Introduction
The Shieldgate by Afirme API is organized around REST. Our API has predictable, resource-oriented URLs, and uses HTTP response codes to indicate API errors. JSON is returned by all API responses, including errors, although our API libraries convert responses to appropriate language-specific objects.
You should never expose your Server Credentials in any public website's client-side code.
To start the integration you will need to request to Shieldgate by Afirme Team integraciones@shieldgate.mx for a Development/Sandbox account. Please send us your e-mail to identify you as a developer and the name of your company.
We will create an Application and give you the application code. From now this will be the identifier for your Application in the whole integration. We also give you a developer account based on the e-mail you provided. We will send you the password via e-mail to access to your developer account. You can access to this configuration here:
| Environment | URL |
|---|---|
| development | https://dashboard-stg.shieldgate.mx |
| production | https://dashboard.shieldgate.mx |
You can change you account password or if you forget it you can always use the forgot password option to recover it. In the Shieldgate by Afirme admin system you will see your transactions, application settings (including application URLs and application key) and so more.
Configurations have to be done for the application in development environment and production environment, URLs and application key are different for every environment. Development environment will be always available for tests even after launching your application to production.
Environments
In order to use the API, you need to use one of the following base URLs depending of the environment:
Cards payment method
| Environment | URL |
|---|---|
| development | https://ccapi-stg.shieldgate.mx |
| production | https://ccapi.shieldgate.mx |
Cash / Bank Transfer / Wallets / Link To Pay payment methods
| Environment | URL |
|---|---|
| development | https://noccapi-stg.shieldgate.mx |
| production | https://noccapi.shieldgate.mx |
Authentication
To build the auth_token, you can use this code:
#!/usr/bin/env python
import time
import hashlib
from base64 import b64encode
print '#########################################################'
print '####### AUTH TOKEN TEST'
print '#########################################################'
server_application_code = ''
server_app_key = ''
unix_timestamp = str(int(time.time()))
print 'UNIX TIMESTAMP: %s' % unix_timestamp
uniq_token_string = server_app_key + unix_timestamp
print 'UNIQ STRING: %s' % uniq_token_string
uniq_token_hash = hashlib.sha256(uniq_token_string).hexdigest()
print 'UNIQ HASH: %s' % uniq_token_hash
auth_token = b64encode('%s;%s;%s' % (server_application_code,
unix_timestamp, uniq_token_hash))
print 'AUTH TOKEN: %s' % auth_token
import time
import hashlib
from base64 import b64encode
print '#########################################################'
print '####### AUTH TOKEN TEST'
print '#########################################################'
server_application_code = ''
server_app_key = ''
unix_timestamp = str(int(time.time()))
print 'UNIX TIMESTAMP: %s' % unix_timestamp
uniq_token_string = server_app_key + unix_timestamp
print 'UNIQ STRING: %s' % uniq_token_string
uniq_token_hash = hashlib.sha256(uniq_token_string).hexdigest()
print 'UNIQ HASH: %s' % uniq_token_hash
auth_token = b64encode('%s;%s;%s' % (server_application_code,
unix_timestamp, uniq_token_hash))
print 'AUTH TOKEN: %s' % auth_token
<?php
const API_LOGIN_DEV = "Application Code Server";
const API_KEY_DEV = "Application Key Server";
$server_application_code = API_LOGIN_DEV;
$server_app_key = API_KEY_DEV ;
$date = new DateTime();
$unix_timestamp = $date->getTimestamp();
// $unix_timestamp = "1546543146";
$uniq_token_string = $server_app_key.$unix_timestamp;
$uniq_token_hash = hash('sha256', $uniq_token_string);
$auth_token = base64_encode($server_application_code.";".$unix_timestamp.";".$uniq_token_hash);
echo "TIMESTAMP: $unix_timestamp";
echo "\nUNIQTOKENST: $uniq_token_string";
echo "\nUNIQTOHAS: $uniq_token_hash";
echo "\nAUTHTOKEN: $auth_token";
?>
All the requests must have the header Auth-Token:
APPLICATION-CODE;UNIXTIMESTAMP;UNIQ-TOKEN
| Element | Description |
|---|---|
| APPLICATION-CODE | Ask the Shieldgate by Afirme team for it. |
| UNIXTIMESTAMP | This must be created at the same time as the request, be aware that the time is in UTC and in SECONDS, you will have 15 seconds before you need to create a new one, or your request will be rejected (error.type: Invalid timestamp). |
| UNIQ-TOKEN | Is the hexa representation of a hash sha256 generate from the string “secret-key”+”timestamp”, the secret-key is given by Shieldgate by Afirme team. |
Once you have the UNIQ-TOKEN you need to apply the sha256 and the hexa convertion, you can use the next python example, just add your server_application_code and server_app_key:
Payment Methods
Cash
In this platform we can generate a reference to pay with cash.
Generate a reference
curl -k -L -X POST -H 'Content-Type: application/json'
-H 'Auth-Token: auth_token' -d '{
"carrier":{
"id": "payvalida"
},
"user": {
"id": "sadfasdf",
"email": "user@example.com"
},
"order": {
"country": "COL",
"currency": "COP",
"dev_reference": "prueba_stg_2",
"amount": 50001,
"expiration_days": 5,
"recurrent": false,
"description": "Esto es una prueba desde rest client"
}
}' 'https://noccapi-stg.shieldgate.mx/order/'
The above request returns JSON structured like this:
{
"application": {
"code": "AbiColApp"
},
"commerce": {
"merchant_id": "example"
},
"user": {
"email": "user@example.com",
"id": "sadfasdf"
},
"transaction": {
"currency": "COP",
"country": "COL",
"dev_reference": "prueba_stg_2",
"amount": 50001.0,
"expiration_date": "2018-07-01",
"recurrent": false,
"description": "Esto es una prueba desde rest client",
"reference": "69193",
"agreement": {
"baloto": 95715,
"efecty": 110342,
"dimonex": 110342,
"puntored": 113042,
"redservi": 761
},
"status": "pending",
"id": "PV-0000000000021"
}
}
Cash transactions generates a payment reference through a carrier
HTTP Request
POST https://noccapi-stg.shieldgate.mx/order/
URL Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| carrier.id | String | Yes | Indicates the method by which the reference will be created. See carrier list |
| carrier.extra_params.user.name | String | Yes (*) | User name. |
| carrier.extra_params.user.last_name | String | Yes (*) | User last name. |
| carrier.extra_params.user.phone | String | Yes (*) | User phone. |
| carrier.extra_params.user.fiscal_number | String | Yes (*) | The fiscal number (identification number) given by the user. |
| carrier.extra_params.user.address | Json | Yes (*) | Object with user address, see the specification of address. |
| user.id | String | Yes | Buyer identifier. |
| user.email | String | Yes | Buyer email, with valid e-mail format. |
| order.dev_reference | String | Yes | Id from commerce to identify the order. |
| order.amount | Number | Yes | Total amount to pay. Format: Decimal with two fraction digits. |
| order.expiration_days | Number | No | Number of days in which the payment reference expires. Default 2. |
| order.recurrent | Boolean | No | To indicate if the pay is recurrent or not. |
| order.description | String | Yes | The order description. |
| order.hours | Number | No | Optional. If there is value, the reference will last hours. |
| order.country | String | Optional | Country where payment will be made. By default the credential settings will be used. |
| order.currency | String | Optional | Currency to be used for payment. By default the credential settings will be used. |
Response
| Parameter | Description |
|---|---|
| application.code | Identifier of the application. |
| commerce.merchant_id | Identifier of the commerce. |
| user.email | Buyer email registered to order. |
| user.id | Buyer identifier. |
| transaction.currency | Currency of the transaction. |
| transaction.country | Country where the transaction has made. |
| transaction.dev_reference | Reference from commerce. |
| transaction.amount | Total amount to pay. |
| transaction.expiration | Limit date to pay the reference. |
| transaction.recurrent | Show if the transaction will be recurrent. |
| transaction.reference | Reference to make the pay in a store. |
| transaction.agreement | Json object with all agreements to pay (For payvalida). |
| transaction.status | The status of payment (pending, approved, cancelled). |
| transaction.id | Id generated by Shieldgate by Afirme |
| transaction.url_reference | Detailed printable view of the transaction.reference. |
Carriers
| Carrier | Response fields needed to pay |
|---|---|
| oxxo | transaction.reference that must be converted in a barcode. |
| bradesco | transaction.url_reference this send the printable view |
Fields needed for every cash carrier
| Carrier | Fields needed in extra_params |
|---|---|
| oxxo | user.name, user.last_name |
| bradesco | user.name, user.last_name, user.fiscal_number, user.address |
Address
In case you are sending address, this is the Json Object Format:
This is an example of request with Address Object:
curl -k -L -X POST -H 'Content-Type: application/json'
-H 'Auth-Token: auth_token' -d '{
"carrier":{
"id": "bradesco",
"extra_params":{
"extra_amount": 0,
"user":{
"name": "Pay",
"last_name": "Mentez",
"fiscal_number": "68753238850",
"address": {
"state": "SP",
"city": "Sao Paulo",
"zip_code": "01418000",
"street": "Alameda Santos",
"house_number": "200",
"district": "Cerqueira",
"additional_address_info": "additional test"
}
}
}
},
"user": {
"email": "lcruz@email.com",
"id": 1
},
"order": {
"dev_reference": "prueba_stg_2",
"amount": 10,
"expiration_days": 2,
"currency":"BRL",
"description": "Esto es una prueba desde rest client"
}
}' 'https://noccapi-stg.shieldgate.mx/order/'
| Parameter | Type | Required | Description |
|---|---|---|---|
| state | String | No | The state: ISO 3166-2 country subdivision code |
| city | String | No | The city, max length of 30 characters. |
| zip_code | String | No | The zip or postal code. Max length allowed of 30 characters. |
| street | String | No | The name of the street. |
| house_number | String | No | The house number |
| district | String | No | The district. |
| additional_address_info | String | No | Additional address info, without format. |
Cards
In this platform we can securely store the sensitive credit card data.
This data is transformed into an encrypted code called token, which can be stored in a database. With the platform, the store will be able to offer features like “One click buy” and “Retry transaction”, always preserving the integrity and the confidentiality of the information.
Add a Card
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"user": {
"id": "4",
"email": "test@example.com"
},
"card": {
"number": "5119159076977991",
"holder_name": "citlali calderon",
"expiry_month": 9,
"expiry_year": 2020,
"cvc": "123",
"type": "vi"
}
}' 'https://ccapi-stg.shieldgate.mx/v2/card/add'
The above request returns JSON structured like this:
{
"card": {
"bin": "511915",
"status": "review",
"token": "17121538682542236138",
"message": "",
"expiry_year": "2020",
"expiry_month": "9",
"transaction_reference": "CI-488",
"type": "vi",
"number": "7991",
"origin": "ORIGIN"
}
}
This endpoint add a card to the platform related to a user.
