On This Page

Payments Developer Guide

This section describes how to use this guide and where to find further information.
Audience and Purpose
This guide is written for application developers who want to use the
REST API
 to integrate payment card processing into an order management system.
Implementing the
Cybersource
 payment services requires software development skills. You must write code that uses the API request and response fields to integrate the payment card services into your existing order management system.
Conventions
These statements appear in this document:
IMPORTANT
An
Important
 statement contains information essential to successfully completing a task or learning a concept.
WARNING
A
Warning
 contains information or instructions, which, if not heeded, can result in a security risk, irreversible loss of data, or significant cost in time or revenue or both.
Related Documentation
Visit the
Cybersource
 documentation hub to find additional processor-specific versions of this guide and additional technical documentation.
Customer Support
For support information about any service, visit the Support Center:

Recent Revisions to This Document

25.09.01

This revision contains only editorial changes and no technical updates.

25.08.01

This revision contains only editorial changes and no technical updates.

25.07.01

This revision contains only editorial changes and no technical updates.

25.05.01

Pre-Authorizations
Added information about releasing the hold on authorized amounts after 30 days. See Pre-Authorizations.

25.04.01

Added test card numbers for card-not-present 3-D Secure 2.2 enabled card. See China UnionPay Test Cards.

25.03

This revision contains only editorial changes and no technical updates.

25.02

This revision contains only editorial changes and no technical updates.

25.01

Added a testing section. See Testing the Payment Services.

24.14

Updated required fields and examples for these services:
Added test cards. See China UnionPay Test Cards.

24.13

This revision contains only editorial changes and no technical updates.

24.12

Co-Branded Card Transaction Routing
Added information about transaction routing for co-branded cards. See Co-Branded Cards.

24.11

This revision contains only editorial changes and no technical updates.

24.10

This revision contains only editorial changes and no technical updates.

24.09

This revision contains only editorial changes and no technical updates.

Introduction to Payments

This introduction provides the basic information that you need to successfully process payment transactions. It also provides an overview of the payments industry and provides workflows for each process.
With
Cybersource
 payment services, you can process payment cards (tokenized or non-tokenized), digital payments such as Apple Pay and Google Pay, and customer ID transactions. You can process payments across the globe and across multiple channels with scalability and security.
Cybersource
 supports a large number of payment cards and offers a wide choice of gateways and financial institutions, all through one connection.
Visit the
Cybersource
 documentation hub to find additional processor-specific versions of this guide and additional technical documentation.

Financial Institutions and Payment Networks

Financial institutions and payment networks enable payment services to function. These entities work together to complete the full payment cycle.
The
China UnionPay
 payment processor is a direct connection to the UnionPay ISO endpoint.
China UnionPay
 is for financial institutions that are located outside of China to process transactions directly with UnionPay.

Merchant Financial Institutions (Acquirers)

A merchant financial institution, also known as an
acquirer
, offers accounts to businesses that accept payment cards. Before you can accept payments, you must have a merchant account from an acquirer. Your merchant account must be configured to process card-not-present, card-present, or mail-order/telephone-order (MOTO) transactions.
Each acquirer has connections to a limited number of payment processors. You must choose a payment processor that your acquirer supports.
You can expect your acquirer to charge these fees:
  • Discount rates: your acquirer charges a fee and collects a percentage of every transaction. The combination of the fee and the percentage is called the
    discount rate
    . These charges can be
    bundled
     (combined into a single charge) or
    unbundled
     (charged separately).
  • Interchange fees: payment networks, such as Visa or Mastercard, each have a base fee, called the
    interchange fee
    , for each type of transaction. Your acquirer and processor can show you ways to reduce this fee.
  • Chargebacks: when cardholders dispute charges, you can incur
    chargebacks
    . A chargeback occurs when a charge on a customer’s account is reversed. Your acquirer removes the money from your account and could charge you a fee for processing the chargeback.
Take these precautions to prevent chargebacks:
  • Use accurate merchant descriptors so that customers can recognize the transactions on their statements.
  • Provide good customer support.
  • Ensure rapid problem resolution.
  • Maintain a high level of customer satisfaction.
  • Minimize fraudulent transactions.
If excessive chargebacks or fraudulant changes occur, these actions might be taken:
  • You might be required to change your business processes to reduce the number chargebacks, fraud, or both.
  • Your acquiring institution might increase your discount rate.
  • Your acquiring institution might revoke your merchant account.
Contact your sales representative for information about products that can help prevent fraud.

