Menu

Take a card on file authorization

API v6
Last updated August 2023

Use our card on file authorize resource when your customer is initiating a payment using stored card details. Read more about card on file mandateshere.

What are card on file payments?

  • The customer is actively participating in making a payment at the point of authorization using card details you have previously stored/ intend to store
  • Does not follow a schedule
  • Requires explicit permission from the customer to store the card on their account for use in a “one-click” model
  • Sometimes referred to as Customer Initiated Transactions (CIT)

On this page:

Card on file authorization with verification

Verifyyour customer's account before submitting your first card on file payment for authorization.

Card on file request

POST your card on file request to thepayments:cardOnFileAuthorizeaction link received in your successfulcardOnFile intelligentordynamicCardOnFileverification.

Card on file example request

POST https://try.access.worldpay.com/payments/authorizations/cardonFile/{resource}

Click the tabs below to see all the mandatory fields for all supported paymentInstrument parameters.

Card on file request body:

Copied!
{
    "transactionReference": "Memory265-13/08/1876",
    "merchant": {
        "entity": "MindPalaceLtd"
    },
    "instruction": {
        "narrative": {
            "line1": "Mind Palace Ltd"
        },
        "value": {
            "currency": "GBP",
            "amount": 250
        },
        "paymentInstrument": {
            "type": "card/plain",
            "cardNumber": "4444333322221111",
            "cardExpiryDate": {
                "month": 5,
                "year": 2035
            }
        }
    }
}
{
    "transactionReference": "Memory265-13/08/1876",
    "merchant": {
        "entity": "MindPalaceLtd"
    },
    "instruction": {
        "narrative": {
            "line1": "Mind Palace Ltd"
        },
        "value": {
            "currency": "GBP",
            "amount": 250
        },
        "paymentInstrument": {
            "type": "card/token",
            "href": "https://try.access.worldpay.com/tokens/{}",
            "cvc": "898"
        }
    }
}
{
    "transactionReference": "Memory265-13/08/1876",
    "merchant": {
        "entity": "MindPalaceLtd"
    },
    "instruction": {
        "narrative": {
            "line1": "Mind Palace Ltd"
        },
        "value": {
            "currency": "GBP",
            "amount": 250
        },
        "paymentInstrument": {
            "type": "card/checkout",
            "tokenHref": "https://try.access.worldpay.com/tokens/eyJrIjoxLCJkIjoiNjd5bnJnSTR3a3FITW00SHNjaE90YnAwcVlvZ1pSZ3RFOXJjcklzVzY1ND0ifQ",
            "cvcHref": "https://try.access.worldpay.com/sessions/eyJrIjoxLCJkIjoiNjQxbUswTlVFYW05NWY2R0IvUEtqWXY0QjVyY2V5VHBBU0Q1TDNuSFQrMGtEc3RIZm1NQnFtNDhKcVB1TkoySDkycWhpRHVwSHBZY3F6NEZiUGwxVHc9PSJ9"
        }
    }
}