HTTP Request
POST https://ccapi-stg.shieldgate.mx/v2/card/add
URL Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| session_id | String | No | Fraud related parameter. 32-length numeric hash. |
| user.id | String | Yes | Customer identifier. This is the identifier you use inside your application. |
| user.email | String | Yes | Buyer email, with valid e-mail format. |
| user.phone | String | No | Buyer phone. |
| user.ip_address | String | No | User IP address. Valid v4 IP address. |
| user.fiscal_number | String | No | The fiscal number given by the buyer Note: For card types ex, ak, vr, sx, ol, ep and cd this field is mandatory. |
| card.number | String | Yes | A valid credit card number. |
| card.holder_name | String | Yes | The credit card holder name. |
| card.expiry_month | Number | Yes | The credit card expiry month. |
| card.expiry_year | Number | Yes | The credit card expiry year. |
| card.cvc | String | Yes | The credit card security number. |
| card.type | String | No | Abbreviated card type. See the valid options |
| card.account_type | String | No | The corresponding values for: Credit, Checking and Savings accounts are: C, R and A respectively. This field is mandatory for QR Colombia. |
| extra_params | Json | No | Optional params (3DS 2 objects included) used for some commerce in Json format. Please contact your commercial executive for more details. |
| billing_address | Json | No | Object with the billing address, see the specification of address. |
Response
| Parameter | Description |
|---|---|
| card.bin | The BIN of the card (First six digits of the card). |
| card.status | Either of the following status: valid, review, pending and rejected. If the response is "review" or "pending", the transaction associated to the attempt to add a card (transaction_reference) needs to be verified by the user, to set this card as valid. |
| card.token | New card identifier. This code is unique among all cards, only returned if status is valid or review, "" otherwise. |
| card.message | If any, would be the message of the carrier for example in case of rejected by carrier. |
| card.expiry_year | The expiry year of the card. |
| card.expiry_month | The expiry month of the card. |
| card.transaction_reference | The transaction.id that origin the addition of the card (only if it was sent to review, by the anti-fraud system, null otherwise). |
| card.type | Abbreviated card type. See the valid options |
| card.number | The last four digits of the card. |
| card.origin | The origin of the credit card. Could be one of the following: Shieldgate, VisaCheckout, Masterpass. |
Get all Cards
curl \
-k -L -H 'Content-Type: application/json' \
-H 'Auth-Token: auth_token' \
'https://ccapi-stg.shieldgate.mx/v2/card/list?uid=4'
The above request returns JSON structured like this:
{
"cards": [
{
"bin": "511915",
"status": "review",
"token": "17121538682542236138",
"holder_name": "citlali calderon",
"expiry_year": "2020",
"expiry_month": "9",
"transaction_reference": "CI-473",
"type": "vi",
"number": "7991"
},
{
"bin": "422023",
"status": "valid",
"token": "15363681013452573066",
"holder_name": "citlali calderon",
"expiry_year": "2020",
"expiry_month": "9",
"transaction_reference": null,
"type": "mc",
"number": "8431"
},
{
"bin": "453254",
"status": "valid",
"token": "10135134879450157925",
"holder_name": "citlali calderon",
"expiry_year": "2020",
"expiry_month": "9",
"transaction_reference": null,
"type": "vi",
"number": "8311"
}
],
"result_size": 3
}
This endpoint retrieves all Cards related to a user.
HTTP Request
GET https://ccapi-stg.shieldgate.mx/v2/card/list
URL Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| uid | String | Yes | Customer identifier. This is the identifier you use inside your application. |
Response
A list of cards
| Parameter | Description |
|---|---|
| result_size | Number of items of the list of cards. |
| card.bin | The BIN of the card (First six digits of the card). |
| card.status | Either of the following status: valid, review, pending and rejected. If the response is "review" or "pending", the transaction associated to the attempt to add a card (transaction_reference) needs to be verified by the user, to set this card as valid. |
| card.token | Card identifier. This code is unique among all cards |
| card.holder_name | The credit card holder name. |
| card.expiry_year | The expiry year of the card. |
| card.expiry_month | The expiry month of the card. |
| card.transaction_reference | The transaction.id that origin the addition of the card (only if it was sent to review, by the anti-fraud system, null otherwise). |
| card.type | Abbreviated card type. See the valid options |
| card.number | The last four digits of the card. |
Delete a Card
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"card": {
"token": "2293795539132514250"
},
"user": {
"id": "4"
}
}' 'https://ccapi-stg.shieldgate.mx/v2/card/delete/'
The above request returns JSON structured like this:
{
"message": "card deleted"
}
This endpoint delete a Card related to a user
HTTP Request
POST https://ccapi-stg.shieldgate.mx/v2/card/delete/
URL Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| card.token | String | Yes | Card Identifier. This code is unique among all cards. Format: Long Integer. |
| user.id | String | Yes | Customer identifier. This is the identifier you use inside your application. |
Init a Reference
This is an example of basic request for init reference
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"locale":"es",
"order":{
"amount":100.00,
"description":"Jhon Doe",
"vat":0,
"dev_reference":"Jhon Doe Buying",
"installments_type":0
},
"user":{
"id":"117",
"email":"jhon@doe.com"
}
}' 'https://ccapi-stg.shieldgate.mx/v2/transaction/init_reference/'
This is an example of request with all parameters for init reference
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"locale":"es",
"session_id":"",
"origin":"",
"antifraud":{
"device_fingerprint":"testa.a92176a7552eb582e1b10b30edc7ac522085d15c54f6",
"server_ip_address":"54.236.214.202",
"shopping_cart":[
{
"category":"16",
"tax_value":0,
"name":"Testing product",
"price":399.9,
"id":"1119",
"quantity":1
},
{
"category":"10",
"tax_value":0,
"name":"Testing name",
"price":399.9,
"id":"1119",
"quantity":1
}
],
"merchant_custom_data":{
"1":"campo1",
"2":"dos"
}
},
"order":{
"amount":100.00,
"description":"Jhon Doe",
"vat":0,
"dev_reference":"Jhon Doe Buying",
"installments_type":0
},
"user":{
"id":"117",
"email":"jhon@doe.com"
},
"conf":{
"theme":{
"logo": "https://mysite.com/images/logo.png",
"primary_color": "#00BF84",
"secondary_color": "#545454"
}
}
},
"billing_address":{
"street":"Calle 1 Sur",
"city":"Chia",
"country":"COL",
"district":"Chia",
"zip":"69885",
"state":"CU",
"house_number":"179",
"additional_address_info":"Casa 53"
}
}' 'https://ccapi-stg.shieldgate.mx/v2/transaction/init_reference/'
The above request returns JSON structured like this:
{
"checkout_url":"https://ccapi-stg.shieldgate.mx/v2/transaction/checkout?reference=12438255612471559230",
"reference":"12438255612471559230"
}
This endpoint is used for initialize a reference for checkout.
HTTP Request
POST https://ccapi-stg.shieldgate.mx/v2/transaction/init_reference/
URL Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| locale | String | Yes | User's preferred language (es, en, pt). English will be used by default. |
| session_id | String | No | Fraud related parameter. 32-length numeric hash. |
| antifraud | Json | No | Object with antifraud data, see the specification of antifraud. |
| order.amount | Number | Yes | Amount to debit. Format: Decimal with two fraction digits. |
| order.description | String | Yes | Description of the order to be purchase. Format: (Maximum Length 250) |
| order.vat | Number | Yes | Sales tax amount, included in product cost. Format: Decimal with two fraction digits. |
| order.dev_reference | String | Yes | Merchant order reference. You will identify this purchase using this reference. |
| order.installments_type | Number | No | Only available for Ecuador and Mexico. See the valid values |
| conf | Json | No | Object with data for conf , see the specification for conf. |
| billing_address | Json | No | Object with the billing address, see the specification of address. |
| user.id | String | Yes | Customer identifier. This is the identifier you use inside your application. |
| user.email | String | Yes | Buyer email, with valid e-mail format. |
Response
| Parameter | Description |
|---|---|
| checkout_url | Checkout URL, use for render checkout |
| reference | Reference, use for render checkout, is required a reference for render. |
Data for conf
Required from conf, when integration is API
| Parameter | Type | Required | Description |
|---|---|---|---|
| conf.allowed_card_brands | String | No | Allowed card brands to this operation. See the valid options |
| conf.allowed_card_types | String | No | Allowed card types |
| conf.invalid_card_type_message | String | No | Define a custom message to show for invalid card types. |
| conf.theme | JSON | No | Data for custom checkout color's |
Debit with token
Base Case
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"user": {
"id": "4",
"email": "user@example.com"
},
"order": {
"amount": 99.0,
"description": "pozole",
"dev_reference": "referencia",
"vat": 0.00
},
"card": {
"token": "2293795539132514250"
}
}' 'https://ccapi-stg.shieldgate.mx/v2/transaction/debit/'
The above request returns JSON structured like this:
{
"transaction": {
"status": "success",
"payment_date": "2017-09-26T21:00:47",
"amount": 11.1,
"authorization_code": "088428",
"installments": 1,
"dev_reference": "referencia",
"message": "Operation Successful",
"carrier_code": "6",
"id": "CI-489",
"status_detail": 3,
"installments_type": "Revolving credit",
"payment_method_type": "0",
"product_description": "pozole"
},
"card": {
"bin": "450700",
"expiry_year": "2020",
"expiry_month": "9",
"transaction_reference": "CI-489",
"type": "vi",
"number": "6651",
"origin": "ORIGIN"
}
}
This is an example of response for 3DS 2 with objects for authentication:
{
"transaction": {
"status": "failure",
"payment_date": null,
"amount": 11.1,
"authorization_code": null,
"installments": 1,
"dev_reference": "referencia",
"message": null,
"carrier_code": null,
"id": "RB-5969",
"status_detail": 37
},
"card": {
"bin": "401600",
"status": "",
"token": "",
"expiry_year": "2020",
"expiry_month": "9",
"transaction_reference": "RB-5969",
"type": "vi",
"number": "0051",
"origin": "ORIGIN"
},
"3ds": {
"sdk_response": {
"acs_trans_id": "00000000-0005-5a5a-8000-016ab2e4246c",
"acs_signed_content": null,
"acs_reference_number": "JCB0002"
},
"authentication": {
"status": "U",
"return_message": "U-status/Challenge authentication via ACS: ",
"version": null,
"xid": "MDAwMDAwMDAwMDAwMDAwMDAyMDg=",
"reference_id": "ffffffff-9002-51a3-8000-0000000345a2",
"cavv": null,
"return_code": "5",
"eci": null
},
"browser_response": {
"hidden_iframe": "",
"challenge_request": ""
}
}
}
This endpoint creates a debit transaction with a stored credit card. If you want to debit with 3D Secure 2 authentication. You will need to include extra_params in the request, that are used for authentication (See objects for authentication)
HTTP Request
POST https://ccapi-stg.shieldgate.mx/v2/transaction/debit/
URL Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| session_id | String | No | Fraud related parameter. 32-length numeric hash. |
| order.amount | Number | Yes | Amount to debit. Format: Decimal with two fraction digits. |
| order.description | String | Yes | Description of the order to be purchase. Format: (Maximum Length 250) |
| order.dev_reference | String | Yes | Merchant order reference. You will identify this purchase using this reference. |
| order.vat | Number | Yes | Sales tax amount, included in product cost. Format: Decimal with two fraction digits. |
| order.installments | Number | No | The number of installments for the payment, only for COP, MXN, BRL, PEN, CLP and USD (Ecuador). |
| order.installments_type | Number | No | Only available for Ecuador and Mexico. See the valid values |
| order.taxable_amount | Number | No | Only available for Ecuador. The taxable amount is the total amount of all taxable items excluding tax. If not sent, it's calculated on the total. Format: Decimal with two fraction digits. |
| order.tax_percentage | Number | No | Only available for Ecuador. The tax rate to be applied to this order. Should be 0 or 12. |
| order.months_grace | Number | No | Only available for Mexico and Ecuador (Medianet), the number of months of grace for a deferred payment. |
| user.id | String | Yes | Customer identifier. This is the identifier you use inside your application. |
| user.first_name | String | No | User name. |
| user.last_name | String | No | User last name. |
| user.email | String | Yes | Buyer email, with valid e-mail format. |
| user.phone | String | No | Buyer phone. |
| user.ip_address | String | No | User IP address. Valid v4 IP address. |
| user.fiscal_number | String | No | The fiscal number given by the buyer Note: For card types ex, ak, vr, sx, ol, ep and cd this field is mandatory. |
| card.token | String | No | Card Identifier. This code is unique among all cards. Format: Long Integer. |
| card.cvc | String | No | The credit card security number. |
| wallet.type | String | No | Type of wallet, the valid are : 'VisaCheckout', 'Masterpass' and 'CyberSource'. |
| wallet.key | String | No | The id of the wallet (either callid, transactionId or subscriptionID ). |
| extra_params | Json | No | Optional params (3DS 2 objects included) used for some commerce in Json format. Please contact your commercial executive for more details. |
