In-flight call-backs

In-flight callbacks allow your systems an opportunity to make decisions about the transaction while it is being processed. We will send a request to the specified endpoint which contains all the information we have about the transaction at that stage, and provides a list of available actions. Your callback handler can then decide which of these actions to take – such as proceeding with or aborting the transaction. A callback can be used to add extra custom fields to a transaction, and for Hosted Cashier sessions, you can instruct us to redirect the customer to a URL of your choice for additional processing before resuming the transaction.

Callbacks are made in real time, and interrupt transaction processing – your handler needs to respond promptly and correctly, as described below. If you only want to receive a request when the transaction is completed, and don’t need to interrupt the flow, then you should use a Notification.

Stages at which callbacks can occur

Pre-Auth

Pre-auth callbacks are made prior to sending the transaction for authorisation, but after most other processing has taken place.

Our request will include all the transaction data we originally received, plus the results of any enrichment or additional processing. The 3D Secure outcome (if applicable) will be available, as will the results of Optimize rules. For Hosted Cashier sessions, if a custom field input was added by the skin, the value will be available at this stage.

Available actions will include aborting the transaction, as well as proceeding with it, so a pre-auth callback is a good choice for most integrations where additional decision making is needed.

Post-Auth

Post-auth callbacks are made after the transaction is authorised, and before it has been finalised.

Our request will include the same data as for a pre-auth callback, but will also include any information that can only be obtained from the authorisation process – such as CV2 and AVS check results for card transactions.

Depending upon the payment method or processing route, a post-auth callback may or may not be able to abort the transaction. If you choose to use a post-auth callback, you must ensure your handler is working properly and can cope with unexpected inputs, since it may have a significant impact if it malfunctions. If you’re not sure whether a post-auth callback is suitable for your needs, please contact us and we can give you more tailored advice.

Requesting a callback

To receive a callback, provide a callbacks entry in your request and populate details for the relevant stage, including the endpoint URL.

The host name in your callback URL must be resolvable in public DNS, and may not include pay360.com or any of its sub-domains. The effective IP address for the endpoint must be a public routable address (no local addresses; nothing reserved in RFC 1918). We support connecting to merchant endpoints on ports 80 or 8080 (for HTTP) and 443 or 8443 (for HTTPS).

If defaults for the type of callback requested are set on your account, the details provided in the transaction request will take precedence.

Below is the reference of how you can construct the callback entry in your request:

callbacks {
preAuthCallback {	Details of the callback made before the transaction is sent for authorisation.
format	string Possible Values: REST_JSON, REST_XML The format of the callback content. Defaults to REST_JSON.
url	string Mandatory The URL you want the callback to be sent to. This will override any defaults set on your account. Where a default is set and a blank URL field is specified, no callback will be sent.
}
postAuthCallback {	Details of the callback made after the transaction is sent for authorisation.
format	string Possible Values: REST_JSON, REST_XML The format of the callback content. Defaults to REST_JSON.
url	string Mandatory The URL you want the callback to be sent to. This will override any defaults set on your account. Where a default is set and a blank URL field is specified, no callback will be sent.
}
}

Responding to callbacks

As noted above, your callback handler must respond promptly and correctly to our requests:

a response is required within 30 seconds
the response must have HTTP status 200; we do not support following redirects
the response must be well-formed, and specify one of the actions listed in the callback request

For Hosted Cashier requests you can additionally request that the Customer be redirected to a URL of your choice whilst the transaction is in-flight thus tailoring the payment experience to your business needs.

If your handler does not respond properly or in time, we will automatically continue processing. Wherever possible, we will try to cancel the transaction, but please note that some payment methods, transaction types or processing routes are unable to cancel a transaction at this stage. A malfunctioning callback handler may result in unwanted cancellations, or unwanted complete transactions.

The Pay360 IP address space is 185.161.164.0/22, which covers 1024 addresses from 185.161.164.0 through 185.161.167.255 inclusive. Requests that we originate, including callbacks, will come from an address within this range. The exact addresses we use may vary from time to time.

Our APIs are continuously evolving. We will not take any fields away without giving advanced notice, but we may add new fields at any time. Your integration must be able to cope with the appearance of new fields.

