Transaction Token [/transaction_token]

Resource /v5/transaction_token

Before calling the endpoints purchase or refund a Transaction Token is required. In order to obtain the token, you need to call the transaction token endpoint. The transaction token needs to be passed as a parameter to the purchase or refund endpoint. Token is one per transaction. It is not reusable. It also has a 5 minute expiry time.

Method POST

Parameters

Name	Type	Length		Description
`company_token`	alphanumeric	128	Mandatory	The company token issued during the onboarding process

Return

Name	Type	Length	Description
`transaction_token`	alphanumeric	128	A unique one-time use transaction token that can be used for purchase or refund
`company_token`	alphanumeric	128	The same company token passed during the request

Request Transaction Token [POST]

Request (application/json)

  {
      "company_token": "7qmtV8nn621vX5ptbUbFGUXj6EFzQbB"
  }

Response 200 (application/json)

  {
      "transaction_token": "c71a6ae0-51ee-4610-804f-d017f284a1d3",
      "company_token": "7qmtV8nn621vX5ptbUbFGUXj6EFzQbB"
  }

Purchase [/purchase]

Resource /v5/purchase

Posting a Purchase [POST]

That is the endpoint to be called in order to process a payment. Method requires either the credit card details or the token of previously tokenized credit card.

Note: the request must hold a valid session token.

Parameters

Name	Type	Length	Description
`token.company_token`	alphanumeric	128	mandatory: The company token issued during the onboarding process
`token.transaction_token`	alphanumeric	128	mandatory: A unique one-time use transaction token that can be used for purchase or refund
`customer.reference`	alphanumeric	128	optional: An internal merchant’s reference number that can be generated by the merchant if required.
`customer.email`	alphanumeric	128	optional: The email address of the end customer
`customer.accepted_terms_conditions`	boolean	true/false	optional: Flag whether customer accepted terms and conditions on merchant’s website
`customer.ip_address`	alphanumeric	128	mandatory: The IP of the customer where the request originated
`customer.timezone`	alphanumeric	128	mandatory: The time zone of the server where the request originated e.g. Australia/Sydney
`customer.store_card_permisisons`	boolean	true/false	optional: true: MINT will create multi-use token and will include it in response (card.token). Subsequent purchases for same customer using same card can be done using card tokens rather than passing all card details again. missing or false: No card.token will be shared in response.
`customer.id`	alphanumeric	128	optional: Customer ID is the unique identifier for a customer not the merchant. Only useful if one customer uses multiple cards.
`customer.should_mint_apply_authentication`	boolean	true/false	optional: true: use 3DS missing or false: no 3DS
`customer.authentication_redirect_url`	alphanumeric	128	optional: Only mandatory if customer.should_mint_apply_authentication = true. Only used for 3DS. URL where to redirect after the card issuing bank performed the 3DS authentication. It should be merchant’s URL. Note: URL must be HTTPS.
`card.token`	alphanumeric	128	optional: either card token or card details needed. The card token of the previously tokenized card
`card.number`	number	19	optional: either card token or card details needed. The credit card number
`card.expiry_month`	number	2	Card expiry month
`card.expiry_year`	number	2	Card expiry year
`card.cvc`	string	4	Card CVC
`card.holder_name`	alphanumeric	128	The name of the cardholder
`purchase.invoice_number`	alphanumeric	128	optional: Merchant’s internal invoice number. Max 255 characters
`purchase.amount`	number	Numbers with maximum of 2 decimal digits.	mandatory: The amount of the purchase e.g. 112.99
`purchase.currency`	string	128	mandatory: The currency the purchase was made in, in ISO4217
`purchase.should_mint_apply_surcharge`	boolean	true/false	mandatory: true: Mint will calculate surcharge and add it on the base amount and that will become the total amount. missing or false: no surcharge will be calculated by Mint. This parameter can be passed as false when Merchants want to calculate surcharge on their end and will add a surcharge to the transaction. That way Mint will not calculate any extra surcharges to avoid double surcharging
`purchase.should_mint_apply_pre_authorisation`	boolean	true/false	mandatory: true: MINT will create pre-authorisation transaction (hold the fund) which can be captured later. Transaction will result in status PRE_AUTHORISED. false: Purchase transaction will be completed and will result in status - APPROVED.

Response

Name	Type	Description
`card.token`	string	The unique card token that can be used for subsequent purchases
`card.multi_use`	boolean	If in request customer.store_card_permission is true then multi_use will be true else false. This boolean flag tells whether same token can be used for a number of purchases. If multi-use is false then the token can be used for one purchase only.
`card.number`	string	A partially obfuscated credit card number
`card.expiry_month`	string	Card expiry month
`card.expiry_year`	string	Card expiry year
`card.holder_name`	string	Name of the cardholder
`card.brand`	string	The brand of the used credit card. Could be VISA, AMEX, MASTERCARD
`card.funding`	string	debit or credit
`card.country`	string	The country that issued the credit card
`card.finger_print`	string	Unique identifier per card. Tokenizing same card will generate different card token but will keep fingerprint same. NOTE: Unlike card token, fingerprint cannot be used for purchase.
`customer.id`	string	Customer ID is the unique identifier for a customer not the merchant. Only useful if one customer uses multiple cards.
`customer.authentication_redirect_url`	string	Card Issuer URL for 3DS. Value will be passed if transaction is done via 3DS flow and purchase.status will be REQUIRES_AUTHENTICATION. Merchant should redirect end customer to this URL for 3DS authentication with card issuer.
`purchase.transaction_time_utc`	string	Timestamp when the transaction has been processed server-side in UTC
`purchase.status`	string	Status of the transaction. APPROVED, DECLINED, FAILED, REQUIRES_AUTHENTICATION (3DS only)
`purchase.purchase_reference`	string	Generated reference of the processed transaction. It may be empty in case of an error
`purchase.amount`	number	The amount of the processed transaction, excluding the surcharge
`purchase.surcharge_amount`	number	The applied surcharge of the transaction
`purchase.total_amount`	number	The total amount of the processed transaction, including the surcharge
`purchase.pre_authorised`	boolean	Whether purchase is pre-authorised or not.
`purchase.pre_authorised_amount`	string	Amount which is pre-authorised or kept on hold.
`purchase.currency`	string	The currency the purchase was made in, in ISO4217
`response_code`	string	Describes the outcome of the transaction
`response_message`	string	Describes the outcome of the transaction in more detail

Sample Request and Response

Request (application/json)