| shipping_address | Json | No | Object with the shipping address, see the specification of address. |
| airline | Json | No | Object with airline data, see the specification of airline. |
| hotel | Json | No | Object with hotel data, see the specification of hotel. |
Response
| Parameter | Description |
|---|---|
| transaction.status | Could be success, failure or pending. |
| transaction.payment_date | If staging environment the date will be in UTC, otherwise will depend on carrier. |
| transaction.amount | The amount of the transaction. |
| transaction.authorization_code | If success the authorization code responded from carrier. |
| transaction.installments | The number of installments for the payment. |
| transaction.dev_reference | Merchant order reference. |
| transaction.message | The returned message from carrier or fraud analysis system. |
| transaction.carrier_code | The returned code from carrier. |
| transaction.id | Transaction identifier. This code is unique among all transactions. |
| transaction.status_detail | The status detail of the transaction, for more information status detail |
| transaction.installments_type | Only available for Ecuador and Mexico. See the valid values |
| transaction.payment_method_type | Payment method of the transaction, for more information payment_method_types |
| transaction.product_description | Order description. |
| transaction.trace_number | Only available for Ecuador and Mexico. |
| transaction.lot_number | Only available for Ecuador. |
| card.bin | The BIN of the card (First six digits of the card). |
| card.expiry_year | The expiry year of the card. |
| card.expiry_month | The expiry month of the card. |
| card.transaction_reference | If any, the transaction.id |
| card.type | Abbreviated card type. See the valid options |
| card.number | The last four digits of the card. |
| card.origin | The origin of the credit card. Could be one of the following: Shieldgate, VisaCheckout, Masterpass. |
In case of transactions that were authenticated with 3DS 2, the response will include:
| Parameter | Description |
|---|---|
| 3ds.sdk_response.acs_trans_id | Transaction ID from ACS. |
| 3ds.sdk_response.acs_signed_content | Signed content from ACS. |
| 3ds.sdk_response.acs_reference_number | ACS reference number. |
| 3ds.authentication.status | Authentication status, could be: "Y", "N", "U", "A", "R", "C" or "-" if value not available due errors or not enrolled, for more information authentication_status. |
| 3ds.authentication.xid | Transaction identifier sent to MPI. |
| 3ds.authentication.return_code | Returned code from MPI, that provides all the information that is needed to determine how to manage the transaction, for more information return code mpi |
| 3ds.authentication.eci | Electronic Commerce Indicator, with visa cards, the value to be passed in Authorization message. |
| 3ds.authentication.return_message | Description of the return_code. |
| 3ds.authentication.version | 3DS message version used. |
| 3ds.authentication.cavv | Cardholder Authentication Verification Value, determined by ACS. Format: base64 |
| 3ds.authentication.reference_id | DS Transaction Id. |
| 3ds.browser_response.challenge_request | If cardholder was enrolled and or challenge authentication requested, payment page application must redirects the user browser to the ACS. If this field is not empty, it will contain the html to redirect. |
| 3ds.browser_response.hidden_iframe | If this field is not empty, the content should be render into an intermediate page into an invisible iframe and wait about 5 seconds. |
| 3ds.service | The name of the MPI that has authenticated the transaction. |
Objects for authentication
Before perform a payment whether through a debit with token, a debit with card or an authorization, it is possible to first perform a 3D Secure authentication, sending this objects in extra_params:
| Object name | Description |
|---|---|
| threeDS2_data | If authentication will be performed directly in debit/authorization this object is required. |
| browser_info | Required for device_type browser. |
| auth_data | Use this object if you performed the authentication first. |
| risk_indicator | Additional risk fields for 3DS 2. Include this in your request whenever available. |
| Parameter | Type | Required | Description |
|---|---|---|---|
| extra_params.threeDS2_data.term_url | String | Yes | Merchant page url, where ACS will post (via user browser) CRes message after authentication. |
| extra_params.threeDS2_data.device_type | String | Yes | Device type. Valid strings: browser, SDK. |
| extra_params.threeDS2_data.process_anyway | Boolean | No | Process anyway, ie. no matter the result of the authentication, perform the debit/authorize. If not provided default false. |
| extra_params.threeDS2_data.reference_id | String | Yes* | Mandatory only for MPI CyberSource, the id used to build the jwt sent in the init method in front end. |
| extra_params.browser_info.ip | String | C | User IP address. Valid v4 IP address. |
| extra_params.browser_info.language | String | C | Language of the browser. |
| extra_params.browser_info.java_enabled | Boolean | C | If java is enabled in the browser. |
| extra_params.browser_info.js_enabled | Boolean | C | If Java Script is enabled in the browser. |
| extra_params.browser_info.color_depth | Number | C | Color depth of the browser. |
| extra_params.browser_info.screen_height | Number | C | Screen height of the browser. |
| extra_params.browser_info.screen_width | Number | C | Screen width of the browser. |
| extra_params.browser_info.timezone_offset | Number | C | Time Zone Offset. |
| extra_params.browser_info.user_agent | String | C | User agent. |
| extra_params.browser_info.accept_header | String | C | Accept header. |
| extra_params.auth_data.cavv | String | Yes | Cardholder Authentication Verification Value, determined by ACS. Format: base64 |
| extra_params.auth_data.xid | String | No | Transaction identifier sent to MPI. |
| extra_params.auth_data.eci | String | Yes | Electronic Commerce Indicator, with visa cards, the value to be passed in Authorization message. |
| extra_params.auth_data.version | String | Yes | 3DS message version used. |
| extra_params.auth_data.reference_id | UUID | Yes | DS Transaction Id. |
| extra_params.auth_data.status | String | Yes | Authentication status, could be: "Y", "N", "U", "A", "R" or "C", for more information authentication_status |
Address
This is an example of request with Billing Address Object:
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"user": {
"id": "4",
"email": "user@example.com",
"phone": "1234567890123"
},
"order":{
"amount": 11.1,
"description": "una paleta",
"vat": 0,
"dev_reference": "referencia",
"installments": 4
},
"card": {
"number": "4456530000001047",
"holder_name": "citlali calderon",
"expiry_month": 12,
"expiry_year": 2024,
"cvc": "123",
"type": "vi"
},
"billing_address": {
"street": "Street Test",
"house_number": "24",
"city": "ciudad de mexico",
"zip": "67890",
"state": "DF",
"country": "MEX",
"district": "colonia",
"additional_address_info": ""
},
"extra_params": {
"threeDS2_data": {
"term_url": "https://your.url.com/YOUR_3DS_NOTIFICATION_URL",
"device_type": "browser",
"reference_id": "2"
},
"browser_info": {
"ip": "88.196.25.166",
"language": "en-US",
"java_enabled": false,
"js_enabled": true,
"color_depth": 24,
"screen_height": 1200,
"screen_width": 1920,
"timezone_offset": 0,
"user_agent": "Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/70.0.3538.110 Safari\/537.36",
"accept_header": "text/html"
}
}
}' 'https://ccapi-stg.shieldgate.mx/v2/transaction/debit_cc'
In case you are sending the billing or shipping address, this is the Json Object Format:
| Parameter | Type | Required | Description |
|---|---|---|---|
| first_name | String | No | Address owner name |
| last_name | String | No | Address owner last name |
| street | String | No | The name of the street. |
| city | String | No | The city, max length of 50 characters. |
| state | String | No | The state: ISO 3166-2 country subdivision code in case of 3DS authentication, free format otherwise |
| district | String | No | The district. |
| zip | String | No | The zip or postal code. Max length allowed of 50 characters. |
| house_number | String | No | The house number |
| country | String | No | Country in ISO 3166-1 alpha-3 format, for example: COL, MEX, ECU. |
| additional_address_info | String | No | Additional address info, without format. |
Hotel Data
This is an example of request with hotel data.
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"card": {
"cvc": "",
"expiry_month": 5,
"expiry_year": 2024,
"holder_name": "GMC",
"number": "5123450000000008"
},
"order": {
"amount": 200,
"description": "PASSIVE99465427",
"dev_reference": "PASSIVE99465427",
"installments_type": 0,
"taxable_amount": 0,
"vat": 0
},
"origin": "ORIGIN",
"user": {
"email": "PASSIVE99465427@test.com",
"fiscal_number": "",
"id": "PASSIVE99465427",
"ip_address": "127.0.0.1",
"phone": ""
}
"hotel": {
"booking_reference ": "4556778999",
"booking_country": "CO",
"issue_date": "2021-08-24 12:55:11",
"name": "Fiesta Americana",
"code": "HT001",
"arrival_date": "2021-09-24 12:55:11",
"departure_date": "2021-09-30 12:55:11",
"payer_in": true,
"country": "MX",
"numbers_child": 2,
"numbers_adt": 1,
"transportation_include": true,
"transport_name": "latam"
}
}' 'https://ccapi-stg.shieldgate.mx/v2/transaction/debit_cc'
In case you are sending airline hotel, this is the Json Object Format.
| Parameter | Type | Required | Description |
|---|---|---|---|
| booking_reference | String | Yes | Booking reference. |
| booking_country | String | No | Country booking, Format: ISO 3166-2. |
| issue_date | String | Yes | Reservation date in the following format:YYYY-MM-DD HH:MM:SS. |
| name | String | Yes | Hotel name. |
| code | String | Yes | Hotel code. |
| arrival_date | String | Yes | Arrival date in the following format:YYYY-MM-DD HH:MM:SS. |
| departure_date | String | Yes | Departure date in the following format:YYYY-MM-DD HH:MM:SS. |
| payer_in | Boolean | No | True if payer is in booking. |
| country | String | Yes | Hotel country, Format: ISO 3166-2. |
| numbers_child | Number | Yes | Total child. |
| numbers_adt | Number | Yes | Total adult. |
| transportation_include | Boolean | No | True if include transportation. |
| transport_name | String | No | Transport name. |
Airline Data
This is an example of request with airline data.
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"card": {
"cvc": "",
"expiry_month": 5,
"expiry_year": 2024,
"holder_name": "GMC",
"number": "5123450000000008"
},
"order": {
"amount": 200,
"description": "PASSIVE99465427",
"dev_reference": "PASSIVE99465427",
"installments_type": 0,
"taxable_amount": 0,
"vat": 0
},
"origin": "ORIGIN",
"user": {
"email": "PASSIVE99465427@test.com",
"fiscal_number": "",
"id": "PASSIVE99465427",
"ip_address": "127.0.0.1",
"phone": ""
}
"airline": {
"flight_legs": [
{
"carrier_code": "T1",
"departure_airport": "TAO",
"departure_date": "2021-09-30 08:00:00",
"destination_airport": "TAD",
"arrival_date": "2021-09-30 11:00:00",
"flight_number": "123456"
}
],
"passengers": [
{
"first_name": "Gabriel",
"last_name": "Cruz",
"middle_name": "Omar",
"title": "Mr Dr"
},
{
"first_name": "Jhon",
"last_name": "Doe",
"middle_name": "",
"title": "Mr"
},
{
"first_name": "Jane",
"last_name": "Doe",
"middle_name": "",
"title": "Mrs"
}
],
"reservation": {
"airline_code": "T1",
"booking_reference": "1234567890",
"document_type": "ELECTRONIC_TICKET",
"issue_date": "2021-09-30 00:00:00",
"ticket_number": "12345678901",
"travel_agent_code": "TESTAIR1",
"travel_agent_name": "TestAirline",
"itinerary_type": "ONE_WAY"
}
}
}' 'https://ccapi-stg.shieldgate.mx/v2/transaction/debit_cc'
In case you are sending airline data, this is the Json Object Format.
| Parameter | Type | Required | Description |
|---|---|---|---|
| flight_legs | Array | Yes | Array with one or more objects of flight leg.see the specification of flight_leg. |
| passengers | Array | Yes | Array with one or more objects of passenger.see the specification of passenger |
| reservation.airline_code | String | Yes | Airline code. |
| reservation.booking_reference | String | Yes | Booking reference. |
| reservation.document_type | String | Yes | Document type can be ELECTRONIC_TICKET or OTHER. |
| reservation.issue_date | Date Time | Yes | Reservation date in the following format:YYYY-MM-DD HH:MM:SS. |
| reservation.ticket_number | String | No | Ticket number. |
| reservation.travel_agent_code | String | Yes | Travel agent code. |
| reservation.travel_agent_name | String | Yes | Travel agent name. |
| reservation.itinerary_type | String | No | Itinerary type can be MULTI_DESTINATION, ONE_WAY, ROUND_TRIP. |
| reservation.complete_route | String | No | Complete route example: SFO-JFK:JFK-LHR:LHR-CDG. |
| reservation.frequent_flyer | String | No | Frequent flyer code, split with _. |
| reservation.delta_days | Number | No | Delta days. |
| reservation.city_departure | String | No | Departure city. |
| reservation.city_arrival | String | No | Arrival City. |
Flight leg object detail.
| Parameter | Type | Required | Description |
|---|---|---|---|
| carrier_code | String | Yes | Carrier code. |
| departure_airport | String | Yes | Departure airport. |
| departure_date | Date Time | Yes | Departure date in the following format:YYYY-MM-DD HH:MM:SS. |
| destination_airport | String | Yes | Destination airport |
| arrival_date | Date Time | Yes | Arrival date in the following format:YYYY-MM-DD HH:MM:SS. |
| flight_number | String | Yes | Flight number. |
| stopover_allowed | Boolean | No | Allow stopover. |
Passenger object detail.
