La traducción en español no está disponible todavía.
Actualización del documento en español:
Using the Meta Pay API
When you process payments for Meta Pay you must notify Meta of payment transaction activity, such as authorizations and refunds, by invoking webhooks in the Meta Pay API. Payment transaction activity appears in the Orders and payments page of a customer's Facebook account.
To learn how to use Meta's APIs, see Overview of the Graph API and note that the APIs described below are relative to the standard Graph API host URL (https://graph.facebook.com). For more general information, see Overview of Meta Pay Integration.
Onboarding
Before you can start using the Meta Pay APIs you should complete the following:
- Complete the general onboarding steps
- Review Payment Processing in Meta Pay
Calling the Meta Pay APIs
As part of the general onboarding steps you create a new application in the Meta for Developers Portal. After you create your application you get an app ID and app secret for your app.
Each call that you make to a Meta Pay API requires an app access token derived from the app ID and app secret. Send the app access token by using the Authorization header not an access_token query parameter. The Meta Pay APIs reject calls with user tokens.
For example, use the following code:
Authorization: OAuth <APP_ACCESS_TOKEN>
Signature
Every HTTP request to the Meta Pay APIs must include a FBPAY_SIGNATURE request header. The value of this header is a JSON Web Signature (JWS) object with the ES256 algorithm, compact serialization, and a detached payload (according to https://tools.ietf.org/html/rfc7515#appendix-F). The payload value is the HTTP POST request body. The JWS signature key must be identified with the x5c header, which must contain a certificate that chains to the partner’s trusted root. The partner's root certificate is shared with Meta as part of the onboarding process (referred to as the Meta Pay API signature certificate).
Example of a request with a signature
curl -i -X POST \
-H "Content-Type: application/json" \
-H "FBPAY_SIGNATURE: eyJhbGciOiJFUzI1NiIsIng1YyI6WyJNSUlCaERDQ0FTcWdBd0lCQWdJQkFUQUtCZ2dxaGtqT1BRUURBakFoTVI4d0hRWURWUVFEREJad1lYSjBibVZ5SUhOcFoyNWhkSFZ5WlNCalpYSjBNQjRYRFRJd01EY3hNekl5TWpVek1Gb1hEVEkwTURNeE1USXlNalV6TUZvd0lURWZNQjBHQTFVRUF3d1djR0Z5ZEc1bGNpQnphV2R1WVhSMWNtVWdZMlZ5ZERCWk1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQkFuRngwR1NKMklPZGZpcFdiMGMwZytBVThlbDh6QnRVS0kxdWRzT2kzN2thd1JRSFkzV29YaWRvRThIOHM1cVIySmo2ZkFKWVhOTURXY0NiditWMEJ1alV6QlJNQjBHQTFVZERnUVdCQlR4NlBGRkhjd2FUZnY5cVdzZUJcL1NjMWFPbVZ6QWZCZ05WSFNNRUdEQVdnQlR4NlBGRkhjd2FUZnY5cVdzZUJcL1NjMWFPbVZ6QVBCZ05WSFJNQkFmOEVCVEFEQVFIXC9NQW9HQ0NxR1NNNDlCQU1DQTBnQU1FVUNJUUNBRE9zZ0pZanRXVm9xNUZOSjc3U2JDeWtON1ZldUlKR2pXb3NBVUFNd1ZRSWdUTlVcL2ttc1wvN0cxVUx5Z01DRWVXemNiYTNrMVo4NEE4RmNlMXQzYUNGbGc9Il19..ZnT7ZR3EqsPYMQt3WdgUZYScBiyK9RI77zMaUKr-tkFRBHgBJQVTOORwM2fFh0QQCTLwOp1TiAzt_q9ofvw6JQ" "https://graph.facebook.com/1001200005002/notify_authorizations" \
-d '{"notification":{"partner_merchant_id":"123e4567-e89b-12d3-a456-426614174000","container_id":"cGF5bWVudF9jb250YWluZAXI6MTIzNDU2NzhfX01FUkNIQU5UX1RFU1RfRTJFX19QU1BfVEVTVF8x","event_time":1582230020020,"type":"notify_authorizations"},"resource":{"partner_auth_id":"1234567890","auth_amount":{"currency":"USD","value":29508},"status":"SUCCEEDED","created_time":1582230019010,"metadata":[]},"idempotence_token":"ddbdf2cf-d339-4b0b-a27e-4731d8d37c9d"}'
The preceding request encodes the following data:
{
"notification": {
"partner_merchant_id": "123e4567-e89b-12d3-a456-426614174000",
"container_id": "cGF5bWVudF9jb250YWluZAXI6MTIzNDU2NzhfX01FUkNIQU5UX1RFU1RfRTJFX19QU1BfVEVTVF8x",
"event_time": 1582230020020,
"type": "notify_authorizations"
},
"resource": {
"partner_auth_id": "1234567890",
"auth_amount": {
"currency": "USD",
"value": 29508
},
"status": "SUCCEEDED",
"created_time": 1582230019010,
"metadata": []
},
"idempotence_token": "ddbdf2cf-d339-4b0b-a27e-4731d8d37c9d"
}
The following is the signature from the preceding request, Base64 and JSON decoded for clarity:
base64url(
json({
"x5c": [
"MIIBhDCCASqgAwIBAgIBATAKBggqhkjOPQQDAjAhMR8wHQYDVQQDDBZwYXJ0bmVyIHNpZ25hdHVyZSBjZXJ0MB4XDTIwMDcxMzIyMjUzMFoXDTI0MDMxMTIyMjUzMFowITEfMB0GA1UEAwwWcGFydG5lciBzaWduYXR1cmUgY2VydDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAnFx0GSJ2IOdfipWb0c0g+AU8el8zBtUKI1udsOi37kawRQHY3WoXidoE8H8s5qR2Jj6fAJYXNMDWcCbv+V0BujUzBRMB0GA1UdDgQWBBTx6PFFHcwaTfv9qWseB/Sc1aOmVzAfBgNVHSMEGDAWgBTx6PFFHcwaTfv9qWseB/Sc1aOmVzAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0gAMEUCIQCADOsgJYjtWVoq5FNJ77SbCykN7VeuIJGjWosAUAMwVQIgTNU/kms/7G1ULygMCEeWzcba3k1Z84A8Fce1t3aCFlg="
