Payflow Gateway Developer Guide and Reference

This guide is intended for developers integrating with PayPal Payments Pro, PayPal Payments Advanced, Payflow Pro or Payflow Link. See the Intended Audience section for further information.

Contents

Preface

This guide describes the data parameters for the Gateway payments solutions.

Scope

This guide is a reference to the payment card data parameters available for submitting transaction requests over the Payflow Gateway to multiple supported processors. It also covers the resulting response data parameters and errors.

The guide describes the requirements of an ever-growing list of processing platforms. Parameters in the guide are organized into various categories, which include a core set of request parameters supported by all processors, additional parameters unique to individual processors, and purchasing card parameters specialized to monitor credit card use in businesses. This guide also provides a section on response parameters and error codes.

Although this guide explains getting started with the SDK, setting up credit card processing, and testing your integration, this is not a tutorial on integration. Refer to the PayPal Developer website and the NVP/SOAP APIs - Payflow Gateway SDK for detailed working examples and use cases.

For additional information on Payflow payments solutions:

Intended Audience

This guide provides Payflow Gateway payments solutions to readers who:

  • are web or application developers
  • have a background in payments services

Who Should Use This Document

This comprehensive developer guide includes integration information for multiple Payflow solutions.

Note: Legacy Payflow Link features are not included in this guide. For legacy Payflow Link features refer to the Payflow Link User's Guide.

Additionally, all Payflow features explained in this guide are not necessarily available to every Payflow customer. This section will help you determine whether you should use this document and which sections of the document are relevant to you.

To view the Payflow solutions available to you, log in to PayPal Manager. PayPal Manager displays your Payflow Services in the Service Summary box.

Payflow Link merchants can choose PayPal or another merchant bank to process their transactions via the Payflow Gateway.

a) Legacy Payflow Link merchants see the following in the Service Summary box in PayPal Manager:

Payflow Link

If you are a legacy Payflow Link merchant, do not use this guide; instead, use the Payflow Link User's Guide.

b) New Payflow Link merchants see the following in the Service Summary box in PayPal Manager:

Hosted Checkout Pages & Payflow SDK/API (Limited Access).

If PayPal Payments Advanced is also listed, you are not a Payflow Link customer.

Use this guide if you are a new Payflow Link merchant who uses the Secure Token or API.

Use the Payflow Link User's Guide if you are a new Payflow Link merchant who uses the legacy Payflow Link input tag integration.

*Limited API Access means you can perform all API functions except for Sales and Authorization transactions. For Sales and Authorization type transactions you must use the Hosted Checkout Pages.

Payflow Pro

Payflow Pro merchants can choose PayPal or another merchant bank to process their transactions via the Gateway.

a) Legacy Payflow Pro merchants see the following in the Service Summary box in PayPal Manager:

Payflow Pro

Legacy Payflow Pro merchants should use this guide; however, these merchants can only use the API integration and do not have the Hosted Checkout Pages service. If you are a legacy Payflow Pro merchant, skip the section on Configuring Hosted Checkout Pages.

b) New Payflow Pro merchants can take advantage of all of the Gateway features including Hosted Checkout Pages. These merchants can see the following in the Service Summary box in PayPal Manager:

Hosted Checkout Pages & Payflow SDK/API (Full Access)

PayPal Payments Advanced

Transactions submitted by PayPal Payments Advanced merchants are processed through the Gateway with PayPal acting as the merchant bank. PayPal Payments Advanced merchants can see the following in the Service Summary box in PayPal Manager:

PayPal Payments Advanced with Hosted Checkout Pages & Payflow SDK/API (Limited Access)

Limited API Access means you can perform all API functions except for Sales and Authorization transactions. For Sales and Authorization type transactions you must use Hosted Checkout Pages.

PayPal Payments Pro

Transactions submitted by PayPal Payments Pro merchants are processed through the Gateway with PayPal acting as the merchant bank. PayPal Payments Pro merchants can use all of the Gateway features supported by PayPal. These merchants can see the following in the Service Summary box in PayPal Manager:

PayPal Payments Pro with Hosted Checkout Pages & Payflow SDK/API (Full Access)

Revision History

Revision History for the Payflow Gateway Developer Guide and Reference:

26 Oct 2016
10 Dec 2015
10 Nov 2015
  • Corrected the names of the following parameters in the guide: VATAXAMT and VATAXPERCENT. Also, noted that the following fields should not contain more than two decimal places: ADDLAMTn, ALTTAXAMT, ALTERNATETAXAMT, LOCALTAXAMT, NATIONALTAXAMT and VATAXAMT.
15 Jun 2015
  • Noted that MODE parameter is now deprecated.
23 Apr 2015
05 Apr 2015
  • Clarified the format and uses of the PNREF response parameter.
30 Dec 2014
  • Corrected the merchant soft descriptor fields supported by the PayPal processor. Use the MERCHDESCR and MERCHANTCITY fields to pass merchant name and contact information for sale and authorization transactions. This information is displayed on the account holder's statement. See the PayPal Credit Card Transaction Request Parameters section for details.
10 Dec 2014
20 Nov 2014
5 Nov 2014
15 Oct 2014
  • Clarified that the Payflow Gateway does not charge any fees for Account Verfications (zero amount authorizations); however, the merchant's processor, including PayPal as a merchant bank, may charge a fee for account verifications. For information on whether transaction fees are charged for the various Payflow credit card transaction types, see Credit Card Features.
19 Sep 2014
7 Aug 2014
17 June 2014
06 Mar 2014
  • Expanded support for the HOSTCODE and EXTRSPMSG response fields for the WorldPay processor. (HOSTCODE and EXTRSPMSG return the processor's error code and message respectively.)
28 Feb 2014
  • Added the Planet Payment processor, which supports Multi-Currency Pricing (MCP).
  • Added a new transaction type, supported by Planet Payment only, for currency conversion rate lookups. See Submitting Rate Lookups.
18 Feb 2014
07 Jan 2014
21 Nov 2013
08 Nov 2013
31 Oct 2013
20 Sep 2013
19 Jul 2013
  • Removed the ACCTTYPE parameter from this guide.
11 Jul 2013
15 Jun 2013
25 Apr 2013
22 Feb 2013
28 Jan 2013
28 Dec 2012
11 Dec 2012
04 Oct 2012
29 Aug 2012
31 July 2012
23 July 2012
16 July 2012
June 2012
  • Added the Who Should Use This Document section to the Preface.
  • In the Integrating the Secure Token Without the Hosted Checkout Pages: Transparent Redirect section, corrected the value of SILENTTRAN to True.
  • Added the Silent Posts section to the Hosted Checkout Pages chapter.
  • Removed the legacy parameter CORPCOUNTRY from Country Codes.
May 2012
  • Added new sections to the Testing Transactions chapter: Testing Address Verification ServiceTesting Card Security Code
  • Added PayPal Acquirer chapter: Contains links to PayPal API Ref country and currency codes
April 2012
  • Added new transaction type: Balance Inquiry(TRXTYPE=B) can be used to obtain the balance of a pre-paid card.
  • Updated TeleCheck chapter: Updated MICR values in Testing TeleCheck Transactions section
  • Added TeleCheck Adjustment Response Code Values table
  • Updated parameters and examples: Added a description for the response parametersHOSTCODE, RESPTEXT, PROCCARDSECURE, ADDLMSGS and an explanation on how to use these parameters to obtain the processor's raw response codes and response messages.
  • Changed the Litle parametersSTREET2,STREET3 toBILLTOSTREET2, BILLTOSTREET3.
  • Corrected the description of MERCHSVC parameter for FDMS North, Heartland, Litle, Merchant e-Solutions, Paymentech Salem.
  • Updated the examples and removed legacy parameters to include: FIRSTNAME, LASTNAME, STREET, CITY, STATE, ZIP, COUNTRY.
  • Updated processor and entity names: Vantiv, previously known as Fifth Third Processing Solutions
  • PayPal Australia, previously known as First Data Australia
January 2012

Added new processors:

  • First Third International
  • Heartland Payment Systems
  • Planet Payment
  • SecureNet
  • TeleCheck
  • WorldPay

Added new transaction types:

  • TRXTYPE=L can be used to upload credit card data, easing PCI compliance. You can store the resulting PNREF locally for use in performing reference transactions.

Added request parameters:

  • ADDLAMTn
  • ADDLAMTTYPEn
  • AUTHDATE
  • CATTYPE
  • CONTACTLESS
  • CUSTDATA
  • CUSTOMERID
  • CUSTOMERNUMBER
  • DISCOUNT
  • DUTYAMT
  • DLNAME
  • DLNUM
  • DOB
  • L_ALTTAXAMTn
  • L_ALTTAXIDn
  • L_ALTTAXRATEn
  • L_CARRIERSERVICELEVELCODEn
  • L_COMMCODEn
  • L_EXTAMTn
  • L_PRODCODEn
  • L_TAXTYPEn
  • ORDERID
  • MERCHANTDESCR
  • MERCHANTINVNUM
  • MERCHANTNAME
  • MERCHANTURL
  • MERCHANTVATNUM
  • MERCHANTZIP
  • MISCDATA
  • REPORTGROUP
  • SILENTTRAN
  • STREET3
  • VATINVNUM
  • VATAXAMT
  • VATAXRATE

Added response parameters:

  • DUPLICATE (response)
  • EXTRMSG (response)

Added concepts:

  • Gateway Product Solutions: PayPal Payments Advanced, PayPal Payments Pro, Payflow Pro, Payflow Link
  • Transaction Flow
  • Transparent Redirect
February 2011
  • First publication.

table of contents


Introducing the Gateway Checkout Solutions

The Gateway provides checkout solutions for novice and advanced use. It provides merchants with a rich set of options to handle payment transactions.

About the Gateway Checkout Solutions

Gateway checkout consists of the following solutions:

  • Payflow Link
  • Payflow Pro
  • PayPal Payments Advanced
  • PayPal Payments Pro

Summary of the Gateway Checkout Solutions

This is a basic comparison of the Gateway checkout solutions:

  • Payflow Link uses hosted checkout pages to send transactions to a supported processor. Merchants can use the Payflow SDK APIs to perform all transactions except authorization and sale transactions. By using hosted pages with a secure token, the merchant adheres to compliance rules for handling customer data in a secure way: data is stored on PayPal so that it is not exposed to compromise.

  • Payflow Pro can send transactions to a number of different supported processors, requirements for which are described in this documentation. Merchants select a supported processor and obtain an acquiring bank. Typically merchants integrate with, and have full access to, the Payflow SDK or use HTTPS to send transactions to the processor. Using hosted pages is an option.

  • PayPal Payments Advanced uses web pages hosted by PayPal (also known as* hosted checkout pages*) to send transactions to the PayPal processor. With PayPal Payments Advanced, PayPal is the acquiring bank. By using hosted checkout pages with a secure token, the merchant adheres to compliance rules for handling customer data in a secure way: data is stored on PayPal so that it is not exposed to compromise.

  • Like PayPal Payments Advanced, PayPal Payments Pro sends transactions to the PayPal processor and PayPal is the acquiring bank. Using hosted checkout pages is an option. Typically merchants integrate with the Payflow SDK or use HTTPS to send transactions to the PayPal processor.

Note: PayPal strongly recommends that all users of Gateway checkout solutions take advantage of the secure token and the hosted checkout pages. Doing so provides automatic compliance with processing card industry (PCI) standards for protecting cardholder data.

Gateway Product Details

This table compares how the different Gateway checkout solutions support payment processing features.

Feature PayPal Payments Advanced Payflow Link PayPal Payments Pro Payflow Pro
Hosted checkout page (including an iFrame version) Yes Yes
PayPal payments Included Optional
PayPal Credit® payments, formerly Bill Me Later® (Available to US merchants only on Hosted checkout pages.) Included Optional
PayPal branding on full page templates Yes Optional
Transparent Redirect No Yes
Supports PayPal as a processor and an acquirer Yes Yes
Credit and debit cards Yes Yes
Level 2 and Level 3 purchase cards Yes Yes
TeleCheck (guaranteed electronic checks) No Yes
ACH (electronic checks) No Yes
Virtual Terminal support, including card-present data passage Yes Yes
Virtual Terminal Payflow Link only Yes
API Limited access (Authorization and Sale API calls not permitted) Full access
Reference transactions (Tokenization) Yes Yes
Secure token to preset hosted checkout page Yes Yes
Reporting APIs Yes Yes
Desktop integration Yes Yes
Recurring billing Yes Yes
Basic fraud protection Yes Yes
Advanced fraud protection Yes Yes
Partner/channel distribution support (Partner Manager, registration, XML registration) resale and referral Yes Yes

About the Gateway Transaction Flow

The traditional transaction flow is as follows. Numbers correspond to numbers in the figure.

  1. At your website, the customer clicks Buy to purchase merchandise.
  2. You send the transaction request to the Gateway server.
  3. The Gateway sends the transaction to the payment processing network.
  4. Your processor sends the response back to the Gateway server and processes the transaction (obtains the payment from the customer bank and deposits it in the merchant bank).
  5. The Gateway server returns the response to your website.
  6. Your website displays the result to the customer.

You can use the core transaction parameters supported by all Gateway processors described in this documentation to send transaction data to your processor. In addition:

  • Each Gateway processor may support various additional parameters beyond the core set that you can send in transaction requests.
  • Your processor may also support purchasing cards (credit cards employers issue for business-related charges). Purchasing card Level 2 and Level 3 parameters provide specialized reporting so an employer can monitor card use. The parameter information may appear on the customer's statement or describe line items in greater detail. Be sure to check for your processor's Level 2 and 3 parameters in this documentation.

These parameters are listed alphabetically by processor name.

About Security

It is your responsibility to adhere to PCI compliance standards to protect personal information and implement security safeguards on your website when processing payment card transactions.

Gateway solutions make available a secure token and hosted checkout pages to help you meet PCI compliance. Hosted pages are optional to PayPal Payments Pro and Payflow Pro users. If you do not use a secure token or hosted pages, you must provide your own means of meeting compliance requirements.

Note: PayPal Payments Advanced and Payflow Link merchants are required to use hosted pages.

The Secure Token

The secure token stores request transaction data on the Gateway server. This eliminates the need to resend the parameter data for display in a hosted checkout page where the data might be subject to compromise.

Hosted Checkout Pages

The Gateway enables the use of hosted checkout pages, which help you achieve PCI compliance. The hosted checkout pages enable you to pass transaction data securely to the server and to collect credit card acceptance data.

Note: You are required to use hosted pages with PayPal Payments Advanced and Payflow Link.

The following figure shows the transaction flow when using hosted pages and a secure token.

Figure legend:

  1. The customer clicks Buy to purchase merchandise on your website.
  2. You request a secure token by passing a token ID to the Gateway server.
  3. The Gateway server returns the secure token and your token ID to your website.
  4. You submit the secure token and token ID in an HTTP post to pages hosted on the Gateway server and redirect the customer's browser to the hosted pages.
  5. The Gateway server uses the secure token to retrieve the amount and other transaction data. The customer submits their credit card number, expiration date, and other sensitive data directly to the host pages rather than to your website, easing your PCI compliance requirements.
  6. The Gateway processes the payment through the payment processing network.
  7. The Gateway server transparently returns the customer to the location on your website that you specified in the request to obtain a secure token. You display the results to the customer on your website.

Note: If you do not get a response from the Gateway server, submit an Inquiry transaction, passing in the secure token to see if the transaction has completed. For details, see Submitting Inquiry Transactions.

PCI Compliance Without Hosted Pages - Transparent Redirect

PayPal Payments Pro and Payflow Pro merchants who want PCI compliance while maintaining full control over designing and hosting checkout pages on their website can use Transparent Redirect. Transparent Redirect posts payment details silently to the Gateway server, so this sensitive information never goes through the merchant's website.

Implementing Transparent Redirect is very similar to implementing hosted pages. It differs only in the steps shown in boldface below:

  • The customer clicks Buy to purchase merchandise on your website.

  • You request a secure token by passing a secure token ID to the Gateway server. In the request, you pass the name-value pair, SILENTTRAN=TRUE. This name-value pair prevents the hosted pages from displaying.

  • The Gateway server returns the secure token and your token ID to your website.

  • You display the credit card fields to the customer in a checkout page on your website.

  • The customer enters their credit card number, expiration date, and other sensitive data into the credit card fields and clicks Submit. The browser posts the payment data directly to the Gateway server, avoiding your website and easing your PCI compliance requirements.

    Note: To ensure that the post goes from the browser directly to PayPal and not back to your website, you should add scripting.

  • The Gateway processes the payment through the payment processing network.

  • The Gateway server transparently sends the customer to the location on your website that you specified in the request to obtain a secure token. You display the results to the customer on your website.

The PayPal Manager Website

Payflow merchants can manage their Payflow account settings, view reports, and perform transactional processing on the Payflow Manager website: https://manager.paypal.com/.

For assistance with using the Payflow Manager website, refer to the online help.

Note: PayPal Payments Advanced and PayPal Payments Pro merchants should also use the Payflow Manager website (https://manager.paypal.com/) to perform transactional processing functions instead of the main paypal.com website. However, the main paypal.com website can be used to process chargebacks or other non-transactional items.

Processing Platforms Supporting Card-Present Transactions

The following processing platforms support card-present transactions.

For instructions on setting up or changing your processor, see the Processor Setup Guide PDF.

Note: PayPal Australia (FDRA) merchants with a 12-digit merchant ID, can contact Payflow support to request a 16-digit merchant ID.

  • American Express
  • American Express APAC
  • Elavon
  • First Data Merchant Services (FDMS) Nashville
  • First Data Merchant Services (FDMS) North
  • First Data Merchant Services (FDMS) South
  • Global Payments Central
  • Global Payments East
  • Heartland Payment Systems
  • Litle
  • Merchant e-Solutions
  • Moneris Solutions
  • Paymentech Salem
  • Paymentech Tampa
  • PayPal
  • Planet Payment
  • SecureNet
  • TeleCheck
  • TSYS Acquiring Solutions
  • Vantiv
  • WorldPay

Supported Payment Types

  • Credit cards
  • PayPal (supported by PayPal's Express Checkout product)
  • Pinless debit cards
  • Electronic checks
  • Check cards
  • Purchasing cards (also referred to as commercial cards, corporate cards, procurement cards, or business cards) Level 2 and Level 3
  • Automated Clearing House (ACH). For information on performing ACH transactions, contact your PayPal Sales Representative.

Supported Languages

The Payflow Gateway only supports customer input and API parameter values that are in regular ASCII (English language) characters. Payflow does not support extended ASCII characters or any other character sets other than regular ASCII at this time. Additionally, the Payflow hosted checkout pages and PayPal manager account settings pages are available in English only. For information on a similar PayPal product that offers multi-lingual support, see Website Payments Pro Hosted Solution.

Recurring Billing Service

The Recurring Billing Service is a scheduled payment solution that enables you to automatically bill your customers at regular intervals--for example, you can bill your customers a monthly fee of $42 for 36 months with an initial fee of $129.

You enroll separately for the Recurring Billing Service. You can learn about the Recurring Billing Service in the Payflow Recurring Billing Service user's guide. If you already have this service - this user guide will show you how to define and manage recurring transactions programmatically. You can also manage Recurring Billing tasks in PayPal Manager.

Fraud Protection Services

Fraud Protection Services can help you significantly reduce the cost of fraud and the resulting damage to your business. This service uses Fraud Protection filters to identify stolen or false credit card information, letting you decide whether to accept or reject the suspicious transaction. Fraud Protection Services can also minimize the risk of hacking your customer database by enabling you to place powerful constraints on access to and use of your PayPal Manager and Payflow Gateway accounts.

You enroll separately for Fraud Protection Services. You can learn more about Fraud Protection Services in the Payflow Fraud Protection Services User's Guide. If you already have this service - this user guide will show you how to set up Fraud Protection filters. You can also manage some aspects of your Fraud Protection Services in PayPal Manager.

table of contents


Secure Token

This section describes the secure token.

Important: Use only the Payflow parameters described in this guide with the Secure Token. If you are using the legacy Payflow Link HTML input tag integration, refer to the Payflow Link User's Guide for information on legacy Payflow Link features supported by your integration.

About the Secure Token

Use a secure token to send non-credit card transaction data to the Gateway server for safer storage. The secure token prevents anyone from intercepting or manipulating the data. You must use a secure token if you use hosted checkout pages. The token is good for a one-time transaction and is valid for 30 minutes.

Note: PayPal Payments Pro and Payflow Pro merchants who do not use a secure token must host their own payment pages. When hosting your own pages, you are responsible for meeting PCI requirements by handling data securely. PayPal Payments Advanced and Payflow Link merchants must use a secure token with hosted checkout pages.

To obtain a secure token, pass a unique, 36-character secure token ID and set CREATESECURETOKEN=Y in a request to the Gateway server. The Gateway server associates your ID with a secure token and returns the token as a string of up to 32 alphanumeric characters.

To pass the transaction data to the hosted checkout page, you pass the secure token and secure token ID in an HTTP form post. The token and ID trigger the Gateway server to retrieve your data and display it for customer approval.

Note: You cannot modify the data sent with a secure token, with one exception. You can configure PayPal Manager to allow you to modify billing and shipping information.

Integrating the Secure Token With the Hosted Checkout Pages

To create a secure token, pass all parameters that you need to process the transaction except for payment details parameters such as the credit card number, expiration date, and check number. For details on transaction parameters, see Submitting Credit Card Transactions. In addition, pass the following Payflow parameters to create the secure token.

Note: The secure token is valid for 30 minutes, and you can only use it one time. If you attempt to use the token after the time limit has expired, your transaction will fail with Result value 7, "Secure Token Expired." If you attempt to reuse the token, you receive an error.

Set SECURETOKENID to a unique alphanumeric value up to 36 characters in length.

SECURETOKENID=9a9ea8208de1413abc3d60c86cb1f4c5

Set CREATESECURETOKEN to the value Y to request that Payflow gateway return a token.

CREATESECURETOKEN=Y

Secure Token Example

The following is an example of a request parameter string that creates a secure token.

TRXTYPE=A&BILLTOSTREET=123 Main St.&BILLTOZIP=95131&AMT=23.45&CURRENCY=USD&INVNUM=INV12345
&PONUM=PO9876&CREATESECURETOKEN=Y&SECURETOKENID=9a9ea8208de1413abc3d60c86cb1f4c5

The Gateway server returns SECURETOKEN and SECURETOKENID in the response. A tag follows the SECURETOKEN to indicate the length of the token value returned.

RESULT=0&RESPMSG=Approved&SECURETOKEN[25]=Fj+1AFUWft0+I0CUFOKh5WA==
&SECURETOKENID=9a9ea8208de1413abc3d60c86cb1f4c5

Integrating the Secure Token Without the Hosted Checkout Pages - Transparent Redirect

To use your own checkout pages while complying with PCI guidelines (sending the customer's sensitive data directly to the Gateway server), pass all parameters that you need to process the transaction except for sensitive payment details such as the credit card number, expiration date, and check number. For details on sending transactions, see Submitting Credit Card Transactions.

In addition, pass the following 3 Payflow parameters in your request. The first 2 parameters obtain a secure token. The third parameter implements Transparent Redirect, which suppresses hosted pages.

Note: The secure token is valid for 30 minutes, and you can only use it one time. If you attempt to use the token after the time limit has expired, your transaction will fail with Result value 7, "Secure Token Expired." If you attempt to reuse the token, you receive an error.

Set SECURETOKENID to a unique alphanumeric value up to 36 characters in length.

SECURETOKENID=9a9ea8208de1413abc3d60c86cb1f4c5

Set CREATESECURETOKEN to the value Y to request that the Gateway server return a token.

CREATESECURETOKEN=Y

Set SILENTTRAN to the value TRUE to suppress the display of hosted pages.

SILENTTRAN=TRUE

Transparent Redirect Example

The following is an example of an authorization parameter string that suppresses hosted pages.

TRXTYPE=A&BILLTOSTREET=123 Main St.&BILLTOZIP=95131&AMT=24.35&INVNUM=INV12345&PONUM=PO12345&CURRENCY=USD
&CREATESECURETOKEN=Y&SECURETOKENID=9a9ea8208de1413abc3d60c86cb1f4c5&SILENTTRAN=TRUE

The Gateway server returns a SECURETOKEN and SECURETOKENID in the response. A tag follows the SECURETOKEN to indicate the length of the token value returned.

RESULT=0&RESPMSG=Approved&SECURETOKEN[25]=Fj+1AFUWft0+I0CUFOKh5WA==
&SECURETOKENID=9a9ea8208de1413abc3d60c86cb1f4c5

When the customer enters their sensitive data into the credit card fields on your website and clicks Submit, the browser posts the data to the Gateway server rather than to your website.

Note: It is highly recommended that you add scripting to ensure the browser posts the sensitive data directly to the PayPal Gateway server rather than to your website.

If you are using the PARMLIST parameter with the Transparent Redirect, see Using the PARMLIST Parameter for more information.

Secure Token Errors

A successful Payflow transaction will return RESULT=0 in the response. If your Secure Token transaction is unsuccessful, you can pass the token 2 more times to Payflow before the token expires.

A Payflow Secure Token will expire:

  • If the same Secure Token is passed to Payflow a total of 3 times.
  • 30 minutes after the Secure Token was generated.
  • When the token is used in a successful transaction.

If you receive one of the following error codes in the RESULT response parameter, then your Secure Token has expired.

  • 160. Secure Token already been used. Indicates that the secure token has expired due to either a successful transaction or the token has been used three times while trying to successfully process a transaction. You must generate a new secure token.

  • 161. Transaction using secure token is already in progress. This could occur if a customer hits the submit button two or more times before the transaction completed.

  • 162. Secure Token Expired. The time limit of 30 minutes has expired and the token can no longer be used.

If you see a different error code in the RESULT parameter, refer to the RESULT Values and RESPMSG Text section for more information.

Posting to the Hosted Checkout Page

To display the transaction information to the Gateway hosted checkout page, you perform an HTTP form post.

Direct the HTTP post to the Gateway applications server at the following URL.

https://payflowlink.paypal.com

Send the following parameter data:

  • SECURETOKEN returned in the transaction response
  • SECURETOKENID

HTTP Form Post Examples

The following is an example request string that displays the transaction information to the hosted checkout page.

<html>
 <head>
  <title>PageTitle</title>
 </head>
 <body>
  <form method="post" action="https://payflowlink.paypal.com">
   <input type=hidden value="Fj+1AFUWft0+I0CUFOKh5WA==" name=SECURETOKEN/>
   <input type=hidden value="9a9ea8208de1413abc3d60c86cb1f4c5" name=SECURETOKENID/>
  </form>
 </body>
</html>

For more information on the Payflow parameters that are used to pass information to the Gateway hosted checkout pages, see Using a Secure Token to Pass Hosted Pages Customization Parameters.

The following example uses Payflow name-value pairs to pass values in a form post to the hosted checkout pages. For details on the name-value pair strings used in this example, see Sending a Simple Transaction to the Server.

<html>
 <head>
  <title>PageTitle</title>
 </head>
 <body>
  <form method="post" action="https://payflowlink.paypal.com">
   <input type="text" name="SECURETOKEN" value="FvwEnHTYRNUSVsZRlhFpudA=="/>
   <input type="text" name="SECURETOKENID" value="9a9ea8208de1413abc3d60c86cb1f4c5"/>
   <input type="hidden" name="PARMLIST" value="INVNUM[8]=INV123&AMT[5]=25.50&CURRENCY[3]=USD"/>
   <input type="submit"/>
  </form>
 </body>
</html>

table of contents


Configuring Hosted Checkout Pages

This chapter describes the following:

PayPal enables you to customize the hosted checkout pages so that they reflect the look and feel of your website. In doing so, the buyer seamlessly transitions from your website to the PayPal hosted checkout pages to make the payment and complete the transaction. Since the pages are hosted on PayPal servers, you do not have to capture or store credit card information on your website, thereby helping towards achieving PCI compliance. PayPal's hosted checkout pages are optimized for supported desktop and mobile browsers.

Note: The Payflow Gateway implementation helps to achieve PCI compliance but does not necessarily guarantee it.

There are two ways to configure hosted checkout pages:

Configuring Hosted Pages Using PayPal Manager

You can specify the content of your hosted checkout pages and configure their appearance to reflect the look and feel of your website. To do so, log into PayPal Manager and click on the Service Settings tab. In the Hosted Checkout Pages section, you have the following options:

Setup

The Setup page in PayPal Manager enables you to select the information you want to collect from buyers and what you want displayed on your hosted checkout pages. This includes selecting the billing and the shipping information fields, the payment confirmation page settings, the confirmation email details, security options and other settings.

You can perform tasks such as:

  • Configure your PayPal Express Checkout display and specify email addresses for live and test transactions.

  • Determine the cancel URL and the text of the link the buyer clicks on to cancel the payment on your website. The cancel URL is the page to which PayPal redirects the buyer's browser if the buyer does not approve the payment.

    Note: Payflow will ignore the cancel URL field that you entered in PayPal Manager if you select layout template C. To force Payflow to use the cancel URL field with layout template C, in PayPal Manager, add DISPLAY_URL | before your cancel URL. Example: DISPLAY_URL | http://www.yoursite.com/home.php

  • Select the billing and shipping information fields the buyer will be required to complete during checkout.

  • Choose to display a PayPal hosted payment confirmation page or host your own confirmation page on your website. You can also specify the paypal hosted confirmation page header and footer text and the URL and text for the return link. Additionally, you can choose to enable the silent post feature.

  • Opt to send email receipts to the buyer for each successful transaction.

For complete details on these settings, click the Help button on the Setup page. To quickly get started with your hosted pages, go to the Hosted Pages Getting Started Guide on the PayPal developer portal. For more information on the Silent Post feature, see Silent Posts.

Customize

The Customize page allows you to customize the layout and appearance of your hosted checkout page. You can customize the header, background, payment method section and the order summary column of your payment page. PayPal offers three design layouts for you to choose from. Layout A is the default layout but you can choose any of the three layouts offered (Layouts A, B and C).

On the Customize page, you can either change the design of your existing layout, or select and customize a different layout. To make changes, double-click on the section of the template you are trying to modify or the corresponding Click to Edit button for that section. In the pop-up that appears, click the color selector to change the color, or enter the appropriate URL. The customization options vary for the different Layouts. These options are described in greater detail in the next section: Customizing Your Layout.

After making the changes, click one of the following buttons:

  • Preview - Preview the changes you have made to your layout before saving and publishing it
  • Save and Publish - Save all the changes you have made and publish the updated layout. Your buyers will see the updated payment page.
  • Cancel - Discard all the changes you have made in this session.
  • Undo Changes - Discard all changes you have made since the last time you saved the layout. Your buyers will see the last saved layout.

Note: You must make all modifications (including changing layouts) within the same session, otherwise all changes will be lost and you will have to redo your changes. If the session times out, the design of the layout will remain at the version that was last published.

Note: Payflow will ignore the cancel URL field that you entered in PayPal Manager if you select layout template C. To force Payflow to use the cancel URL field with layout template C, in PayPal Manager, add DISPLAY_URL | before your cancel URL. Example: DISPLAY_URL | http://www.yoursite.com/home.php

Customizing Your Layout You can customize the appearance of the Layout template that you selected on the customize page. These customizations apply mostly to Layouts A and B. Layout C is embedded on a page you host in an iFrame. So for Layout C, you already control the appearance of the page.

Note: These customizations are not applied to the mobile version of the hosted checkout pages.

  • Header (Applicable to Layouts A and B) - You can change the following:
    • Header height (Applicable to Layouts A and B)
    • Header background color (Applicable to Layout B only)
    • Header font type, size (Applicable to Layouts A and B)
    • Header font color (Applicable to Layout B only)
    • Swap between displaying the business name or the business logo image
    • Edit business name in the header (Applicable to Layouts A and B)
    • Position of the business name or the logo within the header (left, centered, right) (Applicable to Layouts A and B)
  • Page Background (Applicable to Layout B only) - You can change the following:
    • Background color
    • Footer text color
    • Upload a background image - .jpg, .jpeg, .gif, or .png. The maximum allowable image size is 100kb.
    • Repeat image option
  • Payment Method Section (Applicable to Layouts B and C) - You can change the following:
    • Text color of the section title (Applicable to Layout B only)
    • Subheader text color (Applicable to Layouts B and C)
    • Color of other text in this section (Applicable to Layout B only)
    • Section border color (Applicable to Layouts B and C)
    • Button color and button text color (Applicable to Layouts B and C)
  • Order Summary Column (Applicable to Layout B only) - You can change the following:
    • Column background color
    • Upload a background image
    • Repeat image option

Integrate

See the Testing with the Payflow Gateway guide. This guide shows you how to set up a test account, configure a hosted checkout page, and submit a test transaction.

Additional Resources

The PayPal developer portal includes:

Using a Secure Token to Pass Hosted Pages Customization Parameters

Another way to configure your hosted checkout pages is to submit hosted checkout page configuration parameters to the Payflow Gateway in a form post. These parameters will override your hosted checkout page settings in PayPal Manager.

First, you will need to create a secure token. You then pass the secure token with the hosted pages configuration parameters. To learn how to create a secure token, see the Secure Token chapter.

The table below describes the form post parameters that you can use to dynamically configure the hosted checkout pages.

Setup Parameters

Variable Description
CANCELURL The URL that customers would go to if pressing a Cancel link from the hosted page (Layouts A and B only) and from the Express Checkout flow if the buyer chooses Express Checkout as their payment method. Maximum length: 512 characters.
CSCREQUIRED Determines if the card security code is required. Values: TRUE or FALSE
CSCEDIT Determines if the card security code is editable. Values: TRUE or FALSE
DISABLERECEIPT Determines if the payment confirmation / order receipt page is a PayPal hosted page or a page on the merchant site. For carts we recommend the carts host the order confirmation page. Values: TRUE or FALSE
EMAILCUSTOMER Send the buyer an email confirmation or not. Default value is FALSE.
ERRORURL The URL that customers are directed to if an error occurs. Maximum length: 512 characters.
RETURNURL The URL that customers are directed to after a transaction completes successfully. Maximum length: 512 characters.
SILENTPOSTURL The URL to which the Gateway will send Silent Post. Maximum length: 512 characters.
TEMPLATE Determines whether to use one of the two redirect templates (Layout A or B) or the embedded template (Layout C). For Layouts A or B pass: TEMPLATEA or TEMPLATEB. Layouts A & B auto-redirect to mobile-optimized pages if a supported mobile browser is detected. No action is required from the merchant for Layouts A & B. For Layout C, pass MOBILE for the mobile-optimized page or MINLAYOUT for the default Layout C embedded template.
URLMETHOD The technical method used to deliver the CANCELURL. The default is GET and cannot be changed without affecting the installed base, but this value will likely be changed to Post by most carts. Values: POST or GET

Customize Parameters

Variable Description
PAGECOLLAPSEBGCOLOR Sets the color of the border around the embedded template C. Example: PAGECOLLAPSEBGCOLOR=993300
PAGECOLLAPSETEXTCOLOR Sets the color of the words "Pay with PayPal" and "Pay with credit or debit card". Example: PAGECOLLAPSETEXTCOLOR=990000
PAGEBUTTONBGCOLOR Sets the color of the Pay Now / Submit button. Example: PAGEBUTTONBGCOLOR=AA66FF
PAGEBUTTONTEXTCOLOR Sets the color of the text on the Pay Now / Submit button. Example: PAGEBUTTONTEXTCOLOR=33FFFF
LABELTEXTCOLOR Sets the color of the text for "card number", "expiration date", .etc. Example: LABELTEXTCOLOR=330000

Other HTML Post Parameters

Variable Description
MODE

(Optional) Used in conjunction with secure token. It lets Payflow know that the secure token passed in is a live or test token. Values: LIVE/TEST. Default is LIVE.

Note: This parameter is *deprecated*. Instead of using this parameter to specify if you are passing a live or test secure token, post your form parameters to either https://payflowlink.paypal.com or to https://pilot-payflowlink.paypal.com. See the Host URL Addresses section for more information.

PARMLIST A HTTP Post parameter used with a secure token. PARMLIST takes a string of name-value pairs as its value. Payflow parses out these name-value pairs and uses them to run the transaction. PARMLIST is especially useful for merchants that already use this parameter with the Payflow SDK and want to use an existing name-value pair string. For more information, see the Using the PARMLIST Parameter section of this guide.
SECURETOKEN/SECURETOKENID Used with the secure token.
SHOWAMOUNT If you pass in $0 amount and TRXTYPE=A, then if SHOWAMOUNT=FALSE, Payflow will not display the amount in the order summary table.Values: TRUE/FALSE
SUBTOTAL Amount you pass to Payflow. It is displayed in the order summary section. This amount is only for display purposes and is not passed to the transaction servers.
VERBOSITY Additional values returned from the transaction response to the merchant in the Silent Post. By default, there is no verbosity set which means the standard set of values that Silent Post currently uses is returned. Passing in a verbosity will return the extra values that we get back in the transaction response.Value: HIGH
VERIFY Runs a $0 authorization transaction using the credit card information the buyer enters. If the $0 authorization is verified, then Payflow will immediately run the transaction for the amount and transaction type you pass to Payflow.Values: TRUE/FALSE

Using the PARMLIST Parameter

PARMLIST is a HTTP Post parameter used with a secure token to pass information to the Gateway hosted checkout pages. PARMLIST takes a string of name-value pairs as its value. Payflow parses out these name-value pairs and uses them to run the transaction. PARMLIST is especially useful for merchants that already use this parameter with the Payflow SDK and want to use an existing name-value pair string.

PARMLIST Example

<html>
 <head>
   <title>PageTitle</title>
 </head>
 <body>
  <form method="post" action="https://payflowlink.paypal.com">
   <input type="hidden" name="SECURETOKEN" value="Fj+1AFUWft0+IOCUFOKh5WA==" />
   <input type="hidden" name="SECURETOKENID" value="9a9ea8208de1413abc3d60c86cb1f4c5" />
   <input type="hidden" name="PARMLIST" value="INVNUM=INV1234&AMT=25.50&CURRENCY=USD &PONUM=PO12345" />
   </form>
 </body>
</html>

If you choose to use PARMLIST, then you can only pass the following 3 HTTP Post parameters to Payflow with PARMLIST: SECURETOKEN, and SECURETOKENID. If you try to pass in any other parameter (such as VERIFY=TRUE), then you will receive an error message.

Note: The MODE parameter is deprecated. If you are using a test secure token, instead of passing MODE=TEST, change the Form Action attribute value to the testing URL: https://pilot-payflowlink.paypal.com.

If you are using Transparent Redirect with PARMLIST, you must pass the credit card information (ACCT, EXPDATE and CSC) in the PARMLIST. For more information on Transparent Redirect, see Integrating the Secure Token Without the Hosted Checkout Pages - Transparent Redirect.

Hosted Pages and Mobile Browsers

In PayPal Manager you can select one of 3 hosted pages Layout templates: Layouts A and B (the redirect templates) or Layout C (the embedded template). Layout A is the default Layout.

You can also dynamically select your hosted pages Layout template using the form post TEMPLATE parameter. This will override your default Layout template set in PayPal Manager. Please see Using a Secure Token to Pass Hosted Pages Customization Parameters for more information on passing form post parameters to customize the checkout experience.

Mobile Optimized Checkout Pages

PayPal's hosted checkout pages are mobile optimized for iPhone, iPod and Android devices. This mobile optimized experience is available for all 3 Layout templates A, B and C. In the case of Layouts A and B, PayPal will auto-detect if the checkout page is being viewed from a supported mobile browser and will redirect to the mobile optimized checkout page. For Layout C, PayPal does not automatically redirect mobile users to a mobile optimized flow. The reason is that if PayPal automatically showed a mobile optimized embedded template, within a merchant web page that may not be mobile optimized, this can create unexpected and undesirable results. To display the mobile checkout page for Layout C, you must detect the supported mobile browser and then explicitly pass the form post parameter: TEMPLATE=MOBILE.

The TEMPLATE form post parameter
Layout TEMPLATE parameter value Behavior on a mobile device
Layout A TEMPLATE=TEMPLATEA Auto-redirects to mobile optimized page
Layout B TEMPLATE=TEMPLATEB Auto-redirects to mobile optimized page
Layout C TEMPLATE=MINLAYOUT (default)
TEMPLATE=MOBILE Use TEMPLATE=MINLAYOUT for your general online checkout. If you have a mobile optimized experience, explicitly pass TEMPLATE=MOBILE instead to show the mobile optimized page.

The mobile checkout pages are identical for all Layout templates: Layouts A, B and the mobile version of Layout C. Additionally, appearance customizations that you set in PayPal Manager or submit as form post parameters are not applied to the mobile pages. The figures below show the mobile optimized page flow for a PayPal payment and for a credit card payment:

Mobile page flow for a PayPal payment

Mobile page flow for a credit card payment

Silent Posts

Silent Post ensures that the transaction data is passed back to your website when a transaction is completed. The Silent Post feature uses the HTML Post method to return data to your server for both approved and declined transactions. This occurs even if a customer closes the browser before returning to your site, or if the PayPal-hosted payment confirmation page is disabled. Silent Post data is sent to your server at the same time as when a payment confirmation page is displayed or as soon as a transaction is declined.

This feature is configured through https://manager.paypal.com:

  • Go to Service Settings, then from the Hosted Checkout Pages section select Setup
  • On the Setup page, set Use Silent Post to Yes. Then enter the Silent Post URL on your server.

Note: To ensure that transactions proceed only if your script actually receives the data returned by the Silent Post, you must Force Silent Post Confirmation by checking Void transaction when my server fails to receive data sent by the silent post.

Force Silent Post Confirmation

The Force Silent Post Confirmation feature ensures that no transactions proceed unless your Web site receives the Silent Post data. If you enable this feature, Payflow Gateway sends the Silent Post data and waits for a 200 OK from your server (indicating the server's receipt of the data). If Payflow Gateway does not receive the success response, then the transaction is voided and the customer sees a communication error message. In this case, PayPal Manager displays both a transaction that succeeded and a transaction that was voided. To select this feature, be sure to check Void transaction when my server fails to receive data sent by the silent post when setting up Silent Posts in PayPal Manager.

Passing Other Data to Your Server Using Post or Silent Post

The USER1 through USER10 Payflow parameters are ten optional string type parameters intended to store your temporary data, such as variables, session IDs, order numbers, and so on. These parameters enable you to pass internal information to your server using the Post or Silent Post feature.

Note: USER1 through USER10 are not displayed to the customer and are not stored in the PayPal transaction database.

table of contents


Payflow SDK

The Payflow Software Development Kit (SDK) is a set of APIs to allow you to integrate the Gateway with your application or website. This section includes:

Note: Each SDK includes full API documentation.

Important: The Payflow SDK is available as a .NET or Java library. Using these SDKs is recommended to simplify integration. Alternately you can build your own API by posting transactions directly to the Gateway servers using HTTPS. See Posting Transactions Directly Without the Payflow SDK for more information.

Any reference to Payflow SDK or the API in this documentation is referred to simply as the Payflow SDK.

Preparing the Payflow Gateway Client Application

Unless you are building your own API and using HTTPS to post to the servers, you need to obtain the Payflow SDK. Follow these steps.

  • Download the Payflow SDK.
  • Extract the files to a local directory.
  • Configure your firewall.
    • If you have a stateful firewall, enable outbound traffic for HTTPS (port 443). The firewall keeps state on the connection, and automatically permits the inbound response from PayPal.
    • If you do not have a stateful firewall, enable inbound and outbound traffic for HTTPS (port 443). Outbound traffic permits the initial Gateway request, while inbound permits the response from PayPal.
  • Read the Readme.txt file.
    • The Readme.txt file includes integration information and samples that illustrate how to use the client application in your development environment.

Activating Your Payflow Gateway Account

When you are ready to activate your Gateway account to begin submitting live transactions, follow these steps:

  • Log in to PayPal Manager at https://manager.paypal.com
  • Click ActivateYour Account and follow the on-screen instructions.
  • Change the URL within your web or desktop application to point to the live Gateway server host addresses.

Host URL Addresses

Use the following host addresses for sending test and live transactions:

  • For live transactions, use https://payflowpro.paypal.com
  • For testing purposes, use https://pilot-payflowpro.paypal.com

Note: If you are using an older version of the SDK, you will notice that the live and testing URLs have changed. Be sure to use the URLs mentioned above and remove the "/transaction" from the end of the URL.

Testing Your PayPal Payments Advanced and PayPal Payments Pro Integration

If you have a PayPal Payments Advanced or a PayPal Payments Pro account and you would like to use the testing URL to test your integration, follow the steps outlined in this PayPal Knowledge Base article.

Note: If you would like to test a Payflow Express Checkout transaction, follow steps one through three outlined in the above-mentioned knowledge base article. In addition, be sure to do the following:

  • In the PayPal Sandbox, create a buyer account and add a positive balance to the account. See creating Sandbox accounts for more information.
  • Send all test transaction requests as POSTs to the Payflow testing host address: https://pilot-payflowpro.paypal.com.
  • Send Express Checkout redirects to: https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=EC-Token. You must be logged into the Sandbox before redirecting.

Passing Information to and Receiving Information from the Hosted Pages

If you would like to pass information to or receive information from the PayPal Hosted Checkout Pages, use one of the following URLs:

  • For live transactions, use https://payflowlink.paypal.com
  • For testing purposes, use https://pilot-payflowlink.paypal.com

Note: The MODE parameter for passing a test secure token is deprecated. Instead, post your form parameters to the testing Payflow Link URL.

table of contents


Sending a Simple Transaction to the Server

When using the Payflow SDK, you send transactions to the Gateway server in name-value pair format. Typically, a simple transaction includes connection parameters, user parameters, and transaction data parameters.

About Name-Value Pairs

Name-value pair (NVP) is the format you use to specify the parameter information you send in a transaction request to the Payflow server. A name-value pair consists of the parameter name and its value. The equal sign (=) is a special character that associates the name and its value:

PARAMNAME=value

Typically, you send several name-value pairs as a parameter string to the server. The ampersand (&) is a special character that separates each name-value pair in the parameter string:

PARAM1NAME=value&PARAM2NAME=value&PARAM3NAME=value

Follow the special character and syntax guidelines when creating name-value pairs.

Using Special Characters In Values

Because the ampersand (&) and equal sign (=) characters have special meanings, they are invalid in a name-value pair value.

The following are invalid:

COMPANYNAME=Ruff & Johnson

COMMENT1=Level=5

To include special characters in the value portion of a name-value pair, use a length tag. The length tag specifies the exact number of characters and spaces that appear in the value. The following are valid.

COMPANYNAME[14]=Ruff & Johnson

COMMENT1[7]=Level=5

Note: Do not use quotation marks (") even if you use a length tag.

Name-Value Parameter Syntax Guidelines

Follow these guidelines when creating name-value pair (NVP) parameter strings:

  • Do not use spaces in values.
  • Do not place quotation marks within the body of the NVP parameter string.
  • Separate all NVPs using an ampersand (&).
  • Set the VERBOSITY transaction parameter to HIGH to have the response return detailed information. Act upon the returned values that you need for the transaction.
  • If you duplicate a parameter in your NVP string, the last item will always be the one used and the others will be discarded.

Do Not URL Encode Name-Value Parameter Data

Do not URL encode your NVP data because it can cause problems with authentication and reporting.

This example is incorrect:

TRXTYPE%3DS%26TENDER%3DC%26USER%3DMerchantUserID%26PWD%3DPwd4Gateway%26PARTNER%3DPayPal%26ACCT%3D5105105105105100%26EXPDATE%3D1215%26AMT%3D23.45%26COMMENT1%3DAirport+Shuttle%26BILLTOFIRSTNAME%3DJamie%26BILLTOLASTNAME%3DMiller%26BILLTOSTREET%3D123+Main+St.%26BILLTOCITY%3DSan+Jose%26BILLTOSTATE%3DCA%26BILLTOZIP%3D951311234%26BILLTOCOUNTRY%3DUS
%26CVV2%3D123%26CUSTIP%3D0.0.0.0

This example is correct:

TRXTYPE=S&TENDER=C&USER=MerchantUserID&PWD=Pwd4Gateway&PARTNER=PayPal&ACCT=5105105105105100&EXPDATE=1215&AMT=23.45
&COMMENT1=Airport Shuttle&BILLTOFIRSTNAME=Jamie&BILLTOLASTNAME=Miller&BILLTOSTREET=123 Main St.&BILLTOCITY=San Jose
&BILLTOSTATE=CA&BILLTOZIP=951311234&BILLTOCOUNTRY=840&CVV2=123&CUSTIP=0.0.0.0

Payflow Connection Parameters

The Payflow SDK passes connection parameters to define the connection to the Payflow server.