Customer Financial Institutions (Issuers)

A customer financial institution, also known as an
issuer
, provides payment cards to and underwrites lines of credit for their customers. The issuer provides monthly statements and collects payments. The issuer must follow the rules of the payment card companies to which they belong.

Payment Networks

Payment networks manage communications between acquirers and issuing banks. They also develop industry standards, support their brands, and establish fees for acquiring institutions.
Some payment networks, such as Visa and Mastercard, are trade associations that do not issue cards. Issuers are members of these associations, and they issue cards under license from the association.

Payment Processors

Payment processors connect with acquirers. Before you can accept payments, you must register with
a payment processor
.
An acquirer might require you to use a payment processor with an existing relationship with the acquirer.
Your payment processor
 assigns one or more merchant IDs (MIDs) to your business. These unique codes identify your business during payment transactions.

Card Types

For
China UnionPay
, domestic cards are payment cards that are issued within China and international cards are payment cards that are issued outside China.

Co-Badged Cards

Co-badged cards are credit and debit cards that integrate two or more payment networks.
China UnionPay
 supports cards co-badged with other payment networks, such as Visa, Mastercard, and Discover.

Co-Branded Cards

Co-branded cards are credit cards that are branded with a merchant's logo, brand, or other identifier as well as the payment network logo. These cards are not limited for use at the branded merchant and can be used at any merchant that accepts credit cards.
China UnionPay card transactions are processed through the
China UnionPay
 gateway. Visa and Mastercard transactions are processed through the
Visa Platform Connect
 gateway. For co-branded cards, the routing is determined by the value set for the card type field
paymentInformation.card.type
 in the transaction request. When the card type value is
001
 for a Visa card, the transaction is routed through the
Visa Platform Connect
 gateway. When the card type value is
062
 for a China UnionPay card, the transaction is routed through the
China UnionPay
 gateway. When you do not include the card type field, the system defaults to the primary card brand for the card's bank identification number (BIN).
Cybersource
 automatically manages the system default process, eliminating the need for additional integration by resellers or merchants.

Credit Cards

Cardholders use credit cards to borrow money from issuing banks to pay for goods and services offered by merchants that accept credit cards.

Debit Cards

A debit card is linked to a cardholder's checking account. A merchant who accepts the debit card can deduct funds directly from the account.

China UnionPay

Process debit cards using the credit card services. See Standard Payment Processing.
Most domestic debit cards issued before 2016 do not have a card verification number (CVN) and expiration date. The
China UnionPay
 processor does not support payment processing for cards that do not have a CVN and expiration date.

Transaction Types

This topic provides information about transaction types that are supported by your processor, such as card-present, card-not-present, and international transactions.

Card-Not-Present Transactions

When a customer provides a card number, but the card and the customer are not physically present at the merchant's location, the purchase is known as a
card-not-present transaction
. Typical card-not-present transactions are internet and phone transactions. Card-not-present transactions pose an additional level of risk to your business because the customer’s identification cannot be verified. You can reduce that risk by using features such as the Address Verification System (AVS) and Card Verification Numbers (CVNs). The AVS and CVNs provide additional protection from fraud by verifying the validity of the customer’s information and notifying you when discrepancies occur.

Payment Services

Various services are involved in processing
payments.
These services enable customers to purchase goods and services. They also enable merchants to receive payments from customer accounts, to provide refunds, and to void transactions.
Contact your acquirer to confirm the specific capabilities they support.

Authorizations

An authorization confirms that
a payment
 card account holds enough funds to pay for a purchase. Authorizations can be made online or offline.

Online Authorizations

Online authorizations provide immediate confirmation of funds availability. The customer's financial institution also reduces the amount of credit available in the customer's account, setting aside the authorized funds for the merchant to capture at a later time. Authorizations for most payment cards are processed online. Typically, it is safe to start fulfilling the order when you receive an authorization confirmation.
An
 online authorization confirmation and the subsequent hold on funds expire after a specific length of time. Therefore it is important to capture funds in a timely manner. The issuing bank sets the expiration time interval, but most authorizations expire within
5 to
 7 days.
The issuing bank does not inform
Cybersource
 when an authorization confirmation expires. By default, the authorization information for each transaction remains in the
Cybersource
 database for 180 days after the authorization date. To capture an authorization that expired with the issuing bank, you can resubmit the authorization request.

