Sending us payment details - Payment processing

Sending us an authorisation request for an eCommerce payment

The process for an eCommerce authorisation involves the following stages:

·       Strong Customer Authentication (SCA)
Before you attempt to take a payment, you need to confirm that the person using the card is the owner of the card. This is to protect everyone involved against potential fraud. However, it is the merchant’s responsibility to authenticate that the cardholder meets the SCA requirements. At Cashflows we only accept validation of SCA using the 3-D Secure method. For more information, see Using 3-D Secure to protect against fraud.

·       Authorisation
This is when a shopper's payment is validated with their issuing bank to ensure that they can pay the requested amount. The payment is reserved on behalf of the merchant for seven consecutive days. The funds are not taken from the shopper's account until we receive a capture request. For information, see Sending us a capture request.

·       Response
After we authorise your request, the issuer sends us a response to indicate whether they accept the request on behalf of their cardholder. We pass this response back to you. For more information about response codes, see Response codes.

How to send us an authorisation request for an eCommerce payment

Use the Authorisation command to send us an eCommerce payment. Use the relevant fields to tell us the amount and the currency.

Note: You use the same Authorisation command for other types of payment, for example use a wallet payment or a mail or phone payment. You just need to set some parameters to tell us the payment type.

This section explains how to send us a request to authorise an eCommerce payment. This is a request to reserve the funds only. No money is transferred at this stage. You need to send a further request to capture the funds, either individually or as part of a batch. If the capture step is not taken within 7 consecutive days the transaction will not be submitted for clearing, and the authorisation will be automatically removed by the issuing bank. For information, see Sending us a capture request.


Set the PaymentType parameter to Auth, for example:

"PaymentType" : "Auth",


This tells us to process the request as a simple authorisation request to reserve funds on the specified

Example request
POST /Authorisation


         "ApiKey": "c5bb4cb5dc014a528a4fcffe952bc3ba",

         "Signature": "587cf3ef01e4377920436cc0f05baa420a5588308ae6a2c4b84afb94b17cc45a3357fe46a4cfc59155fda05911c6fbc0cca11c85021a56d4201f560593db5155"


         "Request": {

              "MerchantId": "1145",

              "OrderReference": "TestOrderRef-Auth2",

              "TestMode": 1,

              "Amount": 123.45,

              "Currency": "EUR",

              "CardNumber": "4000000000000002",

              "Cvv": "123",

              "ExpiryDateMonth": "01",

              "ExpiryDateYear": "20",

              "UsingStoredCredentials": false,

              "Descriptor": "only12char",

              "PaymentType": 0,

              "TransactionClass": "ecom",

              "RecurrenceType": "sing"


         "Version": "1.1"


Example response - successful


              "Version": "1.1",

              "DateTime": "2019-02-28T09:13:01.6771999Z",

              "Response": {

                     "AuthCode": "AUTHOK",

                     "Arn": "74501879059000008651883",

                     "Currency": "EUR",

                     "Amount": 123.45,

                     "Message": "Authorised",

                     "TimeStamp": "2019-02-28T09:13:01.6771407Z",

                     "Status": "Successful",

                     "TransactionId": "01S00A4CE63",

                     "IssuerResponseCode": "00",

                     "CvvAvsResult": "200",

                     "AcquirerResponseCode": "A"



Example response – unsuccessful, invalid card number


              "Version": "1.1",

              "DateTime": "2019-02-28T09:15:18.4664795Z",

              "Response": {

                     "AuthCode": "",

                     "Arn": "",

                     "Currency": "EUR",

                     "Amount": 123.45,

                     "Message": "Invalid card number",

                     "TimeStamp": "2019-02-28T09:15:18.4664176Z",

                     "Status": "Failed",

                     "TransactionId": "01S00A4CE66",

       "IssuerResponseCode": "",

                     "CvvAvsResult": "000",

                     "AcquirerResponseCode": "V006"