Post-Authorization Backfill
POST https://api.fraudio.com/v1/transactions/post-auth
Endpoint Overview​
Our Post-Authorization Backfill endpoint collects post-authorization transaction events to enrich transaction events that are sent pre-authorization to the Fraud Score Endpoint.
This endpoint is only applicable to you if you are doing a pre-auth integration: It allows you to provide important
post-auth fields such as eci
, cavvresult
, avsresult
, cvvresult
, and responsecode
that cannot be sent to the Fraud Score endpoint in a pre-auth integration.
Request Parameters​
Name | In | Type | Required | Description |
---|---|---|---|---|
body | body | Post-Auth Transaction | true | none |
Request parameters in JSON format​
{
"customer": "customer-placeholder",
"transactionid": "00000001",
"transactiontype": "auth",
"avsresult": "A",
"cvvresult": "S",
"eci": "02",
"responsecode": "05",
"success": "true",
"timestamp": 1646063615,
"authresult": "success",
"cavvresult": "5",
"ddresult": "ZXC* Site Access 800-123-4567",
"gatewaydeclinereason": "Card Disabled",
"ucafindicator": "2"
}
Request parameters: Field Reference Table​
Field | Data Type | Payment Fraud (Issuer) | Payment Fraud (Acquirer / Processor) | Merchant Fraud / AML | Description |
---|---|---|---|---|---|
transactionid | String | Critical & Required | Critical & Required | Critical & Required | The unique identifier of the transaction event. Every transaction event, so auth , capture , auth_capture , etc., has its own unique ID. |
timestamp | Double | Critical & Required | Critical & Required | Critical & Required | The UTC time at which the transaction was made. When sending events in realtime, this will usually be 'now'. Only Unix Timestamps are accepted. |
transactiontype | String | Critical & Required | Critical & Required | Critical & Required | The type of transaction event. Possible values are: auth , capture , auth_capture , refund , void , top_up , incremental_auth , atm or reversal . Details about each possible value below.auth : An authorization is used to reserve funds on the customer's card without yet deducting them.capture : A capture is used to immediately deduct authorised funds (up to the amount auth'd) from a customer's card. A capture should always be linked to at least one authorization via the parenttransactionid .auth_capture : A simultaneous combination of auth and capture in the same transaction, for when there is no need to perform these operations separately.refund : A refund transaction returns credit to a customer's payment method.void : A void transaction is the explicit discarding of authorization of funds.top_up : Increases the available credit of a credit card.incremental_auth : A transaction that increases the authorised amount of a confirmed auth transaction that has not yet been captured.atm : An automated teller machine (atm) transaction.reversal : A reversal annuls the transaction and re-credits the customer's payment method. This happens directly after the transaction has taken place but before the funds have been fully processed.none : Use only when the transactiontype is unknown. |
customer | String | Critical & Required | Critical & Required | Critical & Required | The name of Fraudio's client that makes the API call. |
success | String | Critical & Required | Critical & Required | Critical & Required | Indicates if the transaction was successfully completed with no technical error. Accepted values are: true , false or none .- true : Successfully completed.- false : Unsuccessfully completed..- none : Unknown. |
responsecode | String | Critical & Required | Critical & Required | Critical & Required | The response code is a numerical code that indicates the outcome of authorization checks of issuing banks.. The code must be a 2 character ISO8583-1987 response. |
avsresult | String | Important | Important | Important | AVS (Address Verification System) result is the outcome of a check performed for Card-not-Present and MOTO transactions on the billing address provided by the shopper to see if the provided address matches the address on file with the card issuer. This helps verify the identity of the shopper vs the actual cardholder. It is more likely that the shopper is the cardholder when the billing address details match. Accepted values are: - A: Addresses match/ZIP codes do not. - B: Street addresses match, but ZIP codes not verified due to incompatible formats. - C: Street address and postal/ZIP codes not verified due to incompatible formats. - D: Street addresses and postal/ZIP codes match (VISA). Customer name incorrect, ZIP codes match (AMEX / JCB). - E: Customer name incorrect, billing address and ZIP code match. - F: Street addresses and postal codes match (VISA). Customer name incorrect, billing address matches (AMEX / JCB). - G: Address information not verified for international transaction. - I: Address information not verified. - K: Customer