Revision history

DocsCurrentLast updated: April 18th 2022, @ 11:50:42 am

Revision History for the Payflow Gateway Developer Guide and Reference:

15 April 2022

  • Added support for Card on File, SCA Exemptions for Braintree and PayPal.

30 January 2022

  • Added Strong Customer Authentication (SCA) information.

    Note: Merchants operating in the European Economic Area (EEA) are mandated to support Strong Customer Authentication (SCA) on ecommerce transactions to meet the Payments Service Directive 2/Regulatory Technical Standards (PSD2/RTS) regulations.

  • Added MERCHANTNAME to TSYS dynamic soft descriptor capability.

  • Added PAR and PARID for American Express.

    Note: The Payment Account Reference (PAR) is a non-financial reference number assigned to each unique Primary Account Number (PAN) and mapped to all its affiliated Payment Tokens.

  • Added support for Card on File (CoF) for American Express.

15 July 2021

  • Added clarification to Card on File (CoF) that storing the credit card details locally requires use of the CARDONFILE parameter.

08 June 2021

  • Added note that FISERV Nashville and Global Payments now supports Card on File (CoF).
  • Added note to Payflow Header Parameters to not include https:// in the Host URL field.
  • Updated description of RESULT=23 to note that no spaces, non-numeric characters or dashes are part of the ACCT value.

15 May 2021

  • Added note throughout guide that ACH is no longer available for new accounts.
  • Renamed First Data Merchant Services (FDMS) to FISERV due to new branding.
  • Removed references to FISERV (First Data) South as this platform is deprecated.
  • Removed AUTHENTICATION_ID from 3-D Secure with 3rd-Party Merchant Plug-ins as this field is only used in the Payflow Buyer Authentication Service.

16 April 2021

  • Updated description of RESULT=170 under Transaction Responses to add additional information regarding fraudulent transactions.

  • Added new response code SUCCESSWITHWARNING.

    Whitelisted merchants: If PayPal Risk flags a transaction as possibly fraudulent, Payflow ignores the reason and allows the transaction to process. Payflow returns a new response parameter called SUCCESSWITHWARNING with the reason why PayPal Risk declined the transaction. For example, RESULT=0&RESPMSG=Approved&SUCCESSWITHWARNING=170:Fraudulent activity detected. Excessive use of card.

    PayPal merchants: As PayPal is your acquiring bank, PayPal may reject a transaction based on its risk criteria. A RESULT=170 could be generated whether the account is whitelisted or not. Whitelisting only prevents your account from being totally blocked to all transaction processing.

  • Fixed example for Transaction summary report in the Payflow reporting guide.

  • Added new additional parameters for TSYS under TSYS additional credit card parameters.

15 September 2020

  • The Payflow SDK has been updated to include support for Card on File (CoF) and 3D-Secure v2 and is now open-sourced. Visit GitHub for more information.
  • Updated the description for result code, RESULT=31 to include a note about pilot environment restrictions on the number of active profiles that can be created.

30 August 2020

  • Added notes under Test Transaction regarding PayPal when using the PayPal Sandbox versus using the Payflow simulator.
  • Added note about Prohibited Characters that can cause the hosted checkout page to not properly display or error out.
  • Made note that for level 3 line items for TSYS, the maximum number of lines items is 98.
  • Under Additional Processor Information added support for Quasi-Cash for FISERV North.
  • Updated descriptions for the following result codes: RESULT=4, RESULT=12, RESULT=13, RESULT=109, RESULT=113, RESULT=170.
  • Added missing NUMRETRYDAYS to the modify function in the Payflow Recurring Billing Service user's guide

27 April 2020

  • Added the following note throughout the guide:

    Since Payflow is operating out of multiple data centers we highly suggest that all API calls are done using the host URLs above. Should you hard code the IP addresses to send transactions via the Payflow API, PayPal cannot be responsible should your transactions fail should a data center be offline due to any issues or any scheduled maintenances.

  • Removed references to CyberCash - now deprecated.

28 December 2019

  • Updated definition of 'RESULT' 170 to better reflect that it is now used for general fraudulent activity not just carding.
  • Added note under Submit Inquiry Transactions that the secure token has a limited life span.
  • Added-updated two new 'RESULT' codes, 38-Recurring profile deactivated and 151-Issuing bank unavailable.

21 October 2019

  • Added Card on File (Stored Credentials) section.
  • Added information about Online Refunds to the Submit Credit Transaction section.
  • Elavon: Removed COMMCARD and fixed length of PONUM.
  • Chase Paymentech: Added HSA/FSA test cards.
  • Added new section called 3D Secure and added 3rd-Party Merchant Plug-ins.
  • TeleCheck: Fixed examples to include CHKTYPE as it is a required parameter.
  • Removed references to SecureNet, Global Payments Central, American Express APAC, CitiBank Singapore and Planet Payment as these processors are no longer available.
  • Changed Global Payments East to Global Payments.
  • Changed Cielo Payments back to Merchant e-Solutions.

