|
|
|
|
|
|
Fields for the Simple Order API
Topics covered in this appendix:
Unless otherwise noted, all of the field names listed are case sensitive, and the fields accept special characters such as @, #, and %.
Note The values of the item_#_ fields must not contain carets (^) or colons (:), because these characters are reserved for use by the ICS services. The values of all request fields must not contain newlines or carriage returns. However, they can contain embedded spaces and any other printable characters. All leading and trailing spaces will be removed.
For more information about these data types, see the World Wide Web Consortium (W3C) XML Schema Part 2: DataTypes specification.
• Integer—Whole number {..., -3, -2, -1, 0, 1, 2, 3, ...}.
• String—Sequence of letters, numbers, spaces, and special characters, such as @ and #.
See Correlating Schema and Name-Value Pair Fields Names for information on how name-value pair names relate to their corresponding XML element names.
Note If you are using Customer Profiles and you provide recurringSubscriptionInfo_subscriptionID in the request, many of the fields in the following table that are normally required for authorization or credit become optional. For example, if you include recurringSubscriptionInfo_subscriptionID and do not provide the normally required billTo_city field in your authorization request, CyberSource uses the value for billTo_city that is stored with the Customer Profile. If you include billTo_city in the request, CyberSource uses the value from the request instead of the value stored in the Customer Profile. See Customer Profiles .
|
Field Name |
Description |
Used By: Required (R) |
Data Type & Length |
|---|---|---|---|
|
billTo_city |
City of the billing address. |
ccAuthService (R) ccCreditService (R) (1) ccDCCService (O) |
String (50) |
|
billTo_company |
Name of the customer’s company. |
ccAuthService (O) ccCreditService (O) |
String (40) |
|
billTo_country |
Country of the billing address. Use the two-character country codes. |
ccAuthService (R) ccCreditService (R) (1) ccDCCService (O) |
String (2) |
|
billTo_customerID |
Your identifier for the customer. When a subscription is being created, the maximum length for this field is 30. Otherwise, the maximum length is 50. |
ccAuthService (O) ccCaptureService (O) ccCreditService (O) |
String |
|
billTo_email |
Customer’s email address, including the full domain name. |
ccAuthService (R) ccCreditService (R) (1) ccDCCService (O) |
String (255) |
|
billTo_firstName |
Customer’s first name.The value should be the same as the one that appears on the card. |
ccAuthService (R) ccCreditService (R) (1) ccDCCService (O) |
String (60) |
|
billTo_hostname |
DNS resolved hostname from billTo_ipAddress. |
ccAuthService (O) |
String (60) |
|
billTo_httpBrowserType |
Customer’s browser as identified from the HTTP header data. For example, Mozilla is the value that identifies the Netscape browser. |
ccAuthService (O) |
String (40) |
|
billTo_ipAddress |
Customer’s IP address. |
ccAuthService (O) |
String (15) |
|
billTo_lastName |
Customer’s last name. The value should be the same as the one that appears on the card. |
ccAuthService (R) ccCreditService (R) (1) ccDCCService (O) |
String (60) |
|
billTo_personalID |
Personal identifier. For CyberSource Latin American Processing, you can use this field for the Cadastro de Pessoas Fisicas (CPF), which is required for the MasterCard AVS check in some countries. Otherwise, it is optional. |
ccAuthService (See the field description.) |
String (26) |
|
billTo_phoneNumber |
Customer’s phone number. CyberSource recommends that you include the country code if the order is from outside the U.S. |
ccAuthService (O) ccCreditService (O) ccDCCService (O) |
String (15) |
|
billTo_postalCode |
Postal code for the billing address. The postal code must consist of 5 to 9 digits. For a 9-digit postal code, use this format: If the value of billTo_country is CA, the postal code must follow these rules: • If the number of characters is greater than 3, the first 3 characters must be in this format: • If the number of characters is 7, the last 3 characters must be in this format: |
ccAuthService (Required when the billing country is the U.S. or Canada.) ccCreditService (Required when the billing country is the U.S. or Canada.) (1) ccDCCService (O) |
String (10) |
|
billTo_state |
State or province of the billing address. Use the two-character codes. |
ccAuthService (Required when the billing country is the U.S. or Canada.) ccCreditService (Required when the billing country is the U.S. or Canada.) (1) ccDCCService (O) |
String (2) |
|
billTo_street1 |
First line of the billing street address as it appears on the credit card issuer’s records. |
ccAuthService (R) ccCreditService (R) (1) |
String (60) |
|
billTo_street2 |
Second line of the billing street address. Used for additional address information. Example: Attention: Accounts Payable Used for AVS by Chase Paymentech Solutions and TSYS Acquiring Solutions. |