      {
              "token":
              {
                  "company_token": "DYu1j58asxIc380N6EHY1nyqN3oSyc1",
                  "transaction_token": "1f41ec36-4603-48a8-ba4d-e1a770faaceb"
              },
              "customer"
              :{
                  "reference":"987654321",
                  "email":"[email protected]",
                  "accepted_terms_conditions":"",
                  "ip_address": "123.123.1.123",
                  "timezone": "Australia/Sydney",
                  "store_card_permission":true,
                  "id": "",
                  "should_mint_apply_authentication": true,
                  "authentication_redirect_url": "https://www.google.com"

              },
              "card":
              {
                  "token": "",
                  "number": "4000002760003184",
                  "expiry_month": "02",
                  "expiry_year": "24",
                  "cvc": "123",
                  "holder_name": "John Doe"
              },
              "purchase":
              {
                  "invoice_number":"5234234-John-Doe",
                  "amount":100.50,
                  "should_mint_apply_surcharge":false,
                  "should_mint_apply_pre_authorisation":true,
                  "currency": "AUD"
              }
      }

Response 200 (application/json)

Body

  {
      "card": {
          "token": "4c87cd09-85f4-4188-838e-840b80db9b60",
          "multi_use": true,
          "number": "400000******3184",
          "expiry_month": "2",
          "expiry_year": "2024",
          "holder_name": "John Doe",
          "brand": "visa",
          "funding": "credit",
          "country": "DE"
      },
      "customer": {
          "id": "dc95a92c-46ac-44b0-b3ba-3a783ec3fd62",
          "authentication_redirect_url": "https://hooks.com/redirect/authenticate/src_1I7Dt4IbvF4Bu0q8ydZUSNNO?client_secret=src_client_secret_6LZRiHcKOlvDqR5Qkq4VIYwL"
      },
      "purchase": {
          "transaction_time_utc": null,
          "status": "REQUIRES_AUTHENTICATION",
          "purchase_reference": "763433087819768193",
          "amount": 100.5,
          "surcharge_amount": 0,
          "total_amount": null,
          "currency": "AUD",
          "pre_authorised": true,
          "currency": "AUD",
          "pre_authorised_amount": 100
      },
      "response_code": "success",
      "response_message": "Your request has been successfully processed."
  }

Capture [/purchase/{purchase_reference}/capture]

Resource /v5/purchase/{purchase_reference}/capture

Capture a pre-authorised purchase [POST]

The endpoint to be called in order to capture an amount of the transaction. The amount was previously locked by using the purchase endpoint with using the purchase.should_mint_apply_pre_authorisation flag set to true.

Note: the request must include an unused transaction token from the /v5/transaction_token endpoint.

Note: if the cancel/capture is not explicitly called the system will auto cancel the transaction after 7 days.

Parameters

Name	Type	Length	Description
`token.company_token`	alphanumeric	128	mandatory: The company token issued during the onboarding process
`token.transaction_token`	alphanumeric	128	mandatory: A unique one-time use transaction token that can be used for purchase or refund
`capture.amount`	alphanumeric	128	mandatory: The amount you want to capture. Could be less than pre-authorised amount but cannot go more than pre-authorised amount
`capture.currency`	alphanumeric	128	mandatory: The currency the purchase was made in, in ISO4217
`capture.should_mint_apply_surcharge`	boolean	true/false	optional: true: Mint will calculate surcharge and add it on the base amount and that will become the total amount. missing or false: no surcharge will be calculated by Mint. This parameter can be passed as false when Merchants want to calculate surcharge on their end and will add a surcharge to the transaction. That way Mint will not calculate any extra surcharges to avoid double surcharging
`metadata.channel`	alphanumeric	128	optional: The channel from which the request was initiated
`metadata.merchant_hash`	alphanumeric	128	optional: an HMACSHA256 hash from merchant

Response

Name	Type	Description
`card.token`	string	The unique card token that can be used for subsequent purchases
`card.multi_use`	boolean	If in request customer.store_card_permission is true then multi_use will be true else false. This boolean flag tells whether same token can be used for a number of purchases. If multi-use is false then the token can be used for one purchase only.
`card.number`	string	A partially obfuscated credit card number
`card.expiry_month`	string	Card expiry month
`card.expiry_year`	string	Card expiry year
`card.holder_name`	string	Name of the cardholder
`card.brand`	string	The brand of the used credit card. Could be VISA, AMEX, MASTERCARD
`card.funding`	string	debit or credit
`card.country`	string	The country that issued the credit card
`card.finger_print`	string	Unique identifier per card. Tokenizing same card will generate different card token but will keep fingerprint same. NOTE: Unlike card token, fingerprint cannot be used for purchase.
`customer.id`	string	Customer ID is the unique identifier for a customer not the merchant. Only useful if one customer uses multiple cards.
`customer.authentication_redirect_url`	string	Card Issuer URL for 3DS. Value will be passed if transaction is done via 3DS flow and purchase.status will be REQUIRES_AUTHENTICATION. Merchant should redirect end customer to this URL for 3DS authentication with card issuer.
`purchase.transaction_time_utc`	string	Timestamp when the transaction has been processed server-side in UTC
`purchase.status`	string	Status of the transaction. APPROVED, DECLINED, FAILED, REQUIRES_AUTHENTICATION (3DS only)
`purchase.purchase_reference`	string	Generated reference of the processed transaction. It may be empty in case of an error
`purchase.amount`	number	The amount of the processed transaction, excluding the surcharge
`purchase.surcharge_amount`	number	The applied surcharge of the transaction
`purchase.total_amount`	number	The total amount of the processed transaction, including the surcharge
`purchase.pre_authorised`	boolean	Whether purchase is pre-authorised or not.
`purchase.pre_authorised_amount`	string	Amount which is pre-authorised or kept on hold.
`purchase.currency`	string	The currency the purchase was made in, in ISO4217
`response_code`	string	Describes the outcome of the transaction
`response_message`	string	Describes the outcome of the transaction in more detail

Sample Request and Response

Request (application/json)

      {
          "token": {
            "company_token": "DYu1j58asxIc380N6EHY1nyqN3oSyc1",
            "transaction_token": "1f41ec36-4603-48a8-ba4d-e1a770faaceb"
          },
          "capture": {
              "amount":100.50,
              "currency":AUD,
              "should_mint_apply_surcharge": false
          },
          "metadata": {
              "channel": "API"
              "merchant_hash": "qnR8DKqJggD55PohusdffaBNviGoOJ67HC6Btry4qKSKJDZc="
      
          }
      }

Response 200 (application/json)

