Update Merchant Payment Details

Operation to create or update a merchant's payment details.

PUT https://mepspay.gateway.mastercard.com/api/rest/version/78 / mso / {msoId} / merchant / {merchantId}

Authentication

This operation requires authentication via one of the following methods:


  • Certificate authentication.
  • Basic HTTP authentication as described at w3.org. Provide 'MSO.<your gateway MSO ID>' in the userid portion and your API password in the password portion.

Request

URL Parameters

{msoId} Alphanumeric + additional characters REQUIRED

The identifier that uniquely identifies you or an MSO that has authorized you to use this operation on their behalf.


Data may consist of the characters 0-9, a-z, A-Z, '-', '_', ' ', '&', '+', '!', '$', '%', '.'

Min length: 1 Max length: 16
{merchantId} Alphanumeric + additional characters REQUIRED

The unique identifier issued to you by your payment provider.


This identifier can be up to 12 characters in length.


Data may consist of the characters 0-9, a-z, A-Z, '-', '_'

Min length: 1 Max length: 36

Fields

apiOperation String = UPDATE_MERCHANT_PAYMENT_DETAILS FIXED

Any sequence of zero or more unicode characters.

correlationId String OPTIONAL

A transient identifier for the request, that can be used to match the response to the request.

The value provided is not validated, does not persist in the gateway, and is returned as provided in the response to the request.

Data can consist of any characters

Min length: 1 Max length: 100
merchant REQUIRED

The merchant's payment details.

merchant.accountFunding OPTIONAL

Use this parameter group to configure what types of account funding transactions the merchant is allowed to submit for processing.

Account funding transactions are transactions that pull money from an account (the sender's account) for the purpose of crediting another account (the recipient's account). The fields in this parameter group must be provided if you have enabled the merchant for account funding transactions, i.e. the request contains merchant.service[n]=ENABLE_ACCOUNT_FUNDING.

merchant.accountFunding.purposes[n] Enumeration REQUIRED

Defines for which purpose the merchant will be allowed to submit account funding transactions.

Value must be a member of the following list. The values are case sensitive.

CRYPTOCURRENCY_PURCHASE

Allows account funding transactions where the funds will be used to purchase cryptocurrency.

MERCHANT_SETTLEMENT

Allows account funding transactions where the funds will be used to settle the proceeds of processing card transactions.

OTHER

Allows account funding transactions where the funds will be used for any other purpose, e.g. transferring funds from a person to a person or transferring funds into a staged wallet.

PAYROLL

Allows account funding transactions where the funds will be used to pay salaries.

merchant.accountFunding.recipientAccountFundingMethods[n] Enumeration REQUIRED

Defines for which recipient account funding methods the merchant will be allowed to submit account funding transactions.

Value must be a member of the following list. The values are case sensitive.

CHARGE

Allows account funding transactions where the card associated with the recipient's bank account is a Charge card.

CREDIT

Allows account funding transactions where the card associated with the recipient's bank account is a Credit card.

DEBIT

Allows account funding transactions where the card associated with the recipient's bank account is a Debit card.

UNKNOWN

Allows account funding transactions where the card associated with the recipient's bank account is any other than Credit, Debit or Charge card.

merchant.accountFunding.recipientAccountTypes[n] Enumeration REQUIRED

Defines for which recipient account types the merchant will be allowed to submit account funding transactions.

Value must be a member of the following list. The values are case sensitive.

OTHER

Allows account funding transactions where the recipient account is neither an account associated with a card nor a staged wallet.

STAGED_WALLET

Allows account funding transactions where the recipient account is a staged wallet.

STORED_VALUE_WALLET

Allows account funding transactions where the recipient account is a stored value wallet.

merchant.accountFunding.senderRecipientRelationshipTypes[n] Enumeration REQUIRED

Defines if the merchant will be allowed to submit account funding transactions where the sender and recipient are different, the same or both.

Value must be a member of the following list. The values are case sensitive.

SENDER_DIFFERS_FROM_RECIPIENT

Allows account funding transactions where the sender is different to the recipient.

SENDER_MATCHES_RECIPIENT

Allows account funding transactions where the sender and recipient are the same.

merchant.accountFunding.senderTypes[n] Enumeration REQUIRED

Defines if the merchant will be allowed to submit account funding transactions where the sender account is owned by an entity of this type.

The sender account refers to the account from which money is being pulled.

Value must be a member of the following list. The values are case sensitive.

COMMERCIAL_ORGANIZATION

Allows account funding transactions where the sender is a commercial organization.

GOVERNMENT

Allows account funding transactions where the sender is a government.

NON_PROFIT_ORGANIZATION

Allows account funding transactions where the sender is a non profit organization.

PERSON

Allows account funding transactions where the sender is a person.

merchant.accountUpdater OPTIONAL

Use this parameter group to enable and configure a merchant for the Account Updater functionality for American Express cards using American Express Cardrefresher.

Account Updater functionality ensures that, when the merchant submits stored card details on a transaction request, the gateway automatically checks with the specific scheme's Account Updater service that the details are up-to-date before using them for transaction processing. To be able to use the Account Updater functionality the merchant must be enabled for gateway tokenization and the token repository assigned to the merchant must be enabled for Token Management = 'Unique Account Identifier' and Token ID = ' Random With Luhn' or 'Merchant Supplied'.

merchant.accountUpdater.amexMerchantId Digits OPTIONAL

The 10-digit Merchant ID assigned to the merchant by American Express when the merchant was onboarded for Cardrefresher.

This matches the American Express Service Establishment Number (SE Number). If the field is provided, Account Updater functionality for American Express cards will be enabled for this merchant.

Data is a string that consists of the characters 0-9.

Min length: 10 Max length: 10
merchant.apiAuthenticationMode Enumeration OPTIONAL

The authentication mode used by the merchant to authenticate to the payment gateway

Value must be a member of the following list. The values are case sensitive.

usePasswordAuthentication

Allows the merchant to use passwords to authenticate to the payment gateway.

useSSLCertificateAuthentication

Allows the merchant to use SSL certificates to authenticate to the payment gateway.

rollYourAuthenticationMode

Allows the merchant to change authentication modes (password to SSL certificate or vice versa) by using an intermediate setting that supports both old and new authentication modes. Once your integration is ready to go live with the new authentication mode, the authentication mode on this page must be set to the new one.

merchant.authentication OPTIONAL

Use this parameter group to enable and configure a merchant for payer authentication using 3-D Secure authentication version 1 (3DS1) and 3-D Secure authentication version 2 (3DS2).

merchant.authentication.3ds2 OPTIONAL

Details about the merchant's configuration for payer authentication using 3-D Secure authentication version 2 (3DS2).

merchant.authentication.3ds2.fastrByCb OPTIONAL

Details about the FAST'R by CB configuration for the merchant.

FAST'R by CB allows the merchant to perform payer authentication for Carte Bancaire cards.

merchant.authentication.3ds2.fastrByCb.requestorId Alphanumeric OPTIONAL

A unique identifier for the merchant used when authenticating a payer making a payment using a Carte Bancaire card.

Provide the SIRET number issued to the merchant by INSEE.

Data may consist of the characters 0-9, a-z, A-Z

Min length: 1 Max length: 35
merchant.captureExpirationDays Integer OPTIONAL

Number of days after authorization in which a capture is valid

JSON number data type, restricted to being positive or zero. In addition, the represented number may have no fractional part.

Min value: 1 Max value: 999
merchant.cardMaskingFormat Enumeration REQUIRED

The card number masking format applied by the gateway when the merchant supplied the card number.

This format will be used for transactions originating from Web Services API and Merchant Administration.

Formats for masking card numbers.

Value must be a member of the following list. The values are case sensitive.

DISPLAY_0_4

Display last 4 digits of Card Number.

DISPLAY_6_3

Display first 6 and last 3 digits of Card Number.

DISPLAY_6_4

Display first 6 and last 4 digits of Card Number.

DISPLAY_FULL

Display Full Card Number.

DISPLAY_NONE

Display No Card Number.

merchant.certificateSetId String OPTIONAL

The Certificate Set ID is a unique identifier that you have assigned to uniquely identify a merchant's test and production SSL certificates.

Provide this field if the merchant will use SSL certificates to authenticate to the gateway when using the API. If not provided, the merchant will be enabled for Password Authentication.
If your customer has multiple gateway merchant profiles, then they can share the same Certificate Set. In this case, provide the same Certificate Set ID for each of their gateway merchant profiles.
You can create Certificate Sets for your merchants from the Merchant Manager UI.

Data can consist of any characters

Min length: 0 Max length: 50
merchant.currencyConversion OPTIONAL

Configuration details to enable the Dynamic Currency Conversion (DCC) service.

DCC enables merchants to accept payments from payers in their currency, which can differ from the merchant's currency for the order.

merchant.currencyConversion.baseCurrency Upper case alphabetic text OPTIONAL

The base currency registered for the merchant ID at the DCC provider.

The value must be expressed as an ISO 4217 alpha code.

Data must consist of the characters A-Z

Min length: 3 Max length: 3
merchant.currencyConversion.dccProviderAcquirerId Alpha OPTIONAL

The identifier for the acquirer the merchant has registered with the DCC provider.