Pass the connection parameters in the format and syntax required by the Payflow SDK and programming language that you are using. See your integration documentation for details.

Parameter Description
HOSTADDRESS (Required) Gateway server name.
HOSTPORT (Required) Use port 443.
TIMEOUT (Required) Time-out period for the transaction. PayPal recommends a minimum time-out value of 30 seconds. The client begins tracking from the time that it sends the transaction request to the server.
PROXYADDRESS (Optional) Proxy server address. Use the PROXY parameters for servers behind a firewall. Your network administrator can provide the values.
PROXYPORT (Optional) Proxy server port.
PROXYLOGON (Optional) Proxy server logon ID.
PROXYPASSWORD (Optional) Proxy server logon password.

In addition to the connection parameters in the table, you must pass the NVP parameters that specify the payment information for the transaction.

User Parameter Data

All Gateway transactions require the user parameters described as follows.

User parameters

Parameter Description
USER (Required) If you set up one or more additional users on the account, this value is the ID of the user authorized to process transactions. If, however, you have not set up additional users on the account, USER has the same value as VENDOR.
Limitations: 64 alphanumeric, case-sensitive characters
VENDOR (Required) Your merchant login ID that you created when you registered for the account.
Limitations: 64 alphanumeric, case-sensitive characters
PARTNER (Required) The ID provided to you by the authorized PayPal Reseller who registered you for the Gateway gateway. If you purchased your account directly from PayPal, use PayPal.
Limitations: 64 alphanumeric, case-sensitive characters
PWD (Required) The password that you defined while registering for the account.
Limitations: 6 to 32 alphanumeric, case-sensitive characters

Sale Transaction Example

In addition to the required connection and user parameters, each transaction type may require other parameters and can include a number of optional parameters.

To perform a sale transaction involving a credit card, for example, pass the following parameters:

  • TRXTYPE - The type of the transaction, such as S for Sale
  • TENDER - The method of payment, such as C for credit card
  • ACCT - The buyer's credit card number
  • AMT - The amount of the sale, including two decimal places and without a comma separator
  • EXPDATE - The expiration date of the credit card

Typical Sale Transaction

The following is a typical name-value pair string for a sale transaction.

TRXTYPE=S&TENDER=C&USER=MerchantUserID&PWD=Pwd4Gateway&PARTNER=PayPal&ACCT=5105105105105100&EXPDATE=1215
&AMT=23.45&COMMENT1=Airport Shuttle&BILLTOFIRSTNAME=Jamie&BILLTOLASTNAME=Miller&BILLTOSTREET=123 Main St.
&BILLTOCITY=San Jose&BILLTOSTATE=CA&BILLTOZIP=951311234&BILLTOCOUNTRY=840&CVV2=123&CUSTIP=0.0.0.0&VERBOSITY=HIGH

Besides the required sale transaction parameters, the string includes other Payflow parameters typically included in a sale transaction.

When the transaction completes, the Gateway server returns a response string made up of name-value pair response parameters. If the transaction is successful, the Payflow Gateway server returns a RESULT parameter with the value 0. The value of the PNREF parameter is the transaction ID, which helps to identify the transaction in future requests; the RESPMSG parameter is a string indicating whether the transaction was approved.

The following is an example response:

RESULT=0&PNREF=VXYZ01234567&RESPMSG=APPROVED&AVSADDR=Y&AVSZIP=N&IAVS=Y&CVV2MATCH=Y

Formatting Payflow Gateway Transactions

For details on how to format a Payflow transaction, see the examples and the supporting documentation provided with your SDK or see Submitting Credit Card Transactions.

table of contents


Submitting Credit Card Transactions

When using the Payflow SDK, plan how to implement credit card processing based on your business needs. Payflow SDK offers a core set of transaction parameters that all credit card processors use. This section describes how to submit a transaction for each transaction type supported.

Note: Some of the transaction types and features described in this chapter are not supported by all processors. Be sure to check with your processor for information on the specific functionality that is supported.

Obtaining an Internet Merchant Account

To accept credit cards over the Internet, you need a special account called an Internet Merchant Account. If PayPal is your merchant bank, you do not need the Internet Merchant Account.

Your account provider or merchant (acquiring) bank works with a PayPal-supported credit card processor. Examples are First Data, TSYS Acquiring Solutions (formerly Vital Processing Services), and Paymentech. To accept live credit cards, provide details about your account to PayPal during the "Go Live" part of enrollment.

Note: An Internet Merchant Account is different type of merchant account. It has additional risks associated with card-not-present (e-commerce) transactions. It is different from a merchant account used for face-to-face/card-present (in-person) retail transactions . Obtain an Internet Merchant Account even if you already accept credit cards at your location.

To apply for an Internet Merchant Account, contact your merchant (acquiring) bank.

About Credit Card Processing

Credit card processing occurs in 2 steps -- a real-time authorization and a capture (settlement) of the funds that the cardholder's issuing bank authorizes. You perform these 2 steps either as a single transaction or as 2 transactions, depending on your business model.

For an authorization, the server sends the transaction information to a credit card processor. The processor routes the transaction through the financial networks to the cardholder's issuing bank. The issuing bank checks whether the card is valid. It evaluates whether sufficient credit exists, checks values such as address verification service and card security codes, and returns a response such as Approved, Declined, or Referral.

You receive the response a few seconds after you submit the transaction to the server. If the bank approves an authorization, it temporarily reserves the credit for the amount of the transaction to prepare to capture (fulfill) the transaction. The hold on funds typically lasts for about a 3-7 days.

Capturing a transaction actually transfers the funds to your bank. At least once a day, PayPal gathers all transactions flagged for settlement and sends them in a batch file to the processor. The processor then charges the issuing bank and transfers the funds to your bank. It typically takes a few days before the money is available in your account, depending on your bank.

Note: For card-not-present transactions, such as, online transactions, merchants are required to provide a service or ship goods before or on the same day the transaction is captured.

Credit Card Features

The Payflow SDK supports the following transaction types for credit card processing.

Note: Even though the Payflow Gateway does not charge fees for certain transactions, your processor, including PayPal as your merchant bank, may charge a fee.

Transaction Type Billable
Authorization Yes
Account Verification No *
Balance Inquiry No
Credit Yes
Delayed Capture No
Inquiry No
Sale Yes
Voice Authorization Yes
Void Yes

The Payflow SDK also supports the following credit card features:

  • Address verification service and card security code validation
  • Card-present (SWIPE) transactions
  • Partial authorizations for pre-paid cards
  • Purchasing card transactions
  • Reference transactions (also called tokenization)
  • Submitting Soft Merchant information

Planning Your Gateway Integration

When designing your Gateway integration, evaluate whether to use:

  • A one-step or two-step transaction process:

    • One-step: Submit a sale transaction, which performs the authorization and (if successful) then flags the transaction for settlement.

    • Two-step: Perform an authorization-only transaction and then later perform a delayed capture transaction. The delayed capture transaction can be for the same amount as the original transaction or for a lower amount. (In the case of a split shipment, you can perform a delayed capture transaction for the initial shipment and a reference transaction for the final payment.

    According to card association rules, most physical goods merchants should use a two-step process, since settlement should occur when the merchant ships the goods. A two-step process is also useful for evaluating information in the response, such as whether the issuer verifies the billing address, and so on. Electronic goods merchants, who fulfill the order immediately, can use the one-step process. Check with your Internet Merchant Account provider for suggestions on the best method for you.

  • Risk management tools such as address verification service and card security code. For the address verification service, if the initial transaction submits the data, the issuer checks the street address and the zip code against the billing address on file for the consumer.

    Card security code refers to a three- or four-digit number that appears on the back of most credit cards. On American Express, the number appears proceeding and to the right of the embossed card number. Card security code is known by other names, such as CVV2, depending on the type of card. If card security code data is submitted, the issuer can notify you whether the number matches the number assigned to the card. It may also be possible to implement additional safeguards yourself or to use a fraud service. You might want to discuss risk management with your Internet Merchant Account provider.

  • Your local database or PayPal Manager reports to store and manage the data. You may want to store shipping information in your system or you may prefer to send the information to PayPal with the transaction and report on it later.

    Note: Consider whether and how to use COMMENT1 and COMMENT2 to help tie reports to your orders/customers or to report on other information about the transaction.

  • Other systems, such as order fulfillment, Customer Service, and so on for system integration. You may want to integrate your systems directly for capturing funds, issuing refunds/credits, and so on. Alternatively, you may prefer to perform these steps manually using PayPal Manager. Either way, PayPal recommends that you monitor transaction activity using PayPal Manager.

  • Your internet Merchant Acquirer practices to get the most advantageous rates.

Complying With E-commerce Indicator

Some processors support a software flag called E-commerce Indicator (ECI) that indicates that the associated transaction is an internet transaction. The Payflow SDK complies with ECI basic requirements for all supported processors.

If you use Buyer Authentication, the ECI values reflect the authentication status.

Handling Credit Card Type Information

The Payflow SDK does not check the credit card types that you are accepting. If a customer uses a card type you do not accept, the SDK responds with RESULT value 25, "Invalid host mapping," or the processor returns a message that the customer is not signed up for the card type. Optionally, you can provide your customer with a list of the card types that you accept (in a drop-down list or menu, for example).

To accept additional credit card types, contact your acquiring bank (holding your Internet Merchant Account) and ask them to add the card type to your account. Upon notification from your acquirer that you can start accepting the card type, add the card to your Payflow account through PayPal Manager. See PayPal Manager online help for details.

Note: American Express cards require explicit acceptance when PayPal is the processor. To accept American Express cards, go to the Profile Page in PayPal Manager and click American Express card acceptance.

Core Credit Card Parameters

All credit card processors accept the basic parameters described in the following table* with one exception: the PayPal processor does not support SWIPE*.

Note: See PayPal Credit Card Transaction Request Parameters for the request parameters specific to the PayPal Processor.

Parameter Description
TENDER (Required) The method of payment. Values are:
- A = Automated clearinghouse (ACH)
- C = Credit card
- D = Pinless debit
- K = Telecheck
- P = PayPal
See the Payflow ACH Payment Service Guide for details on the ACH tender type.
TRXTYPE (Required) Indicates the type of transaction to perform. Values are:
- A = Authorization
- B = Balance Inquiry
- C = Credit (Refund)
- D = Delayed Capture
- F = Voice Authorization
- I = Inquiry
- K = Rate Lookup
- L = Data Upload
- N = Duplicate Transaction
Note: A type N transaction represents a duplicate transaction (version 4 SDK or HTTPS interface only) with a PNREF that is the same as the original. It appears only in the PayPal Manager user interface and never settles.
- S = Sale
- V = Void
ACCT (Required for credit cards) Credit card or purchase card number. For example, ACCT=5555555555554444. For the pinless debit TENDER type, ACCT can be the bank account number.
Limitations: This value may not contain spaces, non-numeric characters, or dashes
EXPDATE (Required) Expiration date of the credit card. For example, 1215 represents December 2015.
Limitations: mmyy format
AMT (Required) Amount (Default: U.S. based currency).
Character length and limitations: numeric characters and a decimal only. The maximum length varies depending on your processor. Specify the exact amount to the cent using a decimal point (use 34.00 not 34). Do not include comma separators (use 1199.95 not 1,199.95). Your processor or Internet Merchant Account provider may stipulate a maximum amount.
Note: If your processor accepts non-decimal currencies, such as, Japanese Yen, include a decimal in the amount you pass to Payflow (use 100.00 not 100). Payflow removes the decimal portion before sending the value to the processor.
COMMENT1 (Optional) Merchant-defined value for reporting and auditing purposes.
Limitations: 128 alphanumeric characters
COMMENT2 (Optional) Merchant-defined value for reporting and auditing purposes.
Limitations: 128 alphanumeric characters
CVV2 (Optional) A code printed (not imprinted) on the back of a credit card. Used as partial assurance that the card is in the buyer's possession.
Limitations: 3 or 4 digits
RECURRING (Optional) Identifies the transaction as recurring. Value is:
- Y - Identifies the transaction as recurring.
- N - Does not identify the transaction as recurring (default).
This value does not activate the Payflow Recurring Billing Service API. If the RECURRING parameter value is Y in the original transaction, this value is ignored when forming credit, void, and force transactions. If you subscribe to the Payflow Fraud Protection Services:
- To avoid charging you to filter recurring transactions that you know are reliable, the fraud filters do not screen recurring transactions.
- To screen a prospective recurring customer, submit the transaction data on the PayPal Manager Manual Transactions page. The filters screen the transaction in the normal manner. If the transaction triggers a filter, follow the normal process to review the filter results.
Note: If your transaction is declined and the PAYMENTADVICECODE response parameter is supported by your processor, a PAYMENTADVICECODE value is returned representing the reason that the transaction was declined. Obtain the meaning of PAYMENTADVICECODE values from your acquiring bank.
Character length and limitations: 1 alpha character
SWIPE (Required for card-present transactions only) Used to pass the Track 1 or Track 2 data (card's magnetic stripe information) for card-present transactions. Include either Track 1 or Track 2 data, not both. If Track 1 is physically damaged, the point-of-sale (POS) application can send Track 2 data instead.
The track data includes the disallowed = (equal sign) character. To enable you to use the data, the SWIPE parameter must include a length tag specifying the number of characters in the track data. For this reason, in addition to passing the track data, the POS application must count the characters in the track data and pass that number. Length tags are described in Using Special Characters In Values.
Note: swipe(card-present transactions) are not supported by the PayPal processor.
Limitations: Alphanumeric and special characters
ORDERID (Optional) Checks for a duplicate order. If you pass ORDERID in a request and pass it again in the future, the response returns DUPLICATE=2 along with the ORDERID.
Note: Do not use ORDERID to catch duplicate orders processed within seconds of each other. Use ORDERID with Request ID to prevent duplicates as a result of processing or communication errors.
BILLTOFIRSTNAME (Optional) Cardholder's first name.
Limitations: 30 alphanumeric characters
BILLTOLASTNAME (Optional but recommended) Cardholder's last name.
Limitations: 30 alphanumeric characters
BILLTOSTREET (Optional) The cardholder's street address (number and street name).
The address verification service verifies the STREET address.
Limitations: 30 alphanumeric characters
BILLTOSTREET2 (Optional) The second line of the cardholder's street address.
The address verification service verifies the STREET address.
Limitations: 30 alphanumeric characters
BILLTOCITY (Optional) Bill-to city.
Limitations: 20-character string.
BILLTOSTATE (Optional) Bill-to state.
Limitations: 2-character string.
BILLTOZIP (Optional) Cardholder's 5- to 9-digit zip (postal) code.
Limitations: 9 characters maximum. Do not use spaces, dashes, or non-numeric characters
BILLTOCOUNTRY (Optional) Bill-to country. The Payflow API accepts 3-digit numeric country codes. Refer to the ISO 3166-1 numeric country codes.
Limitations: 3-character country code.
SHIPTOFIRSTNAME (Optional) Ship-to first name.
Limitations: 30-character string.
SHIPTOLASTNAME (Optional) Ship-to last name.
Limitations: 30-character string.
SHIPTOSTREET (Optional) Ship-to street address.
Limitations: 30-character string.
SHIPTOCITY (Optional) Ship-to city.
Limitations: 20-character string.
SHIPTOSTATE (Optional) Ship-to state.
Limitations: 2-character string.
SHIPTOZIP (Optional) Ship-to postal code.
Limitations: 9-character string.
SHIPTOCOUNTRY (Optional) Ship-to country. The Payflow API accepts 3-digit numeric country codes. Refer to the ISO 3166-1 numeric country codes.
Limitations: 3-character country code.

Echoing data back

The ECHODATA field is a Payflow request parameter. Use this field if you would like some of your request field values echoed back to you in the response. The following ECHODATA field values can be used for POST or Silent Post transactions.

ECHODATA request field value Fields returned in the response
address Returns in the response the following billing and shipping fields if provided in the request:
- BILLTOFIRSTNAME
- BILLTOMIDDLENAME
- BILLTOLASTNAME
- BILLTOCOMPANY
- BILLTOSTREET
- BILLTOSTREET2
- BILLTOCITY
- BILLTOSTATE
- BILLTOZIP
- BILLTOCOUNTRY
- BILLTOEMAIL
- BILLTOPHONENUM
- SHIPTOFIRSTNAME
- SHIPTOMIDDLENAME
- SHIPTOLASTNAME
- SHIPTOCOMPANY
- SHIPTOSTREET
- SHIPTOSTREET2
- SHIPTOCITY
- SHIPTOSTATE
- SHIPTOZIP
- SHIPTOCOUNTRY
custdata Returns in the response the following fields if provided in the request:
- COMMENT1
- COMMENT2
- CURRENCY
- CUSTCODE
- CUSTREF
- EMAIL
- INVNUM
- ORDERID
- PONUM
- TRXTYPE
user Returns the fields USER1 through USER10 if provided in the request.

Submitting Account Verifications

Account verifications, also known as zero-amount authorizations, are used for verifying the validity of customer credit card information. TRXTYPE=A is required for both account verifications and for normal authorization transactions; however, account verifications are different from normal authorizations in the following ways:

  • For account verifications, pass a zero AMT. If you pass any other amount, the transaction becomes a normal authorization that places a hold on the cardholder's open-to-buy limit.
  • In account verifications, even if the RESULT value returned is 0 (Approved), the RESPMSG value returned is Verified instead of Approved.

Note: Payflow returns RESULT value 4, Invalid Amount, if the processor does not support account verifications.

See the Account Verifications Supported Credit Cards by Processor table for details.

When To Use Account Verifications

Use account verifications to validate account numbers and other authentication elements such as CVV2 and AVS.

Account verifications cannot be voided, captured, or refunded. Attempting to do so results in a declined transaction, RESULT=12.

A reference transaction can be based on a successful account verification transaction and used to charge the customer's verified account. See Submitting Reference Transactions Tokenization.

Required Account Verification Parameters

To perform an account verification, pass the following parameters:

Parameter Description
TRXTYPE (Required) Set to A.
Limitations: 1 alphanumeric character.
AMT (Required) Set to 0.
VERBOSITY (Required) Set to HIGH to obtain information about a partial authorization in the response.

Example Account Verification String

The following is an example of account verification:

TRXTYPE=A&TENDER=C&PARTNER=PayPal&USER=SuperUser&PWD=SuperUserPassword&AMT=0.00&ACCT=378282246310005
&EXPDATE=1215&INVNUM=PONUM1&VERBOSITY=HIGH&BILLTOZIP=95031

This is the response:

RESULT=0&PNREF=VFHA0FF8F27D&RESPMSG=Verified&AUTHCODE=667PNI&AVSADDR=X&AVSZIP=X&HOSTCODE=A&PROCAVS=U
&AMEXID=123456789012345&AMEXPOSDATA=123456789012&TRANSTIME=2011-01-11 18:42:01&AMT=0.00&ACCT=0005
&EXPDATE=1215&CARDTYPE=3&IAVS=X

Account Verifications Supported Credit Cards by Processor

The following table lists the credit cards for which each processor supports account verifications.

Processor name Amex Discover Mastercard Visa
American Express Y
American Express APAC Y
PayPal Australia Y Y Y Y
Vantiv Y Y Y Y
Heartland Payment Systems Y Y Y Y
Litle Y Y Y Y
Global Payments Central Y Y Y Y
Merchant e-Solutions Y Y Y Y
Moneris Solutions Y Y Y Y
First Data Merchant Services (FDMS) Nashville Y Y Y Y
Global Payments East Y Y Y Y
First Data Merchant Services (FDMS) North Y Y Y Y
Elavon Y Y Y Y
Paymentech Salem Y Y Y Y
PayPal Y Y Y Y
SecureNet Y Y Y Y
First Data Merchant Services (FDMS) South Y Y Y Y
Paymentech Tampa Y Y Y Y
TeleCheck
TSYS Acquiring Solutions Y Y Y Y
WorldPay Y Y Y Y

Submitting Authorization - Delayed Capture - Transactions

An authorization (TRXTYPE=A) transaction places a hold on the cardholder's open-to-buy limit, lowering the cardholder's limit by the amount of the transaction. It does not transfer funds.

Perform a delayed capture (TRXTYPE=D) transaction after an authorization to capture the original authorization amount. PayPal schedules the delayed capture for settlement during the next settlement period.

Because Visa and MasterCard regulations prohibit capturing credit card payments until the buyer receives the product or service, most processing networks implement an authorization followed by a delayed capture.

Note: PayPal Payments Advanced and Payflow Link merchants cannot submit authorization transactions unless they use the hosted checkout pages.

When to Use Authorization - Delayed Capture - Transactions

If your business does not provide immediate fulfillment of products or services, PayPal recommends that you use delayed capture processing. It enables you to capture credit card payments when you are ready to collect them.

Note: If you signed up for the PayPal processor with Fraud Protection Services, use delayed capture processing for all sale transactions.

If your business provides immediate fulfillment and you are not using the PayPal processor with Fraud Protection Services, you can use a simple sale transaction instead. For details, see Submitting Reference Transactions Tokenization.

Note: You are allowed to perform one delayed capture transaction per authorization transaction.

Required Authorization Transaction Parameters

To perform a delayed capture transaction, pass the following parameter:

Parameter Description
ORIGID (Required by some transaction types) ID of the original transaction referenced, or the value returned in the PNREF parameter in the original transaction; it appears as the Transaction ID in PayPal Manager reports.
Limitations: 12 case-sensitive alphanumeric characters.

Submitting Balance Inquiry Transactions

Balance Inquiry (TRXTYPE=B) transactions are used to obtain the balance of a pre-paid card. This transaction type is different from a balance inquiry performed during an authorization transaction. However, both of these transaction types will return the balance in the BALAMT response parameter.

Note: Payflow returns RESULT value 3, Invalid Transaction Type, if the processor does not support balance inquiry.

Processing Platforms Supporting Balance Inquiry Transactions

The following processing platforms currently support pre-paid card balance inquiry transactions. This feature will be added for more processors in the near future. As more processors are added, this list will be updated accordingly.

  • WorldPay

Required Balance Inquiry Parameters

To perform a balance inquiry on a pre-paid card, pass the following parameters:

Parameter Description
TRXTYPE (Required) Set to B.
Limitations: 1 alphanumeric character.
EXPDATE (Required) Expiration date of the pre-paid card in the format MMYY. For example, 1215 represents December 2015.
VERBOSITY (Required) Set to HIGH to obtain information about a balance inquiry in the response.

Example Balance Inquiry Transaction String

The following is an example of a balance inquiry transaction:

TRXTYPE=B&TENDER=C&PARTNER=PayPal&VENDOR=SuperMerchant&USER=SuperUser
&PWD=SuperUserPassword&ACCT=5555555555554444&EXPDATE=1215&VERBOSITY=HIGH

This is the response:

RESULT=0&PNREF=ERRV0A005933&RESPMSG=Approved&AUTHCODE=467PNI&HOSTCODE=000
&TRANSTIME=2012-02-16 18:41:25&AMT=0.00&BALAMT=10.00&ACCT=4444&EXPDATE=1215&CARDTYPE=0

Submitting Card Present - SWIPE - Transactions

The Payflow SDK supports card present transactions (face-to-face purchases).

Note: The PayPal processor does not support SWIPE (card-present) transactions.

Follow these guidelines to take advantage of the lower card-present transaction rate:

  • Contact your merchant account provider to make sure that they support card-present transactions.
  • Contact PayPal Customer Service to request them to set up your account properly for accepting and passing swipe data.
  • If you plan to process card-present as well as card-not-present transactions, set up 2 separate Gateway accounts. Request that one account be set up for card-present transactions, and use it solely for that purpose. Use the other for card-not-present transactions. Using the wrong account may result in downgrades.
  • A sale is the preferred method to use for card-present transactions. Consult with your acquiring bank for recommendations on other methods.

Processing Platforms Supporting Card-Present Transactions

The following processing platforms support card-present transactions.

For instructions on setting up or changing your processor, see the Processor Setup Guide PDF.

Note: PayPal Australia (FDRA) merchants with a 12-digit merchant ID, can contact Payflow support to request a 16-digit merchant ID.

  • American Express
  • American Express APAC
  • Elavon
  • First Data Merchant Services (FDMS) Nashville
  • First Data Merchant Services (FDMS) North
  • First Data Merchant Services (FDMS) South
  • Global Payments Central
  • Global Payments East
  • Heartland Payment Systems
  • Litle
  • Merchant e-Solutions
  • Moneris Solutions
  • Paymentech Salem
  • Paymentech Tampa
  • PayPal
  • Planet Payment
  • SecureNet
  • TeleCheck
  • TSYS Acquiring Solutions
  • Vantiv
  • WorldPay

Card Present Transaction Syntax

Use the SWIPE parameter to pass the Track 1 or Track 2 data (the card's magnetic stripe information). Include either Track 1 or Track 2 data (up to 80 alphanumeric characters). If Track 1 is physically damaged, the POS application can send Track 2 data instead.

The track data includes the disallowed = (equal sign) character. To enable you to use the data, the SWIPE parameter must include a length tag specifying the number of characters in the track data. For this reason, in addition to passing the track data, the POS application counts the characters in the track data and passes that number as the length tag. For details on length tags, see Using Special Characters In Values. The length tag in the following example is [40].

Note: Do not include the ACCT or EXPDATE parameters in card-present transactions. The SWIPE value includes this data.

TRXTYPE=S&TENDER=C&PARTNER=PayPal&USER=SuperMerchant&PWD=SuperMerchant
&SWIPE[40]=;4912000033330026=15121011000012345678?&AMT=21.00

Submitting Refund Transactions

The credit transaction (TRXTYPE=C) refunds the specified amount back to the cardholder. A credit transaction can contain a reference to the original transaction (referenced) or not (non-referenced) depending on how your account is set up. To issue a credit, the original transaction can only be one of the following: a Sale (TRXTYPE=S), Delayed Capture (TRXTYPE=D) or Voice Authorization (TRXTYPE=F). It is recommended that the merchant issue a credit only if the original transaction has already settled. Even though it is possible to issue a credit to a transaction that has not settled, it is recommended that you void such transactions.

Both the credit transaction and the original transaction will appear on the customer's statement.

Required Credit Transaction Parameters

The required parameter data for a credit transaction depends on the Allow Non-referenced Credits security setting for your Payflow account. A non-referenced credit is a credit transaction that does not use the credit card information from an existing transaction. You provide the credit card information. As an example, Sally Smith calls you on the phone to cancel an order from your business. To refund her money, you credit her credit card by submitting a non-referenced credit transaction.

Guidelines and parameter requirements for credit transactions differ depending on whether non-referenced credits are allowed.

Non-Referenced Credits Not Allowed

When non-referenced credits are not allowed (the setting recommended by PayPal), credit transactions are permitted only against existing sale, delayed capture, and voice authorization transactions. To submit a credit transaction when non-referenced credits are not allowed, pass the following parameter:

Parameter Description
ORIGID (Required by some transaction types) ID of the original transaction referenced, or the value returned in the PNREF parameter in the original transaction; it appears as the Transaction ID in PayPal Manager reports.
Limitations: 12 case-sensitive alphanumeric characters.

Set the value of ORIGID to the PNREF value returned for the original transaction. (PayPal Manager reports display the PNREF as the Transaction ID.) If you do not specify an amount, the amount of the original transaction is credited to the cardholder.

Non-Referenced Credits Allowed

When non-referenced credits are allowed, credit transactions are permitted in any amount up to the transaction limit for the credit card account that you specify. To submit a credit transaction when non-referenced credits are allowed, you must pass values for the following parameters:

  • ACCT
  • EXPDATE
  • AMT

Note: The default security setting for Gateway accounts is Allow non-referenced credits = No. Sending the ORIGID is the preferred method for performing credit transactions, as described in Non-Referenced Credits Not Allowed. Using the acct, expdate or amt parameters for such restricted accounts leads to the return of result value 117 failed the security check. To help reduce fraud, PayPal recommends that you do not activate non-referenced credits unless you have a business reason. For information on configuring your security settings, see PayPal Manager online help.

Refund Example

The following is an example credit transaction string (non-referenced credits allowed):

TRXTYPE=C&TENDER=C&PARTNER=PayPal&VENDOR=SuperMerchant&USER=SuperMerchant
&PWD=x1y2z3&ACCT=5555555555554444&EXPDATE=1215&AMT=123.00&VERBOSITY=HIGH

Fields Copied From the Original Transaction Into the Credit Transaction

The following fields are copied from the original transaction into the credit transaction (if they exist in the original transaction). If you provide a new value for any of these parameters when submitting the credit transaction, the new value is used. (Exceptions are ACCT, EXPDATE, and SWIPE. These parameters retain their original values.)

Note: These fields are not copied for referenced credits: TAXAMT, TAXEXEMPT, DUTYAMT, FREIGHTAMT, and (for American Express only) DESC4.

Note: For processors that use the RECURRING parameter: If you set the RECURRING parameter to Y in the original transaction, this setting is ignored when forming the credit transaction.

ACCT AMT BILLTOCITY BILLTOCOUNTRY
BILLTOEMAIL BILLTOMIDDLENAME BILLTOLASTNAME BILLTOPHONENUM
BILLTOSTATE BILLTOSTREET BILLTOZIP COMMENT1
COMMENT2 COMPANYNAME CUSTCODE CUSTIP
EXPDATE INVNUM PONUM SHIPTOCITY
SHIPTOCOUNTRY SHIPTOFIRSTNAME SHIPTOMIDDLENAME SHIPTOLASTNAME
SHIPTOSTATE SHIPTOSTREET SHIPTOZIP SWIPE

Submitting Inquiry Transactions

An inquiry transaction (TRXTYPE=I) returns the result and status of a transaction.

When To Use an Inquiry Transaction

You can perform an inquiry transaction using a reference to an original transaction — either the PNREF value returned for the original transaction or the CUSTREF value that you specified for the original transaction. You can also perform an inquiry using the secure token.

While the amount of information returned in an inquiry transaction depends upon the VERBOSITY setting, inquiry responses mimic the verbosity level of the original transaction as closely as possible.

Required Parameters When Using the PNREF

To perform an inquiry, pass the following parameter:

Parameter Description
ORIGID (Required by some transaction types) ID of the original transaction referenced, or the value returned in the PNREF parameter in the original transaction; it appears as the Transaction ID in PayPal Manager reports.
Limitations: 12 case-sensitive alphanumeric characters.

Set ORIGID to the PNREF (Transaction ID in PayPal Manager reports) value returned in the original transaction.

Inquiry Transaction Parameter String Using the PNREF

This is an example inquiry transaction parameter string using the ORIGID parameter set to the PNREF value:

TRXTYPE=I&TENDER=C&PARTNER=PayPal&VENDOR=SuperMerchant&USER=SuperMerchant
&PWD=x1y2z3&ORIGID=VPNE12564395&VERBOSITY=HIGH

Required Parameters When Using the CUSTREF

To perform an inquiry transaction when using the CUSTREF, pass the CUSTREF parameter.

Parameter Description
CUSTREF (Required) Merchant-defined identifier for reporting and auditing purposes. For example, you can set CUSTREF to the invoice number.
You can use CUSTREF when performing inquiry transactions. To make sure that you can always access the correct transaction when performing an inquiry, provide a unique CUSTREF when submitting any transaction, including retries.
Limitations: 12 alphanumeric characters
STARTTIME (Optional) For inquiry transactions when using CUSTREF to specify the transaction. STARTTIME specifies the beginning of the time period during which the transaction specified by the CUSTREF occurred. ENDTIME must be less than 30 days after STARTTIME. You cannot perform an inquiry across a date range greater than 30 days. If you set ENDTIME, and not STARTTIME, STARTTIME defaults to 30 days before ENDTIME.
If you do not specify a STARTTIME or ENDTIME, the system searches the last 30 days.
Limitations: 14 numeric characters in the format yyyymmddhhmmss
ENDTIME (Optional) For inquiry transactions when using CUSTREF to specify the transaction. ENDTIME specifies the end of the time period during which the transaction specified by the CUSTREF occurred.
Limitations: 14 numeric characters

Note: If there are multiple transactions with a particular CUSTREF value, inquiry returns the last transaction only with the specified CUSTREF. To make sure that you can always access the correct transaction, use a unique CUSTREF when submitting any transaction, including retries.

Inquiry Transaction Parameter String Using the CUSTREF

This is an example inquiry parameter string using the CUSTREF.

TRXTYPE=I&TENDER=C&PARTNER=PayPal&VENDOR=SuperMerchant&USER=SuperMerchant
&PWD=x1y2z3&CUSTREF=Inv00012345

Required Parameters When Using the Secure Token

To perform an inquiry transaction when using the secure token, pass the following parameter:

Parameter Description
SECURETOKEN (Required) A value the Payflow server created upon your request for storing transaction data.
Limitations: 32 alphanumeric characters

Set SECURETOKEN to the PNREF (Transaction ID in PayPal Manager reports) value returned for the original transaction.

Inquiry Parameter String Using the Secure Token

The following is an example inquiry request string with the SECURETOKEN parameter.

TRXTYPE=I&TENDER=C&PARTNER=PayPal&PWD=SuperUserPassword&USER=SuperMerchant&VERBOSITY=HIGH
&VENDOR=SuperMerchant&SECURETOKEN=FmyM1y7wy8kiS6aumnMPhTQN&VERBOSITY=HIGH

The following is the response string.

RESULT=0&PNREF=VFHE1A0CB0A9&TRANSSTATE=6&ORIGRESULT=0&ORIGPNREF=VFHE1A0CB0A8&RESPMSG=Approved
&AUTHCODE=010101&AVSADDR=Y&AVSZIP=Y&HOSTCODE=00&PROCAVS=Y&DATE_TO_SETTLE=2011-02-04 16:16:50
&TRANSTIME=2011-02-04 16:16:50&BILLTOFIRSTNAME=James&BILLTOLASTNAME=Smith&AMT=555.00&ACCT=0002
&EXPDATE=0120&CARDTYPE=0&IAVS=N

Submitting Partial Authorizations

A partial authorization is a partial approval of an authorization (TRXTYPE=A) transaction. A partial authorization approves a transaction when the balance available is less than the amount of the transaction. The transaction response returns the amount of the original transaction and the amount approved.

When To Use Partial Authorizations

Use partial authorizations to reduce the number of declines resulting from buyers spending more than their balance on prepaid cards.

Say, for example, that you sell sportswear on your website. Joe purchases a pair of running shoes in the amount of $100.00. At checkout, Joe uses a gift card with a balance of $80.00 to pay. You request partial authorization of $100.00. The transaction response returns the original amount of $100.00 and the approved amount of $80.00.

You can take either of the following actions:

  • Accept the $80.00 and ask the buyer to provide an alternate payment for the additional $20.00.
  • Reject the partial authorization and submit to the card issuer an authorization reversal (Void) for $80.00.

Required Partial Authorization Parameters

To perform a partial authorization, pass the same parameters that you would for an authorization (TRXTYPE=A, ACCT, AMT, and EXPDATE). In addition, pass the following parameters.

Parameter Description
PARTIALAUTH (Required) Set to Y to submit a partial authorization.
Limitations: 1 alphanumeric character.
VERBOSITY (Required) Set to HIGH to obtain information about a partial authorization in the response.

Example Partial Authorization

The following is an example partial authorization.

  • You submit the initial authorization as a partial authorization.
    TRXTYPE=A&TENDER=C&AMT=100.00&ACCT=4111111111111111&EXPDATE=0119
    &PARTIALAUTH=Y&VERBOSITY=HIGH
  • The card issuer notes that the card has a remaining balance of $80.00.
  • The card issuer sends a partial authorization for $80.00.
    RESULT=0&PNREF=VRNS1A3B33C9&RESPMSG=Partial Approval&AUTHCODE=11111&HOSTCODE=E&PROCAVS=U
    &TRANSTIME=2010-04-21 11:30:45&AMT=80.00&ORIGAMT=100.00&BALAMT=0&ACCT=1111&EXPDATE=0119&IAVS=X
    RESPMSG is Partial Approval, AMT is now the actual amount approved, ORIGAMT is the original requested amount, and BALAMT is the balance on the card.
    Since the amount charged is greater than the amount available on the card, the response sets the balance amount (BALAMT) to zero. If BALAMT is zero, check if there is a balance due by comparing the original amount (ORIGAMT) to the amount charged (AMT).
    You can choose to perform one of the following tasks:
  • Accept the $80.00 and request an alternate payment from the buyer for the additional $20.00.
  • Reject the partial authorization by sending the card issuer an authorization reversal (void) for $80.

Submitting Purchasing Card Transactions

A purchasing card (also referred to as a commercial card, corporate card, procurement card or business card) is a credit card that an employer requests to be issued. A purchasing card is usually reserved for business-related charges. The card issuer provides specialized reporting for this card type so the employer can monitor the use of the card. There is no method for determining whether a card is a purchase card or a commercial card based on the card number.

To obtain the best bank interchange rates for commercial cards, pass specific additional transaction information. Purchasing card support and parameters vary from processor to processor. See Submitting Purchasing Card Level 2 and 3 Transactions.

Note: The PayPal processor does not support purchasing card transactions.

Submitting Reference Transactions - Tokenization

To recharge a credit card when you are not storing the credit card information in your local database, you can perform a reference transaction. A reference transaction takes the existing credit card information that is on file and reuses it. (Securely storing data for future reference is also known as tokenization.)

The PNREF returned in the original transaction is valid for use in reference transactions for 12 months and possibly up to 15 months.

For transactions processed by the PayPal processor, use the PPREF returned in the original transaction as the transaction ID, instead of the PNREF.

When To Use a Reference Transaction

Say that Joe Smith purchases a holiday gift from your website store and requests that you send it by UPS ground service. That evening, Joe becomes concerned that the item might not arrive in time for the holiday. So Joe calls you to upgrade shipping to second-day air. You obtain Joe's approval for charging an extra $10 for the upgrade. In this situation, you can create a reference transaction based on the original authorization and charge an additional $10 to Joe's credit card without having to ask him again for credit card information.

Note: As a security measure, reference transactions are disallowed by default. Only your account administrator can enable reference transactions for your account. If you attempt to perform a reference transaction in an account that does not allow reference transactions, Payflow returns RESULT value 117. See PayPal Manager online help for instructions on setting reference transactions and other security features.

Sale and authorization transactions can use a reference transaction as a source of transaction data. Payflow looks up the reference transaction and copies its transaction data into the new sale or authorization. Fraud Protection Service filters do not screen reference transactions.

Note: When the Gateway looks up the reference transaction, it does not alter in any way the transaction referenced or any other transaction in the database. A reference transaction is a read-only operation. Payflow populates with data and acts upon the new transaction only. It does not maintain any linkage between the reference transaction and the new transaction.

You can also initiate reference transactions from PayPal Manager. See PayPal Manager online help for details.

Transaction Types That Can Be Used As the Original Transaction

You can reference the following transaction types to supply data for a new sale or authorization transaction:

  • Authorization (To capture the funds for an approved authorization transaction, be sure to perform a delayed capture transaction, not a reference transaction.)
  • Credit
  • Delayed capture
  • Sale
  • Voice authorization (Payflow does not copy the voice authorization code to the new transaction)
  • Void

Fields Copied From Reference Transactions

The following fields are copied from the reference transaction into the new sale or authorization transaction (if they exist in the original transaction). If you provide a value for any of these parameters when submitting the new transaction, then the new value is used.

ACCT BILLTOCITY
EXPDATE BILLTOSTATE
BILLTOFIRSTNAME BILLTOZIP
BILLTOMIDDLENAME BILLTOCOUNTRY
BILLTOLASTNAME SWIPE
BILLTOSTREET

Example Reference Transaction

In this example, you authorize an amount of $100 for a shipment and charge $66 for the first partial shipment using a normal delayed capture. You charge the $34 for the final part of the shipment using a reference transaction to draw credit card and shipping address information from the initial authorization transaction.

This example procedure creates a reference transaction:

Submit the initial transaction, such as an authorization. You use an authorization transaction for the full amount of the purchase of $100 as shown in this transaction request:

TRXTYPE=A&TENDER=C&PWD=x1y2z3&PARTNER=PayPal&VENDOR=SuperMerchant
&USER=SuperMerchant&ACCT=5555555555554444&EXPDATE=1215&AMT=100.00
&INVNUM=123456789&BILLTOSTREET=5199 MAPLE&BILLTOZIP=94588

Note the value of the PNREF in the response:

RESULT=0&PNREF=VXYZ01234567&RESPMSG=APPROVED&AUTHCODE=123456&AVSADDR=Y&AVSZIP=N

Note: The PNREF returned in the original transaction is valid in reference transactions for 12 months and possibly up to 15 months.

If the original transaction was processed by the PayPal processor, pass either the PPREF or PNREF of the original transaction in the ORIGID parameter.

Capture the authorized funds for a partial shipment of $66. When you deliver the first $66 worth of product, you use a normal delayed capture transaction to collect the $66. Set ORIGID to the value of PNREF in the original authorization as in this transaction request.

TRXTYPE=D&PWD=x1y2z3&PARTNER=PayPal&VENDOR=SuperMerchant
&USER=SuperMerchant&ORIGID=VXYZ01234567&AMT=66.00

The following is the response:

RESULT=0&PNREF=VXYZ01234568&AUTHCODE=25TEST&AVSADDR=Y&AVSZIP=N

Note: The TENDER parameter is not required in this step. The TENDER of the capture will be the same as that of the original transaction.

Submit a new sale transaction or an authorization and delayed capture transaction of $34 for the rest of the shipment. When you ship the remainder of the product, you can collect the remaining $34 in a sale transaction that uses the initial authorization as a reference transaction. (This is a sale transaction because Payflow allows only one delayed capture transaction per authorization.)

The following is a sale transaction request:

TRXTYPE=S&TENDER=C&PWD=x1y2z3&PARTNER=PayPal&VENDOR=SuperMerchant
&USER=SuperMerchant&ORIGID=VXYZ01234567&AMT=34.00

The following is the response:

RESULT=0&PNREF=VXYZ01234569&AUTHCODE=25TEST&AVSADDR=Y&AVSZIP=N

Note: If the original transaction was processed by the PayPal processor, pass either the PPREF or PNREF of the original transaction in the ORIGID parameter. Also, if the original transaction was created using Express Checkout or a Billing Agreement, set the TENDER parameter to TENDER=P.

Data Upload - Storing Credit Card Data on the Gateway Server

To facilitate creating reference transactions while assisting you with PCI compliance, PayPal allows you to upload credit card data by submitting an upload transaction (TRXTYPE=L). At minimum, you must pass values for the following parameters:

  • TRXTYPE
  • TENDER
  • ACCT
  • EXPDATE

This is an example upload transaction request:

TRXTYPE=L&TENDER=C&ACCT=5105105105105100&EXPDATE=1215&BILLTOFIRSTNAME=Ted
&BILLTOLASTNAME=Smith&BILLTOSTREET=123&BILLTOCITY=SanJose&BILLTOSTATE=CA
&BILLTOZIP=12345&BILLTOPHONENUM=123-123-1234

This is the response:

RESULT=0&PNREF=v19A2E710FCF&RESPMSG=Approved&TRANSTIME=2011-11-02 16:53:58

You can send shipping and billing information to be stored, but you must not include the AMT field. If you pass a value for AMT, you will receive an error with RESULT=4 and RESPMSG=Invalid Amount.

Note: PayPal does not verify the credit card data, as it is not sent to the banks for processing. To validate a transaction, you must submit an account verification, also known as a zero dollar authorization (TRXTYPE=A). For details, see Submitting Account Verifications.

Submitting Sale Transactions

The sale transaction (TRXTYPE=S) charges the specified amount against the account, and marks the transaction for immediate fund transfer during the next settlement period. PayPal submits each merchant's transactions for settlement on a daily basis.

Note: PayPal Payments Advanced and Payflow Link users cannot submit sale transactions unless they use the hosted checkout pages.

When To Use a Sale Transaction

A sale transaction is best suited to businesses that provide immediate fulfillment for their products or services. If your business does not provide immediate fulfillment, credit card association rules recommend that you use an authorization and a delayed capture transaction. For details, see Submitting Authorization - Delayed Capture - Transactions. To recharge a credit card when you are not storing the credit card information in your local database, you can perform a new reference transaction based on a Sale transaction.

Note: PayPal Payments Advanced and PayPal Payments Pro merchants using Fraud Protection Services (FPS) should process their transactions as Authorizations with Delayed Capture instead of a Sale. FPS transactions are treated as authorizations and if the transaction is submitted as a Sale, Payflow auto-captures such transactions approximately every two hours, which may result in a 2-hour or more delay in settling the transaction.

Additional Parameters For Sale Transactions

To perform a sale transaction, pass the following parameters:

  • ACCT
  • AMT
  • EXPDATE

Note: The pinless debit tender type requires essentially the same parameters as a credit card transaction. In addition to the values required by all transactions, pass values for the ACCT and AMT parameters. The First Data Merchant Services (FDMS) South processing platform supports sale and credit transactions only.

Typical Sale Transaction Parameter String

The following is a typical NVP string passed in a sale transaction.

TRXTYPE=S&TENDER=C&USER=SuperUser&PWD=SuperUserPassword&VENDOR=SuperUser&PARTNER=PayPal
&ACCT=5105105105105100&EXPDATE=1215&CVV2=123&AMT=99.00&BILLTOFIRSTNAME=John
&BILLTOLASTNAME=Smith&BILLTOSTREET=123 Main St.&BILLTOCITY=San Jose&BILLTOSTATE=CA
&BILLTOZIP=12345&COMMENT1=Reservation&INVNUM=1234567890&PONUM=C12345&VERBOSITY=HIGH

Besides the required parameters that you pass in a sale transaction, this string includes other typical parameters. The COMMENT1 (and COMMENT2) fields help to track transaction information. Pass the customer's street address (BILLTOSTREET) and zip code (BILLTOZIP) to use address verification service. To validate card security codes, pass the CVV2 parameter. For details on address verification service and card security code, see the following:

Submitting Soft Merchant Information

Soft merchant information is detailed data about a merchant such as the merchant's name, business address, business location identifier, and contact information.

About Soft Merchant Information

Merchants aggregators, who perform transactions on behalf of other merchants under a single merchant account, provide the processor with soft merchant information. Soft merchant information identifies the merchant making the sale and includes information about that merchant on the buyer's card statement.

Say, for example, Outdoor Apparel has a chain of 12 stores located in the Western United States with the corporate office in Oakland, California. John Lui purchases a pair of hiking boots online from Hiker's Duds in San Jose, California, and charges them to his credit card. The transaction goes to the aggregator at Outdoor Apparel in Oakland. The aggregator sends soft merchant information about the Hiker's Duds store with the transaction to the credit card processor. When John receives his credit card statement, he recognizes the charge for the hiking boots he purchased at Hiker's Duds in San Jose.

Ways to Send Soft Merchant Information

There are 2 ways you can send soft merchant information:

  • Soft merchant information (SM Record)
  • Merchant descriptor (M Record)

The Paymentech processor requires that you follow their guidelines to send soft descriptor information using either of these methods.

