Radial Integration | 2016
Credit cards are the most commonly accepted payment method type and are enabled for all Payment Service integrations. To take an order, funds are authorized on a credit card. As merchandise for an order is shipped, authorized funds are captured in the amount that matches the value of the shipped goods.
There are currently 3 different sequences that can be used for making a credit card authorization.
Sequence 1 : Card Not Present This sequence is used for eCommerce transactions, and digital wallet transactions in which the wallet information has been previously decrypted and the type indicated in the POSMethod element.
Sequence 2 : Card Present This sequence is used for all card present transactions, whether the card be read by swipe, chip, contactless, or other reading methods.
Sequence 3 : Digital Wallet This sequence is used when a digital wallet transaction (ie: ApplePay) is being made and the data from the wallet has NOT been decrypted yet and will be sent on the request.
| Action | URI Template | URI Example | Non-URI Request | Response |
|---|---|---|---|---|
| POST | /v[M.m]/stores/[StoreID]/ payments/creditcard/auth/ [TenderCode].[format] |
/v1.0/stores/store123/ payments/creditcard/auth/vc.xml |
XML | 200 + XML response |
The request is a Card Not Present CreditCardAuthRequest message.
<?xml version="1.0" encoding="UTF-8"?>
<CreditCardAuthRequest xmlns="http://api.gsicommerce.com/schema/checkout/1.0"
requestId="1234567890ABCD">
<PaymentContext>
<OrderId>OrderId0</OrderId>
<PaymentAccountUniqueId isToken="false">PaymentAccountUniqueId</PaymentAccountUniqueId>
</PaymentContext>
<ExpirationDate>2013-09</ExpirationDate>
<CardSecurityCode>123</CardSecurityCode>
<Amount currencyCode="USD">50.00</Amount>
<BillingFirstName>John</BillingFirstName>
<BillingLastName>Smith</BillingLastName>
<BillingPhoneNo>6101234567</BillingPhoneNo>
<BillingAddress>
<Line1>123 Main St</Line1>
<Line2>Building 123</Line2>
<Line3>4th Floor</Line3>
<Line4>Apt 12</Line4>
<City>Philadelphia</City>
<MainDivision>PA</MainDivision>
<CountryCode>US</CountryCode>
<PostalCode>19019</PostalCode>
</BillingAddress>
<CustomerEmail>customer@sample.com</CustomerEmail>
<CustomerIPAddress>208.247.73.130</CustomerIPAddress>
<ShipToFirstName>John</ShipToFirstName>
<ShipToLastName>Smith</ShipToLastName>
<ShipToPhoneNo>6101234567</ShipToPhoneNo>
<ShippingAddress>
<Line1>123 Main St</Line1>
<Line2>Building 123</Line2>
<Line3>4th Floor</Line3>
<Line4>Apt 12</Line4>
<City>Philadelphia</City>
<MainDivision>PA</MainDivision>
<CountryCode>US</CountryCode>
<PostalCode>19019</PostalCode>
</ShippingAddress>
<!-- only set below to true if you got an auth + CVV/AVS error and are looking to
get a clean CVV/AVS before taking the order -->
<isRequestToCorrectCVVOrAVSError>false</isRequestToCorrectCVVOrAVSError>
<!-- section below is to capture Verified By Visa/Mastercard SecureCode data -->
<SecureVerificationData>
<AuthenticationAvailable>Y</AuthenticationAvailable>
<AuthenticationStatus>A</AuthenticationStatus>
<CavvUcaf>gsdsXXggggg</CavvUcaf>
<TransactionId>AAAxxx6667dsfsdfd</TransactionId>
<ECI>05</ECI>
<PayerAuthenticationResponse>eJydVNtu4jAQ/RVE37oCJ+HSggZLKbQSqrpLuSy8mmSSWAsOjR2g+/
U7DhAi1IfdnYdkfDznzLHjGOZJhjiaYZBnyOENtRYx1mQ4qIt1ELpeq13nMPGnqG/BPWZapoq7TafpAbsMSSMLE
qEMBxF8PI2/804RwM5D2GI2HvFeNYCdQGBX9iS3mSZXRxnSTPEMhUHuOa7rdD2n5j70272+R/QCh52l+Ns0J/5j
u2ubViGgRWaogk+adICVI8DjLlVIFbSOMgd2dbATijtF3BdhM9ImFOYrDkZuq64eratWF1iBgzbC5Jr7wM4ZBGK
/58mvxSx6eniXs9l66Ps/li/fPvzVs08xIHO2BDCQ3HHJFL0Llr+J00yaZMtbp5orAMxaYcW34jCTsaJmGdaO24
3Sg3pizK7P2OFwaB5azTSLmUeLYE6PUUGoZXxXP7EwHKso/SfaUKhUyUBs5G9h6BC8oUnSsFZ6+0pmPrVKLps+D
xsk1QjctmpYxGm5HdJkX4tWVvY3XW7NZlo0dCJc2+BGiMMUI7QnAmuL6XhQvyu2UvXyaCmj9dqPwsXoJTq8TpbE
HskYtfkfC5f2VYWL3k+xybGcu4xKX2fTpy9U2YlL4S3wip+nylXH6Y2EEVRTScvpK7H4A4s7wJ6n6t3wB1RLYIQ
=</PayerAuthenticationResponse>
</SecureVerificationData>
<SchemaVersion>1.2</SchemaVersion>
</CreditCardAuthRequest>| Element | Required | Description | Type | Restriction |
|---|---|---|---|---|
| PaymentContext | Yes | Unique identifier of the payment transaction for the order | ComplexType | |
| PaymentContext/ OrderId |
Yes | Unique identifier of the order. The client must ensure uniqueness of OrderIds across all transactions that the client initiates with this service. | String | Max 20 characters |
| PaymentContext/ PaymentAccountUniqueId |
Yes - Either PaymentAccountUniqueId or EncryptedPayment AccountUniqueId must be present. | Either a raw PAN (payment account number such as a credit card number) or a token representing a PAN | String | Max 22 characters |
| PaymentContext/ PaymentAccountUniqueId @isToken |
Yes (when PaymentAccountUniqueId is present) | Attribute that indicates whether the payment account number is tokenized | String | true or false |
|
PaymentContext/ |
