization endpoint with the
card_numberandcustomer_id. - In your payment request, replace the
card.numberfield withcard.number_tokenusing the token value received from the tokenization endpoint.
number_token, you must exclude the card.number property from the request. For complete details on tokenization, see the Tokenization and Vault documentation.Step 1: Capture the Payment
A single-step payment involves the capturing of a payment using the Create - Authorize endpoint. This step validates the customer's payment details and directly transfers the funds.
Country-specific requirements: Some markets may require additional mandatory fields. In Uruguay you must include aratesarray, provide aregional_regulation_code, and setdata.payment.transaction_typetoFULL. Review the Taxes and Regulations reference for more information.
data.payment.payment_method attribute in your request to CREDIT or DEBIT. This ensures the funds are immediately captured. The table below lists the minimum fields you need to send:| Attribute | Description | Required |
|---|---|---|
idempotency_key | Unique identifier to prevent duplicate charges. | Yes |
order_id | Merchant reference ID used for reconciliation. | Yes |
request_id | Trace identifier for idempotency audits and support follow-up. | Recommended |
data.amount | Transaction amount in cents. | Yes |
data.currency | ISO currency code used in the transaction. | Yes |
data.customer | Customer details (name, email, phone, document, full billing address). Mandatory in production to avoid antifraud blocks. | Yes (Prod) |
data.payment.payment_method | Must be CREDIT or DEBIT for a single-step flow. | Yes |
data.payment.transaction_type | Defines how the transaction is processed (FULL, INSTALL_NO_INTEREST, INSTALL_WITH_INTEREST). | Yes |
data.payment.number_installments | Number of instalments (use 1 for a single payment). | Yes |
data.payment.card | Card data set (number, brand, expiration_month, expiration_year, security_code, cardholder_name). | Yes |
data.additional_data.device | Device fingerprint information (ip_address, device_id, finger_print) for antifraud analysis. | Yes (Prod) |
The objects required for antifraud validation must include the following fields:
| Object / Field | Description |
|---|---|
customer.first_name | Customer's first name |
customer.last_name | Customer's last name |
customer.email | Customer email address |
customer.phone_number | Phone number (international format) |
customer.document_type | Document type (e.g., CPF, DNI, etc.) |
customer.document_number | Document number (without punctuation) |
customer.billing_address.street | Street name |
customer.billing_address.number | Address number |
customer.billing_address.district | District or neighbourhood |
customer.billing_address.city | City |
customer.billing_address.state | State or province |
customer.billing_address.country | Country code (ISO) |
customer.billing_address.postal_code | Postal or ZIP code |
additional_data.device.ip_address | Customer’s IP address |
additional_data.device.device_id | Device fingerprint session ID (UUIDv4) |
additional_data.device.finger_print | Fingerprint hash generated by the antifraud script |
Antifraud data is mandatory for production environments. Transactions missing device fingerprint or customer information will be automatically blocked by antifraud teams to prevent fraud. See the Antifraud documentation for complete implementation details.
payment_id, which is used to identify this transaction.The following code block shows an a request of a single-step payment:
curl --request POST \
--url https://api-sbx.pre.globalgetnet.com/dpm/payments-gwproxy/v2/payments \
--header 'authorization: Bearer ' \
--header 'content-type: application/json' \
--header 'x-seller-id: 54f88e68-7764-4e87-8830-756b1e2c02f8' \
--header 'x-transaction-channel-entry: XX' \
--data'{
"idempotency_key": "63c7f8ee-51a6-470d-bb76-ef762b62bfb9",
"request_id": "daac03dc-73db-453f-9bea-b1391669d5d3",
"order_id": "ORDER-10187383",
"data": {
"amount": 118708,
"currency": "BRL",
"customer_id": "test",
"customer": {
"first_name": "John",
"last_name": "Doe",
"email": "john.doe@example.com",
"document_type": "CPF",
"document_number": "12345678900",
"phone_number": "+5511999999999",
"billing_address": {
"street": "Av. Paulista",
"number": "1000",
"complement": "Apto 101",
"district": "Bela Vista",
"city": "São Paulo",
"state": "SP",
"country": "BR",
"postal_code": "01310-100"
}
},
"payment": {
"payment_method": "CREDIT",
"save_card_data": false,
"transaction_type": "FULL",
"number_installments": 1,
"soft_descriptor": "LOJA*TESTE*COMPRA-123",
"dynamic_mcc": 1799,
"card": {
"number": "5155901222260000",
"expiration_month": "09",
"expiration_year": "30",
"cardholder_name": "Card Holder",
"security_code": "517"
}
},
"additional_data": {
"device": {
"ip_address": "192.168.1.1",
"device_id": "63c7f8ee-51a6-470d-bb76-ef762b62bfb9",
"finger_print": "1a2b3c4d5e6f7g8h9i0j"
}
}
}
}'
status as APPROVED:{
"idempotency_key": "63c7f8ee-51a6-470d-bb76-ef762b62bfb9",
"seller_id": "e0ed6f00-fdc5-46d6-9557-6a2cac641b09",
"payment_id": "053de7f9-3725-437b-bdfc-bbf3ed0acb75",
"order_id": "ORDER-10187383",
"amount": 118708,
"currency": "BRL",
"status": "APPROVED",
"payment_method": "CREDIT",
"received_at": "2025-10-31T13:40:47.382Z",
"transaction_id": "MCC50205G1020",
"original_transaction_id": "MCC50205G1020",
"authorized_at": "2025-10-31T13:40:47.382Z",
"reason_code": "00",
"reason_message": "captured",
"acquirer": "GETNET",
"soft_descriptor": "LOJA*TESTE*COMPRA-123",
"brand": "MASTERCARD",
"authorization_code": "204050",
"acquirer_transaction_id": "405030304060404030501060"
}
Step 2: Check the Payment Status (Optional)
Create - Authorize response will show the status as APPROVED.Because some payments are processed asynchronously, the status can change over time. To get the latest status of a transaction, use the Get Transaction endpoint.
For real-time updates without polling, it is recommended to use Webhooks to receive notifications for every status change.
Next Steps
Now that you have successfully created a single-step payment, you can explore more features of the Getnet Regional API:
- Learn how to create a Two-Step Payment.
- Read about 3DS Payments.
On this page