Soft Merchant Information - SM Record

Soft merchant information is for American Express credit cards only. Typically aggregators (and petroleum merchants) pass soft merchant information to the processor in Gateway parameter fields such as the following:

  • MERCHANTNAME
  • MERCHANTSTREET
  • MERCHANTCITY
  • MERCHANTSTATE
  • MERCHANTNAME
  • MERCHANTZIP
  • MERCHANTCOUNTRYCODE
  • MERCHANTLOCATIONID
  • MERCHANTID
  • MERCHANTCONTACTINFO

Note: Paymentech Salem processor only: To take advantage of this level of soft descriptor, you must be approved by the Paymentech Risk/Credit department. Upon approval, Paymentech sets a flag at the transaction division to enable you to send the preceding parameters. If the flag is not set and you send the parameters, your transaction is rejected with Error 258.

Merchant Descriptor - M Record

A merchant descriptor defines the merchant name and product that appears on the account holder's statement. The descriptor information is passed to the processor in parameter fields such as the following:

  • MERCHDESCR - Defines the merchant name and product
  • MERCHSVC - Includes the merchant contact information such as the merchant's telephone number, e-mail address, or website URL

To use merchant descriptors, you are not required to have the processor set the division level flag. However, you are required to obtain prior risk or credit department approval before sending the parameters.

Note: M Record information (merchant soft descriptor information) is also supported for the PayPal processor.

Submitting Voice Authorization Transactions

A voice authorization (TRXTYPE=F) is a transaction that the processing network authorizes over the phone.

Note: The PayPal and Moneris processors do not support voice authorization transactions.

When To Use a Voice Authorization Transaction

Some transactions cannot be authorized over the Internet (for example, high dollar amounts) and require manual authorization. These referral transactions generate RESULT value 13.

In these situations, you contact the customer service department of your merchant bank and provide the payment information as requested. If the bank approves the transaction, the bank provides you with a voice authorization code (AUTHCODE) for the transaction.

On approval, a voice authorization transaction is treated like a sale transaction and is settled with no further action on your part.

Like sale transactions, you can void approved voice authorizations before settlement occurs.

Required Voice Authorization Transaction Parameters

To perform a voice authorization transaction, pass the AUTHCODE provided by your merchant bank.

Parameter Description
AUTHCODE (Required for voice authorizations) Returned only for approved voice authorization transactions. AUTHCODE is the approval code received over the phone from the processing network.
Limitations: 6 alphanumeric characters

The following is an example Voice Authorization request parameter string:

TRXTYPE=F&TENDER=C&PARTNER=PayPal&VENDOR=SuperMerchant&USER=SuperMerchant
&PWD=x1y2z3&AUTHCODE=AB3456&ACCT=5555555555554444&EXPDATE=1215&AMT=123.00&VERBOSITY=HIGH

Submitting Void Transactions

The void transaction (TRXTYPE=V) prevents authorizations from being captured, and delayed captures, sales and voice authorizations from being settled.

You cannot void another void transaction or any inquiry type transactions. The void transaction and the original transaction will not appear on the customer's statement.

PayPal will issue an authorization reversal as part of the void transaction for debit and credit cards if the processor supports it. Because the bank or issuer ultimately decides whether to honor authorization reversals, there is no accurate way to determine if an authorization reversal was completed and the hold on funds has been removed.

When To Use a Void Transaction

Use the following guidelines when using void transactions:

  • You can void delayed capture, sale, credit, authorization, and voice authorization transactions. You cannot void a void transaction.
  • You can only use a void transaction on a transaction that has not yet settled. To refund a customer's money for a settled transaction, submit a credit transaction.

Required Void Transaction Parameters

To perform a void transaction, you are required to pass the following parameter:

Parameter Description
ORIGID (Required by some transaction types) ID of the original transaction referenced, or the value returned in the PNREF parameter in the original transaction; it appears as the Transaction ID in PayPal Manager reports.
Limitations: 12 case-sensitive alphanumeric characters

Fields Copied From the Original Transaction Into the Void Transaction

The following fields are copied from the original transaction into the void transaction (if they exist in the original transaction). If you provide a new value for any of these parameters when submitting the void transaction, the new value is used. (Exceptions are ACCT, EXPDATE, and SWIPE. These parameters retain their original values.)

Note: For processors that use the RECURRING parameter: If you set the RECURRING parameter to Y in the original transaction, the setting is ignored when forming the void transaction.

ACCT AMT BILLTOCITY COMMENT1
COMMENT2 COMPANYNAME BILLTOCOUNTRY CUSTCODE
CUSTIP DUTYAMT BILLTOEMAIL EXPDATE
BILLTOFIRSTNAME BILLTOMIDDLENAME BILLTOLASTNAME FREIGHTAMT
INVNUM PONUM SHIPTOCITY SHIPTOCOUNTRY
SHIPTOFIRSTNAME SHIPTOMIDDLENAME SHIPTOLASTNAME SHIPTOSTATE
SHIPTOSTREET SHIPTOZIP BILLTOSTATE BILLTOSTREET
SWIPE TAXAMT BILLTOPHONENUM TAXEXEMPT
BILLTOZIP

Example Void Transaction Parameter String

The following is an example void transaction string:

TRXTYPE=V&TENDER=C&PARTNER=PayPal&VENDOR=SuperMerchant&USER=SuperMerchant
&PWD=x1y2z3&ORIGID=VPNE12564395&VERBOSITY=HIGH

Submitting Rate Lookups

The currency conversion rate lookup transaction (TRXTYPE=K) supports basic Multi-Currency Pricing (MCP). The MCP feature enables you to accept payments in multiple currencies.

Note: Currently, this feature is only supported by the Planet Payment processor. Contact the processor for a list of supported currencies.

When To Use a Rate Lookup

A rate lookup transaction (TRXTYPE=K) performs a currency conversion rate lookup used for a subsequent Multi-Currency Pricing (MCP) transaction. Merchants can take advantage of this feature to charge buyers for purchases in the buyer's local currency.

In the rate lookup request, pass the target CURRENCY code and the AMT you would like converted. A RATELOOKUPID is returned in the response. In order to charge the buyer with the currency specified in the rate lookup transaction, pass the RATELOOKUPID in the request of an Authorization or Sale transaction.

Additional Parameters For Rate Lookup Transactions

To perform a rate lookup transaction (TRXTYPE=K), pass the following parameters:

The rate lookup transaction returns the following response parameters, which are specific to rate lookups:

  • RATELOOKUPID — This is the same as the PNREF of this transaction. Pass this in the request of a Sale or Authorization transaction in order to charge the buyer in the CURRENCY specified in the request.
    - MCPTRXCONVRATE — This is a decimal amount, such as, 0.0122289.
    - MCPTRXCONVERTEDAMT — This is the amount passed in the request, converted using the specified conversion rate (MCPTRXCONVRATE).
    - MCPCURRENCYCODE — This is the same currency code that you passed in the request.

Example Rate Lookup Transaction

In this example, you perform an MCP rate lookup transaction for $50 US Dollars (USD) that you would like converted to Australian Dollars (AUD). A RATELOOKUPID is returned in the response, which you then pass in an Authorization transaction request to charge your buyer in AUD.

Submit the rate lookup transaction.

Pass TRXTYPE=K for the rate lookup, the amount that you would like converted and the target currency in the transaction request:

TRXTYPE=K&VENDOR=PayflowMerchant&PARTNER=Partner&PWD=Password&
USER=Username&AMT=50.00&CURRENCY=AUD&VERBOSITY=HIGH

Note the value of the PNREF in the response is the same as the value of the RATELOOKUPID:

RESULT=0&PNREF=MEPR9E547033&RESPMSG=Approved&HOSTCODE=00&RESPTEXT=Approved&RATELOOKUPID=MEPR9E547033
&MCPTRXCONVRATE=0.8939746&MCPTRXCONVERTEDAMT=55.93&MCPCURRENCYCODE=AUD&TRANSTIME=2014-02-27 11:34:11

Note: You do not have to store the values of the MCPTRXCONVRATE, MCPTRXCONVERTEDAMT and the MCPCURENCYCODE parameters returned in the response. These parameters are stored by Payflow. You only need to pass the RATELOOKUPID in the Sale or Authorization transaction that uses the conversion rate.

Submit an Authorization transaction and include the RATELOOKUPID in the request.

TRXTYPE=A&VENDOR=PayflowMerchant&PARTNER=Partner&PWD=Password&USER=Username&TENDER=C
&ACCT=4051700000003926&EXPDATE=1215&AMT=50.00&VERBOSITY=HIGH&RATELOOKUPID=MEPR9E547033

The following is the response:

RESULT=0&PNREF=LWTW9E549039&RESPMSG=Approved&HOSTCODE=00&RESPTEXT=Approved&AMT=50.00
&ACCT=3926&EXPDATE=1215&CARDTYPE=0&MCPTRXCONVRATE=0.8939746&MCPTRXCONVERTEDAMT=55.93
&MCPCURRENCYCODE=AUD&TRANSTIME=2014-02-04 11:34:13

Settle the Authorization transaction as you normally would:

TRXTYPE=D&VENDOR=PayflowMerchant&PARTNER=Partner&PWD=Password
&USER=Username&TENDER=C&AMT=50.00&ORIGID=LWTW9E549039
&VERBOSITY=HIGH

The following is the response:

RESULT=0&PNREF=LWTW9E573609&RESPMSG=Approved&HOSTCODE=00
&RESPTEXT=Approved&TRANSTIME=2014-02-04 11:34:15

Using Address Verification Service

To qualify for the lowest bank rate, pass address verification service information, including the street address and zip (postal) code.

Address verification service compares the submitted billing street address and zip code with the values on file at the cardholder's bank. The response includes values for AVSADDR and AVSZIP: Y, N, or X for the match status of the customer's street address and zip code. Y= match, N = no match, X = cardholder's bank does not support address verification service. The address verification service result is for advice only. Banks do not decline transactions based on the address verification service result. The merchant decides to approve or decline a transaction. Most US banks and some international banks support the address verification service.

Note: Address verification service checks only for a street number match, not a street name match, so 123 Main Street returns the same response as 123 Elm Street.

The international address verification service (IAVS) response indicates whether the address verification service response is international (Y), USA (N), or cannot be determined (X).

Note: When you set VERBOSITY to HIGH, the Gateway returns the raw response from the processor in the PROCAVS field. To obtain details about the meaning of the response, contact your merchant bank.

Example Address Verification Service Parameter String

This example request includes the address verification service parameters BILLTOSTREET and BILLTOZIP:

TRXTYPE=A&TENDER=C&PWD=SuperUserPassword&PARTNER=PayPal&VENDOR=Vendor&USER=SuperMerchant
&ACCT=5555555555554444&EXPDATE=1215&AMT=123.00&BILLTOSTREET=5199 Maple&BILLTOZIP=98765

In this example response, the address value matches the value in the bank's records, but the zip code does not. The AVSZIP response is N.

RESULT=0&PNREF=VXW412345678&RESPMSG=APPROVED&AUTHCODE=123456&AVSADDR=Y&AVSZIP=N&IAVS=X

Using Card Security Code

The card security code is a 3- or 4-digit number (not part of the credit card number) that is printed on the credit card. Because the card security code appears only on the card and not on receipts or statements, the code provides some assurance that the physical card is in the buyer's possession.

This fraud prevention tool has various names, depending on the payment network. Visa calls it CVV2, MasterCard calls it CVC2 while American Express and Discover call it CID. To make sure that your customers see a consistent name, PayPal recommends use of the term card security code on all end-user materials.

On most cards (Diners Club, Discover, Mastercard and Visa) the card security code is a 3-digit number printed on the back of the card (usually in the signature field). All or part of the card number appears before the card security code (567 in the example). American Express prints a 4-digit number (1122 in the example) on the front of the card, above and to the right of the embossed account number. Make sure that you explain this to your customers.

To validate the card security code in a transaction, pass the card security code value in the CVV2 parameter in your request. The response parameter CVV2MATCH returns the result of the card security code check.

Note: To comply with credit card association regulations, do not store the card security code value that you pass in the CVV2 parameter.

Card security code

The following is an example request parameter string.

TRXTYPE=S&TENDER=C&USER=SuperUser&PWD=SuperUserPassword&VENDOR=SuperUser&PARTNER=PayPal
&ACCT=5105105105105100&EXPDATE=1215&CVV2=123&AMT=99.00&BILLTOFIRSTNAME=John
&BILLTOLASTNAME=Smith&BILLTOSTREET=123 Main St.&BILLTOCITY=San Jose&BILLTOSTATE=CA&BILLTOZIP=12345

Note: Payflow returns the raw response from the processor in the PROCCVV2 parameter. For details on the meaning of the response, contact your merchant bank.

Information for the PayPal Acquirer

If PayPal is your acquirer, use the following PayPal specific codes.

For all other acquirers, refer to the Country Codes.

Countries and Regions Supported by PayPal

PayPal uses 2-character alpha ISO-3166-1 codes for specifying countries and regions that are supported in fields and variables.

For a complete list of countries and regions supported by PayPal and their 2-character alpha ISO-3166-1 codes, refer to the PayPal API reference list of Countries and Regions.

PayPal Currency Codes

PayPal uses 3-character ISO-4217 codes for specifying currencies in fields and variables. Please refer to the table of currencies supported by PayPal.

table of contents


American Express MCC Restrictions

Element Description
3000 Series Airlines & Air Carriers (including Charter Airlines)
3000 Series Automobile Rentals
3000 Series Branded Lodging
4011 Railroads (freight)
4111 Local & Suburban Commuter Passenger Transportation
4112 Passenger Railways
4411 Steamships & Cruise Lines (including on-Board Cruise Shop)
4511 Airlines & Air Carriers (including Charter Airlines)
4814 Telecommunications Services
4815 Monthly Summary Telephone Charges
4829 Wire Transfers & Money Order
5172 Petroleum & Petroleum Products
5818 Digital Goods – Large Digital Goods Merchant
5960 Direct Marketing – Insurance Services
5962 Telemarketing – Travel-related Arrangement Services (direct marketing – travel)
5963 Door-to-Door Sales
5966 Direct Marketing – Outbound Telemarketing Merchants
5967 Direct Marketing – Inbound Teleservices Merchant
6010 Financial Institutions – Manual Cash Disbursements
6011 Financial Institutions – Automated Cash Disbursements
6012 Financial Institutions – Merchandise & Services
6051 Non-financial Institutions – foreign currency, money orders (not wire transfer), script, and travelers' checks
6211 Securities – Brokers & Dealers
7012 Timeshares
7322 Debt Collection Agencies
7800 Government-Owned Lotteries
7801 Government-Licensed Casinos (Online Gambling)
7802 Government-Licensed Horse/Dog Racing
7995 Betting & Gambling (including lottery tickets, casino gaming chips, online/ internet gambling, off-track betting and wagers at race tracks)
9402 Postal Services – Government

Last updated November 2016

Testing Transactions

Before you activate your website or application for use by buyers, test your integration. A simulated payment network handles transactions, enabling you to verify the configuration and operation of your website or application. No money changes hands.

For detailed steps on how to integrate and test hosted checkout pages, see Set up and test hosted pages with Payflow Gateway.

Setting Up The Payflow Gateway Testing Environment

Before testing transactions be sure you are linked to the test servers.

Direct all transactions to the host URL for testing. See Host URL Addresses. PayPal's simulated network processes transactions directed to the URL.

Testing Guidelines

Follow these guidelines for testing.

  • While testing, use only the credit card numbers for testing. Other numbers produce an error.
  • Expiration date must be a valid date in the future. Use the format mmyy.
  • To view the credit card processor that you have selected for testing, see PayPal Manager.

Processors Other Than PayPal

For processors other than the PayPal processor, use the guidelines below.

Credit Card Numbers for Testing

For processors other than PayPal, use the following credit card numbers for testing. For PayPal test credit card numbers see PayPal credit card numbers for testing.

American Express 378282246310005
American Express 371449635398431
American Express Corporate 378734493671000
Diners Club 30569309025904
Discover 6011111111111117
Discover 6011000990139424
JCB 3530111333300000
JCB 3566002020360505
MasterCard 2221000000000009
MasterCard 2223000048400011
MasterCard 2223016768739313
MasterCard 5555555555554444
MasterCard 5105105105105100
Visa 4111111111111111
Visa 4012888888881881
Visa 4222222222222
Note: Even though this number has a different character count than the other test numbers, it is the correct and functional number.

Result Values for Testing

Result Values Based On Amount Submitted

You can use the amount of the transaction to generate a particular result value. The following table lists the general guidelines for specifying amounts to submit in requests.

Amount Result
$0 - $1000 RESULT value 0 (Approved)
$1001 - $2000 Certain amounts in this range return specific PayPal results. You can generate the results by adding $1000 to that RESULT value. For example, for RESULT value 13 (Referral), submit the amount 1013.
If the amount is in this range but does not correspond to a result supported by this testing mechanism, Payflow returns RESULT value 12 (Declined).
$2001+ RESULT value 12 (Declined)

Result Values Based On Amount Submitted and Processor

This table lists the RESULT values that you can generate using the amount of the transaction. To generate a specific value, submit an amount of 1000 plus the RESULT value number (for example, submit an amount of 1013 for a RESULT value of 13).

Processing Platform RESULT Values Available for Testing
American Express Brighton 0, 12, 13, 104, 1000
Elavon 0, 12, 13, 104
First Data Merchant Services North 0, 4, 5, 12, 13, 23, 24,114, 1000
First Data Merchant Services Nashville 0, 12, 13, 104
First Data Merchant Services South 0, 12, 13, 104
Global Payments Central 0, 4, 5, 8, 12, 13, 23, 24, 104, 111, 114, 1000
Global Payments East 0, 4, 5, 12, 13, 23, 24, 30, 100, 104, 114, 1000
Paymentech Salem (New Hampshire) 0, 12, 13, 104
Paymentech Tampa 0, 3, 4, 5, 12, 13, 23, 24, 1000
TSYS Acquiring Solutions 0, 4, 12, 13, 23, 104, 114, 1000
Vantiv (formerly Fifth Third Processing Solutions) 0, 4, 5, 12, 13, 23, 24,114, 1000

Result Values Based On Alternate Generation Methods

The following table shows another method for obtaining RESULT values. Servers do not return non-zero RESULT values from processors. Therefore, you cannot simulate non-zero RESULT values using the amount. In some cases, you may obtain certain results using the RESULT value plus 1000 even though this table suggests an alternate means of obtaining the RESULT value.

RESULT value Definition How to test using Payflow Gateway
0 Approved Use an AMT of 1000 or less
For all processors except Global Payments Central (MAPP) and FDI
Credit (C) and force (F) transactions will always be approved regardless of dollar amount or card number
1 User authentication failed Use an invalid PWD
2 Invalid tender Use an invalid TENDER, such as G
3 Invalid transaction type Use an invalid TRXTYPE, such as G
4 Invalid amount Use an invalid AMT, such as -1
5 Invalid merchant information Use the AMT=1005. Applies only to the following processors: Global Payments East and Central, and American Express
7 Field format error Submit a delayed capture transaction with no ORIGID
12 Declined Use the AMT=1012 or an AMT of 2001 or more
13 Referral Use the AMT=1013
19 Original transaction ID not found Submit a delayed capture transaction with an invalid ORIGID
22 Invalid ABA number Applies only to ACH transactions. Submit an invalid ABA number (eight digits)
23 Invalid account number Submit an invalid account number, for example, 000000000000000
24 Invalid expiration date Submit an invalid expiration date, for example, 0298
25 Transaction type not mapped to this host (Processor) Submit a transaction for a card or tender you are not currently set up to accept, for example, a Diners card if you aren't set up to accept Diners
29 Invalid XML document Pass a bad XML document (XMLPay users only)
30 Duplicate Transaction Use the AMT=1030. Only applies to Global Payments East and Global Payments Central processors
50 Insufficient funds available Use the AMT=1050. Only applies to Paymentech
99 General error Use the AMT=1099. Only applies to Global Payments East
100 Invalid transaction returned from host (Processor) Use the AMT=1100. Only applies to Global Payments East and Central
101 Time-out value too small Set timeout value to 1
103 Error reading response from host (Processor) Use the AMT=1103
104 Timeout waiting for processor response Use the AMT=1104
105 Credit error Attempt to credit an authorization
108 Void error Attempt to void a captured authorization
111 Capture error Capture an authorization transaction twice or attempt to capture a transaction that is not an authorization transaction
112 Failed AVS check You cannot generate this RESULT value by submitting an amount of 1112, but must submit a value for Address Verification Service that will fail; in production, this error occurs only if your account is configured by PayPal customer service to use the "AVS Deny" feature
113 Cannot exceed sales cap Applies to ACH transactions only
114 CVV2 Mismatch Use the AMT=1114. Only applies to TSYS Acquiring Solutions, Cielo Payments (formerly Merchant e-Solutions), and Global Payments East and Global Payments Central processors
1000 Generic Host (Processor) Error Use the AMT=2000. Does not apply to Elavon (formerly Nova), American Express, or Global Payments East processors

Testing Address Verification Service

The Payflow testing server simulates address verification service by returning a value for AVSADDR based on the first 3 characters of the submitted value for BILLTOSTREET.

The testing server returns a value for AVSZIP based on the submitted BILLTOZIP value as shown in the table.

If BILLTOSTREET starts with 667 or higher or begins with a non-numeric character, then the simulator returns AVSADDR=X, AVSZIP=X.

The following table tests AVSADDR.

Submitted Value for BILLTOSTREET Example BILLTOSTREET Value AVSADDR Result
000-333 24285 Elm Y
334-666 49354 Main N
667 or higher or begins with a non-numeric character 79232 Maple X

The following table tests AVSZIP.

Submitted Value for BILLTOZIP Example BILLTOZIP Value AVSZIP Result
00000-50000 00382 Y
50001-99999 94303 N
Any value (if street address is 667 or higher or begins with a non-numeric character) BILLTOSTREET=79232 Maple&BILLTOZIP=20304 X

Testing Card Security Code

If you submit a value for the card security code, the cardholder's bank returns a Yes / No / Not Supported (Y / N / X) response on whether the value matches the number on file at the bank. Card security code is described in "Card Security Code Validation".

Note: Some processors will decline (RESULT value 12) a transaction if the card security code does not match without returning a CVV2MATCH value. Test the results and check with your processor to determine whether they support card security code checking.

CVV2 value determine the CVV2MATCH result, as shown here.

Testing CVV2MATCH
CVV2 Value CVV2MATCH Value
000 Y
001-300 Y
301-600 N
601 or higher X

Testing the Litle Automatic Account Updater Feature

The Litle Automatic Account Updater feature identifies outdated card information, "repairs" it, and substitutes new card information before submitting the transaction to the network. See the Litle Automatic Account Updater section for more information.

Merchants utilizing this feature should check for the presence of the CCUPDATED=Y response parameter, and if it is returned, should also check for the presence of the ACCT and EXPDATE response parameters to determine what card information has been updated.

Merchants can test their integration for the Litle Automatic Account Updater feature in the Payflow pilot test environment by doing the following.

In the ACCT request parameter, pass one of the following testing card numbers:

Card number passed in ACCT request parameter Updated card number returned in ACCT response parameter
4111111111111111 4321432143214321
4012888888881881 4012000033330026
5105105105105100 5454545454545454
5560136761278244 5105105105105100

Note: Only the last 4-digits of the updated credit card number will be returned.

In the EXPDATE request parameter, pass one of the following expiration dates:

Expiration date passed in EXPDATE request parameter Updated expiration date returned in EXPDATE response parameter
0000 0919
1213 1218
0120 0150
0230 0250
0340 0350

In the AMT request parameter, pass an amount that falls within one of the following ranges to bring about different account updater test cases:

Amount passed in AMT request parameter Test case
1000.00 > AMT >= 500.00 Both an updated credit card number and an updated expiration date
500.00 > AMT >= 400.00 Only an updated credit card number
400.00 > AMT >= 300.00 Only an updated expiration date

PayPal Processor

For the PayPal processor, use the following guidelines.

Note: See PayPal Credit Card Transaction Request Parameters for the request parameters specific to the PayPal Processor.

PayPal Credit Card Numbers for Testing

For the PayPal processor, use the following credit card numbers for testing. Any other card number produces a general failure.

American Express 378282246310005
American Express 371449635398431
American Express Corporate 378734493671000
Diners Club 30569309025904
Discover 6011111111111117
Discover 6011000990139424
JCB 3530111333300000
JCB 3566002020360505
MasterCard 5555555555554444
MasterCard 5105105105105100
Visa 4111111111111111
Visa 4012888888881881
Visa 4222222222222
Note: Even though this number has a different character count than the other test numbers, it is the correct and functional number.

Result Values Based On Amount

The following table shows another method for obtaining RESULT values. The servers do not return non-zero RESULT values from processors.Therefore you cannot simulate non-zero RESULT values using the amount. In some cases, you may obtain certain results using the RESULT value plus 1000 even though this table suggests another means of obtaining the RESULT value.

Result Definition How to test
0 Approved Use an AMOUNT of 10000 or less
3 Invalid transaction type Use the AMOUNT 10402
4 Invalid amount Use any of these as AMOUNT:
  • 10400
  • 10401
  • 10403
  • 10404
5 Invalid merchant information Use any of these as AMOUNT:
  • 10548
  • 10549
7 Field format error Use any of these as AMOUNT:
  • 10405
  • 10406
  • 10407
  • 10408
  • 10409
  • 10410
  • 10412
  • 10413
  • 10416
  • 10419
  • 10420
  • 10421
  • 10509
  • 10512
  • 10513
  • 10514
  • 10515
  • 10516
  • 10517
  • 10518
  • 10540
  • 10542
12 Declined Use any of these as AMOUNT:
  • 10417
  • 15002
  • 15005
  • 15006
  • 15028
  • 15039
  • 10544
  • 10545
  • 10546
13 Referral Use the AMOUNT 10422
23 Invalid account number Use any of these as AMOUNT:
  • 10519
  • 10521
  • 10522
  • 10527
  • 10535
  • 10541
  • 10543
24 Invalid expiration date Use any of these as AMOUNT:
  • 10502
  • 10508
30 Duplicate Transaction Use the AMOUNT 10536
105 Credit error Attempt to credit an authorization
112 Failed AVS check Use the AMOUNT 10505
114 CVV2 Mismatch Use the AMOUNT 10504
1000 Generic Host (Processor) Error Use an AMOUNT other than those listed in this column

Transaction Responses

When a transaction finishes, the Payflow server returns a response string made up of name-value pairs.

The following is an example response string:

RESULT=0&PNREF=EFHP0D426A53&RESPMSG=APPROVED&AUTHCODE=25TEST&AVSADDR=Y&AVSZIP=N&CVV2MATCH=Y

Credit Card Transaction Responses

The table below describes values that can be returned in response strings.

Field Description
PNREF Payflow Gateway transaction ID; a unique number that identifies the transaction. See PNREF for more information.
Character length and limitations: 12 alphanumeric characters
PPREF PayPal transaction ID of the payment; returned by the PayPal processor.
Character length and limitations: 17-character string
RESULT The outcome of the attempted transaction. RESULT=0 means the transaction was approved.
Note: For account verification transactions, RESULT=0 with RESPMSG=Verified means a zero dollar authorization has been successfully performed.
Note: The PayPal processor may also return a warning message in the RESPMSG string when RESULT=0. For more information about corrective actions, see API error codes.
Any other value for RESULT indicates a decline or error.
Character length and limitations: variable length, numeric
CVV2MATCH Result of the card security code (CVV2) check. The issuing bank may decline the transaction if there is a mismatch. In other cases, the transaction may be approved despite a mismatch.
Y= Match
N= No Match
X= One of the following: (Not processed, Service not supported, Unavailable, No response, or Invalid data was p passed).
Character length and limitations: 1 alpha character (Y, N, X, or no response)
RESPMSG The response message returned with the transaction result. Exact wording varies. Sometimes a colon appears after the initial RESPMSG followed by more detailed information.
Note: For account verification transactions, RESULT=0 with RESPMSG=Verified means a zero dollar authorization has been successfully performed. For partial authorizations, RESPMSG=Partial Approval when RESULT=0.
Note: The PayPal processor may also return a warning message in the RESPMSG string when RESULT=0. For more information on corrective actions, see API error codes.
Character length and limitations: variable, alphanumeric characters
AUTHCODE Returned for sale, authorization, and voice authorization credit card transactions. AUTHCODE is the approval code obtained over the telephone from the processing network. AUTHCODE is required when submitting a force (F) transaction.
Character length and limitations: 6 alphanumeric characters
AVSADDR Address verification service address response returned if you are using address verification service. Address verification service address responses are for advice only. This process does not affect the outcome of the authorization.
Character length and limitations: 1 alpha character (Y, N, X, or no response)
AVSZIP Address verification service address response returned if you are using address verification service. Address verification service address responses are for advice only. This process does not affect the outcome of the authorization.
Character length and limitations: 1 alpha character (Y, N, X, or no response)
IAVS International address verification service address responses may be returned if you are using Address verification service. IAVS responses are for advice only. This value does not affect the outcome of the transaction. Indicates whether address verification service response is international (Y), US (N), or cannot be determined (X). Client version 3.06 or later is required.<br/ >Character length and limitations: 1 alpha character (Y, N, X, or no response)
PROCAVS The raw address verification service response returned by the processor. This field is not normalized and is returned when VERBOSITY is set to HIGH.
Character length and limitations: 1 character
PROCCVV2 The raw CVV2 response returned by the processor. This field is not normalized and is returned when VERBOSITY is set to HIGH.
Character length and limitations: 1 character
HOSTCODE The raw response code returned by the processor. This field is not normalized and is returned when VERBOSITY is set to HIGH. Use RESPTEXT to obtain the response message from the processor. For PayPal processor response code information, refer to the API error codes. For all other processors, please contact your merchant bank or processor directly.
Character length and limitations: 6 characters
RESPTEXT The raw text returned by the processor which corresponds to the returned HOSTCODE. This field is not normalized and is returned when VERBOSITY is set to HIGH.
Character length and limitations: 32 characters
PROCCARDSECURE The raw Buyer Authentication response returned by the processor. This field is not normalized and is returned when VERBOSITY is set to HIGH.
Character length and limitations: 1 character
ADDLMSGS Additional error message that indicates the use of a features that has been disabled.
Character length and limitations: Up to 1048 characters. Typically 50 characters.
PAYMENTTYPE (PayPal only.) Returns instant if the payment is instant or echeck if the payment is delayed (DP) on the PayPal processor.
Character length and limitations: 7-character string
CORRELATIONID (PayPal only.) Value used for tracking this Direct Payment transaction.
Character length and limitations: 13 alphanumeric characters
AMEXID Unique transaction ID returned when VERBOSITY=HIGH for tracking American Express CAPN transactions on non-PayPal processors.
Note: Used by merchants who authorize transactions through the Gateway but settle through a third-party solution.
Character length and limitations: 15 numeric characters
AMEXPOSDATA Value returned for American Express CAPN transactions when VERBOSITY=HIGH on non-PayPal processors.
Note: Used only by merchants who authorize through the Gateway but settle through a third-party solution.
Character length and limitations: 16 alphanumeric characters
CCTRANSID Unique transaction ID returned from some processors for all credit card transactions.
Note: This field is only used by merchants who authorize transactions through the Gateway but settle through a third-party solution.
Character length and limitations: 15 numeric characters
CCTRANS_POSDATA Value return from some processors for all credit card transactions.
Note: This field is only by merchants who authorize through the Gateway but settle through a third-party solution.
Character length and limitations: 16 alphanumeric characters
AMT This field returns the transaction amount, or if performing a partial authorization, the amount approved for the partial authorization.
ORIGAMT Partial authorizations: Original amount submitted for authorization.
CARDTYPE The credit card type. Returned as an inquiry response when you send a VERBOSITY request parameter value of HIGH.
Is one of the following values for currently used cards:
- 0 = Visa
- 1 = MasterCard
- 2 = Discover
- 3 = American Express
- 4 = Diner's Club
- 5 = JCB
EMAILMATCH Verifies whether the BILLTOEMAIL value sent is what is on file with the processor. (American Express processor only)
Character length and limitations: 1 alpha character (Y, N, X, or no response)
PHONEMATCH Verifies whether the BILLTOPHONENUM value sent is what is on file with the processor. (American Express processor only)
Character length and limitations: 1 alpha character (Y, N, X, or no response)
EXTRSPMSG Additional processor-related messages.
TRANSTIME Time of the transaction. The following is an example response in the format returned:
TRANSTIME=2010-08-11 22:53:18
Character length and limitations: See example
DUPLICATE Is returned with one of the following values:
- DUPLICATE=2ORDERID has already been submitted in a previous request with the same ORDERID.
- DUPLICATE=1 — The request ID has already been submitted for a previous request.
- DUPLICATE=-1 — The Gateway database is not available. PayPal cannot determine whether this is a duplicate order or request.
DATE_TO_SETTLE The date a transaction will settle. This parameter is returned in the response for inquiry transactions only (TRXTYPE=I).
PAYMENTADVICECODE A processor response code typically returned on declined recurring transactions. Its purpose is to provide merchants with information and specific instructions on how to handle the decline. It is the merchant's responsibility to follow the instructions provided in order to avoid chargebacks.
For details on the meanings of these codes, see: PAYMENTADVICECODE. A value of 03 or 21 indicates it is the merchant's responsibility to stop this recurring transaction. These two codes indicate that either the account was closed, fraud was involved, or the cardholder has asked the bank to stop this payment for another reason. Even if a re-attempted transaction is successful, it will likely result in a chargeback.
TRANSSTATE State of the transaction sent in an Inquiry response or with errors associated with Fraud Protection Service (FPS) transactions. The values are:
- 0 = Account Verification (no settlement involved)
- 1 = General error state
- 3 = Authorization approved
- 4 = Partial capture
- 6 = Settlement pending (transaction is scheduled to be settled)
- 7 = Settlement in progress (transaction involved in a currently ongoing settlement)
- 8 = Settled successfully
- 9 = Authorization captured (once an authorization type transaction is captured, its TRANSSSTATE becomes 9)
- 10 = Capture failed (an error occurred while trying to capture an authorization because the transaction was already captured)
- 11 = Failed to settle (transactions fail settlement usually because of problems with the merchant's processor or because the card type is not set up with the merchant's processor)
- 12 = Unsettled transaction because of incorrect account information
- 14 = For various reasons, the batch containing this transaction failed settlement
- 15 = Settlement incomplete due to a charge back
- 16 = Merchant ACH settlement failed; (need to manually collect it)
- 106 = Unknown Status Transaction - Transactions not settled
- 206 = Transactions on hold pending customer intervention
 
In the case of Fraud Protection Service (FPS) filters, the following error codes and TRANSSTATE values are returned in the response:
- For error code 125declined by FPS filters, TRANSSTATE=1 or remains unchanged from its original value
- For error code 126flagged for review by FPS filters, TRANSSTATE=1
 If the merchant accepts the transaction flagged by the FPS filter, the value of TRANSSTATE will change depending on the original transaction type:
  TRANSSTATE=3 for an approved Authorization (TRXTYPE=A)
  TRANSSTATE=6 for an approved Sale (TRXTYPE=S), Delayed Capture (TRXTYPE=D), Refund (TRXTYPE=C) or Force (TRXTYPE=F)
  TRANSSTATE=0 for an approved Void (TRXTYPE=V)
- For error code 128the merchant declines the transaction flagged by the FPS filter, TRANSSTATE=1 or remains unchanged from its original value.
Character length and limitations: 10 integer characters

Address Verification Service Responses From PayPal

The following table compares the detailed response the PayPal processor returns for address verification to the normalized response value (Y, N, or X) that AVSADDR and AVSZIP return. To obtain the PayPal processor value, set the VERBOSITY parameter to HIGH. The processor value is returned in the PROCAVS response parameter.

PayPal processor AVS code Meaning AVSADDR AVSZIP
A Address Y N
B International "A" Y N
C International "N" N N
D International "X" Y Y
E Not allowed for MOTO (Internet/Phone) transactions X X
F UK-specific "X" Y Y
G Global Unavailable X X
I International Unavailable X X
N No N N
P Postal (International "Z") N Y
R Retry X X
S Service not Supported X X
U Unavailable X X
W Whole Zip N Y
X Exact Match Y Y
Y Yes Y Y
Z Zip N Y
All other X X

The following is an example Authorization request string that sets VERBOSITY to HIGH. Payflow returns the PROCAVS value in the response.

TRXTYPE=A&BILLTOSTREET=123 Main St&BILLTOZIP=00382&TENDER=C&PARTNER=PayPal
&USER=SuperMerchant&PWD=SuperUserPassword&AMT=1.00&ACCT=4111111111111111
&EXPDATE=1215&INVNUM=PONUM1&VERBOSITY=HIGH

The PROCAVS value is returned in the response.

RESULT=0&PNREF=VFHA0FF94691&RESPMSG=Approved&AUTHCODE=245PNI&AVSADDR=Y&AVSZIP=Y
&HOSTCODE=A&PROCAVS=Y&VISACARDLEVEL=12&TRANSTIME=2011-01-12 13:54:35&AMT=1.00
&ACCT=1111&EXPDATE=1215&CARDTYPE=0&IAVS=N

Card Security Code Results

Normalized Card Security Code Results

The CVV2MATCH parameter returns Y, N, or X.

The following table shows the detailed results that the PayPal processor returns for card security codes. To obtain the PayPal processor value, set the VERBOSITY parameter to HIGH. The processor value is returned in the PROCCVV2 response parameter.

PayPal Processor CVV2 Code PayPal Processor Code Description Payflow CVV2MATCH
M Match Y
N No Match N
P Not Processed X
S Service Not Supported X
U Unavailable X
X No Response X
All other X

BALAMT Response and Stored Value Cards

Transactions meeting American Express reporting and statement requirements may return BALAMT when the transaction involves a stored value card. Stored value cards typically are offered as gift cards, allowing the customer to spend any amount up to the balance remaining on the card. A card must be active and not compromised for BALAMT to return the card balance. If the card is used to purchase merchandise exceeding the card balance, American Express declines the transaction and returns the card balance in BALAMT.

Note: Not all processors support BALAMT when a transaction involves a stored value card.

American Express Stored Value Card Example

The following authorization request is for a purchase of 123.00.

TRXTYPE=A&TENDER=C&PWD=x1y2z3&PARTNER=PayPal&VENDOR=SuperMerchant
&USER=SuperMerchant&ACCT=5555555555554444&EXPDATE=1215&AMT=123.00
&BILLTOSTREET=5199 MAPLE&BILLTOZIP=94588

Because the response returns a BALAMT of 99.00, the authorization is declined.

RESULT=12&PNREF=VXYZ01234567&RESPMSG=DECLINED&BALANCE=99.00&AVSADDR=Y&AVSZIP=N

PNREF

The PNREF is a unique transaction identification number issued by PayPal that identifies the transaction for billing, reporting, and transaction data purposes. The PNREF is returned in a transaction response indicating that your transaction was received by PayPal. The PNREF value also appears in the Transaction ID column in PayPal Manager reports.

Storing the PNREF in your records is helpful, especially if you plan to perform the following Payflow transaction types:

The PNREF value is a 12-character string of printable characters. Printable characters also include symbols other than letters and numbers, such as, the question mark (?). However, a PNREF value typically contains letters and numbers only, for example:

  • VADE0B248932
  • ACRAF23DB3C4

Note: The format of (or the types of values returned in) the PNREF parameter is subject to change without notification; Payflow will only notify merchants if the length of this parameter changes.

RESULT Values and RESPMSG Text

The RESULT parameter is the first response parameter returned in the response string. The value of RESULT indicates the overall status of the transaction attempt:

  • A value of 0 (zero) indicates that no errors occurred and the transaction was approved.

    Note: For account verification transactions, RESULT=0 with RESPMSG=Verified means that a zero dollar authorization is successful.

  • A value less than 0 indicates that a communication error occurred. In this case, no transaction is attempted.

  • A value greater than 0 indicates a decline or error (except in the case of RESULT 104. See the following table).

The response message (RESPMSG) provides a brief description for decline or error results.

To obtain the raw response code and message returned by the processor set VERBOSITY to HIGH in your request and capture the response values of the HOSTCODE and RESPTEXT parameters.

For PayPal Processor Only: When interpreting RESULT values for the PayPal processor, note the following:

  • When RESULT=0, warning information may be returned that is useful to the request application. See the API error codes for detailed information on corrective actions.
  • When RESULT=104, log in to the PayPal website to determine whether the transaction actually went through. If the transaction does not appear in the History section, retry it.
RESULT RESPMSG and Explanation
0 Approved
Note: PayPal processor: Warning information may be returned that may be useful to the request application. See the API error codes on the PayPal developer website for information on corrective actions.
1 User authentication failed. Error is caused by one or more of the following:
- Login information is incorrect. Verify that USER, VENDOR, PARTNER, and PASSWORD have been entered correctly. VENDOR is your merchant ID and USER is the same as VENDOR unless you created a Payflow Pro user. All fields are case sensitive.
- Invalid Processor information entered. Contact merchant bank to verify.
- "Allowed IP Address" security feature implemented. The transaction is coming from an unknown IP address. See PayPal Manager online help for details on how to update the allowed IP addresses.
- You are using a test (not active) account to submit a transaction to the live PayPal servers. Change the host address from the test server URL to the live server URL
2 Invalid tender type. Your merchant bank account does not support the following credit card type that was submitted.
3 Invalid transaction type. Transaction type is not appropriate for this transaction. For example, you cannot credit an authorization-only transaction
4 Invalid amount format. Use the format: "### ##.##" Do not include currency symbols or commas.
5 Invalid merchant information. Processor does not recognize your merchant account information. Contact your bank account acquirer to resolve this problem.
6 Invalid or unsupported currency code
7 Field format error. Invalid information entered. See RESPMSG.
8 Not a transaction server
9 Too many parameters or invalid stream
10 Too many line items
11 Client time-out waiting for response
12 Declined. Check the credit card number, expiration date, and transaction information to make sure they were entered correctly. If this does not resolve the problem, have the customer call their card issuing bank to resolve.
13 Referral. Transaction cannot be approved electronically but can be approved with a verbal authorization. Contact your merchant bank to obtain an authorization and submit a manual Voice Authorization transaction.
19 Original transaction ID not found. The transaction ID you entered for this transaction is not valid. See RESPMSG.
20 Cannot find the customer reference number
22 Invalid ABA number
23 Invalid account number. Check credit card number and bank account number and re-submit.
24 Invalid expiration date. Check card expiration date and re-submit.
25 Invalid Host Mapping. Error is caused by one or more of the following:
- You are trying to process a tender type such as Discover Card, but you are not set up with your merchant bank to accept this card type.
- You are trying to process an Express Checkout transaction when your account is not set up to do so. Contact your account holder to have Express Checkout added to your account.
26 Invalid vendor account. Login information is incorrect. Verify that USER, VENDOR, PARTNER, and PASSWORD have been entered correctly. VENDOR is your merchant ID and USER is the same as VENDOR unless you created a Payflow Pro user. All fields are case sensitive.
27 Insufficient partner permissions
28 Insufficient user permissions
29 Invalid XML document. This could be caused by an unrecognized XML tag or a bad XML format that cannot be parsed by the system.
30 Duplicate transaction
31 Error in adding the recurring profile
32 Error in modifying the recurring profile
33 Error in canceling the recurring profile
34 Error in forcing the recurring profile
35 Error in reactivating the recurring profile
36 OLTP Transaction failed
37 Invalid recurring profile ID
50 Insufficient funds available in account
51 Exceeds per transaction limit
52 Permission issue. Attempting to perform a transaction type, such as Sale or Authorization, that is not allowed for this account.
99 General error. See RESPMSG.
100 Transaction type not supported by host
101 Time-out value too smallPayPal Australia: Invalid transaction returned from host (can be treated as an invalid transaction or a decline)
102 Processor not availableThe financial host was unable to communicate with the external processor. These transactions do not make it out of the Payflow network and will not settle or appear on processor reports.
103 Error reading response from hostThe financial host could not interpret the response from the processor. This error can result in an uncaptured authorization if the transaction is an authorization or a sale, except on the following processors:
- PayPal Australia: Time-out reversal logic should reverse the transaction. According to PayPal Australia, this is a best effort and is not guaranteed.
- Global Payments Central, Citi Bank Singapore: Time-out reversal logic should reverse the transaction.
- PayPal: The transaction might settle. There is no time-out reversal process on PayPal.
104 Timeout waiting for processor response. Try your transaction again. The Payflow gateway sent the transaction to the processor, but the processor did not respond in the allotted time. This error can result in an uncaptured authorization if the transaction is an authorization or a sale, except on the following processors:
- PayPal Australia: Time-out reversal logic should reverse the transaction. According to PayPal Australia, this is a best effort and is not guaranteed.
- Global Payments Central, Citi Bank Singapore: Time-out reversal logic should reverse the transaction.
- PayPal: The transaction might settle. There is no time-out reversal process on PayPal.
105 Credit error. Make sure you have not already credited this transaction, or that this transaction ID is for a creditable transaction. (For example, you cannot credit an authorization.)
106 Host not availableThe Payflow transaction server was unable to communicate with the financial host. This error is an internal failure, and the transaction will not make it to the processor.
107 Duplicate suppression time-out
108 Void error. RESPMSG. Make sure the transaction ID entered has not already been voided. If not, then look at the Transaction Detail screen for this transaction to see if it has settled. (The Batch field is set to a number greater than zero if the transaction has been settled). If the transaction has already settled, your only recourse is a reversal (credit a payment or submit a payment for a credit)
109 Time-out waiting for host responseThe Payflow transaction server times out waiting for a financial host to respond. This error can result in uncaptured authorizations on all platforms, or settled sales on PayPal Australia, Global Payments Central, and PayPal.
110 Referenced auth (against order) Error
111 Capture error. Either an attempt to capture a transaction that is not an authorization transaction type, or an attempt to capture an authorization transaction that has already been captured.
112 Failed AVS check. Address and zip code do not match. An authorization may still exist on the cardholder's account.
113 Merchant sale total will exceed the sales cap with current transaction. ACH transactions only.
114 Card Security Code (CSC) Mismatch. An authorization may still exist on the cardholder's account.
115 System busy, try again later
116 Failed to lock terminal number. Please try again later. For Moneris Solutions, another transaction or settlement is in process. Rerun the transaction later.
117 Failed merchant rule check. One or more of the following three failures occurred:An attempt was made to submit a transaction that failed to meet the security settings specified on the PayPal Manager Security Settings page. If the transaction exceeded the Maximum Amount security setting, then no values are returned for AVS or CSC. AVS validation failed. The AVS return value should appear in the RESPMSG. CSC validation failed. The CSC return value should appear in the RESPMSG.
118 Invalid keywords found in string fields
120 Attempt to reference a failed transaction
121 Not enabled for feature
122 Merchant sale total will exceed the credit cap with current transaction. ACH transactions only.
125 Fraud Protection Services Filter — Declined by filters
126 Fraud Protection Services Filter — Flagged for review by filters
Note: RESULT value 126 indicates that a transaction triggered a fraud filter. This is not an error, but a notice that the transaction is in a review status. The transaction has been authorized but requires you to review and to manually accept the transaction before it will be allowed to settle.
RESULT value 126 is intended to give you an idea of the kind of transaction that is considered suspicious to enable you to evaluate whether you can benefit from using the Fraud Protection Services.
To eliminate RESULT 126, turn the filters off. For more information, see the fraud documentation for your payments solution.
127 Fraud Protection Services Filter — Not processed by filters
128 Fraud Protection Services Filter — Declined by merchant after being flagged for review by filters
132 Card has not been submitted for update
133 Data mismatch in HTTP retry request
150 Issuing bank timed out PayPal Australia reported a timeout between their system and the bank. This error will be reversed by time-out reversal. According to PayPal Australia, this is a best effort and is not guaranteed.
151 Issuing bank unavailable
160 Secure Token already been used. Indicates that the secure token has expired due to either a successful transaction or the token has been used three times while trying to successfully process a transaction. You must generate a new secure token.
161 Transaction using secure token is already in progress. This could occur if a customer hits the submit button two or more times before the transaction completed.
162 Secure Token Expired. The time limit of 20 minutes has expired and the token can no longer be used.
170 Carding Error. Carding or fraudulent activity was found on the account and the account is temporarily suspended until issue is resolved.
200 Reauth error
201 Order error
600 Cybercash Batch Error
601 Cybercash Query Error
1000 Generic host error. This is a generic message returned by your credit card processor. The RESPMSG will contain more information describing the error.
1001 Buyer Authentication Service unavailable
1002 Buyer Authentication Service — Transaction timeout
1003 Buyer Authentication Service — Invalid client version
1004 Buyer Authentication Service — Invalid timeout value
1011 Buyer Authentication Service unavailable
1012 Buyer Authentication Service unavailable
1013 Buyer Authentication Service unavailable
1014 Buyer Authentication Service — Merchant is not enrolled for Buyer Authentication Service (3-D Secure)
1016 Buyer Authentication Service — 3-D Secure error response received. Instead of receiving a PARes response to a Validate Authentication transaction, an error response was received.
1017 Buyer Authentication Service — 3-D Secure error response is invalid. An error response is received and the response is not well formed for a Validate Authentication transaction.
1021 Buyer Authentication Service — Invalid card type
1022 Buyer Authentication Service — Invalid or missing currency code
1023 Buyer Authentication Service — merchant status for 3D secure is invalid
1041 Buyer Authentication Service — Validate Authentication failed: missing or invalid PARES
1042 Buyer Authentication Service — Validate Authentication failed: PARES format is invalid
1043 Buyer Authentication Service — Validate Authentication failed: Cannot find successful Verify Enrollment
1044 Buyer Authentication Service — Validate Authentication failed: Signature validation failed for PARES
1045 Buyer Authentication Service — Validate Authentication failed: Mismatched or invalid amount in PARES
1046 Buyer Authentication Service — Validate Authentication failed: Mismatched or invalid acquirer in PARES
1047 Buyer Authentication Service — Validate Authentication failed: Mismatched or invalid Merchant ID in PARES
1048 Buyer Authentication Service — Validate Authentication failed: Mismatched or invalid card number in PARES
1049 Buyer Authentication Service — Validate Authentication failed: Mismatched or invalid currency code in PARES
1050 Buyer Authentication Service — Validate Authentication failed: Mismatched or invalid XID in PARES
1051 Buyer Authentication Service — Validate Authentication failed: Mismatched or invalid order date in PARES
1052 Buyer Authentication Service — Validate Authentication failed: This PARES was already validated for a previous Validate Authentication transaction

RESULT Values For Communications Errors

A RESULT value less than zero indicates that a communication error occurred. In this case, no transaction is attempted.