Data may consist of the characters a-z, A-Z

Min length: 3 Max length: 3
merchant.currencyConversion.dccProviderId Enumeration REQUIRED

DCC rate quote providers.

Value must be a member of the following list. The values are case sensitive.

FEXCO

FEXCO DCC provider.

FTT

FTT Global DCC provider.

GLOBAL_PAYMENTS

GLOBAL_PAYMENTS DCC provider.

IBM

IBM DCC provider.

TRAVELEX_CURRENCY_SELECT

Travelex DCC provider.

UNICREDIT

UNICREDIT DCC provider.

merchant.currencyConversion.dccProviderMerchantId Alphanumeric OPTIONAL

The unique identifier for the merchant account at the DCC provider.

Data may consist of the characters 0-9, a-z, A-Z

Min length: 1 Max length: 16
merchant.currencyConversion.dccRefundRate Enumeration REQUIRED

The currency conversion rate that will apply to a refund transaction executed against an exiting order.

The currency conversion rate that will apply to a refund transaction executed against an existing order.

Value must be a member of the following list. The values are case sensitive.

CURRENT

A new rate quote is being requested to provide the actual rate at the refund transaction date.

HISTORICAL

The rate used when the order was created.

merchant.currencyConversion.disclosureRegion.visa Enumeration REQUIRED

Specifies the Visa disclosure region for the merchant.

This determines the Dynamic Currency Conversion offer and receipt texts presented to the payer.

Value must be a member of the following list. The values are case sensitive.

EUROPE

The Visa disclosure rules for Europe

INTERNATIONAL

The Visa disclosure rules for the International region

merchant.debtRepayment OPTIONAL

Use this parameter group to enable and configure a merchant for debt repayments.

merchant.debtRepayment.fundingMethods Enumeration OPTIONAL

To enable the merchant for debt repayments you must provide at least one funding method for which debt repayments are allowed.

When submitting a debt repayment the merchant must indicate on the transaction request that it is for a debt repayment and may have to provide additional information about the payment recipient. Where the gateway is unable to detect the funding method (UNKNOWN) for a transactions request, the gateway will always reject the transaction if it is a debt repayment.

Value must be a member of the following list. The values are case sensitive.

CREDIT

Debt transactions can be processed using Credit Card.

DEBIT

Debt transactions can be processed using Debit Card.

CHARGE

Debt transactions can be processed using Charge Card.

merchant.defaultOrderCertainty Enumeration OPTIONAL

Sets the default value used for order certainty when the merchant does not provide a value on the API request.If you do not specify this value it will be set to FINAL.

Value must be a member of the following list. The values are case sensitive.

ESTIMATED

Merchant's orders will be assumed to have an order certainty of ESTIMATED where none is specified in WS-API requests.

FINAL

Merchant's orders will be assumed to have an order certainty of FINAL where none is specified in WS-API requests.

merchant.disputeContactPhone String OPTIONAL

Only provide this field if you have received a notification from the scheme that the merchant has a high number of disputes.

In this case, provide a phone number that payers can use to contact the merchant in case of a dispute. Where applicable, the issuer may display this phone number on the cardholder statement.

The phone number must be provided in ITU-T E123 format.

Data can consist of any characters

Min length: 0 Max length: 15
merchant.excessiveCaptureLimit Integer OPTIONAL

Defines the excess amount permitted to be captured on the original authorized amount, as a percentage.

JSON number data type, restricted to being positive or zero. In addition, the represented number may have no fractional part.

Min value: 0 Max value: 2147483647
merchant.masterPassOnline OPTIONAL

Details regarding the merchant's MasterPass Online configuration.

merchant.masterPassOnline.checkoutIdentifier Alphanumeric REQUIRED

A unique identifier for the merchant in the MasterPass Online system, issued by MasterPass Online when boarding the merchant.

Data may consist of the characters 0-9, a-z, A-Z

Min length: 1 Max length: 255
merchant.masterPassOnline.collectShippingAddressAtMasterPassOnline Boolean OPTIONAL

If enabled, the payer's shipping address is collected at MasterPass Online and returned to the merchant in the transaction response

JSON boolean values 'true' or 'false'.

merchant.masterPassOnline.consumerKey String OPTIONAL

The consumer key value as issued by Masterpass for the merchant's production profile.

Data can consist of any characters

Min length: 97 Max length: 97
merchant.masterPassOnline.sandboxConsumerKey String OPTIONAL

The consumer key value as issued by Masterpass for the merchant's sandbox profile.

Data can consist of any characters

Min length: 97 Max length: 97
merchant.masterPassOnline.shippingLocationId Alphanumeric OPTIONAL

The shipping location defines which countries the merchant ships to and restricts the customer's shipping address selection in MasterPass Online accordingly.

If provided, this shipping location applies for all MasterPass Online transactions. If not provided, MasterPass Online uses the preferred shipping profile configured against the merchant's MasterPass Online profile.

Data may consist of the characters 0-9, a-z, A-Z

Min length: 1 Max length: 8
merchant.merchantManagedRiskAssessment OPTIONAL

Details regarding the merchant's risk configuration.

merchant.merchantManagedRiskAssessment.assessmentInitiation Enumeration OPTIONAL

Allows you to define when the gateway should send the merchant's transactions to the risk service provider for risk assessment.

Value must be a member of the following list. The values are case sensitive.

AFTER_TRANSACTION_PROCESSING

Transactions will be submitted to the risk service provider after they have been submitted to the acquirer for processing. AVS, CSC and other available acquirer response data will be included in the request.

BEFORE_AND_AFTER_TRANSACTION_PROCESSING

Transactions will be submitted to the risk service provider both before and after they have been submitted to the acquirer for processing. AVS, CSC and other acquirer response data will only be available to be included in the second request.

BEFORE_TRANSACTION_PROCESSING

Transactions will be submitted to the risk service provider before they have been submitted to the acquirer for processing. No acquirer response data will be available to be included in the request. Please note that selecting "Before transaction processing" and "May Use Verification Only for AVS/CSC Risk Assessment" is not a valid configuration option.

merchant.merchantManagedRiskAssessment.enableRiskAssessment Enumeration OPTIONAL

The risk assessment status for the risk service provider.

Value must be a member of the following list. The values are case sensitive.

TEST_AND_PRODUCTION

Both, transactions submitted using a Production merchant profile and transaction submitted using a TEST merchant profile will be risk assessed by the risk service provider.

TEST_ONLY

Only transaction submitted using a TEST merchant profile will be assessed by the risk service provider.

merchant.merchantManagedRiskAssessment.gatekeeper OPTIONAL

Configuration details for the GateKeeper risk service provider profile

merchant.merchantManagedRiskAssessment.gatekeeper.productionCredentials OPTIONAL

Credentials for the merchant's production profile used to access the GateKeeper scoring module.

merchant.merchantManagedRiskAssessment.gatekeeper.productionCredentials.merchantId String OPTIONAL

The GateKeeper merchant ID used to identify the GateKeeper profile linked to this merchant profile.

Data can consist of any characters

Min length: 1 Max length: 36
merchant.merchantManagedRiskAssessment.gatekeeper.sendGatewayMerchantId Enumeration OPTIONAL

Indicates if the gateway should submit the merchant ID for the merchant's gateway profile to Gatekeeper when submitting transactions for risk assessment.

If selected, this will apply to all gateway merchant profiles configured to use this Gatekeeper profile.

Value must be a member of the following list. The values are case sensitive.

DO_NOT_SEND

Do not send the merchant ID for the merchant's gateway profile to Gatekeeper when submitting transactions for risk assessment.

SEND

Send the merchant ID for the merchant's gateway profile to Gatekeeper when submitting transactions for risk assessment.

merchant.merchantManagedRiskAssessment.gatekeeper.serviceLevel Enumeration OPTIONAL

The service level offering that the Merchant has signed up to with GateKeeper.

Value must be a member of the following list. The values are case sensitive.

GOLD

The Gold service level.

merchant.merchantManagedRiskAssessment.gatekeeper.testCredentials OPTIONAL

Credentials for the merchant's test profile used to access the GateKeeper scoring module.

merchant.merchantManagedRiskAssessment.gatekeeper.testCredentials.merchantId String OPTIONAL

The GateKeeper merchant ID used to identify the GateKeeper profile linked to this merchant profile.

Data can consist of any characters

Min length: 1 Max length: 36
merchant.merchantManagedRiskAssessment.interceptas OPTIONAL

Configuration details for the Interceptas risk service provider profile

merchant.merchantManagedRiskAssessment.interceptas.billingContact OPTIONAL
merchant.merchantManagedRiskAssessment.interceptas.billingContact.email Email OPTIONAL

The Interceptas tenant's billing contact email.

Ensures that the email address is longer than 3 characters and adheres to a generous subset of valid RFC 2822 email addresses

merchant.merchantManagedRiskAssessment.interceptas.billingContact.name String REQUIRED

The Interceptas tenant's billing contact name.

Data can consist of any characters

Min length: 1 Max length: 100
merchant.merchantManagedRiskAssessment.interceptas.billingContact.phone String OPTIONAL

The Interceptas tenant's billing contact phone.