],
"alg": "ES256"
})
) + // Protected Header
"." +
"" + // Payload is detached
"." +
"ZnT7ZR3EqsPYMQt3WdgUZYScBiyK9RI77zMaUKr-tkFRBHgBJQVTOORwM2fFh0QQCTLwOp1TiAzt_q9ofvw6JQ" // Signature
Idempotency
The idempotence_token field is used to prevent duplicate execution of requests when requests are retried after network failures or timeouts. The idempotence token is a unique value generated by the client and the client decides how to generate this token. For example, you can use V4 UUID to generate an idempotence token.
When a request completes successfully, or a call to the API returns valid results, the response data is saved with the idempotence token. When a successful request is retried with a previously-used idempotency token, the previously saved response is returned without rerunning any code.
When a request results in an error, no results are saved. You can retry the request and use the same idempotency token.
If you make 2 requests concurrently with the same idempotency token, only one returns response data.
Idempotency tokens are intended to be temporary and only used for retrying API calls in case of failures. If you retry a request after some time, you might receive a different response than the previous call.
Request parameters are ignored. If you change request content in any way, create a new idempotence token for the request.
Batch Reconciliation
When you process payments you notify Meta of payment transaction activity by using the Meta Pay webhooks. By invoking webhooks the payment transaction activity appears in the Facebook Pay Activity page of a customer's Facebook account as soon as possible.
Notifications that fail are captured by Meta during batch reconciliation and appear in the customer's Facebook account later.
To support batch reconciliation, each day upload a file that contains the notifications that you sent to Meta that day. Include both notifications that succeeded and notifications that failed. For details about uploading a file to the Meta API, see Upload Files to Facebook.
Error Handling
The Meta Pay APIs use the standard Graph API error handling.
Initializing and Updating Merchants
To initialize or update the data for a merchant that you support, make a POST request to the merchant Graph API /metapay_partner/merchant and specify the merchant parameters.
https://graph.facebook.com/metapay_partner/merchant
Request parameters
| Parameter | Type | Description | Required |
|---|---|---|---|
| String | A unique identifier for the merchant’s account with the payment partner. | Yes |
| String | The URI to the merchant website that appears to customers in the Meta Pay interface. The URI must begin with | Yes |
| String | The name of the merchant as it appears to customers in the Meta Pay interface. | Yes |
| int64 | [Deprecated] The merchant category code. Meta uses this categorize payment activity and ensure that payments meet our terms of service. Note:
| No* |
| Array< int64> | The list of merchant category codes. Meta uses these categorize payment activity and ensure that payments meet our terms of service. Note:
| No* |
| String | Whether the merchant is enabled or disabled with the payment partner. One of PENDING, ENABLED, or DISABLED. Pending has the same effect as disabled, but might indicate a temporarily disabled state. | Yes |
| URI | The URI to the merchant icon that appears to customers in the Meta Pay interface. The icon file format can be one of: png, jpeg. | No |
| String | An email address for customers to request a receipt or summary of the transaction. | No |
| String | A phone number for customers to request support for a payment transaction. Format the phone number using one of the following formats: 16315551000, +1 631 555 1001, +1 (631) 555-1004, 1-631-555-1005. | No |
| Array< String> | A full list of valid security origin URIs for the merchant. This is used to ensure that payments are being initiated from expected web security origins. | No |
| String | A unique identifier for the merchant’s Meta Pixel. This is used to support Meta Checkout specific features in Ads Manager | No |
Response
After you make a POST request to the merchant API a 200 OK response indicates that the POST has been processed successfully. The response body indicates the status of the merchant, either ENABLED or DISABLED. Non-empty status modifiers provide addional information.