Yes - Either PaymentAccountUniqueId or EncryptedPayment AccountUniqueId must be present. | Client-encrypted PAN. Used for clients who use client-side encryption to encrypt credit card numbers in the JavaScript that runs in their browser. For a webstore that is not PCI compliant, this ensures that the webstore never sees raw PANs. | String | Max 1000 characters |
| ExpirationDate | Yes | Expiration date of the credit card | String | yyyy-MM (year followed by month) |
| CardSecurityCode | No | CVV2 code on the back of the credit card | String | 3 or 4 digits |
|
EncryptedCardSecurityCode |
No | Encrypted CVV2 code on the back of the credit card | String | 1000 digits |
| Amount | Yes | Currency amount being authorized on the credit card | String |
Positive decimal, up to two decimal places (for example, 4.75) |
| Amount/ @currencyCode |
Yes | Type of currency used for the order | String | 3-character ISO 4217 code (for example, USD, CAD, EUR). See
http://en.wikipedia.org/ wiki/ISO_4217. |
| BillingFirstName | Yes | First name of the person on the billing address of the credit card | String | Max 64 characters |
| BillingLastName | Yes | Last name of the person on the billing address of the credit card | String | Max 64 characters |
| BillingPhoneNo | Yes | Phone number of the person on the billing address of the credit card | String | Max 15 characters |
| BillingAddress | Yes (for AVS verification) | Billing address of the credit card | ComplexType | |
| BillingAddress/ Line1 |
Yes | Line# components of the billing street address and, if necessary, suite and building identifiers for the physical address. Line1 is required. Other Line# components are optional. | String | Max 70 characters |
| BillingAddress/ Line2 |
No | String | Max 70 characters | |
| BillingAddress Line3 |
No | String | Max 70 characters | |
| BillingAddres Line4 |
No | String | Max70 characters | |
| BillingAddress/ City |
Yes | Name of the city | String | Max 40 characters |
| BillingAddress/ MainDivision |
Yes | Two- or three-digit postal abbreviation for the state or province. The ISO 3166-2 code is recommended, but not required. See http://en.wikipedia.org/wiki/ISO_3166-2. | String | Max 30 characters |
| BillingAddress/ CountryCode |
Yes | Two digit country code. The ISO 3166 alpha 2 code is recommended, but not required. See: http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2. | String | 2-40 characters |
| BillingAddress/ PostalCode |
Depends on country. Yes for US and Canada | String of letters and/or numbers that specifies the delivery area more closely than the city alone (for example, US ZIP code) | String | Max 30 characters |
| CustomerEmail | Yes | Email address of the customer who is making the purchase. Used for realtime fraud checking by our API and payment processors. | String | Max 70 characters |
| CustomerIPAddress | Yes | IP address of the customer who is making the purchase. Used for realtime fraud checking by our API and payment processors. | String | Max 70 characters |
| ShipToFirstName | Yes | First name of the person on the first/primary shipping address of the order. Used for realtime fraud checking by our API and payment processors. | String | 64 characters. |
| ShipToLastName | Yes | Last name of the person on the first/primary shipping address of the order. Used for realtime fraud checking by our API and payment processors. | String | Max 64 characters. |
| ShipToPhoneNo | No | Phone number of the person on the first/primary shipping address of the order. Used for realtime fraud checking by our API and payment processors. | String | Max 15 characters. |
| ShippingAddress | Yes | First/primary shipping address of the order. Used for realtime fraud checking by our API and payment processors. | ComplexType | |
| ShippingAddress/ Line1 |
Yes |
Line# components of the shipping street address and, if necessary, suite and building identifiers for the physical address. Line1 is required. Other Line# components are optional. |
String | Max 70 characters |
| ShippingAddress/ Line2 |
No | String | Max 70 characters | |
| ShippingAddress/ Line3 |
No | String | Max 70 characters | |
| ShippingAddress/ Line4 |
No | String | Max 70 characters | |
| ShippingAddress/ City |
Yes | Name of the city | String | Max 40 characters |
| ShippingAddress/ MainDivision |
Yes |
Two- or three-digit postal abbreviation for the state or province. The ISO 3166-2 code is recommended, but not required. See http://en.wikipedia.org/wiki/ISO_3166-2. |
String | Max 30 characters |
| ShippingAddress/ CountryCode |
Yes |
Two digit country code. The ISO 3166 alpha 2 code is recommended, but not required. See: http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2. |
String | 2-40 characters |
| ShippingAddress/ PostalCode |
Varies based on country. Yes for US/Canada |
String of letters and/or numbers that specifies the delivery area more closely than the city alone (for example, U.S. ZIP code) |
String | Max 30 characters |
| POSMethod | No |
An identifier for the type of Point Of Sale method used. This is used to mark transaction as being of a specific method. (ie: ApplePay, Virtual Wallet, Samsung Pay, Bitcoin).
