Remote Authentication API Reference

To make a request to the Remote Auth API you need to submit a UTF-8 encoded HTTPS POST to:

  • Test - https://secure-int.cashflows.com/gateway/remote_auth.

  • Live - https://secure.cashflows.com/gateway/remote_auth.

Payment request parameters

Parameters for making payments:

Parameter

Description

Mandatory/Optional

auth_id

Your Profile Id

Mandatory

auth_pass

Authentication password

Mandatory

card_num

Customer’s card number (Must be numeric only with no separators)

Mandatory if no card_token

card_token

Customer’s card token (Max of 50 characters)

Mandatory if no card_num

card_cvv

Card security code

Mandatory

card_start

Card start date, format is MMYY (Optional)

Optional

card_issue

Card issue number

Optional

card_expiry

Card expiry date, format is MMYY

Mandatory

cust_name

Customer’s name

Optional

cust_address

Customer’s address (Multiple lines can be separated using the new line break character (ASCII code 10))

Optional

cust_postcode

Customer’s post/zip/area code )

Optional

cust_country

Customer’s country (ISO3166 2-character code)

Optional

cust_ip

Customer’s IP address (IPV4 Format only)

Optional

cust_email

Customer’s email address

Optional

cust_tel

Customer’s telephone number

Optional

ewallet

Indicates whether a Pay’s wallet was used:

  • true

  • false

Optional

ewallet_type

Indicates which Pay’s wallet was used
Accepted values: (case_sensitive):

  • applepay

  • googlepay

  • samsungpay

  • other

Optional

tran_ref

Your transaction reference (e.g. cart ID)

Mandatory

tran_desc

Your transaction description (Max of 99 characters)

Optional

tran_amount

Transaction amount to 2 decimal places, e.g. 24.99
(The currency symbol must not be included)

Mandatory

tran_currency

Transaction currency (3-character code)

Mandatory

tran_testmode

Transaction test mode = 0

Mandatory

tran_type

Transaction type = sale

Mandatory

tran_class

Transaction class = ecom or moto

Mandatory

tran_recurrence

To be used to override default MID settings:

  • sing = Single transaction with no recurrence

  • subs = Transaction in recurring subscription

  • inst = Transaction in recurring instalment

  • unsc = Unscheduled transaction with a stored card

  • card = Cardholder initiated transaction with a stored card

Optional

retry_number

Indication of the number of retries attempts, 0 = initial attempt (For more information see Retry Handing)

Optional

return_acq_ref

If not Null, the Acquirer Reference Number (ARN) will be included in the response only when we have processed a live payment.

Optional

return_issuer_response_code

If not Null, the raw issuer response code will be included in the response when we have processed a live payment.

Optional

descriptor

A soft descriptor that is added to your Company Name when displayed on the Cardholders statement (Max of 12 characters)

Optional

return_token

If not Null the card_token will be included in the response only when we have processed a successful transaction

Optional

SCA_exemption_indicator

Indication of why the transaction may be exempt from SCA, possible values:

  • lowvalue = Applicable to transactions where amount is less than €30 or currency equivalent

Optional

gateway_id_mc

Sends your Merchant Partner Gateway ID (MPG ID) to Mastercard for identification (11 numeric characters)


If you don’t know your MPG ID, contact support@cashflows.com

Mandatory for Mastercard transactions for Merchant Payment Gateways

If you’re using 3D Secure with Visa, Mastercard, or American Express, you must also include:

Parameters (3D Secure)

Description

acs_eci

The response from the 3DS server:

  • 5 = VbyV - Full Authentication

  • 6 = VbyV - Attempted Authentication

  • 7 = VbyV - No Authentication

  • 2 = MasterCard SecureCode - Full Authentication

  • 1 = MasterCard SecureCode - Attempted Authentication

  • 0 = MasterCard SecureCode - No Authentication

  • 05 = American Express Safekey - Full Authentication

  • 06 = American Express Safekey - Attempted Authentication

  • 07 = American Express Safekey - No Authentication

acs_cavv

The Cardholder Authentication Verification Value from 3DS server, 28 Characters.


American Express Safekey – provide the American Express Verification Value (AEVV) – 20 characters long.

acs_dstransid

The universally unique transaction identifier assigned by the Directory Server (DS) to identify a single transaction, 36 characters. Required when acs_3dsversion = 2.1.0/2.2.0.


American Express Safekey – provide the American Express Safekey Transaction ID (XID) – 20 characters long.

If your MCC is 6012, 6051, or 7299 (financial institutions) you must also include:

Parameters (financial institutions)

Description

primary_recipient_dob

Customer’s Date of Birth. Format is YYYYMMDD (8 numeric characters)

primary_recipient_surname

Customer’s Surname or Last name (2-64-characters alpha characters, including -)

primary_recipient_postcode

Customer’s Postcode (2 to 16-characters alpha characters, including spaces)

primary_recipient_account_number

Customer’s Account Number (1 to 32 alpha numeric characters, including /-) For PAN Numbers: First 6 and Last 4

Example payments request

import requests

url = 'https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth'

data = {
    'auth_id': 'YOUR_AUTH_ID',
    'auth_pass': 'YOUR_AUTH_PASS',
    'card_num': '4510400400099005',
    'card_cvv': '123',
    'card_expiry': '1126',
    'cust_name': 'Mrs T Tester',
    'cust_address': 'testUserApi',
    'cust_postcode': 'TE456ST',
    'cust_country': 'GB',
    'cust_ip': '123.45.67.89',
    'cust_email': 'customer@example.com',
    'cust_tel': '01234567890',
    'tran_ref': 'testApi',
    'tran_amount': '200.00',
    'tran_currency': 'GBP',
    'tran_testmode': '0',
    'tran_type': 'sale',
    'tran_class': 'ecom',
    'acs_eci': '',
    'acs_cavv': '',
    'return_scheme_transaction_id' => '1',
    'submit': 'submit'
}

headers = {'Content-Type': 'application/x-www-form-urlencoded'}

response = requests.post(url, data=data, headers=headers)
print(response.text)
import org.apache.http.client.methods.*;
import org.apache.http.impl.client.*;
import org.apache.http.entity.*;
import java.util.*;

public class PaymentRequest {
    public static void main(String[] args) throws Exception {
        HttpClient client = HttpClients.createDefault();
        HttpPost post = new HttpPost("https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth");

        List<NameValuePair> params = new ArrayList<>();
        params.add(new BasicNameValuePair("auth_id", "YOUR_AUTH_ID"));
        params.add(new BasicNameValuePair("auth_pass", "YOUR_AUTH_PASS"));
        params.add(new BasicNameValuePair("card_num", "4510400400099005"));
        params.add(new BasicNameValuePair("card_cvv", "123"));
        params.add(new BasicNameValuePair("card_expiry", "1126"));
        params.add(new BasicNameValuePair("cust_name", "Mrs T Tester"));
        params.add(new BasicNameValuePair("cust_address", "testUserApi"));
        params.add(new BasicNameValuePair("cust_postcode", "TE456ST"));
        params.add(new BasicNameValuePair("cust_country", "GB"));
        params.add(new BasicNameValuePair("cust_ip", "123.45.67.89"));
        params.add(new BasicNameValuePair("cust_email", "customer@example.com"));
        params.add(new BasicNameValuePair("cust_tel", "01234567890"));
        params.add(new BasicNameValuePair("tran_ref", "testApi"));
        params.add(new BasicNameValuePair("tran_amount", "200.00"));
        params.add(new BasicNameValuePair("tran_currency", "GBP"));
        params.add(new BasicNameValuePair("tran_testmode", "0"));
        params.add(new BasicNameValuePair("tran_type", "sale"));
        params.add(new BasicNameValuePair("tran_class", "ecom"));
        params.add(new BasicNameValuePair("acs_eci", ""));
        params.add(new BasicNameValuePair("acs_cavv", ""));
        params.add(new BasicNameValuePair("return_scheme_transaction_id", "1"));
        params.add(new BasicNameValuePair("submit", "submit"));

        post.setEntity(new UrlEncodedFormEntity(params));
        post.setHeader("Content-Type", "application/x-www-form-urlencoded");