A value of -1 or -2 usually indicates a configuration error caused by an incorrect URL or by configuration issues with your firewall. For information on firewall configuration, see Preparing the Payflow Gateway Client Application. A value of -1 or -2 can also be possible if the Gateway servers are unavailable, or you specified an incorrect server or socket pair. A value of -1 can also result when there are internet connectivity errors. Contact Customer Service regarding any other errors.

Details of the response message may vary slightly from the message shown in the table, depending on your SDK integration.

RESULT Description
-1 Failed to connect to host
-2 Failed to resolve hostname
-5 Failed to initialize SSL context
-6 Parameter list format error: & in name
-7 Parameter list format error: invalid [] name length clause
-8 SSL failed to connect to host
-9 SSL read failed
-10 SSL write failed
-11 Proxy authorization failed
-12 Timeout waiting for response
-13 Select failure
-14 Too many connections
-15 Failed to set socket options
-20 Proxy read failed
-21 Proxy write failed
-22 Failed to initialize SSL certificate
-23 Host address not specified
-24 Invalid transaction type
-25 Failed to create a socket
-26 Failed to initialize socket layer
-27 Parameter list format error: invalid [] name length clause
-28 Parameter list format error: name
-29 Failed to initialize SSL connection
-30 Invalid timeout value
-31 The certificate chain did not validate, no local certificate found
-32 The certificate chain did not validate, common name did not match URL
-40 Unexpected Request ID found in request
-41 Required Request ID not found in request
-99 Out of memory
-100 Parameter list cannot be empty
-103 Context initialization failed
-104 Unexpected transaction state
-105 Invalid name value pair request
-106 Invalid response format
-107 This XMLPay version is not supported
-108 The server certificate chain did not validate
-109 Unable to do logging
-111 The following error occurred while initializing from message file: <Details of the error message>
-113 Unable to round and truncate the currency value simultaneously

Processor-specific Response Parameters

Some of the response parameters returned in a Payflow transaction are processor-specific and are returned only to merchants using a certain processing platform. For a list of processing platforms supported by Payflow, see Processing Platforms Supporting Card-Present Transactions.

See the following response parameters specific to a particular processing platform:

Litle Response Parameters

Merchants using the Litle processing platform may see the following transaction response parameters.

Parameter Description
TYPE Defines the type of account used in the transaction in terms of card association, card company, PayPal Credit, PayPal, or eCheck.
AFFLUENT Has two possible values:
- MASS AFFLUENT Returned for certain Visa and MasterCard cards indicating high income customers (>100K annual income).
- AFFLUENT Returned for certain Visa and MasterCard cards indicating high income customers with high spending patterns (>100K annual income and >40K in card usage).

Litle Automatic Account Updater

The Litle Automatic Account Updater feature identifies outdated payment card information, "repairs" it, and substitutes new card information before submitting the transaction to the network. To use this feature, you must sign up directly with Litle.

After signing-up for this feature, Payflow merchants will receive a few extra transaction response parameters only for transactions in which the customer's account information has been updated.

If the customer's card number and/or expiration date are currently different from the information passed in the Payflow transaction request, merchants will receive some or all of the following transaction response parameters.

Parameter Description
CCUPDATED=Y This response parameter is returned if either or both the account number and expiration date have changed.
ACCT If the card number has changed, the last 4-digits of the new card number will also be returned in the ACCT response parameter. Should you require the full credit card number you will need to contact Litle to obtain the complete card number.
EXPDATE If the card expiration date has changed, the updated expiration date will also be returned in the EXPDATE response parameter.

As a result, merchants utilizing this feature should check for the presence of the CCUPDATED=Y response parameter, and if it is returned should also check for the presence of the ACCT and EXPDATE response parameters to determine what information has been updated.

If you would like to test your integration for this feature, see Testing the Litle Automatic Account Updater Feature.

TSYS Response Parameters

Merchants using the TSYS processing platform for Authorization transactions should pass VERBOSITY=HIGH in the request in order to obtain the following response parameters:

Parameter Description
ACI Authorization Characteristics Indicator (ACI). This indicator provides information on the conditions or characteristics of the authorization code.
Character length and limitations: 1 alphanumeric character.
VALIDATIONCODE Contains a Transaction Identifier associated with the transaction being settled.
Character length and limitations: 4 alphanumeric characters.

PayPal Australia

Merchants using PayPal Australia will receive the following response parameters:

Parameter Description
RRN Retrieve reference transaction AN/12
STAN Systems trace audit number N/6

Planet Payment

Merchants using Planet Payment will receive the following response parameter:

Parameter Description
RRN Retrieve reference transaction AN/12

First Data North

Merchants using First Data North will receive the following response parameters:

Parameter Description
PAYMENTADVICECODE Also known as Merchant Advice Code(MasterCard) and Recurring Payment Cancellation (Visa); this is used by card issuing banks to clearly communicate to merchants the reason for declining a MasterCard and Visa recurring payment transaction, and the actions merchants can take to continue to serve their recurring payment customers; to receive this response, VERBOSITY must be HIGH and the Recurring flag, RECURRING, must be set, AN/2
ASSOCIATIONRESPCODE The Association Response Code returns the raw error code by the card associations. The first character is the card type and last three are the error code returned, AN/4

The card types are A for American Express, D for Discover, V for Visa, M for MasterCard, O for Other

table of contents


Processors Requiring Additional Transaction Parameters

Additional parameters are those required by individual processors beyond the core parameters. Parameters are organized alphabetically by processor.

American Express Additional Credit Card Parameters

In addition to the core credit card parameters, American Express accepts the parameters described below to meet AMEX reporting and statement requirements.

PayPal recommends that you include these parameters if you would like to impact what appears on AMEX statements and reports.

Note: The PayPal processor does not support SWIPE (card-present) transactions.

Retail Transaction Advice Addendum - for SWIPE transactions

Field Description
L_DESCn (Optional) Description of this line-item (n is a line item number from 1 to 6).
Character length and limitations: 19 alphanumeric characters
L_AMTn (Optional) Amount of this line-item (n is a line item number from 1 to 6).
Character length and limitations: Must include a decimal and be exact to the cent (42.00, not 42) and exclude comma separators (1234.56 not 1,234.56). 12 numeric characters
L_QTYn (Optional) Quantity of this line-item (n is a line item number from 1 to 6).
Character length and limitations: 3 numeric characters

Internet Transaction Data

Field Description
BILLTOEMAIL (Optional) Account holder's email address.
Character length and limitations: 60 alphanumeric characters
BILLTOPHONENUM (Optional) Account holder's telephone number.
Character length and limitations: 10 characters
PHONETYPE (Optional) Telephone company provided ANI information identifier digits indicating the telephone call type. Examples: cellular (61-63), payphone (27)
Character length and limitations: 2 characters
CUSTHOSTNAME (Optional) Name of the server that the account holder is connected to. Example: PHX.QW.AOL.COM.
Character length and limitations: 60 alphanumeric and special characters
CUSTBROWSER (Optional) Name of the server that the account holder is connected to. Example: MOZILLA/4.0~(COMPATIBLE;~MSIE~5.0;~WINDOWS~95)
Character length and limitations: 60 alphanumeric and special characters
CUSTIP (Optional) Account holder's IP address.
Character length and limitations: 15 alphanumeric and special characters
SHIPTOCOUNTRY (Optional) Numeric country code of ship-to country. Example: USA: 840. The Payflow API accepts 3-digit numeric country codes. Refer to ISO 3166-1 numeric.
Character length and limitations: 3 characters
SHIPMETHOD (Optional) Shipping method code. The values are:
- 01 = Same day
- 02 = Overnight/next day
- 03 = Priority, 2 - 3 days
- 04 = Ground, 4 or more days
- 05 = Electronic delivery
- 06 - ZZ = Reserved for future use
SKU (Optional) Merchant product SKU.
Character length and limitations: 15 alphanumeric characters

Address Verification Service Parameters

Field Description
BILLTOSTREET (Optional) Account holder's street address (number and street name).
Character length and limitations: 30 characters
BILLTOZIP (Optional) Account holder's 5- to 9-digit ZIP (postal) code excluding spaces, dashes, and non-numeric characters. Example: 951121737
Character length and limitations: 9 characters
BILLTOPHONENUM (Optional) Account holder's telephone number. The formats are:
- xxx-xxx-xxxx (US numbers)
- +xxxxxxxxxxx (international numbers)
Character length and limitations: 10 characters
SHIPTOFIRSTNAME (Optional) First name in the shipping address.
Character length and limitations: 30 characters
SHIPTOLASTNAME (Optional) Last name in the shipping address.
Character length and limitations: 30 characters
SHIPTOSTREET (Optional) Shipping street address.
Character length and limitations: 30 characters
SHIPTOCOUNTRY (Optional) Numeric country code of ship-to country. Example: USA: 840. The Payflow API accepts 3-digit numeric country codes. Refer to ISO 3166-1 numeric.
Character length and limitations: 3 alphanumeric characters
SHIPTOZIP (Optional) Shipping 5- to 9-digit zip (postal) code excluding spaces, dashes, and non-numeric characters. Example: 951121737
Character length and limitations: 9 alphanumeric characters
SHIPTOPHONENUM (Optional) Shipping telephone number.
Character length and limitations: 10 alphanumeric characters

Location Transaction Advice Addendum Parameters

Field Description
MERCHANTNAME (Optional) Name of merchant.
Character length and limitations: 38 alphanumeric characters
MERCHANTSTREET (Optional) Merchant's street address (number and street name).
Character length and limitations: 38 alphanumeric characters. If more than 38 characters, use proper and meaningful abbreviation. Do not truncate.
MERCHANTCITY (Optional) The name of the city were the transaction took place.
- If you are a third-party biller (bill for services or goods rendered by another entity), you must enter the name of the city in which the seller is located.
- If you are a mail order, phone order, or internet industry, you may substitute the name of the city in which the merchant's order processing facility is located.
Character length and limitations: 21 alphanumeric characters. If more than 21 characters, use proper and meaningful abbreviation. Do not truncate.
MERCHANTSTATE (Optional) The region code that corresponds to the state, province, or country subdivision of the merchant location where the transaction took place.
Region code examples:
- CA = California, USA
- NS = Nova Scotia, Canada
- COS = Colima Mexico
If you are a third-party biller (bill for services or goods rendered by another entity), you must enter the region code that corresponds to the state, province, or country subdivision in which the seller is located.
Character length and limitations: 3 alphanumeric characters
MERCHANTZIP (Optional) The 5- to 9-digit zip (postal) code excluding spaces, dashes, and non-numeric characters where the transaction took place.
If you are a third-party biller (bill for services or goods rendered by another entity), you must enter the postal code that corresponds to the seller's location.
Character length and limitations: 15 alphanumeric characters
MERCHANTCOUNTRYCODE (Optional) Country code of the location where the transaction took place. The Payflow API accepts 3-digit numeric country codes. Refer to ISO 3166-1 numeric.
Character length and limitations: 3-character country code.
MERCHANTLOCATIONID (Optional) Merchant-assigned store or location number (or name) that uniquely identifies where the transaction took place.
Character length and limitations: 15 alphanumeric characters
MERCHANTID (Required) American Express-assigned service establishment number used to identify and facilitate payments to merchants.
Character length and limitations: 15 alphanumeric characters.
MERCHANTCONTACTINFO (Optional) Merchant's telephone number or web address. (URLs and e-mail addresses may be lowercase, as appropriate.) This entry may appear on the descriptive bill on the card-member's statement, or may be used to resolve billing inquiries and disputes.
Note: American Express strongly recommends that aggregators (third-parties who bill for goods or services rendered by another entity) always fill in this field with the URL, e-mail address, or telephone number of the contact responsible for resolving disputes or inquiries.
Character length and limitations: 40 alphanumeric characters

Transaction Advice Detail Parameters

Field Description
ADDLAMTn (Optional) Detail of a charge where n is a value from 1 - 5. Use for additional breakdown of the amount.
Character length and limitations: Must include a decimal and be exact to the cent (42.00, not 42) and exclude comma separators (1234.56 not 1,234.56). Examples are a tip (ADDLAMT1=3.00) and a convenience charge (ADDLAMT2=2.00). 12 numeric characters. The amount passed must not contain more than two decimal places.
ADDLAMTTYPEn (Optional) A 3-digit code indicating the type of the corresponding charge detail, where n is a value from 1 - 5.
Character length and limitations: 3 numeric characters

Airline Passenger Data Parameters

Field Description
AIR-DEPARTUREDATE (Optional) Departure date in the format YYYYMMDD.
Character length and limitations: 8 alphanumeric characters
AIR-PASSENGERNAME (Optional) Name of the passenger in the following format with fields separated by a space: surname first name middle initial title
Character length and limitations: 60 alphanumeric characters
AIR-ORIGIN (Optional) Airport code of the originating airport. For a list of airport codes, see http://www.world-airport-codes.com/alphabetical/airport-code/a.html.
Note: Present day airport codes are three characters in length. The five character length is designed to allow for future expansion
Character length and limitations: 5 alphanumeric characters
AIR-DESTINATION (Optional) Destination airport code for the first segment of the trip; this is not necessarily the final destination. For example, if a passenger flies from STL to MIA with a layover at JFK, the destination airport is JFK For a list of airport codes, see http://www.world-airport-codes.com/alphabetical/airport-code/a.html.
Note: Present day airport codes are three characters in length. The five character length is designed to allow for future expansion
Character length and limitations: 5 alphanumeric characters
AIR-NUMBEROFCITIES (Optional) Number of unique cities in this trip including the cities of origin and destination, where a maximum value of 10 is allowed. For example, AIR-NUMBEROFCITIES is 3 for the following trip:
- DEN to LAX
- LAX to SFO
- SFO to DEN
If not provided, this value is equal to the number of AIR-ROUTINGCITYn parameters.
AIR-ROUTINGCITYn (Optional) Airport codes of each city in this flight including cities of origin and destination, where n is a value from 1 to 10.
Character length and limitations: 5 alphanumeric characters
AIR-CARRIERn (Optional) Two character airline code for each unique airline in this flight, where n is a value from 1 to 10.
If the same carrier is used for multiple segments of the trip, it is passed only once. For example, the two AIR-CARRIERn values for the following trip are UA and AA:
- UA flight from IAD to DEN
- UA flight from DEN to LAX
- UA flight from LAX to SFO
- AA flight from SFO to DFW
Character length and limitations: 24 alphanumeric characters
AIR-FAREBASIS (Optional) List discounts associated with the travel.
Character length and limitations: 24 alphanumeric characters
AIR-NUMBEROFPASSENGERS (Optional) Number of passengers on this trip.
Character length and limitations: numeric
AIR-ISETICKET (Optional) If this is an electronic ticket. The values are:
- Y = yes
- N = no
Character length and limitations: 1 alphanumeric character
AIR-RESERVATIONCODE (Optional) Code assigned to the travel reservation before the ticket was purchased.
Character length and limitations: 15 alphanumeric characters

American Express Other Parameters

Field Description
BILLTOFIRSTNAME (Optional) Account holder's first and last name.
Note: Even though the parameter name indicates only the first name, this single parameter holds all of the person's name information (both first and last name, at a minimum).
Character length and limitations: 13 alphanumeric characters
BILLTOLASTNAME (Optional) Account holder's last name.
Character length and limitations: 13 alphanumeric characters
INVNUM (Optional) Merchant invoice number. The merchant invoice number is used for authorizations and settlements and, depending on your merchant bank, will appear on your customer's credit card statement and your bank reconciliation report. If you do not provide an invoice number, the transaction ID ( PNREF ) will be submitted.
Character length and limitations: 9 alphanumeric characters
ORDERDATE (Optional) Specifies an order date.
Character length and limitations: 6 numeric characters
Format: mmddyy (with no slashes or dashes). For example, July 28, 2003 is 072803.
ORDERDATETIME (Optional) Specifies an order time and date.
Character length and limitations: 19 alphanumeric characters
Format is either YYYY-MM-DD or YYYY-MM-DD HH:MI:SS (where HH is in 24-hour time). If the value does not conform to one of the formats or if the date is not valid (for example, 2004-17-35), then the transaction is rejected with: RESULT=7(SIG_FIELD_ERR) RESPMSG=Invalid ORDERTIME. A truncated version of the ORDERTIME value (up to 7 characters) overwrites any value provided by ORDERDATE. If no value is provided, a NULL value is stored.

Cielo Payments - Additional Credit Card Parameters

In addition to the core credit card parameters, Cielo Payments (formerly Merchant e-Solutions) accepts the parameters described below.

Field Description
INVNUM (Optional) Merchant invoice number. The merchant invoice number is used for authorizations and settlements and, depending on your merchant bank, will appear on your customer's credit card statement and your bank reconciliation report. If you do not provide an invoice number, the transaction ID ( PNREF ) will be submitted.
Note: Not supported by Payflow Link.
Character length and limitations: 17 alphanumeric characters
MERCHDESCR (Optional) Use this parameter to pass in your DBA name and other data describing the transaction (default: merchant name). This information is usually displayed in the account holder's statement.
Character length and limitations: 25 alphanumeric characters
MERCHSVC (Optional) Defaults to the city where the merchant outlet is located for retail and to the merchant's phone number for non-retail. For example, 800 111-1111. This information is usually displayed in the account holder's statement.
Character length and limitations: 13 alphanumeric characters

Elavon Additional Credit Card Parameters

In addition to the core credit card parameters, Elavon (formerly Nova) accepts the parameter described below.

Field Description
RECURRING (Optional) Identifies the transaction as recurring. This value does not activate the Payflow Recurring Billing Service API. If the RECURRING parameter was set to Y for the original transaction, then the setting is ignored when forming credit, void, and force transactions. If you subscribe to Payflow Fraud Protection Services:
- To avoid charging you to filter recurring transactions that you know are reliable, the fraud filters do not screen recurring transactions.
- To screen a prospective recurring customer, submit the transaction data using PayPal Manager's Manual Transactions page. The filters screen the transaction in the normal manner. If the transaction triggers a filter, then you can follow the normal process to review the filter results.
Character length and limitations: 1 alphanumeric character (Y or N)

Elavon Travel Parameters

Elavon also accepts the travel parameters described below.

Field Description
DEPARTUREDATE (Required)
COMPLETIONDATE (Required)
MERCHANTREFCODE (Required)
TAXAMT (Required)
PONUM (Optional)

First Data Merchant Services Nashville - Additional Credit Card Parameters

In addition to the core credit card parameters, First Data Merchant Services (FDMS) Nashville accepts the parameters described below.

Field Description
INVNUM (Optional) Merchant invoice number. The merchant invoice number is used for authorizations and settlements and, depending on your merchant bank, will appear on your customer's credit card statement and your bank reconciliation report. If you do not provide an invoice number, the transaction ID ( PNREF ) will be submitted.
Character length and limitations: 9 alphanumeric characters

First Data Merchant Services North - Additional Credit Card Parameters

In addition to the core credit card parameters, First Data Merchant Services (FDMS) North accepts the parameters described

Field Description
DESC (Optional) Use the DESC parameters to pass in your DBA name and other data describing the transaction. This information will be displayed in the account holder's statement.
Note: FDMS North passes the descriptive data to the card associations with the following character lengths:
Visa: 25
MasterCard: 22
AMEX: 20
DISC: 22
Some card associations truncate the value to 19 characters. If you have questions, consult the card association.
Character length and limitations: 25 alphanumeric characters
MERCHDESCR (Optional) Use this parameter to pass in your DBA name and other data describing the transaction. This information is usually displayed in the account holder's statement.
Character length and limitations: 25 alphanumeric characters
MERCHSVC (Optional) Defaults to the city where the merchant outlet is located for retail and to the merchant's phone number for non-retail. For example, 800 111-1111. This information is usually displayed in the account holder's statement.
Character length and limitations: 13 alphanumeric characters

Heartland - Additional Credit Card Parameters

In addition to the core credit card parameters, Heartland accepts the parameters described below.

Field Description
INVNUM (Optional) Merchant invoice number. The merchant invoice number is used for authorizations and settlements and, depending on your merchant bank, will appear on your customer's credit card statement and your bank reconciliation report. If you do not provide an invoice number, the transaction ID ( PNREF ) will be submitted.
Note: Not supported by Payflow Link.
Character length and limitations: 17 alphanumeric characters
MERCHDESCR (Optional) Use this parameter to pass in your DBA name and other data describing the transaction (default: merchant name). This information is usually displayed in the account holder's statement.
Character length and limitations: 25 alphanumeric characters
MERCHSVC (Optional) Defaults to the city where the merchant outlet is located for retail and to the merchant's phone number for non-retail. For example, 800 111-1111. This information is usually displayed in the account holder's statement.
Character length and limitations: 13 alphanumeric characters

Litle Additional Credit Card Parameters

Field Description
AUTHDATE Required for Force transactions. Authorization date.
Character length and limitations: 11alphanumeric characters
CUSTOMERID (Optional) Customer identification.
Character length and limitations: 18 alphanumeric characters
INVNUM (Optional) Merchant invoice number. The merchant invoice number is used for authorizations. If you do not provide an invoice number, the transaction ID ( PNREF ) will be submitted.
Character length and limitations: 20 alphanumeric characters
MERCHANTCITY (Optional) The name of the city were the transaction took place.
- If you are a third-party biller (bill for services or goods rendered by another entity), you must enter the name of the city in which the seller is located.
- If you are a mail order, phone order, or internet industry, you may substitute the name of the city in which the merchant's order processing facility is located.
Character length and limitations: 21 alphanumeric characters
MERCHANTURL (Optional) Merchant's website. This information is usually displayed in the account holder's statement.
Character length and limitations: 40 alphanumeric characters
MERCHDESCR (Optional) Use this parameter to pass in your DBA name and other data describing the transaction (default: merchant name). This information is usually displayed in the account holder's statement.
Character length and limitations: 25 alphanumeric characters
MERCHSVC (Optional) Defaults to the city where the merchant outlet is located for retail and to the merchant's phone number for non-retail. For example, 800 111-1111. This information is usually displayed in the account holder's statement.
Character length and limitations: 13 alphanumeric characters
PONUM (Optional) Purchase order number.
Character length and limitations: 25 alphanumeric characters
REPORTGROUP (Optional) Category that the transaction is in, for example, coffee mugs. This field is for your own use.
Character length and limitations: 25 alphanumeric characters
BILLTOSTREET2 (Optional) Second street address.
Character length and limitations: 35 alphanumeric characters
BILLTOSTREET3 (Optional) Third street address.
Character length and limitations: 35 alphanumeric characters
TAXAMT (Optional) Total tax amount.
Character length and limitations: Must include a decimal and be exact to the cent (42.00, not 42) and exclude comma separators (1234.56 not 1,234.56). 12 numeric characters
TAXEXEMPT (Optional) Indicates whether the customer is tax exempt. Value is:
- Y - The customer is tax exempt.
- N - The customer is not tax exempt (default).
Character length and limitations: 1 alpha character

Paymentech Salem - New Hampshire - Additional Credit Card Parameters for American Express

In addition to the core credit card parameters, Paymentech Salem accepts the parameters to meet American Express statement and reporting requirements described below.

Paymentech Salem - Internet Transaction Data Parameters

Field Description
BILLTOEMAIL (Optional) Account holder's email address.
Character length and limitations: 60 alphanumeric characters
BILLTOPHONENUM (Optional) Account holder's telephone number.
Character length and limitations: 20 characters
PHONETYPE (Optional) Telephone company provided ANI information identifier digits indicating the telephone call type. Examples: cellular (61-63), payphone (27)
Character length and limitations: 2 characters
CUSTHOSTNAME (Optional) Name of the server that the account holder is connected to. Example: PHX.QW.AOL.COM.
Character length and limitations: 60 alphanumeric and special characters
CUSTBROWSER (Optional) Name of the server that the account holder is connected to. Example: MOZILLA/4.0 (COMPATIBLE MSIE 5.0; WINDOWS 95)
Character length and limitations: 60 alphanumeric and special characters
CUSTIP (Optional) Account holder's IP address.
Character length and limitations: 15 alphanumeric and special characters
SHIPTOCOUNTRY (Optional) Numeric country code of ship-to country. Example: USA: 840. The Payflow API accepts 3-digit numeric country codes. Refer to ISO 3166-1 numeric.
Character length and limitations: 3 alphanumeric characters
SHIPMETHOD (Optional) Shipping method code. The values are:
- 01 = Same day
- 02 = Overnight/next day
- 03 = Priority, 2 - 3 days
- 04 = Ground, 4 or more days
- 05 = Electronic delivery
- 06 - ZZ = Reserved for future use
SKU (Optional) Merchant product SKU.
Character length and limitations: 15 alphanumeric and special characters

Paymentech Salem - AVS Parameters

Field Description
BILLTOSTREET (Optional) Account holder's street address (number and street name).
Character length and limitations: 30 characters
BILLTOZIP (Optional) Account holder's 5- to 9-digit ZIP (postal) code excluding spaces, dashes, and non-numeric characters. Example: 951121737
Character length and limitations: 9 characters
BILLTOPHONENUM (Optional) Account holder's telephone number. The formats are:
- xxx-xxx-xxxx (US numbers)
- +xxxxxxxxxxx (international numbers)
Character length and limitations: 10 characters
SHIPTOFIRSTNAME (Optional) First name in the shipping address.
Character length and limitations: 30 characters
SHIPTOLASTNAME (Optional) Last name in the shipping address.
Character length and limitations: 30 characters
SHIPTOSTREET (Optional) Shipping street address.
Character length and limitations: 30 characters
SHIPTOCOUNTRY (Optional) Numeric country code of ship-to country. Example: USA: 840. The Payflow API accepts 3-digit numeric country codes. Refer to ISO 3166-1 numeric.
Character length and limitations: 3 alphanumeric characters
SHIPTOZIP (Optional) Shipping 5- to 9-digit zip (postal) code excluding spaces, dashes, and non-numeric characters. Example: 951121737
Character length and limitations: 9 alphanumeric characters
SHIPTOPHONENUM (Optional) Shipping telephone number.
Character length and limitations: 10 alphanumeric characters

Paymentech Salem - Additional Credit Card Parameters for M Record

Field Description
MERCHDESCR (Optional) Use this parameter to pass in your DBA name and other data describing the transaction. This information is usually displayed in the account holder's statement.
Character length and limitations: 25 alphanumeric characters
MERCHSVC (Optional) Defaults to the city where the merchant outlet is located for retail and to the merchant's phone number for non-retail. For example, 800 111-1111. This information is usually displayed in the account holder's statement.
Character length and limitations: 13 alphanumeric characters

PayPal Credit Card Transaction Request Parameters

In addition to the core credit card parameters, PayPal accepts the parameters described below.

Parameter Description
AMT (Required) Amount (US Dollars) U.S. based currency.
AMT=ITEMAMT + TAXAMT + FREIGHTAMT + HANDLINGAMT + INSURANCEAMT - DISCOUNT
Note: You must set CURRENCY to one of the three-character currency codes for any of the supported PayPal currencies. See CURRENCY in this table for details.
Limitations: Must not exceed 10,000.00 USD in any currency. Nine numeric characters plus decimal (.) character. No currency symbol. Specify the exact amount to the cent using a decimal point; use 34.00, not 34. Do not include comma separators; use 1199.95 not 1,199.95.
Nine numeric characters plus decimal.
CURRENCY (Required) The currency code.
Note: CURRENCY is applicable only to processors that support transaction-level currency. The PayPal acquirer allows PayPal Payments Advanced and PayPal Payments Pro merchants to run transactions using any of the following six currencies with a single account.
AUD - Australian dollar
CAD- Canadian dollar
EUR - Euro
GBP - British pound
JPY- Japanese Yen
USD - US dollar
Limitations: Three characters.
BUTTONSOURCE (Optional) Identification code for use by third-party applications to identify transactions.
Limitations: 32 alphanumeric characters.
CUSTIP (Optional) IP address of payer's browser as recorded in its HTTP request to your website. This value is optional but recommended.
Note: PayPal records this IP address as a means to detect possible fraud.
Limitations: 15-character string in dotted quad format: xxx.xxx.xxx.xxx
CAPTURECOMPLETE (Optional) Indicates if this Delayed Capture transaction is the last capture you intend to make. The values are:
- Y (default)
- N
Note: If CAPTURECOMPLETE is Y, any remaining amount of the original reauthorized transaction is automatically voided.
Limitations: 12-character alphanumeric string.
CUSTOM (Optional) A free-form field for your own use.
Limitations: 256-character alphanumeric string.
EMAIL (Optional) Email address of payer.
Limitations: 127 alphanumeric characters.
INVNUM (Optional) Your own unique invoice or tracking number.
Limitations: 127 alphanumeric characters.
ITEMAMT (Required if L_COSTn is specified). Sum of cost of all items in this order.
ITEMAMT = L_QTY0 * LCOST0 + L_QTY1 * LCOST1 + L_QTYn * L_COSTn
Limitations: Nine numeric characters plus decimal (.) character. No currency symbol. Specify the exact amount to the cent using a decimal point; use 34.00, not 34. Do not include comma separators; use 1199.95 not 1,199.95.
Limitations: Nine numeric characters plus decimal.
TAXAMT (Required if L_TAXAMTn is specified) Sum of tax for all items in this order.
TAXAMT = L_QTY0 * L_TAXAMT0 + L_QTY1 * L_TAXAMT1 + L_QTYn * L_TAXAMTn
Note: You must set CURRENCY to one of the three-character currency codes for any of the supported PayPal currencies. See CURRENCY in this table for details.
Limitations: Nine numeric characters plus decimal (.) character. No currency symbol. Specify the exact amount to the cent using a decimal point; use 34.00, not 34. Do not include comma separators; use 1199.95 not 1,199.95. Nine numeric characters plus decimal.
FREIGHTAMT (Optional) Total shipping costs for this order.
Note: You must set CURRENCY to one of the three-character currency codes for any of the supported PayPal currencies. See CURRENCY in this table for details.
Limitations: Nine numeric characters plus decimal (.) character. No currency symbol. Specify the exact amount to the cent using a decimal point; use 34.00, not 34. Do not include comma separators; use 1199.95 not 1,199.95.
Nine numeric characters plus decimal.
HANDLINGAMT (Optional) Total handling costs for this order.
Note: You must set CURRENCY to one of the three-character currency codes for any of the supported PayPal currencies. See CURRENCY in this table for details.
Limitations: Nine numeric characters plus decimal (.) character. No currency symbol. Specify the exact amount to the cent using a decimal point; use 34.00, not 34. Do not include comma separators; use 1199.95 not 1,199.95. Nine numeric characters plus decimal.
DISCOUNT (Optional) Shipping discount for this order. Specify the discount as a positive amount.
Limitations: Nine numeric characters plus decimal (.) character. No currency symbol. Specify the exact amount to the cent using a decimal point; use 34.00, not 34. Do not include comma separators; use 1199.95 not 1,199.95.
INSURANCEAMT (Optional) Total shipping insurance cost for this order.
Limitations: Nine numeric characters plus decimal (.) character. No currency symbol. Specify the exact amount to the cent using a decimal point; use 34.00, not 34. Do not include comma separators; use 1199.95 not 1,199.95.
L_NAMEn (Optional) Line-item name.
Character length and limitations: 36 alphanumeric characters.
L_DESCn (Optional) Line-item description of the item purchased such as hiking boots or cooking utensils.
L_COSTn (Required if L_QTYn is supplied) Cost of the line item. The line-item unit price must be a positive number and be greater than zero.
Note: You must set CURRENCY to one of the three-character currency codes for any of the supported PayPal currencies. See CURRENCY in this table for details.
Limitations: Nine numeric characters plus decimal (.) character. No currency symbol. Specify the exact amount to the cent using a decimal point; use 34.00, not 34. Do not include comma separators; use 1199.95 not 1,199.95. Nine numeric characters plus decimal.
L_QTYn (Required if L_COSTn is supplied) Line-item quantity.
Limitations: 10-character integer.
L_SKUn (Optional) Product number.
Limitations: 18-characters.
L_TAXAMTn (Optional) Line-item tax amount.
Limitations: Nine numeric characters plus decimal (.) character. No currency symbol. Specify the exact amount to the cent using a decimal point; use 34.00, not 34. Do not include comma separators; use 1199.95 not 1,199.95.
MERCHANTSESSIONID (Optional) Your customer Direct Payment session identification token. PayPal records this session token as an additional means to detect possible fraud.
Limitations: 64 characters.
MERCHDESCR

(Optional) Information that is usually displayed in the account holder's statement, for example, <Your-Not-For-Profit> <State>, <Your-Not-For-Profit> <Branch-Name>, <Your-Website> dues or <Your-Website> list fee.

Character length and limitations: 23 alphanumeric characters, can include the special characters dash (-) and dot (.) only. Asterisks (*) are NOT permitted. If it includes a space character (), enclose the "<Soft-Descriptor>" value in double quotes.

MERCHANTCITY

(Optional) A unique phone number, email address or URL, which is displayed on the account holder's statement. PayPal recommends passing a toll-free phone number because, typically, this is the easiest way for a buyer to contact the seller in the case of an inquiry.
Character length and limitations: 13 characters including special characters, such as, space, !, ", #, $, %, &, ', (, ), +, -,*, /, :, ;, <, =, >, ?, @, comma and period.

If it includes the space character (), enclose the "<Soft-Descriptor-City>" value in double quotes.

Note: Underscore (_) is an illegal character for this field. If it is passed, then it will be removed leaving the remaining characters in the same order. For example, New_York changes to NewYork.

Added in version 115 of the API.

NOTIFYURL (Optional) Your URL for receiving Instant Payment Notification (IPN) about this transaction. If you do not specify NOTIFYURL in the request, the notification URL from your Merchant Profile is used, if one exists.
Limitations: 2048 alphanumeric characters.
ORDERDESC (Optional) Description of items the customer is purchasing.
Limitations: 127 alphanumeric characters.
RECURRINGTYPE (Optional) Type of transaction occurrence. The values are:
- F = First occurrence
- S = Subsequent occurrence (default)
Limitations: One alpha character.
BILLTOSTREET (Conditional) Bill-to street address.
Note: Some merchants maybe required to pass this billing information. Please test your integration first to determine if the billing information fields are required.
Limitations: 100-character string.
BILLTOCITY (Conditional) Bill-to city address.
Note: Some merchants maybe required to pass this billing information. Please test your integration first to determine if the billing information fields are required.
Limitations: 40 alphanumeric characters.
BILLTOSTATE (Conditional) Bill-to state or province address.
Note: Some merchants maybe required to pass this billing information. Please test your integration first to determine if the billing information fields are required.
Limitations: 40 alphanumeric characters.
BILLTOCOUNTRY (Conditional) Bill-to country address. For the PayPal acquirer, see the PayPal country codes.
Note: Some merchants maybe required to pass this billing information. Please test your integration first to determine if the billing information fields are required.
Limitations: 2 alphanumeric characters.
SHIPTOSTREET (Optional) Ship-to street address.
Note: If you pass in any of the ship-to address parameters such as SHIPTOCITY or SHIPTOSTATE, you must pass in the complete set (that is, SHIPTOSTREET, SHIPTOCITY, SHIPTOSTATE, SHIPTOCOUNTRY, and SHIPTOZIP).
Limitations: 100-character string.
SHIPTOCITY (Optional) Ship-to city address.
Note: If you pass in any of the ship-to address parameters such as SHIPTOCITY or SHIPTOSTATE, you must pass in the complete set (that is, SHIPTOSTREET, SHIPTOCITY, SHIPTOSTATE, SHIPTOCOUNTRY, and SHIPTOZIP).
Limitations: 40-character string.
SHIPTOSTATE (Optional) Ship-to state or province address.
Note: If you pass in any of the ship-to address parameters such as SHIPTOCITY or SHIPTOSTATE, you must pass in the complete set (that is, SHIPTOSTREET, SHIPTOCITY, SHIPTOSTATE, SHIPTOCOUNTRY, and SHIPTOZIP).
Limitations: 40-character string.
SHIPTOCOUNTRY (Optional) Ship-to country code. For the PayPal acquirer, see the PayPal country codes.
Note: If you pass in any of the ship-to address parameters such as SHIPTOCITY or SHIPTOSTATE, you must pass in the complete set (that is, SHIPTOSTREET, SHIPTOCITY, SHIPTOSTATE, SHIPTOCOUNTRY, and SHIPTOZIP).
Limitations: Two alpha characters.
SHIPTOZIP (Optional) U.S. ship-to zip code or other country-specific postal code.
Note: If you pass in any of the ship-to address parameters such as SHIPTOCITY or SHIPTOSTATE, you must pass in the complete set (that is, SHIPTOSTREET, SHIPTOCITY, SHIPTOSTATE, SHIPTOCOUNTRY, and SHIPTOZIP).
Limitations: 20-character string.

SecureNet Additional Credit Card Parameters for American Express

In addition to the core credit card parameters, SecureNet accepts the parameters described below to meet American Express reporting and statement requirements.

SecureNet Retail Transaction Advice Addendum - for SWIPE transactions

Field Description
L_DESCn (Optional) Description of this line-item (n is a line item number from 1 to 6).
Character length and limitations: 19 alphanumeric characters
L_AMTn (Optional) Amount of this line-item (n is a line item number from 1 to 6).
Character length and limitations: Must include a decimal and be exact to the cent (42.00, not 42) and exclude comma separators (1234.56 not 1,234.56). 12 numeric characters
L_QTYn (Optional) Quantity of this line-item (n is a line item number from 1 to 6).
Character length and limitations: 3 numeric characters

SecureNet Internet Transaction Data

Field Description
BILLTOEMAIL (Optional) Account holder's email address.
Character length and limitations: 60 alphanumeric characters
BILLTOPHONENUM (Optional) Account holder's telephone number.
Character length and limitations: 10 characters
PHONETYPE (Optional) Telephone company provided ANI information identifier digits indicating the telephone call type. Examples: cellular (61-63), payphone (27).
Character length and limitations: 2 alphanumeric characters
CUSTHOSTNAME (Optional) Name of the server that the account holder is connected to. Example: PHX.QW.AOL.COM.
Character length and limitations: 60 alphanumeric and special characters
CUSTBROWSER (Optional) Name of the server that the account holder is connected to. Example: MOZILLA/4.0~(COMPATIBLE;~MSIE~5.0;~WINDOWS~95)
Character length and limitations: 60 alphanumeric and special characters
CUSTIP (Optional) Account holder's IP address.
Character length and limitations: 15 alphanumeric and special characters
SHIPTOCOUNTRY (Optional) Numeric country code of ship-to country. Example: USA: 840. The Payflow API accepts 3-digit numeric country codes. Refer to ISO 3166-1 numeric.
Character length and limitations: 3 alphanumeric characters
SHIPMETHOD (Optional) Shipping method code. The values are:
- 01 = Same day
- 02 = Overnight/next day
- 03 = Priority, 2 - 3 days
- 04 = Ground, 4 or more days
- 05 = Electronic delivery
- 06 - ZZ = Reserved for future use

SecureNet AVS Parameters

Field Description
BILLTOSTREET (Optional) Account holder's street address (number and street name).
Character length and limitations: 30 characters
BILLTOZIP (Optional) Account holder's 5- to 9-digit ZIP (postal) code excluding spaces, dashes, and non-numeric characters. Example: 951121737
Character length and limitations: 9 characters
BILLTOPHONENUM (Optional) Account holder's telephone number. The formats are:
- xxx-xxx-xxxx (US numbers)
- +xxxxxxxxxxx (international numbers)
Character length and limitations: 10 characters
SHIPTOFIRSTNAME (Optional) First name in the shipping address.
Character length and limitations: 30 characters
SHIPTOLASTNAME (Optional) Last name in the shipping address.
Character length and limitations: 30 characters
SHIPTOSTREET (Optional) Shipping street address.
Character length and limitations: 30 characters
SHIPTOCOUNTRY (Optional) Numeric country code of ship-to country. Example: USA: 840. The Payflow API accepts 3-digit numeric country codes. Refer to ISO 3166-1 numeric.
Character length and limitations: 3 alphanumeric characters
SHIPTOZIP (Optional) Shipping 5- to 9-digit zip (postal) code excluding spaces, dashes, and non-numeric characters. Example: 951121737
Character length and limitations: 9 alphanumeric characters
SHIPTOPHONENUM (Optional) Shipping telephone number.
Character length and limitations: 10 alphanumeric characters

SecureNet Location Transaction Advice Addendum Parameters

Parameter Description
MERCHANTNAME (Optional) Name of merchant.
Character length and limitations: 38 alphanumeric characters
MERCHANTSTREET (Optional) Merchant's street address (number and street name).
Character length and limitations: 38 alphanumeric characters. If more than 38 characters, use proper and meaningful abbreviation. Do not truncate.
MERCHANTCITY (Optional) The name of the city were the transaction took place.
- If you are a third-party biller (bill for services or goods rendered by another entity), you must enter the name of the city in which the seller is located.
- If you are a mail order, phone order, or internet industry, you may substitute the name of the city in which the merchant's order processing facility is located.
Character length and limitations: 21 alphanumeric characters. If more than 21 characters, use proper and meaningful abbreviation. Do not truncate.
MERCHANTSTATE (Optional) The region code that corresponds to the state, province, or country subdivision of the merchant location where the transaction took place.
Region code examples:
- CA = California, USA
- NS = Nova Scotia, Canada
- COS = Colima Mexico
If you are a third-party biller (bill for services or goods rendered by another entity), you must enter the region code that corresponds to the state, province, or country subdivision in which the seller is located.
Character length and limitations: 3 alphanumeric characters
MERCHANTCOUNTRYCODE (Optional) Country code of the location where the transaction took place. The Payflow API accepts 3-digit numeric country codes. Refer to ISO 3166-1 numeric.
Character length and limitations: 3-character country code.
MERCHANTZIP (Optional) The 5- to 9-digit zip (postal) code excluding spaces, dashes, and non-numeric characters where the transaction took place.
If you are a third-party biller (bill for services or goods rendered by another entity), you must enter the postal code that corresponds to the seller's location.
Character length and limitations; 15 alphanumeric characters

SecureNet Transaction Advice Detail Parameters

Field Description
ADDLAMTn (Optional) Detail of a charge where n is a value from 1 - 5. Use for additional breakdown of the amount.
Character length and limitations: Must include a decimal and be exact to the cent (42.00, not 42) and exclude comma separators (1234.56 not 1,234.56). Examples are a tip (ADDLAMT1=3.00) and a convenience charge (ADDLAMT2=2.00). 12 numeric characters. The amount passed must not contain more than two decimal places.
ADDLAMTTYPEn (Optional) A 3-digit code indicating the type of the corresponding charge detail, where n is a value from 1 - 5.
Character length and limitations: 3 numeric characters

SecureNet Airline Passenger Data Parameters

Field Description
AIR-DEPARTUREDATE (Optional) Departure date in the format: YYYYMMDD.
Character length and limitations: 8 alphanumeric characters
AIR-PASSENGERNAME (Optional) Name of the passenger in the following format with fields separated by a space: surname firstname middleinitial title
Character length and limitations: 40 alphanumeric characters
AIR-ORIGIN (Optional) Airport code of the originating airport. For a list of airport codes, see http://www.world-airport-codes.com/alphabetical/airport-code/a.html.
Character length and limitations: 5 alphanumeric characters
AIR-DESTINATION (Optional) Destination airport code for the first segment of the trip; this is not necessarily the final destination. For example, if a passenger flies from STL to MIA with a layover at JFK, the destination airport is JFK. For a list of airport codes, see http://www.world-airport-codes.com/alphabetical/airport-code/a.html.
Note: Present day airport codes are three characters in length. The five character length is designed to allow for future expansion.
Character length and limitations: 5 alphanumeric characters
AIR-NUMBEROFCITIES (Optional) Number of unique cities in this trip including the cities of origin and destination, where a maximum value of 10 is allowed. For example, AIR-NUMBEROFCITIES is 3 for the following trip:
- DEN to LAX
- LAX to SFO
- SFO to DEN
If not provided, this value is equal to the number of AIR-ROUTINGCITYn parameters.
Character length and limitations: numeric, maximum value is 10
AIR-ROUTINGCITYn (Optional) Airport codes of each city in this flight including cities of origin and destination, where n is a value from 1 to 10. For a list of airport codes, see http://www.world-airport-codes.com/alphabetical/airport-code/a.html.
Note: Present day airport codes are three characters in length. The five character length is designed to allow for future expansion.
Character length and limitations: 5 alphanumeric characters
AIR-CARRIERn (Optional) Two character airline code for each unique airline in this flight, where n is a value from 1 to 10. If the same carrier is used for multiple segments of the trip, it is passed only once. For example, the two AIR-CARRIERn values for the following trip are UA and AA:
- UA flight from IAD to DEN
- UA flight from DEN to LAX
- UA flight from LAX to SFO
- AA flight from SFO to DFW. For information about airlines codes, see http://en.wikipedia.org/wiki/Airline_codes-All
Character length and limitations: 5 alphanumeric characters
AIR-FAREBASIS (Optional) List discounts associated with the travel.
Character length and limitations: 24 alphanumeric characters
AIR-NUMBEROFPASSENGERS (Optional) Number of passengers on this trip.
Character length and limitations: numeric
AIR-ISETICKET (Optional) If this is an electronic ticket.
Character length and limitations: 1 alphanumeric character (Y or N)
AIR-RESERVATIONCODE (Optional) Code assigned to the travel reservation before the ticket was purchased.
Character length and limitations: 15 alphanumeric characters

SecureNet Other Parameters

Field Description
BILLTOFIRSTNAME (Optional) Account holder's first and last name.
Note: Even though the parameter name indicates only the first name, this single parameter holds all of the person's name information (both first and last name, at a minimum).
Character length and limitations: 13 alphanumeric characters
BILLTOLASTNAME (Optional) Account holder's last name.
Character length and limitations: 13 alphanumeric characters
INVNUM (Optional) Merchant invoice number. The merchant invoice number is used for authorizations and settlements and, depending on your merchant bank, will appear on your customer's credit card statement and your bank reconciliation report. If you do not provide an invoice number, the transaction ID ( PNREF ) will be submitted.
Character length and limitations: 17 alphanumeric characters
ORDERDATE (Optional) Specifies an order date.
Character length and limitations: 6 numeric characters
Format: mmddyy (with no slashes or dashes). For example, July 28, 2003 is 072803.