Parameter descriptions

ParameterRequiredDescription
transactionReferenceA unique reference generated by you that is used to identify a payment throughout its lifecycle. Seetransaction reference format, for more details and the best practices.
merchantAn object that contains information about the merchant.
merchant.entityDirect your payment to assist with billing, reporting and reconciliation. This is mandatory for Authentication and Queries.
Contact your Implementation Manager for more details.
merchant.mccYou can apply a merchant category code (mcc) to an individual request. You can only provide an mcc if we have enabled the dynamic mcc feature duringboarding. If enabled but not provided, merchant.mcc defaults to a configured value. For more information contact yourRelationship Manager.
merchant.paymentFacilitatorAn object containing Payment Facilitator information. If required you must send:
  • pfId
  • isoId
  • subMerchant.merchantId
  • subMerchant.postalcode
  • subMerchant.street
  • subMerchant.city
  • subMerchant.countryCode
  • subMerchant.telephone (mandatory for Amex)
  • subMerchant.email (mandatory for Amex)
This information is required for every card on file request only if you are a Payment Facilitator. You can find more formatting informationhere.
instructionAn object that contains all the information related to the payment.
instruction.narrativeThe text that appears on your customer's statement. Used to identify the merchant.
Seenarrative formatfor more details and the best practices.
narrative.line1The first line of the narrative which appears on your customer's statement (24 character max. If character is not supported it is replaced with a space.).
Seenarrative line1 formatfor more details.
narrative.line2Additional details about the payment e.g. order number, telephone number.
instruction.debtRepaymentDRI is a flag which identifies a payment as being for the purpose of repaying a debt. Possible value :
  • true (only supply if true)
For more information contact yourRelationship Manager.
instruction.valueAn object that contains information about the value of the payment.
value.currencyThe 3 digit currency code.
See list ofsupported currencies.
value.amountThe payment amount. This is a whole number with an exponent e.g. if exponent is two, 250 is 2.50. You can find the relevant exponent in ourcurrency table.
instruction.paymentInstrumentAn object that contains the payment type and details.
Available paymentInstruments:
paymentInstrument.cardExpiryDateAn object that contains your customer's card expiry date.
Mandatory for all "type": "card/plain" requests.
paymentInstrument.cardNumberAn object that contains your customer's card number. Mandatory for "type": "card/plain" requests.
paymentInstrument.cvcCVC is a unique set of 3 or 4 numbers on the back of the card. Our API checks to see if the CVC supplied matches the CVC held by the issuing bank.
paymentInstrument.cardHolderNameAn object that contains your customer's card name.
This is not a mandatory field however it is recommended that you supply this to improve authorization rates. If not sent, the default is "Not Supplied".
paymentInstrument.billingAddressAn object containing the billing address information. If included you must send at least:
  • address1
  • city
  • countryCode
  • postalCode
This is used for Address Verification Service (AVS) and can only be supplied with a card/plain,card/wallet+applepay or card/wallet+googlepay payment instrument. Our API checks the submitted AVS to see if it matches the address registered with the issuing bank. If the address supplied does not match the registered address it means that the payment carries additional risk.
instruction.intentA parameter detailing the reason for this particular card on file agreement. Possible value:
  • instalment
  • subscription
customer.riskProfileUsed to apply theSCA exemptionin the payment request and update theFraudSightdata model to benefit future payments.

3DS

3DS authorization request parameter descriptions

To get the customer authentication object you must complete anauthentication requestusing our3DS API.

Copied!
{
    "transactionReference": "Memory265-13/08/1876",
    "merchant": {
        "entity": "MindPalaceLtd"
    },
    "instruction": {
        "narrative": {
            "line1": "Mind Palace Ltd"
        },
        "value": {
            "currency": "GBP",
            "amount": 250
        },
        "paymentInstrument": {
            "type": "card/plain",
            "cardNumber": "4444333322221111",
            "cardExpiryDate": {
                "month": 5,
                "year": 2035
            }
        }
    },
    "customer": {
        "authentication": {
            "version": "1.0.2",
            "type": "3DS",
            "eci": "05",
            "authenticationValue": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=",
            "transactionId": "z9UKb06xLziZMOXBEmWSVA1kwG0="
        }
    }
}
{
    "transactionReference": "Memory265-13/08/1876",
    "merchant": {
        "entity": "MindPalaceLtd"
    },
    "instruction": {
        "narrative": {
            "line1": "trading name"
        },
        "value": {
            "currency": "GBP",
            "amount": 250
        },
        "paymentInstrument": {
            "type": "card/plain",
            "cardNumber": "4444333322221111",
            "cardExpiryDate": {
                "month": 5,
                "year": 2035
            }
        }
    },
    "customer": {
        "authentication": {
            "version": "2.1.0",
            "type": "3DS",
            "eci": "05",
            "authenticationValue": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=",
            "transactionId": "c5b808e7-1de1-4069-a17b-f70d3b3b1645"
        }
    }
}
{
    "transactionReference": "Memory265-13/08/1876",
    "merchant": {
        "entity": "MindPalaceLtd"
    },
    "instruction": {
        "narrative": {
            "line1": "Mind Palace Ltd"
        },
        "value": {
            "currency": "GBP",
            "amount": 250
        },
        "paymentInstrument": {
            "type": "card/token",
            "href": "https://try.access.worldpay.com/tokens/{}"
        }
    },
    "customer": {
        "authentication": {
            "version": "1.0.2",
            "type": "3DS",
            "eci": "05",
            "authenticationValue": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=",
            "transactionId": "z9UKb06xLziZMOXBEmWSVA1kwG0="
        }
    }
}
{
    "transactionReference": "Memory265-13/08/1876",
    "merchant": {
        "entity": "MindPalaceLtd"
    },
    "instruction": {
        "narrative": {
            "line1": "Mind Palace Ltd"
        },
        "value": {
            "currency": "GBP",
            "amount": 250
        },
        "paymentInstrument": {
            "type": "card/token",
            "href": "https://try.access.worldpay.com/tokens/{}"
        }
    },
    "customer": {
        "authentication": {
            "version": "2.1.0",
            "type": "3DS",
            "eci": "05",
            "authenticationValue": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=",
            "transactionId": "c5b808e7-1de1-4069-a17b-f70d3b3b1645"
        }
    }
}

Note:

  • 3DS1 is supported in certain regions only.
  • 3DS data cannot be supplied for MOTO transactions.

