Remote Authentication API Reference
To make a request to the Remote Auth API you need to submit a UTF-8 encoded HTTPS POST to:
Test - https://secure-int.cashflows.com/gateway/remote_auth.
Live - https://secure.cashflows.com/gateway/remote_auth.
Payment request parameters
Parameters for making payments:
Parameter |
Description |
Mandatory/Optional |
|---|---|---|
|
Your Profile Id |
Mandatory |
|
Authentication password |
Mandatory |
|
Customer’s card number (Must be numeric only with no separators) |
Mandatory if no
|
|
Customer’s card token (Max of 50 characters) |
Mandatory if no
|
|
Card security code |
Mandatory |
|
Card start date, format is MMYY (Optional) |
Optional |
|
Card issue number |
Optional |
|
Card expiry date, format is MMYY |
Mandatory |
|
Customer’s name |
Optional |
|
Customer’s address (Multiple lines can be separated using the new line break character (ASCII code 10)) |
Optional |
|
Customer’s post/zip/area code ) |
Optional |
|
Customer’s country (ISO3166 2-character code) |
Optional |
|
Customer’s IP address (IPV4 Format only) |
Optional |
|
Customer’s email address |
Optional |
|
Customer’s telephone number |
Optional |
|
Indicates whether a Pay’s wallet was used:
|
Optional |
|
Indicates which Pay’s wallet was used
|
Optional |
|
Your transaction reference (e.g. cart ID) |
Mandatory |
|
Your transaction description (Max of 99 characters) |
Optional |
|
Transaction amount to 2 decimal places, e.g. 24.99
|
Mandatory |
|
Transaction currency (3-character code) |
Mandatory |
|
Transaction test mode = 0 |
Mandatory |
|
Transaction type = sale |
Mandatory |
|
Transaction class = ecom or moto |
Mandatory |
|
To be used to override default MID settings:
|
Optional |
|
Indication of the number of retries attempts, 0 = initial attempt (For more information see Retry Handing) |
Optional |
|
If not Null, the Acquirer Reference Number (ARN) will be included in the response only when we have processed a live payment. |
Optional |
|
If not Null, the raw issuer response code will be included in the response when we have processed a live payment. |
Optional |
|
A soft descriptor that is added to your Company Name when displayed on the Cardholders statement (Max of 12 characters) |
Optional |
|
If not Null the |
Optional |
|
Indication of why the transaction may be exempt from SCA, possible values:
|
Optional |
|
Sends your Merchant Partner Gateway ID (MPG ID) to Mastercard for identification (11 numeric characters)
|
Mandatory for Mastercard transactions for Merchant Payment Gateways |
If you’re using 3D Secure with Visa, Mastercard, or American Express, you must also include:
Parameters (3D Secure) |
Description |
|---|---|
|
The response from the 3DS server:
|
|
The Cardholder Authentication Verification Value from 3DS server, 28 Characters.
|
|
The universally unique transaction identifier assigned by the Directory Server (DS) to identify a single transaction, 36 characters. Required when acs_3dsversion = 2.1.0/2.2.0.
|
If your MCC is 6012(financial institutions – debt repayment), 6051, or 7299 you must also include:
Parameters (financial institutions) |
Description |
|---|---|
|
Cardholder’s Date of Birth. Format is YYYYMMDD (8 numeric characters) |
|
Cardholder’s Surname or Last name (2-64-characters alpha characters, including -) |
|
Cardholder’s Postcode (2 to 16-characters alpha characters, including spaces) |
|
Account or reference number where funds are being disbursed or applied. (1 to 32 alpha numeric characters, including /-) For PAN Numbers: First 6 and Last 4 Never include full PAN |
Example payments request
import requests
url = 'https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth'
data = {
'auth_id': 'YOUR_AUTH_ID',
'auth_pass': 'YOUR_AUTH_PASS',
'card_num': '4510400400099005',
'card_cvv': '123',
'card_expiry': '1126',
'cust_name': 'Mrs T Tester',
'cust_address': 'testUserApi',
'cust_postcode': 'TE456ST',
'cust_country': 'GB',
'cust_ip': '123.45.67.89',
'cust_email': 'customer@example.com',
'cust_tel': '01234567890',
'tran_ref': 'testApi',
'tran_amount': '200.00',
'tran_currency': 'GBP',
'tran_testmode': '0',
'tran_type': 'sale',
'tran_class': 'ecom',
'acs_eci': '',
'acs_cavv': '',
'return_scheme_transaction_id' => '1',
'submit': 'submit'
}
headers = {'Content-Type': 'application/x-www-form-urlencoded'}
response = requests.post(url, data=data, headers=headers)
print(response.text)
import org.apache.http.client.methods.*;
import org.apache.http.impl.client.*;
import org.apache.http.entity.*;
import java.util.*;
public class PaymentRequest {
public static void main(String[] args) throws Exception {
HttpClient client = HttpClients.createDefault();
HttpPost post = new HttpPost("https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth");
List<NameValuePair> params = new ArrayList<>();
params.add(new BasicNameValuePair("auth_id", "YOUR_AUTH_ID"));
params.add(new BasicNameValuePair("auth_pass", "YOUR_AUTH_PASS"));
params.add(new BasicNameValuePair("card_num", "4510400400099005"));
params.add(new BasicNameValuePair("card_cvv", "123"));
params.add(new BasicNameValuePair("card_expiry", "1126"));
params.add(new BasicNameValuePair("cust_name", "Mrs T Tester"));
params.add(new BasicNameValuePair("cust_address", "testUserApi"));
params.add(new BasicNameValuePair("cust_postcode", "TE456ST"));
params.add(new BasicNameValuePair("cust_country", "GB"));
params.add(new BasicNameValuePair("cust_ip", "123.45.67.89"));
params.add(new BasicNameValuePair("cust_email", "customer@example.com"));
params.add(new BasicNameValuePair("cust_tel", "01234567890"));
params.add(new BasicNameValuePair("tran_ref", "testApi"));
params.add(new BasicNameValuePair("tran_amount", "200.00"));
params.add(new BasicNameValuePair("tran_currency", "GBP"));
params.add(new BasicNameValuePair("tran_testmode", "0"));
params.add(new BasicNameValuePair("tran_type", "sale"));
params.add(new BasicNameValuePair("tran_class", "ecom"));
params.add(new BasicNameValuePair("acs_eci", ""));
params.add(new BasicNameValuePair("acs_cavv", ""));
params.add(new BasicNameValuePair("return_scheme_transaction_id", "1"));
params.add(new BasicNameValuePair("submit", "submit"));
post.setEntity(new UrlEncodedFormEntity(params));
post.setHeader("Content-Type", "application/x-www-form-urlencoded");
HttpResponse response = client.execute(post);
System.out.println(EntityUtils.toString(response.getEntity()));
}
}
using System;
using System.Net.Http;
using System.Collections.Generic;
using System.Threading.Tasks;
class Program
{
static async Task Main()
{
var client = new HttpClient();
var values = new Dictionary<string, string>
{
{ "auth_id", "YOUR_AUTH_ID" },
{ "auth_pass", "YOUR_AUTH_PASS" },
{ "card_num", "4510400400099005" },
{ "card_cvv", "123" },
{ "card_expiry", "1126" },
{ "cust_name", "Mrs T Tester" },
{ "cust_address", "testUserApi" },
{ "cust_postcode", "TE456ST" },
{ "cust_country", "GB" },
{ "cust_ip", "123.45.67.89" },
{ "cust_email", "customer@example.com" },
{ "cust_tel", "01234567890" },
{ "tran_ref", "testApi" },