        HttpResponse response = client.execute(post);
        System.out.println(EntityUtils.toString(response.getEntity()));
    }
}
using System;
using System.Net.Http;
using System.Collections.Generic;
using System.Threading.Tasks;

class Program
{
    static async Task Main()
    {
        var client = new HttpClient();

        var values = new Dictionary<string, string>
        {
            { "auth_id", "YOUR_AUTH_ID" },
            { "auth_pass", "YOUR_AUTH_PASS" },
            { "card_num", "4510400400099005" },
            { "card_cvv", "123" },
            { "card_expiry", "1126" },
            { "cust_name", "Mrs T Tester" },
            { "cust_address", "testUserApi" },
            { "cust_postcode", "TE456ST" },
            { "cust_country", "GB" },
            { "cust_ip", "123.45.67.89" },
            { "cust_email", "customer@example.com" },
            { "cust_tel", "01234567890" },
            { "tran_ref", "testApi" },
            { "tran_amount", "200.00" },
            { "tran_currency", "GBP" },
            { "tran_testmode", "0" },
            { "tran_type", "sale" },
            { "tran_class", "ecom" },
            { "acs_eci", "" },
            { "acs_cavv", "" },
            { "return_scheme_transaction_id", "1" },
            { "submit", "submit" }
        };

        var content = new FormUrlEncodedContent(values);
        var response = await client.PostAsync("https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth", content);

        string responseString = await response.Content.ReadAsStringAsync();
        Console.WriteLine(responseString);
    }
}
const axios = require('axios');
const qs = require('qs');

const data = qs.stringify({
auth_id: 'YOUR_AUTH_ID',
auth_pass: 'YOUR_AUTH_PASS',
card_num: '4510400400099005',
card_cvv: '123',
card_expiry: '1126',
cust_name: 'Mrs T Tester',
cust_address: 'testUserApi',
cust_postcode: 'TE456ST',
cust_country: 'GB',
cust_ip: '123.45.67.89',
cust_email: 'customer@example.com',
cust_tel: '01234567890',
tran_ref: 'testApi',
tran_amount: '200.00',
tran_currency: 'GBP',
tran_testmode: '0',
tran_type: 'sale',
tran_class: 'ecom',
acs_eci: '',
acs_cavv: '',
return_scheme_transaction_id: '1',
submit: 'submit'
});

axios.post('https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth', data, {
headers: {
    'Content-Type': 'application/x-www-form-urlencoded'
}
})
.then(response => {
console.log(response.data);
})
.catch(error => {
console.error('Error:', error.response ? error.response.data : error.message);
});
<?php
$data = http_build_query([
    'auth_id' => 'YOUR_AUTH_ID',
    'auth_pass' => 'YOUR_AUTH_PASS',
    'card_num' => '4510400400099005',
    'card_cvv' => '123',
    'card_expiry' => '1126',
    'cust_name' => 'Mrs T Tester',
    'cust_address' => 'testUserApi',
    'cust_postcode' => 'TE456ST',
    'cust_country' => 'GB',
    'cust_ip' => '123.45.67.89',
    'cust_email' => 'customer@example.com',
    'cust_tel' => '01234567890',
    'tran_ref' => 'testApi',
    'tran_amount' => '200.00',
    'tran_currency' => 'GBP',
    'tran_testmode' => '0',
    'tran_type' => 'sale',
    'tran_class' => 'ecom',
    'acs_eci' => '',
    'acs_cavv' => '',
    'return_scheme_transaction_id' => '1',
    'submit' => 'submit'
]);

$ch = curl_init('https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth');

curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: application/x-www-form-urlencoded']);

$response = curl_exec($ch);
curl_close($ch);

echo $response;
?>
require 'net/http'
require 'uri'

uri = URI.parse("https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth")

request = Net::HTTP::Post.new(uri)
request.set_form_data({
"auth_id" => "YOUR_AUTH_ID",
"auth_pass" => "YOUR_AUTH_PASS",
"card_num" => "4510400400099005",
"card_cvv" => "123",
"card_expiry" => "1126",
"cust_name" => "Mrs T Tester",
"cust_address" => "testUserApi",
"cust_postcode" => "TE456ST",
"cust_country" => "GB",
"cust_ip" => "123.45.67.89",
"cust_email" => "customer@example.com",
"cust_tel" => "01234567890",
"tran_ref" => "testApi",
"tran_amount" => "200.00",
"tran_currency" => "GBP",
"tran_testmode" => "0",
"tran_type" => "sale",
"tran_class" => "ecom",
"acs_eci" => "",
"acs_cavv" => "",
"return_scheme_transaction_id" => "1",
"submit" => "submit"
})

response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: true) do |http|
http.request(request)
end

puts response.body

Example payments response

A|01S0135FD47|200|AUTHOK|Authorised|MCC6830070529

Example payments request with 3DS

import requests

url = 'https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth'
payload = {
    'auth_id': 'YOUR_AUTH_ID',
    'auth_pass': 'YOUR_AUTH_PASS',
    'card_num': '4510400400099005',
    'card_cvv': '123',
    'card_expiry': '1126',
    'cust_name': 'Mrs T Tester',
    'cust_address': 'testUserApi',
    'cust_postcode': 'TE456ST',
    'cust_country': 'GB',
    'cust_ip': '123.45.67.89',
    'cust_email': 'customer@example.com',
    'cust_tel': '01234567890',
    'tran_ref': 'testApi',
    'tran_desc': 'Kerri Test',
    'tran_amount': '12.11',
    'tran_currency': 'GBP',
    'tran_testmode': '0',
    'tran_type': 'sale',
    'tran_class': 'ecom',
    'acs_eci': '5',
    'acs_cavv': 'AAABCAAhIXdRcEdRVyEhAAAAAAA=',
    'acs_xid': 'AgABBAACAAYABwAGAgQCAQgry0E=',
    'submit': 'submit'
}

response = requests.post(url, data=payload, headers={'Content-Type': 'application/x-www-form-urlencoded'})
print(response.text)
import org.apache.http.client.methods.*;
import org.apache.http.impl.client.*;
import org.apache.http.entity.*;
import org.apache.http.message.*;
import java.util.*;

public class PaymentRequest {
    public static void main(String[] args) throws Exception {
        HttpClient client = HttpClients.createDefault();
        HttpPost post = new HttpPost("https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth");

        List<NameValuePair> params = new ArrayList<>();
        params.add(new BasicNameValuePair("auth_id", "YOUR_AUTH_ID"));
        params.add(new BasicNameValuePair("auth_pass", "YOUR_AUTH_PASS"));
        params.add(new BasicNameValuePair("card_num", "4510400400099005"));
        params.add(new BasicNameValuePair("card_cvv", "123"));
        params.add(new BasicNameValuePair("card_expiry", "1126"));
        params.add(new BasicNameValuePair("cust_name", "Mrs T Tester"));
        params.add(new BasicNameValuePair("cust_address", "testUserApi"));
        params.add(new BasicNameValuePair("cust_postcode", "TE456ST"));
        params.add(new BasicNameValuePair("cust_country", "GB"));
        params.add(new BasicNameValuePair("cust_ip", "123.45.67.89"));
        params.add(new BasicNameValuePair("cust_email", "customer@example.com"));
        params.add(new BasicNameValuePair("cust_tel", "01234567890"));
        params.add(new BasicNameValuePair("tran_ref", "testApi"));
        params.add(new BasicNameValuePair("tran_desc", "Kerri Test"));
        params.add(new BasicNameValuePair("tran_amount", "12.11"));
        params.add(new BasicNameValuePair("tran_currency", "GBP"));
        params.add(new BasicNameValuePair("tran_testmode", "0"));
        params.add(new BasicNameValuePair("tran_type", "sale"));
        params.add(new BasicNameValuePair("tran_class", "ecom"));
        params.add(new BasicNameValuePair("acs_eci", "5"));
        params.add(new BasicNameValuePair("acs_cavv", "AAABCAAhIXdRcEdRVyEhAAAAAAA="));
        params.add(new BasicNameValuePair("acs_xid", "AgABBAACAAYABwAGAgQCAQgry0E="));
        params.add(new BasicNameValuePair("submit", "submit"));

        post.setEntity(new UrlEncodedFormEntity(params));
        post.setHeader("Content-Type", "application/x-www-form-urlencoded");