Values: ApplePay - Indicates that the request is an ApplePay authorization |
Enum |
Virtual Wallet ApplePay |
| isRequestToCorrect CVVOrAVSError |
Yes |
Setting that indicates this is an authorization re-submission to correct an AVS or CVV error Even when an AVS or CVV error occurs, the credit card processor authorizes a credit card and reserves the authorized amount from the available credit limit on the credit card. Customers must fix AVS and CVV errors. We do not want to double-authorize the amount already authorized on the customer's card. If this element is set true, the Payment Service decrements the authorized amount for purposes of the AVS/CVV check (for example, in the US authorizes for $0.01). |
Boolean | true or false |
| SecureVerificationData | No |
3D Secure and Verified by Visa verification data 3D Secure is an XML-based protocol that provides additional security for online credit and debit card transactions. |
ComplexType | true or false |
| SecurityVerificationData/ AuthenticationAvailable |
Yes (required as part of SecureVerificationData) |
Code used for Verified by Visa eCommerce transactions only. For all other transactions, enter spaces. Verify enrollment response from the VERes message, returned to the POE from the Access Control Server (ACS) as a result of a Verify Enrollment Request. Y - Card eligible for authentication processing. N - Authentication attempted. Card eligible for attempts liability, but attempts proof is not available from issuer. U - Unable to process, or card not eligible for attempts liability. |
String | 1 character |
| SecurityVerificationData/ AuthenticationStatus |
Yes (required as part of SecureVerificationData) | Transactions status code used for Verified by Visa and MasterCard SecureCode
transactions only. For all other transactions, enter spaces only. The code is returned in the PARes message from the ACS server in the Transaction Status field. Y - Authentication approved. A - Authentication attempted. U - Unable to authenticate due to technical problems or excluded card type. N - Authentication failed. |
String | 1 character |
| SecurityVerificationData/ CavvUcaf |
Yes (required as part of SecureVerificationData) |
Data used for Verified by Visa and MasterCard SecureCode eCommerce transactions only. Data is returned in the authentication request. For Visa, this field contains the CAVV value in upacked, displayable format (0-9, A-F). For MasterCard, this field contains the UCAF data in upacked, displayable, base-64 format (A-Z, a-z, 0-9, +, /, -). Left justified, space-filled right. |
String | Max 64 characters |
| SecurityVerificationData/ TransactionId |
Yes (required as part of SecureVerificationData) | ID used for Verified by Visa eCommerce transactions only. Contains XID data returned from the authentication request in upacked, displayable format (0-9, A-F). Left justified, space-filled right. | String | Max 64 characters |
| SecurityVerificationData/ ECI |
Optional (Visa transactions only) | ECI value received from Visa | String | 1 character |
| SecurityVerificationData/ PayerAuthenticationResponse |
Yes (required as part of SecureVerificationData) |
Result of the cardholder authentication performed by the card issuer Access Control Server(ACS) |
String | Max 10000 characters |
| SchemaVersion | Yes |
Although marked as optional in the the schema, this element needs to be passed at all times with a value of 1.2 or greater in order to receive elements like 'ResponseCode' and 'TenderType' in the Response message. |
String |
pattern = "([0-9]+\.)*[0-9]+". |
| requestId | Yes | RequestId globally identifies a request message and is used to protect against duplicate request processing | String | Up to 40 Characters. |
The request is a Card Present CreditCardAuthRequest message.