Body

  {
      "card": {
          "token": "4c87cd09-85f4-4188-838e-840b80db9b60",
          "multi_use": true,
          "number": "400000******3184",
          "expiry_month": "2",
          "expiry_year": "2024",
          "holder_name": "John Doe",
          "brand": "visa",
          "funding": "credit",
          "country": "DE"
      },
      "customer": {
          "id": "dc95a92c-46ac-44b0-b3ba-3a783ec3fd62",
          "authentication_redirect_url": "https://hooks.com/redirect/authenticate/src_1I7Dt4IbvF4Bu0q8ydZUSNNO?client_secret=src_client_secret_6LZRiHcKOlvDqR5Qkq4VIYwL"
      },
      "purchase": {
          "transaction_time_utc": null,
          "status": "REQUIRES_AUTHENTICATION",
          "purchase_reference": "763433087819768193",
          "amount": 100.5,
          "surcharge_amount": 0,
          "total_amount": null,
          "currency": "AUD",
          "pre_authorised": true,
          "currency": "AUD",
          "pre_authorised_amount": 100
      },
      "response_code": "success",
      "response_message": "Your request has been successfully processed."
  }

Cancel [/purchase/{purchase_reference}/cancel]

Resource /v5/purchase/{purchase_reference}/cancel

Cancel a pre-authorised purchase [POST]

The endpoint to be called in order to cancel the previously locked amount during the call of the purchase endpoint with using the purchase.should_mint_apply_pre_authorisation flag set to true.

Note: the request must include an unused transaction token from the /v5/transaction_token endpoint.

Note: if the cancel/capture is not explicitly called the system will auto cancel the transaction after 7 days.

Parameters

Name	Type	Length	Description
`token.company_token`	alphanumeric	128	mandatory: The company token issued during the onboarding process
`token.transaction_token`	alphanumeric	128	mandatory: A unique one-time use transaction token that can be used for purchase or refund
`metadata.channel`	alphanumeric	128	optional: The channel from which the request was initiated
`metadata.merchant_hash`	alphanumeric	128	optional: an HMACSHA256 hash from merchant

Response

Name	Type	Description
`card.token`	string	The unique card token that can be used for subsequent purchases
`card.multi_use`	boolean	If in request customer.store_card_permission is true then multi_use will be true else false. This boolean flag tells whether the same token can be used for a number of purchases. If multi-use is false then the token can be used for one purchase only.
`card.number`	string	A partially obfuscated credit card number
`card.expiry_month`	string	Card expiry month
`card.expiry_year`	string	Card expiry year
`card.holder_name`	string	Name of the cardholder
`card.brand`	string	The brand of the used credit card. Could be VISA, AMEX, MASTERCARD
`card.funding`	string	debit or credit
`card.country`	string	The country that issued the credit card
`card.finger_print`	string	Unique identifier per card. Tokenizing the same card will generate a different card token but will keep the fingerprint the same. NOTE: Unlike card token, fingerprint cannot be used for purchase.
`customer.id`	string	Customer ID is the unique identifier for a customer not the merchant. Only useful if one customer uses multiple cards.
`customer.authentication_redirect_url`	string	Card Issuer URL for 3DS. Value will be passed if the transaction is done via 3DS flow and purchase.status will be REQUIRES_AUTHENTICATION. Merchant should redirect end customer to this URL for 3DS authentication with card issuer.
`purchase.transaction_time_utc`	string	Timestamp when the transaction has been processed server-side in UTC
`purchase.status`	string	Status of the transaction. APPROVED, DECLINED, FAILED, REQUIRES_AUTHENTICATION (3DS only)
`purchase.purchase_reference`	string	Generated reference of the processed transaction. It may be empty in case of an error
`purchase.amount`	number	The amount of the processed transaction, excluding the surcharge
`purchase.surcharge_amount`	number	The applied surcharge of the transaction
`purchase.total_amount`	number	The total amount of the processed transaction, including the surcharge
`purchase.pre_authorised`	boolean	Whether the purchase is pre-authorised or not.
`purchase.pre_authorised_amount`	string	Amount which is pre-authorised or kept on hold.
`purchase.currency`	string	The currency the purchase was made in, in ISO4217
`response_code`	string	Describes the outcome of the transaction
`response_message`	string	Describes the outcome of the transaction in more detail

Sample Request and Response

Request (application/json)

      {
          "token": {
            "company_token": "DYu1j58asxIc380N6EHY1nyqN3oSyc1",
            "transaction_token": "1f41ec36-4603-48a8-ba4d-e1a770faaceb"
          },
          "metadata": {
              "channel": "API"
              "merchant_hash": "qnR8DKqJggD55PohusdffaBNviGoOJ67HC6Btry4qKSKJDZc="
      
          }
      }

Response 200 (application/json)

Body

  {
      "card": {
          "token": "4c87cd09-85f4-4188-838e-840b80db9b60",
          "multi_use": true,
          "number": "400000******3184",
          "expiry_month": "2",
          "expiry_year": "2024",
          "holder_name": "John Doe",
          "brand": "visa",
          "funding": "credit",
          "country": "DE"
      },
      "customer": {
          "id": "dc95a92c-46ac-44b0-b3ba-3a783ec3fd62",
          "authentication_redirect_url": "https://hooks.com/redirect/authenticate/src_1I7Dt4IbvF4Bu0q8ydZUSNNO?client_secret=src_client_secret_6LZRiHcKOlvDqR5Qkq4VIYwL"
      },
      "purchase": {
          "transaction_time_utc": null,
          "status": "REQUIRES_AUTHENTICATION",
          "purchase_reference": "763433087819768193",
          "amount": 100.5,
          "surcharge_amount": 0,
          "total_amount": null,
          "currency": "AUD",
          "pre_authorised": true,
          "currency": "AUD",
          "pre_authorised_amount": 100
      },
      "response_code": "success",
      "response_message": "Your request has been successfully processed."
  }

Surcharge [/surcharge]

Resource /v5/surcharge

Get Surcharge [POST]

Calling ‘surcharge’ endpoint is optional. If your payment workflow supports showing the surcharges to the customer before processing the payment you can call the endpoint. The response will contain all additional fees and extra charges that will be added to the total costs of the transaction.