PreAuthPostAuth

Callback Examples

Receive and reply to a PreAuth Callback


POST {callbacks.preAuthCallback.url}
{
  "availableActions": {
    "action": [
      "PROCEED",
      "CANCEL",
      "SUSPEND",
      "SUSPEND_REPLAY"
    ]
  },
  "processing": {
    "model": "MANAGE"
  },
  "customFields": {},
  "paymentMethod": {
    "registered": true,
    "card": {
      "cardToken": "MT_NhHHc94RTa-ZRl8WP8b8pg",
      "cardFingerprint": "Yle1QlODkDGdrsfHzW8LoKmvLlw=",
      "new": false,
      "cardType": "VISA_DEBIT",
      "cardUsageType": "DEBIT",
      "cardScheme": "VISA",
      "cardCategory": "DEBIT",
      "maskedPan": "990200******5132",
      "expiryDate": "0921",
      "issuer": "PAY360 TESTING",
      "issuerCountry": "GBR",
      "cardHolderName": "John Smith",
      "cardNickname": "John"
    },
    "billingAddress": {
      "line1": "Flat 1 ",
      "line2": "Cauldron house",
      "line3": "A Street",
      "line4": "Twertonia",
      "city": "Bath",
      "region": "Somerset",
      "postcode": "BA1 234",
      "country": "United Kingdom",
      "countryCode": "GBR"
    },
    "paymentClass": "CARD",
    "reuse": {
      "storage": "NEW",
      "agreement": "ADHOC",
      "originalSchemeReference": "111gbp976baafd7493462FMeee100z00"
    }
  },
  "customer": {
    "merchantRef": "mer_cust_13",
    "id": "2240250",
    "displayName": "Mr J Smith",
    "billingAddress": {
      "line1": "Flat 1 ",
      "line2": "Cauldron house",
      "line3": "A Street",
      "line4": "Twertonia",
      "city": "Bath",
      "region": "Somerset",
      "postcode": "BA1 234",
      "country": "United Kingdom",
      "countryCode": "GBR"
    },
    "email": "[email protected]",
    "dob": "1995-11-20",
    "telephone": "0123 456 789",
    "defaultCurrency": "GBP",
    "ip": "212.58.253.67",
    "registered": true
  },
  "transaction": {
    "transactionId": "10124916021",
    "merchantRef": "mer_txn_1234556",
    "merchantDescription": "Sample Transaction",
    "stage": "AUTHORISATION",
    "type": "PAYMENT",
    "amount": 100,
    "currency": "GBP",
    "transactionTime": "2020-09-22T12:48:28.623+01:00",
    "receivedTime": "2020-09-22T12:48:28.623+01:00",
    "customerInitiated": true
  },
  "installationId": "5306285"
}

HTTP/1.1 200
{
  "callbackResponse": {
    "preAuthCallbackResponse": {
      "action": "PROCEED"
    }
  }
}

Receive and reply to a PreAuth Callback including custom fields and redirect URL in response


POST {callbacks.preAuthCallback.url}
{
  "availableActions": {
    "action": [
      "PROCEED",
      "CANCEL",
      "SUSPEND",
      "SUSPEND_REPLAY"
    ]
  },
  "processing": {
    "model": "MANAGE"
  },
  "customFields": {},
  "paymentMethod": {
    "registered": true,
    "card": {
      "cardToken": "MT_NhHHc94RTa-ZRl8WP8b8pg",
      "cardFingerprint": "Yle1QlODkDGdrsfHzW8LoKmvLlw=",
      "new": false,
      "cardType": "VISA_DEBIT",
      "cardUsageType": "DEBIT",
      "cardScheme": "VISA",
      "cardCategory": "DEBIT",
      "maskedPan": "990200******5132",
      "expiryDate": "0921",
      "issuer": "PAY360 TESTING",
      "issuerCountry": "GBR",
      "cardHolderName": "John Smith",
      "cardNickname": "John"
    },
    "billingAddress": {
      "line1": "Flat 1 ",
      "line2": "Cauldron house",
      "line3": "A Street",
      "line4": "Twertonia",
      "city": "Bath",
      "region": "Somerset",
      "postcode": "BA1 234",
      "country": "United Kingdom",
      "countryCode": "GBR"
    },
    "paymentClass": "CARD",
    "reuse": {
      "storage": "NEW",
      "agreement": "ADHOC",
      "originalSchemeReference": "111gbp976baafd7493462FMeee100z00"
    }
  },
  "customer": {
    "merchantRef": "mer_cust_13",
    "id": "2240250",
    "displayName": "Mr J Smith",
    "billingAddress": {
      "line1": "Flat 1 ",
      "line2": "Cauldron house",
      "line3": "A Street",
      "line4": "Twertonia",
      "city": "Bath",
      "region": "Somerset",
      "postcode": "BA1 234",
      "country": "United Kingdom",
      "countryCode": "GBR"
    },
    "email": "[email protected]",
    "dob": "1995-11-20",
    "telephone": "0123 456 789",
    "defaultCurrency": "GBP",
    "ip": "212.58.253.67",
    "registered": true
  },
  "transaction": {
    "transactionId": "10124916021",
    "merchantRef": "mer_txn_1234556",
    "merchantDescription": "Sample Transaction",
    "stage": "AUTHORISATION",
    "type": "PAYMENT",
    "amount": 100,
    "currency": "GBP",
    "transactionTime": "2020-09-22T12:48:28.623+01:00",
    "receivedTime": "2020-09-22T12:48:28.623+01:00",
    "customerInitiated": true
  },
  "installationId": "5306285"
}