<?xml version="1.0" encoding="UTF-8"?>
<CreditCardAuthRequest xmlns="http://api.gsicommerce.com/schema/checkout/1.0"
requestId="1234567890ABCD">
<OrderId>OrderId0</OrderId>
<CardPresentEncryptedBlob>EncryptedBlob</CardPresentEncryptedBlob>
<CardPresentSecurityCode>123</CardPresentSecurityCode>
<Amount currencyCode="USD">50.00</Amount>
<TerminalId>1</TerminalId>
<CustomerIPAddress>127.0.0.1</CustomerIPAddress>
<ShipToFirstName>John</ShipToFirstName>
<ShipToLastName>Smith</ShipToLastName>
<ShipToPhoneNo>6101234567</ShipToPhoneNo>
<ShipToAddress>
<Line1>123 Main St</Line1>
<Line2>Building 123</Line2>
<Line3>4th Floor</Line3>
<Line4>Apt 12</Line4>
<City>Philadelphia</City>
<MainDivision>PA</MainDivision>
<CountryCode>US</CountryCode>
<PostalCode>19019</PostalCode>
</ShipToAddress>
<PaymentAccountEntryMode>CARD_SWIPED</PaymentAccountEntryMode>
<AuthenticationEntryMode>PIN</AuthenticationEntryMode>
<TransactionConditionCode>CARDHOLDER_PRESENT_CARD_PRESENT</TransactionConditionCode>
<TerminalCategoryCode>ELECTRONIC_PAYMENT_TERMINAL</TerminalCategoryCode>
<TerminalEntryCapability>MAGNETIC</TerminalEntryCapability>
<KeyedInExpirationDate>2016-01</KeyedInExpirationDate>
<SchemaVersion>1.2</SchemaVersion>
</CreditCardAuthRequest>| Element | Required | Description | Type | Restriction |
|---|---|---|---|---|
| OrderId | Yes | Unique identifier of the order. The client must ensure uniqueness of OrderIds across all transactions that the client initiates with this service. | String | Max 20 characters |
| CardPresentEncryptedBlob | Yes | Client-encrypted track data. Contains the cardholder's name, account number and other discretionary data | String | No restrictions |
| CardPresentSecurityCode | Yes | CVV2 code on the back of the credit card | String | 3 or 4 digits |
| Amount | Yes | Currency amount being authorized on the credit card | String |
Positive decimal, up to two decimal places (for example, 4.75) |
| TerminalId | No | Unique id that identifies a specific terminal at a merchant location | String | No restrictions |
| CustomerIPAddress | Yes | IP address of the customer who is making the purchase. Used for realtime fraud checking by our API and payment processors. | String | Max 70 characters |
| ShipToFirstName | Yes | First name of the person on the ShipTo address of the credit card | String | Max 64 characters |
| ShipToLastName | Yes | Last name of the person on the ShipTo address of the credit card | String | Max 64 characters |
| ShipToPhoneNo | No | Phone number of the person on the ShipTo address of the credit card | String | Max 15 characters |
| ShipToAddress | Yes | ShipTo address of the credit card | ComplexType | |
| ShipToAddress/ Line1 |
Yes | Line# components of the ShipTo street address and, if necessary, suite and building identifiers for the physical address. Line1 is required. Other Line# components are optional. | String | Max 70 characters |
| ShipToAddress/ Line2 |
No | String | Max 70 characters | |
| ShipToAddress Line3 |
No | String | Max 70 characters | |
| ShipToAddres Line4 |
No | String | Max70 characters | |
| ShipToAddress/ City |
Yes | Name of the city | String | Max 40 characters |
| ShipToAddress/ MainDivision |
Yes | Two- or three-digit postal abbreviation for the state or province. The ISO 3166-2 code is recommended, but not required. See http://en.wikipedia.org/wiki/ISO_3166-2. | String | Max 30 characters |
| ShipToAddress/ CountryCode |
Yes | Two digit country code. The ISO 3166 alpha 2 code is recommended, but not required. See: http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2. | String | 2-40 characters |
| ShipToAddress/ PostalCode |
Depends on country. Yes for US and Canada | String of letters and/or numbers that specifies the delivery area more closely than the city alone (for example, US ZIP code) | String | Max 30 characters |
|
EncryptedCardSecurityCode |
Yes - Either CardSecurityCode or EncryptedCard SecurityCode must be present. | Encrypted CVV2 code on the back of the credit card | String | 1000 digits |
| Amount/ @currencyCode |
Yes | Type of currency used for the order | String | 3-character ISO 4217 code (for example, USD, CAD, EUR). See http://en.wikipedia.org/wiki/ISO_4217. |
| CustomerEmail | Yes | Email address of the customer who is making the purchase. Used for realtime fraud checking by our API and payment processors. | String | Max 70 characters |