Pre-Authorizations

A pre-authorization enables you to authorize a payment when the final amount is unknown. It is typically used for lodging, auto rental, e-commerce, and restaurant transactions.
For a pre-authorization:
  • The authorization amount must be greater than zero.
  • The authorization must be submitted for capture within 30 calendar days of its request.
  • After 30 days, the issuer will release the hold on the authorized amount.
  • Send a new authorization request to claim the amount.

Authorization Workflow

This image and description show the authorization workflow:
  1. The customer purchases goods or services from the merchant using a payment card.
  2. You send an authorization request over secure internet connection to
    Cybersource
    . When the customer buys a digitally delivered product or service, you can request both the authorization and the capture at the same time. When the customer buys a physically fulfilled product, do not request the capture until you ship the product.
  3. Cybersource
     validates the order information then contacts your payment processor and requests authorization.
  4. The processor sends the transaction to the payment card company, which routes it to the issuing bank for the customer's payment card. Some card companies, including Discover, act as their own issuing banks.
  5. The issuing bank approves or declines the request.
    • If funds are available, the issuing bank reserves the amount of the authorization request and returns an authorization approval to
      Cybersource
      .
    • If the issuing bank denies the request, it returns an authorization denial to
      Cybersource
      .
  6. Cybersource
     runs its own tests then tells you whether the authorization succeeded.

Sale

A sale is a bundled authorization and capture. Some processors and acquirers require a sale transaction instead of using separate authorization and capture requests. For other processors and acquirers, you can request a sale instead of a separate authorization and capture when you provide the goods or services immediately after taking an order.
There are two types of sale processing: dual-message processing and single-message processing.

Single-Message Processing

Single-message processing treats the authorization and capture as a single transaction. There are important differences between dual-message processing and single-message processing:
  • Single-message processing treats the request as a full-financial transaction, and with a successful transaction, funds are immediately transferred from the customer account to the merchant account.
  • Authorization and capture amounts must be the same.
  • Some features cannot be used with single-message processing.

Authorization Reversals

The authorization reversal service releases the hold that an authorization placed on a customer’s payment card funds.
Each card-issuing financial institution has its own rules for deciding whether an authorization reversal succeeds or fails. When a reversal fails, contact the card-issuing financial institution to learn whether there is a different way to reverse the authorization.
An authorization reversal is a follow-on transaction that uses the request ID returned from an authorization. The main purpose of a follow-on transaction is to link two transactions. The request ID links the follow-on transaction to the original transaction. The authorization request ID is used to look up the customer’s billing and account information in the
Cybersource
 database. You are not required to include those fields in the full authorization reversal request. The original transaction and follow-on transaction are linked in the database and in
the
Business Center
.
For processors that support debit cards and prepaid cards, the full authorization reversal service works for debit cards and prepaid cards in addition to credit cards.
IMPORTANT
You cannot perform an authorization reversal if a transaction is in a review state, which can occur if you use a fraud management service. You must reject the transaction prior to authorization reversal. For more information, see the fraud management documentation in
the
Business Center
.

Captures

A capture is a follow-on transaction to an authorization. It is used to transfer the authorized funds from the customer's account to the merchant account. To link the authorization transaction to the capture transaction, you include a request ID in your capture request. This request ID is returned to you in the authorization response.
When fulfilling only part of a customer’s order, do not capture the full amount of the authorization. Capture only the cost of the delivered items. When you deliver the remaining items, request a new authorization, and then capture the new authorization.
IMPORTANT
It is not possible to perform a capture if a transaction is in a review state, which can occur if you use a fraud management service. You must accept the transaction prior to capture. For more information, see the fraud management documentation in
the
Business Center
.