HTTP/1.1 200
{
  "callbackResponse": {
    "preAuthCallbackResponse": {
      "action": "PROCEED",
      "customFields": {
        "fieldState": [
          {
            "name": "someCustomField",
            "value": "a2"
          }
        ]
      },
      "redirect": {
        "url": "http://someurl.com",
        "frame": "CONTAINER"
      }
    }
  }
}

Merchant endpoint

endpoint: merchant defined pre-auth callback URL (endpoint)

method: POST

summary: process a pre-auth callback request

request body:

{
availableActions {	The actions you can ask us to perform in the callback response.
action [	array
	string Possible Values: PROCEED, SUSPEND, SUSPEND_REPLAY, CANCEL
]
}
locale	string The ISO-639 code for your Customer’s locale.
processing {
route	string The name of the processing engine your transaction was submitted to.
voidSuccessful	boolean Indicates if the transaction was voided by a Post Authorisation callback.
authResponse {
statusCode	string The code for the status received from the authoriser, if applicable.
acquirerReference	string The reference received from the authoriser for your transaction, if applicable.
acquirerName	string Name of the authoriser, if applicable.
message	string The message received from the authoriser, if applicable.
authCode	string The code received from the authoriser, if applicable.
gatewayReference	string The reference received from the processing engine.
gatewaySettlement	string The date the processing engine will settle the transaction. in YYYY-MM-DD format.
gatewayCode	string The code for the status received from the processing engine.
gatewayMessage	string The message received from the processing engine.
avsAddressCheck	string Possible Values: NOT_CHECKED, FULL_MATCH, NOT_MATCHED, NOT_PROVIDED Results for the Address Verification checks, if applicable, if applicable.
avsPostcodeCheck	string Possible Values: NOT_CHECKED, FULL_MATCH, NOT_MATCHED, NOT_PROVIDED Results for the PostCode Verification checks, if applicable.
cv2Check	string Possible Values: NOT_CHECKED, MATCHED, NOT_MATCHED Results for the CV2 Verification checks, if applicable.
gatewayStatus	string The status received from the processing engine.
status	string Possible Values: AUTHORISED, DECLINED, REVERSED, REVERSE_FAILED, ERROR The status received from the authoriser, if applicable.
}
}
threeDSecure {	Information about the 3D Secure status of your transaction.
version	integer Possible Values: 1, 2 Major version of 3D Secure applied to this transaction.
protocolVersion	string Possible Values: 1.0.2, 2.1.0, 2.2.0 Full protocol version of 3D Secure applied to this transaction.
versionsAttempted[ {	Versions of 3D Secure that were attempted for this transaction, in order of use. This can be used to determine when 3DSv2 could not be used, and why. A version will only be included in this list if it was meaningfully attempted, which means that the transaction must have been eligible (e.g. type, channel, payment method etc.) and the merchant’s account must have been capable (e.g. the corresponding 3D Secure version was enabled on the MID, etc.) This property may be populated even if no others in this section are, e.g. to indicate that the issuer didn’t support any version of 3D Secure.
version	integer Possible Values: 1, 2 Major version of 3D Secure that was attempted.
availability	string Possible Values: INSUFFICIENT_DATA, ISSUER_NO_V2, ISSUER_NO_V1, ISSUER_NO_3DS, ERROR, AVAILABLE High-level indication of the actual availability of the given 3D Secure version and what happened during the attempt to use it.
} ]
scheme	string The scheme that processed the transaction for 3DS.
eci	string The eCommerce indicator for the transaction.
status	string Possible Values: AUTHENTICATED, BYPASSED, FAILED, NOT_ENROLLED, ATTEMPTED, ENROLMENT_CHECK_FAILURE, INCOMPLETE, NOT_AVAILABLE, NOT_IMPLEMENTED The overall 3DS result for the transaction.
xid	string The ID used during 3DSv1 processing.
threeDSServerTransId	string Pay360 3DSv2 transaction ID.
dsTransactionId	string Directory Server 3DSv2 transaction ID.
acsTransactionId	string Access Control Server (ACS) 3DSv2 transaction ID.
challengeRequest	string Possible Values: NO_PREFERENCE, NO_CHALLENGE_REQUESTED, CHALLENGE_REQUESTED, CHALLENGE_MANDATED Indicates whether a challenge was ultimately requested or not; this reflects the final 3DSv2 request made by Pay360 after taking into account any merchant preference and card scheme rules.
frictionless	boolean Whether the cardholder was authenticated without a challenge (frictionless flow).
authenticationStatus	string Possible Values: AUTHENTICATED, ATTEMPTED, FAILED, ERROR The status of 3DSv1 authentication check.
authenticationIndicator	string Possible Values: Y, A, N, U The indicator of the 3DSv1 authentication status.
enrolmentIndicator	string Possible Values: Y, N, U The indicator of the 3DSv1 enrolment status.
enrolmentDateTime	string The date and time the 3DSv1 enrolment check was performed in ISO-8601 format.
enrolmentStatus	string Possible Values: ENROLLED, NOT_ENROLLED, UNABLE_TO_AUTHENTICATE The status of the 3DSv1 enrolment check.