Vantiv Additional Credit Card Parameters

Vantiv Additional Credit Card Parameters

Field Description
MERCHDESCR (Optional) Use this parameter to pass in your DBA name and other data describing the transaction. This information will be displayed in the account holder's statement.
Character length and limitations: 25 alphanumeric characters

Vantiv Soft Merchant Descriptor Parameters

Field Description
MERCHANTNAME (Optional) Name of merchant.
Character length and limitations: 38 alphanumeric characters
MERCHANTSTREET (Optional) Merchant's street address (number and street name).
Character length and limitations: 38 alphanumeric characters. If more than 38 characters, use proper and meaningful abbreviation. Do not truncate.
MERCHANTCITY (Optional) The name of the city were the transaction took place.
- If you are a third-party biller (bill for services or goods rendered by another entity), you must enter the name of the city in which the seller is located.
- If you are a mail order, phone order, or internet industry, you may substitute the name of the city in which the merchant's order processing facility is located.
Character length and limitations: 21 alphanumeric characters. If more than 21 characters, use proper and meaningful abbreviation. Do not truncate.
MERCHANTSTATE (Optional) The region code that corresponds to the state, province, or country subdivision of the merchant location where the transaction took place.
Region code examples:
- CA = California, USA
- NS = Nova Scotia, Canada
- COS = Colima Mexico
If you are a third-party biller (bill for services or goods rendered by another entity), you must enter the region code that corresponds to the state, province, or country subdivision in which the seller is located.
Character length and limitations: 3 alphanumeric characters
MERCHANTZIP (Optional) The 5 to 9-digit zip (postal) code excluding spaces, dashes, and non-numeric characters where the transaction took place. If you are a third-party biller (bill for services or goods rendered by another entity), you must enter the postal code that corresponds to the seller's location.
Character length and limitations: 15 alphanumeric characters
MERCHANTCOUNTRYCODE (Optional) Country code of the location where the transaction took place. The Payflow API accepts 3-digit numeric country codes. Refer to ISO 3166-1 numeric.
Character length and limitations: 3-character country code.
MERCHANTLOCATIONID (Optional) Merchant-assigned store or location number (or name) that uniquely identifies where the transaction took place.
Character length and limitations: 15 alphanumeric characters
MERCHANTID (Required) American Express-assigned service establishment number used to identify and facilitate payments to merchants.
Character length and limitations: 15 alphanumeric characters.
MERCHANTCONTACTINFO (Optional) Merchant's telephone number or web address. (URLs and e-mail addresses may be lowercase, as appropriate.) This entry may appear on the descriptive bill on the card-member's statement, or may be used to resolve billing inquiries and disputes.
Note: American Express strongly recommends that aggregators (third-parties who bill for goods or services rendered by another entity) always fill in this field with the URL, e-mail address, or telephone number of the contact responsible for resolving disputes or inquiries.
Character length and limitations: 40 alphanumeric characters

WorldPay Additional Credit Card Parameters

Field Description
ADDLAMTn (Optional) Detail of a charge, where n is a value from 1 - 5. Use for additional breakdown of the amount.
Character length and limitations: Must include a decimal and be exact to the cent (42.00, not 42) and exclude comma separators (1234.56 not 1,234.56). Examples are a tip (ADDLAMT1=3.00) and a convenience charge (ADDLAMT2=2.00). 11 alphanumeric characters. The amount passed must not contain more than two decimal places.
ADDLAMTTYPEn (Optional) A 3-digit code indicating the type of the corresponding charge detail, where n is a value from 1 - 5.
Character length and limitations: 18 alphanumeric characters
CATTYPE (Optional) Type of terminal.
Character length and limitations: numeric characters
CONTACTLESS (Optional) Describes the card input capability. It is the value RFD, which means the card contains a radio frequency identification (RFID) chip for communicating with a point-of-sale device with an RFID receiver.
Character length and limitations: alpha characters

table of contents


TeleCheck Electronic Check Processing

This appendix describes the host-based capture version of the TeleCheck Non-Face-To-Face Check Acceptance (NFTF) services.

TeleCheck NFTF Overview of Services

NFTF offers merchants the convenience of electronic check deposits. When a NFTF transaction is approved by TeleCheck, the manually entered MICR data from the check is electronically converted to an ACH debit and is processed through the ACH Network. The merchant receives funds within two banking days.

NFTF includes TeleCheck Internet Check Acceptance (ICA), Checks By Phone (CBP), and Prearranged Deposit Services (NFTF PPD). Each of these products requires a separate Merchant ID also known as a Subscriber ID. See below for more details.

  • ICA provides merchants with the capability to authorize and electronically settle checks presented by customers over the internet. ICA can be single entry or recurring. This is based on customer's authorization received over the internet.
  • CBP authorizes and electronically settles checks presented over the phone through customer interaction with a merchant call center representative. CBP services are single entry only. Partial debits and recurring entries are not allowable per NACHA guidelines.
  • NFTF prearranged payment and deposit entry (NFTF PPD) may be used for either recurring or non-recurring debits to a customer's account, when the merchant has provided the customer with a written authorization, which the customer has signed or similarly authenticated. Actual payments are facilitated via the internet or via IVR or over the phone. The application type value must be set to PPD. PPD accounts must establish an end date to clearly define terms between customer and merchant, but do not have time period caps.

TeleCheck NFTF Processing Overview

NFTF requirements, processing considerations, and guidelines for processing check payments are described below.

NFTF Requirements

The following requirements must be followed as standard operating procedures to electronically process a NFTF check payment:

  • A TeleCheck Merchant ID is required on all transactions and is unique to each location.
  • Dual ID is required for all transactions. For personal checks, it must be MICR data and personal check writer identification such as a driver's license. For company checks, it must be MICR data and Federal Tax ID. In the event that a company does not have a Federal Tax ID, the driver's license can also be used.
  • For ICA and NFTF PPD, the merchant must retain the customer's authorization of the transaction for a period of 2 years and, for ICA, prompt the customer to print a copy of this confirmation for their records. The merchant must adhere to all authorization requirements, data elements, legal verbiage, and check return fee requirements.
  • For CBP, the merchant must audio record the customer's verbal confirmation of the transaction or provide a written confirmation of the transaction to the customer prior to settlement. In either case, the confirmation must be live; IVR is not acceptable for confirmation. If a merchant chooses audio, the merchant must have the technical capability to retain these recordings for a period of 2 years; else the written confirmation may be substituted and retained for the same time period. The merchant must adhere to all authorization requirements; data elements, legal verbiage, and check return fee requirements.
  • Only select US accounts drawn on U.S. banks participating in the ACH Network are eligible for processing via the ACH Network.
  • TeleCheck Trace ID (TTID) is required for all supplemental messages, change, void, and adjustment transactions.
  • Merchant Trace ID is required for all adjustment transactions. This field allows additional capabilities to be enabled such as Overflow Credits and MIA Duplicate Checking.
  • Change and Void transactions are only allowed within the original Sale processing window. For NFTF, cutoff time is 4:00PM CST (recommend working with 3:30PM CST).
  • Adjustment transactions are electronically allowed within 90 days after the Sale transaction. After the 90 day period, all adjustments must be manually processed.
  • A prompt or process must be in place to identify a check as either personal or company.
  • Duplicate Checking - TeleCheck has the ability to detect duplicate sale transactions at the point of sale if sent within a predetermined time limit. Duplicates are identified when a sale inquiry is received with the same amount, MICR number, and check number matching a sale inquiry received within the last 2 minutes. If a duplicate is detected it will return an ineligible response for ACH. The 2nd transaction will also receive an ineligible response for ACH with the same ACH Transaction Status and Response Code as the original sale transaction.
  • The appropriate Application Type value must be sent to TeleCheck to indicate the type of NFTF transaction (ICA, CBP, or NFTF PPD).
  • In the NFTF technical specification several data element fields and features are described as "optional." While these are technically optional, meaning that the product can be technically implemented with or without them, TeleCheck may require the merchant to code to one or more of these optional items based on the agreed upon contractual terms. The merchant may need to account for and enable additional data element fields and product features in their system(s) and in communications to the TeleCheck Authorization System. Various optional data elements throughout each of the message packets could be affected by this requirement.
  • First Data Gateway Partners, External Gateway vendors, First Data Platforms, and the Global Gateway Router (GGR) that route merchant transactions to TeleCheck via this specification must code for all fields, features, and functionality available in this specification. Nothing is optional for these partners. Additionally, these partners are required to maintain their NFTF specification as new revisions and addendums become available.

NFTF Processing Considerations

TeleCheck and the Merchant must determine any of the following additional optional features during contract negotiations.

  • MIA Duplicate Checking - TeleCheck has the ability to detect duplicate adjustment transactions in back end processes. Adjustments can be submitted up to 90 days after the original Sale transaction. While multiple adjustment transactions are allowed for a given sale transaction, each adjustment transaction must have a unique merchant trace ID. Duplicates are detected when an adjustment transaction is submitted that has the same merchant trace ID as a previously submitted adjustment transaction. If a duplicate adjustment is detected, and the original adjustment was accepted by TeleCheck, the duplicate will also be accepted. The duplicate transaction will then be filtered out by the TeleCheck back end settlement processes.

NFTF Guidelines

The following guidelines should be followed when adhering to the above NFTF Requirements to electronically process a check payment:

  • Fields marked as Required are required to process an electronic transaction.
  • Not all fields are required by every merchant.
  • Unused fields should be completely omitted from the message.
  • Each field is variable in length (justification and fillers are not used).
  • The order of tagged fields from the POS and from the TeleCheck host are not significant.
  • Fields must not have any hard-coded data values.
  • The transaction number increments on every attempt.

Message formats outline fields (tags) that are required, not required, or conditional to the Sale, Status, and Adjustment Inquiry packets.

Message Types:

  • Merchant Authorization Message and the TeleCheck Authorization Response Message
  • Merchant Delayed Capture Message and the TeleCheck Delayed Capture Response Message

Transaction flow Method Messages sent from the Merchant to TeleCheck are authorization messages. Messages sent from TeleCheck to the Merchant are Response messages.

The sale transaction process is often referred to as a 2-part hand-off. The process begins with the merchant's Authorization message. TeleCheck responds with an Authorization response message indicating whether the transaction is approved and whether the check is eligible for conversion (whether check conversion will be offered). The Merchant then responds with a Delayed Capture message, acknowledging receipt of the TeleCheck sale response, and indicating whether electronic check conversion was accepted. TeleCheck completes the transaction with a Delayed Capture response message confirming receipt of the merchant's status inquiry message.

TeleCheck Parameters

Parameters used for processing electronic checks through TeleCheck are described in this section.

Required TeleCheck Parameters

Field Description
USER (Required) Case-sensitive login ID for the Gateway account that you created while registering for the account.
In the future, each account will allow multiple users. This parameter will specify the user.
Character length and limitations: 64 alphanumeric characters
VENDOR (Required) Case-sensitive Vendor ID that you created while registering for the account.
Character length and limitations: 64 alphanumeric characters
PARTNER (Required) The authorized PayPal Reseller that registered you for the Gateway service provided you with a Partner ID. If you registered yourself, use PayPal.
This parameter is case sensitive.
Character length and limitations: 64 alphanumeric characters
PWD (Required) Case-sensitive 6- to 32-character password that you created while registering for the account.
Character length and limitations: 32 alphanumeric characters
AMT (Required) This is the transaction amount (default U.S. dollars).
The transaction amount should always specify a decimal, and the exact amount to the cent (for example, 34.00, instead of 34). Do not include comma separators in the amount. Use 1199.95 not 1,199.95.
Character length and limitations: 7 numeric characters, U.S. dollars only
AUTHTYPE Value is:
- I - Internet Check Acceptance (ICA) provides the capability to authorize and electronically settle checks over the internet.
- P - Checks By Phone (CBP) provides the capability to authorize and electronically settle checks over the phone.
- D - Prearranged Deposit Services (PPD) debits the customer's account provided the customer has previously accepted a written authorization.
BILLTOCITY (Required) Account holder's city.
Character length and limitations: 20 alphanumeric characters
BILLTOCOUNTRY Account holder's country. You are required to pass this value when AUTHTYPE=I. For TeleCheck, the Payflow API requires 2-digit alpha country codes. Refer to ISO 3166-1 alpha-2.
Character length and limitations: 2 alphanumeric characters
BILLTOFIRSTNAME Account holder's first name as it appears on the check. You are required to pass this value when CHKTYPE=C.
Character length and limitations: 30 alphanumeric characters
BILLTOLASTNAME (Required) Account holder's last name as it appears on the check.
Character length and limitations: 30 alphanumeric characters
BILLTOPHONENUM (Required) Account holder's telephone number.
Character length and limitations: 10 numeric characters. This value may not contain spaces or non-numeric characters.
BILLTOSTATE (Required) Account holder's state.
Character length and limitations: 2 alphanumeric characters
BILLTOSTREET (Required) Account holder's street address.
Character length and limitations: 30 alphanumeric characters
BILLTOZIP (Required) Account holder's postal code (called ZIP code in the USA). Do not use spaces, dashes, or non-numeric characters.
Character length and limitations: 9 alphanumeric characters
CHKNUM (Required) Account holder's next unused (available) check number.
Character length and limitations: 7 numeric characters
CHKTYPE (Required) Check type. Value is:
- P - The check is a personal check (default). If CHKTYPE=P, you are required to pass a value for either DL or SS as an identifier.
- C - The check is a company check. If CHKTYPE=C, you are required to pass the Federal Tax ID for SS.
Character length and limitations:1 alphanumeric character
CUSTIP Account holder's IP address. You are required to pass this value when AUTHTYPE=I.
Character length and limitations: 15 alphanumeric characters
DL (Required) Driver's license number. If CHKTYPE=P, you are required to pass a value for either DL or SS as an identifier.
The format of the driver's license information is XXnnnnnnnn where:
- XX = State code
- nnnnnnnn = Driver's license number
Character length and limitations: 33 alphanumeric characters
BILLTOEMAIL (Required) Account holder's e-mail address.
You are required to pass this value when AUTHTYPE=I.
Character length and limitations: 100 alphanumeric characters
INVNUM (Required) Check invoice number.
Character length and limitations: 9 alphanumeric characters
MICR (Required) Magnetic ink check reader. The value is the entire line of numbers at the bottom of all checks. It includes the transit number, account number, and check number.
Character length and limitations: 65 numeric characters
SS Account holder's social security number. You are required to pass a value for SS when a value for CHKTYPE is passed:
- If CHKTYPE=P, you are required to pass a value for either DL or SS as an identifier.
- If CHKTYPE=C, you are required to pass the Federal Tax ID.
Character length and limitations: 35 alphanumeric characters
TENDER (Required) Method of payment. Use only the value K (electronic check).
Character length and limitations: 1 alphabetic character
TRXTYPE (Required) Type of transaction that should be processed. Value is:
- A - The transaction is an Authorization.
- D - The transaction is a Delayed Capture.
- V - The transaction is a Void.
- I - The transaction is an Inquiry.
Character length and limitations: 1 alpha character

Testing TeleCheck Transactions

PayPal provides a test server to support testing and configuration. For information on the test server URL, see Host URL Addresses.

TeleCheck Example Test Transaction

This is the authorization request and response.

TRXTYPE=A&TENDER=K&PARTNER=partner&USER=user&VENDOR=vendor&PWD=pwd&AMT=35.00
&BILLTOSTREET=1234 Main&BILLTOCITY=Buffalo&DL=CA123456&CHKNUM=1001&BILLTOEMAIL=john@xyz.com
&MICR=3333333333&AUTHTYPE=I&INVNUM=12345&BILLTOFIRSTNAME=Sally&BILLTOLASTNAME=Smith
&BILLTOSTATE=CA&BILLTOZIP=95050&BILLTOCOUNTRY=US&CUSTIP=10.15.5.23&BILLTOPHONENUM=9876542143
&VERBOSITY=HIGH RESULT=0&PNREF=EQRB8A32CD69&RESPMSG=Approved&AUTHCODE=12&TRACEID=1234567890
&ACHSTATUS=A&HOSTCODE=07&TRANSTIME=2012-02-09 15:23:37&BILLTOFIRSTNAME=Sally
&BILLTOLASTNAME=Smith&AMT=35.00&CARDTYPE=P

This is a delayed capture request.

TRXTYPE=D&TENDER=K&PARTNER=partner&USER=user&VENDOR=vendor&PWD=pwd&ORIGID=EQRB8A32CD69
&VERBOSITY=HIGH

This is a delayed capture response.

RESULT=0&PNREF=EQRB8A32CD6A&RESPMSG=Approved&AUTHCODE=00&TRACEID=1234567890
&ACHSTATUS=A&HOSTCODE=07&TRANSTIME=2012-02-09 15:24:22

TeleCheck MICR values for testing

You may view a complete list of TeleCheck response codes at Sale Response Code Values

MICR HOSTCODE TeleCheck Result
3333333333 07 Approved
1111111111 08 Rejected (negative data)
2222222222 88 Rejected Code 3 (Risk)

Preparing for TeleCheck Production Transactions

Before going into production with your check integration, you must certify your storefront with TeleCheck. To begin the certification process, send an e-mail to iica_certification@telecheck.com. Be sure to include the following information:

  • Your test website address where test transactions can be processed
  • The name, e-mail address, and phone number of the person to contact about any needed corrections.

The certification process usually takes 2-3 days.

Use the host address of the live server described in Host URL Addresses.

Responses to TeleCheck Transactions

When a transaction finishes, PayPal returns a response string made up of name-value pairs. For example:

RESULT=0&PNREF=VXYZ01234567&HOSTCODE=000500&RESPMSG=Approved

TeleCheck transaction response values are described in the table below.

TeleCheck Transaction Responses Common to All Tender Types

Field Description
RESULT The outcome of the attempted transaction. A result of 0 (zero) indicates the transaction was approved. Any other number indicates a decline or error.
Character length and limitations: numeric, variable number of characters
PNREF Payflow Gateway transaction ID; a unique number that identifies the transaction. See PNREF for more information.
Character length and limitations: 12 alphanumeric characters
HOSTCODE TeleCheck's response code representing the results of the transaction authorization attempt.
Character length and limitations: 6 numeric characters
RESPMSG A descriptive message associated with decline or error result values.
Character length and limitations: alphanumeric, variable number of characters

TeleCheck Response Code Values

For your service, below is a complete list of possible Response Codes. Depending upon the merchants risk parameters and service type, some of these may not apply. Please confirm applicable codes with TeleCheck's Merchant Boarding and Certification group.

Note: Merchants should establish policies and procedures for each applicable response code. For example, if a clerk enters a transaction and receives Response Code 27, they should retry the transaction. If, after entering the item a second time they receive a Response Code 27 again, the merchant may choose to cancel or terminate the transaction and a) retry the transaction b) call TeleCheck Live Operator Authorization Center, or c) request another form of payment from the check writer.

TeleCheck Sale Response Code Values

TeleCheck Sale Approval Responses
Code Description Merchant Action
07 Approved No action needed.

TeleCheck Sale Decline Responses
Code Description Merchant Action
08 Rejected (Negative Data) Ask for other form of payment or decline sale to customer.
73 Lost or Stolen check Ask for other form of payment or decline sale to customer.
88 Rejected Code 3 (Risk) Ask for other form of payment or decline sale to customer.
25 Ineligible - ACH Not Offered

Note: Do NOT use the verbiage "decline" this is not a true decline. Ask for other form of payment.

TeleCheck Sale Referral Responses
Code Description Merchant Action
09 Risk Referral requested Contact TeleCheck.
69 Call Center Contact TeleCheck.

Sale Error Responses
Code Description Merchant Action
46 Merchant setup does not allow this type of transaction
49 Processor Not Available Re-send message later.
98 Invalid MICR Data
27 Invalid Value for Field
78 Invalid RT (Routing/Bank Number)
97 Unable to Process (Time Out) Re-send message later.

TeleCheck Adjustment Code Values

Adjustment Responses - Refund Change or Void
Code Description Merchant Action
26 Merchant allowed to send full/partial adjustments/refunds without transaction errors No action needed
46 Merchant setup does not allow this type of transaction Adjustment cannot be processed by TeleCheck
79 Original transaction was not approved Adjustment cannot be processed by TeleCheck
80 Refund or partial amount is greater than the original sale amount Adjustment cannot be processed by TeleCheck
81 Unable to locate original transaction (TCK Trace ID) Adjustment cannot be processed by TeleCheck

Response Codes For Status Response Packets

Response Codes for Status Response Packets
Code Description
OK Inquiry (POS system) Packet was accepted and successfully processed by TeleCheck
ACK Inquiry Packet was accepted by the TeleCheck Host
NAK Inquiry Packet was not successfully processed by TeleCheck (general error)
49 Inquiry Packet was not successfully processed by TeleCheck (scheduled maintenance)
97 Inquiry Packet was not successfully processed by TeleCheck (timeout)
27 Inquiry Packet was not successfully processed by TeleCheck (invalid data)

TeleCheck Authorization Requirements

With the TeleCheck Non Face-To-Face (NFTF) Host Based Capture Service, the merchant is responsible for handling all front-end aspects of the point of sale, including displaying the appropriate disclosures to the customer. TeleCheck will provide form language for the merchant to use.

Note: It is the merchant's responsibility to ensure that they have the most current language from TeleCheck. TeleCheck will send out a Service Notice when updated language or system changes are required. Additionally, the Merchant should be familiar with NACHA, FCRA and Reg. E compliance requirements.

There are two different situations during which the merchant must display legal language:

  • Authorization / Sales Consent
    The language varies slightly between the Internet Check Acceptance and Checks By Phone services.
  • Authorization / Sales Decline
    The language is identical for Internet Check Acceptance and Checks By Phone services.

With the Non Face-To-Face Host Based Capture Service, the merchant is responsible for handling all front-end aspects of the point of sale, including displaying the appropriate disclosures to the customer. TeleCheck will provide form language for the merchant to use.

Internet Check Acceptance Authorizations

At the end of the check out process, the merchant must display consent language for the customer to accept prior to submitting the authorization request as follows:

Internet Check Acceptance Authorization Consent Required Language

FULL DEBIT

By entering my account number above and clicking Authorize, I authorize my payment to be processed as an electronic funds transfer or draft drawn from my account. If the payment is returned unpaid, I authorize you or your service provider to collect the payment and my state's return item fee by electronic funds transfer(s) or draft(s) drawn from my account.

Click here to view your state's returned item fee. If this payment is from a corporate account, I make these authorizations as an authorized corporate representative and agree that the entity will be bound by the NACHA Operating Rules.

PARTIAL SHIPMENTS & PARTIAL DEBITS

By entering my account number above and clicking Authorize, I authorize my payment to be processed as an electronic funds transfer or draft drawn from my account. If my full order is not available at the same time, I authorize partial debits to my account, not to exceed the total authorized amount. The partial debits will take place upon each shipment of partial goods. If any of my payments are returned unpaid, I authorize you or your service provider to collect the payment and my state's return item fee by electronic fund transfer(s) or draft(s) drawn from my account. Click here to view your state's returned item fee. If this payment is from a corporate account, I make these authorizations as an authorized corporate representative and agree that the entity will be bound by the NACHA Operating Rules.

Internet Check Acceptance Recurring Payments (WEB R) By entering my account number above and clicking Authorize, I authorize my payments to be processed as electronic funds transfers or drafts drawn from my account. <INSERT INFORMATION ON PAYMENT AMOUNT, TIMING, ETC.> If any of my payments are returned unpaid, I authorize you or your service provider to collect the payment and my state's return item fee by electronic fund transfer(s) or draft(s) drawn from my account. Click here to view your state's returned item fee. If this payment is from a corporate account, I make these authorizations as an authorized corporate representative and agree that the entity will be bound by the NACHA Operating Rules. This authorization is to remain in full force and effect until NAME OF MERCHANT has received written notification from me of my termination in such time and manner as to afford NAME OF MERCHANT a reasonably opportunity to act on it.

This text, Click here to view your state's returned item fee, in the consent language above represents a link to the state fee table. TeleCheck has posted a table of current state returned check fees at http://www.firstdata.com/support/telecheck_returned_check/returned_check_fees.htm. The merchant should link directly to the TeleCheck-hosted URL provided above. State fees are updated on a regular basis and linking to a TeleCheck-hosted page will minimize the number of maintenance updates required. The merchant may choose how to display the state fees. Suggestions include a new pop-up window, a full browser window, or directly on the checkout page.

Checks By Phone Service Authorizations

At the end of the check out process, the customer service agent must read the consent language to the consumer and, either audio record the consumer's authorization or send a written notification of the authorization and the transaction to the consumer prior to settlement of the transaction. The consent language for the customer to accept prior to submitting the payment authorization request is as follows:

Checks By Phone Authorization Consent Required Language

FULL DEBIT

Today (insert today's date), I'd like to confirm that you, (insert first and last name), are authorizing a payment in the amount of (insert amount) to be processed as an electronic funds transfer or draft drawn from your account. Do you agree? If your payment is returned unpaid, you authorize us or our service provider to collect the payment and your state's return item fee of (insert state returned item fee) by electronic funds transfer(s) or draft(s) drawn from your account. Do you agree and authorize the payment? The merchant should link directly to the TeleCheck-hosted URL provided above. State fees are updated on a regular basis and linking to a TeleCheck-hosted page will minimize the number of maintenance updates required. The merchant may choose how you want to display the state fees. Suggestions include a new pop-up window, a full browser window, or directly on the checkout page.

Note: For an additional fee, TeleCheck can send the written notification of the authorization and transaction to the consumer on the merchant's behalf.

Prearranged Payments and Deposits Authorizations - PPD

Payments are facilitated, not authorized.

Authorization is via paper from consumer to merchant.

PPD Authorization Requirements:

  • Must be face-to-face, in writing and signed.
  • Must clearly and conspicuously state it terms, such as consumer name, payment amount, payment timing (if recurring) and bank routing/account information. Must also provide that authorization may be revoked in the manner specified in the authorization.
  • Customer must be provided a copy.

Language Sample for PPD

By providing a check as payment, I authorize you to use information from my check to make a one-time electronic funds transfer (EFT) or draft from my account, or to process the payment as a check transaction. When you use information from my check to make an EFT, funds may be withdrawn from my account as soon as the same day my payment is received, and I will not receive my check back from my financial institution. The account referenced above is a (check one):

  • Consumer account
  • Business account

If my payment is returned unpaid, I authorize you or your service provider to collect my payment and my state's return fee set forth below by EFT(s) or draft(s) from my account. I understand that I can revoke this authorization by sending written notice to _____ in such time and manner as to afford ____ a reasonable opportunity to act on it. If this payment is from a corporate owned account, I make these authorizations as an authorized corporate representative and agree that the entity will be bound by the NACHA Operating Rules.

Returned Check Fees:

TeleCheck has posted a table of current state returned check fees at http://www.firstdata.com/support/telecheck_returned_check/returned_check_fees.htm. The merchant should link directly to the TeleCheck-hosted URL provided above. State fees are updated on a regular basis and linking to a TeleCheck-hosted page will minimize the number of maintenance updates required. The merchant may choose how to display the state fees. Suggestions include a new pop-up window, a full browser window, or directly on the checkout page.

AK $30 AL $30 AR $25 AZ $25 CA $25 CO $20 CT $20 DE $40 DC $25 FL $25
GA $30 GU $20 HI $30 IA $30 ID $20 IL $25 IN $20 KS $30 KY $50 LA $25
MA $25 MD $35 ME $25 MI $25 MN $30 MO $25 MS $40 MT $30 NC $25 ND $30
NE $35 NH $25 NJ $30 NM $30 NV $25 NY $20 OH $30 OK $20 OR $25 PA $30
PR $10 RI $25 SC $30 SD $40 TN $30 TX $30 UT $20 VA $50 VI $20 VT $25
WA $30 WI $25 WV $25 WY $30

Authorization - Sales Decline or Error

Authorization requests can fail for a number of reasons, ranging from missing or invalid fields to business decisions based on risk assessment. These different scenarios need to be handled differently by the merchant, and require different legal language to show to the customer.

Sale Decline Required Language

We are sorry that we cannot accept your check at this time. Our decision is based,
in whole or in part, on information provided to us by TeleCheck. We encourage you
to call TeleCheck at 1-800.366.2425 or write TeleCheck Customer Care at P.O. Box 4513,
Houston, TX 77210-4513. Please provide TeleCheck your driver's license number and the
state where it was issued, and the complete banking numbers printed on the bottom of
your check. Under the Fair Credit Reporting Act, you have the right to a free copy of
your information held in TeleCheck's files within 60 days from today. You may also
dispute the accuracy or completeness of any information in TeleCheck's consumer report.
TeleCheck did not make the adverse decision to not accept your payment item and is unable
to explain why this decision was made.

Sale Error Responses

We are unable to process this transaction with the payment information provided.
Please use a different form of payment at this time.

table of contents


Payflow Header Parameters

This section includes information on the Payflow header parameters. These header parameters can be used to bypass Payflow to send a request message directly to PayPal. They can also be used to post transactions to the Payflow servers directly without installing an SDK. This section includes:

Sending Requests Directly to PayPal Bypassing Payflow

Payflow will ignore the request parameters you pass and will forward them to PayPal when you declare PAYPAL-NVP:Y in the request header. Declaring PAYPAL-NVP:Y in the request header is required when passing negative discount amounts to PayPal through Payflow.

Please note that passing PAYPAL-NVP:Y in the request header changes the format of the response message you receive from Payflow. For example, if PAYPAL-NVP:Y is NOT declared in the header, the Payflow response message is formatted as follows:

RESULT=0&RESPMSG=Approved&TOKEN=EC-868676987J8393917&CORRELATIONID=5f817d830101

If the request header PAYPAL-NVP:Y is declared, the response returned from Payflow includes bracketed numbers next to the names of the response parameters. These bracketed numbers are length tags that indicate the length of the values returned. The following is a response message that contains length tags:

RESULT=0&RESPMSG=Approved&TOKEN[20]=EC-97J718043X120051H&TIMESTAMP[20]=2012-10-11T15:19:37Z
&CORRELATIONID[13]=274f8d4493dbe&ACK[7]=Success&VERSION[4]=92.0&BUILD[7]=3893058

You can also use length tags in the Payflow request message to pass the special characters of "&" and "=" in the values sent. See Using Special Characters In Values for more information.

Express Checkout for Payflow

For information on using the PayPal Express Checkout API with Payflow, see the Express Checkout for Payflow integration guide.

Posting Transactions Directly Without the Payflow SDK

The Payflow SDK is recommended for .NET and Java users - to simplify the Payflow integration.

Developers also have the option to post transactions directly to the Payflow servers using the Payflow message protocol, without the need to install an SDK. This section describes the HTTP headers that are required to post transactions directly to the Payflow servers.

The Payflow Message Protocol

What is the Payflow message protocol and what are its advantages?

The Payflow message protocol is an HTTP-compatible protocol for transactions. The HTTP-compliant implementation of this protocol has the following goals:

  • To enhance flexibility to developers integrating with the Payflow Service. Merchants can use the protocol in either by:
    • Using a Payflow SDK such as .NET or Java that uses this protocol, or
    • Integrating this protocol directly into your own client application without using an SDK.
  • To increase reliability through adherence to open standards.
  • To provide built-in tools to prevent duplicate transactions and authorizations.
  • The Payflow message protocol provides the underlying transport for application-level transactions, using either the Payflow name-value pair or XMLPay 2.0 format. All transaction data as documented in this guide is embedded in the body of a standard HTTPS POST and POSTed to the URLs specified.

What is the disadvantage of building your own integration?

Since you are building your own integration, you will need to add your own error handling, retry logic and duplicate transaction handling within your code.

Note: If you prefer not to write your own client, you can use the .NET SDK (which can also be used with classic ASP) or the Java SDK. See Payflow SDK for more information about the SDKs.

What code changes are required when migrating from a previous Payflow SDK to this service?

The Payflow HTTPS service uses the same name-value-pair parameters or XMLPay schema as found in the current SDKs. The only code change needed is the way you communicate with the Payflow servers. Instead of using an SDK to send the data, you use the methods available in your programming language of choice to send the data via HTTPS. For example, if you use PHP, you might choose to use cURL.

Payflow Message Protocol Headers

In addition to the Payflow parameters that you pass in your request, you must set the request headers described in the following table.

Required Payflow Headers
Header Name Description
X-VPS-REQUEST-ID (Required) A unique identifier for each request, whether the request is a single name-value transaction or an XMLPay 2.0 document with multiple transactions. This identifier is associated with all the transactions in that particular request.
X-VPS-REQUEST-ID is made up of 1 to 32 printable characters. You must provide the X-VPS-REQUEST-ID value in the transaction request. The server uses the X-VPS-REQUEST-ID to check for duplicate transaction requests. When a transaction request is received, the server checks the requests table to see if the X-VPS-REQUEST-ID has been used before by this merchant.
If the X-VPS-REQUEST-ID has been used before, the server views it as a retry transaction and the transaction is treated as a duplicate. The response to the original transaction request is returned and "DUPLICATE=1" is appended to the response indicating that this transaction is a duplicate. In Manager, you will see these DUPLICATE transactions with a TENDER type of "N".
Important: If you send in a NEW transaction with a previously used X-VPS-REQUEST-ID, the server ignores the new data and returns the response to the original transaction associated with that X-VPS-REQUEST-ID.
It is VERY IMPORTANT that you check for DUPLICATE=1 and if you receive it and the transaction is not a re-attempt of the original request of a failed transaction, you must change the Request ID.
If the X-VPS-REQUEST-ID has not been used before, the server stores the X-VPS-REQUEST-ID to ensure that the X-VPS-REQUEST-ID is not reused and then runs the associated transactions. Duplicate checking is designed for short-term retries (a few minutes to a few hours after the original transaction). The X-VPS-REQUEST-ID is stored for a minimum of 7 to 8 days; however, retries should not be sent so long after the original transaction.
Note: Any transaction with an ID older than 8 days will be treated as a new transaction.
The X-VPS-REQUEST-ID check is only available if the database is up and available. If for some reason the database is down, transactions (authorizations and sales) will continue to be processed as normal; however, DUPLICATE=-1 (negative one) will be returned to alert you that the database is down and there is no duplicate check being performed.
Note: Buyer Authentication: E-Verify Enrollment, Z-Validate Authentication transactions and PayPal Express Checkout: SetExpressCheckout and GetExpressCheckout transactions do not use duplicate suppression and will not return DUPLICATE=1
X-VPS-CLIENT-TIMEOUT (Required) Time-out value in seconds. A transaction times out if the elapsed time between ending the original transaction request and receiving the transaction response exceeds the value of X-VPS-CLIENT-TIMEOUT. The default value is 45.

Standard HTTP Headers Required
Header Name Description
Connection State of the connection. The server returns the value close to close the connection after the response is sent.
Content-Length (Required) Size of message body.
Content-Type (Required) Provide one of the following values:
- text/name value, transaction request body is in name-value pair format.
- text/xml, transaction request body is in XMLPay 2.0 format.
Host (Required) Provide one of the two host URLs:
- Production: payflowpro.paypal.com
- Pilot: pilot-payflowpro.paypal.com

Transaction Message

The transaction message communicates the initial transaction data to the server and contains the transaction request and response.

URLs for Sending Messages

Use the following URLs for sending transactions to the Payflow Production servers:

Production (Live): https://payflowpro.paypal.com/

Transaction Request

The transaction request consists of a transaction request header and body.

Name-Value Pair Transaction Request Header

Content-Type: text/name value
Content-Length: 233
Connection: close
Host: payflowpro.paypal.com
X-VPS-REQUEST-ID: [See Required Payflow Headers]
X-VPS-CLIENT-TIMEOUT: 45
X-VPS-VIT-[See Integrator-Provided Data]
X-VPS-VIT-[See Integrator-Provided Data]

The following is an example of a transaction request header associated with a message in name-value format. For XMLPay, it would follow the same format except the content-type would be text/xml and the body of the request and response would contain the XML document.

Name-Value Pair Transaction Request Body

The transaction request body contains the transaction information. The following is an example transaction request body in name-value pair format.

TRXTYPE[1]=S&ACCT[16]=5105105105105100&EXPDATE[4]=0109&TENDER[1]=C&INVNUM[8]=INV12345&AMT[5]=25.12
&PONUM[7]=PO12345&STREET[23]=123 Main St.&ZIP[5]=12345&USER[6]=jsmith&VENDOR[6]=jsmith&PARTNER[6]=PayPal
&PWD[8]=testing1

Note: The bracketed numbers are length tags which allow you to use the special characters of "&" and "=" in the value sent. See Using Special Characters In Values for more information.

The Request Body should NOT be URL-encoded. Pass the data as a standard data and use the length tags if needed.

Transaction Response

The transaction response consists of a transaction response header and body.

Name-Value Pair Transaction Response Header

The following is an example transaction response header associated with a message in name-value format.

Connection: close
Server: VPS-3.028.00
Date: Mon, 16 May 2005 22:48:06 GMT
Content-Type: text/name value
Content-Length: 145
X-VPS-REQUEST-ID: [Same ID as sent]

Name-Value Pair Transaction Response Body

The transaction response body contains the response to the request. The following is an example response body in name-value format.

RESULT=0&PNREF=V53A0A30B542&RESPMSG=Approved&AUTHCODE=882PNI&AVSADDR=X&AVSZIP=X&IAVS=X
&PREFPSMSG=No Rules Triggered&POSTFPSMSG=No Rules Triggered

Integrator-Provided Data

These headers are extensions to the Payflow message protocol. The extension parameters describe the specific version of a client and the client's environment. Send the applicable parameters to PayPal in the transaction request headers.

Note: The parameters in this section are not required, but we highly recommend you send them.

Header Name Description
X-VPS-VIT-INTEGRATION-PRODUCT Identifies the integration product that calls the PayPal server.
Format: String
Examples: iPayment, ColdFusion, MIVA, shopping cart
Default Value: Blank
X-VPS-VIT-INTEGRATION-VERSION Version of the software as defined by the integrator/vendor. Limited to the major version and one digit of the minor version (can include alphanumeric characters, not just digits).
Format: String <Major Version>.<Minor Version>
Examples: 1.1, 4.5, 10.0, Linux2.1
Default Value: Blank
X-VPS-VIT-OS-NAME Name of operating system on which the client is running.
Format: String
Examples: Linux, SunOS, Windows 2000, Windows NT, Windows XP, Mac OS X, Free BSD
Default Value: Blank
X-VPS-VIT-OS-VERSION Version of operating system on which the client is running.
Format: String XXX.X
Example: 2.4
Default Value: Blank
X-VPS-VIT-RUNTIME-VERSION Version of runtime environment of the language in which the client is written and is running.
Format: String XXX.XE
Examples: 10.1, 2.5
Default Value: Blank

For more information on Payflow headers, see this Merchant Technical Support (MTS) knowledge base article.

table of contents


Submitting Purchasing Card Level 2 and 3 Transactions

PayPal Payment Services supports passing Purchasing Card Level 2 information (such as purchase order number, tax amount, and charge description) in the settlement file.

If additional required invoice information and line-item details are included in the transaction, PayPal formats Purchasing Card Level 3 information in an appropriate format, for example, EDI (Electronic Data Interchange) 810 format as required by American Express during settlement processing.

PayPal does not calculate or verify totals before sending Level 2 and Level 3 data to other processors. PayPal only sends line-item information as-is. If the totals you send to the processor do not add up, the processor may reject your Level 3 data.

Please contact your merchant bank to determine which parameters are required to obtain the best rate for Level 2 or Level 3 type transactions. If in doubt, we recommend you send all Level 2 and Level 3 fields specified below for your processor.

About Purchasing Cards

The procurement process uses purchasing cards for a number of reasons. Purchasing cards:

  • Eliminate paper-based order systems and associated costs
  • Improve control and accountability through itemized statements
  • Foster better risk controls through spending limits and buying from approved vendors
  • Reduce administrative overhead by empowering employees to make small purchases
  • Enable enterprises to negotiate better contract pricing and discounts with suppliers by using vendor detail reports

To promote acceptance and usage of purchasing card programs, card issuers have established incentive rates for merchants. The incentive rates are available to merchants who comply at transaction processing Level 2 or Level 3. Transactions that comply at transaction processing Level 1 qualify as normal credit card transactions.

Note: Card issuing institutions perform strict data verification on the enhanced data that merchants submit with Level 2 or Level 3 transactions. Issuers may charge stiff penalties when fields contain either inaccurate or filler data. Only transactions that contain accurate data are eligible for the incentive rates.

About Program Levels

The term Level does not apply to the card, but to the transaction data submitted for that card. Generally, a higher level means more detailed data for reporting.

The following table describes the recognized transaction levels.

Level Description
1 Function as normal credit cards and are authorized and associated with normal transaction data in authorization and settlement. Any merchant who accepts credit cards supports this level.
2 Additional data regarding sales tax, customer code, purchase order number, invoice number are captured at the point of sale. In most cases, this information is combined with the merchant's tax ID number, state, and postal code data and is then passed through during settlement. For some processors and banks, however, a Level 2 authorization may include some of this data.
3 Significant additional information such as line items, product codes, item descriptions, unit price, unit quantities, and ship-to postal data are added to the Level 2 data to provide optimal reporting to buyers and sellers. Settlement transactions typically carry Level 3 data.

Level 2 and Level 3 data is generally considered non-financial data. Lack of adequate data may cause a transaction to be downgraded.

PayPal generally requires up to Level 2 information in an authorization transaction followed by additional Level 3 data in the associated delayed capture transaction. A sale transaction should include all Level 3 data since it is authorized and later settled.

Accepted BIN Ranges

Visa, MasterCard, and American Express publish specific Bank Identification Number (BIN) ranges for purchasing cards. Sometimes the processor determines whether a card is a purchasing card, for example, TSYS Acquiring Solutions. In other cases, the Gateway makes the determination based on the BIN range (for example, FDMS South and American Express).

About American Express Purchasing Card Transactions

The information in this section applies to transactions processed by American Express not necessarily to all American Express cards. Level 2 and Level 3 purchasing card rules may differ for American Express card transactions processed by other processors such as Paymentech or First Data Nashville.

Supported Transaction Types

You can submit Level 3 parameters with delayed capture, sale, credit, or force transactions. Level 3 data in authorization transactions is ignored. The Gateway decides whether a transaction meets Level 3 requirements during authorization.

Level 3 data is passed to the American Express processor only during settlement.

Avoiding Downgrade

If a transaction uses the purchasing card BIN range (see Accepted BIN Ranges and contains a line item but does not include all mandatory level 3 parameters, the transaction succeeds but is processed as level 2 or level 1 during settlement depending on which data was passed).

For downgraded transactions, with the VERBOSITY parameter set to HIGH, the ADDLMSGS field returns a message like the following:

Features not processed: PCARD L3 (missing or invalid: InvoiceNumber RequestorName)

-- or --

Features not processed: PCARD L3 (line item 3 missing: Description)

For details on VERBOSITY, see VERBOSITY - Processor-Specific Transaction Results

Submitting Successful Level 3 Transactions

If a transaction uses the purchasing card BIN range, contains all mandatory Level 3 fields, and has at least 1 line item (with all mandatory line item fields), the Gateway flags it as Level 3.

Edit Check

The Gateway performs an edit check on the transaction's amount fields to ensure that all line item and tax amounts balance.

If the edit check fails, the transaction fails with Result 4: Invalid Amount.

To pass the edit check, the following relationship must be true:

Transaction Amount =
Total Tax Amount + Total Freight Amount + Total Handling Amount + Total Line Item Amount.
Field Value
Transaction Amount Total amount for the transaction, AMT
Total Tax Amount TAXAMT
Total Freight Amount FREIGHTAMT, or, if not present, the summation of L_FREIGHTAMTn for all line items
Total Handling Amount HANDLINGAMT, or, if not present, the summation of L_HANDLINGAMTn for all line items
Total Line Item Amount Summation of L_QTYn * L_COSTn for all line items (n as the line item number). For example, if there are 2 line items, then the Total Line Item Amount would be (LQTY1 * LCOST1) + (LQTY2 * LCOST2)

American Express Accepted BIN Ranges

The following BIN ranges are accepted for American Express Level 2 and Level 3 transactions:

37326

37429

37857

37859

37873

37965

American Express Purchasing Card Transaction Processing

The American Express supports Level 2 transaction data.

Note: Most merchants in the United States follow American Express reporting and statement requirements. International merchants now follow these requirements as well, with a few exceptions. If you are not sure, contact your American Express Representative.

American Express Level 2 Parameters for American Express

The parameters that meet American Express reporting and statement requirements are described in the following tables.

