Create Card Transaction
To make a charge you must use this route and create your transaction.
It is possible to use a card_hash, card_id or all card data directly (card_holder_name, card_number, card_expiration_date and card_cvv). The first option is the most recommended for security reasons.
Every time a transaction is successfully completed in our systems, a card_id will be returned that can be used in future purchases. So using card_hash for the first purchase and a card_id for future purchases, you further increase the security of your customer's data without needing to expose sensitive card data.
Marlim is a PCI Compliant company, meaning we are audited to follow all market security rules aimed at protecting your customers' card data. If your system is not enabled to create card_hash, you can transact securely with open card data, since our systems encrypt all data and only our Acquirer (who processes the payment with the Issuing Bank) has access to the real card data. In the following link, we describe the step-by-step process of how to create a card_hash.
POSTv3/transactions
Request Body Params
Attention
All string type fields must be informed with alphanumeric characters without accents or special characters.
| Attribute | Type | Description |
|---|---|---|
| amount | int32 | Final amount to be charged from the end consumer. Must be passed in cents. |
| installments | string | Number of installments for the transaction, with minimum: 1 and maximum: 12. |
| item_id | string | Transaction ID in your platform. |
| card_holder_name | string | Cardholder name. If you include a card_id or card_hash, this field becomes optional. |
| card_number | string | Card number. If you include a card_id or card_hash, this field becomes optional. |
| card_expiration_date | string | Card expiration date. Numbers only in MMYY format. If you include a card_id or card_hash, this field becomes optional. |
| card_cvv | string | Card verification code. If you include a card_id or card_hash, this field becomes optional. |
| card_id | string | ID of a previously saved and validated card. If you include a card_hash or open card data, this field becomes optional. |
| card_hash | string | Hash of a manually encrypted card using a public key. If you include a card_id or open card data, this field becomes optional. |
| customer | object | Customer object. |
| customer[name] | string | Customer name. |
| customer[email] | string | Customer email. |
| customer[document_number] | string | Customer document number. |
| customer[phone] | object | Customer phone number object. |
| customer[phone][country_code] | string | Customer phone country code (DDI). Ex: +55. |
| customer[phone][area_code] | string | Customer phone state code (DDD). |
| customer[phone][number] | string | Customer phone number. |
| customer[address] | object | Customer Address object. |
| customer[address][country] | string | Customer nationality, in country code format. Only ISO 3166-1 alpha-2 (two-letters) format will be accepted. Ex: BR, US, UY... Maximum characters: 2 |
| customer[address][state] | string | Customer's current address state, in state code format. Ex: SP, RJ, MG... Maximum characters: 2 |
| customer[address][city] | string | Customer address city. Maximum characters: 50 |
| customer[address][neighborhood] | string | Customer address neighborhood. Maximum characters: 45 |
| customer[address][street] | string | Customer address street. Maximum characters: 54 |
| customer[address][number] | string | Customer's current address number. Maximum characters: 5 |
| customer[address][complement] | string | Optional parameter for customer's current address complement. Maximum characters: 14 |
| customer[address][zipcode] | string | Customer ZIP code. Maximum characters: 9 |
| soft_descriptor | string | Description that will appear on your customer's invoice. Maximum of 13 characters, alphanumeric and spaces. |
| sub_seller_id | string | Optional parameter to identify a sub_seller previously registered at Marlim, responsible for the transaction. |
| split | array | Optional parameter for array of objects with Split Payment data. |
| split[][sub_seller_id] | string | Optional parameter to pass the partner ID that will be part of the Split Payment. |
| split[][amount] | int32 | Amount in cents that the partner should receive from the payment. Must be passed in cents. |
| webhook_url | string | Optional parameter to pass the endpoint of your system that will receive information with each transaction update. |