If your payment process does not accommodate that step you might directly call the ‘purchase’ and skip ‘surcharge'

Parameters

Name	Type	Length	Description
`card.token`	alphanumeric	128	optional: ⚠️ either card token or card details needed. The card token of the previously tokenized card
`card.number`	Number	19	optional: ⚠️ either card token or card details needed. The credit card number
`card.expiry_month`	Number	2	Card expiry month
`card.expiry_year`	Number	2	Card expiry year
`card.cvc`	Number	4	CVC
`card.holder_name`	alphanumeric	128	Name of the card holder
`amount`	number	Numbers with maximum of 2 decimal digits.	mandatory: The amount of the purchase e.g. 100.25
`currency`	string	128	mandatory: The currency of the surcharge in ISO4217
`token.company`	alphanumeric	128	mandatory: The company token issued during the onboarding process

Return

Name	Type	Description
`card.brand`	string	The brand of the used credit card. Could be VISA, AMEX, MASTERCARD
`card.funding`	string	Debit or credit
`card.country`	string	The country that issued the credit card
`surcharge.amount`	number	The surcharge amount that will be applied by Mint if the transaction will be processed
`surcharge.percent`	number	The percentage value of the full amount the surcharge is calculated in
`surcharge.currency`	string	The currency the surcharge is calculated in, in ISO4217
`response_code`	string	Describes the outcome of the transaction
`response_message`	string	Describes the outcome of the transaction in more detail

Request (application/json)

      { 
          "token": { 
                  "company": "DYu1j58asxIc380N6EHY1nyqN3oSyc1"
              }, 
              "card": { 
                  "token": "", 
                  "number": "4111111111111111", 
                  "expiry_month": "02", 
                  "expiry_year": "22", 
                  "cvc": "123", 
                  "holder_name": "Joe Doe" 
              },
              "amount": 2000000, 
              "currency": "AUD" 
      }

Response 200 (application/json)

Body

  { 
      "card": { 
                  "brand": "visa", 
                  "funding": "credit",
                  "country": "US" 
              }, 
      "surcharge": { 
                  "amount": 20000, 
                  "percent": 1, 
                  "currency": "AUD" 
              }, 
      "response_code": "success", 
      "response_message": "Your request has been successfully processed." 
  }

Refund [/{purchase_reference}/refund]

Resource /v5/purchase/{purchase_reference}/refund

Post a Refund Request [POST]

That the endpoint to be called in order to process a refund. mPay supports partial refunds. If the total transaction amount was 100 AUD and the ‘refund’ is initiated with the amount of 70 AUD that automatically constitute as a partial refund of 70 AUD of the original transaction.

Note: the request must hold a valid session token.

Parameters

Name	Type	Length	Description
`token.transaction_token`	alphanumeric	128	mandatory: A unique one-time use transaction token that can be used for purchase or refund
`token.company_token`	alphanumeric	128	mandatory: The company token issued during the onboarding process
`customer.customer_reference`	alphanumeric	128	optional: An internal merchant’s reference number that can be generated by the merchant if required
`customer.ip_address`	alphanumeric	128	mandatory: The IP of the customer where the request originated
`customer.timezone`	alphanumeric	128	mandatory: The timezone of the server where the request originated e.g. Australia/Sydney
`refund.invoice_number`	alphanumeric	128	optional: Merchant’s internal invoice number. Max 255 characters
`refund.amount`	number	Numbers with maximum of 2 decimal digits	mandatory: The amount of the refund e.g. 194.57
`refund.currency`	string	128	mandatory: The currency of the refund in ISO4217

Response

Name	Type	Description
`card.brand`	string	The brand of the used card. Could be VISA, AMEX, MASTERCARD
`card.funding`	string	The funding type of the card. i.e debit, credit
`card.country`	string	The country that issued the credit card
`card.number`	string	A partially obfuscated credit card number
`card.holder_name`	string	Name of the cardholder
`refund.transaction_time_utc`	date time	Timestamp when the transaction has been processed server-side in UTC
`refund.status`	string	Status of the transaction. APPROVED, DECLINED, FAILED
`refund.purchase_reference`	string	Generated reference of the processed transaction. It will be empty in case of an error
`refund.refund_reference`	string	Generated reference for the refund transaction. It will be empty in case of an error
`refund.amount`	number	The amount of the processed transaction, excluding the surcharge
`refund.currency`	string	The currency of the refund in ISO4217
`response_code`	string	Describes the outcome of the transaction
`response_message`	string	Describes the outcome of the transaction in more detail

Request (application/json)

      {
        "token": {
          "company_token": "7qmtV8nn621vX5ptbUbFGUXj6EF",
          "transaction_token": "d0759318-610b-447b-b63d-01754ddfc6be"
        },
        "customer": {
          "customer_reference": "string",
          "ip_address": "191.167.1.1",
          "timezone": "Australia/Sydney"
        },
        "refund": {
          "invoice_number": "13412543454",
          "amount": 194.57,
          "currency": "AUD"
        }
      }

Response 200 (application/json)

Body

  {
      "card": {
      "brand": "mastercard",
      "funding": "credit",
      "country": "AU",
      "number": "555555******4444",
      "holder_name": "John Doe"
  },
      "refund": {
      "transaction_time_utc": "2020-03-04 00:48:04 AM",
      "status": "APPROVED",
      "purchase_reference": "296385238372043411",
      "refund_reference": "9945464569564347",
      "amount": 110.2,
      "currency": "AUD"
      },
      "response_code": "success",
      "response_message": "Your request has been successfully processed."
  }

Transaction Status [/purchase/{invoicenumber}]

Resource /v5/purchase/{invoice_number|purchase_reference}

Inquire for Transaction Status [POST]

That the endpoints to be called in order to retrieve the status of the transaction either a purchase or a refund.

To get the status of a purchase use:

https://secure-uatsb.mintpayments.net/mpay/v5/purchase/{invoice_number|purchase_reference}

To get the status of a refund use :

https://secure-uatsb.mintpayments.net/mpay/v5/refund/{invoice_number|purchase_reference}

Both endpoints will accept either customer’s generated invoice number or Mint’s generated purchase reference returned in the response upon successful transaction. It is at API caller’s discretion what to use. Customer’s invoice number is a value chosen by the customer. It needs to be passed as an input parameter while calling purchase endpoint purchase.invoice_numberor calling refund refund.invoice_number

Parameters

Name	Type	Length	Description
`company_token`	alphanumeric	128	mandatory: The company token issued during the onboarding process

Responses

Name	Type	Description
`transaction_time_utc`	string	Timestamp when the transaction has been processed server-side in UTC
`status`	string	Status of the transaction. APPROVED, DECLINED, FAILED, REQUIRES_AUTHENTICATION (3DS only)
`amount`	number	The amount of the processed transaction, including the surcharge (if any)
`currency`	string	The currency the transaction was made in, in ISO4217
`response_code`	string	Describes the outcome of the transaction
`response_message`	string	Describes the outcome of the transaction in more detail

Request (application/json)

      {
          "company_token": "7qmtV8nn621vX5ptbUbFGUXj6EFzQbB"
      }

Response 200 (application/json)

Body

  {
      "transaction_time_utc": "2021-01-08 06:13:18 AM",
      "status": "APPROVED",
      "amount": 100.5,
      "currency": "AUD"
      "response_code": "success",
      "response_message": "Your request has been successfully processed."
  }

3DS Redirect [/purchase/{invoicenumber}/3dsredirect]

Resource /v5/purchase/[purchase reference]/3dsredirect

3DS Redirect [POST]

That the endpoint to be called only if 3DS functionality is required. The endpoint will return a URL to where to redirect after the card issuing bank processed the 3DS validation.