Data can consist of any characters

Min length: 1 Max length: 20
merchant.merchantManagedRiskAssessment.interceptas.businessContact OPTIONAL
merchant.merchantManagedRiskAssessment.interceptas.businessContact.email Email OPTIONAL

The Interceptas tenant's business contact email.

Ensures that the email address is longer than 3 characters and adheres to a generous subset of valid RFC 2822 email addresses

merchant.merchantManagedRiskAssessment.interceptas.businessContact.name String OPTIONAL

The Interceptas tenant's business contact name.

Data can consist of any characters

Min length: 1 Max length: 100
merchant.merchantManagedRiskAssessment.interceptas.businessContact.phone String OPTIONAL

The Interceptas tenant's business contact phone.

Data can consist of any characters

Min length: 1 Max length: 20
merchant.merchantManagedRiskAssessment.interceptas.businessType Enumeration OPTIONAL

This identifies the type of business that your Merchant is in and influences the risk assessment that will be performed by Interceptas.

Value must be a member of the following list. The values are case sensitive.

AIRLINE_TRAVEL_AGENT

Airline/Travel Agent.

RETAILER_OF_DIGITAL_GOODS

Retailer of digital goods.

RETAILER_OF_PHYSICAL_GOODS

Retailer of physical goods.

merchant.merchantManagedRiskAssessment.interceptas.currency Upper case alphabetic text OPTIONAL

Currency is used by Interceptas to define the risk rules (e.g. average order size).

Any transactions submitted to Interceptas using a different currency will be converted to the corresponding value in the base currency before being risk assessed. The value must be expressed as an ISO 4217 alpha code.

Data must consist of the characters A-Z

Min length: 3 Max length: 3
merchant.merchantManagedRiskAssessment.interceptas.locale String OPTIONAL

The default language which will be used when users sign into Interceptas.

The value must be provided in the format '<Language>_<Country>', e.g. 'en_US'. <Language> must be a two-letter language code according to ISO 639-1. <Country> must be a two-letter country code according to ISO 3166-1 alpha-2.

Data can consist of any characters

Min length: 2 Max length: 5
merchant.merchantManagedRiskAssessment.interceptas.productionCredentials OPTIONAL

Credentials for the merchant's production profile used to access the Interceptas scoring module.

merchant.merchantManagedRiskAssessment.interceptas.productionCredentials.password String OPTIONAL

The password used to authenticate this merchant profile on the Interceptas scoring module.

Data can consist of any characters

Min length: 1 Max length: 32
merchant.merchantManagedRiskAssessment.interceptas.productionCredentials.scoringUrl Url OPTIONAL

The Interceptas URL to which the payment gateway sends the risk scoring request.

Ensure that this is a valid URL according to RFC 1738.

merchant.merchantManagedRiskAssessment.interceptas.productionCredentials.tenantId String OPTIONAL

The tenant ID used to identify the Interceptas tenant linked to this merchant profile.

Data can consist of any characters

Min length: 1 Max length: 36
merchant.merchantManagedRiskAssessment.interceptas.productionCredentials.userName String OPTIONAL

The user name used to identify this merchant profile on the Interceptas scoring module.

Data can consist of any characters

Min length: 1 Max length: 256
merchant.merchantManagedRiskAssessment.interceptas.serviceLevel Enumeration OPTIONAL

The service level offering that the Merchant has signed up to with Accertify.

Value must be a member of the following list. The values are case sensitive.

BRONZE

The Bronze service level.

GOLD

The Gold service level.

SILVER

The Silver service level.

merchant.merchantManagedRiskAssessment.interceptas.technicalContact OPTIONAL
merchant.merchantManagedRiskAssessment.interceptas.technicalContact.email Email OPTIONAL

The Interceptas tenant's technical contact email.

Ensures that the email address is longer than 3 characters and adheres to a generous subset of valid RFC 2822 email addresses

merchant.merchantManagedRiskAssessment.interceptas.technicalContact.name String REQUIRED

The Interceptas tenant's technical contact name.

Data can consist of any characters

Min length: 1 Max length: 100
merchant.merchantManagedRiskAssessment.interceptas.technicalContact.phone String OPTIONAL

The Interceptas tenant's technical contact phone.

Data can consist of any characters

Min length: 1 Max length: 20
merchant.merchantManagedRiskAssessment.interceptas.testCredentials OPTIONAL

Credentials for the merchant's test profile used to access the Interceptas scoring module.

merchant.merchantManagedRiskAssessment.interceptas.testCredentials.password String OPTIONAL

The password used to authenticate this merchant profile on the Interceptas scoring module.

Data can consist of any characters

Min length: 1 Max length: 32
merchant.merchantManagedRiskAssessment.interceptas.testCredentials.scoringUrl Url OPTIONAL

The Interceptas URL to which the payment gateway sends the risk scoring request.

Ensure that this is a valid URL according to RFC 1738.

merchant.merchantManagedRiskAssessment.interceptas.testCredentials.tenantId String OPTIONAL

The tenant ID used to identify the Interceptas tenant linked to this merchant profile.

Data can consist of any characters

Min length: 1 Max length: 36
merchant.merchantManagedRiskAssessment.interceptas.testCredentials.userName String OPTIONAL

The user name used to identify this merchant profile on the Interceptas scoring module.

Data can consist of any characters

Min length: 1 Max length: 256
merchant.merchantManagedRiskAssessment.interceptas.timeZone String OPTIONAL

The default timezone which will be used when users sign into Interceptas.

The value must be provided in the form '<Continent>/<City>', e.g. 'America/New_York'. For a complete list of timezones please refer to http://twiki.org/cgi-bin/xtra/tzdatepick.html.

Data can consist of any characters

Min length: 1 Max length: 40
merchant.merchantManagedRiskAssessment.privilege[n] Enumeration OPTIONAL

Risk management privileges assigned to the merchant.

Value must be a member of the following list. The values are case sensitive.

RISK_VERIFY_ONLY

Allows the gateway to submit a Verification Only transaction to the acquirer to obtain the AVS and CSC results for use in risk assessment. This avoids having to perform the financial transaction before risk assessment and the need to release the hold on cardholder funds in the event the transaction is rejected due to risk assessment.

SYSTEM_REFUND

Allows the gateway to refund against an order if risk assessment rejects the order after the financial transaction has successfully been performed. This privilege is required only, if the Refunds privilege is not enabled.

merchant.merchantManagedRiskAssessment.profile OPTIONAL

Configuration details for the risk service provider profile to be assigned to the merchant for the risk service provider defined in field merchant.merchantManagedRiskAssessment.providerId.

You can only assign an existing risk service provider profile or create a new risk service provider profile. Use Merchant Manager update existing risk service provider profiles.

merchant.merchantManagedRiskAssessment.profile.clientID String OPTIONAL

Unique identifier for the merchant issued and provided by the risk service provider.

Data can consist of any characters

Min length: 1 Max length: 100
merchant.merchantManagedRiskAssessment.profile.defaultActionWhenUnableToPerformRiskAssessment Enumeration OPTIONAL

Indicates the action to be taken when the gateway did not receive the risk assessment response from the Risk Service Provider for example, due to connectivity issues.

Value must be a member of the following list. The values are case sensitive.

ACCEPT_NOT_CHECKED

The gateway allows the transaction to progress without the risk assessment being performed. The risk recommendation for the transaction will be set to "Not Checked".

REVIEW

The gateway will require the transaction to be reviewed by the merchant before allowing it to progress. The risk recommendation for the transaction will be set to "Review Required".

merchant.merchantManagedRiskAssessment.profile.id String OPTIONAL

Provide the unique identifier for the risk service provider profile (for the Risk Service Provider identified in field merchant.merchantManagedRiskAssessment.providerId) that you want to assign to the merchant.You can only assign an existing risk service provider profile or create a new risk service provider profile.

When creating a new risk service provider profile you must provide the configuration details for this profile. Use Merchant Manager update existing risk service provider profiles.

Data can consist of any characters

Min length: 1 Max length: 150
merchant.merchantManagedRiskAssessment.profile.supportRiskScoringFor Enumeration OPTIONAL

Allows you to define if the risk profile can be shared across multiple gateway merchant profiles.Where a merchant has multiple merchant profiles in the gateway, using the same risk profile minimizes risk management overhead. However, if the merchant profiles have significantly different business models such as different typical order values or customer purchase patterns, you may want to set up different risk profiles for the merchant profiles.

Value must be a member of the following list. The values are case sensitive.

MULTIPLE_MERCHANT_PROFILES

The risk profile can be assigned to multiple gateway merchant profiles.

SINGLE_MERCHANT_PROFILE

The risk profile can only be assigned to a single gateway merchant profile.

merchant.merchantManagedRiskAssessment.providerId String OPTIONAL

The unique identifier issued by the gateway for the risk service provider for which you want to create or assign a profile for the merchant.Please contact your Payment Services Provider for a list of supported risk service providers.

Data can consist of any characters

Min length: 1 Max length: 150
merchant.merchantMonitoring OPTIONAL

Details for the Merchant Monitoring functionality.