| webhook_auth_token | string | Optional parameter to authenticate notifications sent to webhook_url. If the parameter is not provided, notifications will be sent without authentication. |
| net_value | int32 | Required parameter if your platform passes on acquirer fees to the end consumer. Net value to be received for the transaction. Must be passed in cents. |
| dfp_id | string | Optional parameter of the URL ID that makes up the session_id created in the integration with Marlim's Antifraud. |
| external_sub_seller_document_number | string | Optional parameter to inform the CNPJ of your sales partner. |
| external_sub_seller_id | string | Optional parameter to inform the ID in your platform of your sales partner. |
| threeds_authentication_id | string | Optional parameter that defines the 3DS authentication ID returned by the SDK. It is required when 3DS authentication is performed. |
| chargeback_owner | string | Optional parameter that defines who will be responsible for the transaction chargeback. Accepted values: acquirer or seller Default: acquirer |
| simulate_status | string | Optional parameter that can be passed in test environment to simulate the Antifraud flow. Accepted values: paid, failed, review and rejected. |
| simulate_refused_code | string | Optional parameter that can be passed in test environment to simulate the negative returns flow from the issuing bank. Accepted values: 1000, 1011, 1016 and 5000. |
Request Body Example
{
"amount": 1000,
"installments": "1",
"item_id": "ABC123456789",
"soft_descriptor": "Marlim Store",
"card_holder_name": "Luke Skywalker",
"card_number": "5555444433332222",
"card_expiration_date": "1225",
"card_cvv": "123",
"customer": {
"name": "Luke Skywalker",
"email": "luke@jedimaster.sw",
"document_number": "00099988877",
"phone": {
"country_code": "+55",
"area_code": "11",
"number": "999887766"
},
"address": {
"country": "BR",
"state": "SP",
"city": "São Paulo",
"neighborhood": "República",
"street": "Rua Aurora",
"number": "123",
"complement": "Apto 42",
"zipcode": "01209001"
}
}
}
Important
Our API does not accept null, undefined or empty string values in any endpoint. If you pass a parameter with any of these 3 values, an error will be returned. If the parameter is not mandatory and you don't want it to be computed, simply remove it from the request.
Cart Items
| Attribute | Type | Description |
|---|---|---|
| cart_items | array | Optional parameter list of cart items. When provided, must contain at least 1 item. |
| cart_items[][unit_price] | int32 | Unit price of the item in cents. Ex.: $100.00 → 10000 |
| cart_items[][quantity] | int32 | Quantity of the item. Integer > 0 |
| cart_items[][product_sku] | string | Product SKU (identifier in your system). |
| cart_items[][product_name] | string | Product name. |
Request Body Example with cart items (cart_items)
{
"amount": 12500,
"installments": "1",
"item_id": "ABC123456789",
"soft_descriptor": "Marlim Store",
"card_holder_name": "Luke Skywalker",
"card_number": "5555444433332222",
"card_expiration_date": "1225",
"card_cvv": "123",
"customer": {
"name": "Luke Skywalker",
"email": "luke@jedimaster.sw",
"document_number": "00099988877",
"phone": {
"country_code": "55",
"area_code": "11",
"number": "999887766"
},
"address": {
"country": "BR",
"state": "SP",
"city": "São Paulo",
"neighborhood": "República",
"street": "Rua Aurora",
"number": "123",
"complement": "Apto 42",
"zipcode": "01209001"
}
},
"cart_items": [
{
"unit_price": 5000,
"quantity": 2,
"product_sku": "SKU-001",
"product_name": "Lightsaber"
},
{
"unit_price": 2500,
"quantity": 1,
"product_sku": "SKU-002",
"product_name": "Jedi Robe"
}
]
}
Shipping Data
| Attribute | Type | Description |
|---|---|---|
| ship_to | object | Optional parameter shipping information (recipient). |
| ship_to[address] | object | Shipping address object. |
| ship_to[address][country] | string | Shipping destination country, in country code format. Only ISO 3166-1 alpha-2 (two-letters) format accepted. Ex: BR, US, UY Maximum characters: 2 |
| ship_to[address][state] | string | Shipping destination state, in state code format. Ex: SP, RJ, MG Maximum characters: 2 |
| ship_to[address][city] | string | Shipping destination city. Maximum: 50 characters. |
| ship_to[address][neighborhood] | string | Shipping destination neighborhood. Maximum: 45 characters. |
| ship_to[address][street] | string | Shipping destination street/address. Maximum: 54 characters. |
| ship_to[address][number] | string | Shipping destination address number. Maximum: 5 characters. |