| Parameter | Type | Required | Description |
|---|---|---|---|
| id | String | No | User id. |
| first_name | String | Yes | First name passenger. |
| last_name | String | Yes | Last name passenger. |
| middle_name | String | No | Middle name passenger. |
| title | String | Yes | Title passenger. |
| String | No | Passenger email. | |
| type | String | No | Passenger type : ADT, INF ó CHD. |
| phone | String | No | Passenger phone. |
| amount | Number | No | Amount for passenger. Format: Decimal with two fraction digits. |
Installments Type
The installments type are only available for Ecuador and Mexico. For this countries if you send installments, then the installments_type are mandatory. The valid values are:
| Type | Description |
|---|---|
| 0 | Revolving credit (rotativo). |
| 1 | Revolving and deferred without interest (The bank will pay to the commerce the installment, month by month). |
| 2 | Deferred with interest. |
| 3 | Deferred without interest. |
| 7 | Deferred with interest and months of grace. |
| 6 | Deferred without interest pay month by month. (*) |
| 9 | Deferred without interest and months of grace. |
| 10 | Deferred without interest promotion bimonthly. (*) |
| 21 | For Diners Club exclusive, deferred with and without interest. |
| 22 | For Diners Club exclusive, deferred with and without interest. |
| 30 | Deferred with interest pay month by month. (*) |
| 50 | Deferred without interest promotions (Supermaxi). (*) |
| 51 | Deferred with interest (Cuota fácil). (*) |
| 52 | Without interest (Rendecion Produmillas). (*) |
| 53 | Without interest sale with promotions. (*) |
| 70 | Deferred special without interest. (*) |
| 72 | Credit without interest (cte smax). (*) |
| 73 | Special credit without interest (smax). (*) |
| 74 | Prepay without interest (smax). (*) |
| 75 | Deffered credit without interest (smax). (*) |
| 90 | Without interest with months of grace (Supermaxi). (*) |
Split payment
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"user": {
"id": "11",
"email": "test@test.com"
},
"order": {
"amount": 19000,
"description": "RBM-TES",
"dev_reference": "11372",
"vat": 0.0,
"installments": 1
},
"card": {
"token": "4813322119168991180"
},
"extra_params": {
"split": {
"transactions": [
{
"application_code": "App2",
"installments": 1,
"amount": 10000
},
{
"application_code": "App1",
"installments": 1,
"amount": 9000
}
]
}
}
}' 'https://ccapi-stg.shieldgate.mx/v2/transaction/debit/'
The above request returns JSON structured like this:
{
"transaction": {
"status": "success",
"payment_date": "2020-01-28T21:09:55.424",
"amount": 19000.0,
"authorization_code": "615246",
"installments": 1,
"dev_reference": "11372",
"message": "Aprobado",
"carrier_code": "00",
"id": "RB-37",
"status_detail": 3
},
"split": {
"transactions": [
{
"installments": 1,
"amount": 10000.0,
"id": "RB-37-1",
"application_code": "App2",
"authorization_code": "615246"
},
{
"installments": 1,
"amount": 9000.0,
"id": "RB-37-2",
"application_code": "App1",
"authorization_code": "580705"
}
]
},
"card": {
"bin": "377813",
"status": "valid",
"token": "6837968442995217183",
"expiry_year": "2021",
"expiry_month": "3",
"transaction_reference": "RB-37",
"type": "ax",
"number": "9063",
"origin": "ORIGIN"
}
}
This endpoint is used to make payments that enables to split the order amount between different applications (Available only for Colombia).
HTTP Request
POST https://ccapi-stg.shieldgate.mx/v2/transaction/debit/
URL Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| session_id | String | No | Fraud related parameter. 32-length numeric hash. |
| order.amount | Number | Yes | Total amount to pay. Format: Decimal with two fraction digits. |
| order.description | String | Yes | The order description. |
| order.dev_reference | String | Yes | Id from commerce to identify the order. |
| order.vat | Number | Yes | Sales tax amount, included in product cost. Format: Decimal with two fraction digits. |
| order.installments | Number | No | The number of installments for the payment, only for COP, MXN, BRL, PEN, CLP and USD (Ecuador). |
| user.id | String | Yes | Buyer identifier. |
| user.email | String | Yes | Buyer email registered to order. |
| user.phone | String | No | Numero de teléfono del comprador. |
| user.ip_address | String | No | User IP address. Valid v4 IP address. |
| user.fiscal_number | String | No | The fiscal number given by the buyer Note: For card types ex, ak, vr, sx, ol, ep and cd this field is mandatory. |
| card.token | String | Yes | Card Identifier. This code is unique among all cards. Format: Long Integer. |
| extra_params | Json | Yes | Required params to generate a split transaction See split params |
Split params
| Parameter | Type | Required | Description |
|---|---|---|---|
| split.transactions | Array | Yes | Array with the information of how the payment will be divided (commerce/amounts) |
| split.transactions.application_code | String | Yes | Application that has the account to which a partial amount will be sent |
| split.transactions.amount | Number | Yes | Partial amount of payment |
| split.transactions.installments | Number | Yes | The number of installments for the partial amount |
Split response
| Parameter | Description |
|---|---|
| transaction.status | Could be success, failure, pending, expired or canceled. |
| transaction.payment_date | If staging environment the date will be in UTC, otherwise will depend on carrier. |
| transaction.amount | The amount of the transaction. |
| transaction.authorization_code | If success the authorization code responded from carrier. |
| transaction.installments | The number of installments for the payment. |
| transaction.dev_reference | Merchant order reference. |
| transaction.message | The returned message from carrier or fraud analysis system. |
| transaction.carrier_code | The returned code from carrier. |
| transaction.id | Transaction identifier. This code is unique among all transactions. |
| transaction.status_detail | The status detail of the transaction, for more information status detail |
| card.bin | The BIN of the card (First six digits of the card). |
| card.expiry_year | The expiry year of the card. |
| card.expiry_month | The expiry month of the card. |
| card.transaction_reference | If any, the transaction.id |
| card.type | Abbreviated card type. See the valid options |
| card.number | The last four digits of the card. |
| card.origin | The origin of the credit card. Could be one of the following: Shieldgate, VisaCheckout, Masterpass. |
| split.transactions | Array containing authorized transactions on split payment |
| split.transactions.application_code | Application that corresponds to that payment |
| split.transactions.amount | Partial amount of the total order |
| split.transactions.id | Transaction identifier of split payment |
| split.transactions.installments | The number of installments for the partial amount |
| split.transactions.authorization_code | Split transaction authorization code |
Debit with QR
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"user": {
"id": "11",
"email": "example@example.com",
"fiscal_number": "1111111111",
"phone": "111112222333"
},
"order": {
"amount": 123,
"description": "Product Description",
"dev_reference": "nnnnn",
"vat": 0
},
"card": {
"token": "1111222233334444555",
},
"extra_params": {
"qr_data": {
"complete_info": {
"is_new": false,
"qr_type": "DINAMICO",
"data_amount": {
"base_amount": 123,
"inc": 0,
"iva": 0,
"tip": 0,
"total_amount": 123,
"transaction_amount": 123
},
"qr_entity": {
"address": "my address",
"country_code": null,
"crc": null,
"max_inc_percentage": "0.0",
"max_iva_percentage": "0.0",
"merchant_category_code": null,
"merchant_city": null,
"merchant_name": "Product Description",
"merchant_account_information_c": {
"id_acquirer": null,
"unique_code_merchant": "1111112222",
"unique_code_merchant_agree": null
},
"merchant_additional_data_c": {
"id_acquirer": null,
"bill_number": null,
"customer_label": null,
"loyalty_number": null,
"mobile_number": null,
"purpose_of_transaction": null,
"reference_label": null,
"store_label": null,
"terminal_label": "XXXXYYY12"
},
"merchant_a_unreserved_c": {
"base_iva": "0",
"channel": "DA",
"condition_inc": "N",
"condition_iva": "N",
"condition_tax_one": null,
"condition_tax_two": null,
"consecutive_transaction": "4321",
"security_field": null,
"tax_one": null,
"tax_two": null,
"value_inc": "0",
"value_iva": "0"
},
"merchant_information_languaje_c": {
"language_preference": null,
"merchant_city_alternate_language": null,
"merchant_name_alternate_language": null
},
"payload_format_indicator": null,
"point_of_initiation_method": "D",
"postal_code": null,
"tip_or_convenience_indicator": "N",
"total_amount": "123",
"transaction_amount": "123",
"transaction_currency": null,
"value_of_convenience_fee_fixed": "0",
"value_of_convenience_fee_percentage": "0.0"
}
}
}
}
}' 'https://ccapi-stg.shieldgate.mx/v2/transaction/debit/'
This endpoint creates a debit transaction with a QR code, only for Colombia (COP).
This is a solution that allow to pay throw a QR code generated in the dataphone or mobile application that is scaned from the mobile wallet of the client.
HTTP Request
POST https://ccapi-stg.shieldgate.mx/v2/transaction/debit/
URL Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| session_id | String | No | Fraud related parameter. 32-length numeric hash. |
| order.amount | Number | Yes | Total amount to pay. Format: Decimal with two fraction digits. |
| order.description | String | Yes | The order description. |
| order.dev_reference | String | Yes | Id from commerce to identify the order. |
| order.vat | Number | Yes | Sales tax amount, included in product cost. Format: Decimal with two fraction digits. |
| order.installments | Number | No | The number of installments for the payment, only for COP, MXN, BRL, PEN, CLP and USD (Ecuador). |
| user.id | String | Yes | Buyer identifier. |
| user.email | String | Yes | Buyer email registered to order. |
| user.phone | String | No | Numero de teléfono del comprador. |
| user.ip_address | String | No | User IP address. Valid v4 IP address. |
| user.fiscal_number | String | No | The fiscal number given by the buyer Note: For card types ex, ak, vr, sx, ol, ep and cd this field is mandatory. |
| user.fiscal_number_type | String | No | Fiscal number type |
| card.token | String | Yes | Card Identifier. This code is unique among all cards. Format: Long Integer. |
| card.account_type | String | No | The corresponding values for: Credit, Checking and Savings accounts are: C, R and A respectively. |
| extra_params.qr_data | Json | Yes | Json returned in the SDK. |
Response
Debit with credit card
Base Case
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"user": {
"id": "4",
"email": "user@example.com"
},
"order":{
"amount": 11.1,
"description": "una paleta",
"vat": 0,
"dev_reference": "referencia"
},
"card": {
"number": "4507000397186651",
"holder_name": "citlali calderon",
"expiry_month": 9,
"expiry_year": 2020,
"cvc": "123",
"type": "vi"
}
}' 'https://ccapi-stg.shieldgate.mx/v2/transaction/debit_cc'
The above request returns JSON structured like this:
{
"transaction": {
"status": "success",
"payment_date": "2017-10-12T21:07:22",
"amount": 11.1,
"authorization_code": "472921",
"installments": 1,
"dev_reference": "referencia",
"message": "Operation Successful",
"carrier_code": "6",
"id": "CI-507",
"status_detail": 3,
"installments_type": "Revolving credit",
"product_description": "una paleta",
"payment_method_type": "0"
},
"card": {
"bin": "450700",
"expiry_year": "2020",
"expiry_month": "9",
"transaction_reference": "CI-507",
"type": "vi",
"number": "6651",
"origin": "ORIGIN"
}
}
An example of request with extra_params:
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"user": {
"id": "4",
"email": "user@example.com"
},
"order":{
"amount": 11.1,
"description": "una paleta",
"vat": 0,
"dev_reference": "referencia"
},
"card": {
"number": "4507000397186651",
"holder_name": "citlali calderon",
"expiry_month": 9,
"expiry_year": 2020,
"cvc": "123",
"type": "vi"
},
"extra_params": {
"config_01": "value_01",
"config_02": {"name_01": "name_v01"}
}
}' 'https://ccapi-stg.shieldgate.mx/v2/transaction/debit_cc'
This is an example of request making the request with 3ds 2 objects for authentication:
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"user": {
"id": "4",
"email": "user@example.com"
},
"order":{
"amount": 11.1,
"description": "una paleta",
"vat": 0,
"dev_reference": "referencia"
},
"card": {
"number": "4507000397186651",
"holder_name": "citlali calderon",
"expiry_month": 9,
"expiry_year": 2020,
"cvc": "123",
"type": "vi"
},
"extra_params": {
"threeDS2_data": {
"term_url": "https://your.url.com/YOUR_3DS_NOTIFICATION_URL",
"device_type": "browser",
"process_anyway": false
},
"browser_info": {
"ip": "88.196.25.166",
"language": "en-US",
"java_enabled": false,
"js_enabled": true,
"color_depth": 24,
"screen_height": 1200,
"screen_width": 1920,
"timezone_offset": 0,
"user_agent": "Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/70.0.3538.110 Safari\/537.36",
"accept_header": "text/html"
}
}
}' 'https://ccapi-stg.shieldgate.mx/v2/transaction/debit_cc'
This endpoint creates a debit transaction with a credit card.
