Authorization and save token
Request to obtain an authorization for a proposed funds transfer and save the card details for re-use. An authorization is a response from a financial institution indicating that payment information is valid and funds are available in the payer's account. Card details are supplied.
If the authorization is successful and a Unique Token repository is used, the card details are stored or updated against the provided token. If no token is provided, one is generated.
If the authorization is successful and a Unique Card Number repository is used and the card details have not previously been stored, a new system-generated token is used, otherwise the existing token is updated with the card details (the card number cannot be changed).
Authentication Copied to clipboard
This operation requires authentication via one of the following methods:
- Certificate authentication.
- Basic HTTP authentication as described at w3.org. To authenticate to the API, leave the userid portion (to the left of the colon) blank and fill the password section with the API password provided to you.
Request Copied to clipboard
URL Parameters Copied to clipboard
Alphanumeric + additional characters
REQUIRED
Your identifier issued to you by your provider.
Data may consist of the characters 0-9, a-z, A-Z, '-', '_'
Min length: 1 Max length: 40Alphanumeric
REQUIRED
Uniquely identifies a card and associated details.
A value of "generated" indicates that the system should generate the token for the caller. The token must always be "generated" when performing stores with a Unique Card Number repository."generated" is not valid for retrieve operations.
Data may consist of the characters 0-9, a-z, A-Z
Min length: 1 Max length: 40Integer
REQUIRED
The unique identifier of the order, to distinguish it from any other order you ever issue.
A number comprising the digits 0-9, having at least one digit. (For a complete description, see http://www.w3.org/TR/xmlschema-2/#nonNegativeInteger.)
Min value: 10000000000 Max value: 9999999999999999String
REQUIRED
The unique identifier of the transaction, to distinguish it from other transactions on the order.
Data can consist of any characters
Min length: 1 Max length: 40Fields Copied to clipboard
Enumeration
The risk rules you wish to bypass when performing risk assessment for an order.
Value must be a member of the following list. The values are case sensitive.
ALL
String
= SAVE
FIXED
Any sequence of zero or more unicode characters.
String
= AUTHORIZE
FIXED
Any sequence of zero or more unicode characters.
String
The city portion of the billing address.
Data can consist of any characters
Upper case alphabetic text
The 3 character ISO standard alpha country code of the billing address.
Data must consist of the characters A-Z
String
The Postal/Zip code of the billing address.
Data can consist of any characters
String
The State/Province code of the billing address.
Data can consist of any characters
String
The street name and number of the billing address.
Data can consist of any characters
String
The phone number of the person that the bill is being sent to.
Data can consist of any characters
Expiry date, as shown on the card.
Digits
REQUIRED
Month, as shown on the card.
Months are numbered January=1, through to December=12.
Data is a number between 1 and 12 represented as a string.
Digits
REQUIRED
Year, as shown on the card.
The Common Era year is 2000 plus this value.
Data is a string that consists of the characters 0-9.
String
The first name of the person that the bill is being sent to.
Data can consist of any characters
String
The full name of the person that the bill is being sent to.
Data can consist of any characters
String
The last name or surname of the person that the bill is being sent to.
Data can consist of any characters
String
The middle name of the person that the bill is being sent to.
If there is more than one middle name, this is the first middle name.
Data can consist of any characters
String
The title of the person that the bill is being sent to.
Data can consist of any characters
Digits
REQUIRED
Credit card number as printed on the card.
Data is a string that consists of the characters 0-9.
Digits
Card verification code, as printed on the back or front of the card.
Data is a string that consists of the characters 0-9.
String
A transient identifier for the request, that can be used to match the response to the request.
The value provided is not validated, does not persist in the gateway, and is returned as provided in the response to the request.
Data can consist of any characters
String
The IP address of the computer used by the cardholder, format: nnn.nnn.nnn.nnn
Data can consist of any characters
String
The identifier of the order.
For example, a shopping cart number, an order number, or an invoice number.
Data can consist of any characters
Decimal
REQUIRED
Transaction Amount.
Expressed as a decimal number in the units of the currency. For example 12.34 in USD is the amount 12 dollars and 34 cents.
Data is a string that consists of the characters 0-9 and '.' and represents a valid decimal number.
Upper case alphabetic text
REQUIRED
The currency of the order expressed as an ISO 4217 alpha code.
Data must consist of the characters A-Z
String
The identifier of the transaction, to distinguish it from all transactions you ever issue on any order.
For example, a shopping cart number or an invoice number.