| ship_to[address][complement] | string | Optional complement. Maximum: 30 characters. |
| ship_to[address][zipcode] | string | Shipping destination ZIP code. Accepts hyphen and is normalized to digits. For BR, must contain 8–9 digits. |
| ship_to[customer] | object | Shipping recipient object. |
| ship_to[customer][name] | string | Full name of the shipping recipient. |
| ship_to[customer][phone] | object | Shipping recipient phone. |
| ship_to[customer][phone][country_code] | string | Shipping recipient DDI. Digits only. Size: 1–4. |
| ship_to[customer][phone][area_code] | string | Shipping recipient DDD. Digits only. Size: 2–3. |
| ship_to[customer][phone][number] | string | Shipping recipient phone number. Digits only. Size: 8–9. |
Request Body Example with shipping data (ship_to)
{
"amount": 1000,
"installments": "1",
"item_id": "ABC123456789",
"soft_descriptor": "Marlim Store",
"card_holder_name": "Luke Skywalker",
"card_number": "5555444433332222",
"card_expiration_date": "1225",
"card_cvv": "123",
"customer": {
"name": "Luke Skywalker",
"email": "luke@jedimaster.sw",
"document_number": "00099988877",
"phone": {
"country_code": "55",
"area_code": "11",
"number": "999887766"
},
"address": {
"country": "BR",
"state": "SP",
"city": "São Paulo",
"neighborhood": "República",
"street": "Rua Aurora",
"number": "123",
"complement": "Apto 42",
"zipcode": "01209001"
}
},
"ship_to": {
"address": {
"country": "BR",
"state": "SP",
"city": "São Paulo",
"neighborhood": "República",
"street": "Rua Aurora",
"number": "123",
"complement": "Apto 42",
"zipcode": "01209001"
},
"customer": {
"name": "Luke Skywalker",
"phone": {
"country_code": "55",
"area_code": "11",
"number": "999887766"
}
}
}
}
Travel Information
| Attribute | Type | Description |
|---|---|---|
| travel_information | object | Optional parameter travel information. |
| travel_information[actual_final_destination] | string | Final destination airport in IATA code (3 letters). Ex.: JFK |
| travel_information[complete_route] | string | Complete concatenated route. Ex.: "JFK-LHR:GRU-JFK:LHR-CDG", "JFK-LHR:GRU-JFK" or "GRU-JFK" |
| travel_information[departure] | object | Trip departure date and time. |
| travel_information[departure][date] | string | Date in YYYY-MM-DD format. Ex.: 2025-09-15 |
| travel_information[departure][time] | string | Time in HH:mm or HH:mm:ss (24h) format. Ex.: 22:30 |
| travel_information[journey_type] | string | Journey type. Accepted values: oneway, roundtrip, OneWay, RoundTrip, ONEWAY, ROUNDTRIP, Oneway, Roundtrip |
| travel_information[number_of_passengers] | integer | Total number of passengers. |
| travel_information[passengers] | array | List of passengers. |
| travel_information[passengers][][name] | string | Full name of the passenger. |
| travel_information[legs] | array | Trip legs/flights. |
| travel_information[legs][][origination] | string | Origin airport (IATA 3 letters). Ex.: JFK |
| travel_information[legs][][destination] | string | Destination airport (IATA 3 letters). Ex.: CDG |
| travel_information[legs][][departure] | object | Leg departure date and time. |
| travel_information[legs][][departure][date] | string | Date in YYYY-MM-DD format. Ex.: 2025-09-15 |
| travel_information[legs][][departure][time] | string | Time in HH:mm or HH:mm:ss format. Ex.: 22:30:15 |
| travel_information[legs][][carrier_code] | string | Airline code (IATA 2 characters, e.g. AA, LA, G3) |
| travel_information[line_items] | array | Travel items (tickets/products). |
| travel_information[line_items][][unit_price] | int32 | Unit price of the item in cents. Ex.: $100.00 → 10000 |
| travel_information[line_items][][quantity] | int32 | Item quantity. Integer > 0 |
| travel_information[line_items][][product_sku] | string | Product SKU. |
| travel_information[line_items][][product_name] | string | Product name or description. |
| travel_information[line_items][][passenger] | object | Passenger data linked to the item. |
| travel_information[line_items][][passenger][type] | string | Passenger type. Accepted values: ADT, CNN, INF, YTH, STU, SCR, MIL |
| travel_information[line_items][][passenger][status] | string | Internal passenger/booking status (e.g.: standard, gold, platinum, according to your domain). |
| travel_information[line_items][][passenger][name] | string | Full name of the passenger. |
| travel_information[line_items][][passenger][email] | string | Passenger email. |
| travel_information[line_items][][passenger][document_number] | string | Document (CPF/Passport). Digits only when applicable. |