{ "tran_amount", "200.00" },
{ "tran_currency", "GBP" },
{ "tran_testmode", "0" },
{ "tran_type", "sale" },
{ "tran_class", "ecom" },
{ "acs_eci", "" },
{ "acs_cavv", "" },
{ "return_scheme_transaction_id", "1" },
{ "submit", "submit" }
};
var content = new FormUrlEncodedContent(values);
var response = await client.PostAsync("https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth", content);
string responseString = await response.Content.ReadAsStringAsync();
Console.WriteLine(responseString);
}
}
const axios = require('axios');
const qs = require('qs');
const data = qs.stringify({
auth_id: 'YOUR_AUTH_ID',
auth_pass: 'YOUR_AUTH_PASS',
card_num: '4510400400099005',
card_cvv: '123',
card_expiry: '1126',
cust_name: 'Mrs T Tester',
cust_address: 'testUserApi',
cust_postcode: 'TE456ST',
cust_country: 'GB',
cust_ip: '123.45.67.89',
cust_email: 'customer@example.com',
cust_tel: '01234567890',
tran_ref: 'testApi',
tran_amount: '200.00',
tran_currency: 'GBP',
tran_testmode: '0',
tran_type: 'sale',
tran_class: 'ecom',
acs_eci: '',
acs_cavv: '',
return_scheme_transaction_id: '1',
submit: 'submit'
});
axios.post('https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth', data, {
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
}
})
.then(response => {
console.log(response.data);
})
.catch(error => {
console.error('Error:', error.response ? error.response.data : error.message);
});
<?php
$data = http_build_query([
'auth_id' => 'YOUR_AUTH_ID',
'auth_pass' => 'YOUR_AUTH_PASS',
'card_num' => '4510400400099005',
'card_cvv' => '123',
'card_expiry' => '1126',
'cust_name' => 'Mrs T Tester',
'cust_address' => 'testUserApi',
'cust_postcode' => 'TE456ST',
'cust_country' => 'GB',
'cust_ip' => '123.45.67.89',
'cust_email' => 'customer@example.com',
'cust_tel' => '01234567890',
'tran_ref' => 'testApi',
'tran_amount' => '200.00',
'tran_currency' => 'GBP',
'tran_testmode' => '0',
'tran_type' => 'sale',
'tran_class' => 'ecom',
'acs_eci' => '',
'acs_cavv' => '',
'return_scheme_transaction_id' => '1',
'submit' => 'submit'
]);
$ch = curl_init('https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: application/x-www-form-urlencoded']);
$response = curl_exec($ch);
curl_close($ch);
echo $response;
?>
require 'net/http'
require 'uri'
uri = URI.parse("https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth")
request = Net::HTTP::Post.new(uri)
request.set_form_data({
"auth_id" => "YOUR_AUTH_ID",
"auth_pass" => "YOUR_AUTH_PASS",
"card_num" => "4510400400099005",
"card_cvv" => "123",
"card_expiry" => "1126",
"cust_name" => "Mrs T Tester",
"cust_address" => "testUserApi",
"cust_postcode" => "TE456ST",
"cust_country" => "GB",
"cust_ip" => "123.45.67.89",
"cust_email" => "customer@example.com",
"cust_tel" => "01234567890",
"tran_ref" => "testApi",
"tran_amount" => "200.00",
"tran_currency" => "GBP",
"tran_testmode" => "0",
"tran_type" => "sale",
"tran_class" => "ecom",
"acs_eci" => "",
"acs_cavv" => "",
"return_scheme_transaction_id" => "1",
"submit" => "submit"
})
response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: true) do |http|
http.request(request)
end
puts response.body
Example payments response
A|01S0135FD47|200|AUTHOK|Authorised|MCC6830070529
Example payments request with 3DS
import requests
url = 'https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth'
payload = {
'auth_id': 'YOUR_AUTH_ID',
'auth_pass': 'YOUR_AUTH_PASS',
'card_num': '4510400400099005',
'card_cvv': '123',
'card_expiry': '1126',
'cust_name': 'Mrs T Tester',
'cust_address': 'testUserApi',
'cust_postcode': 'TE456ST',
'cust_country': 'GB',
'cust_ip': '123.45.67.89',
'cust_email': 'customer@example.com',
'cust_tel': '01234567890',
'tran_ref': 'testApi',
'tran_desc': 'Kerri Test',
'tran_amount': '12.11',
'tran_currency': 'GBP',
'tran_testmode': '0',
'tran_type': 'sale',
'tran_class': 'ecom',
'acs_eci': '5',
'acs_cavv': 'AAABCAAhIXdRcEdRVyEhAAAAAAA=',
'acs_xid': 'AgABBAACAAYABwAGAgQCAQgry0E=',
'submit': 'submit'
}
response = requests.post(url, data=payload, headers={'Content-Type': 'application/x-www-form-urlencoded'})
print(response.text)
import org.apache.http.client.methods.*;
import org.apache.http.impl.client.*;
import org.apache.http.entity.*;
import org.apache.http.message.*;
import java.util.*;
public class PaymentRequest {
public static void main(String[] args) throws Exception {
HttpClient client = HttpClients.createDefault();
HttpPost post = new HttpPost("https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth");
List<NameValuePair> params = new ArrayList<>();
params.add(new BasicNameValuePair("auth_id", "YOUR_AUTH_ID"));
params.add(new BasicNameValuePair("auth_pass", "YOUR_AUTH_PASS"));
params.add(new BasicNameValuePair("card_num", "4510400400099005"));
params.add(new BasicNameValuePair("card_cvv", "123"));
params.add(new BasicNameValuePair("card_expiry", "1126"));
params.add(new BasicNameValuePair("cust_name", "Mrs T Tester"));
params.add(new BasicNameValuePair("cust_address", "testUserApi"));
params.add(new BasicNameValuePair("cust_postcode", "TE456ST"));
params.add(new BasicNameValuePair("cust_country", "GB"));
params.add(new BasicNameValuePair("cust_ip", "123.45.67.89"));
params.add(new BasicNameValuePair("cust_email", "customer@example.com"));
params.add(new BasicNameValuePair("cust_tel", "01234567890"));
params.add(new BasicNameValuePair("tran_ref", "testApi"));
params.add(new BasicNameValuePair("tran_desc", "Kerri Test"));
params.add(new BasicNameValuePair("tran_amount", "12.11"));
params.add(new BasicNameValuePair("tran_currency", "GBP"));
params.add(new BasicNameValuePair("tran_testmode", "0"));
params.add(new BasicNameValuePair("tran_type", "sale"));
params.add(new BasicNameValuePair("tran_class", "ecom"));
params.add(new BasicNameValuePair("acs_eci", "5"));
params.add(new BasicNameValuePair("acs_cavv", "AAABCAAhIXdRcEdRVyEhAAAAAAA="));
params.add(new BasicNameValuePair("acs_xid", "AgABBAACAAYABwAGAgQCAQgry0E="));
params.add(new BasicNameValuePair("submit", "submit"));
post.setEntity(new UrlEncodedFormEntity(params));
post.setHeader("Content-Type", "application/x-www-form-urlencoded");
HttpResponse response = client.execute(post);
System.out.println(EntityUtils.toString(response.getEntity()));
}
}
using System;
using System.Net.Http;
using System.Collections.Generic;
using System.Threading.Tasks;
class Program
{
static async Task Main()
{
var client = new HttpClient();
var values = new Dictionary<string, string>
{
{ "auth_id", "YOUR_AUTH_ID" },
{ "auth_pass", "YOUR_AUTH_PASS" },
{ "card_num", "4510400400099005" },
{ "card_cvv", "123" },
{ "card_expiry", "1126" },
{ "cust_name", "Mrs T Tester" },
{ "cust_address", "testUserApi" },
{ "cust_postcode", "TE456ST" },
{ "cust_country", "GB" },
{ "cust_ip", "123.45.67.89" },
{ "cust_email", "customer@example.com" },
{ "cust_tel", "01234567890" },
{ "tran_ref", "testApi" },
{ "tran_desc", "Kerri Test" },
{ "tran_amount", "12.11" },
{ "tran_currency", "GBP" },
{ "tran_testmode", "0" },
{ "tran_type", "sale" },
{ "tran_class", "ecom" },
{ "acs_eci", "5" },