The Merchant Monitoring functionality ensures that your merchants' transactions are submitted to the Risk Service Provider for risk merchant monitoring.

Only provide the fields in this parameter group if you want to override the standard configuration for the Merchant Monitoring functionality that you have configured in Merchant Manager on the Merchant Monitoring page.

To apply the standard configuration to the merchant, do not include this parameter group.

merchant.merchantMonitoring.configuration Enumeration OPTIONAL

Indicates whether the standard configuration for the Merchant Monitoring functionality you have configured in Merchant Manager on the 'Risk - Merchant Monitoring' page applies to the merchant or if you want to override it.

Value must be a member of the following list. The values are case sensitive.

OVERRIDE

The standard configuration does not apply to the merchant. The configuration defined in the merchant.merchantMonitoring.override parameter group applies.

STANDARD

The standard configuration applies to the merchant.

merchant.merchantMonitoring.override OPTIONAL

Use this parameter group to provide the configuration for the Merchant Monitoring functionality for this merchant.Only provide this parameter group if you do not want the standard configuration to apply, i.e. have provided merchant.merchantMonitoring.configuration=OVERRIDE in the request.

merchant.merchantMonitoring.override.status Enumeration OPTIONAL

Indicates whether the Merchant Monitoring functionality is enabled or disabled for the merchant.

Value must be a member of the following list. The values are case sensitive.

DISABLED

The Merchant Monitoring functionality is disabled for the merchant.

ENABLED

The Merchant Monitoring functionality is enabled for the merchant.

merchant.orderEntryConfiguration OPTIONAL
merchant.orderEntryConfiguration.taxAndProductDetailsSection String OPTIONAL

The configuration that will be applied to this merchant for the 'Tax and Product Details' section on the Order Entry page in Merchant Administration.

Data can consist of any characters

Min length: 1 Max length: 50
merchant.partnerManagedRiskAssessment OPTIONAL

Details for the Partner-managed Risk Assessment functionality.

The Partner-managed Risk Assessment functionality ensures that the merchant's transactions are submitted to the Risk Service Provider for risk assessment and blocked if they are identified as fraudulent.

Only provide the fields in this parameter group if you want to override the standard configuration for the Partner-managed Risk Assessment functionality that you have configured in Merchant Manager on the Partner-managed Risk Assessment' page.

To apply the standard configuration to the merchant, do not include this parameter group.

merchant.partnerManagedRiskAssessment.transactionRiskAssessment OPTIONAL

Details for the transaction risk assessment functionality.

The transaction risk assessment functionality ensures that the merchant's transactions are submitted to the Risk Service Provider for risk assessment and blocked if they are identified as fraudulent.

merchant.partnerManagedRiskAssessment.transactionRiskAssessment.configuration Enumeration OPTIONAL

Indicates whether the standard configuration for the transaction risk assessment functionality you have configured in Merchant Manager on the Partner-managed Risk Assessment' page applies to the merchant or if you want to override it.

The default value is STANDARD.

Value must be a member of the following list. The values are case sensitive.

OVERRIDE

The standard configuration does not apply to the merchant. The configuration defined in the merchant.partnerManagedRiskAssessment.transactionRiskAssessment.override parameter group applies.

STANDARD

The standard configuration applies to the merchant. This is the default value.

merchant.partnerManagedRiskAssessment.transactionRiskAssessment.override OPTIONAL

Use this parameter group to provide the configuration for the transaction risk assessment functionality for this merchant.

Only provide this parameter group if you do not want the standard configuration to apply, i.e. have provided merchant.partnerManagedRiskAssessment.transactionRiskAssessment.configuration=OVERRIDE in the request.

merchant.partnerManagedRiskAssessment.transactionRiskAssessment.override.assessmentInitiation Enumeration OPTIONAL

Determines when the gateway should submit the transaction to the Risk Service Provider for risk assessment.

Value must be a member of the following list. The values are case sensitive.

AFTER_TRANSACTION_PROCESSING

Transactions will be submitted to the Risk Service Provider for risk assessment after they have been submitted to the acquirer for processing. You may want to also enable the merchant for using Verification Only (merchant.merchantManagedRiskAssessment.privilege[n]=RISK_VERIFY_ONLY).

BEFORE_AND_AFTER_TRANSACTION_PROCESSING

Transactions will be submitted to the Risk Service Provider for risk assessment both before and after they have been submitted to the acquirer for processing.

BEFORE_TRANSACTION_PROCESSING

Transactions will be submitted to the Risk Service Provider for risk assessment before they are submitted to the acquirer for processing.

merchant.partnerManagedRiskAssessment.transactionRiskAssessment.override.status Enumeration OPTIONAL

Indicates whether the transaction risk assessment functionality is enabled or disabled for the merchant.

Value must be a member of the following list. The values are case sensitive.

DISABLED

The transaction risk assessment functionality is disabled for the merchant.

ENABLED

The transaction risk assessment functionality is enabled for the merchant.

merchant.privilege[n] Enumeration OPTIONAL

Defines which privileges are enabled for the merchant.

Privileges listed in the request are enabled for the merchant.

Value must be a member of the following list. The values are case sensitive.

ALLOW_ACQUIRER_TRACE_ID

Enables the merchant to provide Trace ID in the API request. Trace id is the unique identifier that allows issuer to link related transactions.

ALLOW_LEVEL_2_ORDER_CREATION

Enables the merchant to create level 2 orders, i.e. provide level 2 specific data when creating an order.

AMEX_SAFEKEY_2

May perform 3DS 2.0 American Express SafeKey authentications.

AUTHORIZATIONS

Enables the merchant to perform authorizations.

AUTO_AUTH_REVERSAL_ON_EXPIRY

The gateway will automatically reverse any outstanding Authorization amounts where an Authorization has expired.

AUTO_AUTH_REVERSAL_ON_PARTIAL_CAPTURE

Where the merchant indicates on a Partial Capture transaction that it is the last Capture they are intending to submit against the Authorization, the gateway will automatically reverse the outstanding Authorization amount.

AVS

Allows the merchant to use the Address Verification Service (AVS) to authenticate cardholders during a transaction.

AVS_TRANSACTION_FILTERING_RULES_OVERRIDE

Enables the merchant to submit a transaction request with Transaction Filtering rules for AVS response codes that override the ones configured for all of their transactions.

BULK_CAPTURES

Enables the merchant to perform multiple captures using a single action in Merchant Administration.

BYPASS_AUTHENTICATION_CAPABILITY_VALIDATION

The gateway rejects financial transaction requests with payer authentication data if the acquirer integration does not have support for this data. If you enable this privilege, the gateway will instead process the financial transaction (i.e. ignore the authentication data).

BYPASS_CARD_CHANGE_FOR_AGREEMENT_VALIDATION

The gateway ensures that when the card used for a recurring, installment, unscheduled or other agreement changes, the merchant must submit a customer-initiated payment. Where this privilege is enabled, this validation is not applied for this merchant.

BYPASS_UNUSUAL_TRANSACTION_PROTECTION

The gateway's Unusual Transaction Protection Service helps to protect merchants from processing unusual transactions. If you decide to opt out from the Unusual Transaction Protection Service, this protection will not be applied and the number of unauthorized excessive transactions (and other similar occurrences) processed by the merchant may increase. By opting out of the Unusual Transaction Protection Service, you accept and agree that you are solely responsible for this increased risk, including any increased charges the merchant may incur in relation to the processing of excessive or unusual transactions.

CAPTURES

Enables the merchant to perform captures.

CAPTURE_EXPIRY

May set expiration for captures.

CARD_ON_FILE

Enables the Merchant to indicate whether the card is stored on file by default.

CASH_ADVANCE

Enables the merchant to submit Cash Advance transactions.

CHANGE_MERCHANT_TRANSACTION_SOURCE

Enables the merchant to provide the source of the transaction when creating the transaction. If not enabled or not provided by the merchant, the gateway automatically assigns the default transaction source.

CHANGE_ORDER_CERTAINTY

Enables the merchant to make use of a value of order certainty other than their configured default (see defaultOrderCertainty) by supplying it in WS-API requests or in the Create Order UI.

CHANGE_TRANSACTION_FREQUENCY

Enables the merchant to change the frequency of a transaction. Note: Values set for transaction frequency only apply if the merchant uses version 53 and lower of the API.

CREDIT_CARD_BILL_PAYMENTS

Enables the merchant to submit credit card bill payments that disburse funds to the recipient's credit card account.

DEBIT_ROUTING_FOR_HAYS_TRAVEL_PRIVILEGE

Enable Debit Transaction Routing for Hays Travel.

DEBT_REPAYMENT

Enables merchant to indicate that the payment is a debt repayment.

DINERS_PROTECT_BUY_2

May perform 3DS 2.0 Discover ProtectBuy authentications.

EMV

May perform EMV transactions.

ENABLE_REFUND_REQUESTS

Enables an operator to request approval for a refund transaction. The refund transaction is not submitted to the acquirer.

ENFORCE_CARD_NUMBER_MASKING_FOR_INPUT

Enforces card masking when entering a payer's card number in Merchant Administration.

