Authorize a transaction

Start testing transactions.

At this point, the following steps should be complete:

  • Generate your API keys
  • Generate a swipe processor key
  • Create an issuer
  • Create a card program
  • Create a line of credit program
  • Create a customer
  • Create a line of credit account
  • Create a card

Next up, start testing your progress by authorizing transactions.

1. Authorize a transaction

The following request is used to authorize a transaction. Before diving into the details of the request, there are a few things to note.

This request uses a special set of headers:

  • x-user-id : This is the user ID associated with your Secure Payments account.
  • x-signature : This header uses the swipe processor token from your account and a pre-request script to create an HMAC-SHA-512 hash signature.
  • x-request-id : This is a randomly generated GUID that represents the request to create a swipe.

The payload of this request requires a random, unique transaction ID. This ID is used as a value within the "swipe_id" field and is used to identify the transaction.

We've written a pre-request script to help you get this request working in your own workspace:

// Generate and set variables used in the headers and payload of the request:
let uuid = require('uuid');
pm.collectionVariables.set('swipe-id', uuid.v4());

const message = pm.request.body.raw.replace('{{swipe-id}}', pm.collectionVariables.get('swipe-id'))
.replace('{{card-uuid}}', pm.collectionVariables.get('card-uuid'));
var hashHmacSHA512 = CryptoJS.HmacSHA512(message, pm.collectionVariables.get('swipe-processor-token')).toString();
pm.collectionVariables.set('signature', hashHmacSHA512);

Copy the script above and paste it into the Pre-request script section of your request. The script will automatically generate some of the headers you'll need for this request; however, it will require a little bit of work on your end. You'll need to set some collection-level variables that represent card-uuid, swipe-id, and swipe-processor-token to get this script to work.

With the pre-request script configured, the following request is sent to authorize a transaction. Note that the following variables from previous steps are used within the payload of this request:

  • {card-uuid} : the UUID of the card used to authorize the transaction
curl --request POST \
     --url https://swipes.loanpro.io/byoi/create \
     --header 'x-request-id: {x-request-id}' \
     --header 'x-signature: {x-signature}' \
     --header 'x-user-id: {x-user-id}' \
     --data '
{
  "swipe-id": "{swipe-id}",
  "card-uuid": "{card-uuid}",
  "amount": 24.97,
  "merchant-descriptor": "Target",
  "issuer-decline?": false,
  "authorization-advice?": false,
  "preauthorization?": false,
  "force-clearing?": false,
  "cash-advance?": false,
  "credit-authorization?": false,
  "sma?": false
}
'

You’ll notice the above example has seven payload parameters that use false as a value. These fields are swipe flags, and they’re used to determine how a swipe is handled by LoanPro and Secure Payments. When attempting a test DMS authorization, these fields are all set to false.

A successful authorization will result in the following response structure:

{
  "approved?": true,
  "status": "pending",
  "reason": null,
  "swipe": {
    "status": "pending",
    "swipe": {
      "card-present": "true",
      "cardholder-verified": "Yes",
      "amount": 24.97,
      "swipe-id": "710c9cd2-33e9-4652-8d47-aca02b482234",
      "sma": false,
      "authorization-tolerance": 0,
      "cvv3": "None",
      "authorized-amount": 24.97,
      "acquisition-method": "EMV Terminal",
      "updated": "2023-09-08T16:44:49Z",
      "ecommerce": "false",
      "network-merchant-id": "12sdf12fd",
      "offline-pin": "None",
      "card-uuid": "54e7a88f-5c8b-464b-abc5-fe9f20d7a436",
      "network-tx-id": "456df456fd",
      "arqc": "Validated",
      "created": "2023-09-08T16:44:49Z",
      "3ds": "None",
      "pin": "None",
      "issuer-decline": false,
      "status": "pending",
      "emv-terminal": "True",
      "credit-authorization": false,
      "issuer": {
        "transaction-id": "4455",
        "decline-reason": "None"
      },
      "force-clearing": false,
      "preauthorization": false,
      "network-risk-score": 0,
      "network": "Visa",
      "transaction-fee-amount": 0,
      "merchant": {
        "address": "2236 S 1300 E Ste D",
        "descriptor": "Target #9960",
        "name": "Target",
        "city": "Salt Lake City",
        "mcc": 5411,
        "longitude": -111.8560587,
        "state": "UT",
        "postal-code": "84106",
        "currency": {
          "requested-amount": 24.97,
          "currency": "USD",
          "conversion-rate": 1
        },
        "id": "01H9TTX4VMBWVTPGENQ1R90KYD",
        "latitude": 40.722187,
        "country": "USA"
      },
      "cardholder-verification-method": "CVV2",
      "metadata": "Some metadata",
      "avs-result": "Passed",
      "cvv2": "Validated",
      "requested-amount": 24.97,
      "authorization-advice": false,
      "cash-advance": false,
      "cvv1": "None"
    }
  }
}

This response includes the transaction information and its approval status. There are four fields within the response payload to pay close attention to:

  • "approved?" : boolean value that provides the approval status of the transaction
  • "status" : string value that provides the status of the transaction
  • "reason" : string value that provides a description of why the transaction was approved or denied
  • “swipe-id” : the ID of the swipe
    • Store this ID, as it will be used in follow-up requests to update a transaction.

These fields provide information regarding the result of the transaction, as decided by Secure Payments.

  • If a transaction is approved, the "approved?" field is returned as true and a transaction status is provided.
  • If a transaction is denied, "approved?" is returned as false, a transaction status is provided, and a reason for the denial is also listed.

This transaction was approved and moved to a pending status as it awaits a clearing or void event. However, transactions can be denied for several reasons:

ReasonMessageDescription
Issuer Decline“Issuer Decline - [decline reason]”This occurs when the card issuer automatically declines the transaction before it reaches Adaptive Wallet.
Restricted Card Status“Swipe authorization restricted by Card Status - Card Status: [blocking card status reason]”This occurs when the card has any status other than an active status.
Insufficient Available Balance“Insufficient Available Balance”This occurs when the line of credit account associated with the card has an insufficient available balance.
Insufficient Available Advance Balance“Insufficient Available Advance Balance”This occurs when the line of credit account associated with the card has an insufficient available advance balance.
Swipe Restricted“Swipe restricted due to [attribute of swipe that did not pass restriction logic]”, Swipe Restriction ID: [ID of card’s swipe restriction]”This occurs when a transaction’s attribute does not pass the Swipe Restriction rules set via the Card Program.
Spend Limit Exceeded“Swipe exceeds card’s Spend Limit”This occurs when the transaction amount exceeds the card’s determined spend limit.

View the API reference to learn more ↗