If you want to debit with 3D Secure 2 authentication. You will need to include extra_params in the request, that are used for authentication (See objects for authentication)
HTTP Request
POST https://ccapi-stg.shieldgate.mx/v2/transaction/debit_cc/
URL Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| session_id | String | No | Fraud related parameter. 32-length numeric hash. |
| order.amount | Number | Yes | Amount to debit. Format: Decimal with two fraction digits. |
| order.description | String | Yes | Description of the order to be purchase. Format: (Maximum Length 250) |
| order.dev_reference | String | Yes | Merchant order reference. You will identify this purchase using this reference. |
| order.vat | Number | Yes | Sales tax amount, included in product cost. Format: Decimal with two fraction digits. |
| order.installments | Number | No | The number of installments for the payment, only for COP, MXN, BRL, PEN, CLP and USD (Ecuador). |
| order.installments_type | Number | No | Only available for Ecuador and Mexico. See the valid values |
| order.taxable_amount | Number | No | Only available for Ecuador. The taxable amount is the total amount of all taxable items excluding tax. If not sent, it's calculated on the total. Format: Decimal with two fraction digits. |
| order.tax_percentage | Number | No | Only available for Ecuador. The tax rate to be applied to this order. Should be 0 or 12. |
| order.months_grace | Number | No | Only available for Mexico and Ecuador (Medianet), the number of months of grace for a deferred payment. |
| user.id | String | Yes | Customer identifier. This is the identifier you use inside your application. |
| user.first_name | String | No | User name. |
| user.last_name | String | No | User last name. |
| user.email | String | Yes | Buyer email, with valid e-mail format. |
| user.phone | String | No | Buyer phone. |
| user.ip_address | String | No | User IP address. Valid v4 IP address. |
| user.fiscal_number | String | No | The fiscal number given by the buyer Note: For card types ex, ak, vr, sx, ol, ep and cd this field is mandatory. |
| card.number | String | Yes | A valid credit card number. |
| card.holder_name | String | Yes | The credit card holder name. |
| card.expiry_month | Number | Yes | The credit card expiry month. |
| card.expiry_year | Number | Yes | The credit card expiry year. |
| card.cvc | String | Yes | The credit card security number. |
| card.type | String | No | Abbreviated card type. See the valid options |
| extra_params | Json | No | Optional params (3DS 2 objects included) used for some commerce in Json format. Please contact your commercial executive for more details. |
| billing_address | Json | No | Object with the billing address, see the specification of address. |
| shipping_address | Json | No | Object with the shipping address, see the specification of address. |
| airline | Json | No | Object with airline data, see the specification of airline. |
| hotel | Json | No | Object with hotel data, see the specification of hotel. |
Response
Split payment
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"user": {
"id": "11",
"email": "test@test.com"
},
"order": {
"amount": 19000,
"description": "Split TEST",
"vat": 0,
"dev_reference": "117"
},
"card": {
"number": "4276981328765847",
"holder_name": "Leidy Cruz",
"expiry_month": 12,
"expiry_year": 2022,
"cvc": "355"
},
"extra_params": {
"split": {
"transactions": [
{
"application_code": "APP_1",
"installments": 1,
"amount": 10000
},
{
"application_code": "APP_2",
"installments": 1,
"amount": 9000
}
]
}
}
}' 'https://ccapi-stg.shieldgate.mx/v2/transaction/debit_cc'
The above request returns JSON structured like this:
{
"transaction": {
"status": "success",
"payment_date": "2021-02-09T15:58:00.272",
"amount": 19000.0,
"authorization_code": "845889",
"installments": 1,
"dev_reference": "117",
"message": "Aprobado",
"carrier_code": "00",
"id": "RB-7",
"status_detail": 3
},
"split": {
"size": 2,
"transactions": [
{
"installments": 1,
"amount": 10000.0,
"id": "RB-7-1",
"application_code": "APP_1",
"authorization_code": "845889"
},
{
"installments": 1,
"amount": 9000.0,
"id": "RB-7-2",
"application_code": "APP_2",
"authorization_code": "152244"
}
]
},
"card": {
"bin": "427698",
"expiry_year": "2022",
"expiry_month": "12",
"transaction_reference": "RB-7",
"type": "vi",
"number": "5847",
"origin": "ORIGIN"
}
}
This endpoint is used to make payments that enables to split the order amount between different applications (Available only for Colombia).
HTTP Request
POST https://ccapi-stg.shieldgate.mx/v2/transaction/debit_cc/
URL Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| session_id | String | No | Fraud related parameter. 32-length numeric hash. |
| order.amount | Number | Yes | Total amount to pay. Format: Decimal with two fraction digits. |
| order.description | String | Yes | The order description. |
| order.dev_reference | String | Yes | Id from commerce to identify the order. |
| order.vat | Number | Yes | Sales tax amount, included in product cost. Format: Decimal with two fraction digits. |
| order.installments | Number | No | The number of installments for the payment, only for COP, MXN, BRL, PEN, CLP and USD (Ecuador). |
| user.id | String | Yes | Buyer identifier. |
| user.email | String | Yes | Buyer email registered to order. |
| user.phone | String | No | Numero de teléfono del comprador. |
| user.ip_address | String | No | User IP address. Valid v4 IP address. |
| user.fiscal_number | String | No | The fiscal number given by the buyer Note: For card types ex, ak, vr, sx, ol, ep and cd this field is mandatory. |
| card.number | String | Yes | A valid credit card number. |
| card.holder_name | String | Yes | The credit card holder name. |
| card.expiry_month | Number | Yes | The credit card expiry month. |
| card.expiry_year | Number | Yes | The credit card expiry year. |
| card.cvc | String | Yes | The credit card security number. |
| card.type | String | No | Abbreviated card type. See the valid options |
| extra_params | Json | Yes | Required params to generate a split transaction See split params |
Split params
| Parameter | Type | Required | Description |
|---|---|---|---|
| split.transactions | Array | Yes | Array with the information of how the payment will be divided (commerce/amounts) |
| split.transactions.application_code | String | Yes | Application that has the account to which a partial amount will be sent |
| split.transactions.amount | Number | Yes | Partial amount of payment |
| split.transactions.installments | Number | Yes | The number of installments for the partial amount |
Split response
| Parameter | Description |
|---|---|
| transaction.status | Could be success, failure, pending, expired or canceled. |
| transaction.payment_date | If staging environment the date will be in UTC, otherwise will depend on carrier. |
| transaction.amount | The amount of the transaction. |
| transaction.authorization_code | If success the authorization code responded from carrier. |
| transaction.installments | The number of installments for the payment. |
| transaction.dev_reference | Merchant order reference. |
| transaction.message | The returned message from carrier or fraud analysis system. |
| transaction.carrier_code | The returned code from carrier. |
| transaction.id | Transaction identifier. This code is unique among all transactions. |
| transaction.status_detail | The status detail of the transaction, for more information status detail |
| card.bin | The BIN of the card (First six digits of the card). |
| card.expiry_year | The expiry year of the card. |
| card.expiry_month | The expiry month of the card. |
| card.transaction_reference | If any, the transaction.id |
| card.type | Abbreviated card type. See the valid options |
| card.number | The last four digits of the card. |
| card.origin | The origin of the credit card. Could be one of the following: Shieldgate, VisaCheckout, Masterpass. |
| split.transactions | Array containing authorized transactions on split payment |
| split.transactions.application_code | Application that corresponds to that payment |
| split.transactions.amount | Partial amount of the total order |
| split.transactions.id | Transaction identifier of split payment |
| split.transactions.installments | The number of installments for the partial amount |
| split.transactions.authorization_code | Split transaction authorization code |
Steps debit with 3DS
If you wish to make the payment throw your web checkout, extra steps are needed for calling JavaScript components provided by the MPI CyberSource. This steps works only for a brower integration, NOT for a mobile one.
The following steps are needed:
1. Get the reference_id and jwt.
curl -k -L -H 'Content-Type: application/json' -H 'Auth-Token: auth-token'
'https://ccapi-stg.shieldgate.mx/v2/3ds/init/cybersource'
The above request returns JSON structured like this:
{
"jwt": "eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJSZWZlcmVuY2VJZCI6ICIxIiwgImlzcyI6ICI1ZmY0NDVlZTU1ZjEwNTcwOWUyNjljODkiLCAianRpIjogIjgxZGY0MzZjLWZmMzEtNDhiNi1iMGYwLTBkM2Y1Y2NjOGEwOSIsICJleHAiOiAxNjQ2OTU5MTgxLCAiaWF0IjogMTY0Njk1MTk4MSwgIk9yZ1VuaXRJZCI6ICI1ZmY0NDVlZTA5YzUwYjJkNDA4ZjcyMDkifQ==.zHfhpRXB4u8noaHnwvvWSw2lGJHwM4Uky9FNZjRBeIc=",
"reference_id": "1"
}
HTTP Request
GET https://ccapi-stg.shieldgate.mx/v2/3ds/init/cybersource
Response
| Parameter | Description |
|---|---|
| reference_id | Unique Id per transaction that will be needed in backend and front end (thru the jwt). |
| jwt | Token for autenticate in the front end service (CyberSource). |
2. In your front end call the init method. You can listen for the payments.setupComplete event to be notified when Songbird has finished initializing.
In front end call the init. Continue only when the initializing has finished.
<script src="https://includestest.ccdc02.com/cardinalcruise/v1/songbird.js"></script>
Cardinal.setup('init', {
jwt: jwt,
order: {
Consumer: {
Account: {
AccountNumber: bin,
}
}
}
});
Cardinal.on('payments.setupComplete', function () {
// this is an example
document.getElementById('init').disabled = true;
document.getElementById('Authenticate').disabled = false;
});
Cardinal.on('payments.validated', function (data, jwt) {
// This event is triggered when the transaction has been finished. This is how Songbird hands back control to the merchant's webpage.
// You can call the verify, this is an example:
Payment.verifyTransaction(user_id, transaction_id, 'BY_CRES', '', useCases, successCallback, errorCallback);
});
The following is the javascript component of the MPI (CyberSource). For further information
| Environment | URL |
|---|---|
| development | https://includestest.ccdc02.com/cardinalcruise/v1/songbird.js |
| production | https://songbird.cardinalcommerce.com/edge/v1/songbird.js |
The parameters needed for the Init:
| Parameter | Description |
|---|---|
| bin | The first 6 digits of the card. |
| jwt | Token obtained in the previous step. |
3. In your backend call the debit with credit card method.
Debit with credit card example.
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"user": {
"id": "4",
"email": "user@example.com",
"phone": "1234567890123"
},
"order":{
"amount": 11.1,
"description": "una paleta",
"vat": 0,
"dev_reference": "referencia",
"installments": 4
},
"card": {
"number": "4456530000001047",
"holder_name": "citlali calderon",
"expiry_month": 12,
"expiry_year": 2024,
"cvc": "123",
"type": "vi"
},
"billing_address": {
"street": "Street Test",
"house_number": "24",
"city": "ciudad de mexico",
"zip": "67890",
"state": "DF",
"country": "MEX",
"district": "colonia",
"additional_address_info": ""
},
"extra_params": {
"threeDS2_data": {
"term_url": "https://your.url.com/",
"device_type": "browser",
"reference_id": "2"
},
"browser_info": {
"ip": "88.196.25.166",
"language": "en-US",
"java_enabled": false,
"js_enabled": true,
"color_depth": 24,
"screen_height": 1200,
"screen_width": 1920,
"timezone_offset": 0,
"user_agent": "Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/70.0.3538.110 Safari\/537.36",
"accept_header": "text/html"
}
}
}' 'https://ccapi-stg.shieldgate.mx/v2/transaction/debit_cc'
Remarks on some parameters:
| Parameter | Description |
|---|---|
| extra_params.threeDS2_data.term_url | The URL of the merchant’s return page. |
| extra_params.threeDS2_data.device_type | Only browser is possible. |
| extra_params.threeDS2_data.reference_id | The reference_id obtained in the first step. |
| billing_address | The billing address is mandatory for CyberSource |
In the response will be information needed for the next step:
| Parameter | Description |
|---|---|
| 3ds.browser_response.challenge_request | Match the AcsUrl. |
| 3ds.browser_response.transaction_id | Match the TransactionId in CyberSource. |
| 3ds.browser_response.pareq | Match the Payload. |
4. If the status_detail obtained in the previous step was 36, in your front end call the continue method.
In front end, call continue.