| ShipToFirstName | Yes | First name of the person on the first/primary shipping address of the order. Used for realtime fraud checking by our API and payment processors. | String | 64 characters. |
| ShipToLastName | Yes | Last name of the person on the first/primary shipping address of the order. Used for realtime fraud checking by our API and payment processors. | String | Max 64 characters. |
| ShipToPhoneNo | Yes | Phone number of the person on the first/primary shipping address of the order. Used for realtime fraud checking by our API and payment processors. | String | Max 15 characters. |
| ShippingAddress | Yes | First/primary shipping address of the order. Used for realtime fraud checking by our API and payment processors. | ComplexType | |
| ShippingAddress/ Line1 |
Yes |
Line# components of the shipping street address and, if necessary, suite and building identifiers for the physical address. Line1 is required. Other Line# components are optional. |
String | Max 70 characters |
| ShippingAddress/ Line2 |
No | String | Max 70 characters | |
| ShippingAddress/ Line3 |
No | String | Max 70 characters | |
| ShippingAddress/ Line4 |
No | String | Max 70 characters | |
| ShippingAddress/ City |
Yes | Name of the city | String | Max 40 characters |
| ShippingAddress/ MainDivision |
Yes |
Two- or three-digit postal abbreviation for the state or province. The ISO 3166-2 code is recommended, but not required. See http://en.wikipedia.org/wiki/ISO_3166-2. |
String | Max 30 characters |
| ShippingAddress/ CountryCode |
Yes |
Two digit country code. The ISO 3166 alpha 2 code is recommended, but not required. See: http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2. |
String | 2-40 characters |
| ShippingAddress/ PostalCode |
Varies based on country. Yes for US/Canada |
String of letters and/or numbers that specifies the delivery area more closely than the city alone (for example, U.S. ZIP code) |
String | Max 30 characters |
| PaymentAccountEntryMode | Yes |
Indicates how the account number was entered at the POS(point of sale)
Values: |
Enum | MANUAL, INTEGRATED_CIRCUIT_READ, CARD_SWIPED, CONTACTLESS |
| AuthenticationEntryMode | Yes |
Indicates the Pin capability of the POS(point of sale) Values: |
Enum | PIN, UNSPECIFIED |
| TransactionConditionCode | Yes |
Identifies the presence of the person and the card at the point of sale Values: |
Enum | CARDHOLDER_PRESENT_CARD_PRESENT, CARDHOLDER_PRESENT_STRIPE_UNREADABLE |
| TerminalCategoryCode | Yes |
Describes the type of terminal being used for the transaction Values: |
Enum | UNSPECIFIED, ELECTRONIC_PAYMENT_TERMINAL, UNATTENDED_CUSTOMER_TERMINAL, MOBILE |
| TerminalEntryCapability | Yes |
Indicates the entry mode capability of the terminal Values: |
Enum | MAGNETIC, MAGNETIC_KEY, MAGNETIC_KEY_CHIP, CONTACTLESS_RFID, CHIP, MAGNETIC_CHIP, MANUAL, CONTACTLESS |
| KeyedInExpirationDate | Yes | Expiration date of the credit card | String | yyyy-MM (year followed by month) |
| SchemaVersion | Yes |
Although marked as optional in the the schema, this element needs to be passed at all times with a value of 1.2 or greater in order to receive elements like 'ResponseCode' and 'TenderType' in the Response message. |
String |
pattern = "([0-9]+\.)*[0-9]+". |
The request is DigitalWallet (eg. ApplePay) Request that has not been previously decrypted
<?xml version="1.0" encoding="UTF-8"?>
<CreditCardAuthRequest xmlns="http://api.gsicommerce.com/schema/checkout/1.0"
requestId="1234567890ABCD">
<WalletPaymentInformation>
<ApplePayTransactionId>84a7e17570c940f6a268d9121a4c090f1d2e22bab4da0f2054c7ba53035dc79a
</ApplePayTransactionId>
<EphemeralPublicKey>MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAtpj8+ZI9S3gQ7QHCM/dLYTjdSgKdXlDDI/ezdwmHc4HosSY
FdYYE/v8t2CcFwJHmceet/GNE1VRO57W3VxeAg==</EphemeralPublicKey>
<PublicKeyHash>i3F+FlIbyhjfYqMqm3M/dpeWRO9tnD+U9BJng3tkkig=</PublicKeyHash>
<Version>EC_v1</Version>
<Data>GcUsL3ZgQVf9Raf7fBY+0AXsoO/5REeQWE6mROAJM4QvxJgOO6mxW1CuM1P7Ox9hQo1Qt1dg/VIS5fszNq7YhB0oQNgoEwAh7b
TXEUBtmx0lzvN5EWxah0ScMbv/v+7CuakmRG6c6hO4xQlayCNGV6diFK1Ng6zNphSW53b1Di6vhqJcDnGs2tvu6wHyGfqIH6AeUm
CNsiBvkHsaiiHbiWcL6BPpWuoW7y5bZK3mMxgygYgzZec/XnlV5lcJocpPDcL8ouuVU/oBMZn9ox/Ql3r9E8f3g7+uTdKZ+TEoyK
IH52VQUb1/YXU3SZ2Fr2J/oidUPz9+fTvGZkFPQvSX4G+jzYWlCQmrx6qZ0cfTY/ZcGmITSSbzKcgy35kTTNJdqmL8wqmOzfr202
R3sXeGBjS1BqAm5DNzbgWHGrOoc/I=</Data>
<Signature>MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCAMIID4jCCA4igAwIBAgIIJ
EPyqAad9XcwCgYIKoZIzj0EAwIwejEuMCwGA1UEAwwlQXBwbGUgQXBwbGljYXRpb24gSW50ZWdyYXRpb24gQ0EgLSBHMzEmMCQGA