The descriptions of parameters from your 3DS authorization request

ParameterDescription
customerAn object containing the result of your customer's verification. For more details see3DS verification.
authentication.type3DS
authentication.versionThe version of 3DS used to process the transaction.
For 3DS1 - 1.0.2
For 3DS2 - 2.1.0 or 2.2.0

Note: Required for Mastercard's Identity Check transactions in Authorization.

authentication.eciElectronic Commerce Indicator (ECI).
Indicates the outcome of the3DS verification.
  • 02 or 05 - Fully Authenticated Transaction
  • 01 or 06 - Attempted Authentication Transaction
  • 00 or 07 - Non 3-D Secure Transaction
  • Mastercard - 02, 01, 00
  • Visa - 05, 06, 07
  • Amex - 05, 06, 07
  • JCB - 05, 06, 07
  • Diners - 05, 06, 07
authentication.authenticationValueRequired, if authentication.eci value is 01, 02, 05 or 06.
A cryptographic value that provides evidence of the outcome of a 3DS verification.
  • Visa - Cardholder Authentication Verification Value (CAVV)
  • Mastercard - Universal Cardholder Authentication Field (UCAF)
authentication.authenticationValue must be 28 digits max and must be base64-encoded.
authentication.transactionIdRequired, if authentication.eci value is 01, 02, 05 or 06.
A unique authentication transaction identifier, generated by the issuer.

For version 3DS1: transactionId is base64-encoded and 28 digits in length.
For version 3DS2: transactionId follows RFC 4122 UUID standard and is 36 characters in length.

Optional parameters

Card on file response

Best Practice: Access Worldpay returns a WP-CorrelationId in the headers of service responses. We highly recommend you log this. The WP-CorrelationId is used by us to examine individual service requests.

Successful payment

You receive:

  • an HTTP code 201
  • an "outcome": "authorized"
  • risk factors (only returned if issuer identifies conflict)
  • anexemption result and reason(only if you supplied a risk profile to request anSCA exemption)
  • an issuer authorization code
  • a scheme reference (supported by major card schemes, but may not be returned for all schemes/regions)
  • links tocancel,settle,partially settleortrack payment events
  • an authorization link for the next payment in your repeat payment agreement

Refused payment

You receive:

  • an HTTP code 201
  • an "outcome": "refused"
  • arefusal code
  • a description which gives additional context on the refusal
  • risk factors (only returned if issuer identifies conflict)
  • anexemption result and reason(only if you supplied a risk profile to request anSCA exemption)

Example response

Copied!
{
    "outcome": "authorized",
    "riskFactors": [{
            "risk": "not_matched",
            "type": "cvc"
        },
        {
            "risk": "not_checked",
            "detail": "postcode",
            "type": "avs"
        },
        {
            "risk": "not_checked",
            "detail": "address",
            "type": "avs"
        }
    ],
    "issuer": {
        "authorizationCode": "0"
    },
    "scheme ": {
        "reference": "1260019172"
    },
    "exemption": {
        "result": "honored",
        "reason": "issuerHonored"
    },
    "_links": {
        "payments:cancel": {
            "href": "https://try.access.worldpay.com/payments/authorizations/cancellations/eyJrIjoiazNhYjYzMiJ9"
        },
        "payments:settle": {
            "href": "https://try.access.worldpay.com/payments/settlements/full/eyJrIjoiazNhYjYzMiJ9"
        },
        "payments:partialSettle": {
            "href": "https://try.access.worldpay.com/payments/settlements/partials/eyJrIjoiazNhYjYzMiJ9"
        },
        "payments:events": {
            "href": "https://try.access.worldpay.com/payments/events/eyJrIjoiazNhYjYzMiJ9"
        },
        "payments:cardOnFileAuthorize": {
            "href": "https://try.access.worldpay.com/payments/authorizations/cardOnFile/eyJrIjoiazNhYjYzMiJ9"
        },
        "payments:recurringAuthorize": {
            "href": "https://try.access.worldpay.com/payments/authorizations/recurring/eyJrIjoiazNhYjYzMiJ9"
        },
        "curies": [{
            "name": "payments",
            "href": "https://try.access.worldpay.com/rels/payments/{rel}",
            "templated": true
        }]
    }
}
{
    "outcome": "refused",
    "description": "CARD EXPIRED",
    "code": "33",
    "refusalAdvice": {
        "code": "01"
    },
    "riskFactors": [{
            "risk": "not_supplied",
            "type": "cvc"
        },
        {
            "risk": "not_checked",
            "detail": "address",
            "type": "avs"
        },
        {
            "risk": "not_checked",
            "detail": "postcode",
            "type": "avs"
        },
        {
            "risk": "verificationFailed",
            "type": "riskProfile"
        }
    ]
}