Capture Workflow

The capture workflow begins when you send a request for a capture.
  1. The merchant sends a request for a capture to
    Cybersource
    .
  2. For online captures,
    Cybersource
     validates the order information then sends an online capture to the payment processor.
  3. The processor validates the request and forwards it to the issuing bank.
  4. The issuing bank transfers funds to the acquiring bank.
IMPORTANT
The payment processor does not notify
Cybersource
 that the money has been transferred. To ensure that all captures are processed correctly, you should reconcile your capture requests with the capture reports from your processor.

Credits

Credits are payment refunds from a merchant to the cardholder after a cardholder pays for a product or service and that payment is captured by the merchant. When a credit request is successful, the issuer transfers funds from the merchant bank (acquirer) account to the customer's account. It typically takes 2 to 4 days for the acquirer to transfer funds from your merchant account.
WARNING
You should carefully control access to the credit service. Do not request this service directly from your customer interface. Instead, incorporate this service as part of your customer service process. This process reduces the potential for fraudulent transactions.
There are two basic types of credits:
refunds
 and stand-alone credits.

Refunds

Unless otherwise specified, refunds must be requested within 180 days of a settlement. You can request multiple refunds against a single capture or sale transaction as long as the total amount does not exceed the original purchase amount. To perform multiple refunds, use the same request ID in each request.

Credit Workflow

The credit workflow begins when you send a request for a credit.
  1. The merchant sends a request for a credit to
    Cybersource
    .
  2. For online credits,
    Cybersource
     validates the order information then sends an online credit to the payment processor.
  3. The processor validates the request and forwards it to the acquiring bank.
  4. The acquiring bank transfers funds to the issuing bank.

Voids

A void cancels a capture or credit request that was submitted but not yet processed by the processor.
Capture and credit requests are usually submitted once a day. A void request is declined when the capture or credit request has already been sent to the processor.
After a void is processed, you cannot credit or capture the funds. You must perform a new transaction to capture or credit the funds. Further, when you void a capture, a hold remains on the authorized funds. If you are not going to re-capture the authorization,
and if your processor supports authorization reversal after void (ARAV),
 you should request an authorization reversal to release the hold on the unused funds.
A void uses the capture or credit request ID to link the transactions. The authorization request ID is used to look up the customer’s billing and account information, so there is no need to include those fields in the void request. You cannot perform a follow-on credit against a capture that has been voided.

Testing the Payment Services

To ensure that requests are processed correctly, you must test the basic success and error conditions for each service you plan to use.

Requirements for Testing

Before you can test, contact customer support to activate the credit card services and configure your account for testing. You must also contact your processor to set up your processor account.
IMPORTANT
When building your connection to the
Cybersource
 payment gateway, ensure that you have implemented controls to prevent card testing or card enumeration attacks on your platform.
For more information, see the best practices guide.
When we detect suspicious transaction activity associated with your merchant ID, including a card testing or card enumeration attack,
Cybersource
 reserves the right to enable fraud management tools on your behalf in order to mitigate the attack. The fraud team might also implement internal controls to mitigate attack activity. These controls block traffic that is perceived as fraudulent. Additionally, if you are using one of our fraud tools and experience a significant attack, our internal team might modify or add rules to your configuration to help prevent the attack and minimize the threat to our infrastructure. However, any actions taken by
Cybersource
 would not replace the need for you to follow industry standard best practices to protect your systems, servers, and platforms.
Follow these requirements when you test your system:
  • Use your regular merchant ID.
  • Use a real combination for the city, state, and postal code.
  • Use a real combination for the area code and telephone number.
  • Use a nonexistent account and domain name for the customer’s email address.
  • REST API test endpoint:
    POST
    https://apitest.cybersource.com
    /pts/v2/payments

Test Card Numbers

Use these payment card numbers to test the authorization, capture, and credit services. Remove the spaces from the test card numbers when sending them to the test system. Do not use real payment card numbers. To test card types that are not included in the list, use an account number that is in the card’s BIN range. For best results, try each test with a different service request and with different test payment card numbers.
IMPORTANT
The test card numbers that are provided are formatted with Xs for zeroes in the card number. When testing with the card numbers, replace each X with a 0 (zero).
  • American Express—3782 8224 631X XX5
  • Discover—6X11 1111 1111 1117
  • JCB—3566 1111 1111 1113
  • Maestro (International)
    • 5X33 9619 89X9 17
    • 5868 2416 0825 5333 38
  • Maestro (UK Domestic)—the issue number is not required for Maestro (UK Domestic) transactions.
    • 6759 4111 XXXX XXX8
    • 6759 56XX 45XX 5727 054
    • 5641 8211 1116 6669
  • Mastercard
    • 2222 42XX XXXX 1113
    • 2222 63XX XXXX 1125
    • 5555 5555 5555 4444
  • UATP—1354 1234 5678 911
  • Visa—4111 1111 1111 1111

