Authorization Reply
The following samples are for credit card authorization replies. These replies are common regardless of the type of authorization submitted (e.g. card not present or digital wallet).
Response Example
The response is a CreditCardAuthReply message.
<?xml version="1.0" encoding="UTF-8"?>
<CreditCardAuthReply xmlns="http://api.gsicommerce.com/schema/checkout/1.0">
<PaymentContext>
<OrderId>12345</OrderId>
<!-- You will receive a token in the response, which is a scrambled version of the Credit Card number.
This token gets passed to the Order Service, not the original credit card number -->
<PaymentAccountUniqueId isToken="true">411111adgh2y1111</PaymentAccountUniqueId>
</PaymentContext>
<ResponseCode>APPROVED</ResponseCode>
<AuthorizationResponseCode>AP01</AuthorizationResponseCode>
<BankAuthorizationCode>ABC123</BankAuthorizationCode>
<CVV2ResponseCode>M</CVV2ResponseCode>
<AVSResponseCode>Y</AVSResponseCode>
<PhoneResponseCode>Y</PhoneResponseCode> <!-- American Express only -->
<NameResponseCode>Y</NameResponseCode> <!-- American Express only -->
<EmailResponseCode>Y</EmailResponseCode> <!-- American Express only -->
<AmountAuthorized currencyCode="USD">50.00</AmountAuthorized>
<TenderType>VC</TenderType>
</CreditCardAuthReply>Response Elements
| Element | Required | Description | Type | Restriction |
|---|---|---|---|---|
| PaymentContext | Yes |
Unique identifier of the payment transaction for the order |
ComplexType | |
| PaymentContext/ OrderId |
Yes | Unique identifier of the order. The client must ensure uniqueness of OrderIds across all orders that the client initiates with this service. | String | Max 20 characters |
| PaymentContext/ PaymentAccountUniqueId |
Yes |
Token (scrambled version) of the PAN (payment account number such as a credit card number). When passing the PAN for the PaymentAuthCancelRequest and the PaymentSettlementRequest messages, always use the returned token, not the original PAN. |
String | Max 22 characters |
| PaymentContext/ PaymentAccountUniqueId/ @isToken |
Yes | Attribute that indicates whether the PAN is tokenized. In the CreditCardAuthReply message, this attribute is always set to true. | String | true |
| ResponseCode | Yes |
Response code of the credit card authorization. Includes approved, timeout, and several decline codes. Only orders with an approved or timeout response code are submitted to the Order Service. See Authorization Response Codes for a list of codes. |
String | Max 1000 characters.
SchemaVersion in the Request Message has to be equal to or greater than 1.1 in order to receive this element |
| AuthorizationResponseCode | Yes |
Response code of the credit card authorization. This includes approval, timeout, and several decline codes. Please see supporting documentation for a full list of these codes. |
String | Max 1000 characters |
| BankAuthorizationCode | Yes |
Authorization code returned by the payment processor upon a successful credit card authorization. Any order taken by the Order Service and paid by credit card MUST have this authorization code. |
String | Max 1000 characters |
| CVV2ResponseCode | Yes |
Payment processor response code for the CVV2 (card verification value) check. For most credit cards, you get an approval on the ResponseCode even if the CVV2ResponseCode returns a CVV2 failure. You CANNOT accept an order if the CVV2ResponseCode returns a CVV2 failure code. See CVV2 Response Codes for a list of codes. |
String | Max 3 characters |
| AVSResponseCode | Yes |
Payment processor response for the Address Verification System (AVS) check. For most credit cards, you get an approval on the ResponseCode even if the AVSResponseCode returns an AVS failure code. It is typically considered a significant fraud risk to accept an order if the AVSResponseCode returns an AVS failure code. See AVS Response Codes for a list of codes. |
String | Max 3 characters |
| PhoneResponseCode | No (Amex only) |
Response code for customer phone number verification. Only applies to Amex authorizations. To support downstream fraud processing, this data should be included in the OrderCreateRequest for orders paid with Amex. |
String | Max 3 characters |
| NameResponseCode | No (Amex only) |
Response code for customer name verification. Only applies to Amex authorizations. To support downstream fraud processing, this data should be included in the OrderCreateRequest for orders paid with Amex. |
String | Max 3 characters |
| EmailResponseCode | No (Amex only) |
Response code for customer email verification. Only applies to Amex authorizations. To support downstream fraud processing, this data should be included in the OrderCreateRequest for orders paid with Amex. |
String | Max 3 characters |
| AmountAuthorized | Yes | Currency amount authorized on the credit card | Decimal |
Positive decimal, up to two decimal places(for example, 4.75) |
| AmountAuthorized/ @currencyCode |
Yes | Type of currency used for the order | String | 3-character ISO 4217 code (for example, USD, CAD, EUR). See http://en.wikipedia.org/wiki/ISO_4217. |
| TenderType | No (Always present for Digital Wallet transactions) | This element identifies the tender type used for the transaction
*Note that this value might be corrected based on Bin Range identification |
String | 2-4 Characters
SchemaVersion in the Request Message has to be 1.2 in order to receive this element |