cardHolderMessage	string Message returned by the issuer containing instructions for the cardholder. See 3D Secure 2 for guidance on handling.
}
paymentMethod {
paymentClass	string The classification of payment method used. Eg. Card, Cash, PayPal.
registered	boolean Indicates that the customer choose to register this card payment method. This field will not be present for non-card payment methods.
isPrimary	boolean Indicates if this was Customer’s primary registered payment method.
card {
issueNumber	string The issue number of the card used in the request.
cardToken	string The token for the card.
cardHolderName	string The Cardholder’s name.
issuer	string The Issuer of the card.
maskedPan	string The masked card number. eg. 123456******1234.
issuerCountry	string The country of the card Issuer.
expiryDate	string The expiry date of the card. Formatted as MMYY.
validDate	string The valid from date of the card. Formatted as MMYY.
cardType	string The type of card. Eg. MC_DEBIT, VISA_CREDIT, AMEX.
cardUsageType	string The usage type of card. Eg. DEBIT, CREDIT.
cardScheme	string The scheme of card. Eg. VISA, MASTERCARD, AMEX.
cardCategory	string The category of card. Eg. CREDIT, DEBIT, CORPORATE, BUSINESS.
cardNickname	string The name the Customer provided for their Card to allow easy selection where they registered multiple cards.
}
billingAddress {	The billing address of the Customer. Will be used for AVS checks.
line1	string Line 1 of the Customer’s billing address.
line2	string Line 2 of the Customer’s billing address.
line3	string Line 3 of the Customer’s billing address.
line4	string Line 4 of the Customer’s billing address.
city	string City of the Customer’s billing address.
region	string Region of the Customer’s billing address.
postcode	string Post Code of the Customer’s billing address.
country	string Country name of the Customer’s billing address.
countryCode	string The 3 character ISO-3166-1 code for the Customer’s billing address country.
}
}
customer {
id	string The ID given to the Customer by the processing engine.
email	string Email address for the Customer.
merchantRef	string Your reference for the Customer.
defaultCurrency	string
dob	string Date of birth for the Customer.
billingAddress {	The address of the Customer.
line1	string Line 1 of the Customer’s address.
line2	string Line 2 of the Customer’s address.
line3	string Line 3 of the Customer’s address.
line4	string Line 4 of the Customer’s address.
city	string City of the Customer’s address.
region	string Region of the Customer’s address.
postcode	string Post Code of the Customer’s address.
country	string Country name of the Customer’s address.
countryCode	string The 3 character ISO-3166-1 code for the Customer’s address country.
}
displayName	string The Customer’s name.
telephone	string Telephone number for the Customer.
ip	string The Customer’s IP address.
}
financialServices {	Supplementary data for Financial Services payments, echoed from the original request
dateOfBirth	string Date of birth of the recipient
surname	string Surname/family name of the recipient
accountNumber	string Account number used to identify the recipient or loan
postCode	string First part of the recipient’s postal code
}
accountFunding {	Supplementary data for Account Funding Transactions (AFT), echoed from the original request
recipient {	Details about the funding recipient
givenName	string Recipient’s given name
surname	string Recipient’s surname/family name
address	string Recipient’s address
city	string Recipient city
state	string Recipient state/province code
countryCode	string Recipient country code (ISO-3166-alpha-3)
}
}
transaction {
transactionId	string Our ID for the transaction.
deferred	boolean Indicates if the Payment capture is deferred.
merchantRef	boolean Your reference for the transaction.
merchantDescription	string The description of the transaction provided in the request.
status	string Possible Values: SUCCESS, FAILED, PENDING, EXPIRED, CANCELLED, VOIDED The current state of the transaction.
type	string Possible Values: PAYMENT, PREAUTH, PAYOUT, REFUND, CAPTURE, CANCEL, REPEAT, PAYMENT_INITIALIZE, PAYMENT_COMPLETE, PAYOUT_INITIALIZE, PAYOUT_COMPLETE, CASH_ISSUE, CASH_PAYMENT Indicates the type of the transaction.
amount	float Indicates the amount of the transaction.
currency	string Indicates the currency of the transaction. Use the 3 character ISO-4217 code.
transactionTime	string The date and time we processed the transaction in ISO-8601 format.
receivedTime	string The date and time we received the transaction in ISO-8601 format.
commerceType	string Possible Values: ECOM, MOTO, CNP The Commerce Type of the transaction.
channel	string Possible Values: WEB, MOBILE, SMS, RETAIL, MOTO, IVR, OTHER The Sales Channel of the transaction.
relatedTransaction {	This field is not applicable for Payments. In case of Refunds it indicates the transaction that was refunded.
transactionId	string Our ID for the transaction that was original.
merchantRef	string Your reference for the transaction that was original.
}
}
sessionId	string Your reference for the Customer’s session.
installationId	string Installation used to process the transaction.
}