Using Amounts to Simulate Errors

You can simulate error messages by requesting authorization, capture, or credit services with specific amounts that trigger the error messages. These triggers work only on the test server, not on the production server.
Each payment processor uses its own error messages.
For more information, see: REST API Testing Guide .

Test American Express Card Verification

Before using CVN with American Express, it is strongly recommended that you follow these steps:
  1. Contact customer support to have your account configured for CVN. Until you do this, you will receive a
    1
     in the
    processorInformation.cardVerification.resultCode
     response field.
  2. Test your system in production using a small currency amount, such as one currency unit. Instead of using the test account numbers, use a real payment card account number, and send an incorrect CVN in the request for authorization. The card should be refused and the request declined.

Standard Payment Processing

This section shows you how to process various authorization, capture, credit, and sales transactions.

Pre-Authorizations

This section provides the information you need in order to process a pre-authorization.
A pre-authorization enables you to authorize a payment when the final amount is unknown. It is typically used for lodging, auto rental, e-commerce, and restaurant transactions.
For a pre-authorization:
  • The authorization amount must be greater than zero.
  • The authorization must be submitted for capture within 30 calendar days of its request.
  • After 30 days, the issuer will release the hold on the authorized amount.
  • Send a new authorization request to claim the amount.
For
China UnionPay
, use these services to manage pre-authorizations:
  • Capture service to process a pre-authorization completion. See Captures.
  • Authorization reversal service to reverse a pre-authorization. See Authorization Reversal.
  • Refund
     service to reverse a pre-authorization completion or sale. See Refunds.

Endpoint

Production:
POST
https://api.cybersource.com
/pts/v2/payments
Test:
POST
https://apitest.cybersource.com
/pts/v2/payments

REST Example for
China UnionPay
: Processing a Pre-Authorization

Request
{
    "orderInformation": {
        "billTo": {
            "country": "US",
            "lastName": "Kim",
            "address1": "201 S. Division St.",
            "postalCode": "48104-2201",
            "locality": "Ann Arbor",
            "administrativeArea": "MI",
            "firstName": "Kyong-Jin",
            "email": "
test@cybs.com
"
        },
        "amountDetails": {
            "totalAmount": "100.00",
            "currency": "USD"
        }
    },
    "paymentInformation": {
        "card": {
            "expirationYear": "2025",
            "number": "62509470XXXXXXXX",
            "expirationMonth": "12",
            "type": "062"
        }
    },
    "processingInformation": {
        "commerceIndicator": "internet"
}
Response to a Successful Request
{
  "_links" : {
    "authReversal" : {
      "method" : "POST",
      "href" : "/pts/v2/payments/6461731521426399003473/reversals"
    },
    "self" : {
      "method" : "GET",
      "href" : "/pts/v2/payments/6461731521426399003473"
    },
    "capture" : {
      "method" : "POST",
      "href" : "/pts/v2/payments/6461731521426399003473/captures"
    }
  },
  "clientReferenceInformation" : {
    "code" : "1646173152047"
  },
  "id" : "6461731521426399003473",
  "orderInformation" : {
    "amountDetails" : {
      "authorizedAmount" : "100.00",
      "currency" : "CNY"
    }
  },
  "paymentAccountInformation" : {
    "card" : {
      "type" : "062"
    }
  },
  "paymentInformation" : {
    "tokenizedCard" : {
      "type" : "062"
    },
    "card" : {
      "type" : "062"
    }
  },
 "paymentInsightsInformation" : {
    "responseInsights" : {
      "categoryCode" : "01"
    }
  },
  "processorInformation" : {
    "systemTraceAuditNumber" : "862481",
    "approvalCode" : "831000",
    "merchantAdvice" : {
      "code" : "01",
      "codeRaw" : "M001"
    },
    "responseDetails" : "ABC",
    "networkTransactionId" : "016153570198200",
    "consumerAuthenticationResponse" : {
      "code" : "2",
      "codeRaw" : "2"
    },
    "transactionId" : "016153570198200",
    "responseCode" : "00",
    "avs" : {
      "code" : "Y",
      "codeRaw" : "Y"
    }
  },
  "reconciliationId" : "6461731521426399003473",
  "status" : "AUTHORIZED",
  "submitTimeUtc" : "2022-03-01T22:19:12Z"
}
Response to a Declined Request
{
  "clientReferenceInformation": {
    "code": "TC50171_3"
  },
  "errorInformation": {
    "reason": "PROCESSOR_ERROR",
    "message": "Invalid account"
  },
  "id": "6583553837826789303954",