Data can consist of any characters
Response Copied to clipboard
Fields Copied to clipboard
Enumeration
The type of bank account the cardholder wishes to use for the transaction.
For example, Savings or Check.
Value must be a member of the following list. The values are case sensitive.
CHECK
SAVINGS
Digits
The card sequence number for transactions where the data is read through a chip on the EMV card.
Data is a string that consists of the characters 0-9.
The expiry date as it appears on the card.
Digits
ALWAYS PROVIDED
Month, as shown on the card.
Months are numbered January=1, through to December=12.
Data is a number between 1 and 12 represented as a string.
Digits
ALWAYS PROVIDED
Year, as shown on the card.
The Common Era year is 2000 plus this value.
Data is a string that consists of the characters 0-9.
Digits
The issue number embossed onto the card, for cards such as Maestro.
Data is a string that consists of the characters 0-9.
Masked digits
ALWAYS PROVIDED
The account number embossed onto the card with your masking settings applied or 6.4 whichever is more restrictive e.g. 000000xxxxxx0000.
Data is a string that consists of the characters 0-9, plus 'x' for masking
Alphanumeric
The code used to indicate the existence of the Card Security Code value.
Data may consist of the characters 0-9, a-z, A-Z
The start date as it appears on the card.
Digits
ALWAYS PROVIDED
Month, as shown on the card.
Months are numbered January=1, through to December=12.
Data is a number between 1 and 12 represented as a string.
Digits
ALWAYS PROVIDED
Year, as shown on the card.
The Common Era year is 2000 plus this value.
Data is a string that consists of the characters 0-9.
Alphanumeric
Uniquely identifies a card and associated details.
May be the token provided by the merchant, or a system-generated value. A system-generated token is 16 digits long, starts with 9, and is in the format of 9nnnnnnnnnnnnnnC, where n represents any number, and C represents a check digit such that the token will conform to the Luhn algorithm.
Data may consist of the characters 0-9, a-z, A-Z
Enumeration
ALWAYS PROVIDED
Card type of the supplied card.
Value must be a member of the following list. The values are case sensitive.
AMEX
AMEX_PURCHASE_CARD
BANAMEX_COSTCO
CARNET
CARTE_BANCAIRE
COSTCO_MEMBER_CREDIT
DINERS_CLUB
DISCOVER
EBT
ELO
FARMERS_CARD
JCB
LASER
MAESTRO
MASTERCARD
MASTERCARD_PURCHASE_CARD
OTHER
PRIVATE_LABEL_CARD
Q_CARD
RUPAY
SORIANA
TRUE_REWARDS
UATP
VISA
VISA_DEBIT
VISA_PURCHASE_CARD
String
A transient identifier for the request, that can be used to match the response to the request.
The value provided is not validated, does not persist in the gateway, and is returned as provided in the response to the request.
Data can consist of any characters
Alphanumeric + additional characters
ALWAYS PROVIDED
Your identifier issued to you by your provider.
Data may consist of the characters 0-9, a-z, A-Z, '-', '_'
Information about the order
Integer
ALWAYS PROVIDED
The unique identifier of the order, that distinguishes it from any other order you ever issue.
JSON number data type, restricted to being positive or zero. In addition, the represented number may have no fractional part.
String
The value provided by you to identify the order.
Data can consist of any characters
Decimal
ALWAYS PROVIDED
The transaction amount
Data is a decimal number.
Decimal
ALWAYS PROVIDED
The transaction amount
Data is a decimal number.
Decimal
ALWAYS PROVIDED
The transaction amount
Data is a decimal number.
Enumeration
The status codes used by the Payment Gateway to show whether the payment authentication was successful or not.
Value must be a member of the following list. The values are case sensitive.
ACS_TIMEOUT
Session timed out. The card holder did not return from the issuer/ACS
AUTHENTICATED
Authentication successful
AUTHENTICATION_ATTEMPTED
Authentication was attempted, but could not be completed.
CARD_NOT_SUPPORTED
Card does not support 3D Secure authentication
DS_AUTHENTICATION_FAILED
Merchant ID and Password failed authentication with the Directory Server (Contact Support to rectify)
DS_COMMUNICATION_ERROR
Error communicating with the Directory Server
INTERNAL_ERROR
Internal processing error
NOT_AUTHENTICATED
Authentication failed
NOT_ENROLLED
Card holder is not enrolled
PARSE_ERROR
Error parsing response
REQUEST_INVALID
The request is missing fields or an error exists in the format
SIGNATURE_ERROR
Error validating signature on response
UNDETERMINED
Authentication could not be completed
ASCII Text
Value as generated by the acquirer that summarizes the success or otherwise of the proposed operation.