riskFactors

To reduce the probability of processing a fraudulent payment, supply your customer's billing address and cvc in yourauthorization request.

We check this with your customer's issuing bank and include any conflicts in our response.

The riskFactors array is returned only if there is a risk associated with the authorization request. The riskFactors array returns an object for avs, cvc or riskProfile only if this information was included in the authorization request and if any risk was identified.

The table below describes the response parameters:

ParameterDescription
riskFactors.typeReturns avs, cvc or riskProfile
riskFactors.detailFor avs only.
Returns postcode or address
riskFactors.riskReturns not_checked, not_matched, not_supplied or verificationFailed

exemptions

An exemption result and reason if a risk profile was included in your authorization request.

The table below describes the response parameters:

ParameterDescription
exemption.resultReturns honored, outOfScope, rejected or unknown
exemption.reasonFor honored, returns issuerHonored or unknown.
For outOfScope, returns merchantInitiatedTransaction, oneLegOut, moto, contactless or unknown.
For rejected, returns issuerRejected, highRisk, invalid, unsupportedScheme, notSubscribed, unsupportedAcquirer or unknown

You must always store and use the link returned in thepayments:cardOnFileAuthorizeaction link to authorize your next card on file payments.

Note: In case of an error, you can get further information in ourerror reference.


Next steps


Refund a payment

Card on file authorization without verification

Use our migrate card on file authorize resource when your customer is initiating a payment using stored card details without verifying their account first. Read more about card on file mandateshere.

Card on file without verification authorization request

POST your card on file authorizations to ourpayments:migrateCardOnFileAuthorizeaction link resource received in yourquery the payments root resourcerequest.

migrateCardOnFile authorization example request

POST https://try.access.worldpay.com/payments/authorizations/migrateCardOnFile

Click the tabs below to see all the mandatory fields for all supported paymentInstrument parameters.

migrateCardOnFile authorization request body:

Copied!
{
    "transactionReference": "Memory265-13/08/1876",
    "merchant": {
        "entity": "MindPalaceLtd"
    },
    "instruction": {
        "narrative": {
            "line1": "Mind Palace"
        },
        "value": {
            "currency": "GBP",
            "amount": 250
        },
        "paymentInstrument": {
            "type": "card/plain",
            "cardNumber": "4444333322221111",
            "cardExpiryDate": {
                "month": 5,
                "year": 2035
            }
        }
    }
}
{
    "transactionReference": "Memory265-13/08/1876",
    "merchant": {
        "entity": "MindPalaceLtd"
    },
    "instruction": {
        "narrative": {
            "line1": "Mind Palace Ltd"
        },
        "value": {
            "currency": "GBP",
            "amount": 250
        },
        "paymentInstrument": {
            "type": "card/token",
            "href": "https://try.access.worldpay.com/tokens/{}",
            "cvc": "898"
        }
    }
}
{
    "transactionReference": "Memory265-13/08/1876",
    "merchant": {
        "entity": "MindPalaceLtd"
    },
    "instruction": {
        "narrative": {
            "line1": "Mind Palace Ltd"
        },
        "value": {
            "currency": "GBP",
            "amount": 250
        },
        "paymentInstrument": {
            "type": "card/checkout",
            "tokenHref": "https://try.access.worldpay.com/tokens/eyJrIjoxLCJkIjoiNjd5bnJnSTR3a3FITW00SHNjaE90YnAwcVlvZ1pSZ3RFOXJjcklzVzY1ND0ifQ",
            "cvcHref": "https://try.access.worldpay.com/sessions/eyJrIjoxLCJkIjoiNjQxbUswTlVFYW05NWY2R0IvUEtqWXY0QjVyY2V5VHBBU0Q1TDNuSFQrMGtEc3RIZm1NQnFtNDhKcVB1TkoySDkycWhpRHVwSHBZY3F6NEZiUGwxVHc9PSJ9"
        }
    }
}
{
    "transactionReference": "Memory265-13/08/1876",
    "merchant": {
        "entity": "MindPalaceLtd"
    },
    "instruction": {
        "narrative": {
            "line1": "Mind Palace Ltd"
        },
        "value": {
            "currency": "GBP",
            "amount": 250
        },
        "paymentInstrument": {
            "type": "card/networkToken+applepay",
            "dpan": "4444333322221111",
            "cardExpiryDate": {
                "month": 5,
                "year": 2035
            }
        }
    },
    "customer": {
        "authentication": {
            "type": "card/networkToken",
            "authenticationValue": "abc123=="
        }
    }
}