<script src="https://includestest.ccdc02.com/cardinalcruise/v1/songbird.js"></script>
Cardinal.continue('cca',
{
"AcsUrl": browser_response.challenge_request,
"Payload": browser_response.pareq,
},
{
"OrderDetails": {
"TransactionId": browser_response.transaction_id
}
}
);
The params needed for continue are: AcsUrl, TransactionId y Payload received in the previous step.
5. If the forth step was needed, call the verify BY_CRES.
Verify BY_CRES example:
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth-token' -d '{
"user": {
"id": "4"
},
"transaction": {
"id": "RB-340"
},
"type": "BY_CRES",
"value": "",
"more_info": true
}' 'https://ccapi-stg.shieldgate.mx/v2/transaction/verify'
In this case you will sent an empty string for value.
Cards to test different scenarios:
| Card | Scenario |
|---|---|
| 5200000000001096 | challenge |
| 5200000000001005 | frictionless |
Authorize
Case a) sending only the card.token
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"user": {
"id": "4",
"email": "user@example.com"
},
"order": {
"dev_reference": "referencia",
"amount": 99.0,
"description": "pozole",
"vat": 0.00
},
"card": {
"token": "6221308792087238335"
}
}' 'https://ccapi-stg.shieldgate.mx/v2/transaction/authorize/'
The above request returns JSON structured like this:
{
"transaction": {
"status": "success",
"payment_date": "2017-09-26T21:03:04",
"amount": 99.0,
"authorization_code": "148177",
"installments": 1,
"dev_reference": "referencia",
"message": "Operation Successful",
"carrier_code": "4",
"id": "CI-490",
"status_detail": 0
},
"card": {
"bin": "453254",
"status": "valid",
"token": "10135134879450157925",
"expiry_year": "2020",
"expiry_month": "9",
"transaction_reference": "CI-490",
"type": "vi",
"number": "8311",
"origin": "ORIGIN"
}
}
Case b) sending all the information of the card (pci commerce)
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"user": {
"id": "4",
"email": "user@example.com"
},
"order": {
"dev_reference": "referencia",
"amount": 99.0,
"description": "pozole",
"vat": 0.00
},
"card": {
"number": "4507000397186651",
"holder_name": "citlali calderon",
"expiry_month": 9,
"expiry_year": 2020,
"cvc": "123",
"type": "vi"
}
}' 'https://ccapi-stg.shieldgate.mx/v2/transaction/authorize/'
The above request returns JSON structured like this:
{
"transaction": {
"status": "success",
"payment_date": "2017-09-26T21:02:04",
"amount": 99.0,
"authorization_code": "148177",
"installments": 1,
"dev_reference": "referencia",
"message": "Operation Successful",
"carrier_code": "4",
"id": "CI-491",
"status_detail": 0
},
"card": {
"bin": "450700",
"expiry_year": "2020",
"expiry_month": "9",
"transaction_reference": "CI-491",
"type": "vi",
"number": "6651"
}
}
This endpoint send for authorization a transaction of Credit Card (Only for Cielo (BRL), Prosa (MXN) Procesos and Visanet (PEN))
If you want to authorize with 3D Secure 2 authentication, there are two possible ways:
Direct authorization with Shieldgate by Afirme. This will include extra params in the request, that are used for authentication (See objects for authentication)
By Performing a 3D Secure 2 authentication calling the proper endpoint Authentication 3DS 2 section, before calling the authorize.
HTTP Request
POST https://ccapi-stg.shieldgate.mx/v2/transaction/authorize/
URL Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| session_id | String | No | Fraud related parameter. 32-length numeric hash. |
| order.amount | Number | Yes | Amount to debit. Format: Decimal with two fraction digits. |
| order.description | String | Yes | Description of the order to be purchase. Format: (Maximum Length 250) |
| order.dev_reference | String | Yes | Merchant order reference. You will identify this purchase using this reference. |
| order.vat | Number | Yes | Sales tax amount, included in product cost. Format: Decimal with two fraction digits. |
| order.installments | Number | No | The number of installments for the payment, only for COP, MXN, BRL, PEN, CLP and USD (Ecuador). |
| order.installments_type | Number | No | Only available for Ecuador and Mexico. See the valid values |
| order.months_grace | Number | No | Only available for Mexico and Ecuador (Medianet), the number of months of grace for a deferred payment. |
| user.id | String | Yes | Customer identifier. This is the identifier you use inside your application. |
| user.first_name | String | No | User name. |
| user.last_name | String | No | User last name. |
| user.email | String | Yes | Buyer email, with valid e-mail format. |
| user.phone | String | No | Buyer phone. |
| user.ip_address | String | No | User IP address. Valid v4 IP address. |
| card.token | String | No (*) | Card Identifier. This code is unique among all cards. Format: Long Integer. |
| card.number | String | No | A valid credit card number. |
| card.holder_name | String | No (*) | The credit card holder name. |
| card.expiry_month | Number | No (*) | The credit card expiry month. |
| card.expiry_year | Number | No (*) | The credit card expiry year. |
| card.cvc | String | No (*) | The credit card security number. |
| card.type | String | No (*) | Abbreviated card type. See the valid options |
| extra_params | Json | No | Optional params (3DS 2 objects included) used for some commerce in Json format. Please contact your commercial executive for more details. |
| billing_address | Json | No | Object with the billing address, see the specification of address. |
| shipping_address | Json | No | Object with the shipping address, see the specification of address. |
| airline | Json | No | Object with airline data, see the specification of airline. |
| hotel | Json | No | Object with hotel data, see the specification of hotel. |
Response
Capture
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"transaction": {
"id": "CI-325"
}
}' 'https://ccapi-stg.shieldgate.mx/v2/transaction/capture/'
The above request returns JSON structured like this:
{
"transaction": {
"status": "success",
"payment_date": "2017-09-26T21:03:04",
"amount": 99.0,
"authorization_code": "148177",
"installments": 1,
"dev_reference": "referencia",
"message": "Operation Successful",
"carrier_code": "6",
"id": "CI-490",
"status_detail": 3
},
"card": {
"bin": "453254",
"status": "valid",
"token": "10135134879450157925",
"expiry_year": "2020",
"expiry_month": "9",
"transaction_reference": "CI-490",
"type": "vi",
"number": "8311"
}
}
This endpoint capture an authorized transaction (Only for Cielo (BRL), Prosa (MXN) Procesos and VisaNet (PEN))
HTTP Request
POST https://ccapi-stg.shieldgate.mx/v2/transaction/capture/
URL Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| transaction.id | String | Yes | Transaction identifier. This code is unique among all transactions. |
| order.amount | Number | No | The order amount to capture, could be greater o lower than original (Prosa MXN), or only lower (Cielo, BRL Procesos and VisaNet (PEN)). Format: Decimal with two fraction digits. If not provided, the full amount of the original authorize will be captured. |
Response
Verify
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"user": {
"id": "4"
},
"transaction": {
"id": "CI-316"
},
"type": "BY_AMOUNT",
"value": "99.99"
}' 'https://ccapi-stg.shieldgate.mx/v2/transaction/verify'
The above request returns JSON structured like this:
{
"status": 1,
"payment_date": "2017-09-26T21:16:00",
"amount": 99.0,
"transaction_id": "CI-491",
"status_detail": 3,
"message": ""
}
In case of more_info = true, this is an example:
{
"transaction": {
"status": "failure",
"payment_date": null,
"amount": 11.1,
"authorization_code": null,
"installments": 1,
"dev_reference": "referencia",
"message": null,
"carrier_code": null,
"id": "RB-5969",
"status_detail": 37
},
"card": {
"bin": "401600",
"status": "",
"token": "",
"expiry_year": "2020",
"expiry_month": "9",
"transaction_reference": "RB-5969",
"type": "vi",
"number": "0051",
"origin": "ORIGIN"
},
"3ds": {
"sdk_response": {
"acs_trans_id": "00000000-0005-5a5a-8000-016ab2e4246c",
"acs_signed_content": null,
"acs_reference_number": "JCB0002"
},
"authentication": {
"status": "U",
"return_message": "U-status/Challenge authentication via ACS: ",
"version": null,
"xid": "MDAwMDAwMDAwMDAwMDAwMDAyMDg=",
"reference_id": "ffffffff-9002-51a3-8000-0000000345a2",
"cavv": null,
"return_code": "5",
"eci": null
},
"browser_response": {
"hidden_iframe": "",
"challenge_request": ""
}
}
}
After have been performed a transaction, whether through an add card, a debit with token, a debit with card or an authorization, if the response transaction status is pending, this end point should be posted after that.
Sometimes an add card or debit transaction would need to be verified with a code from the financial entity that charges the card. Another case that needs verification is when the card issuer send a OTP to the user in order to continue with the transaction, or after the buyer have been challenged in a 3DS 2 transaction.
When the buyer gets the verification code from his bank, or when the buyer obtain the SMS with the OTP, or when the merchant gets the result of the challenge response, its possible to verify the operation making a request to:
HTTP Request
POST https://ccapi-stg.shieldgate.mx/v2/transaction/verify
URL Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| transaction.id | String | Yes | Transaction identifier. This code is unique among all transactions. |
| user.id | String | Yes | Customer identifier. This is the identifier you use inside your application. |
| type | String | Yes | The type of value that is going to be sent in the request. Valid strings "BY_AMOUNT", "BY_AUTH_CODE", "BY_OTP", "BY_CRES" and "AUTHENTICATION_CONTINUE". |
| value | String | Yes | Could be the authorization code provided by the financial entity to the buyer, the transaction amount, the One Time Password (OTP), the Challenge Response (CRES), or empty string in case of AUTHENTICATION_CONTINUE. |
| more_info | Boolean | No | true or false to determine if the response will include more info about the transaction. |
Response
| Parameter | Description |
|---|---|
| status | The status of the transaction, for more information status detail |
| payment_date | If staging environment the date will be in UTC, otherwise will depend on carrier. |
| amount | The amount of the transaction. |
| transaction_id | Transaction identifier. This code is unique among all transactions. |
| status_detail | The status detail of the transaction, for more information status detail |
| message | If the type of verification was "BY_OTP", the response message in case of failure. |
If you send more_info with value true: See Objects in response
| Currency | Amount |
|---|---|
| COP | 256 |
| CRC | 256 |
| CLP | 256 |
| USD | 2.56 |
| BRL | 2.56 |
| PEN | 2.56 |
| SGD | 2.56 |
| MXN | 25.6 |
| HNL | 25.6 |
| NIO | 25.6 |
| UYU | 25.6 |
| ARS | 128 |
Refund
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"transaction": {
"id": "CI-311"
}
}' 'https://ccapi-stg.shieldgate.mx/v2/transaction/refund/'
The above request returns JSON structured like this:
{
"status": "success",
"detail": "Completed"
}
Example of refund with partial amount
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"transaction": {
"id": "CI-311"
},
"order": {
"amount": 11.10
}
}' 'https://ccapi-stg.shieldgate.mx/v2/transaction/refund/'
Example of request with reference_label. For QR Colombia only.