| travel_information[line_items][][passenger][country] | string | Country in ISO 3166-1 alpha-2 format (two letters). Ex.: BR |
| travel_information[line_items][][passenger][phone] | object | Passenger phone. |
| travel_information[line_items][][passenger][phone][country_code] | string | DDI. Digits only. Size: 1–4. |
| travel_information[line_items][][passenger][phone][area_code] | string | DDD. Digits only. Size: 2–3. |
| travel_information[line_items][][passenger][phone][number] | string | Phone number. Digits only. Size: 8–9. |
Request Body Example with travel information (travel_information)
{
"amount": 1000,
"installments": "1",
"item_id": "ABC123456789",
"soft_descriptor": "Marlim Store",
"card_holder_name": "Luke Skywalker",
"card_number": "5555444433332222",
"card_expiration_date": "1225",
"card_cvv": "123",
"customer": {
"name": "Luke Skywalker",
"email": "luke@jedimaster.sw",
"document_number": "62239006005",
"phone": {
"country_code": "55",
"area_code": "11",
"number": "999887766"
},
"address": {
"country": "BR",
"state": "SP",
"city": "São Paulo",
"neighborhood": "República",
"street": "Rua Aurora",
"number": "123",
"complement": "Apto 42",
"zipcode": "01209001"
}
},
"travel_information": {
"actual_final_destination": "CDG",
"complete_route": "JFK-LHR:GRU-JFK:LHR-CDG",
"departure": {
"date": "2025-09-15",
"time": "22:30"
},
"journey_type": "roundtrip",
"number_of_passengers": 2,
"passengers": [
{ "name": "JOHN DOE" },
{ "name": "JANE DOE" }
],
"legs": [
{
"origination": "GRU",
"destination": "JFK",
"departure": { "date": "2025-09-15", "time": "22:30" },
"carrier_code": "AA"
},
{
"origination": "JFK",
"destination": "GRU",
"departure": { "date": "2025-09-22", "time": "18:00" },
"carrier_code": "AA"
}
],
"line_items": [
{
"unit_price": 1500,
"quantity": 1,
"product_sku": "TICKET-GRU-JFK-001",
"product_name": "Flight Ticket - São Paulo → New York",
"passenger": {
"type": "ADT",
"status": "platinum",
"name": "JOHN DOE",
"email": "john.doe@example.com",
"document_number": "62374860035",
"country": "BR",
"phone": {
"country_code": "55",
"area_code": "11",
"number": "999999999"
}
}
},
{
"unit_price": 1500,
"quantity": 1,
"product_sku": "TICKET-GRU-JFK-002",
"product_name": "Flight Ticket - New York → São Paulo",
"passenger": {
"type": "ADT",
"status": "gold",
"name": "JANE DOE",
"email": "jane.doe@example.com",
"document_number": "62374860035",
"country": "BR",
"phone": {
"country_code": "55",
"area_code": "11",
"number": "988887777"
}
}
}
]
}
}
Metadata
| Attribute | Type | Description |
|---|---|---|
| metadata | object | Optional parameter for additional information. |
| metadata[customer_registration_date] | dateTime | Optional parameter for the customer registration date on your platform in ISODateTime format. |
| metadata[customer_first_transaction_date] | dateTime | Optional parameter for the date of the first completed (paid) transaction on your platform, regardless of whether it was processed by Marlim or not, in ISODateTime format. |
| metadata[customer_last_transaction_date] | dateTime | Optional parameter for the date of the last completed (paid) transaction on your platform, regardless of whether it was processed by Marlim or not, in ISODateTime format. |
| metadata[customer_paid_proposals] | int32 | Optional parameter for the number of completed (paid) proposals by the customer on your platform, regardless of whether it was processed by Marlim or not. |
| metadata[sub_seller_social_name] | string | Optional parameter for the sub_seller's trade name. |
| metadata[sub_seller_document] | string | Optional parameter for the sub_seller's Tax-ID. |
| metadata[sub_seller_cnae] | string | Optional parameter for the sub_seller's CNAE. |
| metadata[sub_seller_segment] | string | Optional parameter for the sub_seller's business segment. |
| metadata[sub_seller_app_name] | string | Optional parameter for the sub_seller's app name, which can also be the app URL. |
| metadata[sub_seller_date_created] | dateTime | Optional parameter for the sub_seller creation date in the seller in ISODateTime format. |
| metadata[sub_seller_country_operation] | string | Optional parameter for the sub_seller's country of operation. |
| metadata[sub_seller_state_operation] | string | Optional parameter for the sub_seller's fiscal state of operation only when the country of operation is Brazil. |
Request Body Example with metadata
{
"amount": 1000,
"installments": "1",
"item_id": "ABC123456789",