ccAuthService (O) ccCreditService (O) |
String (60) |
|
bml_... |
The fields for Bill Me Later are described separately in the Bill Me Later Supplement. |
|
|
|
businessRules_declineAVSFlags |
List of AVS flags that cause the request to be declined for AVS reasons. Use a space to separate the flags in the list. Important Make sure that you include the value N in the list if you want to receive declines for the AVS code N. |
ccAuthService (O) |
String (255) |
|
businessRules_ignoreAVSResult |
Used when calling ccAuthService and ccCaptureService together. Enables you to use ccCaptureService even when the authorization receives an AVS decline. Possible values: • true: Ignore the results of AVS checking and run the ccCaptureService service. • false (default): If the authorization receives an AVS decline, do not run the ccCaptureService service. If the value of this field is true, the list in the businessRules_declineAVSFlags field is ignored. |
ccAuthService (O) |
String (5) |
|
businessRules_ignoreCVResult |
Determines whether to allow ccCaptureService to run if the value of the reply field ccAuthReply_cvCode is D or N. Used only when both ccAuthService and ccCaptureService are requested at the same time. Possible values: • true: If the value of ccAuthReply_cvCode is D or N, allow ccCaptureService to run. • false (default): If the value of ccAuthReply_cvCode is D or N, return a card verification decline and do not allow ccCaptureService to run. |
ccAuthService (O) |
String (5) |
|
card_accountEncoderID |
Identifier for the issuing bank that provided the customer’s encoded account number. Contact Chase Paymentech Solutions for the bank’s ID. See Encoded Account Numbers . |
ccAuthService (Required when processing encoded account numbers.) ccCreditService (Required when processing encoded account numbers.) (1) |
String (3) |
|
card_accountNumber |
Number given to customer for their account. When processing encoded account numbers, use this field for the encoded account number. For the DCC service, set this to the first 6 to 10 digits of the credit card number. |
ccAuthService (R) ccCreditService (R) (1) ccDCCService (R) |
String with numbers only (20) |
|
card_cardType |
Type of card to authorize. To see which cards can be handled by each processor, see Payment Processors. Possible values: • 001: Visa • 002: MasterCard, Eurocard*—European regional brand of MasterCard • 003: American Express • 004: Discover • 005: Diners Club—See MasterCard and Diners Club Alliance. • 006: Carte Blanche* • 007: JCB* • 014: EnRoute* • 021: JAL* • 024: Maestro (UK Domestic), Solo* • 031: Delta*—Use this value only for the CyberSource Global Payment Service. For other processors, use 001 for all Visa card types. • 032: Solo*—Use this value only for the CyberSource Global Payment Service. For other processors, use 024 for Solo cards. • 033: Visa Electron* • 034: Dankort* • 035: Laser* • 036: Carte Bleue* • 037: Carta Si* • 039: Encoded account number* • 040: UATP* • 042: Maestro (International)* • 043: GE Money UK card*—Before setting up your system to work with GE Money UK cards, contact the CyberSource UK Support Group. |
ccAuthService (Required for the card types that have asterisks.) ccCreditService (Required for the card types that have asterisks.) (1) CyberSource strongly recommends that you send the card type even if it is optional for your processor and card type. Omitting the card type can cause the transaction to be processed with the wrong card type. |
String (3) |
|
card_cvIndicator |
Card verification indicator used to indicate if a card verification value was sent. Possible values: • 0 (default): CV number service not requested. This default is used if you do not include card_cvNumber in the request. • 1 (default): CV number service requested and supported. This default is used if you include card_cvNumber in the request. • 2: CV number on credit card is illegible. • 9: CV number was not imprinted on credit card. |
ccAuthService (O) |
String with numbers only (1) |
|
card_cvNumber |
Card verification number. See Card Verification Numbers for a list of processors that accept the card verification number. Do not include this field if you are using FDI Global or FDMS South and performing a $0 authorization. Do not include this field if you are using the CyberSource Global Payment Service and you set ccAuthService_commerceIndicator=recurring. |
ccAuthService (O) |
String with numbers only (4) |
|
card_expirationMonth |
Two-digit month that the credit card expires in. Format: MM. For encoded account numbers (card_cardType=039), use 12 if there is no expiration date available. For credits, the following processors do not require this field: • American Express Direct • American Express Phoenix • Chase Paymentech Solutions • FDI Global • FDMS Nashville • FDMS South • TSYS Acquiring Solutions All other processors require this field for credits.