ENFORCE_GATEWAY_TOKEN_FOR_CARD_STORED_ON_FILE_TRANSACTIONS

Where enabled, the gateway will enforce the use of gateway tokens for all transactions that indicate that stored card details are used.

ENFORCE_REFUNDS_WITHOUT_AUTHORIZATIONS

Where supported by the acquirer, the gateway attempts to submit an Authorization to the issuer before submitting the Refund to the acquirer. When this privilege is enabled, the gateway will not attempt to submit an Authorization for the Refund.

ENFORCE_UNIQUE_MERCHANT_TRANSACTION_REFERENCE

Enforces a unique Merchant Transaction Reference for every transaction submitted by the merchant. Transactions without a unique Merchant Transaction Reference are rejected by the gateway.

ENFORCE_UNIQUE_ORDER_REFERENCE

Enforces a unique Order Reference across all orders submitted by the merchant. Transactions without a uniqueOrder Reference are rejected by the gateway.

EXCESSIVE_CAPTURE

Allows merchant to excessively capture an outstanding Authorization amount for an order.

EXCESSIVE_REFUNDS

Enables the merchant to perform refunds for amounts greater than the authorized amount.

FASTR_BY_CB

May perform 3DS 2.0 Carte Bancaire FASTR_BY_CB authentications.

GAMING_WINNINGS_PAYMENTS

Enables the merchant to submit transactions that disburse gaming winnings to the payer's account.

HIGH_DISPUTE_MERCHANT

High Dispute Merchant.

IDENTITY_CHECK_EXPRESS

Enables a merchant with privileges and configuration enabling them to use EMV 3DS to make use of SCA Delegation functionality, so that they can provide their customers a frictionless authentication process where they have already authenticated the customer using an approved authentication mechanism.

INSTANT_REFUNDS

Where supported by the acquirer, the gateway attempts to submit refunds for processing in near real time so that the money will instantly be available in the payer's account. 

ITMX_LSS

Enable merchants for LSS authentication in ITMX network.

ITMX_LSS_EMV_3DS

May perform 3DS 2.0 ITMX authentications.

JSECURE_2

May perform 3DS 2.0 JCB JSecure authentications.

LEVEL2_CPC_4X40

Enable Freeform Charge Description Order Entry Fields.

MADA_SECURE

May perform mada secure EMV 3DS payer authentications.

MANUAL_BATCH_CLOSURE

Enables the merchant to manually trigger settlement for a batch in Merchant Administration or via the 'Close Batch' Web Services API operation.

MASTERCARD_INSTALLMENTS_ENHANCED_AUTHORIZATION_DATA

Enables the merchant to offer issuer Mastercard Installments (MCI) using enhanced authorization data. If enabled the gateway will ask the issuer for available offers. Where offers are available the merchant can then present them to the payer.

MASTERCARD_INSTALLMENT_SP_PRODUCTS_OPTOUT

Indicates that the merchant has opted out of the Mastercard Installment SPS (Payments S) and SPP (Payments P) Products.

MA_DOCUMENTATION_DOWNLOAD

Allows merchant administration documentation download.

MOTO

Enables the merchant to manually create orders in Merchant Administration.

NO_CARDS_SUBMITTED_THROUGH_API_SAQ_A

Support merchant to meet SAQ-A obligation when using merchant user interfaces

NO_CARDS_SUBMITTED_THROUGH_UI_SAQ_A

Support merchant to meet SAQ-A obligation when using merchant user interfaces.

OPTIN_REFUND_CONSENT

Allows the merchant to take explicit refund consent from payer if REFUNDS privilege is enabled to merchant for Open Banking transactions.

ORDER_DOWNLOAD

Enables the merchant to download order level data in CSV format.

PAYPAL_SMART_BUTTON

Allows the merchant to offer PayPal Smart button to payer inorder to make purchase for PayPal transactions.

PROCESS_AUTHORIZATION_AS_PURCHASE

May process Authorizations as Purchase

PSD2_EXEMPTIONS

Enables the merchant to claim an exemption from the Regulatory Technical Standards (RTS) requirements for Strong Customer Authentication (SCA) under the Payment Services Directive 2 (PSD2) regulations in the European Economic Area. When enabled the merchant can indicate the type of exemption being claimed when using the Authenticate Payer operation or submitting an Authorize or Pay transaction request.

PURCHASES

Enables the merchant to perform purchases.

REFUNDS

Enables the merchant to create refunds. A refund is the transfer of funds from a merchant to the payer's account.

REFUND_EXPIRY

May set expiration for refunds.

RETURN_FULL_FPAN_FOR_VISA_TRANSIT

If enabled, the gateway will store full FPAN details if returned by the acquirer for device payment transactions for Visa cards.

SECURECODE_2

May perform 3DS 2.0 MasterCard SecureCode authentications.

STANDALONE_CAPTURES

Enables the merchant to perform a capture without first performing an authorization. The merchant must perform the authorization externally, and provide the corresponding authorization code as input to the stand alone capture.

STANDALONE_REFUNDS

Enables the merchant to perform a refund without first creating an order (with a capture or purchase).

STATEMENT_DESCRIPTOR

Enables the merchant to print their contact information on payer's account statements.

SUPPORT_EXTENDED_REFUNDS

Enables the merchant to perform a refund for an extended period up to 24 months.

SURCHARGE_RULES

Enables the merchant to configure rules for calculating surcharge amounts.

TXN_DOWNLOAD

Enables the merchant to download transaction level data in CSV format.

UPDATE_AUTHORIZATION

Enables the merchant to update an existing authorization, allowing to update the authorized amount or expand the validity period for the order.

VERIFIED_BY_VISA_2

May perform 3DS 2.0 Verified by Visa authentications.

VIEW_SETTLEMENT_PAGES

Enables the merchant to view batch settlement details in Merchant Administration.

VOIDS

Enables the merchant to void transactions. A void is the cancellation of a previous transaction. Voids can only be performed if the transaction is in an unreconciled batch and if the operation is supported by the acquirer.

merchant.refundExpirationDays Integer OPTIONAL

Number of days after authorization in which a refund is valid.

JSON number data type, restricted to being positive or zero. In addition, the represented number may have no fractional part.

Min value: 1 Max value: 999
merchant.service[n] Enumeration OPTIONAL

A gateway feature that you can enable for a merchant.

Use this field to enable a service on this merchant profile.
Note: the options available to you are determined by your gateway configuration and in addition to the rules defined by the merchant themselves.

Value must be a member of the following list. The values are case sensitive.

ENABLE_AMEX_EXPRESS_CHECKOUT

Enables the merchant to use the Amex Express Checkout digital wallet to collect the payer's payment details.

ENABLE_APPLE_PAY_ON_HOSTED_CHECKOUT

Enables the merchant to use Apple Pay on HCO where decryption is done using gateway managed certificate.

ENABLE_BATCH

Enables the merchant to integrate with the gateway via the Batch API. The Authentication mode is set to 'Password Authentication'.

ENABLE_CHECKOUT_VIA_MERCHANT_WEBSITE

Enables the merchant to use Hosted Checkout by redirecting the payer's browser from their website to Hosted Checkout.

ENABLE_DECRYPT_APPLE_PAY

Enables the merchant to present Apple Pay payment tokens.

ENABLE_DECRYPT_GOOGLE_PAY

Enables the merchant to present Google Pay payment tokens.

ENABLE_DECRYPT_SAMSUNG_PAY

Enables the merchant to present Samsung Pay payment tokens.

ENABLE_DEVICE_PAYMENTS

Enables the merchant to use supported device payment methods such as Apple Pay, Android Pay or Samsung Pay.

ENABLE_GOOGLE_PAY_ON_HOSTED_CHECKOUT

Enables the merchant to use Google Pay on HCO where decryption is done using gateway managed certificate.

ENABLE_HOSTED_PAYMENT_FORM

Enables the merchant to collect the payer's payment details through their own payment form while submitting them directly from the payer's browser to the gateway.

ENABLE_MASTERPASS_ONLINE

Enables the merchant to use the MasterPass Online digital wallet to collect the payer's payment details.

ENABLE_MSO_CONFIGURED_TRANSACTION_FILTERING

Enables you to configure transaction filtering rules for this merchant. If you enable this service, you should also configure the rules you want to apply in the merchant.transactionFiltering parameter group.

ENABLE_NOTIFICATIONS

Enables the merchant to configure merchant email notifications as well as customer email notifications.

ENABLE_PAYMENTS_WITHOUT_AUTHENTICATION

Enables the merchant to process payments without any merchant authentication.

ENABLE_PAY_WITH_TOKEN

Enables the merchant to use Pay with Token for Hosted Checkout.

ENABLE_REPORTING_API

Enables the merchant to integrate with the gateway via the Reporting API.

ENABLE_SUBGATEWAY_PROCESSING

Enables the merchant to act as a subgateway. A subgateway can submit requests to the gateway on behalf of their client merchants to access gateway services. Client merchants of the subgateway do not need merchant profiles created on the gateway.

ENABLE_VISA_CHECKOUT

Enables the merchant to use the Visa Checkout digital wallet to collect the payer's payment details.