1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE0M
DkyNTIyMDYxMVoXDTE5MDkyNDIyMDYxMVowXzElMCMGA1UEAwwcZWNjLXNtcC1icm9rZXItc2lnbl9VQzQtUFJPRDEUMBIGA1UEC
wwLaU9TIFN5c3RlbXMxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEw
hV37evWx7Ihj2jdcJChIY3HsL1vLCg9hGCV2Ur0pUEbg0IO2BHzQH6DMx8cVMP36zIg1rrV1O/0komJPnwPE6OCAhEwggINMEUGC
CsGAQUFBwEBBDkwNzA1BggrBgEFBQcwAYYpaHR0cDovL29jc3AuYXBwbGUuY29tL29jc3AwNC1hcHBsZWFpY2EzMDEwHQYDVR0OB
BYEFJRX22/VdIGGiYl2L35XhQfnm1gkMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUI/JJxE+T5O8n5sT2KGw/orv9LkswggEdB
gNVHSAEggEUMIIBEDCCAQwGCSqGSIb3Y2QFATCB/jCBwwYIKwYBBQUHAgIwgbYMgbNSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljY
XRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFyZCB0ZXJtcyBhb
mQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRlIHBvbGljeSBhbmQgY2VydGlmaWNhdGlvbiBwcmFjdGljZSBzdGF0ZW1lb
nRzLjA2BggrBgEFBQcCARYqaHR0cDovL3d3dy5hcHBsZS5jb20vY2VydGlmaWNhdGVhdXRob3JpdHkvMDQGA1UdHwQtMCswKaAno
CWGI2h0dHA6Ly9jcmwuYXBwbGUuY29tL2FwcGxlYWljYTMuY3JsMA4GA1UdDwEB/wQEAwIHgDAPBgkqhkiG92NkBh0EAgUAMAoGC
CqGSM49BAMCA0gAMEUCIHKKnw+Soyq5mXQr1V62c0BXKpaHodYu9TWXEPUWPpbpAiEAkTecfW6+W5l0r0ADfzTCPq2YtbS39w01X
IayqBNy8bEwggLuMIICdaADAgECAghJbS+/OpjalzAKBggqhkjOPQQDAjBnMRswGQYDVQQDDBJBcHBsZSBSb290IENBIC0gRzMxJ
jAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzAeF
w0xNDA1MDYyMzQ2MzBaFw0yOTA1MDYyMzQ2MzBaMHoxLjAsBgNVBAMMJUFwcGxlIEFwcGxpY2F0aW9uIEludGVncmF0aW9uIENBI
C0gRzMxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGE
wJVUzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPAXEYQZ12SF1RpeJYEHduiAou/ee65N4I38S5PhM1bVZls1riLQl3YNIk57u
gj9dhfOiMt2u2ZwvsjoKYT/VEWjgfcwgfQwRgYIKwYBBQUHAQEEOjA4MDYGCCsGAQUFBzABhipodHRwOi8vb2NzcC5hcHBsZS5jb
20vb2NzcDA0LWFwcGxlcm9vdGNhZzMwHQYDVR0OBBYEFCPyScRPk+TvJ+bE9ihsP6K7/S5LMA8GA1UdEwEB/wQFMAMBAf8wHwYDV
R0jBBgwFoAUu7DeoVgziJqkipnevr3rr9rLJKswNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5hcHBsZS5jb20vYXBwbGVyb
290Y2FnMy5jcmwwDgYDVR0PAQH/BAQDAgEGMBAGCiqGSIb3Y2QGAg4EAgUAMAoGCCqGSM49BAMCA2cAMGQCMDrPcoNRFpmxhvs1w
1bKYr/0F+3ZD3VNoo6+8ZyBXkK3ifiY95tZn5jVQQ2PnenC/gIwMi3VRCGwowV3bF3zODuQZ/0XfCwhbZZPxnJpghJvVPh6fRuZy
5sJiSFhBpkPCZIdAAAxggFeMIIBWgIBATCBhjB6MS4wLAYDVQQDDCVBcHBsZSBBcHBsaWNhdGlvbiBJbnRlZ3JhdGlvbiBDQSAtI
EczMSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCV
VMCCCRD8qgGnfV3MA0GCWCGSAFlAwQCAQUAoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTUxM
jEwMTc0NDEwWjAvBgkqhkiG9w0BCQQxIgQgUiRZSvu2i+zIK3pRHZsuhRIVtn71HWaUfewTPrqSm8MwCgYIKoZIzj0EAwIERjBEA
iBIumc6vmek/PlaZBYgiIsNNV99jmbRFnwnmhLMQ3REXQIgNpC4d79eJmnCLnkQS1g/WgL3g+7RXszwNXQvK+Quzx0AAAAAAAA=
</Signature>
</WalletPaymentInformation>
<OrderId>OrderId0</OrderId>
<BillingFirstName>John</BillingFirstName>
<BillingLastName>Smith</BillingLastName>
<BillingPhoneNo>6101234567</BillingPhoneNo>
<BillingAddress>
<Line1>123 Main St</Line1>
<Line2>Building 123</Line2>
<Line3>4th Floor</Line3>
<Line4>Apt 12</Line4>
<City>Philadelphia</City>
<MainDivision>PA</MainDivision>
<CountryCode>US</CountryCode>
<PostalCode>19019</PostalCode>
</BillingAddress>
<CustomerEmail>customer@sample.com</CustomerEmail>
<CustomerIPAddress>208.247.73.130</CustomerIPAddress>
<ShipToFirstName>John</ShipToFirstName>
<ShipToLastName>Smith</ShipToLastName>
<ShipToPhoneNo>6101234567</ShipToPhoneNo>
<ShippingAddress>
<Line1>123 Main St</Line1>
<Line2>Building 123</Line2>
<Line3>4th Floor</Line3>
<Line4>Apt 12</Line4>
<City>Philadelphia</City>
<MainDivision>PA</MainDivision>
<CountryCode>US</CountryCode>
<PostalCode>19019</PostalCode>
</ShippingAddress>
</CreditCardAuthRequest>| Element | Required | Description | Type | Restriction |
|---|---|---|---|---|
| WalletPaymentInformation | Yes | Digital Wallet Payment Information | ComplexType | |
| WalletPaymentInformation/ ApplePayTransactionId |
Yes | Transaction Identifier, generated on the device. | String | |
| WalletPaymentInformation/ EphemeralPublicKey |
Yes | Hash of the X.509 encoded public key bytes of the merchant's certificate. | String | |
| WalletPaymentInformation/ PublicKeyHash |
Yes | Compares the Signature to the Private/Public Key for validation. | String | |
| WalletPaymentInformation/ Version |
Yes | Signature of the Payment and header data. The signature includes the signing certificate, its intermediate CA certificate, and information about the signing algorithm. | String | |
| WalletPaymentInformation/ Data |
Yes | Encrypted Payment Data. | A payment data dictionary, Base64 encoded as a string. | |
| WalletPaymentInformation/ Signature |