name matches. - L: Customer name and ZIP code match. - M: Street addresses and postal/ZIP codes match. - N: No match. - O: Customer name and billing address match. - P: Postal/ZIP codes match. Acquirer sent both postal/ZIP code and street address, but street address not verified due to incompatible formats. - R: Retry: System unavailable or timed out. Issuer ordinarily performs address verification but was unavailable. - S: AVS not supported. - T: Nine-digit zip code matches, address does not match. - U: Information is unavailable. - W: For U.S. Addresses, nine-digit postal code matches, address does not. For address outside the U.S. postal code matches, address does not (MasterCard / Discover). Customer name, billing address, and postal code are all correct ( AMEX / JCB). - X: For U.S. addresses, nine-digit postal code and addresses matches. For addresses outside the U.S., postal code and address match. - Y: Street address and postal/ZIP match. - Z: Postal/ZIP match, street addresses do not match or street address not included in request. - none : Unknown. |
authresult | String | Supplementary | Supplementary | Supplementary | Indicates if the transaction successfully passed all authentication and authorization checks. Accepted values are: - fail: failed authentication and authorization. - success: successful authentication and authorization. - none : Unknown. |
cavvresult | String | Important | Important | Important | The Cardholder Authentication Verification Value (CAVV) is a value that allows VISA to validate the integrity of the Verified by Visa (VbV) transaction data for VISA 3Ds transactions. Accepted values are: - 0: CAVV authentication results invalid, no verification performed. - 1: CAVV failed verification (authentication), Issuer approves authorization. - 2: CAVV passed verification (authentication), Issuer approves authorization. - 3: CAVV passed verification (attempt), Issuer approves authorization. - 4: CAVV failed verification (attempt), Issuer approves authorization. - 5: Not Used - Reserved. - 6: CAVV not verified (VisaNet flag for Issuer not selected), Issuer approves authorization. - 7: CAVV failed verification (attempt), Issuer approves authorization. - 8: CAVV passed verification (attempt), Issuer approves authorization. - 9: CAVV failed verification (attempt), Issuer approves authorization. - A: CAVV passed verification (attempt), Issuer approves authorization. - B: CAVV passed verification (authentication). - C: CAVV failed verification (attempt). - D: CAVV failed verification (authentication). - none : Unknown. |
cvvresult | String | Important | Important | Important | Card Verification Value (CVV) result is the outcome of a check performed on the security code provided by the shopper to see if it matches the code on file with the card issuer. Accepted values: - M: CVV2 Match. - N: CVV2 No Match. - P: Not processed. - S: CVV2 should be on the card. - U: Issuer does not participate in CVV2 service, or participates but has not provided the encryption keys, or both. - X: No response from association. - none : Unknown. |
ddresult | String | Supplementary | Supplementary | Supplementary | The dynamic descriptor result returned by the processor is the text that represents businesses on bank account statements. Can be up to 22 characters long. |
eci | String | Important | Important | Important | The Electronic Commerce Indicator (ECI) is the value indicating the outcome of 3D-Secure (3DS) authentication attempted on transactions where 3DS is enabled. Different card schemes use different values. Accepted values for Visa / American Express / JCB / Discover / Diners are: - 05: Both cardholder and card issuing bank are 3D enabled. 3D card authentication is successful. - 06: Either cardholder or card issuing bank is not 3D enrolled. - 07: Authentication is unsuccessful or not attempted. - none : Unknown.Accepted values for MasterCard are: - 02: Both cardholder and card issuing bank are 3D enabled. 3D card authentication is successful. - 01: Either cardholder or card issuing bank is not 3D enrolled. - 00: Authentication is unsuccessful or not attempted. - none : Unknown. |
gatewaydeclinereason | String | n.a. | Important | Important | The gateway decline reason is a code provided by the payment gateway indicating the reason for a declined transaction. Declinecodes differ from gateway to gateway, therefore the reason of the decline is preferred. Any declinereason is accepted. E.g. Application Incomplete, Duplicate, Fraud, Risk Thresholds, Card Disabled. |
merchantadvicecode | String | Supplementary | Supplementary | Supplementary | The merchant advice code is a code provided by the merchant's payment processor that indicates the reason for a declined transaction, and how it can be retried. |