Data consists of ASCII characters
ASCII Text
The response from the acquirer in the text form.
This field is used in addition to response.acquirerCode for some acquirers where additional information needs to be communicated. For example, contact details to allow the merchant to contact the issuer directly to seek authorisation for the transaction.
Data consists of ASCII characters
ASCII Text
The acquirer AVS response code generated by the card issuing institution.
Data consists of ASCII characters
Enumeration
The address verification result generated to indicate whether the address data supplied matches the data held by the cardholder's issuing bank.
Value must be a member of the following list. The values are case sensitive.
ADDRESS_MATCH
Street address matched
ADDRESS_ZIP_MATCH
Street address and zip/postcode were matched
NAME_ADDRESS_MATCH
Card holder name and street address matched
NAME_MATCH
Card holder name matched
NAME_ZIP_MATCH
Card holder name and zip/postcode matched
NOT_AVAILABLE
No data available from issuer or AVS data not supported for transaction
NOT_REQUESTED
AVS not requested
NOT_VERIFIED
AVS could not be verified for an international transaction
NO_MATCH
No match
SERVICE_NOT_AVAILABLE_RETRY
Issuer system is unavailable. Retry can be attempted
SERVICE_NOT_SUPPORTED
Service currently not supported by acquirer or merchant
ZIP_MATCH
Zip/postcode matched. Street address not matched
ASCII Text
The acquirer CSC response code generated by the card issuing institution.
Data consists of ASCII characters
Enumeration
The card security code result generated to indicate whether the data supplied matches the data held by the cardholder's issuing bank.
Value must be a member of the following list. The values are case sensitive.
MATCH
Valid or matched.
NOT_PRESENT
Merchant indicated CSC not present on card.
NOT_PROCESSED
Not processed.
NOT_SUPPORTED
Card issuer is not registered and/or certified
NO_MATCH
Invalid or not matched.
String
The container for additional information about a transaction.
Only returned for some errors and is dependent on the merchant's configuration. Returned in error, declined and approved scenarios, but would only be used to trouble shoot issues.
Data can consist of any characters
Enumeration
ALWAYS PROVIDED
Summary of the success or otherwise of the proposed operation.
Value must be a member of the following list. The values are case sensitive.
ABORTED
Transaction aborted by card holder
ACQUIRER_SYSTEM_ERROR
Acquirer system error occurred processing the transaction
APPROVED
Transaction Approved
AUTHENTICATION_FAILED
Payer authentication failed
BLOCKED
Transaction blocked due to Risk or 3D Secure blocking rules
CANCELLED
Transaction cancelled by card holder
DECLINED
The requested operation was not successful. For example, a payment was declined by issuer or payer authentication was not able to be successfully completed.
DECLINED_AVS
Transaction declined due to address verification
DECLINED_AVS_CSC
Transaction declined due to address verification and card security code
DECLINED_CSC
Transaction declined due to card security code
DECLINED_DO_NOT_CONTACT
Transaction declined - do not contact issuer
DECLINED_PAYMENT_PLAN
Transaction declined due to payment plan
DEFERRED_TRANSACTION_RECEIVED
Deferred transaction received and awaiting processing
DUPLICATE_BATCH
Transaction declined due to duplicate batch
EXCEEDED_RETRY_LIMIT
Transaction retry limit exceeded
EXPIRED_CARD
Transaction declined due to expired card
INSUFFICIENT_FUNDS
Transaction declined due to insufficient funds
INVALID_CSC
Invalid card security code
LOCK_FAILURE
Order locked - another transaction is in progress for this order
NOT_ENROLLED_3D_SECURE
Card holder is not enrolled in 3D Secure
NOT_SUPPORTED
Transaction type not supported
PENDING
Transaction is pending
REFERRED
Transaction declined - refer to issuer
SUBMITTED
The transaction has successfully been created in the gateway. It is either awaiting submission to the acquirer or has been submitted to the acquirer but the gateway has not yet received a response about the success or otherwise of the payment.
SYSTEM_ERROR
Internal system error occurred processing the transaction
TIMED_OUT
The gateway has timed out the request to the acquirer because it did not receive a response. You can handle the transaction as a declined transaction. Where possible the gateway will attempt to reverse the transaction.
UNKNOWN
The transaction has been submitted to the acquirer but the gateway was not able to find out about the success or otherwise of the payment. If the gateway subsequently finds out about the success of the payment it will update the response code.