"soft_descriptor": "Marlim Store",
"card_holder_name": "Luke Skywalker",
"card_number": "5555444433332222",
"card_expiration_date": "1225",
"card_cvv": "123",
"customer": {
"name": "Luke Skywalker",
"email": "luke@jedimaster.sw",
"document_number": "00099988877",
"phone": {
"country_code": "55",
"area_code": "11",
"number": "999887766"
},
"address": {
"country": "BR",
"state": "SP",
"city": "São Paulo",
"neighborhood": "República",
"street": "Rua Aurora",
"number": "123",
"complement": "Apto 42",
"zipcode": "01209001"
}
},
"metadata": {
"customer_registration_date": "2023-01-15T14:32:00Z",
"customer_first_transaction_date": "2023-02-10T12:00:00Z",
"customer_last_transaction_date": "2025-08-20T09:45:30Z",
"customer_paid_proposals": 12,
"sub_seller_social_name": "Jedi Supplies LTDA",
"sub_seller_document": "12345678000190",
"sub_seller_cnae": "4751201",
"sub_seller_segment": "Sports Articles",
"sub_seller_app_name": "JediShop App",
"sub_seller_date_created": "2022-11-01T10:00:00Z",
"sub_seller_country_operation": "BR",
"sub_seller_state_operation": "SP"
}
}
Split Payment
Marlim offers the Split Payment option so that your application can create a transaction with multiple recipients, just pass an array of objects with sub_seller_id and amount in the split parameter in the request body.
🕹 Request Body example with Split Payment
{
"amount": 1000,
"installments": "1",
"item_id": "ABC123456789",
"soft_descriptor": "Marlim Store",
"card_holder_name": "Luke Skywalker",
"card_number": "5555444433332222",
"card_expiration_date": "1225",
"card_cvv": "123",
"customer": {
"name": "Luke Skywalker",
"email": "luke@jedimaster.sw",
"document_number": "00099988877",
"phone": {
"country_code": "+55",
"area_code": "11",
"number": "999887766"
},
"address": {
"country": "BR",
"state": "SP",
"city": "São Paulo",
"neighborhood": "República",
"street": "Rua Aurora",
"number": "123",
"complement": "Apto 42",
"zipcode": "01209001"
}
},
"split": [
{
"sub_seller_id": "sub_k4m6Rw5rlQszEY7fiuRe",
"amount": 900
}
]
}
Chargeback
The parameter chargeback_owner defines the responsibility for chargebacks in transactions:
acquirer: Marlim assumes responsibility for chargebacksseller: your Company assumes responsibility for chargebacks
Important
When chargeback_owner is seller, installments are calculated with specific fees for this modality, resulting in different final values from those calculated when responsibility is Marlim's.
If your company passes on acquirer fees to your end customer, use the Installments endpoint so that you are sure of the correct amount to be charged in the transaction.
🕹 Request Body example with your company responsible for Chargeback
{
"amount": 1000,
"installments": "1",
"item_id": "ABC123456789",
"soft_descriptor": "Marlim Store",
"card_holder_name": "Luke Skywalker",
"card_number": "5555444433332222",
"card_expiration_date": "1225",
"card_cvv": "123",
"customer": {
"name": "Luke Skywalker",
"email": "luke@jedimaster.sw",
"document_number": "00099988877",
"phone": {
"country_code": "+55",
"area_code": "11",
"number": "999887766"
},
"address": {
"country": "BR",
"state": "SP",
"city": "São Paulo",
"neighborhood": "República",
"street": "Rua Aurora",
"number": "123",
"complement": "Apto 42",
"zipcode": "01209001"
}
},
"chargeback_owner": "seller"
}
Response Object
| Property | Type | Description |
|---|---|---|
| status | string | Represents the current state of the transaction. Possible values: paid, review, rejected, refused and failed. |
| amount | int32 | Amount in cents to be charged in the transaction. |
| net_value | int32 | Optional parameter for the net value to be received for the transaction. |
| authorized_amount | int32 | Amount in cents authorized in the transaction. |
| paid_amount | int32 | Amount in cents captured in the transaction. |
| refunded_amount | int32 | Amount in cents refunded in the transaction. |
| installments | string | Number of installments the customer paid in. |
| nsu | string | Code that identifies the transaction in the Acquirer. |
| authorization_code | string | Authorization code returned by the issuing bank. |
| transaction_id | string | Transaction identifier number in Marlim. |
| item_id | string | Transaction ID in your platform. |
| payment_method | string | Payment method used in the transaction. Possible values: credit_card. |
| date_created | dateTime | Transaction creation date in ISODateTime format. |
| date_updated | dateTime | Transaction status update date in ISODateTime format. |
| card_holder_name | string | Name of the cardholder used in payment. |