Parameters

Name	Type	Length	Description
`company_token`	alphanumeric	128	mandatory: The company token issued during the onboarding process

Responses

Name	Type	Description
`card.token`	string	The unique card token that can be used for subsequent purchases
`card.multi_use`	boolean	Returns the value that was passed while tokenizing the card. This boolean flag tells whether the same token can be used for a number of purchases. If multi-use is false then the token can be used for one purchase only.
`card.number`	string	A partially obfuscated credit card number
`card.expiry_month`	string	Card expiry month
`card.expiry_year`	string	Card expiry year
`card.holder_name`	string	Name of the cardholder
`card.brand`	string	The brand of the used credit card. Could be VISA, AMEX, MASTERCARD
`card.funding`	string	Debit or credit
`card.country`	string	The country that issued the credit card
`card.finger_print`	string	Unique identifier per card. Tokenizing the same card will generate a different card token but will keep the fingerprint the same. NOTE: Unlike card token, fingerprint cannot be used for purchase.
`customer.id`	string	Customer ID is the unique identifier for a customer not the merchant. Only useful if one customer uses multiple cards.
`customer.authentication_redirect_url`	string	Card Issuer URL for 3DS. Value will be passed if the transaction is done via 3DS flow and purchase.status will be REQUIRES_AUTHENTICATION. Merchant should redirect end customer to this URL for 3DS authentication with card issuer.
`purchase.transaction_time_utc`	string	Timestamp when the transaction has been processed server-side in UTC
`purchase.status`	string	Status of the transaction. APPROVED, DECLINED, FAILED, REQUIRES_AUTHENTICATION (3DS only)
`purchase.purchase_reference`	string	Generated reference of the processed transaction. It may be empty in case of an error
`purchase.amount`	number	The amount of the processed transaction, excluding the surcharge
`purchase.surcharge_amount`	number	The applied surcharge of the transaction
`purchase.total_amount`	number	The total amount of the processed transaction, including the surcharge
`purchase.pre_authorised`	boolean	Whether the purchase is pre-authorised or not.
`purchase.pre_authorised_amount`	number	Amount which is pre-authorised or kept on hold.
`purchase.currency`	string	The currency the purchase was made in, in ISO4217
`response_code`	string	Describes the outcome of the transaction
`response_message`	string	Describes the outcome of the transaction in more detail

Request (application/json)

  {
      "company_token": "7qmtV8nn621vX5ptbUbFGUXj6EFzQbB",
  }

Response 200 (application/json)

  {
      "card": {
          "token": "f31c96dd-6f5b-48f0-8e89-bc3b940bd642",
          "multi_use": true,
          "number": "400000******3063",
          "expiry_month": "2",
          "expiry_year": "2024",
          "holder_name": "John Doe",
          "brand": "visa",
          "funding": "credit",
          "country": "US",
          "finger_print": "VIRzpEizOBocw86X"
      },
      "customer": {
          "id": "1773b8af-ad0d-4f64-a89a-43f361c52416",
          "authentication_redirect_url": null
      },
      "purchase": {
          "transaction_time_utc": "2021-04-30 04:32:19 AM",
          "status": "PRE_AUTHORISED",
          "purchase_reference": "611541411973204737",
          "amount": 100,
          "surcharge_amount": 0,
          "total_amount": 100,
          "pre_authorised": true,
          "currency": "AUD",
          "pre_authorised_amount": 100
      },
      "response_code": "success",
      "response_message": "Your request has been successfully processed."
  }

Invalidate Card Token [/invalidate_card_token]

Resource /v5/invalidate_card_token

Request Invalidate Card[POST]

This endpoint will invalidate the token. Once the token has been invalidated it cannot be reused or activated anymore. The card needs to be tokenized again in order to obtain a new token

Parameters

Name	Type	Length	Description
`company_token`	alphanumeric	128	mandatory: The company token issued during the onboarding process
`card_token`	alphanumeric	128	mandatory: The unique card token that can be used for subsequent purchases

Returns

Name	Type	Description
`card_token`	string	The unique card token that can be used for subsequent purchases
`card.number`	string	The credit card number
`card.expiry_month`	string	Card expiry month
`card.expiry_year`	string	Card expiry year
`response_code`	string	Describes the outcome of the transaction
`response_message`	string	Describes the outcome of the transaction in more detail

Request (application/json)

      {
          "company_token": "OzplYMVIART0Kr8Oc1Lde0qQ8ABCDEF",
          ”card_token”: “fe687160-cba6-480c-bd70-c81ff19f8aff“
      }

Response 200 (application/json)

Body

  {
      "card_token": “fe687160-cba6-480c-bd70-c81ff19f8aff“,
      "card": {
          "number": "424242******4242"
          "expiry_month": "02",
          "expiry_year": "2022"
      }, 
      "response_code": "success",
      "response_message": "Your request has been successfully processed."  
  }

Invalidate Card [/invalidate_card]

Resource /v5/invalidate_card

Invalidate Card Token[POST]

This endpoint will invalidate the token. Once the token has been invalidated it cannot be reused or activated anymore. The card needs to be tokenized again in order to obtain a new token

Parameters

Name	Type	Length	Description
`company_token`	alphanumeric	128	mandatory: The company token issued during the onboarding process
`card_token`	alphanumeric	128	mandatory: The unique card token that can be used for subsequent purchases

Results

Name	Type	Description
`card_token`	string	The unique card token that can be used for subsequent purchases
`card.number`	string	The credit card number
`card.expiry_month`	string	Card expiry month
`card.expiry_year`	string	Card expiry year
`response_code`	string	Describes the outcome of the transaction
`response_message`	string	Describes the outcome of the transaction in more detail

Request (application/json)

      {
          "company_token": "OzplYMVIART0Kr8Oc1Lde0qQ8ABCDEF",
          "card_token": "fe687160-cba6-480c-bd70-c81ff19f8aff"
      }

Response 200 (application/json)

Body

  {
      ”card_token”: “fe687160-cba6-480c-bd70-c81ff19f8aff“,
      "card": {
          "number": "424242******4242"
          "expiry_month": "02",
          "expiry_year": "2022"
      }, 
      "response_code": "success",
      "response_message": "Your request has been successfully processed."  
  }

Card [/card]

Resource /v5/card

Card [POST]

This endpoint will return card data associated with the token.