ENABLE_WEB_SERVICES_API

Enables the merchant to integrate with the gateway via the Web Services API. The Authentication mode is set to 'Password Authentication'.

merchant.subgateway OPTIONAL

Information about a merchant you have enabled to act as a subgateway.

These fields only apply if you have set ENABLE_SUBGATEWAY_PROCESSING in the merchant.service[n] field.

Use these fields to provide information so that our gateway can process requests submitted by this merchant on behalf of their client merchants.

merchant.subgateway.acquirerMerchantIds[n] String OPTIONAL

This lets you limit the scope of this subgateway to the client merchants that they own.

The gateway will only process requests from this subgateway merchant that have a acquirer.merchantId value that is in this list.

The acquirer.merchantId is the Bank Merchant ID/SE Number/account name or such issued by this acquirer. You can specify a list of either:

  • • merchant ids, or
  • • a dash separated range (inclusive) of merchant ids.
If a merchant id includes a dash, comma or backslash, then those characters can be escaped with a backslash. For example, the value:
  • kddfg\-x, eam1340-eam1343,a8-a11,009-011,x y
allows ids:
  • kddfg-x, eam1340, eam1341, eam1342, eam1343, a8, a9, a10, a11, 009, 010, 011, x y
Not providing this value is an empty list, which will prevent this merchant transacting as a subgateway. Providing the special value <<ANY>> allows the subgateway to submit any acquirer.merchantId.

Data can consist of any characters

Min length: 1 Max length: 100
merchant.systemCapturedCardMaskingFormat Enumeration REQUIRED

The card number masking format applied by the gateway when the card number was supplied by the customer rather than the merchant.

This format will be used for transactions originating from Hosted Payment Form integrations.

Formats for masking card numbers.

Value must be a member of the following list. The values are case sensitive.

DISPLAY_0_4

Display last 4 digits of Card Number.

DISPLAY_6_3

Display first 6 and last 3 digits of Card Number.

DISPLAY_6_4

Display first 6 and last 4 digits of Card Number.

DISPLAY_FULL

Display Full Card Number.

DISPLAY_NONE

Display No Card Number.

merchant.tokenization OPTIONAL

Configuration details for the Tokenization functionality

merchant.tokenization.aetsSchemeTokenUsage Enumeration OPTIONAL

Enable the use of AETS scheme tokens from the selected token repository for this merchant.

Where enabled, the gateway will use the scheme token (rather than the actual card details) stored against the gateway token when processing a request with this gateway token. Tokenization of card details with AETS requires additional configuration on the merchant.tokenization.tokenRepository.schemeTokenization.aets group.

Value must be a member of the following list. The values are case sensitive.

ENABLE_FOR_PRODUCTION_AND_TEST_MERCHANT_PROFILE

Enable use of network tokens for the production as well as the test merchant profile.

ENABLE_FOR_TEST_MERCHANT_PROFILE_ONLY

Enable use of network tokens for the test merchant profile only.

merchant.tokenization.mdesSchemeTokenUsage Enumeration OPTIONAL

Enable the use of MDES scheme tokens from the selected token repository for this merchant.

Where enabled, the gateway will use the scheme token (rather than the actual card details) stored against the gateway token when processing a request with this gateway token. Tokenization of card details with MDES requires additional configuration on the merchant.tokenization.tokenRepository.schemeTokenization.mdes group.

Value must be a member of the following list. The values are case sensitive.

ENABLE_FOR_PRODUCTION_AND_TEST_MERCHANT_PROFILE

Enable use of network tokens for the production as well as the test merchant profile.

ENABLE_FOR_TEST_MERCHANT_PROFILE_ONLY

Enable use of network tokens for the test merchant profile only.

merchant.tokenization.tokenMaintenanceService Boolean OPTIONAL

The Token Maintenance Service attempts to ensure that the card details stored against a token are current thereby increasing the likelihood of successfully processing a recurring payment that uses the token.

The Token Maintenance Service uses the Account Updater functionality. Therefore the Account Updater functionality must be enabled for at least one Merchant-Acquirer-Link for the merchant. Only tokens with payment details for which requests would be processed via such a Merchant-Acquirer-Link can be updated.

JSON boolean values 'true' or 'false'.

merchant.tokenization.tokenRepository OPTIONAL

Details regarding the token repository configuration.

merchant.tokenization.tokenRepository.schemeTokenization OPTIONAL

Configuration of the token repository assigned to the merchant (as identified in merchant.tokenization.tokenRepositoryId) for scheme tokenization using a scheme token service provider, including Mastercard Digital Enablement Service (MDES), Visa Token Service (VTS) or American Express Token Service (AETS).

merchant.tokenization.tokenRepository.schemeTokenization.aets OPTIONAL

Configuration details for the American Express Tokenization Service (AETS).

merchant.tokenization.tokenRepository.schemeTokenization.aets.clientId String REQUIRED

An identifier assigned by American Express Token Service (AETS) for authentication to the service.

The merchant can find the Client ID value in the AETS Dashboard.

Data can consist of any characters

Min length: 1 Max length: 64
merchant.tokenization.tokenRepository.schemeTokenization.aets.clientSecret Base64 REQUIRED

A key provided by American Express Token Service (AETS) for authentication to the service.

The merchant can find the Client Secret value in the AETS Dashboard.

Data is Base64 encoded

Min length: 1 Max length: 50
merchant.tokenization.tokenRepository.schemeTokenization.aets.encryptionKey Base64 REQUIRED

A static 256-bit AES encryption key provided by American Express Token Service (AETS) for encrypting cardholder account data sent to the service, and decrypting token data returned by the service.

The merchant can find the Encryption Key value on the AETS Dashboard.

Data is Base64 encoded

Min length: 1 Max length: 50
merchant.tokenization.tokenRepository.schemeTokenization.aets.encryptionKeyId String REQUIRED

The identifier of the static 256-bit AES encryption key provided by American Express Token Service (AETS).

This is used to identify the static AES key in the encrypted cardholder account data sent to the service and in the encrypted token data returned by the service. The merchant can find the Encryption Key ID value on the AETS Dashboard.

Data can consist of any characters

Min length: 1 Max length: 64
merchant.tokenization.tokenRepository.schemeTokenization.aets.tokenRequestorId String REQUIRED

A unique identifier assigned to a merchant by American Express Token Service (AETS).

This identifier will be used for all merchants using this token repository.
Once configured, it cannot be updated. A new token repository would have to be assigned to the merchant.

Data can consist of any characters

Min length: 1 Max length: 64
merchant.tokenization.tokenRepository.schemeTokenization.mdes OPTIONAL

Configuration details for the Mastercard Digital Enablement Service (MDES).

If a token requestor ID (TRID) is contained in the Retrieve Transaction response in field merchant.tokenization.tokenRepository.schemeTokenization.mdes.tokenRequestorId, the repository is enabled for scheme tokenization for all Mastercard cards stored in this repository.

To enable scheme tokenization using MDES, you can either provide an existing token requestor ID (TRID) or provide the merchant trading name to request the gateway to register the merchant for scheme tokenization with MDES and retrieve a TRID.

Once enabled, you cannot disable scheme tokenization using MDES.

merchant.tokenization.tokenRepository.schemeTokenization.mdes.merchantTradingName String OPTIONAL

The trading name of the merchant.

If provided and the repository is not yet enabled for scheme tokenization (i.e. merchant.tokenization.tokenRepository.schemeTokenization.mdes.tokenRequestorId is not present) the gateway will attempt to enabled scheme tokenization with MDES by registering the merchant with MDES and retrieving a token requestor ID (TRID).

If the registration was successful the Retrieve Merchant response contains the TRID in field merchant.tokenization.tokenRepository.schemeTokenization.mdes.tokenRequestorId and the repository is enabled for scheme tokenization for Mastercard cards.

Data can consist of any characters

Min length: 1 Max length: 100
merchant.tokenization.tokenRepository.schemeTokenization.mdes.tokenRequestorId String OPTIONAL

A unique identifier (also known as TRID) assigned to the merchant by MDES.

This identifier will be used by the gateway in all requests to MDES to identify the merchant. The same TRID will be used for all merchant profiles using this token repository,

If you want to enable the token repository for scheme tokenization for gateway tokens and the merchant has already been assigned a TRID by MDES, provide this TRID.

Once a TRID has been configured for a token repository, it cannot be updated. In case you need to update the TRID you must create a new token repository.

Data can consist of any characters

Min length: 11 Max length: 11
merchant.tokenization.tokenRepository.schemeTokenization.vts OPTIONAL

Configuration details for the Visa Token Service (VTS).

If a token requestor ID (TRID) is contained in the Retrieve Transaction response in field merchant.tokenization.tokenRepository.schemeTokenization.vts.tokenRequestorId the repository is enabled for scheme tokenization for all Visa cards stored in this repository.

To enable scheme tokenization using VTS, you can either provide an existing token requestor ID (TRID) and relationship ID (if available) or you provide the merchant details, including the merchant's name, country, city, email, website and business identifier, to request the gateway to register the merchant for scheme tokenization with VTS and retrieve a TRID.