        HttpResponse response = client.execute(post);
        System.out.println(EntityUtils.toString(response.getEntity()));
    }
}
using System;
using System.Net.Http;
using System.Collections.Generic;
using System.Threading.Tasks;

class Program
{
    static async Task Main()
    {
        var client = new HttpClient();

        var values = new Dictionary<string, string>
        {
            { "auth_id", "YOUR_AUTH_ID" },
            { "auth_pass", "YOUR_AUTH_PASS" },
            { "card_num", "4510400400099005" },
            { "card_cvv", "123" },
            { "card_expiry", "1126" },
            { "cust_name", "Mrs T Tester" },
            { "cust_address", "testUserApi" },
            { "cust_postcode", "TE456ST" },
            { "cust_country", "GB" },
            { "cust_ip", "123.45.67.89" },
            { "cust_email", "customer@example.com" },
            { "cust_tel", "01234567890" },
            { "tran_ref", "testApi" },
            { "tran_desc", "Kerri Test" },
            { "tran_amount", "12.11" },
            { "tran_currency", "GBP" },
            { "tran_testmode", "0" },
            { "tran_type", "sale" },
            { "tran_class", "ecom" },
            { "acs_eci", "5" },
            { "acs_cavv", "AAABCAAhIXdRcEdRVyEhAAAAAAA=" },
            { "acs_xid", "AgABBAACAAYABwAGAgQCAQgry0E=" },
            { "submit", "submit" }
        };

        var content = new FormUrlEncodedContent(values);
        var response = await client.PostAsync("https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth", content);

        string responseString = await response.Content.ReadAsStringAsync();
        Console.WriteLine(responseString);
    }
}
const axios = require('axios');
const qs = require('qs');

const data = qs.stringify({
auth_id: 'YOUR_AUTH_ID',
auth_pass: 'YOUR_AUTH_PASS',
card_num: '4510400400099005',
card_cvv: '123',
card_expiry: '1126',
cust_name: 'Mrs T Tester',
cust_address: 'testUserApi',
cust_postcode: 'TE456ST',
cust_country: 'GB',
cust_ip: '123.45.67.89',
cust_email: 'customer@example.com',
cust_tel: '01234567890',
tran_ref: 'testApi',
tran_desc: 'Kerri Test',
tran_amount: '12.11',
tran_currency: 'GBP',
tran_testmode: '0',
tran_type: 'sale',
tran_class: 'ecom',
acs_eci: '5',
acs_cavv: 'AAABCAAhIXdRcEdRVyEhAAAAAAA=',
acs_xid: 'AgABBAACAAYABwAGAgQCAQgry0E=',
submit: 'submit'
});

axios.post('https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth', data, {
headers: { 'Content-Type': 'application/x-www-form-urlencoded' }
})
.then(res => console.log(res.data))
.catch(err => console.error(err));
console.error('Error:', error.response ? error.response.data : error.message);
});
<?php
$data = http_build_query([
'auth_id' => 'YOUR_AUTH_ID',
'auth_pass' => 'YOUR_AUTH_PASS',
'card_num' => '4510400400099005',
'card_cvv' => '123',
'card_expiry' => '1126',
'cust_name' => 'Mrs T Tester',
'cust_address' => 'testUserApi',
'cust_postcode' => 'TE456ST',
'cust_country' => 'GB',
'cust_ip' => '123.45.67.89',
'cust_email' => 'customer@example.com',
'cust_tel' => '01234567890',
'tran_ref' => 'testApi',
'tran_desc' => 'Kerri Test',
'tran_amount' => '12.11',
'tran_currency' => 'GBP',
'tran_testmode' => '0',
'tran_type' => 'sale',
'tran_class' => 'ecom',
'acs_eci' => '5',
'acs_cavv' => 'AAABCAAhIXdRcEdRVyEhAAAAAAA=',
'acs_xid' => 'AgABBAACAAYABwAGAgQCAQgry0E=',
'submit' => 'submit'
]);

$ch = curl_init('https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    'Content-Type: application/x-www-form-urlencoded'
]);

$response = curl_exec($ch);
curl_close($ch);

echo $response;
?>
require 'net/http'
require 'uri'

uri = URI.parse("https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth")

request = Net::HTTP::Post.new(uri)
request.set_form_data({
"auth_id" => "YOUR_AUTH_ID",
"auth_pass" => "YOUR_AUTH_PASS",
"card_num" => "4510400400099005",
"card_cvv" => "123",
"card_expiry" => "1126",
"cust_name" => "Mrs T Tester",
"cust_address" => "testUserApi",
"cust_postcode" => "TE456ST",
"cust_country" => "GB",
"cust_ip" => "123.45.67.89",
"cust_email" => "customer@example.com",
"cust_tel" => "01234567890",
"tran_ref" => "testApi",
"tran_desc" => "Kerri Test",
"tran_amount" => "12.11",
"tran_currency" => "GBP",
"tran_testmode" => "0",
"tran_type" => "sale",
"tran_class" => "ecom",
"acs_eci" => "5",
"acs_cavv" => "AAABCAAhIXdRcEdRVyEhAAAAAAA=",
"acs_xid" => "AgABBAACAAYABwAGAgQCAQgry0E=",
"submit" => "submit"
})

response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: true) do |http|
http.request(request)
end

puts response.body

Example payments with 3DS response

A|01S01356909|200|AUTHOK|Authorised

Void and refund request parameters

Parameters for voiding and refunding payments:

Parameter

Description

Mandatory/Optional

auth_id

Your Profile Id

Mandatory

auth_pass

Authentication password

Mandatory

tran_amount

Transaction amount to 2 decimal places, e.g. 24.99 (The currency symbol must not be included)

Mandatory

tran_currency

Transaction currency (3-character code)

Mandatory

tran_testmode

Transaction test mode = 0

Mandatory

tran_type

Transaction type = verify

Mandatory

tran_class

Transaction class = ecom

Mandatory

tran_orig_id

Original transaction ID to be refunded or voided

Mandatory

descriptor

A soft descriptor that is added to your Company Name when displayed on the Cardholders statement (Max of 12 characters)

Optional

Example void request

import requests

url = "https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth"
payload = {
    'auth_id': 'YOUR_AUTH_ID',
    'auth_pass': 'YOUR_AUTH_PASS',
    'tran_amount': '20.15',
    'tran_currency': 'GBP',
    'tran_testmode': '0',
    'tran_type': 'void',
    'tran_class': 'ecom',
    'tran_orig_id': '01S0135F74D',
    'retry_number': '0',
    'descriptor': 'Some descriptor'
}
headers = {
    'Content-Type': 'application/x-www-form-urlencoded',
    'Cookie': 'AWSALB=...; AWSALBCORS=...'
}

response = requests.post(url, data=payload, headers=headers)
print(response.text)
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;
import org.apache.http.message.BasicNameValuePair;

import java.util.*;

CloseableHttpClient client = HttpClients.createDefault();
HttpPost post = new HttpPost("https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth");