response:

{
action	string Possible Values: PROCEED, SUSPEND, SUSPEND_REPLAY, CANCEL The action you want us to perform.
redirect {	The URL to direct the customer to in the case of a pre authorisation SUSPEND action. If this is a hosted request, we will redirect your customer to this URL. If this is an API request, the URL will be returned to you in the transaction response.
url	string
frame	string Possible Values: CONTAINER, TOP
}
return {	The URL to direct your customer to once transaction processing is complete. If this is a hosted request, we will redirect your customer to this URL. If this is an API request the URL will be returned to you in the transaction response.
url	string
}
}

Callback Examples

Receive and reply to a PostAuth Callback


POST {callbacks.postAuthCallback.url}
{
  "availableActions": {
    "action": [
      "PROCEED",
      "CANCEL"
    ]
  },
  "processing": {
    "model": "MANAGE",
    "authResponse": {
      "statusCode": "00",
      "acquirerName": "Barclays Merchant Services",
      "message": "Approved - no action",
      "authCode": "025929",
      "gatewayReference": "111gbpefc346c7b63c961FMeee100z00",
      "gatewayCode": "000.000.000",
      "gatewayMessage": "Transaction succeeded",
      "avsAddressCheck": "FULL_MATCH",
      "avsPostcodeCheck": "FULL_MATCH",
      "cv2Check": "MATCHED",
      "status": "AUTHORISED",
      "correlationIds": []
    },
    "route": "PAYON"
  },
  "customFields": {},
  "paymentMethod": {
    "registered": true,
    "card": {
      "cardToken": "MT_NhHHc94RTa-ZRl8WP8b8pg",
      "cardFingerprint": "Yle1QlODkDGdrsfHzW8LoKmvLlw=",
      "new": false,
      "cardType": "VISA_DEBIT",
      "cardUsageType": "DEBIT",
      "cardScheme": "VISA",
      "cardCategory": "DEBIT",
      "maskedPan": "990200******5132",
      "expiryDate": "0921",
      "issuer": "PAY360 TESTING",
      "issuerCountry": "GBR",
      "cardHolderName": "John Smith",
      "cardNickname": "John"
    },
    "billingAddress": {
      "line1": "Flat 1 ",
      "line2": "Cauldron house",
      "line3": "A Street",
      "line4": "Twertonia",
      "city": "Bath",
      "region": "Somerset",
      "postcode": "BA1 234",
      "country": "United Kingdom",
      "countryCode": "GBR"
    },
    "paymentClass": "CARD",
    "reuse": {
      "storage": "NEW",
      "agreement": "ADHOC",
      "originalSchemeReference": "111gbp976baafd7493462FMeee100z00",
      "receivedSchemeReference": "111gbpefc346c7b63c961FMeee100z00"
    }
  },
  "customer": {
    "merchantRef": "mer_cust_13",
    "id": "2240250",
    "displayName": "Mr J Smith",
    "billingAddress": {
      "line1": "Flat 1 ",
      "line2": "Cauldron house",
      "line3": "A Street",
      "line4": "Twertonia",
      "city": "Bath",
      "region": "Somerset",
      "postcode": "BA1 234",
      "country": "United Kingdom",
      "countryCode": "GBR"
    },
    "email": "[email protected]",
    "dob": "1995-11-20",
    "telephone": "0123 456 789",
    "defaultCurrency": "GBP",
    "ip": "212.58.253.67",
    "registered": true
  },
  "transaction": {
    "transactionId": "10124916026",
    "merchantRef": "mer_txn_1234556",
    "merchantDescription": "Sample Transaction",
    "status": "SUCCESS",
    "stage": "AUTHORISATION",
    "type": "PAYMENT",
    "amount": 100,
    "currency": "GBP",
    "transactionTime": "2020-09-22T22:57:13.452+01:00",
    "receivedTime": "2020-09-22T22:57:13.452+01:00",
    "customerInitiated": true
  },
  "installationId": "5306285"
}