Yes | Signature of the payment and header data. The signature includes the signing certificate, its intermediate CA certificate, and information about the signing algorithm. | Detached PKCS 37 signature, Base64 encoded as string. | |
| OrderId | Yes | Unique identifier of the order. The client must ensure uniqueness of OrderIds across all transactions that the client initiates with this service. | String | Max 20 characters |
| BillingFirstName | Yes | First name of the person on the billing address of the credit card | String | Max 64 characters |
| BillingLastName | Yes | Last name of the person on the billing address of the credit card | String | Max 64 characters |
| BillingPhoneNo | Yes | Phone number of the person on the billing address of the credit card | String | Max 15 characters |
| BillingAddress | Yes (for AVS verification) | Billing address of the credit card | ComplexType | |
| BillingAddress/ Line1 |
Yes | Line# components of the billing street address and, if necessary, suite and building identifiers for the physical address. Line1 is required. Other Line# components are optional. | String | Max 70 characters |
| BillingAddress/ Line2 |
No | String | Max 70 characters | |
| BillingAddress Line3 |
No | String | Max 70 characters | |
| BillingAddres Line4 |
No | String | Max70 characters | |
| BillingAddress/ City |
Yes | Name of the city | String | Max 40 characters |
| BillingAddress/ MainDivision |
Yes | Two- or three-digit postal abbreviation for the state or province. The ISO 3166-2 code is recommended, but not required. See http://en.wikipedia.org/wiki/ISO_3166-2. | String | Max 30 characters |
| BillingAddress/ CountryCode |
Yes | Two digit country code. The ISO 3166 alpha 2 code is recommended, but not required. See: http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2. | String | 2-40 characters |
| BillingAddress/ PostalCode |
Depends on country. Yes for US and Canada | String of letters and/or numbers that specifies the delivery area more closely than the city alone (for example, US ZIP code) | String | Max 30 characters |
| CustomerEmail | Yes | Email address of the customer who is making the purchase. Used for realtime fraud checking by our API and payment processors. | String | Max 70 characters |
| CustomerIPAddress | Yes | IP address of the customer who is making the purchase. Used for realtime fraud checking by our API and payment processors. | String | Max 70 characters |
| ShipToFirstName | Yes | First name of the person on the first/primary shipping address of the order. Used for realtime fraud checking by our API and payment processors. | String | 64 characters. |
| ShipToLastName | Yes | Last name of the person on the first/primary shipping address of the order. Used for realtime fraud checking by our API and payment processors. | String | Max 64 characters. |
| ShipToPhoneNo | Yes | Phone number of the person on the first/primary shipping address of the order. Used for realtime fraud checking by our API and payment processors. | String | Max 15 characters. |
| ShippingAddress | Yes | First/primary shipping address of the order. Used for realtime fraud checking by our API and payment processors. | ComplexType | |
| ShippingAddress/ Line1 |
Yes |
Line# components of the shipping street address and, if necessary, suite and building identifiers for the physical address. Line1 is required. Other Line# components are optional. |
String | Max 70 characters |
| ShippingAddress/ Line2 |
No | String | Max 70 characters | |
| ShippingAddress/ Line3 |
No | String | Max 70 characters | |
| ShippingAddress/ Line4 |
No | String | Max 70 characters | |
| ShippingAddress/ City |
Yes | Name of the city | String | Max 40 characters |
| ShippingAddress/ MainDivision |
Yes |
Two- or three-digit postal abbreviation for the state or province. The ISO 3166-2 code is recommended, but not required. See http://en.wikipedia.org/wiki/ISO_3166-2. |
String | Max 30 characters |
| ShippingAddress/ CountryCode |
Yes |
Two digit country code. The ISO 3166 alpha 2 code is recommended, but not required. See: http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2. |
String | 2-40 characters |
| ShippingAddress/ PostalCode |
Varies based on country. Yes for US/Canada |
String of letters and/or numbers that specifies the delivery area more closely than the city alone (for example, U.S. ZIP code) |
String | Max 30 characters |
The response is a CreditCardAuthReply message.