List<BasicNameValuePair> form = new ArrayList<>();
form.add(new BasicNameValuePair("auth_id", "YOUR_AUTH_ID"));
form.add(new BasicNameValuePair("auth_pass", "YOUR_AUTH_PASS"));
form.add(new BasicNameValuePair("tran_amount", "20.15"));
form.add(new BasicNameValuePair("tran_currency", "GBP"));
form.add(new BasicNameValuePair("tran_testmode", "0"));
form.add(new BasicNameValuePair("tran_type", "void"));
form.add(new BasicNameValuePair("tran_class", "ecom"));
form.add(new BasicNameValuePair("tran_orig_id", "01S0135F74D"));
form.add(new BasicNameValuePair("retry_number", "0"));
form.add(new BasicNameValuePair("descriptor", "Some descriptor"));

post.setEntity(new UrlEncodedFormEntity(form));
post.setHeader("Cookie", "AWSALB=...; AWSALBCORS=...");

var response = client.execute(post);
String responseBody = EntityUtils.toString(response.getEntity());
System.out.println(responseBody);
client.close();
using System.Net.Http;
using System.Collections.Generic;

var client = new HttpClient();
var values = new Dictionary<string, string>
{
    { "auth_id", "YOUR_AUTH_ID" },
    { "auth_pass", "YOUR_AUTH_PASS" },
    { "tran_amount", "20.15" },
    { "tran_currency", "GBP" },
    { "tran_testmode", "0" },
    { "tran_type", "void" },
    { "tran_class", "ecom" },
    { "tran_orig_id", "01S0135F74D" },
    { "retry_number", "0" },
    { "descriptor", "Some descriptor" }
};

var content = new FormUrlEncodedContent(values);
client.DefaultRequestHeaders.Add("Cookie", "AWSALB=...; AWSALBCORS=...");
var response = await client.PostAsync("https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth", content);
string result = await response.Content.ReadAsStringAsync();
Console.WriteLine(result);
const axios = require('axios');
const qs = require('qs');

let data = qs.stringify({
'auth_id': 'YOUR_AUTH_ID',
'auth_pass': 'YOUR_AUTH_PASS',
'tran_amount': '20.15',
'tran_currency': 'GBP',
'tran_testmode': '0',
'tran_type': 'void',
'tran_class': 'ecom',
'tran_orig_id': '01S0135F74D',
'retry_number': '0',
'descriptor': 'Some descriptor'
});

axios.post('https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth', data, {
headers: {
    'Content-Type': 'application/x-www-form-urlencoded',
    'Cookie': 'AWSALB=...; AWSALBCORS=...'
},
maxBodyLength: Infinity
})
.then(res => console.log(res.data))
.catch(err => console.error(err));
<?php
$curl = curl_init();

$data = http_build_query([
    'auth_id' => 'YOUR_AUTH_ID',
    'auth_pass' => 'YOUR_AUTH_PASS',
    'tran_amount' => '20.15',
    'tran_currency' => 'GBP',
    'tran_testmode' => '0',
    'tran_type' => 'void',
    'tran_class' => 'ecom',
    'tran_orig_id' => '01S0135F74D',
    'retry_number' => '0',
    'descriptor' => 'Some descriptor'
]);

curl_setopt_array($curl, [
    CURLOPT_URL => "https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth",
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_POST => true,
    CURLOPT_POSTFIELDS => $data,
    CURLOPT_HTTPHEADER => [
        "Content-Type: application/x-www-form-urlencoded",
        "Cookie: AWSALB=...; AWSALBCORS=..."
    ],
]);

$response = curl_exec($curl);
curl_close($curl);

echo $response;
?>
require 'net/http'
require 'uri'

uri = URI.parse("https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth")
request = Net::HTTP::Post.new(uri)
request["Content-Type"] = "application/x-www-form-urlencoded"
request["Cookie"] = "AWSALB=...; AWSALBCORS=..."
request.set_form_data(
"auth_id" => "YOUR_AUTH_ID",
"auth_pass" => "YOUR_AUTH_PASS",
"tran_amount" => "20.15",
"tran_currency" => "GBP",
"tran_testmode" => "0",
"tran_type" => "void",
"tran_class" => "ecom",
"tran_orig_id" => "01S0135F74D",
"retry_number" => "0",
"descriptor" => "Some descriptor"
)

response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: true) do |http|
http.request(request)
end

puts response.body

Example void response

A|01V0135F755|000|-|Authorised

Example refund request

import requests

url = "https://secure-int.cashflows.com/gateway/remote_auth"
payload = {
    'auth_id': 'YOUR_AUTH_ID',
    'auth_pass': 'YOUR_AUTH_PASS',
    'tran_amount': '11.11',
    'tran_currency': 'GBP',
    'tran_testmode': '0',
    'tran_type': 'refund',
    'tran_class': 'ecom',
    'tran_orig_id': '01S0135F71A',
    'retry_number': '0',
    'descriptor': 'Some descriptor'
}
headers = {
    'Content-Type': 'application/x-www-form-urlencoded',
    'Cookie': 'AWSALB=...; AWSALBCORS=...'
}

response = requests.post(url, data=payload, headers=headers)
print(response.text)
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.util.EntityUtils;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.message.BasicNameValuePair;

import java.util.*;

CloseableHttpClient client = HttpClients.createDefault();
HttpPost post = new HttpPost("https://secure-int.cashflows.com/gateway/remote_auth");

List<BasicNameValuePair> form = new ArrayList<>();
form.add(new BasicNameValuePair("auth_id", "YOUR_AUTH_ID"));
form.add(new BasicNameValuePair("auth_pass", "YOUR_AUTH_PASS"));
form.add(new BasicNameValuePair("tran_amount", "11.11"));
form.add(new BasicNameValuePair("tran_currency", "GBP"));
form.add(new BasicNameValuePair("tran_testmode", "0"));
form.add(new BasicNameValuePair("tran_type", "refund"));
form.add(new BasicNameValuePair("tran_class", "ecom"));
form.add(new BasicNameValuePair("tran_orig_id", "01S0135F71A"));
form.add(new BasicNameValuePair("retry_number", "0"));
form.add(new BasicNameValuePair("descriptor", "Some descriptor"));

post.setEntity(new UrlEncodedFormEntity(form));
post.setHeader("Cookie", "AWSALB=...; AWSALBCORS=...");

var response = client.execute(post);
String responseBody = EntityUtils.toString(response.getEntity());
System.out.println(responseBody);
client.close();
using System.Net.Http;
using System.Collections.Generic;

var client = new HttpClient();
var form = new Dictionary<string, string>
{
    { "auth_id", "YOUR_AUTH_ID" },
    { "auth_pass", "YOUR_AUTH_PASS" },
    { "tran_amount", "11.11" },
    { "tran_currency", "GBP" },
    { "tran_testmode", "0" },
    { "tran_type", "refund" },
    { "tran_class", "ecom" },
    { "tran_orig_id", "01S0135F71A" },
    { "retry_number", "0" },
    { "descriptor", "Some descriptor" }
};

var content = new FormUrlEncodedContent(form);
client.DefaultRequestHeaders.Add("Cookie", "AWSALB=...; AWSALBCORS=...");
var response = await client.PostAsync("https://secure-int.cashflows.com/gateway/remote_auth", content);
string result = await response.Content.ReadAsStringAsync();
Console.WriteLine(result);
const axios = require('axios');
const FormData = require('form-data');

let data = new FormData();
data.append('auth_id', 'YOUR_AUTH_ID');
data.append('auth_pass', 'YOUR_AUTH_PASS');
data.append('tran_amount', '11.11');
data.append('tran_currency', 'GBP');
data.append('tran_testmode', '0');
data.append('tran_type', 'refund');
data.append('tran_class', 'ecom');
data.append('tran_orig_id', '01S0135F71A');
data.append('retry_number', '0');
data.append('descriptor', 'Some descriptor');

axios.post('https://secure-int.cashflows.com/gateway/remote_auth', data, {
headers: {
    ...data.getHeaders(),
    'Content-Type': 'application/x-www-form-urlencoded',
    'Cookie': 'AWSALB=...; AWSALBCORS=...'
},
maxBodyLength: Infinity
})
.then(res => console.log(res.data))
.catch(err => console.error(err));
<?php
$curl = curl_init();

$data = http_build_query([
    'auth_id' => 'YOUR_AUTH_ID',
    'auth_pass' => 'YOUR_AUTH_PASS',
    'tran_amount' => '11.11',
    'tran_currency' => 'GBP',
    'tran_testmode' => '0',
    'tran_type' => 'refund',
    'tran_class' => 'ecom',
    'tran_orig_id' => '01S0135F71A',
    'retry_number' => '0',
    'descriptor' => 'Some descriptor'
]);

curl_setopt_array($curl, [
    CURLOPT_URL => "https://secure-int.cashflows.com/gateway/remote_auth",
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_POST => true,
    CURLOPT_POSTFIELDS => $data,
    CURLOPT_HTTPHEADER => [
        "Content-Type: application/x-www-form-urlencoded",
        "Cookie: AWSALB=...; AWSALBCORS=..."
    ],
]);