| card_brand | string | Card brand used in payment. Possible values: visa, mastercard, amex, hipercard and elo. |
| card_first_digits | string | First 6 digits of the card used in payment. |
| card_last_digits | string | Last 4 digits of the card used in payment. |
| card_id | string | null | When a transaction is completed with status paid, we always return a card_id. If the transaction was created using a card_hash, we automatically create this id with the card data encrypted in Marlim's vault. This card_id can be used in future purchases. |
| acquirer_status_code | string | Response identifier code from the Issuing Bank. Possible values: 0000, 1000, 1011, 1016 and 5000. |
| acquirer_status_message | string | Message regarding the Issuing Bank's response code. |
| split | array | Array of objects with Split Payment data. |
| split[][sub_seller_id] | string | Partner ID that is part of the Split Payment. |
| split[][amount] | int32 | Amount in cents that the partner should receive from the payment. |
Response Example
{
"status": "paid",
"nsu": "98765432",
"authorization_code": "112233",
"date_created": "2025-01-01T00:00:00.000Z",
"date_updated": "2025-01-01T00:00:00.000Z",
"amount": 1000,
"authorized_amount": 1000,
"paid_amount": 1000,
"refunded_amount": 0,
"installments": "1",
"transaction_id": "HcDscltTIVK3VMAAOj7J",
"item_id": "ABC123456789",
"payment_method": "credit_card",
"card_holder_name": "Luke Skywalker",
"card_brand": "visa",
"card_first_digits": "555544",
"card_last_digits": "2222",
"card_id": "card_123456789",
"acquirer_status_code": "0000",
"acquirer_status_message": "The acquirer captured the amount on the card."
}
Error Object
| Attribute | Type | Description |
|---|---|---|
| api_reference | string | URL to the documentation. |
| errors | array | Array with all errors found when processing the request. |
| errors[][type] | string | Type of error that occurred. |
| errors[][message] | string | Detailed message of the error that occurred. |
Error Response Example
{
"api_reference": "https://docs.api.marlim.co/transactions/create/card",
"errors": [
{
"type": "amount",
"message": "The parameter [ amount ] is missing."
}
]
}
Webhook URL
The entire process of changing a transaction's status is asynchronous. Therefore, it's important that you pass a webhook_url during the transaction creation process so that your application receives all status changes.
If any value is passed in the webhook_auth_token parameter, Marlim will send the token to your application using the Authorization: Bearer standard in the request Header:
Authorization: Bearer {webhook_auth_token}
Below is the table with possible status values received at the webhook_url.
| Status | Meaning |
|---|---|
paid | Transaction paid and captured successfully. |
review | Transaction is under manual review process by our specialists. The amount was authorized and reserved on the card, but not yet captured. |
refused | Transaction refused by the issuing bank. |
failed | Transaction with failure in the capture process at the Acquirer. |
refunded | Transaction refunded. |
chargeback | Transaction suffered chargeback. |
curl -X POST "https://yourapplication.com/orders/123456789/webhook" \
-H "Content-Type: application/json" \
-H "User-Agent: Marlim/1.0.0" \
-H "Marlim-Api-Signature: Star98765Wars43210ANewHope1977" \
-d '{
"event": "transaction_status_changed",
"transaction_id": "HcDscltTIVK3VMAAOj7J",
"item_id": "ABC123456789",
"payment_method": "credit_card",
"current_status": "paid",
"nsu": "98765432",
"authorization_code": "112233",
"date_created": "2026-01-15T17:36:12.609Z",
"date_updated": "2026-01-15T17:36:12.609Z",
"amount": 1000,
"paid_amount": 1000,
"installments": "1",
"card_holder_name": "Luke Skywalker",
"card_brand": "visa",
"card_first_digits": "444455",
"card_last_digits": "2222",
"sub_seller_id": "sub_k4m6Rw5rlQszEY7fiuRe",
"acquirer_status_code": "0000"
}'
Attention
You must validate the webhook origin, that is, if it was really sent by Marlim's servers.
For this, we send two values in the HEADER of the POST:
• User-Agent: always with the value Marlim/1.0.0
• Marlim-Api-Signature: the end of your api_key removing the values mak_test_ and mak_live_
Antifraud
To make it easier during the development phase, you can simulate the status of a transaction together with our Antifraud to develop this flow in your application. You can simulate the status of a transaction using the parameter simulate_status passing the values: paid, review or rejected.