{ "acs_cavv", "AAABCAAhIXdRcEdRVyEhAAAAAAA=" },
{ "acs_xid", "AgABBAACAAYABwAGAgQCAQgry0E=" },
{ "submit", "submit" }
};
var content = new FormUrlEncodedContent(values);
var response = await client.PostAsync("https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth", content);
string responseString = await response.Content.ReadAsStringAsync();
Console.WriteLine(responseString);
}
}
const axios = require('axios');
const qs = require('qs');
const data = qs.stringify({
auth_id: 'YOUR_AUTH_ID',
auth_pass: 'YOUR_AUTH_PASS',
card_num: '4510400400099005',
card_cvv: '123',
card_expiry: '1126',
cust_name: 'Mrs T Tester',
cust_address: 'testUserApi',
cust_postcode: 'TE456ST',
cust_country: 'GB',
cust_ip: '123.45.67.89',
cust_email: 'customer@example.com',
cust_tel: '01234567890',
tran_ref: 'testApi',
tran_desc: 'Kerri Test',
tran_amount: '12.11',
tran_currency: 'GBP',
tran_testmode: '0',
tran_type: 'sale',
tran_class: 'ecom',
acs_eci: '5',
acs_cavv: 'AAABCAAhIXdRcEdRVyEhAAAAAAA=',
acs_xid: 'AgABBAACAAYABwAGAgQCAQgry0E=',
submit: 'submit'
});
axios.post('https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth', data, {
headers: { 'Content-Type': 'application/x-www-form-urlencoded' }
})
.then(res => console.log(res.data))
.catch(err => console.error(err));
console.error('Error:', error.response ? error.response.data : error.message);
});
<?php
$data = http_build_query([
'auth_id' => 'YOUR_AUTH_ID',
'auth_pass' => 'YOUR_AUTH_PASS',
'card_num' => '4510400400099005',
'card_cvv' => '123',
'card_expiry' => '1126',
'cust_name' => 'Mrs T Tester',
'cust_address' => 'testUserApi',
'cust_postcode' => 'TE456ST',
'cust_country' => 'GB',
'cust_ip' => '123.45.67.89',
'cust_email' => 'customer@example.com',
'cust_tel' => '01234567890',
'tran_ref' => 'testApi',
'tran_desc' => 'Kerri Test',
'tran_amount' => '12.11',
'tran_currency' => 'GBP',
'tran_testmode' => '0',
'tran_type' => 'sale',
'tran_class' => 'ecom',
'acs_eci' => '5',
'acs_cavv' => 'AAABCAAhIXdRcEdRVyEhAAAAAAA=',
'acs_xid' => 'AgABBAACAAYABwAGAgQCAQgry0E=',
'submit' => 'submit'
]);
$ch = curl_init('https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
'Content-Type: application/x-www-form-urlencoded'
]);
$response = curl_exec($ch);
curl_close($ch);
echo $response;
?>
require 'net/http'
require 'uri'
uri = URI.parse("https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth")
request = Net::HTTP::Post.new(uri)
request.set_form_data({
"auth_id" => "YOUR_AUTH_ID",
"auth_pass" => "YOUR_AUTH_PASS",
"card_num" => "4510400400099005",
"card_cvv" => "123",
"card_expiry" => "1126",
"cust_name" => "Mrs T Tester",
"cust_address" => "testUserApi",
"cust_postcode" => "TE456ST",
"cust_country" => "GB",
"cust_ip" => "123.45.67.89",
"cust_email" => "customer@example.com",
"cust_tel" => "01234567890",
"tran_ref" => "testApi",
"tran_desc" => "Kerri Test",
"tran_amount" => "12.11",
"tran_currency" => "GBP",
"tran_testmode" => "0",
"tran_type" => "sale",
"tran_class" => "ecom",
"acs_eci" => "5",
"acs_cavv" => "AAABCAAhIXdRcEdRVyEhAAAAAAA=",
"acs_xid" => "AgABBAACAAYABwAGAgQCAQgry0E=",
"submit" => "submit"
})
response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: true) do |http|
http.request(request)
end
puts response.body
Example payments with 3DS response
A|01S01356909|200|AUTHOK|Authorised
Void and refund request parameters
Parameters for voiding and refunding payments:
Parameter |
Description |
Mandatory/Optional |
|---|---|---|
|
Your Profile Id |
Mandatory |
|
Authentication password |
Mandatory |
|
Transaction amount to 2 decimal places, e.g. 24.99 (The currency symbol must not be included) |
Mandatory |
|
Transaction currency (3-character code) |
Mandatory |
|
Transaction test mode = 0 |
Mandatory |
|
Transaction type = verify |
Mandatory |
|
Transaction class = ecom |
Mandatory |
|
Original transaction ID to be refunded or voided |
Mandatory |
|
A soft descriptor that is added to your Company Name when displayed on the Cardholders statement (Max of 12 characters) |
Optional |
Example void request
import requests
url = "https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth"
payload = {
'auth_id': 'YOUR_AUTH_ID',
'auth_pass': 'YOUR_AUTH_PASS',
'tran_amount': '20.15',
'tran_currency': 'GBP',
'tran_testmode': '0',
'tran_type': 'void',
'tran_class': 'ecom',
'tran_orig_id': '01S0135F74D',
'retry_number': '0',
'descriptor': 'Some descriptor'
}
headers = {
'Content-Type': 'application/x-www-form-urlencoded',
'Cookie': 'AWSALB=...; AWSALBCORS=...'
}
response = requests.post(url, data=payload, headers=headers)
print(response.text)
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;
import org.apache.http.message.BasicNameValuePair;
import java.util.*;
CloseableHttpClient client = HttpClients.createDefault();
HttpPost post = new HttpPost("https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth");
List<BasicNameValuePair> form = new ArrayList<>();
form.add(new BasicNameValuePair("auth_id", "YOUR_AUTH_ID"));
form.add(new BasicNameValuePair("auth_pass", "YOUR_AUTH_PASS"));
form.add(new BasicNameValuePair("tran_amount", "20.15"));
form.add(new BasicNameValuePair("tran_currency", "GBP"));
form.add(new BasicNameValuePair("tran_testmode", "0"));
form.add(new BasicNameValuePair("tran_type", "void"));
form.add(new BasicNameValuePair("tran_class", "ecom"));
form.add(new BasicNameValuePair("tran_orig_id", "01S0135F74D"));
form.add(new BasicNameValuePair("retry_number", "0"));
form.add(new BasicNameValuePair("descriptor", "Some descriptor"));
post.setEntity(new UrlEncodedFormEntity(form));
post.setHeader("Cookie", "AWSALB=...; AWSALBCORS=...");
var response = client.execute(post);
String responseBody = EntityUtils.toString(response.getEntity());
System.out.println(responseBody);
client.close();
using System.Net.Http;
using System.Collections.Generic;
var client = new HttpClient();
var values = new Dictionary<string, string>
{
{ "auth_id", "YOUR_AUTH_ID" },
{ "auth_pass", "YOUR_AUTH_PASS" },
{ "tran_amount", "20.15" },
{ "tran_currency", "GBP" },
{ "tran_testmode", "0" },
{ "tran_type", "void" },
{ "tran_class", "ecom" },
{ "tran_orig_id", "01S0135F74D" },
{ "retry_number", "0" },
{ "descriptor", "Some descriptor" }
};
var content = new FormUrlEncodedContent(values);
client.DefaultRequestHeaders.Add("Cookie", "AWSALB=...; AWSALBCORS=...");
var response = await client.PostAsync("https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth", content);
string result = await response.Content.ReadAsStringAsync();
Console.WriteLine(result);
const axios = require('axios');
const qs = require('qs');
let data = qs.stringify({
'auth_id': 'YOUR_AUTH_ID',
'auth_pass': 'YOUR_AUTH_PASS',
'tran_amount': '20.15',
'tran_currency': 'GBP',
'tran_testmode': '0',
'tran_type': 'void',
'tran_class': 'ecom',
'tran_orig_id': '01S0135F74D',
'retry_number': '0',
'descriptor': 'Some descriptor'
});
axios.post('https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth', data, {
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
'Cookie': 'AWSALB=...; AWSALBCORS=...'