$response = curl_exec($curl);
curl_close($curl);

echo $response;
?>
require 'net/http'
require 'uri'

uri = URI.parse("https://secure-int.cashflows.com/gateway/remote_auth")
request = Net::HTTP::Post.new(uri)
request["Content-Type"] = "application/x-www-form-urlencoded"
request["Cookie"] = "AWSALB=...; AWSALBCORS=..."
request.set_form_data(
"auth_id" => "YOUR_AUTH_ID",
"auth_pass" => "YOUR_AUTH_PASS",
"tran_amount" => "11.11",
"tran_currency" => "GBP",
"tran_testmode" => "0",
"tran_type" => "refund",
"tran_class" => "ecom",
"tran_orig_id" => "01S0135F71A",
"retry_number" => "0",
"descriptor" => "Some descriptor"
)

response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: true) do |http|
http.request(request)
end

puts response.body

Example request response

A|01R0135F71B|000|-|Authorised

Credit transfer request parameters

Parameters for requesting credit transfers:

Parameters

Description

Mandatory/Optional

auth_id

Your Profile Id

Mandatory

auth_pass

Authentication password

Mandatory

tran_amount

Credit Transfer amount to 2 decimal places, e.g. 24.99 (The currency symbol must not be included)

Mandatory

tran_currency

Transaction currency, 3-character code, e.g. GBP

Mandatory

tran_ref

Your transaction reference (e.g. cart ID)

Mandatory

tran_testmode

Transaction test mode. 0

Mandatory

tran_type

Transaction type = credit

Mandatory

tran_class

Transaction class = cred

Mandatory

descriptor

Mastercard only. A descriptor that is added to your Company Name when displayed on the Cardholders statement (Max of 12 characters)

Optional

tran_orig_id

Original transaction Id to which the credit will be applied

Mandatory for Mastercard Optional for Visa if card_num or card_token provided

card_num

Visa cards only: Customer’s card number (Must be numeric only with no separators)

Optional, not required if tran_orig_id or card_token provided

card_token

Visa cards only: Customer’s card token (Max of 50 characters)

Optional, not required if card_ num or tran_orig_id provided

security_hash

A security Hash value used to ensure that no-one has tampered with the credit transfer request

Mandatory

Batch release parameters

Parameters for requesting batch release:

Parameters

Description

profile_id

Your Profile Id

profile_pass

Authentication password

batch_op

Type of Batch operation. For a batch release request the value must be onhold-release-submit

attached_type

Defines the format of the attachment. This must be set to onhold_v0

Batch release response

Response to batch release request:

Parameters

Description

invalid_request

Error – Request cannot be parsed correctly

invalid_credentials

Error – Cannot verify the profile id or authentication password

request_toobig

Error – The batch request is larger than 64k for the Content-Length

invalid_filename

Error – The attachment filename is not valid

internal_failure

Error – There has been an internal error, please try again

release_report

Success – The batch request has been successfully uploaded and a batch Id has been created

Batch release query request

Parameters for querying batch release requests:

Parameters

Description

profile_id

Your Profile Id

profile_pass

Authentication password

batch_id

The Id of the batch that you wish to query

batch_op

Type of Batch operation. For a batch release query request the value must be onhold-release-query

Batch release query response

Response to batch release query request:

Query results

Description

invalid_request

Error – Request cannot be parsed correctly

invalid_credentials

Error – Cannot verify the profile id or authentication password

internal_failure

Error – There has been an internal error, please try again

release_notfound

Error – Cannot find the requested batch Id

release_report

Success – The batch query request has been successfully submitted and a batch has been found

If the query was successfully submitted, the response will return a batch_id and batch_status of either pending, processing or complete. If the status of the batch is complete, the following additional information and an attachment providing status of each of the transactions will be included in the multipart response:

Batch complete parameters

Description

item_count

Total number of items in the batch release

item_succ

Number of transactions that have been successfully released

item_fail

Number of transactions that have failed and not been released

attachment_type

Defines the format of the attachment

In the attachment part of the multipart response each transaction will contain one of the following results:

Transaction results

Description

batchrel_notonhold

The transaction was not on hold at the time of the request as the transaction has been previously released and may have been already settled

batchrel_invalref

The transaction could not be found as it has an invalid reference

batchrel_expired

The transaction has expired and therefore has not been sent of authorisation

batchrel_error

There was an internal error, please resubmit this transaction release request

batchrel_ok

The transaction has been successfully released for authorisation

Recurring/Continuous payments

Account verification request parameters

Parameters for account verification requests:

Parameter

Description

Mandatory/Optional

auth_id

Your Profile Id

Mandatory

auth_pass

Authentication password

Mandatory

card_num

Customer’s card number (Must be numeric only with no separators)

Mandatory if no card_token

card_token

Customer’s card token (Max of 50 characters)

Mandatory if no card_num

card_cvv

Card security code

Mandatory

card_start

Card start date, format is MMYY (Optional)

Optional

card_issue

Card issue number

Optional

card_expiry

Card expiry date, format is MMYY

Mandatory

cust_name

Customer’s name

Optional

cust_address

Customer’s address (Multiple lines can be separated using the new line break character (ASCII code 10))

Optional

cust_postcode

Customer’s post/zip/area code )

Optional

cust_country

Customer’s country (ISO3166 2-character code)

Optional

cust_ip

Customer’s IP address (IPV4 Format only)

Optional

cust_email

Customer’s email address

Optional

cust_tel

Customer’s telephone number

Optional

ewallet

Indicates whether a Pay’s wallet was used: true false

Optional

ewallet_type

Indicates which Pay’s wallet was used

Optional

Accepted values: (case_sensitive):

  • applepay

  • googlepay

  • samsungpay

  • other

tran_ref

Your transaction reference (e.g. cart ID)

Mandatory

tran_desc

Your transaction description (Max of 99 characters)

Optional

tran_amount

Transaction amount to 2 decimal places, e.g. 24.99 (The currency symbol must not be included)

Mandatory

tran_currency

Transaction currency (3-character code)

Mandatory

tran_testmode

Transaction test mode = 0

Mandatory

tran_type

Transaction type = verify

Mandatory

tran_class

Transaction class = ecom

Mandatory

tran_recurrence

To be used to override default MID settings:

  • sing = Single transaction with no recurrence

  • subs = Transaction in recurring subscription

  • inst = Transaction in recurring instalment

  • unsc = Unscheduled transaction with a stored card

  • card = Cardholder initiated transaction with a stored card

Optional

retry_number

Indication of the number of retries attempts, 0 = initial attempt (For more information see Retry Handing)

Optional

return_acq_ref

If not Null, the Acquirer Reference Number (ARN) will be included in the response only when we have processed a live payment.

Optional

return_issuer_response_code

If not Null, the raw issuer response code will be included in the response when we have processed a live payment.

Optional

descriptor

A soft descriptor that is added to your Company Name when displayed on the Cardholders statement (Max of 12 characters)

Optional

return_token

If not Null the card_token will be included in the response only when we have processed a successful transaction

Optional

SCA_exemption_indicator

Indication of why the transaction may be exempt from SCA, possible values: lowvalue = Applicable to transactions where amount is less than €30 or currency equivalent

Optional

gateway_id_mc

Sends your Merchant Partner Gateway ID (MPG ID) to Mastercard for identification (11 numeric characters) If you don’t know your MPG ID, contact support@cashflows.com

Mandatory for Mastercard transactions for Merchant Payment Gateways

If you’re using 3D Secure with Visa, Mastercard, or American Express, you must also include:

Parameters (3D Secure)

Description

acs_eci

The response from the 3DS server:

  • 5 = VbyV - Full Authentication

  • 6 = VbyV - Attempted Authentication

  • 7 = VbyV - No Authentication

  • 2 = MasterCard SecureCode - Full Authentication

  • 1 = MasterCard SecureCode - Attempted Authentication

  • 0 = MasterCard SecureCode - No Authentication

  • 05 = American Express Safekey - Full Authentication

  • 06 = American Express Safekey - Attempted Authentication

  • 07 = American Express Safekey - No Authentication

acs_cavv

The Cardholder Authentication Verification Value from 3DS server, 28 Characters.