  "paymentInsightsInformation": {
    "responseInsights": {
      "categoryCode": "01",
      "category": "ISSUER_WILL_NEVER_APPROVE"
    }
  },

  "pointOfSaleInformation": {
    "amexCapnData": "1009S0600100"
  },
  "processorInformation": {
    "systemTraceAuditNumber": "004544",
    "merchantNumber": "1231231222",
    "networkTransactionId": "431736869536459",
    "transactionId": "431736869536459",
   "responseCode": "111",
    "avs": {
      "code": "Y",
      "codeRaw": "Y"
    }
  },
  "status": "DECLINED"
}

Authorization Reversal

This section provides the information about how to process an authorization reversal.
Reversing an authorization releases the hold on the customer’s payment card funds that the issuing bank placed when processing the authorization.
For a debit card or prepaid card in which only a partial amount was approved, the amount of the reversal must be the amount that was authorized, not the amount that was requested.
For
China UnionPay
, use the authorization reversal service to reverse pre-authorizations.

Endpoint

Production:
POST
https://api.cybersource.com
/pts/v2/payments/
{id}
/reversals
Test:
POST
https://apitest.cybersource.com
/pts/v2/payments/
{id}
/reversals
The
{id}
 is the transaction ID returned in the authorization response.

Required Fields for Processing an Authorization Reversal

The amount of the reversal must be the same as the authorization amount that was included in the authorization response message. Do not use the amount that was requested in the authorization request message.

REST Example: Processing an Authorization Reversal

Request
{ 
    "clientReferenceInformation": { 
      "code": "test123"
    } 
    "reversalInformation" : { 
        "amountDetails" : { 
            "totalAmount" : "100.00",
            "currency" : "USD"
        } 
    } 
}
Response to a Successful Request
{
    "_links" : {
      "self" : {
          "method" : "GET",
          "href" : "/pts/v2/reversals/6869460219566537303955"
      }
    },
    "clientReferenceInformation" : {
        "code" : "RTS-Auth-Reversal"
    },
    "id" : "6869460219566537303955",
    "orderInformation" : {
        "amountDetails" : {
            "currency" : "USD"
        }
    },
    "processorInformation" : {
        "responseCode" : "200"
    },
    "reconciliationId" : "82kBK3qDNtls",
    "reversalAmountDetails" : {
        "reversedAmount" : "100.00",
        "currency" : "USD"
    },
    "status" : "REVERSED",
    "submitTimeUtc" : "2023-06-16T20:07:02Z"
}

Sale

This section provides the information you need in order to process a sale transaction.
A sale combines an authorization and a capture into a single transaction.
For
China UnionPay
, use the
refund
 service to reverse a sale.

Endpoint

Production:
POST
https://api.cybersource.com
/pts/v2/payments
Test:
POST
https://apitest.cybersource.com
/pts/v2/payments