Parameters

Name	Type	Length	Description
`card_token`	alphanumeric	128	mandatory: The unique card token that can be used for subsequent purchases
`company_token`	alphanumeric	128	mandatory: The company token issued during the onboarding process

Returns

Name	Type	Description
`card_token`	string	The unique card token that can be used for subsequent purchases
`multi_use`	boolean	If in input request store_card_permission is true then multi_use will be true else false. This boolean flag tells whether the same token can be used for a number of purchases. If multi-use is false then the token can be used for one purchase only.
`created_timestamp_utc`	string	Timestamp of the creation of the token
`card.number`	string	The credit card number
`card.expiry_month`	string	Card expiry month
`card.expiry_year`	string	Card expiry year
`card.holder_name`	string	The name of the card holder
`card.funding`	string	Debit or credit
`card.country`	string	The country that issued the credit card
`card.brand`	string	The brand of the used credit card. Could be VISA, AMEX, MASTERCARD
`customer.id`	string	Customer ID is the identifier for a customer. Business use - One customer can have multiple cards / card tokens. If it's a multi-use token and card token is not invalidated then the corresponding customer ID will be passed.

Request (application/json)

     {
         ”card_token”: “ab123456-abc4-123a-ab12-a12bb34c5def“,
         ”company_token”: “OzplYMVIART0Kr8Oc1Lde0qQ8ABCDEF“
     }

Response 200 (application/json)

Body

  {
      "card_token": "ab123456-abc4-123a-ab12-a12bb34c5def",
      "multi_use": "true",
      "created_timestamp_utc": "2020-03-26 02:08:38 AM",
      "card": {
          "number": "424242******4242"
          "expiry_month": "02",
          "expiry_year": "22",
          "holder_name": "John Doe",
          "funding": "credit"
          "country": "US",
          "brand": "visa"
      },
      "customer": {
          "id": "bc234567-bcd5-234b-bc23-b23cc45d6efg"
      }
  }

Tokenize Card [/tokenize_card]

Resource /v5/tokenize_card

Create token for credit / debit card with finger print functionality [POST]

That call to this endpoint will tokenize the credit card and store the card data securely in the vault. The returned token needs to be store on customer’s end for further use. Upon successful tokenization, all subsequent purchases can be done passing the card token instead the real card data.

Parameters

Name	Type	Length	Description
`card.number`	number	19	optional: either card token or card details needed. The credit card number
`card.expiry_month`	number	2	Card expiry month
`card.expiry_year`	number	2	Card expiry year
`card.cvc`	string	4	Card CVC
`card.holder_name`	alphanumeric	128	The name of the card holder
`customer.store_card_permisison`	boolean	true/false	optional: true: MINT will create multi-use token and will include it in response (card.token). Subsequent purchases for same customer using same card can be done using card tokens rather than passing all card details again. missing or false: No card.token will be shared in response.
`customer.id`	alphanumeric	128	optional: Customer ID is the unique identifier for a customer not the merchant. Only useful if one customer uses multiple cards.
`company_token`	alphanumeric	128	mandatory: The company token issued during the onboarding process

Response

Name	Type	Description
`card.token`	string	The unique card token that can be used for subsequent purchases
`card.multi_use`	boolean	If in request customer.store_card_permission is true then multi_use will be true else false. This boolean flag tells whether the same token can be used for a number of purchases. If multi-use is false then the token can be used for one purchase only.
`card.number`	string	A partially obfuscated credit card number
`card.expiry_month`	string	Card expiry month
`card.expiry_year`	string	Card expiry year
`card.holder_name`	string	Name of the cardholder
`card.brand`	string	The brand of the used credit card. Could be VISA, AMEX, MASTERCARD
`card.funding`	string	Debit or credit
`card.country`	string	The country that issued the credit card
`card.finger_print`	string	Unique identifier per card. Tokenizing the same card will generate a different card token but will keep the fingerprint the same. NOTE: Unlike card token, fingerprint cannot be used for purchase.
`customer.id`	string	Customer ID is the unique identifier for a customer not the merchant. Only useful if one customer uses multiple cards.
`customer.authentication_redirect_url`	string	Card Issuer URL for 3DS. Value will be passed if the transaction is done via 3DS flow and purchase.status will be REQUIRES_AUTHENTICATION. Merchant should redirect end customer to this URL for 3DS authentication with card issuer.
`purchase.transaction_time_utc`	string	Timestamp when the transaction has been processed server-side in UTC
`purchase.status`	string	Status of the transaction. APPROVED, DECLINED, FAILED, REQUIRES_AUTHENTICATION (3DS only)
`purchase.purchase_reference`	string	Generated reference of the processed transaction. It may be empty in case of an error
`purchase.amount`	number	The amount of the processed transaction, excluding the surcharge
`purchase.surcharge_amount`	number	The applied surcharge of the transaction
`purchase.total_amount`	number	The total amount of the processed transaction, including the surcharge
`purchase.pre_authorised`	boolean	Whether the purchase is pre-authorised or not.
`purchase.pre_authorised_amount`	string	Amount which is pre-authorised or kept on hold.
`purchase.currency`	string	The currency the purchase was made in, in ISO4217
`response_code`	string	Describes the outcome of the transaction
`response_message`	string	Describes the outcome of the transaction in more detail

Sample Request and Response

Request (application/json)

      {
              "card":
              {
                  "token": "",
                  "number": "4000002760003184",
                  "expiry_month": "02",
                  "expiry_year": "24",
                  "cvc": "123",
                  "holder_name": "John Doe"
              },
              "customer":
              {
                  "store_card_permisison":"987654321",
                  "id": true,

              },
              "company_token": "DYu1j58asxIc380N6EHY1nyqN3oSyc1",
      }

Response 200 (application/json)

Body

  {
      "card": {
          "token": "4c87cd09-85f4-4188-838e-840b80db9b60",
          "multi_use": true,
          "number": "400000******3184",
          "expiry_month": "2",
          "expiry_year": "2024",
          "holder_name": "John Doe",
          "brand": "visa",
          "funding": "credit",
          "country": "DE"
      },
      "customer": {
          "id": "dc95a92c-46ac-44b0-b3ba-3a783ec3fd62",
          "authentication_redirect_url": "https://hooks.com/redirect/authenticate/src_1I7Dt4IbvF4Bu0q8ydZUSNNO?client_secret=src_client_secret_6LZRiHcKOlvDqR5Qkq4VIYwL"
      },
      "purchase": {
          "transaction_time_utc": null,
          "status": "REQUIRES_AUTHENTICATION",
          "purchase_reference": "763433087819768193",
          "amount": 100.5,
          "surcharge_amount": 0,
          "total_amount": null,
          "currency": "AUD",
          "pre_authorised": true,
          "currency": "AUD",
          "pre_authorised_amount": 100
      },
      "response_code": "success",
      "response_message": "Your request has been successfully processed."
  }

Direct Debit [/direct_debit]

Resource /v5/direct_debit

Initiate a Direct Debit Purchase transaction [POST]

That is the endpoint to be called in order to initiate a direct debit.