18 September 2019

  • Reorganized the guide into separate topics rather than a single HTML page for easier navigation and maintenance.

18 May 2017

  • The update on 26 October 2016 added additional Mastercard test credit card numbers to the credit card numbers for testing section. Merchants are required to update their websites to accept the new Mastercard BIN ranges of 222100 to 272099. Please see Mastercard for more information on the new range.

26 Apr 2017

27 Feb 2017

26 Oct 2016

Note: See the 18 May 2017 update for additional information on required changes for supporting new Mastercard BINs.

10 Dec 2015

10 Nov 2015

  • Corrected the names of the following parameters in the guide: VATAXAMT and VATAXPERCENT. Also, noted that the following fields should not contain more than two decimal places: ADDLAMTn, ALTTAXAMT, ALTERNATETAXAMT, LOCALTAXAMT, NATIONALTAXAMT and VATAXAMT.

15 Jun 2015

  • Noted that MODE parameter is now deprecated.

23 Apr 2015

05 Apr 2015

  • Clarified the format and uses of the PNREF response parameter.

30 Dec 2014

  • Corrected the merchant soft descriptor fields supported by the PayPal processor. Use the MERCHDESCR and MERCHANTCITY fields to pass merchant name and contact information for sale and authorization transactions. This information is displayed on the account holder's statement. See the PayPal Credit Card Transaction Request Parameters section for details.

10 Dec 2014

20 Nov 2014

5 Nov 2014

15 Oct 2014

  • Clarified that the Payflow Gateway does not charge any fees for account verifications (zero amount authorizations); however, the merchant's processor, including PayPal as a merchant bank, may charge a fee for account verifications. For information on whether transaction fees are charged for the various Payflow credit card transaction types, see Credit Card Features.

19 Sep 2014

7 Aug 2014

17 June 2014

06 Mar 2014

  • Expanded support for the HOSTCODE and EXTRSPMSG response fields for the WorldPay processor. (HOSTCODE and EXTRSPMSG return the processor's error code and message respectively.)

28 Feb 2014

  • Added the Planet Payment processor, which supports Multi-Currency Pricing (MCP).
  • Added a new transaction type, supported by Planet Payment only, for currency conversion rate lookups. See Submit Rate Lookups.

18 Feb 2014

07 Jan 2014

21 Nov 2013

08 Nov 2013

31 Oct 2013

20 Sep 2013

19 Jul 2013

  • Removed the ACCTTYPE parameter from this guide.

11 Jul 2013

15 Jun 2013

25 Apr 2013

22 Feb 2013

28 Jan 2013

28 Dec 2012

11 Dec 2012

04 Oct 2012

29 Aug 2012

31 July 2012

23 July 2012

16 July 2012

June 2012

  • Added the Who Should Use This Document section to the Preface.
  • In the Integrating the Secure Token Without the Hosted Checkout Pages: Transparent Redirect section, corrected the value of SILENTTRAN to True.
  • Added the Silent Posts section to the Hosted Checkout Pages chapter.
  • Removed the legacy parameter CORPCOUNTRY from Country Codes.

May 2012

  • Added new sections to the Testing Transactions chapter: Testing Address Verification Service and Testing Card Security Code
  • Added PayPal Acquirer chapter: Contains links to PayPal API Ref country and currency codes

April 2012

  • Added new transaction type: Balance Inquiry(TRXTYPE=B) can be used to obtain the balance of a pre-paid card.
  • Updated TeleCheck chapter: Updated MICR values in Testing TeleCheck Transactions section
  • Added TeleCheck Adjustment Response Code Values table
  • Updated parameters and examples: Added a description for the response parameters HOSTCODE, RESPTEXT, PROCCARDSECURE, ADDLMSGS and an explanation on how to use these parameters to obtain the processor's raw response codes and response messages.
  • Changed the Litle parameters STREET2,STREET3 to BILLTOSTREET2, BILLTOSTREET3.
  • Corrected the description of MERCHSVC parameter for FISERV North, Heartland, Litle, Merchant e-Solutions, Paymentech Salem.
  • Updated the examples and removed legacy parameters to include: FIRSTNAME, LASTNAME, STREET, CITY, STATE, ZIP, COUNTRY.
  • Updated processor and entity names: Vantiv, previously known as Fifth Third Processing Solutions
  • PayPal Australia, previously known as FISERV Australia

January 2012

Added new processors

  • First Third International
  • Heartland Payment Systems
  • Planet Payment
  • SecureNet
  • TeleCheck
  • WorldPay

Added new transaction types

  • TRXTYPE=L can be used to upload credit card data, easing PCI compliance. You can store the resulting PNREF locally for use in performing reference transactions.

Added request parameters

  • DOB

Added response parameters

  • DUPLICATE (response)
  • EXTRMSG (response)

Added concepts

  • Gateway Product Solutions: PayPal Payments Advanced, PayPal Payments Pro, Payflow Pro, Payflow Link
  • Transaction Flow
  • Transparent Redirect

February 2011

  • First publication.