American Express Safekey – provide the American Express Verification Value (AEVV) – 20 characters long.

acs_dstransid

The universally unique transaction identifier assigned by the Directory Server (DS) to identify a single transaction, 36 characters. Required when acs_3dsversion = 2.1.0/2.2.0.


American Express Safekey – provide the American Express Safekey Transaction ID (XID) – 20 characters long.

If your MCC is 6012, 6051, or 7299 (financial institutions) you must also include:

Parameters (financial institutions)

Description

primary_recipient_dob

Customer’s Date of Birth. Format is YYYYMMDD (8 numeric characters)

primary_recipient_surname

Customer’s Surname or Last name (2-64-characters alpha characters, including -)

primary_recipient_postcode

Customer’s Postcode (2 to 16-characters alpha characters, including spaces)

primary_recipient_account_number

Customer’s Account Number (1 to 32 alpha numeric characters, including /-) For PAN Numbers: First 6 and Last 4

Important

If the request is an ecom request, you must send 3DS data in the request.

Example account verification request

import requests

data = {
    'auth_id': 'YOUR_AUTH_ID',
    'auth_pass': 'YOUR_AUTH_PASS',
    'card_num': '4510400400099005',
    'card_cvv': '123',
    'card_expiry': '1126',
    'cust_name': 'Mrs T Tester',
    'cust_address': 'testUserApi',
    'cust_postcode': 'TE456ST',
    'cust_country': 'GB',
    'cust_ip': '123.45.67.89',
    'cust_email': 'customer@example.com',
    'cust_tel': '01234567890',
    'tran_ref': 'testApi',
    'tran_amount': '12.00',
    'tran_currency': 'GBP',
    'tran_testmode': '0',
    'tran_type': 'verify',
    'tran_class': 'ecom',
    'submit': 'submit',
    'return_scheme_transaction_id': '1'
}

headers = {
    'Content-Type': 'application/x-www-form-urlencoded',
    'Cookie': 'AWSALB=...; AWSALBCORS=...'
}

response = requests.post("https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth", data=data, headers=headers)

print(response.text)
import java.io.*;
import java.net.*;
import java.nio.charset.StandardCharsets;

public class Main {
    public static void main(String[] args) throws IOException {
        String url = "https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth";
        String data = "auth_id=YOUR_AUTH_ID&auth_pass=YOUR_AUTH_PASS&card_num=4510400400099005&card_cvv=123&card_expiry=1126" +
                    "&cust_name=Mrs+T+Tester&cust_address=testUserApi&cust_postcode=TE456ST&cust_country=GB" +
                    "&cust_ip=123.45.67.89&cust_email=customer@example.com&cust_tel=01234567890" +
                    "&tran_ref=testApi&tran_amount=12.00&tran_currency=GBP&tran_testmode=0&tran_type=verify" +
                    "&tran_class=ecom&submit=submit&return_scheme_transaction_id=1";

        byte[] postData = data.getBytes(StandardCharsets.UTF_8);

        HttpURLConnection conn = (HttpURLConnection) new URL(url).openConnection();
        conn.setDoOutput(true);
        conn.setRequestMethod("POST");
        conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
        conn.setRequestProperty("Content-Length", String.valueOf(postData.length));
        conn.setRequestProperty("Cookie", "AWSALB=...; AWSALBCORS=...");

        try (DataOutputStream wr = new DataOutputStream(conn.getOutputStream())) {
            wr.write(postData);
        }

        BufferedReader in = new BufferedReader(new InputStreamReader(conn.getInputStream()));
        String inputLine;
        StringBuilder content = new StringBuilder();

        while ((inputLine = in.readLine()) != null) {
            content.append(inputLine);
        }

        in.close();
        System.out.println(content.toString());
    }
}
using System;
using System.Net.Http;
using System.Collections.Generic;
using System.Threading.Tasks;

class Program
{
    static async Task Main()
    {
        var client = new HttpClient();

        var values = new Dictionary<string, string>
        {
            { "auth_id", "YOUR_AUTH_ID" },
            { "auth_pass", "YOUR_AUTH_PASS" },
            { "card_num", "4510400400099005" },
            { "card_cvv", "123" },
            { "card_expiry", "1126" },
            { "cust_name", "Mrs T Tester" },
            { "cust_address", "testUserApi" },
            { "cust_postcode", "TE456ST" },
            { "cust_country", "GB" },
            { "cust_ip", "123.45.67.89" },
            { "cust_email", "customer@example.com" },
            { "cust_tel", "01234567890" },
            { "tran_ref", "testApi" },
            { "tran_amount", "12.00" },
            { "tran_currency", "GBP" },
            { "tran_testmode", "0" },
            { "tran_type", "verify" },
            { "tran_class", "ecom" },
            { "submit", "submit" },
            { "return_scheme_transaction_id", "1" }
        };

        var content = new FormUrlEncodedContent(values);
        client.DefaultRequestHeaders.Add("Cookie", "AWSALB=...; AWSALBCORS=...");

        var response = await client.PostAsync("https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth", content);
        var responseString = await response.Content.ReadAsStringAsync();

        Console.WriteLine(responseString);
    }
}
const axios = require('axios');
const qs = require('qs');

let data = qs.stringify({
'auth_id': 'YOUR_AUTH_ID',
'auth_pass': 'YOUR_AUTH_PASS',
'card_num': '4510400400099005',
'card_cvv': '123',
'card_expiry': '1126',
'cust_name': 'Mrs T Tester',
'cust_address': 'testUserApi',
'cust_postcode': 'TE456ST',
'cust_country': 'GB',
'cust_ip': '123.45.67.89',
'cust_email': 'customer@example.com',
'cust_tel': '01234567890',
'tran_ref': 'testApi',
'tran_amount': '12.00',
'tran_currency': 'GBP',
'tran_testmode': '0',
'tran_type': 'verify',
'tran_class': 'ecom',
'submit': 'submit',
'return_scheme_transaction_id': '1'
});

let config = {
method: 'post',
maxBodyLength: Infinity,
url: 'https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth',
headers: {
    'Content-Type': 'application/x-www-form-urlencoded',
    'Cookie': 'AWSALB=...; AWSALBCORS=...'
},
data: data
};

axios.request(config)
.then(response => console.log(JSON.stringify(response.data)))
.catch(error => console.log(error));
<?php
$data = http_build_query([
    'auth_id' => 'YOUR_AUTH_ID',
    'auth_pass' => 'YOUR_AUTH_PASS',
    'card_num' => '4510400400099005',
    'card_cvv' => '123',
    'card_expiry' => '1126',
    'cust_name' => 'Mrs T Tester',
    'cust_address' => 'testUserApi',
    'cust_postcode' => 'TE456ST',
    'cust_country' => 'GB',
    'cust_ip' => '123.45.67.89',
    'cust_email' => 'customer@example.com',
    'cust_tel' => '01234567890',
    'tran_ref' => 'testApi',
    'tran_amount' => '12.00',
    'tran_currency' => 'GBP',
    'tran_testmode' => '0',
    'tran_type' => 'verify',
    'tran_class' => 'ecom',
    'submit' => 'submit',
    'return_scheme_transaction_id' => '1'
]);

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    "Content-Type: application/x-www-form-urlencoded",
    "Cookie: AWSALB=...; AWSALBCORS=..."
]);