HTTP/1.1 200
{
  "callbackResponse": {
    "postAuthCallbackResponse": {
      "action": "PROCEED"
    }
  }
}

Receive and reply to a PostAuth Callback including custom fields and a redirect URL in response


POST {callbacks.postAuthCallback.url}
{
  "availableActions": {
    "action": [
      "PROCEED",
      "CANCEL"
    ]
  },
  "processing": {
    "model": "MANAGE",
    "authResponse": {
      "statusCode": "00",
      "acquirerName": "Barclays Merchant Services",
      "message": "Approved - no action",
      "authCode": "025929",
      "gatewayReference": "111gbpefc346c7b63c961FMeee100z00",
      "gatewayCode": "000.000.000",
      "gatewayMessage": "Transaction succeeded",
      "avsAddressCheck": "FULL_MATCH",
      "avsPostcodeCheck": "FULL_MATCH",
      "cv2Check": "MATCHED",
      "status": "AUTHORISED",
      "correlationIds": []
    },
    "route": "PAYON"
  },
  "customFields": {},
  "paymentMethod": {
    "registered": true,
    "card": {
      "cardToken": "MT_NhHHc94RTa-ZRl8WP8b8pg",
      "cardFingerprint": "Yle1QlODkDGdrsfHzW8LoKmvLlw=",
      "new": false,
      "cardType": "VISA_DEBIT",
      "cardUsageType": "DEBIT",
      "cardScheme": "VISA",
      "cardCategory": "DEBIT",
      "maskedPan": "990200******5132",
      "expiryDate": "0921",
      "issuer": "PAY360 TESTING",
      "issuerCountry": "GBR",
      "cardHolderName": "John Smith",
      "cardNickname": "John"
    },
    "billingAddress": {
      "line1": "Flat 1 ",
      "line2": "Cauldron house",
      "line3": "A Street",
      "line4": "Twertonia",
      "city": "Bath",
      "region": "Somerset",
      "postcode": "BA1 234",
      "country": "United Kingdom",
      "countryCode": "GBR"
    },
    "paymentClass": "CARD",
    "reuse": {
      "storage": "NEW",
      "agreement": "ADHOC",
      "originalSchemeReference": "111gbp976baafd7493462FMeee100z00",
      "receivedSchemeReference": "111gbpefc346c7b63c961FMeee100z00"
    }
  },
  "customer": {
    "merchantRef": "mer_cust_13",
    "id": "2240250",
    "displayName": "Mr J Smith",
    "billingAddress": {
      "line1": "Flat 1 ",
      "line2": "Cauldron house",
      "line3": "A Street",
      "line4": "Twertonia",
      "city": "Bath",
      "region": "Somerset",
      "postcode": "BA1 234",
      "country": "United Kingdom",
      "countryCode": "GBR"
    },
    "email": "[email protected]",
    "dob": "1995-11-20",
    "telephone": "0123 456 789",
    "defaultCurrency": "GBP",
    "ip": "212.58.253.67",
    "registered": true
  },
  "transaction": {
    "transactionId": "10124916026",
    "merchantRef": "mer_txn_1234556",
    "merchantDescription": "Sample Transaction",
    "status": "SUCCESS",
    "stage": "AUTHORISATION",
    "type": "PAYMENT",
    "amount": 100,
    "currency": "GBP",
    "transactionTime": "2020-09-22T22:57:13.452+01:00",
    "receivedTime": "2020-09-22T22:57:13.452+01:00",
    "customerInitiated": true
  },
  "installationId": "5306285"
}

HTTP/1.1 200
{
  "callbackResponse": {
    "postAuthCallbackResponse": {
      "action": "PROCEED",
      "customFields": {
          "fieldState": [
            {
             "name": "someCustomField",
             "value": "a2"
            }
          ]
      },
      "redirect": {
        "url": "http://someurl.com",
        "frame": "CONTAINER"
      }
    }
  }
}

Merchant endpoint

endpoint: merchant defined post-auth callback URL (endpoint)

method: POST

summary: process a post-auth callback request

request body:

{
availableActions {	The actions you can ask us to perform in the callback response.
action [	array
	string Possible Values: PROCEED, SUSPEND, SUSPEND_REPLAY, CANCEL
]
}
locale	string The ISO-639 code for your Customer’s locale.
processing {
route	string The name of the processing engine your transaction was submitted to.
voidSuccessful	boolean Indicates if the transaction was voided by a Post Authorisation callback.
authResponse {
statusCode	string The code for the status received from the authoriser, if applicable.
acquirerReference	string The reference received from the authoriser for your transaction, if applicable.
acquirerName	string Name of the authoriser, if applicable.
message	string The message received from the authoriser, if applicable.
authCode	string The code received from the authoriser, if applicable.
gatewayReference	string The reference received from the processing engine.
gatewaySettlement	string The date the processing engine will settle the transaction. in YYYY-MM-DD format.
gatewayCode	string The code for the status received from the processing engine.
gatewayMessage	string The message received from the processing engine.
avsAddressCheck	string Possible Values: NOT_CHECKED, FULL_MATCH, NOT_MATCHED, NOT_PROVIDED Results for the Address Verification checks, if applicable, if applicable.
avsPostcodeCheck	string Possible Values: NOT_CHECKED, FULL_MATCH, NOT_MATCHED, NOT_PROVIDED Results for the PostCode Verification checks, if applicable.
cv2Check	string Possible Values: NOT_CHECKED, MATCHED, NOT_MATCHED Results for the CV2 Verification checks, if applicable.
gatewayStatus	string The status received from the processing engine.
status	string Possible Values: AUTHORISED, DECLINED, REVERSED, REVERSE_FAILED, ERROR The status received from the authoriser, if applicable.
}
}
threeDSecure {
version	integer Possible Values: 1, 2 Major version of 3D Secure applied to this transaction.
protocolVersion	string Possible Values: 1.0.2, 2.1.0, 2.2.0 Full protocol version of 3D Secure applied to this transaction.
versionsAttempted[ {	Versions of 3D Secure that were attempted for this transaction, in order of use. This can be used to determine when 3DSv2 could not be used, and why. A version will only be included in this list if it was meaningfully attempted, which means that the transaction must have been eligible (e.g. type, channel, payment method etc.) and the merchant’s account must have been capable (e.g. the corresponding 3D Secure version was enabled on the MID, etc.) This property may be populated even if no others in this section are, e.g. to indicate that the issuer didn’t support any version of 3D Secure.
version	integer Possible Values: 1, 2 Major version of 3D Secure that was attempted.
availability	string Possible Values: INSUFFICIENT_DATA, ISSUER_NO_V2, ISSUER_NO_V1, ISSUER_NO_3DS, ERROR, AVAILABLE High-level indication of the actual availability of the given 3D Secure version and what happened during the attempt to use it.
} ]
scheme	string The scheme that processed the transaction for 3DS.
eci	string The eCommerce indicator for the transaction.
status	string Possible Values: AUTHENTICATED, BYPASSED, FAILED, NOT_ENROLLED, ATTEMPTED, ENROLMENT_CHECK_FAILURE, INCOMPLETE, NOT_AVAILABLE, NOT_IMPLEMENTED The overall 3DS result for the transaction.
xid	string The ID used during 3DSv1 processing.
threeDSServerTransId	string Pay360 3DSv2 transaction ID.
dsTransactionId	string Directory Server 3DSv2 transaction ID.
acsTransactionId	string Access Control Server (ACS) 3DSv2 transaction ID.
challengeRequest	string Possible Values: NO_PREFERENCE, NO_CHALLENGE_REQUESTED, CHALLENGE_REQUESTED, CHALLENGE_MANDATED Indicates whether a challenge was ultimately requested or not; this reflects the final 3DSv2 request made by Pay360 after taking into account any merchant preference and card scheme rules.
frictionless	boolean Whether the cardholder was authenticated without a challenge (frictionless flow).
authenticationStatus	string Possible Values: AUTHENTICATED, ATTEMPTED, FAILED, ERROR The status of 3DSv1 authentication check.
authenticationIndicator	string Possible Values: Y, A, N, U The indicator of the 3DSv1 authentication status.
enrolmentIndicator	string Possible Values: Y, N, U The indicator of the 3DSv1 enrolment status.
enrolmentDateTime	string The date and time the 3DSv1 enrolment check was performed in ISO-8601 format.
enrolmentStatus	string Possible Values: ENROLLED, NOT_ENROLLED, UNABLE_TO_AUTHENTICATE The status of the 3DSv1 enrolment check.
cardHolderMessage	string Message returned by the issuer containing instructions for the cardholder. See 3D Secure 2 for guidance on handling.
}
paymentMethod {
paymentClass	string The classification of payment method used. Eg. Card, Cash, PayPal.
registered	boolean Indicates that the customer choose to register this card payment method. This field will not be present for non-card payment methods.