A common successful response looks like the following:
{
"status":"ENABLED",
"status_modifiers":[]
}
A response for a merchant that is undergoing temporary screening looks like the following:
{
"status":"DISABLED",
"status_modifiers":["PENDING_SCREENING"]
}
The following are the possible status modifiers.
| Status Modifier | Description |
|---|---|
| The merchant is temporarily blocked from using Meta Pay pending the result of compliance screening. Typically screening completes in 24 hours. Query the merchant API to verify status. |
| The |
| One or more of the merchant properties triggered an integrity flag. The merchant will be disabled. |
| The merchant is permanently blocked from using Meta Pay. |
Get Merchants
To fetch a list of registered merchants, make a GET request to the merchant Graph API /metapay_partner/merchants.
https://graph.facebook.com/metapay_partner/merchants
Request parameters
The following optional request params are supported as URL parameters:
| Parameter | Type | Description | Required |
|---|---|---|---|
| String | Comma seperated partner merchant ids to apply as filtering criteria | No |
Response
The results from GET Merchants API are paginated. See the linked page for general response format. Each element returned in the data array will be in the format of Merchant request params. Example:
curl -H "Authorization: OAuth $OAUTH" -X GET "https://graph.facebook.com/metapay_partner/merchants?partner_merchant_id=MERCHANT_TEST_1"
{
"data": [
{
"partner_merchant_id": "MERCHANT_TEST_1",
"merchant_status": "DISABLED",
"display_name": "Test merchant 1",
"business_uri": "https://facebook.com/",
"icon_uri": "https://facebook.com/favicon.ico",
"mcc_list": [7311],
"support_email": "example@facebook.com",
"support_phone": "+11234567890",
"valid_origins": [
"https://facebook.com/"
],
"legal_structure": "COMPANY_TYPE_NOT_SPECIFIED",
"status_modifiers":["BLOCKED"],
"effective_merchant_status":"DISABLED"
}
],
"paging": {
"cursors": {
"before": "aaa...",
"after": "bbb..."
},
"next": "https://graph.facebook.com/metapay_partner/merchants?limit=25&after=..."
}
}
Webhooks
You must notify Meta of payment transaction activity by invoking Meta's webhooks whenever any authorization, capture, dispute, payment, or refund occurs.
A 200 OK response indicates that the webhook has been processed successfully. A successful response body will return the container_id:
{
"id":"cGF5bWVudF9jb250YWluZAXI6N2I3ODA1ZATYtZAmRiNS00Yzc4LWFjYjAtZATg3ZAjJhMzg2YTc5XzM2ODkyNjAzMTc4MDEzNzYZD"
}
If a webhook invocation fails, retry the invocation at least three times for at least seventy two hours with incremental backoff. If the invocation still fails, the notification can be captured later during batch reconciliation.
The following is an entity relationship diagram for the resources modeled in the Meta API webhooks. Properties with black dots denote mandatory attributes.
Notification
Each time you invoke a webhook, include a notification parameter in the request body and details for the notification type in the resource field, as described in the sections that follow. The general structure for the notification is the following:
{
idempotence_token: '<your token>',
notification:
{
...
},
resource:
{
...
}
}
Notification Parameter
| Property | Type | Description | Required |
|---|---|---|---|
| String | Your unique identifier for the merchant's account. You can use the following characters: [a-zA-Z0-9_-]. | Yes |
| String | The type of notification. Valid values are: | Yes |
| Int64 | The UNIX timestamp in milliseconds. | Yes |
| String | A unique identifier for the container structure. | Yes |
Notify Authorizations
Make a POST request to /<CONTAINER_ID>/notify_authorizations to notify Meta about authorization activity for a payment transaction.