Once enabled, you cannot disable scheme tokenization using VTS.

merchant.tokenization.tokenRepository.schemeTokenization.vts.merchant OPTIONAL

Details about the merchant, to be used by the gateway to register the merchant with VTS to enable the token repository for scheme tokenization for Visa cards

You must provide these details if you want to enable scheme tokenization for Visa cards for the repository and the merchant has not yet been issued a TRID by VTS.

merchant.tokenization.tokenRepository.schemeTokenization.vts.merchant.businessIdentificationType Enumeration REQUIRED

The type of the business identifier you have provided in field merchant.tokenization.tokenRepository.schemeTokenization.vts.merchant.businessIdentifier.

The Business Identifier Type must be valid in the country you provide in merchant.tokenization.tokenRepository.schemeTokenization.vts.countryCode, for example, if the merchant is located in Canada, you can provide either the merchant's BID (Business Identification Number) or BN (Business Number).

Value must be a member of the following list. The values are case sensitive.

ABN Australian Business Number
BID Business Identification Number
BN Business Number
BRNO Business Registration Number
CID Company Identifier
CL Commercial License Number
CLN Company License Number
CNPJ Legal Entities National Registration Number
CR Company Registration Number
CUIT Unique Tax Identification Code
EDRPOU Unified State Register of Enterprises and Organizations of Ukraine
EIN Federal Tax ID
HKBR Hong Kong Business Registration
NATIONAL_ID Dominican Republic National Identity 
NZBN New Zealand Business Number
PAN Permanent Account Number
RFC Federal Taxpayer Registration
RNC Dominican Republic National Contributors Number
RUC Unique Registry of Taxpayers
RUT Unique Taxpayer Identification Number
SIN Social Insurance Number
SSN Social Security Number
UEN Unique Entity Number
VAT Value Added Tax

Value must be a member of the following list. The values are case sensitive.

ABN
BID
BN
BRNO
CID
CL
CLN
CNPJ
CR
CUIT
EDRPOU
EIN
HKBR
NATIONAL_ID
NZBN
PAN
RFC
RNC
RUC
RUT
SIN
SSN
UEN
VAT
merchant.tokenization.tokenRepository.schemeTokenization.vts.merchant.businessIdentifier String REQUIRED

The business identifier of the merchant, for example their tax registration identifier.

Provide the value of the identifier you have provided in field merchant.tokenization.tokenRepository.schemeTokenization.vts.merchant.businessIdentificationType.

Data can consist of any characters

Min length: 1 Max length: 75
merchant.tokenization.tokenRepository.schemeTokenization.vts.merchant.city String REQUIRED

The city of the merchant's primary address.

Data can consist of any characters

Min length: 1 Max length: 30
merchant.tokenization.tokenRepository.schemeTokenization.vts.merchant.countryCode Upper case alphabetic text REQUIRED

The country of the merchant's primary address.

Provide the ISO 3166-1 three-letter country code.

Data must consist of the characters A-Z

Min length: 3 Max length: 3
merchant.tokenization.tokenRepository.schemeTokenization.vts.merchant.email Email REQUIRED

The email address that can be used to contact the merchant.

Ensures that the email address is longer than 3 characters and adheres to a generous subset of valid RFC 2822 email addresses

merchant.tokenization.tokenRepository.schemeTokenization.vts.merchant.registeredName String REQUIRED

The registered or legal name of the merchant.

Note that this may differ from the trading name that payers know the merchant by.

Data can consist of any characters

Min length: 1 Max length: 75
merchant.tokenization.tokenRepository.schemeTokenization.vts.merchant.website Url REQUIRED

The URL of the merchant's web site.

Ensure that this is a valid URL according to RFC 1738.

merchant.tokenization.tokenRepository.schemeTokenization.vts.relationshipId String OPTIONAL

An identifier assigned to the merchant by VTS, in addition to the token requestor ID (TRID).

This identifier will be used by the gateway in all requests to VTS. The same identifier will be used for all merchant profiles using this token repository.

If you want to enable the token repository for scheme tokenization for gateway tokens and the merchant has already been assigned a TRID and relationship ID by VTS, provide this relationship ID.

Once a relationship ID has been configured for a token repository, it cannot be updated. In case you need to update the relationship ID you must create a new token repository.

Data can consist of any characters

Min length: 1 Max length: 100
merchant.tokenization.tokenRepository.schemeTokenization.vts.tokenRequestorId String OPTIONAL

A unique identifier (also known as TRID) assigned to the merchant by VTS.

This identifier will be used by the gateway in all requests to VTS to identify the merchant. The same TRID will be used for all merchant profiles using this token repository.

If you want to enable the token repository for scheme tokenization for gateway tokens and the merchant has already been assigned a TRID by VTS, provide this TRID.

Once a TRID has been configured for a token repository, it cannot be updated. In case you need to update the TRID you must create a new token repository.

Data can consist of any characters

Min length: 11 Max length: 11
merchant.tokenization.tokenRepository.tokenGeneration Enumeration OPTIONAL

Defines the strategy used to generate a token.

Mandatory, if repository must be created.

Value must be a member of the following list. The values are case sensitive.

MERCHANT_SUPPLIED

Tokens are supplied by the merchant. Any merchant supplied token is validated to not be a valid card number.

PRESERVE_6_4

Tokens are generated preserving the first 6 and last 4 digits of the account identifier, e.g. card number. The remaining digits are randomized, and the token is guaranteed to fail a Luhn (Mod-10) check so that it does not create a valid card number.

RANDOM_WITH_LUHN

Tokens are generated as random numbers. It starts with a '9' (so that is does not create a valid card number) and passes a Luhn (Mod-10) check.

merchant.tokenization.tokenRepository.tokenManagementStrategy Enumeration OPTIONAL

Defines how tokens within the repository are managed by the gateway.

Mandatory, if repository must be created.

Value must be a member of the following list. The values are case sensitive.

UNIQUE_TOKEN

A unique token is assigned every time an account identifier is saved in the token repository, defining a one-to-many relationship between an account identifier and the token.

merchant.tokenization.tokenRepositoryId ASCII Text OPTIONAL

Unique identifier of the token repository.

Token repositories can be shared across merchants; however, a single merchant can be associated with only one token repository at a given time. Every token repository has a corresponding test token repository, which only the merchants with the corresponding test profiles can access. For example, if the repository ID is ABC, the test repository ID will be TestABC. Hence, the system displays an error if you specify a repository ID that starts with 'Test'

Data consists of ASCII characters

Min length: 1 Max length: 16
merchant.tokenization.verificationStrategy Enumeration OPTIONAL

The type of verification performed by the gateway for payment details stored against a token repository for this merchant.

Value must be a member of the following list. The values are case sensitive.

ACQUIRER

The gateway performs a Web Services API Verify request. Depending on the payment type, you may need to provide additional details to enable the submission of a Verify request.

BASIC

The gateway validates the format of the payment details. For cards it also validates that the card number falls within a valid BIN range. For ACH payment details it also validates the check digit for the routing number

NONE

The gateway does not perform any verification.

merchant.tokenization.vtsSchemeTokenUsage Enumeration OPTIONAL

Enable the use of VTS scheme tokens from the selected token repository for this merchant.

Where enabled, the gateway will use the scheme token (rather than the actual card details) stored against the gateway token when processing a request with this gateway token. Tokenization of card details with VTS requires additional configuration. This configuration is currently only available in Merchant Manager.

Value must be a member of the following list. The values are case sensitive.

ENABLE_FOR_PRODUCTION_AND_TEST_MERCHANT_PROFILE

Enable use of network tokens for the production as well as the test merchant profile.

ENABLE_FOR_TEST_MERCHANT_PROFILE_ONLY

Enable use of network tokens for the test merchant profile only.

merchant.transactionFiltering OPTIONAL

Configuration of transaction filtering rules that apply to transactions processed by this merchant.

You only need to set this if you want to define rules for this merchant, in addition to those that you have configured to apply to all of your merchants, and in addition to the rules defined by the merchant themselves.
The gateway complies with all configured rules when determining if a transaction should be processed.

merchant.transactionFiltering.3DSecure OPTIONAL

Transaction filtering rules based on the results of 3-D Secure payer authentication.

These rules enable the gateway to reject or mark transactions for review, based on rules you can configure.

You only need to use this parameter group if you want to specify rules to apply to this merchant and therefore override any global filtering rules you have set.

You can set values for only one of customFilter, managedFilters, or noFilter. If you provide none of these values, the gateway will apply any global filtering rules that you have specified.

merchant.transactionFiltering.3DSecure.customFilter String OPTIONAL

The name of the 3DS1 custom rule set that you want to apply to this merchant's transactions.

Use this field if the managed rules provided by the gateway are not suitable. Note: You must first provide the gateway with your custom rule set using the MSO UI.

Data can consist of any characters

Min length: 1 Max length: 256
merchant.transactionFiltering.3DSecure.customFilter3DS2 String OPTIONAL

The name of the 3DS2 custom rule set that you want to apply to this merchant's transactions.

Use this field if the managed rules provided by the gateway are not suitable. Note: You must first provide the gateway with your custom rule set using the MSO UI.

Data can consist of any characters

Min length: 1 Max length: 256
merchant.transactionFiltering.3DSecure.managedFilters OPTIONAL

This group lets you select filtering rules managed by the gateway.

