Retrieve Token
Request to retrieve the payment details saved against the specified token.
Authentication Copied to clipboard
This operation requires authentication via one of the following methods:
- Certificate authentication.
-
To authenticate to the API two additional NVP parameters must be supplied in the request.
Provide 'merchant.
<your gateway merchant ID>' in the apiUsername field and your API password in the apiPassword field.
Request Copied to clipboard
Fields Copied to clipboard
String
= RETRIEVE_TOKEN
FIXED
Any sequence of zero or more unicode characters.
String
OPTIONAL
A transient identifier for the request, that can be used to match the response to the request.
The value provided is not validated, does not persist in the gateway, and is returned as provided in the response to the request.
Data can consist of any characters
Additional information about the external token repository you are configured with.
These fields are MANDATORY for MerchantLink merchants and must not contain sensitive data.
String
OPTIONAL
Provide the site code required to save card details against a token.
For example: '{"siteCode":"BNE"}'.
Data can consist of any characters
Alphanumeric + additional characters
REQUIRED
The unique identifier issued to you by your payment provider.
This identifier can be up to 12 characters in length.
Data may consist of the characters 0-9, a-z, A-Z, '-', '_'
Container for fields that control the response returned for the request.
String
OPTIONAL
Indicates how sensitive data is returned in the response.
Data can consist of any characters
Alphanumeric
OPTIONAL
Uniquely identifies a card and associated details.
Data may consist of the characters 0-9, a-z, A-Z
Response Copied to clipboard
Fields Copied to clipboard
String
CONDITIONAL
A transient identifier for the request, that can be used to match the response to the request.
The value provided is not validated, does not persist in the gateway, and is returned as provided in the response to the request.
Data can consist of any characters
Additional information about the external token repository you are configured with.
These fields are MANDATORY for MerchantLink merchants and must not contain sensitive data.
String
CONDITIONAL
Provide the site code required to save card details against a token.
For example: '{"siteCode":"BNE"}'.
Data can consist of any characters
String
CONDITIONAL
The response code provided by the external token store if the operation fails
Data can consist of any characters
String
CONDITIONAL
A more detailed message provided by the external token store if the operation fails
Data can consist of any characters
ASCII Text
CONDITIONAL
The unique identifier of the token repository associated with the merchant.
Data consists of ASCII characters
Enumeration
ALWAYS PROVIDED
A system-generated high level overall result of the transaction/operation.
Value must be a member of the following list. The values are case sensitive.
FAILURE
The operation was declined or rejected by the gateway, acquirer or issuer
PENDING
The operation is currently in progress or pending processing
SUCCESS
The operation was successfully processed
UNKNOWN
The result of the operation is unknown
Details about the source of the funds for this payment.
The details of the source of funds when they are directly provided as opposed to via a token or session.
For ACH payments (sourceOfFunds.type=ACH) you must provide values for all fields within this parameter group, including details about the payers bank account as well as the type of ACH payment.
It is your responsibility to authenticate the payer and obtain authorization from the payer in accordance with the NACHA Operating Rules and Guidelines for the Standard Entry Class (SEC) associated with this payment. For details please refer to https://www.nacha.org/.
String
CONDITIONAL
The unique identifier of the routing number and bank account at the receiving financial institution.
Retrieve this information from the payer.
Data can consist of any characters
Enumeration
CONDITIONAL
An indicator identifying the type of bank account.
- Consumer (checking or savings), or
- Business
For pre-arranged payments (sourceOfFunds.provided.ach.secCode=PPD) retrieve this information from the payer.
If payments were telephone-initiated (sourceOfFunds.provided.ach.secCode=TEL) or internet-initiated (sourceOfFunds.provided.ach.secCode=WEB) you may choose to limit the payer's options (e.g. only support consumer checking accounts), depending on your type of business (e.g. B2C online webshop).
Value must be a member of the following list. The values are case sensitive.
CONSUMER_CHECKING
Consumer Checking Account
CONSUMER_SAVINGS
Consumer Savings Account
CORPORATE_CHECKING
Business Checking Account
String
CONDITIONAL
The name of the bank account holder, as it appears on the account at the receiving financial institution.
Retrieve this information from the payer.
Data can consist of any characters
Digits
CONDITIONAL
The identifier of the bank account at the receiving financial institution.
Retrieve this information from the payer.
Data is a string that consists of the characters 0-9.
Digits
CONDITIONAL
The identifier of the receiving financial institution.
Also known as:
- Routing number,
- Transit number, or
- ABA number
Retrieve this information from the payer.
See also http://en.wikipedia.org/wiki/Routing_transit_number.
Data is a string that consists of the characters 0-9.
Enumeration
CONDITIONAL
Identifies the Standard Entry Class (SEC) code to be sent to the issuer.
The SEC is defined by NACHA and describes the origin and intent of the payment. For details please refer to https://www.nacha.org/.
Value must be a member of the following list. The values are case sensitive.