},
maxBodyLength: Infinity
})
.then(res => console.log(res.data))
.catch(err => console.error(err));
<?php
$curl = curl_init();
$data = http_build_query([
'auth_id' => 'YOUR_AUTH_ID',
'auth_pass' => 'YOUR_AUTH_PASS',
'tran_amount' => '20.15',
'tran_currency' => 'GBP',
'tran_testmode' => '0',
'tran_type' => 'void',
'tran_class' => 'ecom',
'tran_orig_id' => '01S0135F74D',
'retry_number' => '0',
'descriptor' => 'Some descriptor'
]);
curl_setopt_array($curl, [
CURLOPT_URL => "https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $data,
CURLOPT_HTTPHEADER => [
"Content-Type: application/x-www-form-urlencoded",
"Cookie: AWSALB=...; AWSALBCORS=..."
],
]);
$response = curl_exec($curl);
curl_close($curl);
echo $response;
?>
require 'net/http'
require 'uri'
uri = URI.parse("https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth")
request = Net::HTTP::Post.new(uri)
request["Content-Type"] = "application/x-www-form-urlencoded"
request["Cookie"] = "AWSALB=...; AWSALBCORS=..."
request.set_form_data(
"auth_id" => "YOUR_AUTH_ID",
"auth_pass" => "YOUR_AUTH_PASS",
"tran_amount" => "20.15",
"tran_currency" => "GBP",
"tran_testmode" => "0",
"tran_type" => "void",
"tran_class" => "ecom",
"tran_orig_id" => "01S0135F74D",
"retry_number" => "0",
"descriptor" => "Some descriptor"
)
response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: true) do |http|
http.request(request)
end
puts response.body
Example void response
A|01V0135F755|000|-|Authorised
Example refund request
import requests
url = "https://secure-int.cashflows.com/gateway/remote_auth"
payload = {
'auth_id': 'YOUR_AUTH_ID',
'auth_pass': 'YOUR_AUTH_PASS',
'tran_amount': '11.11',
'tran_currency': 'GBP',
'tran_testmode': '0',
'tran_type': 'refund',
'tran_class': 'ecom',
'tran_orig_id': '01S0135F71A',
'retry_number': '0',
'descriptor': 'Some descriptor'
}
headers = {
'Content-Type': 'application/x-www-form-urlencoded',
'Cookie': 'AWSALB=...; AWSALBCORS=...'
}
response = requests.post(url, data=payload, headers=headers)
print(response.text)
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.util.EntityUtils;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.message.BasicNameValuePair;
import java.util.*;
CloseableHttpClient client = HttpClients.createDefault();
HttpPost post = new HttpPost("https://secure-int.cashflows.com/gateway/remote_auth");
List<BasicNameValuePair> form = new ArrayList<>();
form.add(new BasicNameValuePair("auth_id", "YOUR_AUTH_ID"));
form.add(new BasicNameValuePair("auth_pass", "YOUR_AUTH_PASS"));
form.add(new BasicNameValuePair("tran_amount", "11.11"));
form.add(new BasicNameValuePair("tran_currency", "GBP"));
form.add(new BasicNameValuePair("tran_testmode", "0"));
form.add(new BasicNameValuePair("tran_type", "refund"));
form.add(new BasicNameValuePair("tran_class", "ecom"));
form.add(new BasicNameValuePair("tran_orig_id", "01S0135F71A"));
form.add(new BasicNameValuePair("retry_number", "0"));
form.add(new BasicNameValuePair("descriptor", "Some descriptor"));
post.setEntity(new UrlEncodedFormEntity(form));
post.setHeader("Cookie", "AWSALB=...; AWSALBCORS=...");
var response = client.execute(post);
String responseBody = EntityUtils.toString(response.getEntity());
System.out.println(responseBody);
client.close();
using System.Net.Http;
using System.Collections.Generic;
var client = new HttpClient();
var form = new Dictionary<string, string>
{
{ "auth_id", "YOUR_AUTH_ID" },
{ "auth_pass", "YOUR_AUTH_PASS" },
{ "tran_amount", "11.11" },
{ "tran_currency", "GBP" },
{ "tran_testmode", "0" },
{ "tran_type", "refund" },
{ "tran_class", "ecom" },
{ "tran_orig_id", "01S0135F71A" },
{ "retry_number", "0" },
{ "descriptor", "Some descriptor" }
};
var content = new FormUrlEncodedContent(form);
client.DefaultRequestHeaders.Add("Cookie", "AWSALB=...; AWSALBCORS=...");
var response = await client.PostAsync("https://secure-int.cashflows.com/gateway/remote_auth", content);
string result = await response.Content.ReadAsStringAsync();
Console.WriteLine(result);
const axios = require('axios');
const FormData = require('form-data');
let data = new FormData();
data.append('auth_id', 'YOUR_AUTH_ID');
data.append('auth_pass', 'YOUR_AUTH_PASS');
data.append('tran_amount', '11.11');
data.append('tran_currency', 'GBP');
data.append('tran_testmode', '0');
data.append('tran_type', 'refund');
data.append('tran_class', 'ecom');
data.append('tran_orig_id', '01S0135F71A');
data.append('retry_number', '0');
data.append('descriptor', 'Some descriptor');
axios.post('https://secure-int.cashflows.com/gateway/remote_auth', data, {
headers: {
...data.getHeaders(),
'Content-Type': 'application/x-www-form-urlencoded',
'Cookie': 'AWSALB=...; AWSALBCORS=...'
},
maxBodyLength: Infinity
})
.then(res => console.log(res.data))
.catch(err => console.error(err));
<?php
$curl = curl_init();
$data = http_build_query([
'auth_id' => 'YOUR_AUTH_ID',
'auth_pass' => 'YOUR_AUTH_PASS',
'tran_amount' => '11.11',
'tran_currency' => 'GBP',
'tran_testmode' => '0',
'tran_type' => 'refund',
'tran_class' => 'ecom',
'tran_orig_id' => '01S0135F71A',
'retry_number' => '0',
'descriptor' => 'Some descriptor'
]);
curl_setopt_array($curl, [
CURLOPT_URL => "https://secure-int.cashflows.com/gateway/remote_auth",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $data,
CURLOPT_HTTPHEADER => [
"Content-Type: application/x-www-form-urlencoded",
"Cookie: AWSALB=...; AWSALBCORS=..."