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"transaction": {
"reference_label": 1234567891011141618
}
}' 'https://ccapi-stg.shieldgate.mx/v2/transaction/refund/'
Example of request, with param 'more_info'
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"transaction": {
"id": "PR-11"
},
"order": {
"amount": 8.00
},
"more_info": true
}' 'https://ccapi-stg.shieldgate.mx/v2/transaction/refund/'
Example of response with more info
{
"status": "success",
"transaction": {
"status": "success",
"payment_date": "2020-02-11T00:39:58.477",
"authorization_code": "TEST00",
"refund_amount": 8.0,
"dev_reference": "referencia",
"carrier_code": null,
"status_detail": 34,
"amount": 11.1,
"installments": 1,
"message": "Reverse by mock",
"id": "PR-11"
},
"detail": "Completed partial refunded with 8.0",
"card": {
"bin": "400000",
"status": "",
"token": "",
"expiry_year": "2020",
"expiry_month": "9",
"transaction_reference": "PR-11",
"type": "vi",
"number": "0077",
"origin": "ORIGIN"
}
}
This endpoint is used to refund a transaction
HTTP Request
POST https://ccapi-stg.shieldgate.mx/v2/transaction/refund/
URL Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| transaction.id | String | Yes (*) | Transaction identifier. This code is unique among all transactions. |
| transaction.reference_label | Number | Yes (*) | Only for QR Colombia. ID Reference for a QR transaction. |
| order.amount | Number | No | The order amount to refund. Format: Decimal with two fraction digits. If not provided, the full amount of the transaction. Works with Cielo (BRL), Prosa (MXN), Credibanco and Redeban (COP) (**). |
| more_info | Boolean | No | true or false to determine if the response will include more info about the transaction. |
Response
| Parameter | Description |
|---|---|
| status | Could be one of the following: success, pending or failure |
| detail | If success could be Completed or Completed partial refunded with NN.NN where NN.NN is the amount of the partial refund. If failure could be Error: Not completed, Transaction already refunded or Invalid Status. If pending, Waiting gateway confirmation or Waiting gateway confirmation for partial refund with NN.NN. |
Void
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"transaction": {
"id": "PR-11"
},
}' 'https://ccapi-stg.shieldgate.mx/v2/transaction/void/'
The above request returns JSON structured like this:
{
"transaction": {
"status": "success",
"payment_date": "2022-08-11T18:52:32",
"amount": 99.0,
"authorization_code": "148177",
"installments": 1,
"dev_reference": "referencia",
"message": "Operation Successful",
"carrier_code": null,
"id": "PR-11",
"status_detail": 29
},
"card": {
"bin": "453254",
"status": "valid",
"token": "10135134879450157925",
"expiry_year": "2025",
"expiry_month": "10",
"transaction_reference": "PR-11",
"type": "vi",
"number": "8311"
}
}
This endpoint cancels an authorized transaction (Prosa (MXN))
HTTP Request
POST https://ccapi-stg.shieldgate.mx/v2/transaction/void/
URL Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| transaction.id | String | Yes (*) | Transaction identifier. This code is unique among all transactions. |
Response
Transaction Info
curl -k -L -H 'Content-Type: application/json' -H 'Auth-Token: auth_token'
'https://ccapi-stg.shieldgate.mx/v2/transaction/<transaction_id>/'
The above request returns JSON structured like this:
{
"transaction": {
"status": "pending",
"payment_date": "2018-01-26T23:49:51.100Z",
"amount": 10,
"authorization_code": "",
"installments": 1,
"dev_reference": "",
"status_detail": 0,
"carrier_code": "",
"message": "",
"id": ""
},
"card": {
"bin": "400552",
"holder_name": "First Dev",
"number": "4821",
"expiry_year": "2020",
"expiry_month": "12",
"type": "vi",
"origin": "ORIGIN"
}
}
This endpoint is used to obtain transaction info
HTTP Request
GET https://ccapi-stg.shieldgate.mx/v2/transaction/<transaction_id>
URL Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| transaction_id | String | Yes | Shieldgate by Afirme transaction_id |
Response
| Parameter | Description |
|---|---|
| transaction.status | Could be success, failure, pending, expired or canceled. |
| transaction.payment_date | If staging environment the date will be in UTC, otherwise will depend on carrier. |
| transaction.amount | The amount of the transaction. |
| transaction.authorization_code | If success the authorization code responded from carrier. |
| transaction.installments | The number of installments for the payment. |
| transaction.dev_reference | Merchant order reference. |
| transaction.message | The returned message from carrier or fraud analysis system. |
| transaction.carrier_code | The returned code from carrier. |
| transaction.id | Transaction identifier. This code is unique among all transactions. |
| transaction.status_detail | The status detail of the transaction, for more information status detail |
| card.bin | The BIN of the card (First six digits of the card). |
| card.expiry_year | The expiry year of the card. |
| card.expiry_month | The expiry month of the card. |
| card.transaction_reference | If any, the transaction.id |
| card.type | Abbreviated card type. See the valid options |
| card.number | The last four digits of the card. |
| card.origin | The origin of the credit card. Could be one of the following: Shieldgate, VisaCheckout, Masterpass. |
Card Brands
Internationals
| Card type | Brand | Logo |
|---|---|---|
| vi | Visa |  |
| mc | Mastercard |  |
| ax | American Express |  |
| di | Diners |  |
| dc | Discover |  |
| ms | Maestro |  |
Mexico
| Card type | Brand | Logo |
|---|---|---|
| cn | Carnet |  |
LinkToPay
In this platform, we can generate a payment link, which can be completed with any of the payment methods assigned to the access credentials.
Generate a link
Example of request to generate link.
curl --request POST
--url https://noccapi-stg.shieldgate.mx/linktopay/init_order/
--header 'auth-token: auth-token'
--header 'content-type: application/json'
--data '{
"user": {
"id": "117",
"email": "dummy@foo.com",
"name": "Gabriel",
"last_name": "Cruz"
},
"order": {
"dev_reference": "1",
"description": "Product description",
"amount": 1000,
"installments_type": 0,
"currency": "COP"
},
"configuration": {
"partial_payment": true,
"expiration_days": 1,
"allowed_payment_methods": ["All"],
"success_url": "https://url-to-success.com",
"failure_url": "https://url-to-failure.com",
"pending_url": "https://url-to-pending.com",
"review_url": "https://url-to-review.com"
}
}'
Example of request to generate a link with billing_address.
curl --request POST
--url https://noccapi-stg.shieldgate.mx/linktopay/init_order/
--header 'auth-token: auth-token'
--header 'content-type: application/json'
--data '{
"user": {
"id": "117",
"email": "dummy@foo.com",
"name": "Gabriel",
"last_name": "Cruz"
},
"order": {
"dev_reference": "1",
"description": "Product description",
"amount": 1000,
"installments_type": 0,
"currency": "COP"
},
"configuration": {
"partial_payment": true,
"expiration_days": 1,
"allowed_payment_methods": ["Card"],
"success_url": "https://url-to-success.com",
"failure_url": "https://url-to-failure.com",
"pending_url": "https://url-to-pending.com",
"review_url": "https://url-to-review.com"
},
"billing_address": {
"street": "Calle 1 Sur",
"city": "Chia",
"country": "COL",
"district": "Chia",
"zip": "#5",
"state": "CU",
"house_number": "179",
"additional_address_info": "Casa 53"
}
}'
The above request returns JSON structured like this:
{
"success": true,
"detail": "Operation completed successfully.",
"data": {
"user": {
"id": "117",
"email": "dummy@foo.com"
},
"order": {
"id": "8REV4qMyevlR4xGm3OL",
"status": "Init",
"dev_reference": "1",
"description": "Product description",
"currency": "COP",
"amount": 1000.0,
"taxes": [
{
"type": "vat",
"amount": 0
},
{
"type": "inc",
"amount": 0
}
],
"additional_amounts": [
{
"type": "tip",
"amount": 0
}
]
},
"configuration": {
"expiration_date": "2022-11-19 18:45:39",
"partial_payment": true,
"allowed_payment_methods": [
"All"
],
"allow_retry": true
},
"payment": {
"payment_url": "https://link-stg.shieldgate.mx./checkout/8REV4qMyevlR4xGm3OL",
"payment_qr": "iVBORw0KGgoAAAANSUhEUgAAAZoAAAGaAQAAAAAefbjOAAADC0lEQVR4nO2cXa7aMBBGz9SReDRSF8BSzA7ukq66s2Q
pLAApeURK9PXBdhJoVaniFigZP6Ak5Ahbsebnmwkm/np03/6eAYcccsghhxxy6D0hK6PJRzCYme2Bbjk1Mzs+ZXoOPR
5KkqQe1MYRO0aJ1E9GkmRHgiRJ19DjpufQ46GhGoB02kk/9kBnO2VDAWBmzfOm59DDoObm3IgXUzoZAvh9bvria3LoS6
HUgx0JotsDMJnaf/JLDr0kVG1EFDDUq90+YGAIQrYTa2vx4mty6AugzmpywbATqQdSH2THocGOTFaSkOdMz6FH24hfwo
V4MbrDxej2WLEgz5ieQw+HyFllkoplII4lGW1v7ozlPrUvviaH7oHqjuhB0ojUl8CB1AdJGoFYNkhWJXxHvDNUHrL6UL
ZFG8e6NyTV0+ujF1+TQ/dAV15D8+iD1BJUnMhsLdxrvD1UdkQOEuo+qB5iBLgxHr4j3hyac42pUXcYsSTKR/5i+I6KVh
W8rrEBqMYR2R5QPES7MhnMX3hkuQUo2wgjnlH3cc6GAoByFM+NuiNopVq8+Jocuh/KUWQ67QRDg332U9Uns4QZZLafXL
PcALT2GqlmEyWUJJSeCVXByr3GZqBuHwTDrjz4FlgkzGIe4ngDPW56Dj3BRix6xFgz0jyCFtXK9Yj3h2aXUPOKlGXrpb
hRXMf62ouvyaF7oLmuEVTLF+FKq4ql1uFxxEagqlANIAZDSQDxYsVtDA10HyMkTbW95sXX5NA90NxnOZmIgu7jPGsUPU
Y8N5ZjTNcsNwTV9qm5SyqHFZNlPaJ0WLkesQVolWssGcZS5FIbrzQKjyM2Ai3vdOUYs6vvZtiRoBJMHFyP2AK06o/IKc
Xy0UaJXA3Pt3g1fAvQqquupKCrnJN1k533WW4TUhsvOZ4029f6Vs41hqbI2//bmhy6C0qnhlLDiCNqo2qThNc1NgXND7
47jNjnqUFtTUbNDvO2eNL0HHoYdFvVysHE3FiZrxGvimEeR7wzZL9/+/uPw/+ZzCGHHHLIIYccAvgJATB20GiZw/kAAA
AASUVORK5CYII="
}
}
}
To generate a link to pay, certain information is required, this allows to consume any payment method provided by Shieldgate by Afirme
HTTP Request
POST https://noccapi-stg.shieldgate.mx/linktopay/init_order/
URL Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| user.id | String | Yes | Buyer identifier. Max length 250 characters. |
| user.email | String | Yes | Buyer email, with valid e-mail format. Max length 250 characters. |
| user.name | String | Yes | Buyer name. Max length 100 characters. |
| user.last_name | String | Yes | Buyer name. Max length 100 characters. |
| user.fiscal_number_type | String | No | Indicates the type of fiscal number (user identification). |
| user.fiscal_number | String | No | Fiscal number (identification number) given by the user. Max length 100 characters. |
| order.dev_reference | String | Yes | Id from commerce to identify the order. Max length 100 characters. |
| order.description | String | Yes | The order description. Max length 250 characters. |
| order.amount | Number | Yes | Total amount to pay. Format: Decimal with two fraction digits. |
| order.installments_type | Number | Yes | Only available Ecuador and Mexico see the valid types. For the rest of the countries, 0 to allow installments, -1 otherwise. Only available to card payment method. |
| order.vat | Number | Yes | Sales tax amount, included in order amount. Format: Decimal with two fraction digits. |
| order.inc | Number | No | National consumption tax, included in order amount. Format: Decimal with two fraction digits. |
| order.tip | Number | No | Only available for pay with Qr code . Tip, not included in order amount. Format: Decimal with two fraction digits. |
| order.taxable_amount | Number | No | Only available for Ecuador and Colsubsidio. The taxable amount is the total amount of all taxable items excluding tax. If not sent, it's calculated on the total. Format: Decimal with two fraction digits. |
| order.tax_percentage | Number | No | Only available for Ecuador and Colsubsidio. The tax rate to be applied to this order. Should be 0 or 12. |
| order.currency | String | Yes | Order currency see the valid types. |
| configuration.partial_payment | Boolean | Yes | Indicates if the partial payment is allowed. |
| configuration.expiration_days | Number | No(*) | Number of days in which the link to pay expires. |
| configuration.expiration_time | Number | No(*) | Time in seconds it will take for the link to pay to expire. |
| configuration.allowed_payment_methods | Array (String) | No | Indicates allowed payment methods. 'All' is the default. See the valid types. |
| configuration.currency_exchange | String | No | Currency in which the link to pay will be paid see the valid types. |
| configuration.success_url | String | Yes | URL to redirect when transaction is success. |
| configuration.failure_url | String | Yes | URL to redirect when transaction is failure. |
| configuration.pending_url | String | Yes | URL to redirect when transaction is pending. |
| configuration.review_url | String | Yes | URL to redirect when transaction is in review. |
| billing_address.street | String | No | The name of the street. |
| billing_address.city | String | Yes | The city, max length of 50 characters. |
| billing_address.state | String | No | The state: ISO 3166-2 country subdivision code in case of 3DS authentication, free format otherwise |
| billing_address.district | String | No | The district. |
| billing_address.zip | String | Yes | The zip or postal code. Max length allowed of 50 characters. |
| billing_address.house_number | String | No | The house number |
| billing_address.country | String | Yes | Country in ISO 3166-1 alpha-3 format, for example: COL, MEX, ECU. |
| billing_address.additional_address_info | String | No | Additional address info, without format. |
Response
| Parameter | Description |
|---|---|
| user.id | Buyer identifier. |
| user.email | Buyer email registered to order. |
| order.dev_reference | Reference from commerce. |
| order.amount | Total amount to pay. |
| order.description | Order description. |
| configuration.expiration_date | Date limit to pay. |
| configuration.partial_payment | Indicates if the partial payment is allowed. |
| configuration.allowed_payment_methods | Indicates allowed payment methods. |
| payment.payment_url | Link To Pay, URL to do redirect. |
| payment.payment_qr | Code Qr base64, URL to do redirect. |
Currencies
Allowed currencies:
| Currency | Country |
|---|---|
| COP | Colombia |
| USD | Ecuador, El Salvador, Panama |
| BRL | Brazil |
| MXN | Mexico |
| ARS | Argentina |
| CLP | Chile |
| PEN | Peru |
| GTQ | Guatemala |
| HNL | Honduras |
| NIO | Nicaragua |
| CRC | Costa Rica |
Allowed payment methods
Allowed payment methods by country:
| Key | Description |
|---|---|
| All | All payment methods |
| Card | Only card payment method (All countries) |
| BankTransfer | Only bank transfer method (Colombia) |
| Cash | Only cash / reference payment method (Colombia, Mexico, Ecuador) |
| Colsubsidio | Only colsubsidio for Colombia |
| EWallet | Only E-wallet payment method (Colombia) |
| Qr | Only Qr code payment method (Colombia) |
| Pix | Only Pix (Qr code) payment method (Brazil) |
| Rappi | Only Rappi Pay payment method (Colombia) |
Third party integrations
VTEX
We have implementation in the eCommerce VTEX platform.