Note: the request must hold a valid session token.

Parameters

Name	Type	Length	Description
`token.company_token`	alphanumeric	128	mandatory: The company token issued during the onboarding process
`token.transaction_token`	alphanumeric	128	mandatory: A unique one-time use transaction token that can be used for purchase or refund
`bank_account.number`	alphanumeric	128	mandatory: Bank account number
`bank_account.holder_name`	alphanumeric	128	mandatory: Bank account holder name
`bank_account.bsb`	alphanumeric	128	mandatory: Bank account bsb
`customer.customer_reference`	alphanumeric	128	optional: An internal merchant’s reference number that can be generated by the merchant if required.
`customer.customer_email`	alphanumeric	128	optional: The email address of the end customer
`customer.accepted_terms_conditions`	boolean	true/false	optional: Flag whether customer accepted terms and conditions on merchant’s website
`customer.ip_address`	alphanumeric	128	mandatory: The IP of the customer where the request originated
`customer.timezone`	alphanumeric	128	mandatory: The time zone of the server where the request originated e.g. Australia/Sydney
`customer.user_agent`	boolean	true/false	optional: true: MINT will create multi-use token and will include it in response (card.token). Subsequent purchases for same customer using the same card can be done using card tokens rather than passing all card details again. missing or false: No card.token will be shared in response.
`purchase.invoice_number`	alphanumeric	128	optional: Merchant’s internal invoice number. Max 255 characters
`purchase.amount`	number	Numbers with maximum of 2 decimal digits	mandatory: The amount of the purchase e.g. 112.99
`purchase.currency`	string	128	mandatory: The currency the purchase was made in, in ISO4217
`purchase.should_mint_apply_fee`	boolean	true/false	mandatory: true: Mint will calculate surcharge and add it on the base amount and that will become the total amount. missing or false: no surcharge will be calculated by Mint. This parameter can be passed as false when Merchants want to calculate surcharge on their end and will add a surcharge to the transaction. That way Mint will not calculate any extra surcharges to avoid double surcharging
`metadata.channel`	alphanumeric	128	optional: The channel from which the request was initiated
`metadata.merchant_hash`	alphanumeric	128	optional: an HMACSHA256 hash from merchant

Response

Name	Type	Description
`bank_account.number`	string	A partially obfuscated bank account number
`bank_account.holder_name`	string	Name of the bank account holder
`bank_account.bsb`	string	The bsb of the bank account used for transaction
`purchase.transaction_time_utc`	string	Timestamp when the transaction has been processed server-side in UTC
`purchase.status`	string	Status of the transaction. APPROVED, DECLINED, FAILED, REQUIRES_AUTHENTICATION (3DS only)
`purchase.purchase_reference`	string	Generated reference of the processed transaction. It may be empty in case of an error
`purchase.amount`	number	The amount of the processed transaction, excluding the surcharge
`purchase.fee_amount`	number	The applied surcharge of the transaction
`purchase.total_amount`	number	The total amount of the processed transaction, including the surcharge
`purchase.currency`	string	The currency the purchase was made in, in ISO4217
`response_code`	string	Describes the outcome of the transaction
`response_message`	string	Describes the outcome of the transaction in more detail

Sample Request and Response

Request (application/json)

      {
        "token": {
            "company_token": "7qmtV8nn621vX5ptbUbFGUXj6EF",
            "transaction_token": "d0759318-610b-447b-b63d-01754ddfc6be"
        },
        "bank_account": {
            "number": "555555******4444",
            "holder_name": "John Doe",
            "bsb": "123456"
        },
        "customer": {
            "customer_reference": "987654321",
            "customer_email": "[email protected]",
            "accepted_terms_conditions": "",
            "ip_address": "123.123.1.123",
            "timezone": "Australia/Sydney",
            "user_agent": "Mozilla/Firefox"
        },
        "purchase": {
            "invoice_number": "5234234-John-Doe",
            "amount": 100.50,
            "currency": "AUD",
            "should_mint_apply_fee": false,
            "should_mint_apply_pre_authorisation": true
        },
        "metadata": {
            "channel": "API",
            "merchant_hash": "qnR8DKqJggD55PohusdffaBNviGoOJ67HC6Btry4qKSKJDZc="
        }
      }

Response 200 (application/json)

Body

  {
    "card": {
        "number": "400000******3184",
        "holder_name": "John Doe",
        "bsb": "123456"
    },
    "purchase": {
        "transaction_time_utc": null,
        "status": "REQUIRES_AUTHENTICATION",
        "purchase_reference": "763433087819768193",
        "amount": 100.5,
        "fee_amount": 0,
        "total_amount": null,
        "currency": "AUD",
        "currency": "AUD"
    },
    "response_code": "success",
    "response_message": "Your request has been successfully processed."
  }

Direct Debit Fee [/direct_debit_fee]

Resource /v5/direct_debit_fee

Get Direct Debit Fee that applies to a direct debit transaction [POST]

That is the endpoint to be called in order to get direct debit fee that applies to a direct debit transaction.

Note: the request must hold a valid session token.

Parameters

Name	Type	Length	Description
`purchase.amount`	number	Numbers with maximum of 2 decimal digits	mandatory: The amount of the purchase e.g. 112.99
`purchase.currency`	string	128	mandatory: The currency the purchase was made in, in ISO4217
`token.company_token`	alphanumeric	128	mandatory: The company token issued during the onboarding process

Response

Name	Type	Description
`fee.total_amount`	double	Total amount
`fee.amount`	double	Direct debit fee amount
`fee.fee_percent`	double	Percentage with which direct debit fee calculation is based
`fee.fee_fixed`	double	Direct debit fee fixed
`fee.fee_capped`	double	Direct debit fee capped
`fee.currency`	string	Currency of Amount
`response_code`	string	Describes the outcome of the transaction
`response_message`	string	Describes the outcome of the transaction in more detail

Sample Request and Response

Request (application/json)

      {
        "token": {
          "company_token": "7qmtV8nn621vX5ptbUbFGUXj6EF",
        },
        "purchase": {
        "amount": 100.50,
        "currency": "AUD",
        }
      }

Response 200 (application/json)

Body

  {
    "fee": {
      "total_amount": 0.0,
      "amount": 0.0,
      "fee_percent": 0.0,
      "fee_fixed": 0.0,
      "fee_capped": 0.0,
      "currency": "USD"
    },
    "response_code": "success",
    "response_message": "Your request has been successfully processed."
  }

Direct Debit Refund [/direct_debit/{purchase_reference}/refund]

Resource /v5/direct_debit/{purchase_reference}/refund

Initiate a Direct Debit Refund transaction [POST]

That is the endpoint to be called in order to initiate a direct debit refund transaction

Note: the request must hold a valid session token.