|
ccAuthService (R) ccCreditService (See description) (1) ccDCCService (O) |
String (2) |
|
card_expirationYear |
Four-digit year that the credit card expires in. Format: YYYY. For encoded account numbers (card_cardType=039), if there is no expiration date available, use 2021. For credits, the following processors do not require this field: • American Express Direct • American Express Phoenix • Chase Paymentech Solutions • FDI Global • FDMS Nashville • FDMS South • TSYS Acquiring Solutions All other processors require this field for credits.
|
ccAuthService (R) ccCreditService (See description) (1) ccDCCService (O) |
String (4) |
|
card_issueNumber |
Indicates how many times a Maestro (UK Domestic) or Solo card has been issued to the account holder. The card might or might not have an issue number; the field is required if the card has an issue number. The number can consist of one or two digits, and the first digit might be a zero. Include exactly what is printed on the card—a value of 2 is different than a value of 02. Do not include the field, even with a blank value, if the card is not a Maestro (UK Domestic) or Solo card. |
ccAuthService (Required if an issue number is on the card.) ccCreditService (1) (Required if an issue number is on the card.) |
String (5) |
|
card_startMonth |
Month of the start of the Maestro (UK Domestic) or Solo card validity period. The card might or might not have a start date printed on it; the field is required if the card has a start date. Do not include the field, even with a blank value, if the card is not a Maestro (UK Domestic) or Solo card. |
ccAuthService (Required if an issue number is on the card.) ccCreditService (1) (Required if an issue number is on the card.) |
String (2) |
|
card_startYear |
Year of the start of the Maestro (UK Domestic) or Solo card validity period. The card might or might not have a start date printed on it; the field is required if the card has a start date. Do not include the field, even with a blank value, if the card is not a Maestro (UK Domestic) or Solo card. |
ccAuthService (Required if an issue number is on the card.) ccCreditService (1) (Required if an issue number is on the card.) |
String (4) |
|
ccAuthReversal |
The requestID for the authorization that you want to reverse. |
ccAuthReversal |
String (26) |
|
ccAuthReversal |
The requestToken value returned from a previous request for ccAuthService. The field is an encoded string that contains no confidential information, such as an account number or card verification number. The string can contain up to 256 characters. This field is available only for merchants who implemented request tokens before July 2008. For new implementations, use the orderRequestToken field. For more information, see Working with Request Tokens . |
ccAuthReversal |
String (256) |
|
ccAuthReversal |
Whether to include ccAuthReversalService in your request. Possible values: • true: Include the service in your request. • false (default): Do not include the service in your request. |
ccAuthReversal |
String (5) |
|
ccAuthService_aggregatorID |
Unique alphanumeric value that identifies you if you are an aggregator. |
ccAuthService (Required for aggregators for the American Express card type.) |
String (15) |
|
ccAuthService_authType |
Set this field to verbal to indicate that you are performing a forced capture, which means that you received the authorization code outside the CyberSource system. See Forced Captures . |
ccAuthService (Required for a forced capture.) |
String (6) |
|
ccAuthService_avsLevel |
Level of AVS service to use for the request. Used only for the American Express Phoenix processor. The field is case sensitive. Possible values: • Standard • Enhanced • AAVPlus The AVS level you specify in this field overrides the default level your merchant ID is configured to use. See Address Verification Service. |
ccAuthService (O) |
String (8) |
|
ccAuthService_billPayment |
Indicates that this is a bill the customer is paying with a Visa card. See Bill Payments with Visa for a list of processors that support this feature. Possible values: • N (default): Not a bill payment • Y: Bill payment |
ccAuthService (O) |
String (1) |
|
ccAuthService_cavv |
Cardholder authentication verification value (CAVV). Required for Verified by Visa transactions if payerAuthValidateReply_commerce Required for JCB J/Secure transactions if payerAuthValidateReply_commerce Set this field to the payerAuthValidate See Payer Authentication . |
ccAuthService (See the field description.) |
String (40) |
|
ccAuthService_ |
Type of transaction. Some card associations use this information when determining discount rates. For the CyberSource Global Payment Service, if you omit this field, the processor uses the default transaction type they have on file for you instead of the default value listed here. Possible values: • install: Installment profile: payments will be made in installments.This value is valid only for Visa. The installment_sequence and installment_totalCount fields are required. • internet (default): eCommerce order placed using a Web site. For the CyberSource Global Payment Service, internet is supported only for Carte Bleue transactions. • js: Successful JCB J/Secure transaction. For this value, the ccAuth • js_attempted: JCB J/Secure transaction was attempted but not authenticated. For this value, the ccAuthService_cavv and ccAuth • moto: Mail order or telephone order. Not supported for UATP or for all Bill Me Later gateways. For the CyberSource Global Payment Service, moto is currently supported only for Carte Bleue transactions. (continued on next page) |