If you use this, then you must select at least one field in this parameter group.

merchant.transactionFiltering.3DSecure.managedFilters.reject3DSNotAttempted Boolean OPTIONAL

Block e-commerce transactions where 3-D Secure authentication of the payer has not been attempted.

That is, a directory server lookup was not attempted, or an 'Enrolled' response was not followed by an ACS interaction.

JSON boolean values 'true' or 'false'.

merchant.transactionFiltering.3DSecure.managedFilters.rejectNoLiabilityShift Boolean OPTIONAL

Block e-commerce transactions where 3-D Secure authentication of the payer has not resulted in liability shift to the issuer.

JSON boolean values 'true' or 'false'.

merchant.transactionFiltering.3DSecure.managedFilters.rejectNotFullyAuthenticated Boolean OPTIONAL

Block e-commerce transactions where the cardholder has not been successfully authenticated with 3-D Secure.

JSON boolean values 'true' or 'false'.

merchant.transactionFiltering.3DSecure.managedFilters.rejectOnGatewayRecommendation Boolean OPTIONAL

Block e-commerce transactions based on the gateway's evaluation of the 3-D Secure authentication results against recommendations for Mastercard SecureCode™, Verified by Visa™, JCB J/Secure™, American Express SafeKey™, or Discover ProtectBuy™.

Based on this assessment, the transaction will be blocked or processed as fully authenticated, authentication attempted, or as an unauthenticated transaction.

JSON boolean values 'true' or 'false'.

merchant.transactionFiltering.3DSecure.noFilter Boolean OPTIONAL

No 3-D Secure filtering is applied to the merchant's transactions.

Use this option when you have configured global 3-D Secure filters that apply to all of your merchants and do not want that filtering to apply to this merchant.

JSON boolean values 'true' or 'false'.

merchant.transactionFiltering.blockedBinRange[n] OPTIONAL

Transaction filtering rules based on card BIN ranges.Block transactions for this merchant where the BIN for the card number is in this range.

Note that you can either configure a set of BIN ranges for which requests will be blocked (blacklist)or a set of BIN ranges for which requests will be allowed (whitelist), but not both.

When defining a blacklist, all requests with card numbers outside the defined BIN ranges are allowed.When defining a whitelist, all requests with card numbers outside the defined BIN ranges will be blocked.

merchant.transactionFiltering.blockedBinRange[n].end Integer OPTIONAL

The last BIN of the BIN range you want blocked.

JSON number data type, restricted to being positive or zero. In addition, the represented number may have no fractional part.

Min value: 100000 Max value: 999999
merchant.transactionFiltering.blockedBinRange[n].start Integer REQUIRED

The first BIN of the BIN range you want blocked.

JSON number data type, restricted to being positive or zero. In addition, the represented number may have no fractional part.

Min value: 100000 Max value: 999999
merchant.transactionFiltering.blockedIpAddressRange[n] OPTIONAL

Transaction filtering rules for IP addresses.

Transactions originating from an IP address in these ranges will be blocked.

merchant.transactionFiltering.blockedIpAddressRange[n].end IpAddress OPTIONAL

The last IP address of an IP address range to be blocked, in nnn.nnn.nnn.nnn format.

Ensure that the IpAddress is in the format n.n.n.n, where each n is in the range of 0 to 255

merchant.transactionFiltering.blockedIpAddressRange[n].start IpAddress REQUIRED

The first IP address of an IP address range to be blocked, in nnn.nnn.nnn.nnn format.

Ensure that the IpAddress is in the format n.n.n.n, where each n is in the range of 0 to 255

merchant.transactionFiltering.cardSecurityCode[n] Enumeration OPTIONAL

Block transactions based on the absence of the Card Security Code (CSC) or the response from the card issuer.

Value must be a member of the following list. The values are case sensitive.

REJECT_CSC_NOT_PRESENT_ON_CARD

Rejects transactions where the merchant has indicated that CSC is not present on the card.

REJECT_ISSUER_NOT_CERTIFIED

Rejects transactions for which the issuer is not certified for CSC processing.

REJECT_NOT_PROCESSED

Rejects transactions where the CSC is not processed.

REJECT_NO_CSC_MATCH

Rejects transactions where the CSC submitted is invalid or does not match the one associated with the card.

merchant.transactionFiltering.dynamic3DSecure Boolean OPTIONAL

Enable Dynamic 3-D Secure Authentication for this merchant.

The merchant can only be enabled for this functionality if they are configured for at least one 3-D Secure authentication scheme and also configured to use an external risk provider (merchant.merchantManagedRiskAssessment parameter group).

JSON boolean values 'true' or 'false'.

merchant.transactionFiltering.ipCountry OPTIONAL

Transaction filtering rules for countries based on IP address.

Transactions originating from IP addresses associated with the countries you specify will be blocked. You can also choose to block transactions from unidentified countries or anonymous proxy servers.

merchant.transactionFiltering.ipCountry.rejectAnonymousProxy Boolean OPTIONAL

Block transactions originating from anonymous proxy servers.

Do not set to 'false' if merchant.transactionFiltering.ipCountry.rejectCountry is populated.

JSON boolean values 'true' or 'false'.

merchant.transactionFiltering.ipCountry.rejectCountry[n] Alpha OPTIONAL

Block transactions originating from IP addresses associated with this country.

Provide the 3 character ISO 3166-1 alpha-3 country code of the country to be blocked.

Data may consist of the characters a-z, A-Z

Min length: 3 Max length: 3
merchant.transactionFiltering.ipCountry.rejectUnknownCountry Boolean OPTIONAL

Block transactions from IP addresses when the gateway cannot identify the country from which it originated.

Do not set to 'false' if merchant.transactionFiltering.ipCountry.rejectCountry is populated.

JSON boolean values 'true' or 'false'.

merchant.transactionFiltering.whiteListedBinRange[n] OPTIONAL

Transaction filtering rules based on card BIN ranges.Allow transactions for this merchant where the BIN for the card number is in this range.

Note that you can either configure a set of BIN ranges for which requests will be blocked (blacklist)or a set of BIN ranges for which requests will be allowed (whitelist), but not both.

When defining a blacklist, all but requests with card numbers within the defined BIN ranges are allowed.When defining a whitelist, all but requests with card numbers within the defined BIN ranges will be blocked.

merchant.transactionFiltering.whiteListedBinRange[n].end Integer OPTIONAL

The last BIN of the BIN range you want whitelisted.

JSON number data type, restricted to being positive or zero. In addition, the represented number may have no fractional part.

Min value: 100000 Max value: 999999
merchant.transactionFiltering.whiteListedBinRange[n].start Integer REQUIRED

The first BIN of the BIN range you want whitelisted.

JSON number data type, restricted to being positive or zero. In addition, the represented number may have no fractional part.

Min value: 100000 Max value: 999999

Response

Fields

correlationId String CONDITIONAL

A transient identifier for the request, that can be used to match the response to the request.

The value provided is not validated, does not persist in the gateway, and is returned as provided in the response to the request.

Data can consist of any characters

Min length: 1 Max length: 100
result Enumeration ALWAYS PROVIDED

A system-generated high level overall result of the operation.

Value must be a member of the following list. The values are case sensitive.

FAILURE

The operation was declined or rejected by the gateway, acquirer or issuer

PENDING

The operation is currently in progress or pending processing

SUCCESS

The operation was successfully processed

UNKNOWN

The result of the operation is unknown

Errors

error

Information on possible error conditions that may occur while processing an operation using the API.

error.cause Enumeration

Broadly categorizes the cause of the error.

For example, errors may occur due to invalid requests or internal system failures.

Value must be a member of the following list. The values are case sensitive.

INVALID_REQUEST

The request was rejected because it did not conform to the API protocol.

REQUEST_REJECTED

The request was rejected due to security reasons such as firewall rules, expired certificate, etc.

SERVER_BUSY

The server did not have enough resources to process the request at the moment.

SERVER_FAILED

There was an internal system failure.

error.explanation String

Textual description of the error based on the cause.

This field is returned only if the cause is INVALID_REQUEST or SERVER_BUSY.

Data can consist of any characters

Min length: 1 Max length: 1000
error.field String

Indicates the name of the field that failed validation.

This field is returned only if the cause is INVALID_REQUEST and a field level validation error was encountered.

Data can consist of any characters

Min length: 1 Max length: 100
error.supportCode String

Indicates the code that helps the support team to quickly identify the exact cause of the error.

This field is returned only if the cause is SERVER_FAILED or REQUEST_REJECTED.

Data can consist of any characters

Min length: 1 Max length: 100
error.validationType Enumeration

Indicates the type of field validation error.

This field is returned only if the cause is INVALID_REQUEST and a field level validation error was encountered.

Value must be a member of the following list. The values are case sensitive.

INVALID

The request contained a field with a value that did not pass validation.

MISSING

The request was missing a mandatory field.

UNSUPPORTED

The request contained a field that is unsupported.

result Enumeration

A system-generated high level overall result of the operation.

Value must be a member of the following list. The values are case sensitive.

ERROR

The operation resulted in an error and hence cannot be processed.

Resources

Glossary FAQs