CPC Level 2 Transaction Advice Addendum Parameters
Field Description
PONUM (Required) Purchase order number.
Character length and limitations: 17 alphanumeric characters
SHIPTOZIP (Optional) Ship-to postal code (called zip code in the USA). This field must contain one of the following values:
- Zip code of the destination where the merchandise is to be shipped
- (If the above is not available) Zip code of the location where the merchant executed the transaction
Character length and limitations: 15 alphanumeric characters
TAXAMT (Optional) Total tax amount. Must include a decimal and the exact amount to the cent (42.00, not 42). Do not include comma separators (1234.56 not 1,234.56).
Character length and limitations: 12 numeric characters
L_DESC1 (Optional) Description of this line item; if not provided, DESC1 (if present) is used.
Character length and limitations: 140 alphanumeric characters
L_AMT1 (Optional) Charge for this line item. Must include a decimal and be exact to the cent (42.00, not 42) and exclude comma separators (1234.56 not 1,234.56).
Character length and limitations: 12 numeric characters
L_QTY1 (Optional) Quantity of this line item.
Character length and limitations: 3 numeric characters
L_DESC2 (Optional) Description of this line item; if not provided, DESC2 (if present) is used.
Character length and limitations: 40 alphanumeric characters
L_AMT2 (Optional) Charge for this line item. Must include a decimal and be exact to the cent (42.00, not 42) and exclude comma separators (1234.56 not 1,234.56).
Character length and limitations: 12 numeric characters
L_QTY2 (Optional) Quantity of this line item.
Character length and limitations: 3 numeric characters
L_DESC3 (Optional) Description of this line item; if not provided, DESC3 (if present) is used.
Character length and limitations: 40 alphanumeric characters
L_AMT3 (Optional) Charge for this line item. Must include a decimal and be exact to the cent (42.00, not 42) and exclude comma separators (1234.56 not 1,234.56).
Character length and limitations: 12 numeric characters
L_QTY3 (Optional) Quantity of this line item.
Character length and limitations: 3 numeric characters
L_DESC4 *(Optional) *Description of this line item; if not provided, DESC4 (if present) is used.
Character length and limitations: 30 alphanumeric characters
L_AMT4 (Optional) Charge for this line item. Must include a decimal and be exact to the cent (42.00, not 42) and exclude comma separators (1234.56 not 1,234.56).
Character length and limitations: 12 numeric characters
L_QTY4 (Optional) Quantity of this line item.
Character length and limitations: 3 numeric characters

Location Transaction Advice Addendum Parameters

Field Description
MERCHANTNAME (Optional) Name of merchant.
Character length and limitations: 38 alphanumeric characters
MERCHANTSTREET (Optional) Merchant's street address (number and street name).
Character length and limitations: 38 alphanumeric characters. If more than 38 characters, use proper and meaningful abbreviation. Do not truncate.
MERCHANTCITY (Optional) The name of the city were the transaction took place.
- If you are a third-party biller (bill for services or goods rendered by another entity), you must enter the name of the city in which the seller is located.
- If you are a mail order, phone order, or internet industry, you may substitute the name of the city in which the merchant's order processing facility is located.
Character length and limitations: 21 alphanumeric characters. If more than 21 characters, use proper and meaningful abbreviation. Do not truncate.
MERCHANTSTATE (Optional) The region code that corresponds to the state, province, or country subdivision of the merchant location where the transaction took place.
Region code examples:
- CA = California, USA
- NS = Nova Scotia, Canada
- COS = Colima Mexico
If you are a third-party biller (bill for services or goods rendered by another entity), you must enter the region code that corresponds to the state, province, or country subdivision in which the seller is located.
Character length and limitations: 3 alphanumeric characters
MERCHANTZIP (Optional) The 5- to 9-digit zip (postal) code excluding spaces, dashes, and non-numeric characters where the transaction took place.
If you are a third-party biller (bill for services or goods rendered by another entity), you must enter the postal code that corresponds to the seller's location.
Character length and limitations: 15 alphanumeric characters
MERCHANTCOUNTRYCODE (Optional) Country code of the location where the transaction took place. The Payflow API accepts 3-digit numeric country codes. Refer to ISO 3166-1 numeric.
Character length and limitations: 3-character country code.
MERCHANTLOCATIONID (Optional) Merchant-assigned store or location number (or name) that uniquely identifies where the transaction took place.
Character length and limitations: 15 alphanumeric characters
MERCHANTID (Required) American Express-assigned service establishment number used to identify and facilitate payments to merchants.
Character length and limitations: 15 alphanumeric characters.
MERCHANTCONTACTINFO (Optional) Merchant's telephone number or web address. (URLs and e-mail addresses may be lowercase, as appropriate.) This entry may appear on the descriptive bill on the card-member's statement, or may be used to resolve billing inquiries and disputes.
Note: American Express strongly recommends that aggregators (third-parties who bill for goods or services rendered by another entity) always fill in this field with the URL, e-mail address, or telephone number of the contact responsible for resolving disputes or inquiries.
Character length and limitations: 40 alphanumeric characters

Transaction Advice Detail Parameters
Field Description
ADDLAMTn (Optional) Detail of a charge where n is a value from 1 - 5. Use for additional breakdown of the amount.
Character length and limitations: Must include a decimal and be exact to the cent (42.00, not 42) and exclude comma separators (1234.56 not 1,234.56). Examples are a tip (ADDLAMT1=3.00) and a convenience charge (ADDLAMT2=2.00). 12 numeric characters. The amount passed must not contain more than two decimal places.
ADDLAMTTYPEn (Optional) A 3-digit code indicating the type of the corresponding charge detail, where n is a value from 1 - 5.
Character length and limitations: 3 numeric characters

Example American Express Level 2 Transaction Parameter String
TRXTYPE=S&ACCT=372449635311003&AMT=20.06&BILLTOCITY=Mountain View&DESC1=desc1
&DESC2=desc2&DESC3=desc3&DESC4=FRT10.00&EXPDATE=1215&BILLTOFIRSTNAME=Cardholder first name
&BILLTOLASTNAME=Cardholder last name&PARTNER=PayPal&PONUM=12345&PWD=pwd&SHIPTOZIP=94045
&BILLTOSTATE=CA&BILLTOSTREET=123 Main St.&TENDER=C&USER=user&BILLTOZIP=123451234

American Express Level 3 Parameters

American Express supports Level 3 transaction data. PayPal provides the Merchant Registration data values: Supplier Name, Supplier City, Supplier State, Supplier Postal code, Merchant No, and Federal Tax ID. The merchant provides the values listed in the following table.

American Express Level 3 Parameters

Field Description
INVNUM (Optional) Purchase order number.
Character length and limitations: 1 to 9 alphanumeric characters
AUTHCODE (Required) Authorization code. It is passed transparently for delayed capture. Use only with voice authorized force capture transactions.
REQNAME (Required) Requester name.
Character length and limitations: 1 to 40 alphanumeric characters
PONUM (Required) Card member reference number.
Character length and limitations: 1 to 17 alphanumeric characters
SHIPTOZIP (Required) Ship-to postal code (called zip code in the USA). This field must contain one of the following values:
- Zip code of the destination where the merchandise is to be shipped
- (If the above is not available) Zip code of the location where the merchant executed the transaction
Character length and limitations: 5 to 6 alphanumeric characters
INVOICEDATE (Optional) Invoice date. Defaults to transaction date if not present.
Character length and limitations: 8 alphanumeric characters, in the YYYYMMDD format
AMT (Required) Total transaction amount. The value must include a decimal and the exact amount to the cent (42.00, not 42). Do not include comma separators (1234.56 not 1,234.56).
Note: American Express Level 3 processing requires that this parameter have a maximum field length of 8.
Character length and limitations: 1 to 8 alphanumeric characters
TAXAMT (Required) Total tax amount. The value must include a decimal and the exact amount to the cent (42.00, not 42). Do not include comma separators (1234.56 not 1,234.56).
Character length and limitations: 1 to 6 numeric characters
DESC (Optional) Charge description. Defaults to "NO."
Character length and limitations: 1 to 40 alphanumeric characters
FREIGHTAMT (Optional) Total freight amount.
Character length and limitations: 1 to 15 alphanumeric characters
HANDLINGAMT (Optional) Total handling amount.
Character length and limitations: 1 to 15 alphanumeric characters
L_QTYn Payflow SDK:
XMLPay: Item.Quantity
(Required) Quantity invoiced.
Character length and limitations: 1 to 10 numeric characters
L_UOMn (Required) Unit of measurement. See the units of measurement codes reference table.
Character length and limitations: 2 alphanumeric characters
L_COSTn (Required) Unit price.
Character length and limitations: 1 to 15 numeric characters
L_DESCn (Required) Description of the item.
Character length and limitations: 1 to 80 alphanumeric characters
L_CATALOGNUMn (Required) Supplier's catalog number.
Character length and limitations: 1 to 20 alphanumeric characters
L_COSTCENTERNUMn (Required) Cost center number
Character length and limitations: 1 to 30 alphanumeric characters
L_PRODCODEn (Optional) The item's supplier stock keeping unit (SKU) number.
Character length and limitations: 1 to 30 alphanumeric characters
L_UPCn (Optional) The item's universal product code (UPC).
Character length and limitations: 1 to 30 alphanumeric characters
L_TAXAMTn (Optional) Item tax amount.
Character length and limitations: 1 to 6 numeric characters
L_FREIGHTAMTn (Optional) Freight amount.
Character length and limitations: 1 to 15 numeric characters
L_HANDLINGAMTn (Optional) Handling amount.
Character length and limitations: 1 to 15 numeric characters
L_TRACKINGNUMn (Optional) Tracking number.
Character length and limitations: 1 to 30 alphanumeric characters
L_PICKUPSTREETn (Optional) Drop-off address1.
Character length and limitations: 1 to 40 alphanumeric characters
L_PICKUPCITYn (Optional) Drop-off city.
Character length and limitations: 2 to 30 alphanumeric characters
L_PICKUPSTATEn (Optional) Drop-off state.
Character length and limitations: 2 alphanumeric characters
L_PICKUPZIPn (Optional) Drop-off postal or zip code.
Character length and limitations: 3 to 15 alphanumeric characters
L_PICKUPCOUNTRYn (Optional) Drop-off country. The payflow API accepts 3-digit country codes. Refer to ISO 3166-1 numeric.
Character length and limitations: 3-character country code
L_UNSPSCCODEn (Optional) UNSPSC code.
Character length and limitations: 1 to 30 alphanumeric characters

Example American Express Level 3 Transaction Parameter String
TRXTYPE=S&TENDER=C&partner=partner&PWD=test&USER=test&ACCT=378734493671000
&EXPDATE=1213&AMT=5.00&COMMENT1=PCARD Test&COMMENT2=Testing&BILLTOZIP=940151234
&BILLTOSTREET=123 Lincoln WAY&CVV2=0123&SHIPTOCOUNTRY=840&CUSTCODE=12345&FREIGHTAMT=1.00
&ORDERDATE=021700&HANDLINGAMT=1.00&PONUM=1234567890123456789012345&SHIPFROMZIP=940151234
&SHIPTOZIP=940151234&TAXAMT=1.00&TAXEXEMPT=N&L_UPC1=PN&L_QTY1=1&L_DESC1=Test123&L_UOM1=12
&L_COST1=1.00&L_PRODCODE1=123&L_COSTCENTERNUM1=55&L_TAXAMT1=0&L_QTY2=1&L_UPC1=PN&L_DESC2=Test
&L_UOM2=12&L_COST2=1.00&L_PRODCODE2=1234&L_COSTCENTERNUM2=55&L_TAXAMT2=1.00&REQNAME=Robert
&SHIPTOZIP=543210&INVNUM=123456789&VERBOSITY=HIGH

Cielo Payments Purchasing Card Transaction Processing

Cielo Payments Level 2 Parameters

Cielo Payments (formerly Merchant e-Solutions) supports MasterCard and Visa for Level 2 processing.

Cielo Payments indicates in the authorization response whether the credit card in the transaction is a commercial card. Based on the commercial card indicator, Payflow will format the Level 2 information in the settlement request.

Cielo Payments Level 2 Transaction Data

To get the discount rate, Level 2 values marked as Required in the following table must be present.

Parameter Description
PONUM (Required) Customer reference ID.
Character length and limitations: 1 to 16 alphanumeric characters
TAXAMT (Required) Tax amount. The value must include a decimal and the exact amount to the cent (42.00, not 42). Do not include comma separators (1234.56 not 1,234.56). To qualify for Level 2 discounts, this value must not be all zeros or blank spaces.
Character length and limitations: numeric
TAXEXEMPT (Optional) Tax amount identifier.
Character length and limitations: 1 alpha character, Y or N

Example Cielo Payments Level 2 Visa Transaction Parameter String
TRXTYPE=S&ACCT=4111111111111111&AMT=20.02&BILLTOCITY=Mountain View&COMMENT1=L2 Testing
&EXPDATE=1215&INVNUM=661254585&BILLTOFIRSTNAME=CardHolder Name&PARTNER=PayPal&PWD=pwd
&BILLTOSTATE=CA&BILLTOSTREET=123 Main St.&TAXAMT=1.01&TAXEXEMPT=N&TENDER=C&USER=user
&BILLTOZIP=94043

Cielo Payments Level 3 MasterCard Parameters

For Cielo Payments (formerly Merchant e-Solutions), to qualify for Level 3, the authorization response for the transaction must have the commercial card indicator set and one or more line items should be present in the delayed capture or sale request.

Level 2 transaction parameters marked as Required are required for Level 3 transactions. Level 3 transactions that do not include the required Level 2 values are rejected.

Important: The values required for Level 3 status vary by bank, so contact your bank for details.

Cielo Payments Level 2 MasterCard Parameters Required for Level 3 Transactions

Parameter Description
PONUM (Required) Purchase identifier.
Character length and limitations: 25 alphanumeric characters
TAXAMT (Required) Tax amount.
The value must include a decimal and the exact amount to the cent (42.00, not 42). Do not include comma separators (1234.56 not 1,234.56). To qualify for Level 2 discounts, this value must not be all zeros or blank spaces.
Character length and limitations: numeric
LOCALTAXAMT (Optional) Local tax.
Character length and limitations: 12 numeric characters. The amount passed must not contain more than two decimal places.
TAXEXEMPT (Optional) Local tax incl flag.
Character length and limitations: 1 alphanumeric, Y or N
NATIONALTAXAMT (Optional) National tax amount. You may omit this parameter if there is no such tax.
Character length and limitations: 12 numeric characters. The amount passed must not contain more than two decimal places.
INVNUM (Required) Purchase Order number or customer reference ID. The PNREF value is sent if no value is provided.
Character length and limitations: 9 alphanumeric characters

Cielo Payments Level 3 MasterCard Extended Data

The parameters listed in the table below apply to Level 3 MasterCard transactions as extended data.

Parameter Description
FREIGHTAMT (Optional) Freight amount.
Character length and limitations: 12 numeric characters
DUTYAMT (Optional) Duty amount.
Character length and limitations: 12 numeric characters
SHIPTOZIP (Required) The zip code of the address to which the goods are shipped.
Character length and limitations: 10 alphanumeric characters
SHIPFROMZIP (Required) The postal code (called zip code in the USA) from which shipping occurs.
Character length and limitations: 10 alphanumeric characters
SHIPTOCOUNTRY (Optional) Destination country code. The Payflow API accepts 3-digit numeric country codes. Refer to ISO 3166-1 numeric.
Character length and limitations: 3 alphanumeric characters
ALTTAXAMT (Optional) Alternate tax amount.
Character length and limitations: 9 numeric characters. The amount passed must not contain more than two decimal places.

Cielo Payments Level 3 MasterCard Line Item Detail Records

Note: For the following values, n is a sequence counter that should begin with 1 and increase in sequence. With each line item, include the quantity (L_QTYn) and unit price (L_COSTn) fields.

Parameter Description
L_COMMCODEn (Optional) Item commodity code.
Character length and limitations: 12 alphanumeric characters
L_DESCn (Required) Item descriptor.
Character length and limitations: 35 alphanumeric characters
L_UPCn (Optional) Product code.
Character length and limitations: 12 alphanumeric characters
L_QTYn (Required) Quantity.
Character length and limitations: 12 numeric characters
L_UOMn (Required) Unit of measurement code. See the units of measurement codes reference table.
Character length and limitations: 12 alphanumeric characters
L_COSTn (Required) Unit cost.
Character length and limitations: 12 numeric characters
L_TAXAMTn (Optional) VAT/tax amount.
Character length and limitations: 12 numeric characters
L_TAXRATEn (Optional) VAT/tax rate.
Character length and limitations: 4 numeric characters
L_DISCOUNTn (Optional) Discount per line item.
Character length and limitations: 12 numeric characters
L_AMTn (Optional) Line-item total.
Character length and limitations: 12 numeric characters

Example Cielo Payments Level 3 MasterCard Transaction Parameter String
TRXTYPE=S&TENDER=C&PARTNER=Partner&USER=User&PWD=Password&ACCT=5525000000000005
&EXPDATE=1215&AMT=1.00&BILLTOSTREET=5199 JOHNSON&BILLTOZIP=94588&ALTTAXAMT=1.00
&CUSTVATREGNUM=11111&LOCALTAXAMT=1.00&NATIONALTAXAMT=1.00&COMMCODE=22222&VATAXAMT=1.00
&VATAXPERCENT=10&TAXEXEMPT=Y&DISCOUNT=1.00&FREIGHTAMT=1.00&DUTYAMT=1.00&SHIPTOZIP=33333
&SHIPFROMZIP=44444&SHIPTOCOUNTRY=840&ORDERDATE=020725&L_COMMCODE1=123456789ABC
&L_DESC1=Line item 1 description&L_UPC1=CBA987654321&L_QTY1=1&L_UOM1=123456789012
&L_COST1=1.00&L_TAXAMT1=1.00&L_TAXRATE1=1.00&L_DISCOUNT1=1.00&L_AMT1=1.00&L_TAXTYPE1=TT3

Cielo Payments Level 3 Visa Parameters

For Cielo Payments (formerly Merchant e-Solutions), to qualify for Level 3 transactions, the authorization response for the transaction must have the commercial card indicator set and one or more line items should be present in the delayed capture or sale request.

Level 2 transaction parameters marked as Required are required for Level 3 transactions. Level 3 transactions that do not include the required Level 2 values are rejected.

Important: The values required for Level 3 status vary by bank, so contact your bank for details.

Cielo Payments Level 2 Visa Parameters Required for Level 3 Transactions

Parameter Description
PONUM (Required) Purchase identifier. TheTransaction ID is sent if no value is provided.
Character length and limitations: 25 alphanumeric characters
TAXAMT (Required) Tax amount.
The value must include a decimal and the exact amount to the cent (42.00, not 42). Do not include comma separators (1234.56 not 1,234.56).
Character length and limitations: numeric
LOCALTAXAMT (Optional) Local tax amount.
Character length and limitations: 12 numeric characters. The amount passed must not contain more than two decimal places.
TAXEXEMPT (Optional) Local tax incl flag.
Character length and limitations: 1 alphanumeric, Y or N
NATIONALTAXAMT (Optional) National tax amount.
Character length and limitations: 12 numeric characters. The amount passed must not contain more than two decimal places.
INVNUM (Required) Purchase order number/customer reference ID. The Transaction ID is sent if no value is provided.
Character length and limitations: 9 alphanumeric characters

Cielo Payments Level 3 Visa Extended Data

The parameters listed in the table below apply to Level 3 MasterCard transactions as extended data.

Parameter Description
COMMCODE (Optional) Summary commodity code identifier for the business.
Character length and limitations: 4 alphanumeric characters
DISCOUNT (Optional) Discount amount.
Character length and limitations: 12 numeric characters
FREIGHTAMT (Optional) Freight amount.
Character length and limitations: 12 numeric characters
DUTYAMT (Optional) Duty amount.
Character length and limitations: 12 numeric characters
ORDERDATE (Required) Order date. Format is mmddyy with no slashes or dashes. For example, July 28, 2003 is 072803.
Character length and limitations: 6 numeric characters
SHIPTOZIP (Required) The zip code of the address to which the goods are shipped.
Character length and limitations: 10 alphanumeric characters
SHIPFROMZIP (Required) The postal code (called zip code in the USA) from which shipping occurs.
Character length and limitations: 10 alphanumeric characters
SHIPTOCOUNTRY (Optional) Destination country code. The Payflow API accepts 3-digit numeric country codes. Refer to ISO 3166-1 numeric.
Character length and limitations: 3 alphanumeric characters
VATREGNUM (Required) VAT registration number. Can be part of the registration data or passed with each transaction.
Character length and limitations: 20 alphanumeric characters
FREIGHTAMT (Required) Unique VAT inventory reference number. Can be part of the registration data or passed with each transaction.
Character length and limitations: 9 alphanumeric characters
CUSTVATREGNUM (Required) Customer VAT registration number.
Character length and limitations: 13 alphanumeric characters
VATAXAMT (Optional) VAT/tax amount (freight/shipping).
Character length and limitations: 12 numeric characters. The amount passed must not contain more than two decimal places.
VATAXPERCENT (Optional) VAT/tax rate (freight/shipping).
Character length and limitations: 4 numeric characters.

Cielo Payments Level 3 Visa Line Item Detail Records

Parameter Description
L_COMMCODEn (Optional) Item commodity code.
Character length and limitations: 12 alphanumeric characters
L_DESCn (Required) Item descriptor.
Character length and limitations: 35 alphanumeric characters
L_UPCn (Optional) Product code.
Character length and limitations: 12 alphanumeric characters
L_QTYn (Required) Quantity.
Character length and limitations: 12 numeric characters
L_UOMn (Required) Unit of measurement code. See the units of measurement codes reference table.
Character length and limitations: 12 alphanumeric characters
L_COSTn (Required) Unit cost.
Character length and limitations: 12 numeric characters
L_TAXAMTn (Optional) VAT/tax amount.
Character length and limitations: 12 numeric characters
L_TAXRATEn (Optional) VAT/tax rate.
Character length and limitations: 4 numeric characters
L_DISCOUNTn (Optional) Discount per line item.
Character length and limitations: 12 numeric characters
L_AMTn (Optional) Line-item total.
Character length and limitations: 12 numeric characters

Example Cielo Payments Level 3 Visa Transaction Parameter String
TRXTYPE=S&TENDER=C&PARTNER=Partner&USER=User&PWD=Password&ACCT=4111111111111111
&EXPDATE=1215&AMT=1.00&BILLTOSTREET=5199 JOHNSON&TAXAMT=1.06&BILLTOZIP=94588
&ALTTAXAMT=1.00&CUSTVATREGNUM=11111&LOCALTAXAMT=1.01&NATIONALTAXAMT=1.02
&COMMCODE=22222&VATAXAMT=1.03&VATAXPERCENT=55&TAXEXEMPT=N&DISCOUNT=.50
&FREIGHTAMT=1.00&DUTYAMT=1.00&SHIPTOZIP=33333&SHIPFROMZIP=44444&SHIPTOCOUNTRY=840
&ORDERDATE=020725&L_COMMCODE1=123456789ABC&L_DESC1=Line item 1 description
&L_UPC1=CBA987654321&L_QTY1=1&L_UOM1=123456789012&L_COST1=1.50&L_TAXAMT1=1.05
&L_TAXRATE1=12&L_DISCOUNT1=.50&L_AMT1=1.00&L_TAXTYPE1=TT1

Elavon Purchasing Card Transaction Processing

Elavon, formerly Nova, supports Level 2 for Visa and MasterCard sale, credit, and delayed capture transactions.

Elavon Level 2 Parameters

To get the discount rate, include both Level 2 parameters listed in the following table. Pass these parameters in authorization and sale transactions.

Level 2 Parameters Description
CUSTCODE (Required) Customer code.
Character length and limitations: 1 to 16 alphanumeric characters
TAXAMT (Required) Sales tax.
The value must include a decimal and the exact amount to the cent (42.00, not 42). Do not include comma separators (1234.56 not 1,234.56). To qualify for Level 2 discounts, this value must not be all zeros or blank spaces.
Character length and limitations: numeric

Elavon Additional Parameters

The following parameters are recommended to obtain the best rates for purchasing card transactions with Elavon:

Field Description
COMMCARD (Optional) Type of purchasing card account number sent. Is one of the following values:
- P = Purchase Card
- C = Corporate Card
- B = Business Card
- U = Unknown (default)
- N = None
Character length and limitations: 1 alphanumeric character, defaults to U
PONUM (Optional) Purchase order number.
Character length and limitations: 25 alphanumeric characters, when used provides best rate
TAXAMT (Optional) Tax amount. The value must include a decimal and the exact amount to the cent (42.00, not 42). Do not include comma separators (1234.56 not 1,234.56).
Character length and limitations: 10 currency characters, when used provides best rate

Example Elavon Level 2 Transaction Parameter String
TRXTYPE=S&ACCT=5105105105105100&AMT=20.10&BILLTOCITY=Mountain View
&COMMENT1=L2 Testing&EXPDATE=1215&BILLTOFIRSTNAME=Cardholder First Name
&BILLTOLASTNAME=Cardholder Last Name&PARTNER=PayPal&PWD=pwd&BILLTOSTATE=CA
&BILLTOSTREET=123 Main St.&TENDER=C&USER=user&BILLTOZIP=94043
&CUSTCODE=123456&TAXAMT=1.34

First Data Merchant Services - FDMS - Nashville Purchasing Card Transaction Processing

Note: FDMS Nashville supports Level 2 transaction processing only.

The following parameters are recommended to obtain the best rates for purchasing card transactions with FDMS Nashville.

FDMS Nashville Commercial Card Parameters

Field Description
COMMCARD (Optional) Type of purchasing card account number sent. Is one of the following values:
- P = Purchase Card
- C = Corporate Card
- B = Business Card
- U = Unknown (default)
- N = None
Character length and limitations: 1 alphanumeric character, defaults to U
DUTYAMT (Optional) Sometimes called import tax. The value must include a decimal and the exact amount to the cent (42.00, not 42). Do not include comma separators (1234.56 not 1,234.56).
Character length and limitations: 10 currency characters
FREIGHTAMT (Optional) Freight amount. The value must include a decimal and the exact amount to the cent (42.00, not 42). Do not include comma separators (1234.56 not 1,234.56).
Character length and limitations: 10 currency characters
PONUM (Optional) Purchase order number.
Character length and limitations: 25 alphanumeric characters, provides best rate when used
SHIPTOZIP (Optional) Ship to postal code (called zip code in the USA).
Character length and limitations: 9 numeric characters, provides best rate when used
TAXAMT (Optional) Tax amount. The value must include a decimal and the exact amount to the cent (42.00, not 42). Do not include comma separators (1234.56 not 1,234.56).
Character length and limitations: 10 currency characters, provides best rate when used
TAXEXEMPT (Optional) Is the customer tax exempt?
Character length and limitations: 1 alphanumeric character, Y or N

First Data Merchant Services - FDMS - North Purchasing Card Transaction Processing

The following parameters are recommended to obtain the best rates for Level 2 and Level 3 purchasing card transactions with FDMS North.

FDMS North Purchasing Parameters

Field Description
SHIPTOCOUNTRY (Optional) Destination country code. The Payflow API accepts 3-digit numeric country codes. Refer to ISO 3166-1 numeric.
Character length and limitations: 3 alpha characters
DISCOUNT (Optional) Discount amount on total sale
Character length and limitations: 10 currency characters
DUTYAMT (Optional) Sometimes called import tax. If the currency uses a decimal, then the value must include a decimal and the exact amount to the cent (42.00, not 42). Do not include comma separators (1234.56 not 1,234.56).
Character length and limitations: 10 currency characters
FREIGHTAMT Character length and limitations: 10 currency characters
PONUM (Optional) Purchase order number / merchant-related data.
Character length and limitations: 25 alphanumeric characters, provides best rate when used
SHIPFROMZIP (Optional) The postal code (called zip code in the USA) from which shipping occurs.
Character length and limitations: 9 numeric characters, provides best rate when used
SHIPTOZIP (Optional) Ship to postal code (called zip code in the USA).
Character length and limitations: 9 numeric characters, provides best rate when used
TAXAMT (Optional) Tax amount. The value must include a decimal and the exact amount to the cent (42.00, not 42). Do not include comma separators (1234.56 not 1,234.56).
Character length and limitations: 10 currency characters

FDMS North Purchasing Card Line Item Parameters

Line item data (Level 3) describes the details of the item purchased and can be passed for each transaction. The convention for passing line item data in name-value pairs is that each name-value starts with L_ and ends with n where n is the line item number. For example L_QTY0=1 is the quantity for line item 0 and is equal to 1, with n starting at 0. You can pass up to 100 line items, where n starts at 0 and ends at 99. In addition, the SHIPFROMZIP parameter is required for Level 3 transactions.

FDMS North Line Item Parameters
Field Description
L_QTYn (Required) Quantity (whole units only).
Character length and limitations: 10 numeric characters
L_COMMCODEn (Optional) Item commodity code.
Character length and limitations: 12alphanumeric characters
L_DESCn (Optional) Item description.
Character length and limitations: 35 alphanumeric characters
L_UOMn (Optional) Item unit of measurement. See the units of measurement codes reference table.
Character length and limitations: 3 alpha characters
L_COSTn (Optional) Cost per item, excluding tax.
Character length and limitations: 10 currency characters
L_UPCn (Optional) Supplier specific product code.
Character length and limitations: 12 alphanumeric characters
L_DISCOUNTn (Optional) Discount per line item.
Character length and limitations: 10 currency characters
L_AMTn (Optional) Total line item amount including tax and discount. + for debit, - for credits.
Character length and limitations: 10 currency characters
L_TAXAMTn (Optional) Line item tax amount.
Character length and limitations: 10 currency characters

First Data Merchant Services - FDMS - South Purchasing Card Transaction Processing

The following parameters are recommended to obtain the best rates for Level 2 and Level 3 purchasing card transactions with FDMS South.

FDMS South Level 2 and Level 3 Purchasing Card Parameters
Field Description
BILLTOCITY (Optional) Cardholder's city.
Character length and limitations: 13 alpha characters
SHIPTOCOUNTRY (Optional) Destination Country Code. The Payflow API accepts 3-digit numeric country codes. Refer to the appendix at the end of this guide for FDMS South country codes. Visa and Mastercard are different.
Character length and limitations: 3 alpha characters
CUSTCODE (Optional) Customer code/customer reference ID.
Character length and limitations: 17 alphanumeric characters
DISCOUNT Discount amount on total sale.
Character length and limitations: 10 currency characters
DUTYAMT (Optional) Sometimes called import tax. If the currency uses a decimal, then the value must include a decimal and the exact amount to the cent(42.00, not 42). Do not include comma separators (1234.56 not 1,234.56).
Character length and limitations: 10 currency characters
BILLTOFIRSTNAME (Optional) Cardholder's first name.
Character length and limitations: 15 alpha characters
FREIGHTAMT (Optional) Freight amount. If the currency uses a decimal, then the value must include a decimal and the exact amount to the cent (42.00, not 42). Do not include comma separators (1234.56 not 1,234.56).
Character length and limitations: 10 currency characters
INVNUM (Optional) Merchant invoice number. This reference number ( PNREF generated by Payflow) is used for authorizations and settlements. The acquirer decides if this information will appear on the merchant's bank reconciliation statement.
Character length and limitations: 9 alphanumeric characters
BILLTOLASTNAME (Optional) Cardholder's last name.
Character length and limitations: 15 alpha characters
ORDERDATE (Optional) Order date. Format is mmddyy with no slashes or dashes. For example, July 28, 2003 is 072803.
Character length and limitations: 6 numeric characters
ORDERTIME (Optional) Order time and date. Format is either YYYY-MM-DD or YYYY-MM-DD HH:MI:SS (where HH is in 24-hour time). If the value does not conform to one of the formats or if the date is not valid (for example, 2004-17-35), then the transaction is rejected with a RESULT=7 (SIG_FIELD_ERR) and RESPMSG=Invalid ORDERTIME.
A truncated version of the ORDERTIME value (up to 7 characters) overwrites any value provided by ORDERDATE.
If no value is provided, a NULL value is stored.
Character length and limitations: 19 alphanumeric characters
PONUM (Optional) Purchase order number / merchant-related data.
Character length and limitations: 25 alphanumeric characters, provides best rate when used
SHIPFROMZIP (Optional) The postal code (called zip code in the USA) from which shipping occurs.
Character length and limitations: 9 numeric characters, provides best rate when used
SHIPTOZIP (Optional) Ship to postal code (called zip code in the USA).
Character length and limitations: 9 numeric characters, provides best rate when used
BILLTOSTATE (Optional) Cardholder's state.
Character length and limitations: 2 alpha characters
TAXAMT (Optional) Tax amount. The value must include a decimal and the exact amount to the cent (42.00, not 42). Do not include comma separators (1234.56 not 1,234.56).
Character length and limitations: 10 currency characters, provides best rate when used
TAXEXEMPT (Optional) Is the customer tax exempt?
Character length and limitations: 1 alphanumeric character, Y or N

FDMS South Line Item Parameters

Line item data (Level 3) describes the details of the item purchased and can be can be passed for each transaction. The convention for passing line item data in name-value pairs is that each name-value starts with L_ and ends with n where n is the line item number. For example L_QTY0=1 is the quantity for line item 0 and is equal to 1, with n starting at 0.

FDMS South Purchasing Card Line Item Parameters
Field Description
L_QTYn (Required) Quantity (whole units only).
Character length and limitations: 10 numeric characters
L_COMMCODEn (Optional) Item commodity code.
Character length and limitations: 12 alphanumeric characters
L_DESCn (Optional) Item description.
Character length and limitations: 35 alphanumeric characters
L_UOMn (Optional) Item unit of measurement. See the units of measurement codes reference table.
Character length and limitations: 3 alpha characters
L_COSTn (Optional) Cost per item, excluding tax.
Character length and limitations: 10 currency characters
L_PRODCODEn (Optional) Supplier-specific product code.
Character length and limitations: 12 alphanumeric characters
L_DISCOUNTn (Optional) Discount per line item.
Character length and limitations: 10 currency characters
L_AMTn (Required) Total line item amount including tax and discount. + for debit, - for credits.
Character length and limitations: 10 currency characters
L_TAXAMTn (Optional) Line item tax amount.
Character length and limitations: 10 currency characters

Example FDMS South Purchasing Card Level 2 and 3 Parameter String
TRXTYPE=S&TENDER=C&PARTNER=PayPal&VENDOR=SuperMerchant&USER=SuperMerchant&PWD=x1y2z3
&BILLTOSTATE=CA&BILLTOFIRSTNAME=John&BILLTOLASTNAME=Smith&BILLTOCITY=Redwood
&SHIPTOCOUNTRY=USA&CUSTCODE=12345&DISCOUNT=.25&DUTYAMT=34.00&FREIGHTAMT=12.00
&INVNUM=123456789&ORDERDATE=021700&PONUM=1234567890123456789012345&SHIPFROMZIP=940151234
&SHIPTOZIP=94065&TAXAMT=1.00&TAXEXEMPT=Y&ACCT=4012888888881881&EXPDATE=1215

Example FDMS South Line Item Parameter String
TRXTYPE=S&TENDER=C&PARTNER=PayPal&VENDOR=SuperMerchant&USER=SuperMerchant&PWD=x1y2z3
&BILLTOSTATE=CA&BILLTOFIRSTNAME=John&BILLTOLASTNAME=Smith&BILLTOCITY=Redwood&SHIPTOCOUNTRY=USA
&CUSTCODE=12345&DISCOUNT=.25&DUTYAMT=34.00&FREIGHTAMT=12.00&INVNUM=123456789&ORDERDATE=021700
&PONUM=1234567890123456789012345&SHIPFROMZIP=940151234&SHIPTOZIP=94065&TAXAMT=1.00&TAXEXEMPT=Y
&L_QTY1=1&L_UPC1=PN&L_DESC1=Test&L_UOM1=INQ&L_COST1=1.00&L_PRODCODE1=12345&L_DISCOUNT1=.25
&L_AMT1=.75&L_TAXAMT1=0&ACCT=4012888888881881&EXPDATE=1215

Global Payments - Central Purchasing Card Transaction Processing

Global Payments - Central (MAPP) supports Level 2 parameters for MasterCard, and Visa sale, credit, and delayed capture transactions.

Global Payments - Central Level 2 Parameters

Pass the following Level 2 parameters to get the discount rate.

Global Payments - Central Level 2 parameters
Level 2 Parameters Description
CUSTCODE (Required) Customer code.
Character length and limitations: 1 to 16 alphanumeric characters
TAXAMT (Required) Sales tax.
The value must include a decimal and the exact amount to the cent (42.00, not 42). Do not include comma separators (1234.56 not 1,234.56). To qualify for Level 2 discounts, this value must not be all zeros or blank spaces.
Character length and limitations: numeric

Example Global Payments - Central Level 2 Visa or MasterCard Transaction Parameter String
TRXTYPE=S&ACCT=5105105105105100&AMT=20.10&BILLTOCITY=Mountain View&COMMENT1=L2 Testing
&EXPDATE=1209&BILLTOFIRSTNAME=Cardholder First Name&BILLTOLASTNAME=Cardholder Last Name
&PARTNER=PayPal&PWD=pwd&BILLTOSTATE=CA&BILLTOSTREET=123 Main St.&TENDER=C&USER=user
&BILLTOZIP=94043&CUSTCODE=123456&TAXAMT=1.34

Global Payments - East Purchasing Card Transaction Processing

Global Payments - East supports Level 2 parameters for American Express, MasterCard, and Visa.

Global Payments - East Level 2 Parameters

Pass the following Level 2 parameters in authorization and sale transactions to get the discount rate.

Level 2 Parameters Description
CUSTCODE (Required) Customer code.
Character length and limitations: 1 to 16 alphanumeric characters
TAXAMT (Required) Sales tax.
The value must include a decimal and the exact amount to the cent (42.00, not 42). Do not include comma separators (1234.56 not 1,234.56). To qualify for Level 2 discounts, this value must not be all zeros or blank spaces.
Character length and limitations: numeric

Example Global Payments - East Level 2 Visa or MasterCard Transaction Parameter String
TRXTYPE=S&ACCT=5105105105105100&AMT=20.10&BILLTOCITY=Mountain View&COMMENT1=L2 Testing
&EXPDATE=1215&BILLTOFIRSTNAME=Cardholder FirstName&BILLTOLASTNAME=Cardholder LastName
&PARTNER=PayPal&PWD=pwd&BILLTOSTATE=CA&BILLTOSTREET=123 Main St.&TENDER=C&USER=user
&BILLTOZIP=94043&CUSTCODE=123456&TAXAMT=1.34

Global Payments - Central (MAPP) supports Level 2 for MasterCard, and Visa Sale, Credit, and Delayed Capture transactions.

Heartland Purchasing Card Transaction Processing

Heartland Level 2 Parameters

Heartland supports MasterCard and Visa for Level 2 processing.

Heartland indicates in the authorization response whether the credit card in the transaction is a commercial card. Based on the commercial card indicator, Payflow will format the Level 2 information in the settlement request.

Heartland Level 2 Transaction Data

To get the discount rate, pass the Level 2 values marked Required in the following table.

Parameter Description
PONUM (Required) Customer reference ID.
Character length and limitations: 1 to 16 alphanumeric characters
TAXAMT (Required) Tax amount. The value must include a decimal and the exact amount to the cent (42.00, not 42). Do not include comma separators (1234.56 not 1,234.56). To qualify for Level 2 discounts, this value must not be all zeros or blank spaces.
Character length and limitations: numeric
TAXEXEMPT (Optional) Tax amount identifier.
Character length and limitations: 1 alpha character, Y or N

Example Heartland Level 2 Visa Transaction Parameter String
TRXTYPE=S&ACCT=4111111111111111&AMT=20.02&BILLTOCITY=Mountain View
&COMMENT1=L2 Testing&EXPDATE=1215&INVNUM=661254585&BILLTOFIRSTNAME=CardHolder Name
&PARTNER=PayPal&PWD=pwd&BILLTOSTATE=CA&BILLTOSTREET=123 Main St.&TAXAMT=1.01
&TAXEXEMPT=N&TENDER=C&USER=user&BILLTOZIP=94043

Heartland Level 3 MasterCard Parameters

To qualify for Level 3, the authorization response for the transaction must have the commercial card indicator set and one or more line items should be present in the delayed capture or sale request.

Level 2 transaction parameters marked as Required are required for Level 3 transactions. Level 3 transactions that do not include the required Level 2 values are rejected.

Important: The values required for Level 3 status vary by bank, so contact your bank for details.

Heartland Level 2 MasterCard Parameters Required for Level 3 Transactions
Parameter Description
PONUM (Required) Purchase identifier.
Character length and limitations: 25 alphanumeric characters
TAXAMT (Required) Tax amount.
The value must include a decimal and the exact amount to the cent (42.00, not 42). Do not include comma separators (1234.56 not 1,234.56). To qualify for Level 2 discounts, this value must not be all zeros or blank spaces.
Character length and limitations: numeric
LOCALTAXAMT (Optional) Local tax.
Character length and limitations: 12 numeric characters. The amount passed must not contain more than two decimal places.
TAXEXEMPT (Optional) Local tax incl flag.
Character length and limitations: 1 alphanumeric, Y or N
NATIONALTAXAMT (Optional) National tax amount. You may omit this parameter if there is no such tax.
Character length and limitations: 12 numeric characters. The amount passed must not contain more than two decimal places.
INVNUM (Required) Purchase Order number or customer reference ID. The PNREF value is sent if no value is provided.
Character length and limitations: 9 alphanumeric characters

Heartland Level 3 MasterCard Extended Data

The parameters listed in the table below apply to Level 3 MasterCard transactions as extended data.

Parameter Description
FREIGHTAMT (Optional) Freight amount.
Character length and limitations: 12 numeric characters
DUTYAMT (Optional) Duty amount.
Character length and limitations: 12 numeric characters
SHIPTOZIP (Required) The zip code of the address to which the goods are shipped.
Character length and limitations: 10 alphanumeric characters
SHIPFROMZIP (Required) The postal code (called zip code in the USA) from which shipping occurs.
Character length and limitations: 10 alphanumeric characters
SHIPTOCOUNTRY (Optional) Destination country code. The Payflow API accepts 3-digit numeric country codes. Refer to ISO 3166-1 numeric.
Character length and limitations: 3 alphanumeric characters
ALTTAXAMT (Optional) Alternate tax amount.
Character length and limitations: 9 numeric characters. The amount passed must not contain more than two decimal places.

Heartland Level 3 MasterCard Line Item Detail Records

Note: For these values, n is a sequence counter that should begin with 1 and increase in sequence. Each line item should also contain quantity (L_QTYn) and unit price (L_COSTn) fields.

Parameter Description
L_COMMCODEn (Optional) Item commodity code.
Character length and limitations: 12 alphanumeric characters
L_DESCn (Required) Item descriptor.
Character length and limitations: 35 alphanumeric characters
L_UPCn (Optional) Product code.
Character length and limitations: 12 alphanumeric characters
L_QTYn (Required) Quantity.
Character length and limitations: 12 numeric characters
L_UOMn (Required) Unit of measurement code. See the units of measurement codes reference table.
Character length and limitations: 12 alphanumeric characters
L_COSTn (Required) Unit cost.
Character length and limitations: 12 numeric characters
L_TAXAMTn (Optional) VAT/tax amount.
Character length and limitations: 12 numeric characters
L_TAXRATEn (Optional) VAT/tax rate.
Character length and limitations: 4 numeric characters
L_DISCOUNTn (Optional) Discount per line item.
Character length and limitations: 12 numeric characters
L_AMTn (Optional) Line-item total.
Character length and limitations: 12 numeric characters
Example Heartland Level 3 MasterCard Transaction Parameter String
TRXTYPE=S&TENDER=C&PARTNER=Partner&USER=User&PWD=Password&ACCT=5525000000000005&EXPDATE=1215
&AMT=1.00&BILLTOSTREET=5199 JOHNSON&BILLTOZIP=94588&ALTTAXAMT=1.00&CUSTVATREGNUM=11111
&LOCALTAXAMT=1.00&NATIONALTAXAMT=1.00&COMMCODE=22222&VATAXAMT=1.00&VATAXPERCENT=10
&TAXEXEMPT=Y&DISCOUNT=1.00&FREIGHTAMT=1.00&DUTYAMT=1.00&SHIPTOZIP=33333&SHIPFROMZIP=44444
&SHIPTOCOUNTRY=840&ORDERDATE=020725&L_COMMCODE1=123456789ABC&L_DESC1=Line item 1 description
&L_UPC1=CBA987654321&L_QTY1=1&L_UOM1=123456789012&L_COST1=1.00&L_TAXAMT1=1.00&L_TAXRATE1=1.00
&L_DISCOUNT1=1.00&L_AMT1=1.00&L_TAXTYPE1=TT3

Heartland Level 3 Visa Parameters

To qualify for Level 3 transactions, the authorization response for the transaction must have the commercial card indicator set and one or more line items should be present in the delayed capture or sale request.

Level 2 transaction parameters marked as Required are required for Level 3 transactions. Level 3 transactions that do not include the required Level 2 values are rejected.

Important: The values required for Level 3 status vary by bank, so contact your bank for details.

Heartland Level 2 Visa Parameters Required for Level 3 Transactions
Parameter Description
PONUM (Required) Purchase identifier. TheTransaction ID is sent if no value is provided.
Character length and limitations: 25 alphanumeric characters
TAXAMT (Required) Tax amount.
The value must include a decimal and the exact amount to the cent (42.00, not 42). Do not include comma separators (1234.56 not 1,234.56).
Character length and limitations: numeric
LOCALTAXAMT (Optional) Local tax amount.
Character length and limitations: 12 numeric characters. The amount passed must not contain more than two decimal places.
TAXEXEMPT (Optional) Local tax incl flag.
Character length and limitations: 1 alphanumeric, Y or N
NATIONALTAXAMT (Optional) National tax amount.
Character length and limitations: 12 numeric characters. The amount passed must not contain more than two decimal places.
INVNUM (Required) Purchase order number/customer reference ID. The Transaction ID is sent if no value is provided.
Character length and limitations: 9 alphanumeric characters

Heartland Level 3 Visa Extended Data

The parameters listed in the table below apply to Level 3 MasterCard transactions as extended data.

Parameter Description
COMMCODE (Optional) Summary commodity code identifier for the business.
Character length and limitations: 4 alphanumeric characters
DISCOUNT (Optional) Discount amount.
Character length and limitations: 12 numeric characters
FREIGHTAMT (Optional) Freight amount.
Character length and limitations: 12 numeric characters
DUTYAMT (Optional) Duty amount.
Character length and limitations: 12 numeric characters
ORDERDATE (Required) Order date. Format is mmddyy with no slashes or dashes. For example, July 28, 2003 is 072803.
Character length and limitations: 6 numeric characters
SHIPTOZIP (Required) The zip code of the address to which the goods are shipped.
Character length and limitations: 10 alphanumeric characters
SHIPFROMZIP (Required) The postal code (called zip code in the USA) from which shipping occurs.
Character length and limitations: 10 alphanumeric characters
SHIPTOCOUNTRY (Optional) Destination country code. The Payflow API accepts 3-digit numeric country codes. Refer to ISO 3166-1 numeric.
Character length and limitations: 3 alphanumeric characters
VATREGNUM (Required) VAT registration number. Can be part of the registration data or passed with each transaction.
Character length and limitations: 20 alphanumeric characters
FREIGHTAMT (Required) Unique VAT inventory reference number. Can be part of the registration data or passed with each transaction.
Character length and limitations: 9 alphanumeric characters
CUSTVATREGNUM (Required) Customer VAT registration number.
Character length and limitations: 13 alphanumeric characters
VATAXAMT (Optional) VAT/tax amount (freight/shipping).
Character length and limitations: 12 numeric characters. The amount passed must not contain more than two decimal places.
VATAXPERCENT (Optional) VAT/tax rate (freight/shipping).
Character length and limitations: 4 numeric characters.

Heartland Level 3 Visa Line Item Detail Records
Parameter Description
L_COMMCODEn (Optional) Item commodity code.
Character length and limitations: 12 alphanumeric characters
L_DESCn (Required) Item descriptor.
Character length and limitations: 35 alphanumeric characters
L_UPCn (Optional) Product code.
Character length and limitations: 12 alphanumeric characters
L_QTYn (Required) Quantity.
Character length and limitations: 12 numeric characters
L_UOMn (Required) Unit of measurement code. See the units of measurement codes reference table.
Character length and limitations: 12 alphanumeric characters
L_COSTn (Required) Unit cost.
Character length and limitations: 12 numeric characters
L_TAXAMTn (Optional) VAT/tax amount.
Character length and limitations: 12 numeric characters
L_TAXRATEn (Optional) VAT/tax rate.
Character length and limitations: 4 numeric characters
L_DISCOUNTn (Optional) Discount per line item.
Character length and limitations: 12 numeric characters
L_AMTn (Optional) Line-item total.
Character length and limitations: 12 numeric characters

Example Heartland Level 3 Visa Transaction Parameter String
TRXTYPE=S&TENDER=C&PARTNER=Partner&USER=User&PWD=Password&ACCT=4111111111111111
&EXPDATE=1215&AMT=1.00&BILLTOSTREET=5199 JOHNSON&TAXAMT=1.06&BILLTOZIP=94588
&ALTTAXAMT=1.00&CUSTVATREGNUM=11111&LOCALTAXAMT=1.01&NATIONALTAXAMT=1.02
&COMMCODE=22222&VATAXAMT=1.03&VATAXPERCENT=55&TAXEXEMPT=N&DISCOUNT=.50
&FREIGHTAMT=1.00&DUTYAMT=1.00&SHIPTOZIP=33333&SHIPFROMZIP=44444&SHIPTOCOUNTRY=840
&ORDERDATE=020725&L_COMMCODE1=123456789ABC&L_DESC1=Line item 1 description
&L_UPC1=CBA987654321&L_QTY1=1&L_UOM1=123456789012&L_COST1=1.50&L_TAXAMT1=1.05

Litle Purchasing Card Transaction Processing

Litle Level 2 Parameters

The Litle platform supports Level 2 transaction data.