],
]);
$response = curl_exec($curl);
curl_close($curl);
echo $response;
?>
require 'net/http'
require 'uri'
uri = URI.parse("https://secure-int.cashflows.com/gateway/remote_auth")
request = Net::HTTP::Post.new(uri)
request["Content-Type"] = "application/x-www-form-urlencoded"
request["Cookie"] = "AWSALB=...; AWSALBCORS=..."
request.set_form_data(
"auth_id" => "YOUR_AUTH_ID",
"auth_pass" => "YOUR_AUTH_PASS",
"tran_amount" => "11.11",
"tran_currency" => "GBP",
"tran_testmode" => "0",
"tran_type" => "refund",
"tran_class" => "ecom",
"tran_orig_id" => "01S0135F71A",
"retry_number" => "0",
"descriptor" => "Some descriptor"
)
response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: true) do |http|
http.request(request)
end
puts response.body
Example request response
A|01R0135F71B|000|-|Authorised
Credit transfer request parameters
Parameters for requesting credit transfers:
Parameters |
Description |
Mandatory/Optional |
|---|---|---|
|
Your Profile Id |
Mandatory |
|
Authentication password |
Mandatory |
|
Credit Transfer amount to 2 decimal places, e.g. 24.99 (The currency symbol must not be included) |
Mandatory |
|
Transaction currency, 3-character code, e.g. GBP |
Mandatory |
|
Your transaction reference (e.g. cart ID) |
Mandatory |
|
Transaction test mode. 0 |
Mandatory |
|
Transaction type = credit |
Mandatory |
|
Transaction class = cred |
Mandatory |
|
Mastercard only. A descriptor that is added to your Company Name when displayed on the Cardholders statement (Max of 12 characters) |
Optional |
|
Original transaction Id to which the credit will be applied |
Mandatory for Mastercard
Optional for Visa if |
|
Visa cards only: Customer’s card number (Must be numeric only with no separators) |
Optional, not required if |
|
Visa cards only: Customer’s card token (Max of 50 characters) |
Optional, not required if |
|
A security Hash value used to ensure that no-one has tampered with the credit transfer request |
Mandatory |
Batch release parameters
Parameters for requesting batch release:
Parameters |
Description |
|---|---|
|
Your Profile Id |
|
Authentication password |
|
Type of Batch operation. For a batch release request the value must be |
|
Defines the format of the attachment. This must be set to |
Batch release response
Response to batch release request:
Parameters |
Description |
|---|---|
|
Error – Request cannot be parsed correctly |
|
Error – Cannot verify the profile id or authentication password |
|
Error – The batch request is larger than 64k for the Content-Length |
|
Error – The attachment filename is not valid |
|
Error – There has been an internal error, please try again |
|
Success – The batch request has been successfully uploaded and a batch Id has been created |
Batch release query request
Parameters for querying batch release requests:
Parameters |
Description |
|---|---|
|
Your Profile Id |
|
Authentication password |
|
The Id of the batch that you wish to query |
|
Type of Batch operation. For a batch release query request the value must be |
Batch release query response
Response to batch release query request:
Query results |
Description |
|---|---|
|
Error – Request cannot be parsed correctly |
|
Error – Cannot verify the profile id or authentication password |
|
Error – There has been an internal error, please try again |
|
Error – Cannot find the requested batch Id |
|
Success – The batch query request has been successfully submitted and a batch has been found |
If the query was successfully submitted, the response will return a batch_id and batch_status of either pending, processing or complete. If the status of the batch is complete, the following additional information and an attachment providing status of each of the transactions will be included in the multipart response:
Batch complete parameters |
Description |
|---|---|
|
Total number of items in the batch release |
|
Number of transactions that have been successfully released |
|
Number of transactions that have failed and not been released |
|
Defines the format of the attachment |
In the attachment part of the multipart response each transaction will contain one of the following results:
Transaction results |
Description |
|---|---|
|
The transaction was not on hold at the time of the request as the transaction has been previously released and may have been already settled |
|
The transaction could not be found as it has an invalid reference |
|
The transaction has expired and therefore has not been sent of authorisation |
|
There was an internal error, please resubmit this transaction release request |
|
The transaction has been successfully released for authorisation |
Recurring/Continuous payments
Account verification request parameters
Parameters for account verification requests:
Parameter |
Description |
Mandatory/Optional |
|---|---|---|
|
Your Profile Id |
Mandatory |
|
Authentication password |
Mandatory |
|
Customer’s card number (Must be numeric only with no separators) |
Mandatory if no card_token |
|
Customer’s card token (Max of 50 characters) |
Mandatory if no card_num |
|
Card security code |
Mandatory |
|
Card start date, format is MMYY (Optional) |
Optional |
|
Card issue number |
Optional |
|
Card expiry date, format is MMYY |
Mandatory |
|
Customer’s name |
Optional |
|
Customer’s address (Multiple lines can be separated using the new line break character (ASCII code 10)) |
Optional |
|
Customer’s post/zip/area code ) |
Optional |
|
Customer’s country (ISO3166 2-character code) |
Optional |
|
Customer’s IP address (IPV4 Format only) |
Optional |
|
Customer’s email address |
Optional |
|
Customer’s telephone number |
Optional |
|
Indicates whether a Pay’s wallet was used: true false |
Optional |
|
Indicates which Pay’s wallet was used |
Optional |
Accepted values: (case_sensitive): |
||
|
||
|
Your transaction reference (e.g. cart ID) |
Mandatory |
|
Your transaction description (Max of 99 characters) |
Optional |
|
Transaction amount to 2 decimal places, e.g. 24.99 (The currency symbol must not be included) |
Mandatory |
|
Transaction currency (3-character code) |
Mandatory |
|
Transaction test mode = 0 |
Mandatory |
|
Transaction type = verify |
Mandatory |
|
Transaction class = ecom |
Mandatory |
|
To be used to override default MID settings:
|
Optional |
|
Indication of the number of retries attempts, 0 = initial attempt (For more information see Retry Handing) |
Optional |
|
If not Null, the Acquirer Reference Number (ARN) will be included in the response only when we have processed a live payment. |
Optional |
|
If not Null, the raw issuer response code will be included in the response when we have processed a live payment. |
Optional |
|
A soft descriptor that is added to your Company Name when displayed on the Cardholders statement (Max of 12 characters) |
Optional |
|
If not Null the card_token will be included in the response only when we have processed a successful transaction |
Optional |
|
Indication of why the transaction may be exempt from SCA, possible values: lowvalue = Applicable to transactions where amount is less than €30 or currency equivalent |
Optional |
|
Sends your Merchant Partner Gateway ID (MPG ID) to Mastercard for identification (11 numeric characters) If you don’t know your MPG ID, contact support@cashflows.com |
Mandatory for Mastercard transactions for Merchant Payment Gateways |
If you’re using 3D Secure with Visa, Mastercard, or American Express, you must also include:
Parameters (3D Secure) |
Description |
|---|---|
|
The response from the 3DS server:
|
|
The Cardholder Authentication Verification Value from 3DS server, 28 Characters.
|
|
The universally unique transaction identifier assigned by the Directory Server (DS) to identify a single transaction, 36 characters. Required when acs_3dsversion = 2.1.0/2.2.0.
|
If your MCC is 6012(financial institutions – debt repayment), 6051, or 7299 you must also include:
Parameters (financial institutions) |
Description |
|---|---|
|
Cardholder’s Date of Birth. Format is YYYYMMDD (8 numeric characters) |
|
Cardholder’s Surname or Last name (2-64-characters alpha characters, including -) |
|
Cardholder’s Postcode (2 to 16-characters alpha characters, including spaces) |
|
Account or reference number where funds are being disbursed or applied. (1 to 32 alpha numeric characters, including /-) For PAN Numbers: First 6 and Last 4 Never include full PAN |
Important
If the request is an ecom request, you must send 3DS data in the request.