$response = curl_exec($ch);
curl_close($ch);

echo $response;
?>
require 'net/http'
require 'uri'

uri = URI.parse("https://secure-int.cashflows.com/gateway/remote_auth/gateway/remote_auth")
request = Net::HTTP::Post.new(uri)
request.set_form_data(
"auth_id" => "YOUR_AUTH_ID",
"auth_pass" => "YOUR_AUTH_PASS",
"card_num" => "4510400400099005",
"card_cvv" => "123",
"card_expiry" => "1126",
"cust_name" => "Mrs T Tester",
"cust_address" => "testUserApi",
"cust_postcode" => "TE456ST",
"cust_country" => "GB",
"cust_ip" => "123.45.67.89",
"cust_email" => "customer@example.com",
"cust_tel" => "01234567890",
"tran_ref" => "testApi",
"tran_amount" => "12.00",
"tran_currency" => "GBP",
"tran_testmode" => "0",
"tran_type" => "verify",
"tran_class" => "ecom",
"submit" => "submit",
"return_scheme_transaction_id" => "1"
)
request["Cookie"] = "AWSALB=...; AWSALBCORS=..."

response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: true) do |http|
http.request(request)
end

puts response.body

Example account verification response

A|01P0135FF18|200|AUTHOK|Authorised|315207784071168

Recurring/continuous payment request parameters

Parameters for making recurring/continuous payment requests:

Parameter

Description

Mandatory/Optional

auth_id

Your Profile Id

Mandatory

auth_pass

Authentication password

Mandatory

cust_name

Customer’s name

Optional

cust_address

Customer’s address (Multiple lines can be separated using the new line break character (ASCII code 10))

Optional

cust_postcode

Customer’s post/zip/area code )

Optional

cust_country

Customer’s country (ISO3166 2-character code)

Optional

cust_ip

Customer’s IP address (IPV4 Format only)

Optional

cust_email

Customer’s email address

Optional

cust_tel

Customer’s telephone number

Optional

tran_ref

Your transaction reference (e.g. cart ID)

Mandatory

tran_desc

Your transaction description (Max of 99 characters)

Optional

tran_amount

Transaction amount to 2 decimal places, e.g. 24.99 (The currency symbol must not be included)

Mandatory

tran_currency

Transaction currency (3-character code)

Mandatory

tran_testmode

Transaction test mode = 0

Mandatory

tran_type

Transaction type = sale

Mandatory

tran_class

Transaction class = cont

Mandatory

tran_orig_id

Verification ID or Sales ID (e.g. 05P00001724 or 06S00001724)

Mandatory

tran_recurrence

To be used to override default MID settings:

  • sing = Single transaction with no recurrence

  • subs = Transaction in recurring subscription

  • inst = Transaction in recurring instalment

  • unsc = Unscheduled transaction with a stored card

  • card = Cardholder initiated transaction with a stored card

Optional

retry_number

Indication of the number of retries attempts, 0 = initial attempt (For more information see Retry Handing)

Optional

return_acq_ref

If not Null, the Acquirer Reference Number (ARN) will be included in the response only when we have processed a live payment.

Optional

return_issuer_response_code

If not Null, the raw issuer response code will be included in the response when we have processed a live payment.

Optional

descriptor

A soft descriptor that is added to your Company Name when displayed on the Cardholders statement (Max of 12 characters)

Optional

return_token

If not Null the card_token will be included in the response only when we have processed a successful transaction

Optional

SCA_exemption_indicator

Indication of why the transaction may be exempt from SCA, possible values: lowvalue = Applicable to transactions where amount is less than €30 or currency equivalent

Optional

If your MCC is 6012, 6051, or 7299 (financial institutions) you must also include:

Parameters (financial institutions)

Description

primary_recipient_dob

Customer’s Date of Birth. Format is YYYYMMDD (8 numeric characters)

primary_recipient_surname

Customer’s Surname or Last name (2-64-characters alpha characters, including -)

primary_recipient_postcode

Customer’s Postcode (2 to 16-characters alpha characters, including spaces)

primary_recipient_account_number

Customer’s Account Number (1 to 32 alpha numeric characters, including /-) For PAN Numbers: First 6 and Last 4

Example continuous request

import requests

url = "https://secure-int.cashflows.com/gateway/remote_auth"

data = {
    "auth_id": "YOUR_AUTH_ID",
    "auth_pass": "YOUR_AUTH_PASS",
    "cust_name": "Imps Test",
    "cust_address": "CashFlows, CPC1 Capital Park, Fulbourn",
    "cust_postcode": "CB23 5XE",
    "cust_country": "GB",
    "cust_ip": "123.45.67.89",
    "cust_email": "customer@example.com",
    "cust_tel": "01234567890",
    "descriptor": "descriptor",
    "retry_number": "0",
    "tran_ref": "ImpsRemoteRecurring1",
    "tran_desc": "Test transaction",
    "tran_amount": "1.01",
    "tran_currency": "GBP",
    "tran_orig_id": "01P013612F9",
    "tran_testmode": "0",
    "tran_type": "sale",
    "tran_class": "cont",
    "return_acq_ref": ""
}

headers = {
    "Cookie": "AWSALB=...; AWSALBCORS=..."
}

response = requests.post(url, data=data, headers=headers)
print(response.text)
import org.apache.http.HttpEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.mime.MultipartEntityBuilder;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;

public class Main {
    public static void main(String[] args) throws Exception {
        CloseableHttpClient client = HttpClients.createDefault();
        HttpPost post = new HttpPost("https://secure-int.cashflows.com/gateway/remote_auth");

        HttpEntity entity = MultipartEntityBuilder.create()
            .addTextBody("auth_id", "YOUR_AUTH_ID")
            .addTextBody("auth_pass", "YOUR_AUTH_PASS")
            .addTextBody("cust_name", "Imps Test")
            .addTextBody("cust_address", "CashFlows, CPC1 Capital Park, Fulbourn")
            .addTextBody("cust_postcode", "CB23 5XE")
            .addTextBody("cust_country", "GB")
            .addTextBody("cust_ip", "123.45.67.89")
            .addTextBody("cust_email", "customer@example.com")
            .addTextBody("cust_tel", "01234567890")
            .addTextBody("descriptor", "descriptor")
            .addTextBody("retry_number", "0")
            .addTextBody("tran_ref", "ImpsRemoteRecurring1")
            .addTextBody("tran_desc", "Test transaction")
            .addTextBody("tran_amount", "1.01")
            .addTextBody("tran_currency", "GBP")
            .addTextBody("tran_orig_id", "01P013612F9")
            .addTextBody("tran_testmode", "0")
            .addTextBody("tran_type", "sale")
            .addTextBody("tran_class", "cont")
            .addTextBody("return_acq_ref", "")
            .build();

        post.setEntity(entity);
        post.setHeader("Cookie", "AWSALB=...; AWSALBCORS=...");

        var response = client.execute(post);
        System.out.println(EntityUtils.toString(response.getEntity()));
        client.close();
    }
}
using System;
using System.Net.Http;
using System.Threading.Tasks;

class Program
{
    static async Task Main()
    {
        var client = new HttpClient();
        var request = new HttpRequestMessage(HttpMethod.Post, "https://secure-int.cashflows.com/gateway/remote_auth");

        var content = new MultipartFormDataContent
        {
            { new StringContent("YOUR_AUTH_ID"), "auth_id" },
            { new StringContent("YOUR_AUTH_PASS"), "auth_pass" },
            { new StringContent("Imps Test"), "cust_name" },
            { new StringContent("CashFlows, CPC1 Capital Park, Fulbourn"), "cust_address" },
            { new StringContent("CB23 5XE"), "cust_postcode" },
            { new StringContent("GB"), "cust_country" },
            { new StringContent("123.45.67.89"), "cust_ip" },
            { new StringContent("customer@example.com"), "cust_email" },
            { new StringContent("01234567890"), "cust_tel" },
            { new StringContent("descriptor"), "descriptor" },
            { new StringContent("0"), "retry_number" },
            { new StringContent("ImpsRemoteRecurring1"), "tran_ref" },
            { new StringContent("Test transaction"), "tran_desc" },
            { new StringContent("1.01"), "tran_amount" },
            { new StringContent("GBP"), "tran_currency" },
            { new StringContent("01P013612F9"), "tran_orig_id" },
            { new StringContent("0"), "tran_testmode" },
            { new StringContent("sale"), "tran_type" },
            { new StringContent("cont"), "tran_class" },
            { new StringContent(""), "return_acq_ref" }
        };