ccAuthService (Required for Verified by Visa, MasterCard SecureCode, and JCB J/Secure transactions. Otherwise, optional.) ccCreditService (Optional. Only internet, moto, and recurring are valid values.) (1) |
String (13) |
|
ccAuthService_ |
(continued from previous page) • moto_cc: Mail order or telephone order from a call center. This value is available only for Asia-Mideast Processing. • recurring: Recurring transaction. See Recurring Payments for a list of processors that support this value. • spa: MasterCard SecureCode transaction. For this value, the ucaf_collectionIndicator field is required. If authentication is successful, then ucaf_authenticationData is also required and ccAuthService_xid might be required depending on which processor you are using. See Payer Authentication . • spa_failure: MasterCard SecureCode authentication failed. Available only for HSBC and Streamline. • vbv: Successful Verified by Visa transaction. For this value, the ccAuth • vbv_attempted: Verified by Visa transaction was attempted but not authenticated. For this value, the ccAuthService_cavv field is required and ccAuthService_xid is optional. See Payer Authentication . • vbv_failure: Verified by Visa authentication failed. Available only for HSBC and Streamline. |
ccAuthService (Required for Verified by Visa, MasterCard SecureCode, and JCB J/Secure transactions. Otherwise, optional.) ccCreditService (Optional. Only internet, moto, and recurring are valid values.) (1) |
String (13) |
|
ccAuthService_eciRaw |
Raw electronic commerce indicator (ECI) value from the payer authentication validation service. The payer authentication validation service might not return a value in payerAuthValidateReply_eciRaw for every transaction. When you receive a raw ECI value, you must include it in your authorization request in the ccAuth Some processors require the raw ECI to guarantee chargeback protection. Contact Customer Support for information about your processor’s requirements. See Payer Authentication . |
ccAuthService (See the field description.) |
String (2) |
|
ccAuthService_paresStatus |
Payer authentication response status. Used only with Asia-Mideast Processing. Required unless all of the following are true: • You are performing payer authentication and authorization separately in different requests. • The card is not enrolled, which is indicated when payerAuthEnroll • This is a successful or attempted Verified by Visa transaction or this is a MasterCard SecureCode transaction, which is indicated when payerAuth If all the preceding conditions are true, do not include ccAuthService_paresStatus in the authorization request. If you do, CyberSource will send the value to Asia-Mideast Processing without modification. CyberSource will not decline the transaction; any decline will be generated by Asia-Mideast Processing. Set this field to the payerAuthValidate Possible values: • Y: Customer was successfully authenticated. • A: Proof of authentication attempt was generated. • N: Customer failed or cancelled authentication. Transaction denied. • U: Authentication not completed regardless of the reason. See Payer Authentication . |
ccAuthService (See the field description) |
String (1) |
|
ccAuthService_run |
Whether to include ccAuthService in your request. Possible values: • true: Include the service in your request. • false (default): Do not include the service in your request. |
ccAuthService (R) |
String (5) |
|
ccAuthService_verbalAuthCode |
Authorization code you received from an authorization that you performed outside the CyberSource system. See Forced Captures . |
ccAuthService (Required for a forced capture.) |
String (6) |
|
ccAuthService_veresEnrolled |
Verification response enrollment status. Required for all payer authentication transactions with Asia-Mideast Processing. Not used by other processors. Set this field to the payerAuthEnrolled Possible values: • Y: Authentication available. • N: Cardholder not participating. • U: Unable to authenticate regardless of the reason. See Payer Authentication . |
ccAuthService (See the field description) |
String (1) |
|
ccAuthService_xid |
Transaction identifier. Required for Verified by Visa transactions if ccAuthService_commerceIndicator = vbv. Optional if ccAuthService_commerceIndicator = Optional for MasterCard SecureCode transactions, but if you receive the XID value during payer authentication, you need to include it in your authorization request. Required for JCB J/Secure transactions if ccAuthService_commerceIndicator = js. Optional if ccAuthService_commerceIndicator =js_attempted. Set this field to the payerAuthValidate See Payer Authentication . |
ccAuthService (See the field description.) |
String (40) |
|
ccCaptureService_ |
Value of requestID returned from a previous ccAuthReply. |
ccCaptureService (Required unless ccAuthService and ccCaptureService are both called in the same request.) |
String (26) |
|
ccCaptureService_authRequestToken |