In Production environment, a transaction with status review will be manually reviewed by our specialists. After this analysis, the transaction may change to paid status (i.e., it was approved by a specialist) or refunded (i.e., it was rejected by the specialist).
In Sandbox environment, you will have access to an endpoint to "emulate" the future status of this review that happens in Production: https://api.marlim.co/v3/antifraud where you can pass the values accept or reject and the ID of a transaction, following the payload below:
{
"transaction_id": "HcDscltTIVK3VMAAYC54",
"status": "accept" // accept || reject
}
Attention
The parameter simulate_status and the endpoint v3/antifraud are only enabled for api_key from the Sandbox Environment. If used in Production Environment, a 403 (Forbidden) error will be returned.
Issuing Bank Refusal
When a transaction is refused by the Issuing Bank, we return the status refused with the property acquirer_status_code containing the refusal code. Since each card brand as well as the issuing bank can have a different code, Marlim groups the context of this refusal according to the table below. In the future, new codes may be included, as this control is with the brands and banks.
The property acquirer_status_message is also returned with a specific message for each refusal code, as shown in the table below.
| Prefix | Meaning |
|---|---|
| 1000 | Transaction not approved by the bank.acquirer_status_messageTransaction not approved by your bank. Please contact your bank and try again. |
| 1011 | Incorrect card data.acquirer_status_messageSome of your card numbers are incorrect. Check the numbers and try again. |
| 1016 | Card without balance.acquirer_status_messageThe bank informed us that the card balance is insufficient for that amount. |
| 5000 | Generic banking error.acquirer_status_messageYour bank declined this purchase but did not tell us why. Contact us to understand your case! |
The issuing bank flow does not exist in Sandbox environment, so to make it easier during the development stage we have the parameter simulate_refused_code, which can be used to pass the refusal codes described above.
Attention
The parameter simulate_refused_code is only enabled for api_key from the Sandbox Environment. If you pass these parameters in Production Environment, a 403 (Forbidden) error will be returned.
Examples
- Successful Transaction
- Transaction with Split Payment
- Transaction with Card Hash
- Transaction with Card ID
- Failed Transaction
curl -X POST "https://api.marlim.co/v3/transactions" \
-H "Content-Type: application/json" \
-H "api_key: api_key_value" \
-d '{
"amount": 1000,
"installments": "1",
"item_id": "ABC123456789",
"soft_descriptor": "Marlim Store",
"card_holder_name": "Luke Skywalker",
"card_number": "5555444433332222",
"card_expiration_date": "1225",
"card_cvv": "123",
"customer": {
"name": "Luke Skywalker",
"email": "luke@jedimaster.sw",
"document_number": "00099988877",
"phone": {
"country_code": "+55",
"area_code": "11",
"number": "999887766"
},
"address": {
"country": "BR",
"state": "SP",
"city": "São Paulo",
"neighborhood": "República",
"street": "Rua Aurora",
"number": "123",
"complement": "Apto 42",
"zipcode": "01209001"
}
}
}'
{
"status": "paid",
"nsu": "032416400102",
"date_created": "2026-01-15T17:36:12.609Z",
"date_updated": "2026-01-15T18:36:12.609Z",
"authorized_amount": 1000,
"paid_amount": 1000,
"refunded_amount": 0,
"installments": "1",
"transaction_id": "k4m6Rw5rlQszEY7fiuRe",
"item_id": "ABC123456789",
"payment_method": "credit_card",
"card_holder_name": "Luke Skywalker",
"card_brand": "visa",
"card_first_digits": "555544",
"card_last_digits": "2222",
"acquirer_status_code": "0000",
"acquirer_status_message": "The acquirer captured the amount on the card.",
"card_id": "card_k4m6Rw5rlQszEY7fiuRe"