        request.Content = content;
        request.Headers.Add("Cookie", "AWSALB=...; AWSALBCORS=...");

        var response = await client.SendAsync(request);
        Console.WriteLine(await response.Content.ReadAsStringAsync());
    }
}
const axios = require('axios');
const FormData = require('form-data');

let data = new FormData();
data.append('auth_id', 'YOUR_AUTH_ID');
data.append('auth_pass', 'YOUR_AUTH_PASS');
data.append('cust_name', 'Imps Test');
data.append('cust_address', 'CashFlows, CPC1 Capital Park, Fulbourn');
data.append('cust_postcode', 'CB23 5XE');
data.append('cust_country', 'GB');
data.append('cust_ip', '123.45.67.89');
data.append('cust_email', 'customer@example.com');
data.append('cust_tel', '01234567890');
data.append('descriptor', 'descriptor');
data.append('retry_number', '0');
data.append('tran_ref', 'ImpsRemoteRecurring1');
data.append('tran_desc', 'Test transaction');
data.append('tran_amount', '1.01');
data.append('tran_currency', 'GBP');
data.append('tran_orig_id', '01P013612F9');
data.append('tran_testmode', '0');
data.append('tran_type', 'sale');
data.append('tran_class', 'cont');
data.append('return_acq_ref', '');

let config = {
method: 'post',
maxBodyLength: Infinity,
url: 'https://secure-int.cashflows.com/gateway/remote_auth',
headers: {
    'Cookie': 'AWSALB=your_cookie_here; AWSALBCORS=your_cookie_here',
    ...data.getHeaders()
},
data: data
};

axios.request(config)
.then((response) => {
    console.log('Response:', response.data);
})
.catch((error) => {
    console.error('Error:', error.message || error);
});
<?php
$curl = curl_init();

$data = [
    'auth_id' => 'YOUR_AUTH_ID',
    'auth_pass' => 'YOUR_AUTH_PASS',
    'cust_name' => 'Imps Test',
    'cust_address' => 'CashFlows, CPC1 Capital Park, Fulbourn',
    'cust_postcode' => 'CB23 5XE',
    'cust_country' => 'GB',
    'cust_ip' => '123.45.67.89',
    'cust_email' => 'customer@example.com',
    'cust_tel' => '01234567890',
    'descriptor' => 'descriptor',
    'retry_number' => '0',
    'tran_ref' => 'ImpsRemoteRecurring1',
    'tran_desc' => 'Test transaction',
    'tran_amount' => '1.01',
    'tran_currency' => 'GBP',
    'tran_orig_id' => '01P013612F9',
    'tran_testmode' => '0',
    'tran_type' => 'sale',
    'tran_class' => 'cont',
    'return_acq_ref' => ''
];

curl_setopt_array($curl, [
    CURLOPT_URL => 'https://secure-int.cashflows.com/gateway/remote_auth',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_POST => true,
    CURLOPT_POSTFIELDS => $data,
    CURLOPT_HTTPHEADER => [
        'Cookie: AWSALB=...; AWSALBCORS=...'
    ]
]);

$response = curl_exec($curl);
curl_close($curl);
echo $response;
?>
require 'net/http'
require 'uri'

uri = URI("https://secure-int.cashflows.com/gateway/remote_auth")

req = Net::HTTP::Post.new(uri)
req.set_form_data(
"auth_id" => "YOUR_AUTH_ID",
"auth_pass" => "YOUR_AUTH_PASS",
"cust_name" => "Imps Test",
"cust_address" => "CashFlows, CPC1 Capital Park, Fulbourn",
"cust_postcode" => "CB23 5XE",
"cust_country" => "GB",
"cust_ip" => "123.45.67.89",
"cust_email" => "customer@example.com",
"cust_tel" => "01234567890",
"descriptor" => "descriptor",
"retry_number" => "0",
"tran_ref" => "ImpsRemoteRecurring1",
"tran_desc" => "Test transaction",
"tran_amount" => "1.01",
"tran_currency" => "GBP",
"tran_orig_id" => "01P013612F9",
"tran_testmode" => "0",
"tran_type" => "sale",
"tran_class" => "cont",
"return_acq_ref" => ""
)

req['Cookie'] = "AWSALB=...; AWSALBCORS=..."

res = Net::HTTP.start(uri.hostname, uri.port, use_ssl: true) do |http|
http.request(req)
end

puts res.body

Example continuous response

A|01S013612FA|000|AUTHOK|Authorised|74501875153356891498789

Acquirer system response codes

Responses consist of a letter followed by a 3-digit code:

  • Letter - indicates the type of status
    • A - authorised

    • V - validation error (e.g. invalid card number)

    • D - declined

    • R - referral (treated as declined)

    • B - blocked

    • C - cancelled (e.g. user pressed cancel on payment page)

    • S - system error

  • First number – internal code that can be ignored

  • Last 2 numbers – specific error code.

Below is a list of current error codes (this list is subject to change):

Code

Reason

Vx01

Invalid merchant details

Vx02

Invalid expiry date

Vx03

Invalid start date

Vx04

Invalid issue number

Vx05

Invalid CVV

Vx06

Invalid card number

Vx07

Card holder name not set

Vx08

Insufficient address details

Vx09

Invalid country code

Vx10

Invalid cart ID

Vx11

Invalid email address

Vx12

Invalid phone number

Vx13

Invalid amount

Vx14

Invalid currency code

Vx15

Invalid customer IP

Vx16

Original trans not found

Vx17

Invalid merchant IP

Vx18

Unknown transaction type

Vx19

Card number changed

Vx20

Currency changed

Vx21

Original trans ref required

Vx22

Amount exceeds original

Vx23

Can not refund this type of transaction

Vx24

Amount changed

Vx25

User account details required

Vx26

Invalid request

Vx27

Original trans not pre-auth

Vx28

Transaction mode changed

Vx29

Card/Currency combination not supported

Vx30

Unknown card type

Vx31

Issue number required

Vx32

Issue number not required

Vx33

Duplicate transaction

Vx34

Unable to void transaction

Vx35

Original trans was not authorised

Vx36

Invalid PIN

Vx37

Unknown transaction class

Vx38

Original transaction type does not match

Vx39

Card expired

Vx40

CVV Required

Vx41

Original transaction already settled

Vx42

Original transaction already cancelled

Vx43

This card does not support the required transaction type

Vx44

Transaction details do not match original

Vx48

User Details not valid

Vx52

3DS Not Enabled

Vx53

3DS Data Invalid

Vx54

Concurrent Authorisations

Vx55

Invalid Funds Recipient Date (MCC 6012, 6051 or 7299 merchants)

Vx56

Terminal mismatch

Vx57

Transaction not allowed on this card

Vx58

Original transaction requires 3DS attempt/auth

Vx59

ECOM transactions require 3DS attempt/auth

Vx60

Verify for Amex card not supported

Vx61

Recurrence Flag usage invalid

Vx62

Initial Sale/Verify ARN missing for subsequent sale

Vx63

Initial Sale/Verify for subsequent sale not approved

Vx64

Initial transaction on card expired

Dx01

Non-specific decline

Dx02

Declined due to funds (insufficient/limit exceeded)

Dx03

Retain card response

Dx05

On our blacklist

Dx07

Live/test mismatch

Dx08

Refund: Insufficient merchant funds in account

Dx10

Card authorisation attempt limit reached

Dx11

Monthly Scheme Decline Rate limit reached

Dx40

Continuous Authority cancelled for the transaction

Dx41

Continuous Authorities cancelled for the merchant

Dx43

Continuous Authorities cancelled for the card

Dx49

Additional customer authentication required

Dx90

Pre-Authorisation anti-fraud block

Dx91

Post-Authorisation anti-fraud block

Rx01

Not Authorised

Ex01

Transaction error

Cx01

Transaction cancelled

Cx02

Transaction expired

Sx00

Invalid transaction Request

Sx01

Connection failure

Sx02

Invalid response

Sx03

Response timeout

Sx04

Server error

Sx05

Server error

Sx06

No response from issuer

Sx07

Service not available

Sx99

Unknown Error