The requestToken value returned from a previous request for ccAuthService. If you request the authorization and capture services together, the capture request does not require a request token. The field is an encoded string that contains no confidential information, such as an account number or card verification number. The string can contain up to 256 characters. This field is available only for merchants who implemented request tokens before July 2008. For new implementations, use the orderRequestToken field. For more information, see Working with Request Tokens . |
ccCaptureService (O) |
String (256) |
|
ccCaptureService_authType |
If the transaction contains a verbally authorized transaction, this field must contain the value verbal. |
ccCaptureService (O) |
String (6) |
|
ccCaptureService_posData |
This field is required for FDMS South for verbal authorizations and forced captures with the American Express card type to support the CAPN requirements: • For a forced capture, obtain the value for this field from the authorization response. • For a verbal authorization, you cannot obtain a value for this field. Therefore, CyberSource will use the default value. Default: Value generated by CyberSource based on various factors of the transaction such as retail or internet, card present or not, and swiped or keyed. |
ccCaptureService (See the field description.) |
String (12) |
|
ccCaptureService_run |
Whether to include ccCaptureService in your request. Possible values: • true: Include the service in your request. • false (default): Do not include the service in your request. |
ccCaptureService (R) |
String (5) |
|
ccCaptureService_transactionID |
This field is required for FDMS South for verbal authorizations and forced captures with the Amercing Express card type to support the CAPN requirements: • For a forced capture, obtain the value for this field from the authorization response. • For a verbal authorization, you cannot obtain a value for this field. Therefore, CyberSource will use the default value. See Verbal Authorizations: The Capture for information about using the default for this field for verbal authorizations. Default: 000000000000000 (15 zeros) |
ccCaptureService (See the field description.) |
String (15) |
|
ccCaptureService_verbalAuthCode |
Verbally received authorization code. |
ccCaptureService (O) |
String (6) For CCS (CAFIS): |
|
ccCreditService_aggregatorID |
Unique alphanumeric value that identifies you if you are an aggregator. |
ccCreditService (Required for aggregators for the American Express card type.) |
String (15) |
|
ccCreditService_billPayment |
Indicates that this is a credit for a bill the customer paid with a Visa card. See Bill Payments with Visa for a list of processors that support bill payments with Visa. Possible values: • N (default): Not a credit for a bill payment • Y: Credit for a bill payment. |
ccCreditService (O) |
String (1) |
|
ccCreditService_ |
The requestID returned from a previous request for capture. Creates a follow-on credit by linking the credit to the previous capture. If you send this field, you do not need to send several other credit request fields. See Crediting a Payment for more information about follow-on credits. |
ccCreditService (O) |
String (26) |
|
ccCreditService_captureRequestToken |
The requestToken value returned from a previous request for ccCaptureService. This field is required only for follow-on credit requests; it is not required for stand-alone credit requests. The field is an encoded string that contains no confidential information, such as an account number or card verification number. The string can contain up to 256 characters. This field is available only for merchants who implemented request tokens before July 2008. For new implementations, use the orderRequestToken field. For more information, see Working with Request Tokens . |
ccCreditService (O) |
String (256) |
|
ccCreditService_ |
Type of transaction. Use with stand-alone credits. Certain card associations use this information when determining discount rates. Possible values: • internet (default): eCommerce order placed using a Web site. • moto: Mail order or telephone order. Not supported for all Bill Me Later gateways. • recurring: Recurring mail order or telephone transaction. See Recurring Payments for a list of processors that support this value. |
ccCreditService (O) |
String (13) |
|
ccCreditService_run |
Whether to include ccCreditService in your request. Possible values: • true: Include the service in your request. • false (default): Do not include the service in your request. |
ccCreditService (R) |
String (5) |
|
ccDCCService_run |
Flag that indicates if ccDCCService needs to be called for your request. Possible values: • true: The service is included in your request. • false (default): The service is not included in your request. |
ccDCCService (R) |
String (5) |
|
dcc_dccIndicator |
Flag that indicates if DCC is being used for the transaction. For details, seeDynamic Currency Conversion (DCC) . Possible values: • 1: Converted—DCC is being used. • 2: Non-convertible—DCC cannot be used. • 3: Declined—DCC could be used, but the customer declined it. This field is required if you called the DCC service for the purchase. |
ccAuthService (See description) ccCaptureService (See description) ccCreditService (See description) |
String (1) |
|
fundingTotals_... |
The fields for the Multi-Currency Service are listed separately in the |