}
curl -X POST "https://api.marlim.co/v3/transactions" \
-H "Content-Type: application/json" \
-H "api_key: api_key_value" \
-d '{
"amount": 1000,
"installments": "1",
"item_id": "ABC123456789",
"soft_descriptor": "Marlim Store",
"card_holder_name": "Luke Skywalker",
"card_number": "5555444433332222",
"card_expiration_date": "1225",
"card_cvv": "123",
"customer": {
"name": "Luke Skywalker",
"email": "luke@jedimaster.sw",
"document_number": "00099988877"
},
"split": [
{
"sub_seller_id": "sub_k4m6Rw5rlQszEY7fiuRe",
"amount": 900
}
]
}'
{
"status": "paid",
"nsu": "032416400102",
"date_created": "2026-01-15T17:36:12.610Z",
"date_updated": "2026-01-15T18:36:12.610Z",
"authorized_amount": 1000,
"paid_amount": 1000,
"refunded_amount": 0,
"installments": "1",
"transaction_id": "k4m6Rw5rlQszEY7fiuRe",
"item_id": "ABC123456789",
"payment_method": "credit_card",
"card_holder_name": "Luke Skywalker",
"card_brand": "visa",
"card_first_digits": "555544",
"card_last_digits": "2222",
"acquirer_status_code": "0000",
"acquirer_status_message": "The acquirer captured the amount on the card.",
"card_id": "card_k4m6Rw5rlQszEY7fiuRe"
}
curl -X POST "https://api.marlim.co/v3/transactions" \
-H "Content-Type: application/json" \
-H "api_key: api_key_value" \
-d '{
"amount": 1000,
"installments": "1",
"item_id": "ABC123456789",
"soft_descriptor": "Marlim Store",
"card_hash": "fc417fdc29d7ba484ecb4ba9e40966a1_Q2FyZCBOb3RlOiA0OTAxNzIwMDgwMzQ0NDQ4CkNhcmQgSG9sZGVyIE5hbWU6IEx1a2UgU2t5c2F3a2VyCkNhcmQgRXhwaXJhdGlvbiBEYXRlOiAxMTIyCkNhcmQgQ1ZWOiAxMjM=",
"customer": {
"name": "Luke Skywalker",
"email": "luke@jedimaster.sw",
"document_number": "00099988877"
}
}'
{
"status": "paid",
"nsu": "032416400102",
"date_created": "2026-01-15T17:36:12.610Z",
"date_updated": "2026-01-15T18:36:12.610Z",
"authorized_amount": 1000,
"paid_amount": 1000,
"refunded_amount": 0,
"installments": "1",
"transaction_id": "k4m6Rw5rlQszEY7fiuRe",
"item_id": "ABC123456789",
"payment_method": "credit_card",
"card_holder_name": "Luke Skywalker",
"card_brand": "visa",
"card_first_digits": "555544",
"card_last_digits": "2222",
"acquirer_status_code": "0000",
"acquirer_status_message": "The acquirer captured the amount on the card.",
"card_id": "card_k4m6Rw5rlQszEY7fiuRe"
}
curl -X POST "https://api.marlim.co/v3/transactions" \
-H "Content-Type: application/json" \
-H "api_key: api_key_value" \
-d '{
"amount": 1000,
"installments": "1",
"item_id": "ABC123456789",
"soft_descriptor": "Marlim Store",
"card_id": "card_k4m6Rw5rlQszEY7fiuRe",
"customer": {
"name": "Luke Skywalker",
"email": "luke@jedimaster.sw",
"document_number": "00099988877"
}
}'
{
"status": "paid",
"nsu": "032416400102",
"date_created": "2026-01-15T17:36:12.610Z",
"date_updated": "2026-01-15T18:36:12.610Z",
"authorized_amount": 1000,
"paid_amount": 1000,
"refunded_amount": 0,
"installments": "1",
"transaction_id": "k4m6Rw5rlQszEY7fiuRe",
"item_id": "ABC123456789",
"payment_method": "credit_card",
"card_holder_name": "Luke Skywalker",
"card_brand": "visa",
"card_first_digits": "555544",
"card_last_digits": "2222",
"acquirer_status_code": "0000",
"acquirer_status_message": "The acquirer captured the amount on the card.",
"card_id": "card_k4m6Rw5rlQszEY7fiuRe"
}
curl -X POST "https://api.marlim.co/v3/transactions" \
-H "Content-Type: application/json" \
-H "api_key: api_key_value" \
-d '{
"amount": 1000,
"installments": "1",
"item_id": "ABC123456789",
"soft_descriptor": "Marlim Store",
"card_holder_name": "Luke Skywalker",
"card_number": "5555444433332222",
"card_expiration_date": "1225",
"card_cvv": "123",
"customer": {
"name": "Luke Skywalker",
"email": "luke@jedimaster.sw",
"document_number": "00099988877"
}
}'
{
"errors": {
"type": "card",
"message": "Some of your card numbers are incorrect. Check the numbers and try again."
}
}