Authorization Reply

The following samples are for credit card authorization replies. These replies are common regardless of the type of authorization submitted (e.g. card not present or digital wallet).

Response Example

The response is a CreditCardAuthReply message.

<?xml version="1.0" encoding="UTF-8"?>
<CreditCardAuthReply xmlns="http://api.gsicommerce.com/schema/checkout/1.0">
  <PaymentContext>
    <OrderId>12345</OrderId>
    <!-- You will receive a token in the response, which is a scrambled version of the Credit Card number.
         This token gets passed to the Order Service, not the original credit card number -->
    <PaymentAccountUniqueId isToken="true">411111adgh2y1111</PaymentAccountUniqueId>
  </PaymentContext>
  <ResponseCode>APPROVED</ResponseCode>
  <AuthorizationResponseCode>AP01</AuthorizationResponseCode>
  <BankAuthorizationCode>ABC123</BankAuthorizationCode>
  <CVV2ResponseCode>M</CVV2ResponseCode>
  <AVSResponseCode>Y</AVSResponseCode>
  <PhoneResponseCode>Y</PhoneResponseCode> <!-- American Express only -->
  <NameResponseCode>Y</NameResponseCode>  <!-- American Express only -->
  <EmailResponseCode>Y</EmailResponseCode>  <!-- American Express only -->
  <AmountAuthorized currencyCode="USD">50.00</AmountAuthorized>
  <TenderType>VC</TenderType>
</CreditCardAuthReply>

Response Elements

Element Required Description Type Restriction
PaymentContext Yes

Unique identifier of the payment transaction for the order

ComplexType  
PaymentContext/
OrderId
Yes Unique identifier of the order. The client must ensure uniqueness of OrderIds across all orders that the client initiates with this service. String Max 20 characters
PaymentContext/
PaymentAccountUniqueId
Yes

Token (scrambled version) of the PAN (payment account number such as a credit card number). When passing the PAN for the PaymentAuthCancelRequest and the PaymentSettlementRequest messages, always use the returned token, not the original PAN.

String Max 22 characters
PaymentContext/
PaymentAccountUniqueId/
@isToken
Yes Attribute that indicates whether the PAN is tokenized. In the CreditCardAuthReply message, this attribute is always set to true. String true
ResponseCode Yes

Response code of the credit card authorization. Includes approved, timeout, and several decline codes. Only orders with an approved or timeout response code are submitted to the Order Service.

See Authorization Response Codes for a list of codes.

String Max 1000 characters.

SchemaVersion in the Request Message has to be equal to or greater than 1.1 in order to receive this element

AuthorizationResponseCode Yes

Response code of the credit card authorization. This includes approval, timeout, and several decline codes. Please see supporting documentation for a full list of these codes.

String Max 1000 characters
BankAuthorizationCode Yes

Authorization code returned by the payment processor upon a successful credit card authorization.

Any order taken by the Order Service and paid by credit card MUST have this authorization code.

String Max 1000 characters
CVV2ResponseCode Yes

Payment processor response code for the CVV2 (card verification value) check.

For most credit cards, you get an approval on the ResponseCode even if the CVV2ResponseCode returns a CVV2 failure. You CANNOT accept an order if the CVV2ResponseCode returns a CVV2 failure code.

See CVV2 Response Codes for a list of codes.

String Max 3 characters
AVSResponseCode Yes

Payment processor response for the Address Verification System (AVS) check.

For most credit cards, you get an approval on the ResponseCode even if the AVSResponseCode returns an AVS failure code. It is typically considered a significant fraud risk to accept an order if the AVSResponseCode returns an AVS failure code.

See AVS Response Codes for a list of codes.

String Max 3 characters
PhoneResponseCode No (Amex only)

Response code for customer phone number verification. Only applies to Amex authorizations.

To support downstream fraud processing, this data should be included in the OrderCreateRequest for orders paid with Amex.

String Max 3 characters
NameResponseCode No (Amex only)

Response code for customer name verification. Only applies to Amex authorizations.

To support downstream fraud processing, this data should be included in the OrderCreateRequest for orders paid with Amex.

String Max 3 characters
EmailResponseCode No (Amex only)

Response code for customer email verification. Only applies to Amex authorizations.

To support downstream fraud processing, this data should be included in the OrderCreateRequest for orders paid with Amex.

String Max 3 characters
AmountAuthorized Yes Currency amount authorized on the credit card Decimal

Positive decimal, up to two decimal places(for example, 4.75)

AmountAuthorized/
@currencyCode
Yes Type of currency used for the order String 3-character ISO 4217 code (for example, USD, CAD, EUR). See http://en.wikipedia.org/wiki/ISO_4217.
TenderType No (Always present for Digital Wallet transactions) This element identifies the tender type used for the transaction

*Note that this value might be corrected based on Bin Range identification

String 2-4 Characters

SchemaVersion in the Request Message has to be 1.2 in order to receive this element