PPD
An ACH debit or credit payment (B2C) that has been authorized by an authenticated customer in written form (signed or similarly authenticated). PPD is used for pre-arranged payments (e.g. employee payroll, mortgage payments, expense reimbursement).
TEL
An ACH debit payment (B2C) that has been authorized by an authenticated customer via phone. TEL may only be used if a relationship already exists between you and the consumer, or, the consumer initiates the contact with you.
WEB
An ACH debit payment (B2C) that has been authorized by an authenticated customer via the internet or a wireless network.
Details as shown on the card.
Enumeration
ALWAYS PROVIDED
The brand name used to describe the card that is recognized and accepted globally.
For many major card types this will match the scheme name. In some markets, a card may also be co-branded with a local brand that is recognized and accepted within its country/region of origin (see card.localBrand).
You may use this information to support surcharging decisions. This information is gathered from 3rd party sources and may not be accurate in all circumstances.
Value must be a member of the following list. The values are case sensitive.
AMEX
American Express
CHINA_UNIONPAY
China UnionPay
DINERS_CLUB
Diners Club
DISCOVER
Discover
JCB
JCB (Japan Credit Bureau)
LOCAL_BRAND_ONLY
The card does not have a global brand.
MAESTRO
Maestro
MASTERCARD
MasterCard
RUPAY
RuPay
UATP
UATP (Universal Air Travel Plan)
UNKNOWN
The brand of the card used in the transaction could not be identified
VISA
Visa
Digits
ALWAYS PROVIDED
Expiry date as shown on the card in the format MMYY where months are numbered, so that for January MM=01, through to December MM=12 and the Common Era year is 2000 plus the value YY
Data is a string that consists of the characters 0-9.
Enumeration
ALWAYS PROVIDED
The method used by the payer to provide the funds for the payment.
You may use this information to support surcharging decisions. This information is gathered from 3rd party sources and may not be accurate in all circumstances.
Value must be a member of the following list. The values are case sensitive.
CHARGE
The payer has a line of credit with the issuer which must be paid off monthly.
CREDIT
The payer has a revolving line of credit with the issuer.
DEBIT
Funds are immediately debited from the payer's account with the issuer.
UNKNOWN
The account funding method could not be determined.
String
CONDITIONAL
The issuer of the card, if known.
WARNING: This information may be incorrect or incomplete – use at your own risk.
Data can consist of any characters
String
CONDITIONAL
The brand name used to describe a card that is recognized and accepted within its country/region of origin.
The card may also be co-branded with a brand name that is recognized and accepted globally (see card.brand).
You may use this information to support surcharging decisions. This information is gathered from 3rd party sources and may not be accurate in all circumstances.
Data can consist of any characters
Masked digits
CONDITIONAL
The account number embossed onto the card.
By default, the card number will be returned in 6.4 masking format, for example, 000000xxxxxx0000.If you wish to return unmasked card numbers, you must have the requisite permission, set responseControls.sensitiveData field to UNMASK, and authenticate your call to the API using certificate authentication.
Data is a string that consists of the characters 0-9, plus 'x' for masking
Enumeration
CONDITIONAL
The organization that owns a card brand and defines operating regulations for its use.
The card scheme also controls authorization and settlement of card transactions among issuers and acquirers.
Value must be a member of the following list. The values are case sensitive.
AMEX
American Express
CHINA_UNIONPAY
China UnionPay
DINERS_CLUB
Diners Club
DISCOVER
Discover
JCB
JCB (Japan Credit Bureau)
MASTERCARD
MasterCard
OTHER
The scheme of the card used in the transaction could not be identified.
RUPAY
RuPay
UATP
UATP (Universal Air Travel Plan)
VISA
Visa
Details as shown on the Gift Card.
Enumeration
ALWAYS PROVIDED
The brand name used to describe the card that is recognized and accepted globally.
For many major card types this will match the scheme name. In some markets, a card may also be co-branded with a local brand that is recognized and accepted within its country/region of origin (see card.localBrand).
You may use this information to support surcharging decisions. This information is gathered from 3rd party sources and may not be accurate in all circumstances.
Value must be a member of the following list. The values are case sensitive.
LOCAL_BRAND_ONLY
The card does not have a global brand.
String
CONDITIONAL
The brand name used to describe a card that is recognized and accepted within its country/region of origin.
The card may also be co-branded with a brand name that is recognized and accepted globally (see card.brand).
You may use this information to support surcharging decisions. This information is gathered from 3rd party sources and may not be accurate in all circumstances.
Data can consist of any characters
Masked digits
CONDITIONAL
The account number embossed onto the card.
By default, the card number will be returned in 6.4 masking format, for example, 000000xxxxxx0000.If you wish to return unmasked card numbers, you must have the requisite permission, set responseControls.sensitiveData field to UNMASK, and authenticate your call to the API using certificate authentication.
Data is a string that consists of the characters 0-9, plus 'x' for masking
Masked digits
CONDITIONAL
PIN number for the gift card.
Data is a string that consists of the characters 0-9, plus 'x' for masking
Enumeration
CONDITIONAL
The organization that owns a card brand and defines operating regulations for its use.