Parameter descriptions

ParameterRequiredDescription
channelThe payment channel indicates the interaction of the cardholder with the merchant. Possible value :
  • moto
Supply a value of moto to process an authorization as a Mail Order or Telephone Order (MOTO) transaction. If channel is not provided, the authorization will be processed as ecommerce by default.

Note: 3DS authentication data cannot be supplied for MOTO payments.

instruction.intentA parameter detailing the reason for entering into a repeat payment agreement. Possible value:
  • instalment
  • subscription
instruction.paymentInstrumentAn object that contains the payment type and details.
Available paymentInstruments:
  • card/plain
  • card/token -create a tokenfirst
  • card/checkout - Use ourCheckout SDK for session creationand use this session tocreate a tokenfirst. You must use the token in the tokenHref not the Checkout session.
  • card/networkToken+applepay - Used for adecrypted walletflow. This paymentInstrument includes the dpan which replaces the original card number. It is generated by the card network/ wallet provider.
scheme.referenceUnique reference provided by the schemes that identifies a repeat payment agreement between you and the customer. A new reference is generated for every subsequent payment in the agreement. You can submit this for card/plain, card/token andcard/networkToken+applepayrequests. Most but not all issuers return this.

The token can only store a single scheme reference. Supplying a scheme reference in your token request, overrides the scheme reference stored in the token.

customer.authentication.typeUse card/networkToken for a decrypted wallet flow.

You can find the full parameter descriptionhere.

Optional parameters

Card on file without verification response

Best Practice: Access Worldpay returns a WP-CorrelationId in the headers of service responses. We highly recommend you log this. The WP-CorrelationId is used by us to examine individual service requests.

Successful payment

You receive:

  • an HTTP code 201
  • an "outcome": "authorized"
  • risk factors(only returned if issuer identifies conflict)
  • anexemption result and reason(only if you supplied a risk profile to request anSCA exemption)
  • an issuer authorization code
  • a scheme reference (supported by major card schemes, but may not be returned for all schemes/regions)
  • a paymentInstrument (for Apple Pay decrypted only)
  • links tocancel,settle,partially settleortrackpayment events
  • an authorization link for the next payment in your repeat payment agreement

Refused payment

You receive:

Example response

Copied!
{
    "outcome": "authorized",
    "riskFactors": [{
            "risk": "not_matched",
            "type": "cvc"
        },
        {
            "risk": "not_checked",
            "detail": "postcode",
            "type": "avs"
        },
        {
            "risk": "not_checked",
            "detail": "address",
            "type": "avs"
        }
    ],
    "issuer": {
        "authorizationCode": "0"
    },
    "scheme ": {
        "reference": "1260019172"
    },
    "exemption": {
        "result": "honored",
        "reason": "issuerHonored"
    },
    "_links": {
        "payments:cancel": {
            "href": "https://try.access.worldpay.com/payments/authorizations/cancellations/eyJrIjoiazNhYjYzMiJ9"
        },
        "payments:settle": {
            "href": "https://try.access.worldpay.com/payments/settlements/full/eyJrIjoiazNhYjYzMiJ9"
        },
        "payments:partialSettle": {
            "href": "https://try.access.worldpay.com/payments/settlements/partials/eyJrIjoiazNhYjYzMiJ9"
        },
        "payments:events": {
            "href": "https://try.access.worldpay.com/payments/events/eyJrIjoiazNhYjYzMiJ9"
        },
        "payments:cardOnFileAuthorize": {
            "href": "https://try.access.worldpay.com/payments/authorizations/cardOnFile/eyJrIjoiazNhYjYzMiJ9"
        },
        "payments:recurringAuthorize": {
            "href": "https://try.access.worldpay.com/payments/authorizations/recurring/eyJrIjoiazNhYjYzMiJ9"
        },
        "curies": [{
            "name": "payments",
            "href": "https://try.access.worldpay.com/rels/payments/{rel}",
            "templated": true
        }]
    }
}
{
    "outcome": "authorized",
    "riskFactors": [
        {
            "risk": "not_supplied",
            "type": "cvc"
        },
        {
            "risk": "not_supplied",
            "detail": "address",
            "type": "avs"
        },
        {
            "risk": "not_supplied",
            "detail": "postcode",
            "type": "avs"
        }
    ],
    "issuer": {
        "authorizationCode": "594554"
    },
    "scheme": {
        "reference": "000000000000020005060720116005061"
    },
    "paymentInstrument": {
        "type": "card/network",
        "card": {
            "paymentAccountReference": "Q1HJZ28RKA1EBL470G9XYG90R5D3E"
        }
    },
    "_links": {
        "payments:cancel": {
            "href": "https://try.access.worldpay.com/payments/authorizations/cancellations/eyJrIjoiaz"
        },
        "payments:settle": {
            "href": "https://try.access.worldpay.com/payments/settlements/full/eyJrIjoiazNhYjYzMiIs"
        },
        "payments:partialSettle": {
            "href": "https://try.access.worldpay.com/payments/settlements/partials/eyJrIjoiazNhYjYzM"
        },
        "payments:events": {
            "href": "https://try.access.worldpay.com/payments/events/eyJrIjoiazNhYjYzMiIsImxpbmtWZXJ"
        },
        "curies": [
            {
                "name": "payments",
                "href": "https://try.access.worldpay.com/rels/payments/{rel}",
                "templated": true
            }
        ],
        "payments:cardOnFileAuthorize": {
            "href": "https://try.access.worldpay.com/payments/authorizations/cardOnFile/eyJrIjoiazNhYjYzMiIs"
        },
        "payments:recurringAuthorize": {
            "href": "https://try.access.worldpay.com/payments/authorizations/recurring/eyJrIjoiazNhYjYzMiIs"
        }
    }
}
{
    "outcome": "refused",
    "description": "CARD EXPIRED",
    "code": "33",
    "refusalAdvice": {
        "code": "01"
    },
    "riskFactors": [{
            "risk": "not_supplied",
            "type": "cvc"
        },
        {
            "risk": "not_checked",
            "detail": "address",
            "type": "avs"
        },
        {
            "risk": "not_checked",
            "detail": "postcode",
            "type": "avs"
        },
        {
            "risk": "verificationFailed",
            "type": "riskProfile"
        }
    ]
}

You can use thepayments:settleaction link tosettle the paymentstraight away. Alternatively you can cache the response and use the link to settle the payment later.

You must store and use the link returned in thepayments:migrateCardOnFileAuthorizeaction link to authorize your next card on file payments.

Note: In case of an error, you can get further information in ourerror reference.

riskFactors

To reduce the probability of processing a fraudulent payment, supply your customer's billing address and cvc in yourauthorization request.

We check this with your customer's issuing bank and include any conflicts in our response.

The riskFactors array is returned only if there is a risk associated with the authorization request. The riskFactors array returns an object for avs, cvc or riskProfile only if this information was included in the authorization request and if any risk was identified.

The table below describes the response parameters:

ParameterDescription
riskFactors.typeReturns avs, cvc or riskProfile
riskFactors.detailFor avs only.
Returns postcode or address
riskFactors.riskReturns not_checked, not_matched, not_supplied or verificationFailed

exemptions

Anexemptionresult and reason if arisk profilewas included in your authorization request.

The table below describes the response parameters:

ParameterDescription
exemption.resultReturns honored, outOfScope, rejected or unknown
exemption.reasonFor honored, returns issuerHonored or unknown.
For outOfScope, returns merchantInitiatedTransaction, oneLegOut, moto, contactless or unknown.
For rejected, returns issuerRejected, highRisk, invalid, unsupportedScheme, notSubscribed, unsupportedAcquirer or unknown

Soft decline

The issuer responds with a soft decline (refusal code 65), if no exemption has been applied to the payment. The next logical step for this is to proceed with3DS authentication.


Next steps


Settle or cancel a payment