For further information visit the following manual.
Test Cards
You can use the following cards for your tests. For adding a card or direct purchase in staging environment:
| Card | Return Code | Scenarios |
|---|---|---|
| 4111111111111111, 36417002140808 | valid | Charge succeeds |
| 5119159076977991, 370236553676505 | review | Charge is under Review |
| 4242424242424242, 347763907473248 | rejected | Not Authorized |
| 4520121813132351, 378196561987405 | rejected | Rejected by Fraud System |
| 375953548754701, 376337093362277 | rejected | Card in black list |
For a card not listed above, the system will leave the card as valid. Once you add a valid card in the platform you can prove the debit using a specific description as follow:
| order.description | Result |
|---|---|
| Approved transaction | status = success, status_detail = 3 |
| Denied transaction | status = failure, status_detail = 9 |
| Reviewed transaction | status = pending, status_detail = 1 |
| Rejected by fraud system transaction | status = failure, status_detail = 11 |
| Card in black list | status = failure, status_detail = 12 |
You can use either the test cards or the description to prove, but not both.
WebHook
The above is the JSON returned in the WebHook:
{
"transaction": {
"status": "1",
"order_description": "ORDER #1507155336536",
"authorization_code": "113310",
"status_detail": "3",
"date": "04/10/2017 22:15:37",
"message": "Operation Successful",
"id": "CI-502",
"dev_reference": "1507155336536",
"carrier_code": "6",
"amount": "10.5",
"paid_date": "04/10/2017 19:15:00",
"installments": "1",
"ltp_id": "LeNgJbx57Vnj9Rnq",
"stoken": "e03f67eba6d730d8468f328961ac9b2e",
"application_code": "AndroidTest",
"terminal_code": "12334"
},
"user": {
"id": "4",
"email": "user@example.com"
},
"card": {
"bin": "411111",
"holder_name": "Martin Mucito",
"type": "vi",
"number": "1111",
"origin": "ORIGIN",
"fiscal_number": "2365448809"
}
}
Example of stoken generation (python):
transaction_id = 123
app_code = HF
user_id = 123456
app_key = 2GYx7SdjmbucLKE924JVFcmCl8t6nB
for_md5 = “123_HF_123456_2GYx7SdjmbucLKE924JVFcmCl8t6nB”
stoken = hashlib.md5(for_md5).hexdigest()
So the
stokenfor this example is e242e78ae5f1ed162966f0eacaa0af01The above is an example of JSON returned for the case of Split Payment:
{
"transaction": {
"status": "1",
"order_description": "ORDER #1507155336536",
"authorization_code": "113310",
"status_detail": "3",
"date": "04/10/2017 22:15:37",
"stoken": "e03f67eba6d730d8468f328961ac9b2e",
"application_code": "AndroidTest",
"status": "1",
"paid_date": "04/10/2017 22:15:37",
"amount": "19000.0",
"authorization_code": "615246",
"installments": "1",
"dev_reference": "11372",
"message": "Aprobado",
"carrier_code": "00",
"id": "RB-37",
"status_detail": "3"
},
"split": {
"transactions": [
{
"installments": "1",
"amount": "10000.0",
"id": "RB-37-1",
"application_code": "App2",
"authorization_code": "615246"
},
{
"installments": "1",
"amount": "9000.0",
"id": "RB-37-2",
"application_code": "App1",
"authorization_code": "580705"
}
]
},
"card": {
"bin": "377813",
"holder_name": "Martin Mucito",
"type": "ax",
"number": "9063",
"origin": "ORIGIN"
}
}
The following is an example of returned JSON for the case of payment with Cash or Bank Transfer:
{
"transaction": {
"status": "1",
"order_description": "ORDER #1507155336536",
"status_detail": "3",
"date": "04/01/2020 22:15:37",
"id": "PSE-1000",
"payment_method_type": "2",
"dev_reference": "1507155336536",
"amount": "10.5",
"paid_date": "04/10/2017 19:15:00",
"ltp_id": "LeNgJbx57Vnj9Rnq",
"stoken": "e03f67eba6d730d8468f328961ac9b2e",
"application_code": "AndroidTest",
"terminal_code": "12334"
},
"user": {
"id": "4",
"email": "user@example.com"
}
}
Every time a transaction gets approved or cancelled you will get an HTTP POST request from Shieldgate by Afirme to your callback_url (you need to provide this url to our staff). The POST includes the following fields:
| Parameter | Description |
|---|---|
| transaction.status | The status of the transaction, for more information status |
| transaction.order_description | Description of the order to be purchase. Format: (Maximum Length 250) |
| transaction.authorization_code | If success the authorization code responded from carrier. |
| transaction.status_detail | The status detail of the transaction, for more information status detail |
| transaction.date | Transaction date (used for approved numbers in the Dashboard). |
| transaction.message | The returned message from carrier or fraud analysis system. |
| transaction.id | Transaction identifier. This code is unique among all transactions. |
| transaction.dev_reference | Merchant order reference. |
| transaction.carrier_code | The returned code from carrier. |
| transaction.amount | The amount of the transaction. |
| transaction.paid_date | Transaction paid date (used for approved numbers in the Dashboard). |
| transaction.installments | The number of installments for the payment. |
| transaction.stoken | MD5 hash of [transaction_id]_[application_code]_[user_id]_[app_key] |
| transaction.ltp_id | Reference to the link to pay used to pay. |
| transaction.application_code | The transaction belongs to this application code. |
| transaction.payment_method_type | Payment method of the transaction, for more information payment_method_types |
| transaction.terminal_code | Terminal id of the transaction. |
| user.id | Customer identifier. This is the identifier you use inside your application. |
| user.email | Buyer email, with valid e-mail format. |
| card.bin | The BIN of the card (First six digits of the card). |
| card.holder_name | The credit card holder name. |
| card.type | Abbreviated card type. See the valid options |
| card.number | The last four digits of the card. |
| card.origin | The origin of the credit card. Could be one of the following: Shieldgate, VisaCheckout, Masterpass. |
| card.fiscal_number | Fiscal number of the payer of the transaction. |
For every transaction you must return an HTTP status, this status is only used to know that you received correctly the call:
| Status | Case |
|---|---|
| 200 | success |
| 203 | token error |
You just need to generate the stoken and match the token against the one you receive to be sure that the POST came from Shieldgate by Afirme
. You must store this information from all transactions in your database and always check the transaction.id to make sure you are not getting a duplicated POST.
If your server doesn’t respond with an HTTP 200 OK message, the POST will be retrying until get an status HTTP 200, this during 48 hours, with incremental period of time in each retry, first retry will be at 5 min aprox., second retry at 10 min aprox. and so on. In case of receiving any HTTP status >= 500 we will stop trying.
Additionally to approve transactions we also send you those approved transactions that get cancelled, this time the only difference is the status value, which will be 2. In this case you should answer with 200 (so we don’t send it again) and should update the transaction status so you ensure your data and accounting matches with Shieldgate by Afirme
Status details
The Shieldgate by Afirme API uses the following status and status details:
| Status | Meaning |
|---|---|
| 0 | Pending |
| 1 | Approved |
| 2 | Cancelled |
| 4 | Rejected |
| 5 | Expired |
| Status Detail | Meaning |
|---|---|
| 0 | Waiting for Payment. |
| 1 | Verification required, please see Verification section. |
| 2 | Paid Partially |
| 3 | Paid. |
| 4 | In Dispute. |
| 5 | Overpaid. |
| 6 | Fraud. |
| 7 | Refund. |
| 8 | Chargeback |
| 9 | Rejected by carrier. |
| 10 | System error. |
| 11 | Shieldgate by Afirme fraud. |
| 12 | Shieldgate by Afirme blacklist. |
| 13 | Time tolerance. |
| 14 | Expired by Shieldgate by Afirme |
| 15 | Expired by carrier. |
| 16 | Rejected by Shieldgate by Afirme |
| 17 | Abandoned by Shieldgate by Afirme |
| 18 | Abandoned by Customer |
| 19 | Invalid Authorization Code. |
| 20 | Authorization code expired. |
| 21 | Shieldgate by Afirme Fraud - Pending refund. |
| 22 | Invalid AuthCode - Pending refund. |
| 23 | AuthCode expired - Pending refund. |
| 24 | Shieldgate by Afirme Fraud - Refund requested. |
| 25 | Invalid AuthCode - Refund requested. |
| 26 | AuthCode expired - Refund requested. |
| 27 | Merchant - Pending refund. |
| 28 | Merchant - Refund requested. |
| 29 | Annulled. |
| 30 | Transaction seated (only Ecuador). |
| 31 | Waiting for OTP. |
| 32 | OTP successfully validated. |
| 33 | OTP not validated. |
| 34 | Partial refund. |
| 35 | 3DS method requested, waiting to continue. |
| 36 | 3DS challenge requested, waiting CRES. |
| 37 | Rejected by 3DS. |
Errors
The Shieldgate by Afirme API uses the following error codes:
| Http Status Code | Meaning |
|---|---|
| 400 | Bad Request -- For example json not well formatted, data type or parameters missing. |
| 401 | Unauthorized -- Your auth_token is wrong or expired. |
| 403 | Forbidden -- For several reasons, for example invalid card, card already added, carrier not configured or operation not allowed. |
| 404 | Not found -- The resource does not exist. |
| 409 | Conflict -- For several reasons, for example transaction could not be created, a miss configuration, the response from third party service response with error. |
| 500 | Internal Server Error -- We had a problem with our server. Try again later. |
| 503 | Service Unavailable -- We're temporarily offline for maintenance. Please try again later. |
Response in case of error
An example of an error returns JSON structured like this:
{
"error": {
"type": "Invalid Token",
"help": "Auth-Token: should have a format like b64encode(application_code;unix_timestamp;token)",
"description": "{}"
}
}
| Parameter | Description |
|---|---|
| error.type | Type of error. |
| error.help | In some cases a useful help for the developers. |
| error.description | A description of the error. |
Payment Method Types
These are the meanings of the different payment method types.
| Payment Method Type Code | Meaning |
|---|---|
| 0 | Credit Card |
| 1 | Boleto (Bank Ticket) |
| 5 | Vouchers Card |
| 7 | Debit Card |
| 8 | Prepaid Card |