Example account verification request
import requests
data = {
'auth_id': 'YOUR_AUTH_ID',
'auth_pass': 'YOUR_AUTH_PASS',
'card_num': '4510400400099005',
'card_cvv': '123',
'card_expiry': '1126',
'cust_name': 'Mrs T Tester',
'cust_address': 'testUserApi',
'cust_postcode': 'TE456ST',
'cust_country': 'GB',
'cust_ip': '123.45.67.89',
'cust_email': 'customer@example.com',
'cust_tel': '01234567890',
'tran_ref': 'testApi',
'tran_amount': '12.00',
'tran_currency': 'GBP',
'tran_testmode': '0',
'tran_type': 'verify',
'tran_class': 'ecom',
'submit': 'submit',
'return_scheme_transaction_id': '1'
}
headers = {
'Content-Type': 'application/x-www-form-urlencoded',
'Cookie': 'AWSALB=...; AWSALBCORS=...'
}
response = requests.post("https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth", data=data, headers=headers)
print(response.text)
import java.io.*;
import java.net.*;
import java.nio.charset.StandardCharsets;
public class Main {
public static void main(String[] args) throws IOException {
String url = "https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth";
String data = "auth_id=YOUR_AUTH_ID&auth_pass=YOUR_AUTH_PASS&card_num=4510400400099005&card_cvv=123&card_expiry=1126" +
"&cust_name=Mrs+T+Tester&cust_address=testUserApi&cust_postcode=TE456ST&cust_country=GB" +
"&cust_ip=123.45.67.89&cust_email=customer@example.com&cust_tel=01234567890" +
"&tran_ref=testApi&tran_amount=12.00&tran_currency=GBP&tran_testmode=0&tran_type=verify" +
"&tran_class=ecom&submit=submit&return_scheme_transaction_id=1";
byte[] postData = data.getBytes(StandardCharsets.UTF_8);
HttpURLConnection conn = (HttpURLConnection) new URL(url).openConnection();
conn.setDoOutput(true);
conn.setRequestMethod("POST");
conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
conn.setRequestProperty("Content-Length", String.valueOf(postData.length));
conn.setRequestProperty("Cookie", "AWSALB=...; AWSALBCORS=...");
try (DataOutputStream wr = new DataOutputStream(conn.getOutputStream())) {
wr.write(postData);
}
BufferedReader in = new BufferedReader(new InputStreamReader(conn.getInputStream()));
String inputLine;
StringBuilder content = new StringBuilder();
while ((inputLine = in.readLine()) != null) {
content.append(inputLine);
}
in.close();
System.out.println(content.toString());
}
}
using System;
using System.Net.Http;
using System.Collections.Generic;
using System.Threading.Tasks;
class Program
{
static async Task Main()
{
var client = new HttpClient();
var values = new Dictionary<string, string>
{
{ "auth_id", "YOUR_AUTH_ID" },
{ "auth_pass", "YOUR_AUTH_PASS" },
{ "card_num", "4510400400099005" },
{ "card_cvv", "123" },
{ "card_expiry", "1126" },
{ "cust_name", "Mrs T Tester" },
{ "cust_address", "testUserApi" },
{ "cust_postcode", "TE456ST" },
{ "cust_country", "GB" },
{ "cust_ip", "123.45.67.89" },
{ "cust_email", "customer@example.com" },
{ "cust_tel", "01234567890" },
{ "tran_ref", "testApi" },
{ "tran_amount", "12.00" },
{ "tran_currency", "GBP" },
{ "tran_testmode", "0" },
{ "tran_type", "verify" },
{ "tran_class", "ecom" },
{ "submit", "submit" },
{ "return_scheme_transaction_id", "1" }
};
var content = new FormUrlEncodedContent(values);
client.DefaultRequestHeaders.Add("Cookie", "AWSALB=...; AWSALBCORS=...");
var response = await client.PostAsync("https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth", content);
var responseString = await response.Content.ReadAsStringAsync();
Console.WriteLine(responseString);
}
}
const axios = require('axios');
const qs = require('qs');
let data = qs.stringify({
'auth_id': 'YOUR_AUTH_ID',
'auth_pass': 'YOUR_AUTH_PASS',
'card_num': '4510400400099005',
'card_cvv': '123',
'card_expiry': '1126',
'cust_name': 'Mrs T Tester',
'cust_address': 'testUserApi',
'cust_postcode': 'TE456ST',
'cust_country': 'GB',
'cust_ip': '123.45.67.89',
'cust_email': 'customer@example.com',
'cust_tel': '01234567890',
'tran_ref': 'testApi',
'tran_amount': '12.00',
'tran_currency': 'GBP',
'tran_testmode': '0',
'tran_type': 'verify',
'tran_class': 'ecom',
'submit': 'submit',
'return_scheme_transaction_id': '1'
});
let config = {
method: 'post',
maxBodyLength: Infinity,
url: 'https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
'Cookie': 'AWSALB=...; AWSALBCORS=...'
},
data: data
};
axios.request(config)
.then(response => console.log(JSON.stringify(response.data)))
.catch(error => console.log(error));
<?php
$data = http_build_query([
'auth_id' => 'YOUR_AUTH_ID',
'auth_pass' => 'YOUR_AUTH_PASS',
'card_num' => '4510400400099005',
'card_cvv' => '123',
'card_expiry' => '1126',
'cust_name' => 'Mrs T Tester',
'cust_address' => 'testUserApi',
'cust_postcode' => 'TE456ST',
'cust_country' => 'GB',
'cust_ip' => '123.45.67.89',
'cust_email' => 'customer@example.com',
'cust_tel' => '01234567890',
'tran_ref' => 'testApi',
'tran_amount' => '12.00',
'tran_currency' => 'GBP',
'tran_testmode' => '0',
'tran_type' => 'verify',
'tran_class' => 'ecom',
'submit' => 'submit',
'return_scheme_transaction_id' => '1'
]);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
"Content-Type: application/x-www-form-urlencoded",
"Cookie: AWSALB=...; AWSALBCORS=..."
]);
$response = curl_exec($ch);
curl_close($ch);
echo $response;
?>
require 'net/http'
require 'uri'
uri = URI.parse("https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth")
request = Net::HTTP::Post.new(uri)
request.set_form_data(
"auth_id" => "YOUR_AUTH_ID",
"auth_pass" => "YOUR_AUTH_PASS",
"card_num" => "4510400400099005",
"card_cvv" => "123",
"card_expiry" => "1126",
"cust_name" => "Mrs T Tester",
"cust_address" => "testUserApi",
"cust_postcode" => "TE456ST",
"cust_country" => "GB",
"cust_ip" => "123.45.67.89",
"cust_email" => "customer@example.com",
"cust_tel" => "01234567890",
"tran_ref" => "testApi",
"tran_amount" => "12.00",
"tran_currency" => "GBP",
"tran_testmode" => "0",
"tran_type" => "verify",
"tran_class" => "ecom",
"submit" => "submit",
"return_scheme_transaction_id" => "1"
)
request["Cookie"] = "AWSALB=...; AWSALBCORS=..."