Parameters

Name	Type	Length	Description
`token.company_token`	alphanumeric	128	mandatory: The company token issued during the onboarding process
`token.transaction_token`	alphanumeric	128	mandatory: A unique one-time use transaction token that can be used for purchase or refund
`customer.customer_reference`	alphanumeric	128	optional: An internal merchant’s reference number that can be generated by the merchant if required.
`customer.customer_email`	alphanumeric	128	optional: The email address of the end customer
`customer.accepted_terms_conditions`	boolean	true/false	optional: Flag whether customer accepted terms and conditions on merchant’s website
`customer.ip_address`	alphanumeric	128	mandatory: The IP of the customer where the request originated
`customer.timezone`	alphanumeric	128	mandatory: The time zone of the server where the request originated e.g. Australia/Sydney
`customer.user_agent`	boolean	true/false	optional: true: MINT will create multi-use token and will include it in response (card.token). Subsequent purchases for same customer using the same card can be done using card tokens rather than passing all card details again. missing or false: No card.token will be shared in response.
`refund.invoice_number`	alphanumeric	128	optional: Merchant’s internal invoice number. Max 255 characters
`refund.amount`	number	Numbers with maximum of 2 decimal digits	mandatory: The amount of the purchase e.g. 112.99
`refund.currency`	string	128	mandatory: The currency the purchase was made in, in ISO4217
`metadata.channel`	alphanumeric	128	optional: The channel from which the request was initiated
`metadata.merchant_hash`	alphanumeric	128	optional: an HMACSHA256 hash from merchant

Response

Name	Type	Description
`bank_account.number`	string	A partially obfuscated credit card number
`bank_account.holder_name`	string	Name of the cardholder
`bank_account.bsb`	string	The bsb of the bank account used for transaction
`refund.status`	string	Status of the transaction. APPROVED, DECLINED, FAILED, REQUIRES_AUTHENTICATION (3DS only)
`refund.transaction_time_utc`	string	Timestamp when the transaction has been processed server-side in UTC
`refund.refund_reference`	string	Generated reference of the refund transaction. It may be empty in case of an error
`refund.purchase_reference`	string	Generated reference of the processed transaction. It may be empty in case of an error
`refund.amount`	number	The amount of the processed transaction, excluding the surcharge
`refund.currency`	string	The currency the purchase was made in, in ISO4217
`response_code`	string	Describes the outcome of the transaction
`response_message`	string	Describes the outcome of the transaction in more detail

Sample Request and Response

Request (application/json)

      {
        "token": {
        "company_token": "7qmtV8nn621vX5ptbUbFGUXj6EF",
        "transaction_token": "d0759318-610b-447b-b63d-01754ddfc6be"
        },
        "customer": {
          "customer_reference": "987654321",
          "customer_email": "[email protected]",
          "accepted_terms_conditions": "",
          "ip_address": "123.123.1.123",
          "timezone": "Australia/Sydney",
          "user_agent": "Mozilla/Firefox"
        },
        "refund": {
          "invoice_number": "5234234-John-Doe",
          "amount": 100.50,
          "currency": "AUD",
        },
        "metadata": {
        "channel": "API",
        "merchant_hash": "qnR8DKqJggD55PohusdffaBNviGoOJ67HC6Btry4qKSKJDZc="
        }
      }

Response 200 (application/json)

Body

  {
    "card": {
      "number": "400000******3184",
      "holder_name": "John Doe",
      "bsb": "123456"
    },
    "refund": {
      "status": "REQUIRES_AUTHENTICATION",
      "transaction_time_utc": null,
      "refund_reference": "8793247589235743982474",
      "purchase_reference": "763433087819768193",
      "amount": 100.5,
      "currency": "AUD"
    },
    "response_code": "success",
    "response_message": "Your request has been successfully processed."
  }

Working Example - The Sequence Of Calls

API Key

In order to make any mPay call, you must put your API key in the request header. That will normally happen by adding -H "Authorization: Bearer 7eba1cae-78b3-3a3f-81e3-89ccf5f4e13b" into your request. An API key will be provided to you by the on-boarding process.

Company Token

In order to call some of the endpoints, you need to pass the value as a parameter to the endpoint. Company Token will be provided to you by the on-boarding process.

Transaction Token

A one off-key valid for one use only. It has to be requested first using the mPay token endpoint

Card Token

After a successful tokenization of the card data that token can be used instead of the credit card number in all subsequent transactions that require the card data.

Token/Key Usage Mapping

Endpoint	API Key	Company Token	Transaction Token	Card Token
`transaction_token`	✓	✓
`tokenize_card`	✓	✓
`card`	✓	✓		✓
`invalidate_card_token`	✓	✓		✓
`surcharge`	✓	✓		✓
`purchase/refund`	✓	✓	✓	✓
`3dsredirect`	✓
`purchase/{purchase_reference}`	✓

Payment/Refund Sequence

Use API Key and Company Token to get Transaction Token
Construct the payment/refund request: add Transaction Token
Use API Key and the Company Token and Transaction Token to call the purchase/refund endpoint

Note: surcharge is optional if you decide to display the extra surcharges before proceeding with the purchase.

Authorisation Sequence

Use API Key and Company Token to get Transaction Token
Construct the payment request by using the flag purchase.should_mint_apply_pre_authorisation set to true: add Transaction Token. That will pre-auth the tranaction
call capture - proceed with the pre-authed amount
call cancel - release the previously pre-authed amount

>Note: auto cancel will be triggered after 7 days. If no cpature nor cancel called the amount will be release.

Sample card numbers for testing

Cards that will be accepted by the test system

            4000000360000006 (Visa)
            4242424242424242 (Visa)
            4000056655665556 (Visa debit)
            5555555555554444 (Mastercard)
            5200828282828210 (Mastercard debit)
            378282246310005  (Amex)

Cards that will be rejected by the test system

            4000000000009987 (declined because of lost card)
            4000000000009979 (declined because of stolen card)
            4000000000000069 (expired card)
            4000000000009995 (insufficient funds)

3DS2 flow test cards

            4000000000003220 (3DS2 - Authentication Required)
            4000000000003253 (3DS2 - Authentication Attempted)
            4000000000003236 (3DS2 - Authentication Unavailable)

All other fields

            "expiry_month":"11" - anything
            "expiry_year":"24" - anything in the future
            "cvv":"123" - any 3 digits combo (4 for Amex)
            "holder_name": "John Doe" - any string value