The card scheme also controls authorization and settlement of card transactions among issuers and acquirers.
Value must be a member of the following list. The values are case sensitive.
OTHER
The scheme of the card used in the transaction could not be identified.
Enumeration
CONDITIONAL
The payment method your payer has chosen for this payment.
Value must be a member of the following list. The values are case sensitive.
CARD
The payer selected to pay using a credit or debit card. The payer's card details must be provided.
GIFT_CARD
The payer chose to pay using gift card. The payer's gift card details must be provided under the sourceOfFunds.provided.giftCard parameter group.
Enumeration
ALWAYS PROVIDED
A token is marked as invalid, if an Account Updater response indicates, that the card details stored against the token are invalid.
Transaction requests using an invalid token are rejected by the gateway.
You can clear an invalid status by updating the card details stored against the token.
To use the Account Updater functionality you must sign up for this feature with your acquirer and ask your payment service provider to enable Account Updater on our merchant acquirer link(s).
Value must be a member of the following list. The values are case sensitive.
INVALID
The payment details stored against the token have been identified as invalid. The gateway will reject operation payment requests using this token.
VALID
The payment details stored against the token are considered to be valid. The gateway will attempt to process operation requests using this token.
Alphanumeric
CONDITIONAL
Uniquely identifies a payment instrument and associated details.
The format of this token id depends on the Tokenization Strategy configured for the token repository you are using:
- RANDOM_WITH_LUHN: Token is 16 digits long, starts with 9, and is in the format of 9nnnnnnnnnnnnnnC, where n represents any number, and C represents a check digit such that the token will conform to the Luhn algorithm.
- PRESERVE_6_4: The first 6 and last 4 digits of the token are the same as the first 6 and last 4 digits of the provided account identifier, and the middle digits are randomized. The token id does not conform to the Luhn algorithm.
- MERCHANT_PROVIDED: You must supply the token id when creating the token.
Data may consist of the characters 0-9, a-z, A-Z
Information about the usage of the token.
DateTime
CONDITIONAL
The timestamp indicating the time the token was last updated.
An instant in time expressed in ISO8601 date + time format - "YYYY-MM-DDThh:mm:ss.SSSZ"
Alphanumeric + additional characters
CONDITIONAL
If the token was last updated by a merchant, the identifier of the merchant is provided.
If the token was last updated by the Token Maintenance Service, the field will not be provided in the response.
Data may consist of the characters 0-9, a-z, A-Z, '-', '_'
DateTime
CONDITIONAL
The timestamp indicating the time the token was last used or saved.
An instant in time expressed in ISO8601 date + time format - "YYYY-MM-DDThh:mm:ss.SSSZ"
Enumeration
CONDITIONAL
The strategy used to verify the payment instrument details before they are stored.
You only need to specify the verification strategy if you want to override the default value configured for your merchant profile. When the verification strategy is BASIC or ACQUIRER you must also provide the card expiry date in the sourceOfFunds.provided.card.expiry parameter group.
Value must be a member of the following list. The values are case sensitive.
ACQUIRER
The gateway performs a Web Services API Verify request. Depending on the payment type, you may need to provide additional details to enable the submission of a Verify request.
BASIC
The gateway verifies the syntax and supported ranges of the payment instrument details provided, .e.g for a card it validates the card number format and checks if the card number falls within a valid BIN range.
NONE
The gateway does not perform any validation or verification of the payment instrument details provided.
Errors Copied to clipboard
Information on possible error conditions that may occur while processing an operation using the API.
Enumeration
Broadly categorizes the cause of the error.
For example, errors may occur due to invalid requests or internal system failures.
Value must be a member of the following list. The values are case sensitive.
INVALID_REQUEST
The request was rejected because it did not conform to the API protocol.
REQUEST_REJECTED
The request was rejected due to security reasons such as firewall rules, expired certificate, etc.
SERVER_BUSY
The server did not have enough resources to process the request at the moment.
SERVER_FAILED
There was an internal system failure.
String
Textual description of the error based on the cause.
This field is returned only if the cause is INVALID_REQUEST or SERVER_BUSY.
Data can consist of any characters
String
Indicates the name of the field that failed validation.
This field is returned only if the cause is INVALID_REQUEST and a field level validation error was encountered.
Data can consist of any characters
String
Indicates the code that helps the support team to quickly identify the exact cause of the error.
This field is returned only if the cause is SERVER_FAILED or REQUEST_REJECTED.
Data can consist of any characters
Enumeration
Indicates the type of field validation error.
This field is returned only if the cause is INVALID_REQUEST and a field level validation error was encountered.
Value must be a member of the following list. The values are case sensitive.
INVALID
The request contained a field with a value that did not pass validation.
MISSING
The request was missing a mandatory field.
UNSUPPORTED
The request contained a field that is unsupported.
Enumeration
A system-generated high level overall result of the operation.
Value must be a member of the following list. The values are case sensitive.
ERROR
The operation resulted in an error and hence cannot be processed.