response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: true) do |http|
http.request(request)
end
puts response.body
Example account verification response
A|01P0135FF18|200|AUTHOK|Authorised|315207784071168
Recurring/continuous payment request parameters
Parameters for making recurring/continuous payment requests:
Parameter |
Description |
Mandatory/Optional |
|---|---|---|
|
Your Profile Id |
Mandatory |
|
Authentication password |
Mandatory |
|
Customer’s name |
Optional |
|
Customer’s address (Multiple lines can be separated using the new line break character (ASCII code 10)) |
Optional |
|
Customer’s post/zip/area code ) |
Optional |
|
Customer’s country (ISO3166 2-character code) |
Optional |
|
Customer’s IP address (IPV4 Format only) |
Optional |
|
Customer’s email address |
Optional |
|
Customer’s telephone number |
Optional |
|
Your transaction reference (e.g. cart ID) |
Mandatory |
|
Your transaction description (Max of 99 characters) |
Optional |
|
Transaction amount to 2 decimal places, e.g. 24.99 (The currency symbol must not be included) |
Mandatory |
|
Transaction currency (3-character code) |
Mandatory |
|
Transaction test mode = 0 |
Mandatory |
|
Transaction type = sale |
Mandatory |
|
Transaction class = cont |
Mandatory |
|
Verification ID or Sales ID (e.g. 05P00001724 or 06S00001724) |
Mandatory |
|
To be used to override default MID settings:
|
Optional |
|
Indication of the number of retries attempts, 0 = initial attempt (For more information see Retry Handing) |
Optional |
|
If not Null, the Acquirer Reference Number (ARN) will be included in the response only when we have processed a live payment. |
Optional |
|
If not Null, the raw issuer response code will be included in the response when we have processed a live payment. |
Optional |
|
A soft descriptor that is added to your Company Name when displayed on the Cardholders statement (Max of 12 characters) |
Optional |
|
If not Null the card_token will be included in the response only when we have processed a successful transaction |
Optional |
|
Indication of why the transaction may be exempt from SCA, possible values: lowvalue = Applicable to transactions where amount is less than €30 or currency equivalent |
Optional |
If your MCC is 6012(financial institutions – debt repayment), 6051, or 7299 you must also include:
Parameters (financial institutions) |
Description |
|---|---|
|
Cardholder’s Date of Birth. Format is YYYYMMDD (8 numeric characters) |
|
Cardholder’s Surname or Last name (2-64-characters alpha characters, including -) |
|
Cardholder’s Postcode (2 to 16-characters alpha characters, including spaces) |
|
Account or reference number where funds are being disbursed or applied. (1 to 32 alpha numeric characters, including /-) For PAN Numbers: First 6 and Last 4 Never include full PAN |
Example continuous request
import requests
url = "https://secure-int.cashflows.com/gateway/remote_auth"
data = {
"auth_id": "YOUR_AUTH_ID",
"auth_pass": "YOUR_AUTH_PASS",
"cust_name": "Imps Test",
"cust_address": "CashFlows, CPC1 Capital Park, Fulbourn",
"cust_postcode": "CB23 5XE",
"cust_country": "GB",
"cust_ip": "123.45.67.89",
"cust_email": "customer@example.com",
"cust_tel": "01234567890",
"descriptor": "descriptor",
"retry_number": "0",
"tran_ref": "ImpsRemoteRecurring1",
"tran_desc": "Test transaction",
"tran_amount": "1.01",
"tran_currency": "GBP",
"tran_orig_id": "01P013612F9",
"tran_testmode": "0",
"tran_type": "sale",
"tran_class": "cont",
"return_acq_ref": ""
}
headers = {
"Cookie": "AWSALB=...; AWSALBCORS=..."
}
response = requests.post(url, data=data, headers=headers)
print(response.text)
import org.apache.http.HttpEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.mime.MultipartEntityBuilder;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;
public class Main {
public static void main(String[] args) throws Exception {
CloseableHttpClient client = HttpClients.createDefault();
HttpPost post = new HttpPost("https://secure-int.cashflows.com/gateway/remote_auth");
HttpEntity entity = MultipartEntityBuilder.create()
.addTextBody("auth_id", "YOUR_AUTH_ID")
.addTextBody("auth_pass", "YOUR_AUTH_PASS")
.addTextBody("cust_name", "Imps Test")
.addTextBody("cust_address", "CashFlows, CPC1 Capital Park, Fulbourn")
.addTextBody("cust_postcode", "CB23 5XE")
.addTextBody("cust_country", "GB")
.addTextBody("cust_ip", "123.45.67.89")
.addTextBody("cust_email", "customer@example.com")
.addTextBody("cust_tel", "01234567890")
.addTextBody("descriptor", "descriptor")
.addTextBody("retry_number", "0")
.addTextBody("tran_ref", "ImpsRemoteRecurring1")
.addTextBody("tran_desc", "Test transaction")
.addTextBody("tran_amount", "1.01")
.addTextBody("tran_currency", "GBP")
.addTextBody("tran_orig_id", "01P013612F9")
.addTextBody("tran_testmode", "0")
.addTextBody("tran_type", "sale")
.addTextBody("tran_class", "cont")
.addTextBody("return_acq_ref", "")
.build();
post.setEntity(entity);
post.setHeader("Cookie", "AWSALB=...; AWSALBCORS=...");
var response = client.execute(post);
System.out.println(EntityUtils.toString(response.getEntity()));
client.close();
}
}
using System;
using System.Net.Http;
using System.Threading.Tasks;
class Program
{
static async Task Main()
{
var client = new HttpClient();
var request = new HttpRequestMessage(HttpMethod.Post, "https://secure-int.cashflows.com/gateway/remote_auth");
var content = new MultipartFormDataContent
{
{ new StringContent("YOUR_AUTH_ID"), "auth_id" },
{ new StringContent("YOUR_AUTH_PASS"), "auth_pass" },
{ new StringContent("Imps Test"), "cust_name" },
{ new StringContent("CashFlows, CPC1 Capital Park, Fulbourn"), "cust_address" },
{ new StringContent("CB23 5XE"), "cust_postcode" },
{ new StringContent("GB"), "cust_country" },
{ new StringContent("123.45.67.89"), "cust_ip" },
{ new StringContent("customer@example.com"), "cust_email" },
{ new StringContent("01234567890"), "cust_tel" },
{ new StringContent("descriptor"), "descriptor" },
{ new StringContent("0"), "retry_number" },
{ new StringContent("ImpsRemoteRecurring1"), "tran_ref" },
{ new StringContent("Test transaction"), "tran_desc" },
{ new StringContent("1.01"), "tran_amount" },
{ new StringContent("GBP"), "tran_currency" },
{ new StringContent("01P013612F9"), "tran_orig_id" },
{ new StringContent("0"), "tran_testmode" },
{ new StringContent("sale"), "tran_type" },
{ new StringContent("cont"), "tran_class" },
{ new StringContent(""), "return_acq_ref" }
};
request.Content = content;
request.Headers.Add("Cookie", "AWSALB=...; AWSALBCORS=...");
var response = await client.SendAsync(request);
Console.WriteLine(await response.Content.ReadAsStringAsync());
}
}
const axios = require('axios');
const FormData = require('form-data');
let data = new FormData();
data.append('auth_id', 'YOUR_AUTH_ID');
data.append('auth_pass', 'YOUR_AUTH_PASS');
data.append('cust_name', 'Imps Test');
data.append('cust_address', 'CashFlows, CPC1 Capital Park, Fulbourn');
data.append('cust_postcode', 'CB23 5XE');
data.append('cust_country', 'GB');
data.append('cust_ip', '123.45.67.89');
data.append('cust_email', 'customer@example.com');
data.append('cust_tel', '01234567890');
data.append('descriptor', 'descriptor');
data.append('retry_number', '0');
data.append('tran_ref', 'ImpsRemoteRecurring1');
data.append('tran_desc', 'Test transaction');
data.append('tran_amount', '1.01');
data.append('tran_currency', 'GBP');
data.append('tran_orig_id', '01P013612F9');
data.append('tran_testmode', '0');
data.append('tran_type', 'sale');
data.append('tran_class', 'cont');
data.append('return_acq_ref', '');
let config = {
method: 'post',
maxBodyLength: Infinity,
url: 'https://secure-int.cashflows.com/gateway/remote_auth',
headers: {
'Cookie': 'AWSALB=your_cookie_here; AWSALBCORS=your_cookie_here',
...data.getHeaders()
},
data: data
};
axios.request(config)
.then((response) => {
console.log('Response:', response.data);
})
.catch((error) => {
console.error('Error:', error.message || error);
});
<?php
$curl = curl_init();
$data = [
'auth_id' => 'YOUR_AUTH_ID',
'auth_pass' => 'YOUR_AUTH_PASS',
'cust_name' => 'Imps Test',
'cust_address' => 'CashFlows, CPC1 Capital Park, Fulbourn',
'cust_postcode' => 'CB23 5XE',
'cust_country' => 'GB',
'cust_ip' => '123.45.67.89',
'cust_email' => 'customer@example.com',
'cust_tel' => '01234567890',
'descriptor' => 'descriptor',
'retry_number' => '0',
'tran_ref' => 'ImpsRemoteRecurring1',
'tran_desc' => 'Test transaction',
'tran_amount' => '1.01',
'tran_currency' => 'GBP',
'tran_orig_id' => '01P013612F9',
'tran_testmode' => '0',
'tran_type' => 'sale',
'tran_class' => 'cont',
'return_acq_ref' => ''
];
curl_setopt_array($curl, [
CURLOPT_URL => 'https://secure-int.cashflows.com/gateway/remote_auth',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $data,
CURLOPT_HTTPHEADER => [
'Cookie: AWSALB=...; AWSALBCORS=...'