ucafindicator | String | Supplementary | Supplementary | Supplementary | The Universal Cardholder Authentication (UCAF) indicator indicates to what extend the UCAF data collection is supported for MasterCard 3DS transactions. Accepted values are: - 0: UCAF data collection is not supported by the merchant. - 1: UCAF data collection is supported by the merchant, and UCAF data may be present and contain an attempted AAV. - 2: UCAF data collection is supported by the merchant and UCAF data must be present and contain a fully authenticated AAV. - none : Unknown. |
Response Parameters​
Status Code | Status Message | Description | Schema |
---|---|---|---|
200 | OK | Standard response for successful HTTP requests. | 200 OK - Post-auth response |
4xx , 500 , 501 , 502 , 503 , 504 | error | Various error messages for unsuccessful HTTP requests. | Problem response |
Code samples​
- Shell
- Python
- Java
- Perl
- PHP
curl -X POST https://api.fraudio.com/v1/transactions/post-auth \
-H "authorization: Bearer $ACCESS_TOKEN" \
-H 'Content-Type: application/json' \
--data-raw '{"customer": "customer-placeholder","transactionid": "00000001","transactiontype": "capture","avsresult": "A","cvvresult": "S","eci": "02","responsecode": "05","success": "true","timestamp": 1646063615,"authresult": "success","cavvresult": "5","ddresult": "ZXC* Site Access 800-123-4567","gatewaydeclinereason": "Card Disabled","ucafindicator": "2"}'
import json
import os
import requests
post_auth_backfill_endpoint = 'https://api.fraudio.com/v1/transactions/post-auth'
access_token = os.environ['ACCESS_TOKEN']
headers = {'Content-Type': 'application/json','authorization': f'Bearer {access_token}'}
post_auth_data = {"customer": "customer-placeholder", "transactionid":"00000001","transactiontype":"capture","avsresult":"A","cvvresult":"S","eci":"02","responsecode":"05","success":"true","timestamp":1646063615,"authresult":"success","cavvresult":"5","ddresult":"ZXC* Site Access 800-123-4567","gatewaydeclinereason":"Card Disabled","ucafindicator":"2"}
r = requests.post(post_auth_backfill_endpoint, data=json.dumps(post_auth_data), headers=headers)
print(r.json())
package com.fraudio;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
public class PostBackfill
{
public static void main(String[] args) throws IOException, URISyntaxException, InterruptedException
{
String postAuthBackfillEndpoint = "https://api.fraudio.com/v1/transactions/post-auth";
String accessToken = System.getenv("ACCESS_TOKEN");
String postAuthData = "{\"customer\": \"customer-placeholder\",\"transactionid\":\"00000001\",\"transactiontype\":\"capture\",\"avsresult\":\"A\",\"cvvresult\":\"S\",\"eci\":\"02\",\"responsecode\":\"05\",\"success\":\"true\",\"timestamp\":1512828988826,\"authresult\":\"success\",\"cavvresult\":\"5\",\"ddresult\":\"ZXC*SiteAccess800-123-4567\",\"gatewaydeclinereason\":\"CardDisabled\",\"ucafindicator\":\"2\"}";
HttpRequest request = HttpRequest.newBuilder()
.uri(new URI(postAuthBackfillEndpoint))
.header("authorization", String.format("Bearer %s", accessToken))
.header("Content-Type", "application/json")
.POST(HttpRequest.BodyPublishers.ofString(postAuthData))
.build();
HttpClient client = HttpClient.newHttpClient();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
String responseBody = response.body();
System.out.println("Response Code: " + response.statusCode() + " Response Body: " + responseBody);
}
}
use LWP::UserAgent;
use HTTP::Request::Common;
my $post_auth_endpoint = 'https://api.fraudio.com/v1/transactions/post-auth';
my $access_token = $ENV{"ACCESS_TOKEN"};
my $post_auth_data = '{"customer": "customer-placeholder","transactionid": "00000001","transactiontype": "capture","avsresult": "A","cvvresult": "S","eci": "02","responsecode": "05","success": "true","timestamp": 1646063615,"authresult": "success","cavvresult": "5","ddresult": "ZXC* Site Access 800-123-4567","gatewaydeclinereason": "Card Disabled","ucafindicator": "2"}';
my $req = HTTP::Request -> new(POST => $post_auth_endpoint);
$req -> header('authorization' => "Bearer $access_token", "Content-Type" => "application/json");
$req -> content($post_auth_data);
my $ua = LWP::UserAgent -> new;
my $resp = $ua -> request($req);
my $message = $resp -> decoded_content;
print "Received reply: $message";
<?php
$fraud_score_endpoint = 'https://api.fraudio.com/v1/transactions/post-auth';
$access_token = $_SERVER["ACCESS_TOKEN"];
$post_auth_data = '{"customer": "customer-placeholder","transactionid": "00000001","transactiontype": "capture","avsresult": "A","cvvresult": "S","eci": "02","responsecode": "05","success": "true","timestamp": 1646063615,"authresult": "success","cavvresult": "5","ddresult": "ZXC* Site Access 800-123-4567","gatewaydeclinereason": "Card Disabled","ucafindicator": "2"}';
$options = [
'http' => [
'header' => "authorization: Bearer $access_token" .
"Content-Type: application/json",
'method' => 'POST',
'content' => $post_auth_data
]
];
$context = stream_context_create($options);
$result = file_get_contents($fraud_score_endpoint, false, $context);
print $result;
?>