Litle Level 2 Parameters
Field Description
CUSTREF (Optional) Reference, such as a purchase order number, used by the customer for the purchase.
Character length and limitations: 17 alphanumeric characters
DISCOUNT (Optional) Discount amount for the order.
Character length and limitations: The decimal is implied. If, for example, you specify 500, this value is equivalent to $5.00. 8 numeric characters
DUTYAMT (Optional) Duty amount on the total purchased for the order.
Character length and limitations: The decimal is implied. If, for example, you specify 500, this value is equivalent to $5.00. 8 numeric characters
FREIGHTAMT (Optional) Shipping amount for the order.
Character length and limitations: The decimal is implied. If, for example, you specify 500, this value is equivalent to $5.00. 8 numeric characters
TAXAMT (Optional) Tax amount included in the amount of the transaction.
Character length and limitations: The decimal is implied. If, for example, you specify 500, this value is equivalent to $5.00. 8 numeric characters
L_AMTn (Optional) Amount of this line-item including tax, where n is a line-item number from 1 to 99. L_AMTn - L_TAXAMTn = line-item total.
Character length and limitations: The decimal is implied. If, for example, you specify 500, this value is equivalent to $5.00. 8 numeric characters
L_COMMCODEn (Optional) Identifier assigned by the card acceptor that categorizes the purchased item, where n is a line-item number from 1 to 99.
Character length and limitations: 12 alphanumeric characters
L_COSTn (Required if L_QTYn is supplied) Price of one unit of the item purchased, where n is a line-item number from 1 to 99.
Character length and limitations: 12 numeric characters
L_DESCn (Required) Description of this line-item, where n is a line-item number from 1 to 99.
Character length and limitations: 26 alphanumeric characters
L_DISCOUNTn (Optional) Discount per line item, where n is a line-item number from 1 to 99.
Character length and limitations: The decimal is implied. If, for example, you specify 500, this value is equivalent to $5.00. 8 numeric characters
L_PRODCODEn (Optional) Supplier-specific product code of the purchased item, where n is a line-item number from 1 to 99.
Character length and limitations: 12 numeric characters
L_QTYn (Optional) Number of items purchased, where n is a line-item number from 1 to 99.
Character length and limitations: 12 numeric characters
L_TAXAMTn (Optional) Line item tax amount, where n is a line-item number from 1 to 99. L_AMTn - L_TAXAMTn = line-item total.
Character length and limitations: The decimal is implied. If, for example, you specify 500, this value is equivalent to $5.00. 8 numeric characters
L_UOMn (Optional) Unit of measurement of the purchased item (such as kit, pair, gallon or month), where n is a line-item number from 1 to 99. See the units of measurement codes reference table.
Character length and limitations: 12 alphanumeric characters

Litle Level 3 Parameters

The Litle platform supports Level 3 transaction data.

Litle Level 3 Parameters
Field Description
CUSTREF (Optional) Reference, such as a purchase order number, used by the customer for the purchase.
Character length and limitations: 17 alphanumeric characters
DISCOUNT (Optional) Discount amount for the order.
Character length and limitations: The decimal is implied. If, for example, you specify 500, this value is equivalent to $5.00. 8 numeric characters
DUTYAMT (Optional) Duty amount on the total purchased for the order.
Character length and limitations: The decimal is implied. If, for example, you specify 500, this value is equivalent to $5.00. 8 numeric characters
FREIGHTAMT (Optional) Shipping amount for the order.
Character length and limitations: The decimal is implied. If, for example, you specify 500, this value is equivalent to $5.00. 8 numeric characters
TAXAMT (Optional) Tax amount included in the amount of the transaction.
Character length and limitations: The decimal is implied. If, for example, you specify 500, this value is equivalent to $5.00. 8 numeric characters
L_AMTn (Optional) Amount of this line-item including tax, where n is a line-item number from 1 to 99. L_AMTn - L_TAXAMTn = line-item total.
Character length and limitations: The decimal is implied. If, for example, you specify 500, this value is equivalent to $5.00. 8 numeric characters
L_COMMCODEn (Optional) Identifier assigned by the card acceptor that categorizes the purchased item, where n is a line-item number from 1 to 99.
Character length and limitations: 12 alphanumeric characters
L_COSTn (Required if L_QTYn is supplied) Price of one unit of the item purchased, where n is a line-item number from 1 to 99.
Character length and limitations: 12 numeric characters
L_DESCn (Required) Description of this line-item, where n is a line-item number from 1 to 99.
Character length and limitations: 26 alphanumeric characters
L_DISCOUNTn (Optional) Discount per line item, where n is a line-item number from 1 to 99.
Character length and limitations: The decimal is implied. If, for example, you specify 500, this value is equivalent to $5.00. 8 numeric characters
L_PRODCODEn (Optional) Supplier-specific product code of the purchased item, where n is a line-item number from 1 to 99.
Character length and limitations: 12 numeric characters
L_QTYn (Optional) Number of items purchased, where n is a line-item number from 1 to 99.
Character length and limitations: 12 numeric characters
L_TAXAMTn (Optional) Line item tax amount, where n is a line-item number from 1 to 99. L_AMTn - L_TAXAMTn = line-item total.
Character length and limitations: The decimal is implied. If, for example, you specify 500, this value is equivalent to $5.00. 8 numeric characters
L_UOMn (Optional) Unit of measurement of the purchased item (such as kit, pair, gallon or month), where n is a line-item number from 1 to 99. See the units of measurement codes reference table.
Character length and limitations: 12 alphanumeric characters

Paymentech Salem - New Hampshire - Purchasing Card Transaction Processing

Paymentech Salem - New Hampshire - Level 2 Parameters for American Express

The Paymentech Salem (New Hampshire) platform supports Level 2 parameters for American Express, MasterCard, Visa, and Switch/Solo Maestro. The parameters in the following tables meet card acceptance and American Express reporting and statement requirements.

Paymentech Salem CPC Level 2 Transaction Advice Addendum Parameters
Field Description
PONUM (Required) Purchase order number.
Character length and limitations: 17 alphanumeric characters
SHIPTOZIP (Required) Ship-to postal code (called zip code in the USA).
Character length and limitations: 15 alphanumeric characters
TAXAMT (Optional) Total tax amount. Must include a decimal and be exact to the cent (42.00, not 42) and exclude comma separators (1234.56 not 1,234.56).
Character length and limitations: 12 numeric characters
L_DESC1 (Optional) Description of this line item; if not provided, DESC1 (if present) is used.
Character length and limitations: 140 alphanumeric characters
L_AMT1 (Optional) Charge for this line item. Must include a decimal and be exact to the cent (42.00, not 42) and exclude comma separators (1234.56 not 1,234.56).
Character length and limitations: 12 numeric characters
L_QTY1 (Optional) Quantity of this line item.
Character length and limitations: 3 numeric characters
L_DESC2 (Optional) Description of this line item; if not provided, DESC2 (if present) is used.
Character length and limitations: 40 alphanumeric characters
L_AMT2 (Optional) Charge for this line item. Must include a decimal and be exact to the cent (42.00, not 42) and exclude comma separators (1234.56 not 1,234.56).
Character length and limitations: 12 numeric characters
L_QTY2 (Optional) Quantity of this line item
Character length and limitations: 3 numeric characters
L_DESC3 (Optional) Description of this line item; if not provided, DESC3 (if present) is used
Character length and limitations: 40 alphanumeric characters
L_AMT3 (Optional) Charge for this line item. Must include a decimal and be exact to the cent (42.00, not 42) and exclude comma separators (1234.56 not 1,234.56).
Character length and limitations: 12 numeric characters
L_QTY3 (Optional) Quantity of this line item
Character length and limitations: 3 numeric characters
L_DESC4 (Optional) Description of this line item; if not provided, DESC4 (if present) is used
Character length and limitations: 30 alphanumeric characters
L_AMT4 (Optional) Charge for this line item. Must include a decimal and be exact to the cent (42.00, not 42) and exclude comma separators (1234.56 not 1,234.56).
Character length and limitations: 12 numeric characters
L_QTY4 (Optional) Quantity of this line item
Character length and limitations: 3 numeric characters

Paymentech Salem Location Transaction Advice Addendum Parameters
Field Description
MERCHANTNAME (Optional) Name of merchant.
Character length and limitations: 38 alphanumeric characters
MERCHANTSTREET (Optional) Merchant's street address (number and street name).
Character length and limitations: 38 alphanumeric characters. If more than 38 characters, use proper and meaningful abbreviation. Do not truncate.
MERCHANTCITY (Optional) The name of the city were the transaction took place.
- If you are a third-party biller (bill for services or goods rendered by another entity), you must enter the name of the city in which the seller is located.
- If you are a mail order, phone order, or internet industry, you may substitute the name of the city in which the merchant's order processing facility is located.
Character length and limitations: 21 alphanumeric characters. If more than 21 characters, use proper and meaningful abbreviation. Do not truncate.
MERCHANTSTATE (Optional) The region code that corresponds to the state, province, or country subdivision of the merchant location where the transaction took place.
Region code examples:
- CA = California, USA
- NS = Nova Scotia, Canada
- COS = Colima Mexico
If you are a third-party biller (bill for services or goods rendered by another entity), you must enter the region code that corresponds to the state, province, or country subdivision in which the seller is located.
Character length and limitations: 3 alphanumeric characters
MERCHANTZIP (Optional) The 5- to 9-digit zip (postal) code excluding spaces, dashes, and non-numeric characters where the transaction took place.
If you are a third-party biller (bill for services or goods rendered by another entity), you must enter the postal code that corresponds to the seller's location.
Character length and limitations; 15 alphanumeric characters
MERCHANTCOUNTRYCODE (Optional) Country code of the location where the transaction took place. The Payflow API accepts 3-digit numeric country codes. Refer to ISO 3166-1 numeric.
Character length and limitations: 3-character country code.
MERCHANTLOCATIONID (Optional) Merchant-assigned store or location number (or name) that uniquely identifies where the transaction took place.
Note: Paymentech must enable your division for soft merchant processing or your transaction will fail with response reason code 258. Contact your Paymentech Account Manager for details.
Character length and limitations: 15 alphanumeric characters
MERCHANTID (Required) American Express-assigned service establishment number used to identify and facilitate payments to merchants.
Note: Paymentech must enable your division for soft merchant processing or your transaction will fail with response reason code 258. Contact your Paymentech Account Manager for details.
Character length and limitations: 15 alphanumeric characters
MERCHANTCONTACTINFO (Optional) Merchant's telephone number or web address. (URLs and e-mail addresses may be lowercase, as appropriate.) This entry may appear on the descriptive bill on the card-member's statement, or may be used to resolve billing inquiries and disputes.
Note: Paymentech must enable your division for soft merchant processing or your transaction will fail with response reason code 258. Contact your Paymentech Account Manager for details.
Character length and limitations: 40 alphanumeric characters

Paymentech Salem Transaction Advice Detail Parameters
Field Description
ADDLAMTn (Optional) Detail of a charge where n is a value from 1 - 5. Use for additional breakdown of the amount.
Character length and limitations: Must include a decimal and be exact to the cent (42.00, not 42) and exclude comma separators (1234.56 not 1,234.56). Examples are a tip (ADDLAMT1=3.00) and a convenience charge (ADDLAMT2=2.00). 12 numeric characters. The amount passed must not contain more than two decimal places.
ADDLAMTTYPEn (Optional) A 3-digit code indicating the type of the corresponding charge detail, where n is a value from 1 - 5.
Character length and limitations: 3 numeric characters

Paymentech Salem - New Hampshire - Level 3 Purchasing Card Parameters

Paymentech Salem (New Hampshire) supports Level 3 parameters for MasterCard and Visa.

Note: Transactions containing level 3 data sent from a Paymentech Salem account that is not level 3 enabled are rejected by the Paymentech Salem processor. Check the HOSTCODE and EXTRSPMSG parameters in the transaction response to determine the reason why your transaction was rejected by the processor. To enable your Paymentech Salem account to accept level 3 transaction data, contact the Paymentech Salem processor.

Both of the level 2 transaction parameters in the following table are required for Level 3 transactions. Level 3 transactions that do not include them are rejected.

Paymentech Salem - New Hampshire - Level 2 Parameters Required for Level 3 Transactions

To get the discount rate, pass both Level 2 parameters in the following table.

Paymentech Salem Level 2 Parameters Required for Level 3 Transactions
Parameter Description
PONUM (Required) Customer reference number.
Character length and limitations: 1 to 17 alphanumeric characters
TAXAMT (Required) Sales tax.
The value must include a decimal and the exact amount to the cent (42.00, not 42). Do not include comma separators (1234.56 not 1,234.56). To qualify for Level 2 discounts, this value must not be all zeros or blank spaces.
Character length and limitations: numeric

Paymentech Salem - New Hampshire - Level 3 MasterCard Parameters

Paymentech Salem Level 3 MasterCard Order Parameters
Parameter Description
FREIGHTAMT (Required) Freight amount.
Character length and limitations: numeric
DUTYAMT (Required) Duty amount.
Character length and limitations: numeric
SHIPTOZIP (Optional) Destination zip code.
SHIPTOCOUNTRY (Optional) Destination country. The Payflow API accepts 3-digit numeric country codes. Refer to ISO 3166-1 numeric.
SHIPFROMZIP (Optional) Ship from zip code.
ALTERNATETAXID (Conditional) For North American merchants, this field is required if the ALTERNATETAXAMT is included. Alternate tax ID.
ALTERNATETAXAMT (Optional) Alternate tax amount. For North American merchants, if provided, the ALTERNATETAXID must also be included in the request.
Character length and limitations: The amount passed must not contain more than two decimal places.

Paymentech Salem Level 3 MasterCard Line Item Record 1 Parameters
Parameter Description
L_DESCn (Required) Description, where n in the fieldname is a number from 0 to 99.
L_UPCn (Required) Product code, where n in the fieldname is a number from 0 to 99.
L_QTYn (Required) Quantity, where n in the fieldname is a number from 0 to 99.
Character length and limitations: numeric characters
L_UOMn (Required) Unit of measurement, where n in the fieldname is a number from 0 to 99. See the units of measurement codes reference table.
L_TAXAMTn (Optional) Tax amount, where n in the fieldname is a number from 0 to 99.
Character length and limitations: numeric
L_TAXRATEn (Optional) Tax rate, where n in the fieldname is a number from 0 to 99.
Character length and limitations: 4 numeric characters

Paymentech Salem Level 3 MasterCard Line Item Record 2 Parameters
Parameter Description
L_AMTn (Required) Line-item total, where n in the fieldname is a number from 0 to 99.
Character length and limitations: numeric
L_DISCOUNTn (Optional) Discount amount, where n in the fieldname is a number from 0 to 99.
Character length and limitations: numeric
L_TAXTYPEn (Optional) Tax type applied, where n in the fieldname is a number from 0 to 99.

Paymentech Salem - New Hampshire - Level 3 Visa Parameters

Paymentech Salem Level 3 Visa Order Parameters
Parameter Description
FREIGHTAMT (Required) Freight amount.
Character length and limitations: numeric
DUTYAMT (Required) Duty amount.
Character length and limitations: numeric
SHIPTOZIP (Optional) Destination zip code.
SHIPTOCOUNTRY (Optional) Destination country. The Payflow API accepts 3-digit numeric country codes. Refer to ISO 3166-1 numeric.
SHIPFROMZIP (Optional) Ship from zip code.
DISCOUNT (Required) Discount amount.
Character length and limitations: numeric
TAXAMT (Optional) VAT/Tax ID.
Character length and limitations: numeric
TAXPERCENTAGE (Optional) VAT/Tax amount.

Paymentech Salem Level 3 Visa Line Item Record 1 Parameters
Parameter Description
L_DESCn (Required) Description, where n in the fieldname is a number from 0 to 99.
L_UPCn (Required) Product code, where n in the fieldname is a number from 0 to 99.
L_QTYn (Required) Quantity, where n in the fieldname is a number from 0 to 99.
Character length and limitations: numeric characters
L_UOMn (Required) Unit of measurement, where n in the fieldname is a number from 0 to 99. See the units of measurement codes reference table.
L_TAXAMTn (Optional) Tax amount, where n in the fieldname is a number from 0 to 99.
Character length and limitations: numeric
L_TAXRATEn (Optional) Tax rate, where n in the fieldname is a number from 0 to 99.
Character length and limitations: 4 numeric characters

Paymentech Salem Level 3 Visa Line Item Record 2 Parameters
Parameter Description
L_AMTn (Required) Line-item total, where n in the fieldname is a number from 0 to 99.
Character length and limitations: numeric
L_DISCOUNTn (Required) Discount amount, where n in the fieldname is a number from 0 to 99.
Character length and limitations: numeric
L_COMMCODE (Required) Item commodity code, an identifier assigned by the card acceptor that categorizes the purchased item. n in the fieldname is a number from 0 to 99.
Character length and limitations: 12 alphanumeric characters
L_COSTn (Required) Unit cost, where n in the fieldname is a number from 0 to 99.
Character length and limitations: numeric

Example Paymentech Salem - New Hampshire - Level 3 MasterCard Transaction Parameter String
TRXTYPE=S&TENDER=C&PARTNER=Partner&PWD=Password&USER=User&ACCT=5480180000000024
&EXPDATE=1215&AMT=1.00&COMMENT1=0508&BILLTOFIRSTNAME=Robert&BILLTOSTREET=123 Main St.
&BILLTOZIP=94065&CVV2=426&PONUM=ABCDEFGHIJ&TAXAMT=1.00&FREIGHTAMT=2.00&DUTYAMT=3.00
&SHIPTOZIP=94543&SHIPTOCOUNTRY=840&SHIPFROMZIP=94509&ALTERNATETAXID=10&ALTERNATETAXAMT=4.00
&L_DESC1=MC Pcard&L_UPC1=1&L_QTY1=2&L_UOM1=3&L_TAXAMT1=4&L_TAXRATE1=5&L_AMT1=6
&L_DISCOUNT1=7&L_TAXTYPE1=8

Example Paymentech Salem - New Hampshire - Level 3 Visa Transaction Parameter String
TRXTYPE=S&TENDER=C&PARTNER=Partner&PWD=Password&USER=User&ACCT=4275330012345626
&EXPDATE=1215&AMT=1.00&COMMENT1=0508&BILLTOFIRSTNAME=Robert&BILLTOSTREET=123 Main St.
&BILLTOZIP=94065&CVV2=426&PONUM=ABCDEFGHIJ&TAXAMT=1.00&FREIGHTAMT=2.00&DUTYAMT=3.00
&SHIPTOZIP=94543&SHIPTOCOUNTRY=840&SHIPFROMZIP=94509&DISCOUNT=4.00&VATAXAMT=5.00
&VATAXPERCENT=10&L_DESC1=TSYS Acquiring Solutions Pcard&L_UPC1=1&L_UOM1=2&L_QTY1=3
&L_TAXAMT1=4&L_TAXRATE1=5&L_AMT1=6&L_DISCOUNT1=7&L_COMMCODE1=8&L_COST1=9&L_COST1=10

Paymentech Tampa - Purchasing Card Transaction Processing

Paymentech Tampa supports Level 2 and 3 purchasing card processing for MasterCard and Visa.

Paymentech Tampa Level 2 Parameters

Paymentech Tampa supports Level 2 purchasing card processing for MasterCard and Visa.

Paymentech Tampa Level 2 Parameters Description
PONUM (Required) Customer reference number.
Character length and limitations: 1 to 17 alphanumeric characters
TAXAMT (Required) Sales tax.
The value must include a decimal and the exact amount to the cent (42.00, not 42). Do not include comma separators (1234.56 not 1,234.56). To qualify for Level 2 discounts, this value must not be all zeros or blank spaces.
Character length and limitations: numeric
TAXEXEMPT (Required) Tax exempt.
Character length and limitations: 1 alphanumeric character, Y or N
SHIPTOZIP (Required) Ship-to postal code (called zip code in the USA).
Character length and limitations: 1 to 16 alphanumeric characters

Example Paymentech Tampa Level 2 Visa and MasterCard Transaction Parameter String
TRXTYPE=S&TENDER=C&PWD=PWD&USER=USER&PARTNER=PARTNER&ACCT=4275330012345675
&EXPDATE=1215&AMT=12.59&VERBOSITY=HIGH&BILLTOSTREET=123 Main St.&BILLTOZIP=49801
&CVV2=248&TAXAMT=1.22&PONUM=AB12345678&SHIPTOZIP=98765&TAXEXEMPT=N

Paymentech Tampa Level 3 Parameters

Paymentech Tampa Level 3 Parameters Description
TAXAMT (Required) Total tax amount.
Character length and limitations: 9 numeric characters plus a decimal point. No currency symbol. Specify the exact amount to the cent using a decimal point; use 34.00, not 34. Do not include comma separators; use 1199.95 not 1,199.95.
FREIGHTAMT (Required) Total shipping costs for this order.
Character length and limitations: 9 numeric characters plus a decimal point. No currency symbol. Specify the exact amount to the cent using a decimal point; use 34.00, not 34. Do not include comma separators; use 1199.95 not 1,199.95.
DUTYAMT (Required) Sometimes called import tax.
Character length and limitations: 9 numeric characters plus a decimal point. No currency symbol. Specify the exact amount to the cent using a decimal point; use 34.00, not 34. Do not include comma separators; use 1199.95 not 1,199.95.
SHIPTOZIP (Required) Ship-to postal code (called zip code in the USA).
Character length and limitations: 1 to 9 alphanumeric characters
SHIPTOCOUNTRY (Required) Ship-to country. The Payflow API accepts a 3-digit numeric country code. Refer to ISO 3166-1 numeric.
Character length and limitations: 3 character country code
SHIPFROMZIP (Required) The postal code (called zip code in the USA) from which shipping occurs.
Character length and limitations: 1 to 9 alphanumeric characters
DISCOUNT (Required) Shipping discount for this order.
Character length and limitations: 9 numeric characters plus a decimal point. No currency symbol. Specify the exact amount to the cent using a decimal point; use 34.00, not 34. Do not include comma separators; use 1199.95 not 1,199.95.
ALTERNATETAXID (Required) Alternate Tax ID.
TAXEXEMPT (Required) Indicates whether the customer is tax exempt. Value is:
Y - The customer is tax exempt.
N - The customer is not tax exempt (default).
Character length and limitations: 1 alphanumeric characters
CUSTCODE (Required) Customer reference number.
Character length and limitations: 1 to 17 alphanumeric characters
L_COMMCODE1 (Required) Item commodity code. (n is a line item number from 1 to 6.)
Character length and limitations: 1 to 12 alphanumeric characters
L_DESCn (Required) Description of this line-item. (n is a line item number from 1 to 6.)
Character length and limitations: 1 to 19 alphanumeric characters
L_PRODCODE1 (Required) The item's supplier stock keeping unit (SKU) number. (n is a line item number from 1 to 6.)
Character length and limitations: 1 to 30 alphanumeric characters
L_QTYn (Required) Quantity invoiced. (n is a line item number from 1 to 6.)
Character length and limitations: 1 to 10 numeric characters
L_UOMn (Required) Unit of measurement. (n is a line item number from 1 to 6.) See the units of measurement codes reference table.
L_COSTn (Required) Unit price. (n is a line item number from 1 to 6.)
Character length and limitations: 9 numeric characters plus a decimal point. No currency symbol. Specify the exact amount to the cent using a decimal point; use 34.00, not 34. Do not include comma separators; use 1199.95 not 1,199.95.
L_DISCOUNTn (Required) Discount per line item. (n is a line item number from 1 to 6.)
Character length and limitations: 9 numeric characters plus a decimal point. No currency symbol. Specify the exact amount to the cent using a decimal point; use 34.00, not 34. Do not include comma separators; use 1199.95 not 1,199.95.
L_AMTn (Required) Total line item amount including tax and discount. The amount should be a positive number for debits and a negative number for credits. (n is a line item number from 1 to 6.)
Character length and limitations: 9 numeric characters plus a decimal point. No currency symbol. Specify the exact amount to the cent using a decimal point; use 34.00, not 34. Do not include comma separators; use 1199.95 not 1,199.95.
L_UPCn (Required) The item's universal product code (UPC). (n is a line item number from 1 to 6.)
Character length and limitations: 1 to 30 alphanumeric characters
L_NGIn (Required) Item net / gross indicator. (n is a line item number from 1 to 6). Value is:
N - Item extended amount does not include tax.
Y - Item extended amount includes tax.
L_TAXAMTn (Required) Line-item tax amount. (n is a line item number from 1 to 6.)
Note: Character length and limitations: 9 numeric characters plus a decimal point. No currency symbol. Specify the exact amount to the cent using a decimal point; use 34.00, not 34. Do not include comma separators; use 1199.95 not 1,199.95.

Example Paymentech Tampa Level 3 Visa and MasterCard Transaction Parameter String
TRXTYPE=S&TENDER=C&PWD=PWD&USER=USER&PARTNER=PARTNER&ACCT=4275330012345675&EXPDATE=1215
&AMT=26.41&VERBOSITY=HIGH&BILLTOSTREET=123 Main St.&BILLTOZIP=49801&CVV2=248&TAXAMT=1.26
&PONUM=AB12345678&FREIGHTAMT=8.95&DUTYAMT=0.00&SHIPTOZIP=240181543&SHIPTOCOUNTRY=US
&SHIPFROMZIP=60646&DISCOUNT=0.00&ALTERNATETAXID=0&TAXEXEMPT=N&CUSTCODE=XYZ1903&L_COMMCODE1=55121600
&L_DESC1=LABEL 100X100 FLAM SOLID SINGLES&L_PRODCODE1=HML5S&L_QTY1=50&L_UOM1=KSH&L_COST1=0.16
&L_DISCOUNT1=0.00&L_AMT1=8.10&L_UPC1=1&L_NGI1=Y&L_TAXAMT1=1.00

SecureNet Purchasing Card Transaction Processing

SecureNet supports MasterCard and Visa for performing Level 2 and Level 3 purchasing card transactions.

SecureNet Level 2 Parameters

SecureNet supports MasterCard and Visa for Level 2 purchasing card transactions.

SecureNet indicates in the authorization response whether the credit card in the transaction is a commercial card. Based in the commercial card indicator, Payflow will format the Level 2 information in the settlement request.

To get the discount rate, Level 2 parameters marked as Required in the following table must be present .

SecureNet Level 2 Parameters
Parameter Description
PONUM (Required) Customer reference ID.
Character length and limitations: 1 to 17 alphanumeric characters
TAXAMT (Required) Tax amount.
The value must include a decimal and the exact amount to the cent (42.00, not 42). Do not include comma separators (1234.56 not 1,234.56).
Character length and limitations: numeric
TAXEXEMPT (Optional) Tax amount identifier.
Character length and limitations: 1 alpha character, Y or N

Example SecureNet Level 2 Visa Transaction Parameter String
TRXTYPE=S&ACCT=4111111111111111&AMT=20.02&BILLTOCITY=Mountain View&COMMENT1=L2 Testing
&EXPDATE=1215&INVNUM=661254585&BILLTOFIRSTNAME=CardHolder First Name
&BILLTOLASTNAME=CardHolder Last Name&PARTNER=PayPal&PWD=pwd&BILLTOSTATE=CA&
BILLTOSTREET=123 Main St.&TAXAMT=1.01&TAXEXEMPT=N&TENDER=C&USER=user&BILLTOZIP=94043

SecureNet Level 3 MasterCard Parameters

To qualify for Level 3 purchasing card transaction processing, the authorization response for the transaction must have the commercial card indicator set and one or more line items should be present in the delayed capture or sale request.

Level 2 transaction parameters marked as Required are required for Level 3 transactions. Level 3 transactions that do not include the required Level 2 values are rejected.

Important: The values required for Level 3 status vary by bank, so contact your bank for details.

SecureNet Level 2 MasterCard Parameters Required for Level 3 Line Item Transactions
Parameter Description
PONUM (Required) Purchase identifier. The transaction ID is sent if no value is provided.
Character length and limitations: 25 alphanumeric characters
TAXAMT (Required) Tax amount.
The value must include a decimal and the exact amount to the cent (42.00, not 42). Do not include comma separators (1234.56 not 1,234.56).
Character length and limitations: numeric
LOCALTAXAMT (Optional) Local tax.
Character length and limitations: 12 numeric characters. The amount passed must not contain more than two decimal places.
TAXEXEMPT (Optional) Local tax incl flag.
Character length and limitations: 1 alphanumeric, Y or N
NATIONALTAXAMT (Optional) National tax amount.
Character length and limitations: 12 numeric characters. The amount passed must not contain more than two decimal places.
INVNUM (Required) Purchase order number/customer reference ID. The value of PNREF is sent if the INVNUM parameter is not provided.
Character length and limitations: 9 alphanumeric characters

SecureNet Level 3 MasterCard Extended Data

The parameters listed in the table below apply to Level 3 MasterCard transactions as extended data.

Parameter Description
FREIGHTAMT (Optional) Freight amount.
Character length and limitations: 12 numeric characters
DUTYAMT (Optional) Duty amount.
Character length and limitations: 12 numeric characters
SHIPTOCOUNTRY (Optional) Destination country code. The Payflow API accepts 3-digit numeric country codes. Refer to ISO 3166-1 numeric.
Character length and limitations: 3 alphanumeric characters
ALTTAXAMT (Optional) Alternate tax amount.
Character length and limitations: 9 numeric characters. The amount passed must not contain more than two decimal places.

SecureNet Level 3 MasterCard Line Item Detail Records

Note: For these values, n is a sequence counter that should begin with 1 and increase in sequence. Each line item should also contain quantity (L_QTYn) and unit price (L_COSTn) fields.

Parameter Description
L_DESCn (Required) Item descriptor.
Character length and limitations: 35 alphanumeric characters
L_UPCn (Optional) Product code.
Character length and limitations: 12 alphanumeric characters
L_QTYn (Required) Quantity.
Character length and limitations: 12 numeric characters
L_UOMn (Required) Unit of measurement code. See the units of measurement codes reference table.
Character length and limitations: 12 alphanumeric characters
L_TAXRATEn (Optional) Tax rate applied.
Character length and limitations: 4 numeric characters
L_TAXTYPEn (Optional) Tax type applied.
Character length and limitations: 4 alphanumeric characters
L_TAXAMTn (Optional) Tax amount.
Character length and limitations: 12 numeric characters
L_DISCOUNTn (Optional) Discount amount.
Character length and limitations: 12 numeric characters

Example SecureNet Level 3 MasterCard Transaction Parameter String
TRXTYPE=S&TENDER=C&PARTNER=Partner&USER=User&PWD=Password&ACCT=5525000000000005
&EXPDATE=1215&AMT=1.00&BILLTOSTREET=5199 JOHNSON&BILLTOZIP=94588&ALTTAXAMT=1.00
&CUSTVATREGNUM=11111&LOCALTAXAMT=1.00&NATIONALTAXAMT=1.00&COMMCODE=22222&VATAXAMT=1.00
&VATAXPERCENT=10&TAXEXEMPT=Y&DISCOUNT=1.00&FREIGHTAMT=1.00&DUTYAMT=1.00&SHIPTOZIP=33333
&SHIPFROMZIP=44444&SHIPTOCOUNTRY=840&ORDERDATE=020725&L_COMMCODE1=123456789ABC
&L_DESC1=Line item 1 description&L_UPC1=CBA987654321&L_QTY1=1&L_UOM1=123456789012
&L_COST1=1.00&L_TAXAMT1=1.00&L_TAXRATE1=1.00&L_DISCOUNT1=1.00&L_AMT1=1.00&L_TAXTYPE1=TT3

SecureNet Acquiring Solutions Level 3 Visa Parameters

To qualify for Level 3 purchasing card transaction processing, the authorization response for the transaction must have the commercial card indicator set and one or more line items should be present in the delayed capture or sale request.

Level 2 transaction parameters marked as Required are required for Level 3 transactions. Level 3 transactions that do not include the required Level 2 values are rejected.

Important: The values required for Level 3 status vary by bank, so contact your bank for details.

SecureNet Level 2 Visa Parameters for Level 3 Line Item Transactions
Parameter Description
PONUM (Required) Purchase identifier. The transaction ID is sent if no value is provided.
Character length and limitations: 25 alphanumeric characters
TAXAMT (Required) Tax amount.
The value must include a decimal and the exact amount to the cent (42.00, not 42). Do not include comma separators (1234.56 not 1,234.56).
Character length and limitations: numeric
LOCALTAXAMT (Optional) Local tax.
Character length and limitations: 12 numeric characters. The amount passed must not contain more than two decimal places.
TAXEXEMPT (Optional) Local tax incl flag.
Character length and limitations: 1 alphanumeric, Y or N
NATIONALTAXAMT (Optional) National tax amount.
Character length and limitations: 12 numeric characters. The amount passed must not contain more than two decimal places.
INVNUM (Required) Purchase order number/customer reference ID. The value of PNREF is sent if the INVNUM parameter is not provided.
Character length and limitations: 9 alphanumeric characters

SecureNet Level 3 Visa Extended Data

The parameters listed in the table below apply to Level 3 Visa transactions as extended data.

Parameter Description
DISCOUNT (Optional) Discount amount.
Character length and limitations: 12 numeric characters
FREIGHTAMT (Optional) Freight amount.
Character length and limitations: 12 numeric characters
DUTYAMT (Optional) Duty amount.
Character length and limitations: 12 numeric characters
ORDERDATE (Required) Order date. The format is yymmdd with no slashes or dashes. For example, January 28, 2013 is 130128.
Character length and limitations: 6 numeric characters
SHIPTOCOUNTRY (Optional) Destination country code. The Payflow API accepts 3-digit numeric country codes. Refer to ISO 3166-1 numeric.
Character length and limitations: 3 alphanumeric characters
FREIGHTAMT (Required) Unique VAT inv reference number. Can be part of the registration data or passed with each transaction.
Character length and limitations: 9 alphanumeric characters
CUSTVATREGNUM (Required) Customer VAT Registration Number.
Character length and limitations: 13 alphanumeric characters
VATAXAMT (Optional) VAT/tax amount (freight/shipping).
Character length and limitations: 12 numeric characters. The amount passed must not contain more than two decimal places.
VATAXPERCENT (Optional) VAT/tax rate (freight/shipping).
Character length and limitations: 4 numeric characters.

SecureNet Level 3 Visa Line Item Detail Records

Note: For these values, n is a sequence counter that should begin with 1 and increase in sequence. Each line item should also contain quantity (L_QTYn) and unit price (L_COSTn) fields.

Parameter Description
L_COMMCODEn (Optional) Item commodity code.
Character length and limitations: 12 alphanumeric characters
L_DESCn (Required) Item descriptor.
Character length and limitations: 35 alphanumeric characters
L_UPCn (Optional) Product code.
Character length and limitations: 12 alphanumeric characters
L_QTYn (Required) Item quantity.
Character length and limitations: 12 numeric characters
L_UOMn (Required) Unit of measurement code. See the units of measurement codes reference table.
Character length and limitations: 12 alphanumeric characters
L_COSTn (Required) Unit cost.
Character length and limitations: 12 numeric characters
L_TAXAMTn (Optional) VAT/tax amount.
Character length and limitations: 12 numeric characters
L_TAXRATEn (Optional) VAT/tax rate.
Character length and limitations: 4 numeric characters
L_DISCOUNTn (Optional) Discount per line item.
Character length and limitations: 12 numeric characters
L_AMTn (Optional) Line-item total.
Character length and limitations: 12 numeric characters

Example SecureNet Level 3 Visa Transaction Parameter String
TRXTYPE=S&TENDER=C&PARTNER=Partner&USER=User&PWD=Password&ACCT=4111111111111111&EXPDATE=1215&AMT=1.00
&BILLTOSTREET=5199 JOHNSON&TAXAMT=1.06&BILLTOZIP=94588&ALTTAXAMT=1.00&CUSTVATREGNUM=11111&LOCALTAXAMT=1.01
&NATIONALTAXAMT=1.02&COMMCODE=22222&VATAXAMT=1.03&VATAXPERCENT=55&TAXEXEMPT=N&DISCOUNT=.50&FREIGHTAMT=1.00
&DUTYAMT=1.00&SHIPTOZIP=33333&SHIPFROMZIP=44444&SHIPTOCOUNTRY=840&ORDERDATE=081125&L_COMMCODE1=123456789ABC
&L_DESC1=Line item 1 description&L_UPC1=CBA987654321&L_QTY1=1&L_UOM1=123456789012&L_COST1=1.50&L_TAXAMT1=1.05
&L_TAXRATE1=12&L_DISCOUNT1=.50&L_AMT1=1.00&L_TAXTYPE1=TT1

TSYS Acquiring Solutions Purchasing Card Transaction Processing

TSYS Acquiring Solutions supports MasterCard and Visa for performing Level 2 and Level 3 purchasing card transactions.

TSYS Acquiring Solutions Level 2 Parameters

TSYS Acquiring Solutions supports MasterCard and Visa for Level 2 purchasing card transactions.

TSYS Acquiring Solutions indicates in the authorization response whether the credit card in the transaction is a commercial card. Based in the commercial card indicator, Payflow will format the Level 2 information in the settlement request.

To get the discount rate, Level 2 parameters marked as required in the following table must be present .

TSYS Acquiring Solutions Level 2 Parameters
Parameter Description
PONUM (Required) Customer reference ID.
Character length and limitations: 1 to 17 alphanumeric characters
TAXAMT (Required) Tax amount.
The value must include a decimal and the exact amount to the cent (42.00, not 42). Do not include comma separators (1234.56 not 1,234.56).
Character length and limitations: numeric
TAXEXEMPT (Optional) Tax amount identifier.
Character length and limitations: 1 alpha character, Y or N

Example TSYS Acquiring Solutions Level 2 Visa Transaction Parameter String
TRXTYPE=S&ACCT=4111111111111111&AMT=20.02&BILLTOCITY=Mountain View&COMMENT1=L2 Testing
&EXPDATE=1215&INVNUM=661254585&BILLTOFIRSTNAME=CardHolder First Name&BILLTOLASTNAME=CardHolder Last Name
&PARTNER=PayPal&PWD=pwd&BILLTOSTATE=CA&BILLTOSTREET=123 Main St.&TAXAMT=1.01&TAXEXEMPT=N&TENDER=C&USER=user
&BILLTOZIP=94043

TSYS Acquiring Solutions Level 3 MasterCard Parameters

To qualify for Level 3 purchasing card transaction processing, the authorization response for the transaction must have the commercial card indicator set and one or more line items should be present in the delayed capture or sale request.

Level 2 transaction parameters marked as Required are required for Level 3 transactions. Level 3 transactions that do not include the required Level 2 values are rejected.

Important: The values required for Level 3 status vary by bank, so contact your bank for details.

TSYS Acquiring Solutions Level 2 MasterCard Parameters Required for Level 3 Line Item Transactions
Parameter Description
PONUM (Required) Purchase identifier. The transaction ID is sent if no value is provided.
Character length and limitations: 25 alphanumeric characters
TAXAMT (Required) Tax amount. The value must include a decimal and the exact amount to the cent (42.00, not 42). Do not include comma separators (1234.56 not 1,234.56).
Character length and limitations: numeric
LOCALTAXAMT (Optional) Local tax.
Character length and limitations: 12 numeric characters. The amount passed must not contain more than two decimal places.
TAXEXEMPT (Optional) Local tax incl flag.
Character length and limitations: 1 alphanumeric, Y or N
NATIONALTAXAMT (Optional) National tax amount.
Character length and limitations: 12 numeric characters. The amount passed must not contain more than two decimal places.
INVNUM (Required) Purchase order number/customer reference ID. The value of PNREF is sent if the INVNUM parameter is not provided.
Character length and limitations: 9 alphanumeric characters

TSYS Acquiring Solutions Level 3 Required Parameters

The parameters listed in the table below apply to Level 3 transactions as extended data.

Parameter Description
COMMCODE (Required) Commodity code identifier for the business.
Character length and limitations: 4 alphanumeric characters
SHIPTOZIP (Required) The zip code of the address to which the goods are shipped.
Character length and limitations: 10 alphanumeric characters
SHIPFROMZIP (Required) The postal code (called zip code in the USA) from which shipping occurs.
Character length and limitations: 10 alphanumeric characters
VATREGNUM (Required) VAT registration number. Can be part of the registration data or passed with each transaction.
Character length and limitations: 20 alphanumeric characters

TSYS Acquiring Solutions Level 3 MasterCard Extended Data

The parameters listed in the table below apply to Level 3 MasterCard transactions as extended data.

Parameter Description
FREIGHTAMT (Optional) Freight amount.
Character length and limitations: 12 numeric characters
DUTYAMT (Optional) Duty amount.
Character length and limitations: 12 numeric characters
SHIPTOCOUNTRY (Optional) Destination country code. The Payflow API accepts 3-digit numeric country codes. Refer to ISO 3166-1 numeric.
Character length and limitations: 3 alphanumeric characters
ALTTAXAMT (Optional) Alternate tax amount.
Character length and limitations: 9 numeric characters. The amount passed must not contain more than two decimal places.

TSYS Acquiring Solutions Level 3 MasterCard Line Item Detail Records

Note: For these values, n is a sequence counter that should begin with 1 and increase in sequence up to 99. Each line item should contain the quantity (L_QTYn) and unit price (L_COSTn) fields.

Parameter Description
L_DESCn (Required) Item descriptor.
Character length and limitations: 35 alphanumeric characters
L_UPCn (Optional) Product code.
Character length and limitations: 12 alphanumeric characters
L_QTYn (Required) Quantity.
Character length and limitations: 12 numeric characters
L_UOMn (Required) Unit of measurement code. See the units of measurement codes reference table.
Character length and limitations: 12 alphanumeric characters
L_TAXRATEn (Optional) Tax rate applied.
Character length and limitations: 4 numeric characters
L_TAXTYPEn (Optional) Tax type applied.
Character length and limitations: 4 alphanumeric characters
L_TAXAMTn (Optional) Tax amount.
Character length and limitations: 12 numeric characters
L_DISCOUNTn (Optional) Discount amount.
Character length and limitations: 12 numeric characters

Example TSYS Acquiring Solutions Level 3 MasterCard Transaction Parameter String
TRXTYPE=S&TENDER=C&PARTNER=Partner&USER=User&PWD=Password&ACCT=5525000000000005&EXPDATE=1215&AMT=1.00
&BILLTOSTREET=5199 JOHNSON&BILLTOZIP=94588&ALTTAXAMT=1.00&CUSTVATREGNUM=11111&LOCALTAXAMT=1.00
&NATIONALTAXAMT=1.00&COMMCODE=22222&VATAXAMT=1.00&VATAXPERCENT=10&TAXEXEMPT=Y&DISCOUNT=1.00&FREIGHTAMT=1.00
&DUTYAMT=1.00&SHIPTOZIP=33333&SHIPFROMZIP=44444&SHIPTOCOUNTRY=840&ORDERDATE=020725&L_COMMCODE1=123456789ABC
&L_DESC1=<Line item 1 description>&L_UPC1=CBA987654321&L_QTY1=1&L_UOM1=123456789012&L_COST1=1.00&L_TAXAMT1=1.00
&L_TAXRATE1=1.00&L_DISCOUNT1=1.00&L_AMT1=1.00&L_TAXTYPE1=TT3

TSYS Acquiring Solutions Level 3 Visa Parameters

To qualify for Level 3 purchasing card transaction processing, the authorization response for the transaction must have the commercial card indicator set and one or more line items should be present in the delayed capture or sale request.

Level 2 transaction parameters marked as Required are required for Level 3 transactions. Level 3 transactions that do not include the required Level 2 values are rejected.

Important: The values required for Level 3 status vary by bank, so contact your bank for details.

TSYS Acquiring Solutions Level 2 Visa Parameters for Level 3 Line Item Transactions
Parameter Description
PONUM (Required) Purchase identifier. The transaction ID is sent if no value is provided.
Character length and limitations: 25 alphanumeric characters
TAXAMT (Required) Tax amount. The value must include a decimal and the exact amount to the cent (42.00, not 42). Do not include comma separators (1234.56 not 1,234.56).
Character length and limitations: numeric
LOCALTAXAMT (Optional) Local tax.
Character length and limitations: 12 numeric characters. The amount passed must not contain more than two decimal places.
TAXEXEMPT (Optional) Local tax incl flag.
Character length and limitations: 1 alphanumeric, Y or N
NATIONALTAXAMT (Optional) National tax amount.
Character length and limitations: 12 numeric characters. The amount passed must not contain more than two decimal places.
INVNUM (Required) Purchase order number/customer reference ID. The value of PNREF is sent if the INVNUM parameter is not provided.
Character length and limitations: 9 alphanumeric characters

TSYS Acquiring Solutions Level 3 Required Parameters

The parameters listed in the table below apply to Level 3 transactions as extended data.

Parameter Description
COMMCODE (Required) Commodity code identifier for the business.
Character length and limitations: 4 alphanumeric characters
SHIPTOZIP (Required) The zip code of the address to which the goods are shipped.
Character length and limitations: 10 alphanumeric characters
SHIPFROMZIP (Required) The postal code (called zip code in the USA) from which shipping occurs.
Character length and limitations: 10 alphanumeric characters
VATREGNUM (Required) VAT registration number. Can be part of the registration data or passed with each transaction.
Character length and limitations: 20 alphanumeric characters

TSYS Acquiring Solutions Level 3 Visa Extended Data

The parameters listed in the table below apply to Level 3 Visa transactions as extended data.

Parameter Description
DISCOUNT (Optional) Discount amount.
Character length and limitations: 12 numeric characters
FREIGHTAMT (Optional) Freight amount.
Character length and limitations: 12 numeric characters
DUTYAMT (Optional) Duty amount.
Character length and limitations: 12 numeric characters
ORDERDATE (Required) Order date. The format is yymmdd with no slashes or dashes. For example, January 28, 2013 is 130128.
Character length and limitations: 6 numeric characters
SHIPTOCOUNTRY (Optional) Destination country code. The Payflow API accepts 3-digit numeric country codes. Refer to ISO 3166-1 numeric.
Character length and limitations: 3 alphanumeric characters
FREIGHTAMT (Required) Unique VAT inv reference number. Can be part of the registration data or passed with each transaction.
Character length and limitations: 9 alphanumeric characters
CUSTVATREGNUM (Required) Customer VAT Registration Number.
Character length and limitations: 13 alphanumeric characters
VATAXAMT (Optional) VAT/tax amount (freight/shipping).
Character length and limitations: 12 numeric characters. The amount passed must not contain more than two decimal places.
VATAXPERCENT (Optional) VAT/tax rate (freight/shipping).
Character length and limitations: 4 numeric characters.

TSYS Acquiring Solutions Level 3 Visa Line Item Detail Records

Note: For these values, n is a sequence counter that should begin with 1 and increase in sequence up to 999. Each line item should contain quantity (L_QTYn) and unit price (L_COSTn) fields.

Parameter Description
L_COMMCODEn (Optional) Item commodity code.
Character length and limitations: 12 alphanumeric characters
L_DESCn (Required) Item descriptor.
Character length and limitations: 35 alphanumeric characters
L_UPCn (Optional) Product code.
Character length and limitations: 12 alphanumeric characters
L_QTYn (Required) Item quantity.
Character length and limitations: 12 numeric characters
L_UOMn (Required) Unit of measurement code. See the units of measurement codes reference table.
Character length and limitations: 12 alphanumeric characters
L_COSTn (Required) Unit cost.
Character length and limitations: 12 numeric characters
L_TAXAMTn (Optional) VAT/tax amount.
Character length and limitations: 12 numeric characters
L_TAXRATEn (Optional) VAT/tax rate.
Character length and limitations: 4 numeric characters
L_DISCOUNTn (Optional) Discount per line item.
Character length and limitations: 12 numeric characters
L_AMTn (Optional) Line-item total.
Character length and limitations: 12 numeric characters

Example TSYS Acquiring Solutions Level 3 Visa Transaction Parameter String
TRXTYPE=S&TENDER=C&PARTNER=Partner&USER=User&PWD=Password&ACCT=4111111111111111&EXPDATE=1215&AMT=1.00
&BILLTOSTREET=5199 JOHNSON&TAXAMT=1.06&BILLTOZIP=94588&ALTTAXAMT=1.00&CUSTVATREGNUM=11111&LOCALTAXAMT=1.01
&NATIONALTAXAMT=1.02&COMMCODE=22222&VATAXAMT=1.03&VATAXPERCENT=55&TAXEXEMPT=N&DISCOUNT=.50&FREIGHTAMT=1.00
&DUTYAMT=1.00&SHIPTOZIP=33333&SHIPFROMZIP=44444&SHIPTOCOUNTRY=840&ORDERDATE=130125&L_COMMCODE1=123456789ABC
&L_DESC1=Line item 1 description&L_UPC1=CBA987654321&L_QTY1=1&L_UOM1=123456789012&L_COST1=1.50&L_TAXAMT1=1.05
&L_TAXRATE1=12&L_DISCOUNT1=.50&L_AMT1=1.00&L_TAXTYPE1=TT1

Vantiv Purchasing Card Transaction Processing

The following parameters are recommended to obtain the best rates for Level 2 and Level 3 purchasing card transactions with Vantiv.