]
]);
$response = curl_exec($curl);
curl_close($curl);
echo $response;
?>
require 'net/http'
require 'uri'
uri = URI("https://secure-int.cashflows.com/gateway/remote_auth")
req = Net::HTTP::Post.new(uri)
req.set_form_data(
"auth_id" => "YOUR_AUTH_ID",
"auth_pass" => "YOUR_AUTH_PASS",
"cust_name" => "Imps Test",
"cust_address" => "CashFlows, CPC1 Capital Park, Fulbourn",
"cust_postcode" => "CB23 5XE",
"cust_country" => "GB",
"cust_ip" => "123.45.67.89",
"cust_email" => "customer@example.com",
"cust_tel" => "01234567890",
"descriptor" => "descriptor",
"retry_number" => "0",
"tran_ref" => "ImpsRemoteRecurring1",
"tran_desc" => "Test transaction",
"tran_amount" => "1.01",
"tran_currency" => "GBP",
"tran_orig_id" => "01P013612F9",
"tran_testmode" => "0",
"tran_type" => "sale",
"tran_class" => "cont",
"return_acq_ref" => ""
)
req['Cookie'] = "AWSALB=...; AWSALBCORS=..."
res = Net::HTTP.start(uri.hostname, uri.port, use_ssl: true) do |http|
http.request(req)
end
puts res.body
Example continuous response
A|01S013612FA|000|AUTHOK|Authorised|74501875153356891498789
Acquirer system response codes
Responses consist of a letter followed by a 3-digit code:
- Letter - indicates the type of status
A - authorised
V - validation error (e.g. invalid card number)
D - declined
R - referral (treated as declined)
B - blocked
C - cancelled (e.g. user pressed cancel on payment page)
S - system error
First number – internal code that can be ignored
Last 2 numbers – specific error code.
Below is a list of current error codes (this list is subject to change):
Code |
Reason |
|---|---|
Vx01 |
Invalid merchant details |
Vx02 |
Invalid expiry date |
Vx03 |
Invalid start date |
Vx04 |
Invalid issue number |
Vx05 |
Invalid CVV |
Vx06 |
Invalid card number |
Vx07 |
Card holder name not set |
Vx08 |
Insufficient address details |
Vx09 |
Invalid country code |
Vx10 |
Invalid cart ID |
Vx11 |
Invalid email address |
Vx12 |
Invalid phone number |
Vx13 |
Invalid amount |
Vx14 |
Invalid currency code |
Vx15 |
Invalid customer IP |
Vx16 |
Original trans not found |
Vx17 |
Invalid merchant IP |
Vx18 |
Unknown transaction type |
Vx19 |
Card number changed |
Vx20 |
Currency changed |
Vx21 |
Original trans ref required |
Vx22 |
Amount exceeds original |
Vx23 |
Can not refund this type of transaction |
Vx24 |
Amount changed |
Vx25 |
User account details required |
Vx26 |
Invalid request |
Vx27 |
Original trans not pre-auth |
Vx28 |
Transaction mode changed |
Vx29 |
Card/Currency combination not supported |
Vx30 |
Unknown card type |
Vx31 |
Issue number required |
Vx32 |
Issue number not required |
Vx33 |
Duplicate transaction |
Vx34 |
Unable to void transaction |
Vx35 |
Original trans was not authorised |
Vx36 |
Invalid PIN |
Vx37 |
Unknown transaction class |
Vx38 |
Original transaction type does not match |
Vx39 |
Card expired |
Vx40 |
CVV Required |
Vx41 |
Original transaction already settled |
Vx42 |
Original transaction already cancelled |
Vx43 |
This card does not support the required transaction type |
Vx44 |
Transaction details do not match original |
Vx48 |
User Details not valid |
Vx52 |
3DS Not Enabled |
Vx53 |
3DS Data Invalid |
Vx54 |
Concurrent Authorisations |
Vx55 |
Invalid Funds Recipient Date (MCC 6012, 6051 or 7299 merchants) |
Vx56 |
Terminal mismatch |
Vx57 |
Transaction not allowed on this card |
Vx58 |
Original transaction requires 3DS attempt/auth |
Vx59 |
ECOM transactions require 3DS attempt/auth |
Vx60 |
Verify for Amex card not supported |
Vx61 |
Recurrence Flag usage invalid |
Vx62 |
Initial Sale/Verify ARN missing for subsequent sale |
Vx63 |
Initial Sale/Verify for subsequent sale not approved |
Vx64 |
Initial transaction on card expired |
Dx01 |
Non-specific decline |
Dx02 |
Declined due to funds (insufficient/limit exceeded) |
Dx03 |
Retain card response |
Dx05 |
On our blacklist |
Dx07 |
Live/test mismatch |
Dx08 |
Refund: Insufficient merchant funds in account |
Dx10 |
Card authorisation attempt limit reached |
Dx11 |
Monthly Scheme Decline Rate limit reached |
Dx40 |
Continuous Authority cancelled for the transaction |
Dx41 |
Continuous Authorities cancelled for the merchant |
Dx43 |
Continuous Authorities cancelled for the card |
Dx49 |
Additional customer authentication required |
Dx90 |
Pre-Authorisation anti-fraud block |
Dx91 |
Post-Authorisation anti-fraud block |
Rx01 |
Not Authorised |
Ex01 |
Transaction error |
Cx01 |
Transaction cancelled |
Cx02 |
Transaction expired |
Sx00 |
Invalid transaction Request |
Sx01 |
Connection failure |
Sx02 |
Invalid response |
Sx03 |
Response timeout |
Sx04 |
Server error |
Sx05 |
Server error |
Sx06 |
No response from issuer |
Sx07 |
Service not available |
Sx99 |
Unknown Error |