UNSPECIFIED_FAILURE
Transaction could not be processed
Enumeration
The overall result of risk assessment returned by the Payment Gateway for each authorization or pay transaction.
Value must be a member of the following list. The values are case sensitive.
ACCEPT
Order accepted
NOT_CHECKED
Merchant risk rules were not checked and system rules did not reject the Order
REJECT
Order rejected
REVIEW
Order marked for review
SYSTEM_REJECT
Order rejected due to system rule
Enumeration
The result of order reversal for each authorization or pay transaction that occurred due to risk assessment.
Orders rejected after the financial transaction due to risk assessment are automatically reversed by the system.
Value must be a member of the following list. The values are case sensitive.
FAIL
The attempt to Backout failed.
NOT_APPLICABLE
Backout was not possible (eg backout not supported)
OKAY
The attempt to Backout succeeded.
Enumeration
The decision made when the overall risk result returns Review.
Value must be a member of the following list. The values are case sensitive.
NOT_REQUIRED
No review required
ORDER_CANCELLED
The order has been cancelled and a reversal transaction was attempted
ORDER_RELEASED
The order has been released for processing
PENDING
A decision to release/cancel the order is pending
Enumeration
ALWAYS PROVIDED
A system-generated high level overall result of the transaction/operation.
Value must be a member of the following list. The values are case sensitive.
FAILURE
The operation was declined or rejected by the gateway, acquirer or issuer
PENDING
The operation is currently in progress or pending processing
SUCCESS
The operation was successfully processed
UNKNOWN
The result of the operation is unknown
String
The date the transaction was processed, as returned by the acquirer.
Not returned by most acquirers.
Data can consist of any characters
String
ALWAYS PROVIDED
The ID for the acquirer used to process the transaction.
Data can consist of any characters
String
The time the transaction was processed, as returned by the acquirer.
Not returned by most acquirers.
Data can consist of any characters
Decimal
ALWAYS PROVIDED
Transaction Amount.
Expressed as a decimal number in the units of the currency. For example 12.34 in USD is the amount 12 dollars and 34 cents.
Data is a decimal number.
ASCII Text
Value generated by the issuing bank in response to a proposal to transfer funds.
Data consists of ASCII characters
Integer
The batch in which the transaction was processed.
JSON number data type, restricted to being positive or zero. In addition, the represented number may have no fractional part.
Alphanumeric
ALWAYS PROVIDED
The currency of the order expressed as an ISO 4217 alphanumeric code.
Data may consist of the characters 0-9, a-z, A-Z
String
ALWAYS PROVIDED
The unique identifier of the transaction, that distinguishes it from other transactions on the order.
Data can consist of any characters
ASCII Text
A unique reference generated by the acquirer for a specific merchant interaction.
The reference may be used when contacting the acquirer about a specific transaction.
Data consists of ASCII characters
String
The value provided by you to identify the transaction within all orders.
Data can consist of any characters
String
The terminal configured at the processor/acquirer used to process the transaction.
Data can consist of any characters
Enumeration
ALWAYS PROVIDED
Indicates the type of action performed on the order.
Value must be a member of the following list. The values are case sensitive.
AUTHORIZATION
Authorization
CAPTURE
Capture
PAYMENT
Payment (Purchase)
REFUND
Refund
VOID_AUTHORIZATION
Void Authorization
VOID_CAPTURE
Void Capture
VOID_PAYMENT
Void Payment
VOID_REFUND
Void Refund
Errors Copied to clipboard
Information on possible error conditions that may occur while processing an operation using the API.
Enumeration
Broadly categorizes the cause of the error.
For example, errors may occur due to invalid requests or internal system failures.
Value must be a member of the following list. The values are case sensitive.
INVALID_REQUEST
The request was rejected because it did not conform to the API protocol.
REQUEST_REJECTED
The request was rejected due to security reasons such as firewall rules, expired certificate, etc.
SERVER_BUSY
The server did not have enough resources to process the request at the moment.
SERVER_FAILED
There was an internal system failure.
String
Textual description of the error based on the cause.
This field is returned only if the cause is INVALID_REQUEST or SERVER_BUSY.
Data can consist of any characters
String
Indicates the code that helps the support team to quickly identify the exact cause of the error.
This field is returned only if the cause is SERVER_FAILED or REQUEST_REJECTED.
Data can consist of any characters
Enumeration
A system-generated high level overall result of the operation.
Value must be a member of the following list. The values are case sensitive.
ERROR
The operation resulted in an error and hence cannot be processed.