Vantiv Purchasing Parameters

Field Description
SHIPTOCOUNTRY (Optional) Destination country code. The Payflow API accepts 3-digit numeric country codes. Refer to ISO 3166-1 numeric.
Character length and limitations: 3 alpha characters
DISCOUNT (Optional) Discount amount on total sale
Character length and limitations: 10 currency characters
DUTYAMT (Optional) Sometimes called import tax. If the currency uses a decimal, then the value must include a decimal and the exact amount to the cent (42.00, not 42). Do not include comma separators (1234.56 not 1,234.56).
Character length and limitations: 10 currency characters
FREIGHTAMT Character length and limitations: 10 currency characters
PONUM (Optional) Purchase order number / merchant-related data.
Character length and limitations: 25 alphanumeric characters, provides best rate when used
SHIPFROMZIP (Optional) The postal code (called zip code in the USA) from which shipping occurs.
Character length and limitations: 9 numeric characters, provides best rate when used
SHIPTOZIP (Optional) Ship to postal code (called zip code in the USA).
Character length and limitations: 9 numeric characters, provides best rate when used
TAXAMT (Optional) Tax amount. The value must include a decimal and the exact amount to the cent (42.00, not 42). Do not include comma separators (1234.56 not 1,234.56).
Character length and limitations: 10 currency characters

Vantiv Purchasing Card Line Item Parameters

Line item data (Level 3) describes the details of the item purchased and can be passed for each transaction. The convention for passing line item data in name-value pairs is that each name-value starts with L_ and ends with n where n is the line item number. For example L_QTY0=1 is the quantity for line item 0 and is equal to 1, with n starting at 0. In addition, the SHIPFROMZIP parameter is required for Level 3 transactions.

Vantiv Line Item Parameters
Field Description
L_QTYn (Required) Quantity (whole units only).
Character length and limitations: 10 numeric characters
L_COMMCODEn (Optional) Item commodity code.
Character length and limitations: 12alphanumeric characters
L_DESCn (Optional) Item description.
Character length and limitations: 35 alphanumeric characters
L_UOMn (Optional) Item's unit of measurement. See the units of measurement codes reference table.
Character length and limitations: 3 alpha characters
L_COSTn (Optional) Cost per item, excluding tax.
Character length and limitations: 10 currency characters
L_UPCn (Optional) Supplier specific product code.
Character length and limitations: 12 alphanumeric characters
L_DISCOUNTn (Optional) Discount per line item.
Character length and limitations: 10 currency characters
L_AMTn (Optional) Total line item amount including tax and discount. + for debit, - for credits.
Character length and limitations: 10 currency characters
L_TAXAMTn (Optional) Line item tax amount.
Character length and limitations: 10 currency characters

WorldPay Purchasing Cards Transaction Processing

The following parameters are recommended to obtain the best rates for Level 2 and Level 3 purchasing card transactions with WorldPay.

WorldPay Level 2 Parameters

Pass the following WorldPay Level 2 parameters to get the discount rate.

WorldPay Level 2 Parameters
Level 2 Parameters Description
ALTTAXAMT (Optional) Alternate tax amount.
Character length and limitations: 8 alphanumeric characters. The amount passed must not contain more than two decimal places.
COMMCODE (Optional) Summary commodity code identifier for the business.
Character length and limitations: 4 alphanumeric characters
SHIPTOCOUNTRY (Optional) Country code. Either a 2-character alpha country code or a 3-character numeric country code.
Character length and limitations: 2 or 3 alphanumeric characters
CUSTDATA (Optional) Generic data the merchant can pass to the WorldPay processor.
Character length and limitations: 95 alphanumeric characters
CUSTOMERID (Optional) Purchase order number.
Character length and limitations: 95 alphanumeric characters
CUSTOMERNUMBER (Optional) Customer number.
Character length and limitations: 95 alphanumeric characters
DISCOUNT (Optional) Discount amount on total sale.
Character length and limitations: 10 currency characters
DLNAME (Optional) Account holder's driver license name.
Character length and limitations: 95characters
DLNUM (Optional) Account holder's driver license number.
Character length and limitations: 95 alphanumeric characters
DOB (Optional) Account holder's date of birth in the format MMDDYYYY. For example, July 28, 2011 is represented as: 07282011
Character length and limitations: 8 characters
DUTYAMT (Optional) Sometimes called import tax.
Character length and limitations: The value must include a decimal and the exact amount to the cent (42.00, not 42). Do not include comma separators (1234.56 not 1,234.56). 10 currency characters
FREIGHTAMT (Optional) Total freight amount.
Character length and limitations: The value must include a decimal and the exact amount to the cent (42.00, not 42). Do not include comma separators (1234.56 not 1,234.56). 10 currency characters
INVNUM (Optional) Merchant invoice number for the transaction.
Character length and limitations: 95 alphanumeric characters
MERCHANTDESCR (Optional) Description of product.
Character length and limitations: 50 alphanumeric characters
MERCHANTINVNUM (Optional) Merchant invoice number.
Character length and limitations: 25 alphanumeric characters
MERCHANTVATNUM (Optional) Merchant value added tax number.
Character length and limitations: 95 alphanumeric characters
MERCHANTZIP (Optional) 5- to 9-digit zip (postal) code excluding spaces, dashes, and nonnumeric characters where the transaction took place. If you are a third-party biller (bill for services or goods rendered by another entity), you must enter the postal code that corresponds to the seller's location.
Character length and limitations: 15 alphanumeric characters
MISCDATA (Optional) Miscellaneous data.
Character length and limitations: 95 alphanumeric characters
ORDERDATE (Required) Order date. The format is YYMMDD with no slashes or dashes. For example, July 28, 2015 is 150728.
Character length and limitations: 6 numeric characters
PONUM (Optional) Purchase order number.
Character length and limitations: 25 alphanumeric characters
SHIPTOZIP (Optional) Ship to postal code (called zip code in the USA).
Character length and limitations: 9 numeric characters
TAXAMT (Optional) Sales tax. The value must include a decimal and the exact amount to the cent (42.00, not 42). Do not include comma separators (1234.56 not 1,234.56). To qualify for Level 2 discounts, this value must not be all zeros or blank spaces.
Character length and limitations: numeric
TAXEXEMPT (Optional) Indicates whether the customer is tax exempt. Value is:
-Y - The customer is tax exempt.
-N - The customer is not tax exempt (default).
Character length and limitations: 1 alpha character
VATINVNUM (Optional) Value added tax invoice number.
Character length and limitations: 95 alphanumeric characters
VATNUM (Optional) Customer valued added tax number.
Character length and limitations: 95 alphanumeric characters
VATAXAMT (Optional) VAT/tax amount (freight/shipping).
Character length and limitations: 12 numeric characters. The amount passed must not contain more than two decimal places.
VATAXRATE (Optional) VAT/tax rate (freight/shipping).
Character length and limitations: 4 numeric characters. Must include a period as a decimal point and two decimal places.

WorldPay Level 3 Parameters

Pass the following WorldPay Level 3 parameters to get the discount rate.

WorldPay Level 3 parameters
Level 3 Parameters Description
L_ALTTAXAMTn (Optional) Alternate tax amount for this item.
Character length and limitations: 8 numeric characters plus decimal: XXXX.XX. The amount passed must not contain more than two decimal places.
L_ALTTAXRATEn (Optional) Alternate tax rate for this item.
Character length and limitations: 4 numeric characters plus decimal: XX.XX
L_ALTTAXIDn (Optional) Alternate tax identifier for this item.
Character length and limitations: 95 alphanumeric characters
L_EXTAMTn (Optional) Extended item amount.
Character length and limitations: 8 numeric characters
L_TAXTYPEn (Optional) Tax type applied.
Character length and limitations: 4 alphanumeric characters
L_COMMCODEn (Optional) Item commodity code.
Character length and limitations: 35 alphanumeric characters
L_DESCn (Optional) Item description.
Character length and limitations: 10 currency characters
L_AMTn (Optional) Total line item amount including tax. + for debit, - for credits
Character length and limitations: Must include a decimal and be exact to the cent (42.00, not 42) and exclude comma separators (1234.56 not 1,234.56). 12 numeric characters
L_SKUn (Optional) Item's supplier stock keeping unit (SKU) number or product code.
Character length and limitations: 8 numeric characters
L_QTYn (Required) Quantity (whole units only).
Character length and limitations: 10 numeric characters
L_CARRIERSERVICELEVELCODEn (Optional) Service code.
Character length and limitations: 1 alphanumeric character
L_COSTn (Optional) Item freight amount.
Character length and limitations: Must include a decimal and be exact to the cent (42.00, not 42) and exclude comma separators (1234.56 not 1,234.56). 10 currency characters
L_UOMn (Optional) Item's unit of measurement. See the units of measurement codes reference table.
Character length and limitations: 3 alpha characters
L_TAXAMTn (Optional) Item tax amount.
Character length and limitations: Must include a decimal and be exact to the cent (42.00, not 42) and exclude comma separators (1234.56 not 1,234.56). 12 numeric characters
L_TAXRATEn (Optional) Tax rate for this item.
Character length and limitations: 4 numeric characters plus decimal:XXXX

table of contents


VERBOSITY - Processor-Specific Transaction Results

Set the VERBOSITY parameter to HIGH to view the processor's raw response values and additional values. This setting returns multiple parameters. Select only the returned parameters that you want to handle and disregard the rest.

Note: VERBOSITY is being deprecated in future Gateway releases.

Country Codes

The Payflow API uses the International Standards Organization (ISO) 3166-1 numeric country codes in the following fields: BILLTOCOUNTRY and SHIPTOCOUNTRY. For a complete list of the current officially assigned ISO 3166-1 3-digit numeric country codes, Refer to ISO 3166-1 numeric

Important: If PayPal is your acquirer, refer instead to the Countries and Regions Supported by PayPal.

Note: For FDMS South codes, refer to Codes Used by FDMS South Only. For TeleCheck refer to the ISO 3166-1 2-character alpha country codes.

table of contents


Codes Used by FDMS South Only

The following codes are used by FDMS South only.

MasterCard Country Codes for FDMS South

Country name Country Code
ALBANIA ALB
ALGERIA DZA
AMERICAN SAMOA ASM
ANDORRA AND
ANGOLA AGO
ANGUILLA AIA
ANTARCTICA ATA
ANTIGUA ATG
APHGANISTAN AFG
ARGENTINA ARG
ARMENIA ARN
ARUBA ABW
AUSTRALIA AUS
AUSTRIA AUT
AZERBAIJAN AZE
BAHAMAS BHS
BAHRAIN BHR
BANGLADESH BGD
BARBADOS BRB
BELARUS BLR
BELGIUM BEL
BELIZE BLZ
BENIN BEN
BERMUDA BMU
BHUTAN BTN
BOLIVIA BOL
BOSNIA AND HERZEGOVINA BIH
BOTSWANA BWA
BOUVET ISLAND BVT
BRAZIL BRA
BRITISH INDIAN OCEAN TERRITORY IOT
BRUNEI BRN
BULGARIA BGR
BURKINA FASO BFA
BURUNDI BDI
CAMBODIA KHM
CANADA CAN
CAPE VERDE CPV
CAYMAN ISLANDS CYM
CENTRAL AFRICAN REPUBLIC CAF
CHAD TCD
CHILE CHL
CHINA CHN
CHRISTMAS ISLAND CXR
CMEROON, UNITED REP. CMR
COCOS (KEELING) ISLANDS CCK
COLOMBIA COL
COMOROS COM
CONGO GOG
COOK ISLANDS COK
COSTA RICA CRI
COTED'IVOIRE CIV
CROATIA HRV
CYPRUS CYP
CZECH REPUBLIC CZE
DENMARK DNK
DJIBOUTI DJI
DOMINICA DMA
DOMINICAN REPUBLIC DOM
EL SALVADOR SLV
EQUATORIAL GUINEA GNQ
ESTONIA EST
ETHIOPIA ETH
FAEROE ISLANDS FRO
FALKLAND ISLANDS (MALVINAS) FLK
FIJI FJI
FINLAND FIN
FRANCE FRA
FRENCH GUIANA GUF
FRENCH POLYNESIA PYF
FRENCH SOUTHERN TERRITORIES ATF
GABON GAB
GAMBIA GMB
GEORGIA GEO
GERMAN DEMOCRATIC REP DDR
GERMANY DEU
GHANA GHA
GIBRALTAR GIB
GREECE GRC
GREENLAND GRL
GRENADA GRD
GUADALUPE GLP
GUAM GUM
GUATEMALA GTM
GUINEA GIN
GUINEA-BISSAU GNB
GUYANA GUY
HAITI HTI
HEARD AND MCDONALD ISLANDS HMD
HONDURAS HND
HONG KONG HKG
HUNGARY HUN
ICELAND ISL
INDIA IND
INDONESIA IDN
IRAN IRN
IRAQ IRQ
IRELAND IRL
ISRAEL ISR
ITALY ITA
JAMAICA JAM
JAPAN JPN
JORDAN JOR
KAZAKHSTAN KAZ
KENYA KEN
KOREA, REPUBLIC OF KOR
KUWAIT KWT
KYRGYZSTAN KGZ
LAO PEOPLES DEMOCRATIC LAO
LATVIA LVA
LEBANON LBN
LESOTHO LSO
LIBERIA LBR
LIBYAN ARAB JAMAHIRIYA LBY
LIECHTNSTIEN LIE
LITHUANIA LTU
LUXEMBOURG LUX
MACAU MAC
MALAYSIA MYS
MALDIVES MDV
MALI MLI
MALTA MLT
MANACO MCO
MARSHALL ISLANDS MHL
MARTINIQUE MTQ
MAURITANIA MRT
MAURITIUS MUS
MEXICO MEX
MICRONESIA FSM
MOLDOVA MDA
MONGOLIA MNG
MONTSERRAT MSR
MOROCCO MAR
MOZAMBIQUE MOZ
MYANMAR MMR
NAMIBIA NAM
NAURU NRU
NEGEL SEN
NEPAL NPL
NETHERLANDS NLD
NETHERLANDS ANTILLES ANT
NEW CALEDONIA NCL
NEW ZEALAND NZL
NICARAGUA NIC
NIGER NER
NIGERIA NGA
NIUE NIU
NORFOLK ISLAND NFK
NORTHERN MARIANA ISLAND MNP
NORWAY NOR
OMAN OMN
PAKISTAN PAK
PALAU PLW
PANAMA PAN
PAPUA NEW GUINEA PNG
PARAGUAY PRY
PERU PER
PHILIPPINES PHI
PITCAIRN ISLAND PCN
POLAND POL
PORTUGAL PRT
PUERTO RICO PRI
QATAR QAT
REUNION REU
ROMANIA ROM
RUSSIAN FEDERATION RUS
RWANDA RWA
SAMOA WSM
SAN MARINO SMR
SAN TOME AND PRICIPEL STP
SAUDI ARABIA SAU
SEYCHELLES SYC
SIERRA LEONA SLE
SINGAPORE SGP
ST. HELENA SHN
ST. KITTS-NEVIS-ANGUILLA KNA
ST. LUCIA LCA
ST. PIERRE AND MIQUELON SPM
ST. VINCENT AND THE GRENADINES VCT
SUDAN SDN
SURINAME SUR
SVALBARD AND JAN MAYEN ISLANDS SJM
SWAZILAND SWZ
SWEDEN SWE
SWITZERLAND CHE
SYRIAN ARAB REPUBLIC SYR
TAIWAN, PROVIDENCE OF CHINA TWN
TAJIKISTAN TJK
TANZANIA, UNITED REPUBLIC TZA
THAILAND THA
TOGO TGO
TOKELAU TKL
TONGA TON
TRINIDAD AND TOBAGO TTO
TUNISIA TUN
TURKMENISTAN TM
TURKS AND CAICOS ISLANDS TC
TUVALU TUV
U.S. MINOR OUTLYING ISL. UMI
UGANDA UGA
UKRAINE UKR
UNITED ARAB EMIRATES ARE
UNITED KINGDOM GBR
UNITED STATES USA
URUGUAY URY
UZBEKISTAN UZB
VANUATU VUT
VATICAN CITY STATE VAT
VENEZUELA VEN
VIETNAM VNM
VIRGIN ISLANDS BRITISH VGB
VIRGIN ISLANDS US VIR
WALLIS AND FUTUNA IS WLF
WESTERN SAHARA ESH
YEMEN YEM
YUGOSLAVIA YUG
ZAIRE ZAR
ZAMBIA ZMB
ZIMBABWE RHO

Visa Country Codes for FDMS South

Country name Country Code
ALBANIA AL
ALGERIA DZ
AMERICAN SAMOA AS
ANDORRA AD
ANGOLA AO
ANGUILLA AI
ANTARCTICA AQ
ANTIGUA AG
APHGANISTAN AF
ARGENTINA AR
ARMENIA AM
ARUBA AW
AUSTRALIA AU
AUSTRIA AT
AZERBAIJAN AZ
BAHAMAS BS
BAHRAIN BH
BANGLADESH BD
BARBADOS BB
BELARUS BY
BELGIUM BE
BELIZE BZ
BENIN BJ
BERMUDA BM
BHUTAN BT
BOLIVIA BO
BOSNIA AND HERZEGOVINA BA
BOTSWANA BW
BOUVET ISLAND BV
BRAZIL BR
BRITISH INDIAN OCEAN TERRITORY IO
BRUNEI BN
BULGARIA BG
BURKINA FASO BF
BURUNDI BI
CAMBODIA KH
CANADA CA
CAPE VERDE CV
CAYMAN ISLANDS KY
CENTRAL AFRICAN REPUBLIC CF
CHAD TD
CHILE CL
CHINA CN
CHRISTMAS ISLAND CX
CMEROON, UNITED REP. CM
COLOMBIA CO
COMOROS KM
CONGO CG
COOK ISLANDS CK
COSTA RICA CR
COTED'IVOIRE CI
CROATIA HR
CYPRUS CY
CZECH REPUBLIC CZ
DENMARK DK
DJIBOUTI DJ
DOMINICA DM
DOMINICAN REPUBLIC DO
EAST TIMOR TP
ECUADOR EC
EGYPT EG
EL SALVADOR SV
EQUATORIAL GUINEA GQ
ESTONIA EE
ETHIOPIA ET
FAEROE ISLANDS FK
FALKLAND ISLANDS (MALVINAS) FK
FIJI FJ
FINLAND FI
FRANCE FR
FRENCH GUIANA GF
FRENCH METROPOLITAN FX
FRENCH POLYNESIA PF
FRENCH SOUTHERN TERRITORIES TF
GABON GA
GAMBIA GM
GEORGIA GE
GERMANY DE
GHANA GH
GIBRALTER GI
GREECE GR
GREENLAND GL
GRENADA GD
GUADALUPE GP
GUAM GU
GUATEMALA GT
GUINEA GN
GUINEA-BISSAU GW
GUYANA GY
HAITI HT
HEARD AND MCDONALD ISLANDS HM
HONDURAS HN
HONG KONG HK
HUNGARY HU
ICELAND IS
INDIA IN
INDONESIA ID
IRAN IR
IRAQ IQ
IRELAND IE
ISRAEL IL
ITALY IT
JAMAICA JM
JAPAN JP
JORDAN JO
KAZAKHSTAN KZ
KENYA KE
KIRIBATI KI
KOREA, REPUBLIC OF KR
KUWAIT KW
KYRGYZSTAN KG
LAO PEOPLES DEMOCRATIC LA
LATVIA LV
LEBANON LB
LESOTHO LS
LIBERIA LR
LIBYAN ARAB JAMAHIRIYA LY
LIECHTNSTIEN LI
LITHUANIA LT
LUXEMBOURG LU
MACAU MO
MACEDONIA MK
MADAGASCAR MG
MALAWI MW
MALAYSIA MY
MALDIVES MV
MALI ML
MALTA MT
MANACO MC
MARSHALL ISLANDS MH
MARTINIQUE MQ
MAURITANIA MR
MAURITIUS MU
MAYOTTE YT
MEXICO MX
MICRONESIA FM
MOLDOVA MD
MONGOLIA MN
MONTSERRAT MS
MOROCCO MA
MOZAMBIQUE MZ
MYANMAR MM
NAMIBIA NA
NAURU NR
NEPAL NP
NETHERLANDS NL
NETHERLANDS ANTILLES AN
NEW CALDONIA NC
NEW ZEALAND NZ
NICARAGUA NI
NIGER NE
NIGERIA NG
NIUE NU
NORFOLK ISLAND NF
NORTHERN MARIANA ISLAND MP
NORWAY NO
OMAN OM
PAKISTAN PK
PALAU PW
PANAMA PA
PAPUA NEW GUINEA PG
PARAGUAY PY
PERU PE
PHILIPPINES PH
PITCAIRN ISLAND PN
POLAND PL
PORTUGUL PT
PUERTO RICO PR
QATAR QA
REUNION RE
ROMANIA RO
RUSSIAN FEDERATION RU
RWANDA RW
SAMOA WS
SAN MARINO SM
SAN TOME AND PRICIPEL ST
SAUDI ARABIA SA
SENEGAL SN
SEYCHELLES SC
SIERRA LEONA SL
SINGAPORE SG
ST. HELENA SH
ST. KITTS-NEVIS-ANGUILLA KN
ST. LUCIA LC
ST. PIERRE AND MIQUELON PM
ST. VINCENT AND THE GRENADINES VC
SUDAN SD
SURINAME SR
SVALBARD AND JAN MAYEN IS SJ
SWAZILAND SZ
SWEDEN SE
SWITZERLAND CH
SYRIAN ARAB REPUBLIC SY
TAIWAN, PROVIDENCE OF CHINA TW
TAJIKISTAN TJ
TANZANIA, UNITED REPUBLIC TZ
THAILAND TH
TOGO TG
TOKELAU TK
TONGA TO
TRINIDAD AND TOBAGO TT
TUNISIA TN
TURKMENISTAN TM
TURKS AND CAICOS ISLANDS TC
TUVALU TV
U.S. MINOR OUTLYING ISL. UM
UGANDA UG
UKRAINIAN SSR UA
UNITED ARAB EMIRATES AE
UNITED KINGDOM GB
UNITED STATES US
URUGUAY UY
UZBEKISTAN UZ
VANUATU VU
VATICAN CITY STATE VA
VENEZUELA VE
VIETNAM VN
VIRGIN ISLANDS BRITISH VG
VIRGIN ISLANDS US VI
WALLIS AND FUTUNA IS WF
WESTERN SAHARA EH
YEMEN YE
YUGOSLAVIA YU
ZAIRE ZR
ZAMBIA ZM
ZIMBABWE ZW

Units of Measurement Codes

Pass the applicable unit of measurement code from the following table in a Payflow unit of measure field. Payflow unit of measurement fields typically contain the abbreviation UOM in the parameter name.

Unit of Measurement Code
Acre (4840 yd2) ACR
Alcoholic strength by mass ASM
Alcoholic strength by volume ASV
Ampere AMP
Ampere=hour (3,6 kC) AMH
Are (100 m2) ARE
Bar BAR
Barrel (petroleum) (158,987 dm3) BLL
Becquerel BQL
Billion EUR BIL
Billion US MLD
Board foot BFT
Brake horse power (245,7 watts) BHP
British thermal unit (1,055 kilojoules) BTU
Bushel (35,2391 dm3) BUA
Bushel (36,36874 dm3) BUI
Candela CDL
Carrying capacity in metric tonnes CCT
Cental GB (45,359237 kg) CNT
Center, metric (100 kg) (syn.: Hectokilogram) DTN
Centigram CGM
Centilitre CLT
Centimetre CMT
Cord (3,63 m3) WCD
Coulomb per kilogram CKG
Coulomb COU
Cubic centimetre CMQ
Cubic decimetre DMQ
Cubic foot FTQ
Cubic inch INQ
Cubic metre per hour MQH
Cubic metre per second MQS
Cubic metre MTQ
Cubic millimetre MMQ
Cubic yard YDQ
Curie CUR
Day DAY
Decade (ten years) DEC
Decare DAA
Decilitre DLT
Decimetre DMT
Decitonne DTN
Degree Celsius CEL
Degree Fahrenheit FAH
Degree Kelvin: Kelvin
Displacement tonnage DPT
Dozen DZN
Dozen packs DZP
Dozen pairs DZR
Dozen pieces DCP
Dozen rolls DRL
Drachm GB (3,887935 g) DRM
Dram GB (1,771745 g) DRI
Dram US (3,887935 g) DRA
Dry Barrel (115,627 dm3) BLD
Dry gallon (4,404884 dm3) GLD
Dry pint (0,55061 dm3) PTD
Dry quart (1,101221 dm3) QTD
Farad FAR
Fluid ounce (28,413 cm3) OZI
Fluid ounce (29,5735 cm3) OZA
Foot (0,3048 m) FOT
Gallon (4,546092 dm3) GLI
Gigabecquerel GBQ
Gigawatt-hour (1 million kW/h) GWH
Gill (0,142065 dm3) GII
Gill (11,8294 cm3) GIA
Grain GB, US (64,798910 mg) GRN
Gram of fissile isotopes GFI
Gram GRM
Great gross (12 gross) GGR
Gross GRO
Gross (register) ton GRT
Half year (six months) SAN
Hectare HAR
Hectobar HBA
Hectogram HGM
Hectokilogram DTH
Hectolitre of pure alcohol HPA
Hectolitre HLT
Hectometre HMT
Hertz HTZ
Hour HUR
Hundred CEN
Hundred boxes BHX
Hundred international units HIU
Hundred leaves CLF
Hundred packs CNP
Hundredweight US (45,3592 kg) CWA
Inch (25,4 mm) INH
Joule JOU
Kelvin KEL
Kilobar KBA
Kilogram of caustic potash KPH
Kilogram of caustic soda KSH
Kilogram of named substance KNS
Kilogram of nitrogen KNI
Kilogram of phosphonic anhydride KPP
Kilogram of phosphorus pentoxide KPP
Kilogram of potassium hydroxide KPH
Kilogram of potassium oxide KPO
Kilogram of sodium hydroxide KSH
Kilogram of substance 90 percent dry KSD
Kilogram per cubic meter KMQ
Kilogram per second KGS
Kilogram KGM
Kilohertz KHZ
Kilojoule KJO
Kilometre per hour KMH
Kilometre KMT
Kilopascal KPA
Kilorgram of uranium KUR
Kilotonne KTN
Kilovar KVR
Kilovolt KVT
Kilovolt-ampere KVA
Kilowatt KWT
Kilowatt-hour KWH
Knot (1 nautical mile per hour) KNT
Leaf LEF
Liquid gallon (3,78541 dm3) GLL
Liquid pint (0,473176 dm3) PTL
Liquid quart (0,946353 dm3) QTL
Litre (1 dm3) LTR
Litre of pure alcohol LPA
Long ton GB, US (1,0160469 t) LTN
(long) hundredweight GB (50,802345 kg) CWI
Lumen LUM
Lux LUX
Megahertz MHZ
Megalitre MAL
Megametre MAM
Megapascal MPA
Megavolt-ampere (1000 KVA) MVA
Megawatt MAW
Megawatt-hour (100 kW/h) MWH
Metre per second squared MSK
Metre per second MTS
Metre MTR
Metric carat (200 mg=2,10-4 kg) CTM
Metric ton (1000 kg) TNE
Milliard MLD
Millibar MBR
Millicurie MCU
Milligram MGM
Millilitre MLT
Millimetre MMT
Million MIO
Million cubic metres HMQ
Million international units MIU
Minute MIN
Month MON
Nautical mile (1852 m) NMI
Net (register) ton NTT
Newton NEW
Number NMB
Number of articles NAR
Number of bobbons NBB
Number of cells NCL
Number of international units NIU
Number of packs NMP
Number of pairs NMR
Number of parcels NPL
Number of parts NPT
Number of rolls NRL
Ohm OHM
Ounce GB, US (28,349523 g) ONZ
Ounce GB, US (31,103448 g) (syn: Troy ounce) APZ
Pascal PAL
Pennyweight GB, US (1555174 g) DWT
Piece PCE
Pint (0,568262 dm3) PTI
Pound GB, US (0,45359237 kg) LBR
Proof gallon PGL
Quart (1,136523 dm3) QTI
Quarter (of a year) QAN
Quarter, GB (12,700586 kg) QTR
Quintal, metric (100 kg) DTN
Revolution per minute RPM
Revolution per second RPS
Score SCO
scruple, GB (1,2955982 g) SCR
Second SEC
Set SET
Shipping ton SHT
Short standard (7200 matches) SST
Short ton GB, US (0,90718474 t) STN
Siemens SIE
Square centimetre CMK
Square decimetre DMK
Square foot FTK
Square inch INK
Square kilometre KMK
Square metre MTK
Square mile MIK
Square millimetre MMK
Square yard YDK
Standard WSD
standard atmosphere (101325 Pa) ATM
(statue) mile (1609,344 m) SMI
Stone GB (6,350293 kg) STI
Technical atmosphere (98066,5 Pa) ATT
Ten days DAD
Ten pairs TPR
Thousand MIL
Thousand ampere-hour TAH
Thousand board feet (2,36 m3) MBF
Thousand cubic metres per day TQD
Thousand standard brick equivalent MBE
Ton of steam per hour TSH
Tonne (1000 kg) TNE
Tonne of substance 90 percent dry TSD
Trillion EUR TRL
Trillion US BIL
Troy ounce APZ
Troy pound, US (373,242 g) LBT
Volt VLT
Watt WTT
Watt-hour WHR
Weber WEB
Week WEE
Yard (0,9144 m) YRD
Year ANN

table of contents


Additional Processor Information

Moneris Solutions

The Moneris Solutions processor has the following characteristics:

  • It supports ecommerce and mail order or telephone order (MOTO) transactions.
  • It supports the four basic credit card types: American Express, Discover, MasterCard, and Visa.
  • To process live transactions, it requires undergoing a certification process. For details, see the Moneris Receipts Specification available on the PayPal developer website.
  • It does not support voice authorization transactions.

table of contents


If you are currently using the legacy Payflow Link HTML input tag integration and you would like to use the name-value pair integration, you will need to contact PayPal Merchant Technical Support to request your account to be upgraded to the new version of Payflow.

Before you request an upgrade, it is important that you understand the differences between the Payflow Link legacy parameters and the equivalent Payflow parameters. Once you upgrade your account to the new version, your old legacy integration will still work. However, to take advantage of the new features we recommend that you update your Payflow Link integration and use equivalent Payflow Gateway parameters instead of the legacy Payflow Link HTML input tags.

The legacy Payflow Link integration is now deprecated. It is recommended that you upgrade the version of your Payflow Link account which allows you to perform a broader set of functions. This upgrade allows you to switch from using the legacy Payflow Link HTML input tag parameters to using Payflow parameters. The table below lists legacy Payflow Link parameters and their Payflow equivalents.

Payflow Link Legacy Parameter Payflow Parameter
ADDRESS BILLTOSTREET
ADDRESSTOSHIP SHIPTOSTREET
AMOUNT AMT
AVSDATA AVSADDR and AVSZIP
CARDNUM ACCT
CITY BILLTOCITY
CITYTOSHIP SHIPTOCITY
COUNTRY BILLTOCOUNTRY
COUNTRYTOSHIP SHIPTOCOUNTRY
CSC CVV2
CSCMATCH CVV2MATCH
DESCRIPTION N/A
EMAIL BILLTOEMAIL
EMAILTOSHIP SHIPTOEMAIL
FAX BILLTOFAX
FAXTOSHIP SHIPTOFAX
FIRSTNAME BILLTOFIRSTNAME
INVOICE INVNUM
LASTNAME BILLTOLASTNAME
LOGIN VENDOR
METHOD TENDER
NAME BILLTOFIRSTNAME
BILLTOLASTNAME
NAMETOSHIP SHIPTOFIRSTNAME
SHIPTOLASTNAME
PHONE BILLTOPHONENUM
PHONETOSHIP SHIPTOPHONENUM
SHIPAMOUNT FREIGHTAMT
STATE BILLTOSTATE
STATETOSHIP SHIPTOSTATE
TAX TAXAMT
TYPE TRXTYPE
ZIP BILLTOZIP
ZIPTOSHIP SHIPTOZIP

table of contents


Payflow Gateway MagTek Parameters

MagTek products for both merchants and consumers provide added security to payment transactions. For merchants, MagTek's MagneSafe card readers encrypt payment card data when the card is swiped. For consumers, MagTek has a subscription based service named Qwick Codes. Consumers can use Qwick Codes instead of their payment card details to purchase goods and services.

Note: You must have a MagneSafe card reader or the required Qwick Code information to use the MagTek specific parameters described in this appendix. Please contact MagTek directly for more information.

MagTek MagneSafe Secure Card Readers and Qwick Codes

MagneSafe Secure Card Reader Authenticators

MagTek's MagneSafe™ secure card readers encrypt payment card track data such as the credit card account number and the expiration date. MagTek's Secure Card Reader Authenticators (SCRAs) capture data with a single swipe and can deliver dynamic card authentication, data encryption, tokenization, and device/host authentication to help protect merchants and their customers from identity theft and card fraud. MagTek's MagneSafe SCRAs can also identify counterfeit cards.

What is MagneSafe? The MagneSafe Security Architecture (MSA) is MagTek's digital identification and authentication architecture that can safeguard consumers and their personal data. MSA leverages strong encryption, secure tokenization, counterfeit detection, tamper recognition, data relevance and integrity, and dynamic digital transaction signatures to validate and protect the entire transaction.

The devices supported by MagTek's MagneSafe security and Magensa Services are:

  • USB MSR: Dynamag.
  • Insert MSR for Kiosks, ATMs, etc.: MagneSafe I-65 for Chip Cards and MagStripe, PSeries MagneSafe for outdoors, Slim Seal MagneSafe.
  • Mobile Readers: iDynamo for iOS, Bullet for Android, uDynamo for phones and tablets with audio jack port.
  • PINPads: IPAD PINPad available as standard model and also with signature capture support.

MagTek Qwick Codes

MagTek offers a subscription based service to consumers named Qwick Codes. Instead of handing over plastic cards to store clerks or inserting them into unattended terminals like ATMs or gas pumps that may have been rigged with skimmers to steal card data, consumers can scan or type a Qwick Code from their smart phone or computer. The Qwick Code token is used instead to initiate a transaction whereby the merchant or ATM's processor can gather the actual card data on the back end of the transaction where it can be better secured and shielded from potential compromise. Qwick Code tokens are also known as Protection Codes or PCodes.

Passing Encrypted Card Swipe Data and Qwick Codes to the Payflow Gateway

The Payflow Gateway can process transactions for merchants who already have MagneSafe card readers or who accept MagTek Qwick Codes. You must have a MagneSafe card reader or the required Qwick Code information to use the MagTek specific parameters described below. Please contact MagTek directly for more information on obtaining the required card readers and codes.

When you pass MagneSafe encrypted card swipe data or a Qwick Code to the Payflow Gateway, Payflow will communicate directly with MagTek's Magensa servers to retrieve the payment card information. Payflow then passes the transaction data onto your merchant bank.

Supported Transaction Types Encrypted card swipe or Qwick Code (PCode) requests can be used with the following Payflow transaction types:

  • Authorization (TRXTYPE=A)
  • Credit (TRXTYPE=C)
  • Delayed Capture (TRXTYPE=D)
  • Sale (TRXTYPE=S)
  • Void (TRXTYPE=V)

Encrypted Card Swipe Payflow Example

The purpose of this example is to show you how to format a request.You cannot use the values in this example for testing. You must have a MagneSafe card reader and test credit cards or live credit cards to send a request to the Payflow Gateway. Please contact MagTek for more information on obtaining card readers.

Request

This request contains regular Payflow parameters along with required MagTek parameters:

TRXTYPE=A&TENDER=C&VENDOR=MerchantUserID&PARTNER=PayPal&USER= UserIDIfAvailOrSameAsVendor&PWD=Pwd4Gateway&VERBOSITY=HIGH&CARDTYPE=1&SWIPEDECRHOST=MAGT&ENCTRACK2=82C69E600FF72FC1755509A76AD049E896A6EEA64D9BB2F203DF8AAD78265E90F4F8952A9AC03CFC&AMT=11.00&ENCMP=71AB2EE7A15887C36B8A23FED1CE7E6404D98119E24D15549E9B69AB6ABFB251C4A607D6A718B494449B506B7555BF8ED5FA4A9E2A6B814B&KSN=9011400B02AA0E00002B&MPSTATUS=3162209&ENCRYPTIONBLOCKTYPE=1&REGISTEREDBY=PayPal&MAGTEKCARDTYPE=1&DEVICESN=B02AA0E12151

See the Encrypted Card Swipe Transactions - Request Parameters for more information.

Response

If successful, the response will contain the standard Payflow response parameters for your transaction type:

RESULT=0&PNREF=V24A0A55E168&RESPMSG=Approved&AUTHCODE=098PNI00PN&HOSTCODE=A&VISACARDLEVEL=12

If you do not pass the required MagTek parameters, you will see: RESULT=7 in the response along with a MagTek specific error message, such as:

MAGTRESPONSE=H178-ENCTRACK2 has incorrect format.

See the Encrypted Card Swipe Transactions - Response Parameters for more information.

Qwick Code - PCode - Payflow Example

The purpose of this example is to show you how to format a request.You cannot use the values in this example for testing. You must have a MagTek test Qwick Code or live Qwick Codes to send a request to the Payflow Gateway. Please contact MagTek for more Qwick Code information.

Request

This request contains regular Payflow parameters along with required MagTek parameters:

TRXTYPE=A&TENDER=C&VENDOR=MerchantUserID&PARTNER=PayPal&USER=UserIDIfAvailOrSameAsVendor
&PWD=Pwd4Gateway&VERBOSITY=HIGH&AMT=18&SWIPEDECRHOST=MAGT&PCODE=23456789
&MERCHANTID=MerchantID123&MERCHANTNAME=MerchantName&PAN4=1234&BILLTOLASTNAME=Miller
&BILLTOZIP=95131&SHIPTOZIP=94089&AUTHVALUE1=1234&AUTHVALUE2=5678
&AUTHVALUE3=9012

See the Qwick Code - PCode - Transaction Request Parameters for more information.

Response

If successful, the response will contain the standard Payflow response parameters for your transaction type:

RESULT=0&PNREF=V24A0A55E19C&RESPMSG=Approved&AUTHCODE=474PNI00PN&HOSTCODE=A
&VISACARDLEVEL=12

If you do not pass the required MagTek parameters, you will see: RESULT=7 in the response along with a MagTek specific error message, such as:

MAGTRESPONSE=H364-MERCHANTID has incorrect format.

See the Qwick Code - PCode - Transaction Response Parameters for more information.

Parameters for Encrypted Card Swipe Transactions

Encrypted Card Swipe Transactions - Request Parameters

Field Required Description Data type Length
ENCMP Required Encrypted MagnePrint Information returned by a MagneSafe device when a card is swiped.String
ENCRYPTIONBLOCKTYPE Required The code which indicates what type of Encryption Block is used. 1=MagneSafe V4/V5 compatible 2TDEA-CBC Encryption, IV=0 Block contains data only.2=iPad V1 compatible 2TDEA-CBC Encryption Block contains header + data. Integer 1
ENCTRACK2 Required Encrypted Track 2 information returned by a MagneSafe device when a card is swiped. String
KSN Required 20 character string returned by a MagneSafe device when a card is swiped. String 20 char
MAGTEKCARDTYPE Required The code which indicates what type of Card Data Format is being submitted. 1=Encoding Format for Financial Transaction Cards (ISO 7811). Integer
MPSTATUS Required MagnePrint Status of Card Swipe. This is an alpha numeric string, returned by a MagneSafe device when a card is swiped.
REGISTEREDBY Required An alpha numeric entry between 1 and 20 characters long. Alphanumeric [a-z][A-Z][0-9] 1 to 20 char
SWIPEDECRHOST Required MAGT is the only value that is accepted in the SWIPEDECRHOST parameter. If you pass a different value you will see RESULT=7 and MAGTRESPONSE with an error message in the response.
DEVICESN Optional The device serial number. String
ENCTRACK1 Optional Encrypted Track 1 information returned by a MagneSafe device when a card is swiped. String
ENCTRACK3 Optional Encrypted Track 3 information returned by a MagneSafe device when a card is swiped. String

Encrypted Card Swipe Transactions - Response Parameters

Field Required Description Data type Notes
MAGTRESPONSE This parameter appears in the response if a data validation error occurs or if the MagTek processor throws an error. String See the Magtek error codes for more information.

Parameters for MagTek Qwick Code - PCode - Transactions

Qwick Code - PCode - Transaction Request Parameters

Field Required Description Data type Length
MERCHANTID Required Your Merchant ID or the Merchant ID of the merchant redeeming the Protection Code. String 1 to 40 characters
PAN4 Required The last four digits of the PAN / account number encoded in the card. String Four characters
PCODE Required The generated Protection Code. String Eight character alphanumeric
SWIPEDECRHOST Required MAGT is the only value currently accepted in the SWIPEDECRHOST parameter.
AUTHVALUE1 Optional Authentication Value 1generated with the PCode. String
AUTHVALUE2 Optional Authentication Value 2 generated with the PCode. String
AUTHVALUE3 Optional Authentication Value 3 generated with the PCode. String
BILLTOEMAIL Optional Purchaser's email address. String
BILLTOLASTNAME Optional The last name of the card holder encoded in the card. String
BILLT0ZIP Optional The billing zipcode. String
MAGTEKUSERNAME Optional MagTek username. String
MAGTEKPWD Optional MagTek password. String
MERCHANTNAME Optional
SHIPTOZIP Optional Shipping zipcode. String

Qwick Code - PCode - Transaction Response Parameters

Field Description Data Type Notes
MAGTRESPONSE This only appears in the response if a data validation error occurs or if the MagTek processor throws an error. String See the Magtek error codes below for more information.

MagTek Error Codes and Messages

If an error occurs, you will see one of the following error codes in the MAGTRESPONSE response parameter.

Encrypted Card Swipe Transactions - Input Validation Error Codes

Error Message Notes
H023 - REGISTEREDBY has incorrect length
H024 - REGISTEREDBY has incorrect format
H176 - ENCTRACK1 has incorrect format
H177 - ENCTRACK1 has incorrect length
H178 - ENCTRACK2 has incorrect format
H179 - ENCTRACK2 has incorrect length
H180 - ENCTRACK3 has incorrect format
H181 - ENCTRACK3 has incorrect length
H182 - ENCMP has incorrect format
H183 - ENCMP has incorrect length
H186 - KSN has incorrect format
H187 - KSN has incorrect length
H188 - MPSTATUS has incorrect format
H189 - MPSTATUS has incorrect length
H206 - Invalid CARDTYPE Invalid MAGTEKCARDTYPE
H211 - Invalid ENCRYPTIONBLOCKTYPE
H219 - Invalid OUTPUTFORMATCODE
H251 - Invalid DEVICESN

Encrypted Card Swipe Transactions - Other Error Codes

Error Message Notes
Y001 - No PAN Found in Track2 Data
Y003 - Device is not allowed MagTek maintains a list of registered Devices.
Y093 - Invalid MagnePrint Error obtained while Scoring Transaction MagnePrint against a Reference MagnePrint made up of Zeros.
Y094 - Invalid MagnePrint "Negative 2 - Invalid Transaction CRC / PAN" Obtained when Scoring Transaction MagnePrint against a Reference MagnePrint Made up of Zeros.
Y095 - Error Scoring Card
Y096 - Inactive MagnePrint Reference This occurs whenever the Card has an inactive MagnePrint Reference.
Y097 - Replay Prevented This occurs when the DUKPT KSN and Counter is replayed.
Y098 - Problem with Reader Data This occurs if there is a problem while decrypting the Data.

Qwick Code - PCode - Transaction Input Validation Error Codes

Error Message Notes
H330 - PCODE has incorrect length
H331 - PCODE has incorrect format
H336 - EMAIL has incorrect format BILLTOEMAIL has incorrect format
H337 - EMAIL has incorrect length BILLTOEMAIL has incorrect length
H348 - BTZIP has incorrect format BILLTOZIP has incorrect format
H349 - BTZIP has incorrect length BILLTOZIP has incorrect length
H360 - STZIP has incorrect format SHIPTOZIP has incorrect format
H361 - STZIP has incorrect length SHIPTOZIP has incorrect length
H364 - MERCHANTID has incorrect format
H365 - MERCHANTID has incorrect length
H366 - Invalid LASTNAME Invalid BILLTOLASTNAME
H375 - PAN4 has incorrect length
H376 - PAN4 has incorrect format
H380 - Invalid AUTHVALUE1
H381 - Invalid AUTHVALUE2
H382 - Invalid AUTHVALUE3
H383 - Invalid MERCHANTNAME
H384 - Invalid USERNAME Invalid MAGTEKUSERNAME
H385 - Invalid PASSWORD Invalid MAGTEKPWD

Qwick Code - PCode - Transaction Other Error Codes

Error Message Notes
P021 - Invalid Protection Code - Not Found.
P022 - Revoked Protection Code. This Protection Code has already been revoked.
P028 - Expired Protection Code.
P031 - Last 4 of PAN mismatch.
P032 - LASTNAME mismatch. BILLTOLASTNAME mismatch.
P033 - MERCHANTID is locked.
P034 - Protection Code can no longer be Redeemed.
P035 - USERNAME mismatch. MAGTEKUSERNAME given does not match the one stored.
P036 - PASSWORD mismatch. MAGTEKPWD given does not match the one stored.
P037 - EMAIL mismatch. BILLTOEMAIL given does not match the one stored.
P038 - BTZIP mismatch. BILLTOZIP given does not match the one stored.
P039 - STZIP mismatch. SHIPTOZIP given does not match the one stored.
P040 - AUTHVALUE1 mismatch. AUTHVALUE1 given does not match the one stored.
P041 - AUTHVALUE2 mismatch. AUTHVALUE2 given does not match the one stored.
P042 - AUTHVALUE3 mismatch. AUTHVALUE3 given does not match the one stored.
P098 - Problem with Reader Data This occurs if there is a problem while decrypting the Data.

Payflow Gateway Tokenization

Tokenization services offered by card brands and issuers generate a token or a unique card account number that can be substituted for the cardholder's actual card number to be used for an online or mobile payment transactions. The token is restricted in its expiry date, how it can be used with specific devices, merchants, transaction types or under other conditions. For example, the token may expire in one or two months from its issue date and may only be valid for a particular merchant.

American Express Tokenization

The American Express processor is now participating in the industry standard for payment tokenization. You can send the following tokenization fields to Payflow. Payflow passes this tokenization information to the American Express processor and does not save token data sent by the merchant in any form.

Field Description
IsSmartDevice Identifies whether this transaction is coming from a smart device, such as a smartphone. If this value is true (Y), Payflow expects the AmexToken parameter. Possible values are Y or N.
Character Length and Limitations: 1 alphanumeric character.
AmexToken Token value for this tokenization transaction.
Character Length and Limitations: 80 alphanumeric characters.

Payflow Gateway FAQs

You can find more Payflow frequently asked questions here. The following FAQs are specific to Payflow integration details.

How do I determine which version of the Payflow Gateway SDK I have?

See this Merchant Technical Support (MTS) knowledge base article to determine your Payflow SDK version.

How do I contact Payflow Support?

Go to https://manager.paypal.com/jsp/common/contactUs.jsp to obtain the Payflow Support phone number for your region.