https://graph.facebook.com/<CONTAINER_ID>/notify_authorizations
Authorization resource
| Property | Type | Description | Required |
|---|---|---|---|
| String | Your unique identifier for the authorization or charge. You can use the following characters: [a-zA-Z0-9_-]. | Yes |
| A notification amount object | The amount that is authorized. Currently, only | Yes |
| String | The status of the authorization. One of: | Yes |
| Int64 | The UNIX timestamp in milliseconds of when the authorization was attempted. | Yes |
| String | A description of the payment transaction. | No |
| String | A description of the payment transaction that appears to the customer, for example on their credit card statement. | No |
| A notification error object. | Details of an error if one occurs. Valid values for | No |
| Object {String : String} | An array of key-value pairs that provide addition information about the authorization. | No |
Notify Captures
Make a POST request to /<CONTAINER_ID>/notify_captures to notify Meta about capture activity for a payment transaction.
https://graph.facebook.com/<CONTAINER_ID>/notify_captures
Capture resource
| Property | Type | Description | Required |
|---|---|---|---|
| String | Your unique identifier for the capture. You can use the following characters: [a-zA-Z0-9_-]. | Yes |
| String | Your previously-created identifier for the authorization or charge that corresponds to this capture. | No |
| A notification amount object | The amount that is captured. Currently, only | Yes |
| String | The status of the capture. One of: | Yes |
| Int64 | The UNIX timestamp in milliseconds of when the capture was attempted. | Yes |
| String | A note from the merchant describing the capture. | No |
| A notification error object. | Details of an error if one occurs. Valid values for | No |
Notify Disputes
Make a POST request to /<CONTAINER_ID>/notify_disputes to notify Meta about dispute activity for a payment transaction.
https://graph.facebook.com/<CONTAINER_ID>/notify_disputes
Dispute resource
| Property | Type | Description | Required |
|---|---|---|---|
| String | Your unique identifier for the dispute. You can use the following characters: [a-zA-Z0-9_-]. | Yes |
| Int64 | The UNIX timestamp in milliseconds of when the dispute was created. | Yes |
| A notification amount object | The amount that is disputed. Currently, only | Yes |
| String | The reason for the dispute. One of: | Yes |
| String | The status of the dispute. One of: | Yes |
| String | Your previously-created identifier for the payment that corresponds to this dispute. | No |
| Array< String> | The identifiers for the captures that correspond to the dispute. This property is optional. | No |
| String | A description of the dispute. | No |
| Object {String : String} | An array of key-value pairs that provide addition information about the dispute. | No |
Notify Payments
Make a POST request to /<CONTAINER_ID>/notify_payments to notify Meta about payment activity that does not relate to money movement operations. E.g. you may decide to not process a user's payment when it fails risk checks.
https://graph.facebook.com/<CONTAINER_ID>/notify_payments
Payment resource
| Property | Type | Description | Required |
|---|---|---|---|
| String | Your unique identifier for the payment. You can use the following characters: [a-zA-Z0-9_-]. | Yes |
| String | The status of the payment. One of: | Yes |
| Int64 | The UNIX timestamp in milliseconds of when the payment was attempted. | Yes |
| Object {String : String} | An array of key-value pairs that provide addition information about the payment. | No |
Notify Refunds
Make a POST request to /<CONTAINER_ID>/notify_refunds to notify Meta about refund activity for a payment transaction.
https://graph.facebook.com/<CONTAINER_ID>/notify_refunds
Refund resource
| Property | Type | Description | Required |
|---|---|---|---|
| String | Your unique identifier for the refund. You can use the following characters: [a-zA-Z0-9_-]. | Yes |
| Int64 | The UNIX timestamp in milliseconds of when the refund was created. | Yes |
| A notification amount object | The amount that is refunded. Currently, only | Yes |
| String | The status of the refund. One of: | Yes |
| String | Your previously-created identifier for the capture that corresponds to this refund. | No |
| String | A description of the refund. | No |
| String | A description of the refund that appears to the customer, for example on their credit card statement. | No |
| A notification error object. | Details of an error if one occurs. Valid values for | No |
| Object {String : String} | An array of key-value pairs that provide addition information about the refund. | No |
Notification Amount Object
Use an amount object to represent a monetary value in a specific currency for notifications for authorizations, captures, disputes, and refunds.
Amount object
| Property | Type | Description |
|---|---|---|
| String | The 3-letter currency code from the ISO 4217 standard for the the monetary amount. For the list of currency codes, see ISO 4217. Currently, only |
| Int | The value of the monetary amount expressed in the smallest unit of |
Notification Error Object
If an error occurs when you process an authorization, capture, payment, or refund, include an error object in the resource to provide information about the error.
Error object
| Property | Type | Description |
|---|---|---|
| String | A Meta-specific error code. Valid values depend on the notification type and are documented in the preceding sections. |
| String | Your code for the error. |
| String | Your description of the error. |