isPrimary	boolean Indicates if this was Customer’s primary registered payment method.
card {
issueNumber	string The issue number of the card used in the request.
cardToken	string The token for the card.
cardHolderName	string The Cardholder’s name.
issuer	string The Issuer of the card.
maskedPan	string The masked card number. eg. 123456******1234.
issuerCountry	string The country of the card Issuer.
expiryDate	string The expiry date of the card. Formatted as MMYY.
validDate	string The valid from date of the card. Formatted as MMYY.
cardType	string The type of card. Eg. MC_DEBIT, VISA_CREDIT, AMEX.
cardUsageType	string The usage type of card. Eg. DEBIT, CREDIT.
cardScheme	string The scheme of card. Eg. VISA, MASTERCARD, AMEX.
cardCategory	string The category of card. Eg. CREDIT, DEBIT, CORPORATE, BUSINESS.
cardNickname	string The name the Customer provided for their Card to allow easy selection where they registered multiple cards.
}
billingAddress {	The billing address of the Customer. Will be used for AVS checks.
line1	string Line 1 of the Customer’s billing address.
line2	string Line 2 of the Customer’s billing address.
line3	string Line 3 of the Customer’s billing address.
line4	string Line 4 of the Customer’s billing address.
city	string City of the Customer’s billing address.
region	string Region of the Customer’s billing address.
postcode	string Post Code of the Customer’s billing address.
country	string Country name of the Customer’s billing address.
countryCode	string The 3 character ISO-3166-1 code for the Customer’s billing address country.
}
}
customer {
id	string The ID given to the Customer by the processing engine.
email	string Email address for the Customer.
merchantRef	string Your reference for the Customer.
defaultCurrency	string
dob	string Date of birth for the Customer
billingAddress {	The address of the Customer.
line1	string Line 1 of the Customer’s address.
line2	string Line 2 of the Customer’s address.
line3	string Line 3 of the Customer’s address.
line4	string Line 4 of the Customer’s address.
city	string City of the Customer’s address.
region	string Region of the Customer’s address.
postcode	string Post Code of the Customer’s address.
country	string Country name of the Customer’s address.
countryCode	string The 3 character ISO-3166-1 code for the Customer’s address country.
}
displayName	string The Customer’s name.
telephone	string Telephone number for the Customer.
ip	string The Customer’s IP address.
}
financialServices {	Supplementary data for Financial Services payments, echoed from the original request
dateOfBirth	string Date of birth of the recipient
surname	string Surname/family name of the recipient
accountNumber	string Account number used to identify the recipient or loan
postCode	string First part of the recipient’s postal code
}
accountFunding {	Supplementary data for Account Funding Transactions (AFT), echoed from the original request
recipient {	Details about the funding recipient
givenName	string Recipient’s given name
surname	string Recipient’s surname/family name
address	string Recipient’s address
city	string Recipient city
state	string Recipient state/province code
countryCode	string Recipient country code (ISO-3166-alpha-3)
}
}
transaction {
transactionId	string Our ID for the transaction.
deferred	boolean Indicates if the Payment capture is deferred.
merchantRef	string Your reference for the transaction.
merchantDescription	string The description of the transaction provided in the request.
status	string Possible Values: SUCCESS, FAILED, PENDING, EXPIRED, CANCELLED, VOIDED The current state of the transaction.
type	string Possible Values: PAYMENT, PREAUTH, PAYOUT, REFUND, CAPTURE, CANCEL, REPEAT, PAYMENT_INITIALIZE, PAYMENT_COMPLETE, PAYOUT_INITIALIZE, PAYOUT_COMPLETE, CASH_ISSUE, CASH_PAYMENT Indicates the type of the transaction.
amount	float Indicates the amount of the transaction.
currency	string Indicates the currency of the transaction. Use the 3 character ISO-4217 code.
transactionTime	string The date and time we processed the transaction in ISO-8601 format.
receivedTime	string The date and time we received the transaction in ISO-8601 format.
commerceType	string Possible Values: ECOM, MOTO, CNP The Commerce Type of the transaction.
channel	string Possible Values: WEB, MOBILE, SMS, RETAIL, MOTO, IVR, OTHER The Sales Channel of the transaction.
relatedTransaction {	This field is not applicable for Payments. In case of Refunds it indicates the transaction that was refunded.
transactionId	string Our ID for the transaction that was original.
merchantRef	string Your reference for the transaction that was original.
}
}
sessionId	string Your reference for the Customer’s session.
installationId	string Installation used to process the transaction.
}

response:

{
action	string Possible Values: PROCEED, SUSPEND, SUSPEND_REPLAY, CANCEL
return {
url	string
}
}

Developer Documents

Pre-Auth

Post-Auth