<?xml version="1.0" encoding="UTF-8"?>
<CreditCardAuthReply xmlns="http://api.gsicommerce.com/schema/checkout/1.0">
<PaymentContext>
<OrderId>12345</OrderId>
<!-- You will receive a token in the response, which is a scrambled version of the Credit Card number.
This token gets passed to the Order Service, not the original credit card number -->
<PaymentAccountUniqueId isToken="true">411111adgh2y1111</PaymentAccountUniqueId>
</PaymentContext>
<ResponseCode>APPROVED</ResponseCode>
<BankAuthorizationCode>ABC123</BankAuthorizationCode>
<CVV2ResponseCode>M</CVV2ResponseCode>
<AVSResponseCode>Y</AVSResponseCode>
<PhoneResponseCode></PhoneResponseCode> <!-- AmEX only -->
<NameResponseCode></NameResponseCode> <!-- AmEX only -->
<EmailResponseCode></EmailResponseCode> <!-- AmEX only -->
<AmountAuthorized currencyCode="USD">50.00</AmountAuthorized>
<TenderType>VC</TenderType>
</CreditCardAuthReply>| Element | Required | Description | Type | Restriction |
|---|---|---|---|---|
| PaymentContext | Yes |
Unique identifier of the payment transaction for the order |
ComplexType | |
| PaymentContext/ OrderId |
Yes | Unique identifier of the order. The client must ensure uniqueness of OrderIds across all transactions that the client initiates with this service. | String | Max 20 characters |
| PaymentContext/ PaymentAccountUniqueId |
Yes |
Token (scrambled version) of the PAN (payment account number such as a credit card number). When passing the PAN for the PaymentAuthCancelRequest and the PaymentSettlementRequest messages, always use the returned token, not the original PAN. |
String | Max 22 characters |
| PaymentContext/ PaymentAccountUniqueId/ @isToken |
Yes | Attribute that indicates whether the PAN is tokenized. In the CreditCardAuthReply message, this attribute is always set to true. | String | true |
| ResponseCode | Yes |
Response code of the credit card authorization. Includes approved, timeout, and several decline codes. Only orders with an approved or timeout response code are submitted to the Order Service. See Authorization Response Codes for a list of codes. |
String | Max 1000 characters.
SchemaVersion in the Request Message has to be equal to or greater than 1.1 in order to receive this element |
| BankAuthorizationCode | Yes |
Authorization code returned by the payment processor upon a successful credit card authorization. Any order taken by the Order Service and paid by credit card MUST have this authorization code. |
String | Max 1000 characters |
| CVV2ResponseCode | Yes |
Payment processor response code for the CVV2 (card verification value) check. For most credit cards, you get an approval on the ResponseCode even if the CVV2ResponseCode returns a CVV2 failure. You CANNOT accept an order if the CVV2ResponseCode returns a CVV2 failure code. See CVV2 Response Codes for a list of codes. |
String | Max 3 characters |
| AVSResponseCode | Yes |
Payment processor response for the Address Verification System (AVS) check. For most credit cards, you get an approval on the ResponseCode even if the AVSResponseCode returns an AVS failure code. It is typically considered a significant fraud risk to accept an order if the AVSResponseCode returns an AVS failure code. See AVS Response Codes for a list of codes. |
String | Max 3 characters |
| PhoneResponseCode | No (Amex only) |
Response code for customer phone number verification. Only applies to Amex authorizations. To support downstream fraud processing, this data should be included in the OrderCreateRequest for orders paid with Amex. |
String | Max 3 characters |
| NameResponseCode | No (Amex only) |
Response code for customer name verification. Only applies to Amex authorizations. To support downstream fraud processing, this data should be included in the OrderCreateRequest for orders paid with Amex. |
String | Max 3 characters |
| EmailResponseCode | No (Amex only) |
Response code for customer email verification. Only applies to Amex authorizations. To support downstream fraud processing, this data should be included in the OrderCreateRequest for orders paid with Amex. |
String | Max 3 characters |
| AmountAuthorized | Yes | Currency amount authorized on the credit card | String |
Positive decimal, up to two decimal places(for example, 4.75) |
| AmountAuthorized/ @currencyCode |
Yes | Type of currency used for the order | String | 3-character ISO 4217 code (for example, USD, CAD, EUR). See http://en.wikipedia.org/wiki/ISO_4217. |
| TenderType | No (Always present for Digital Wallet transactions) | This element identifies the tender type used for the transaction
*Note that this value might be corrected based on Bin Range identification |
String | 2-4 Characters
SchemaVersion in the Request Message has to be equal to or greater than 1.2 in order to receive this element for Card Not Present and Card Present transactions |
Copyright © 2017 Radial. All rights reserved.