REST Example for
China UnionPay
: Processing a Sale

Request
{
  "processingInformation": {
    "capture": true,
    "commerceIndicator": "internet"
  },
  "orderInformation" : {
    "billTo" : {
    "country" : "US",
    "lastName" : "VDP",
    "address1" : "201 S. Division St.",
    "postalCode" : "48104-2201",
    "locality" : "Ann Arbor",
    "administrativeArea" : "MI",
    "firstName" : "RTS",
    "email" : "
test@cybs.com
"
  },
    "amountDetails" : {
      "totalAmount" : "100.00",
      "currency" : "CNY"
     }
   },
  "paymentInformation" : {
    "card" : {
      "expirationYear" : "2025",
      "number" : "62509470XXXXXXXX",
      "expirationMonth" : "12",
      "type" : "062"
    }
  }
}
Response to a Successful Request
{
  "_links" : {
    "void" : {
      "method" : "POST",
      "href" : "/pts/v2/payments/6485004068966546103093/voids"
    },
    "self" : {
      "method" : "GET",
      "href" : "/pts/v2/payments/6485004068966546103093"
    }
  },
  "clientReferenceInformation" : {
    "code" : "RTS-Auth"
  },
  "id" : "6485004068966546103093",
  "orderInformation" : {
    "amountDetails" : {
      "totalAmount" : "100.00",
      "authorizedAmount" : "100.00",
      "currency" : "CNY"
    }
  },
  "paymentAccountInformation" : {
    "card" : {
      "type" : "062"
    }
  },
  "paymentInformation" : {
    "tokenizedCard" : {
      "type" : "062"
    },
    "card" : {
      "type" : "062"
    }
  },
  "processorInformation" : {
    "systemTraceAuditNumber" : "841109",
    "approvalCode" : "831000",
    "merchantAdvice" : {
      "code" : "01",
      "codeRaw" : "M001"
    },
    "responseDetails" : "ABC",
    "networkTransactionId" : "016153570198200",
    "retrievalReferenceNumber" : "208720841109",
    "consumerAuthenticationResponse" : {
      "code" : "2",
      "codeRaw" : "2"
    },
    "transactionId" : "016153570198200",
    "responseCode" : "00",
    "avs" : {
      "code" : "Y",
      "codeRaw" : "Y"
    }
  },
  "reconciliationId" : "6485004068966546103093",
  "status" : "AUTHORIZED",
  "submitTimeUtc" : "2022-03-28T20:46:47Z"
}

Captures

This section provides the information you need in order to capture an authorized transaction.
For
China UnionPay
, use the capture service to process pre-authorization completions.

Endpoint

Production:
POST
https://api.cybersource.com
/pts/v2/payments/
{id}
/captures
Test:
POST
https://apitest.cybersource.com
/pts/v2/payments/
{id}
/captures
The
{id}
 is the transaction ID returned in the authorization response.

Required Fields for Capturing an Authorization

Use these required fields for capturing an authorization.
This field value maps from the original authorization, sale, or credit transaction.

REST Example: Capturing an Authorization

Request
{
    "clientReferenceInformation": {
        "code": "ABC123"
    },
    "orderInformation": {
        "amountDetails": {
            "totalAmount": "100.00",
            "currency": "EUR"
    }
}
Response to a Successful Request
{
    "_links": {
        "void": {
            "method": "POST",
            "href": "/pts/v2/captures/6662994431376681303954/voids"
        },
        "self": {
            "method": "GET",
            "href": "/pts/v2/captures/6662994431376681303954"
        }
    },
    "clientReferenceInformation": {
        "code": "1666299443215"
    },
    "id": "6662994431376681303954",
    "orderInformation": {
        "amountDetails": {
            "totalAmount": "100.00",
            "currency": "EUR"
        }
    },
    "reconciliationId": "66535942B9CGT52U",
    "status": "PENDING",
    "submitTimeUtc": "2022-10-20T20:57:23Z"
}

Refunds

This section provides the information you need in order to process a
refund
, which is linked to a
capture or
 sale.
You must request a
refund
 within 180 days of the authorization.
For
China UnionPay
, use the
refund
 service to reverse pre-authorization completions and sales.
When your account is enabled for credit authorizations, also known as purchase return authorizations,
Cybersource
 authenticates the card and customer during a
refund or
credit request. Every credit request is automatically authorized.
Credit authorization results are returned in these response fields:
  • processorInformation.approvalCode
  • processorInformation.networkTransactionId
  • processorInformation.responseCode
When you request a void for the credit and the credit is voided. If your account is enabled for credit authorizations, the credit authorization is also reversed.

Endpoint

Production:
POST
https://api.cybersource.com
/pts/v2/payments/
{id}
/refunds
Test:
POST
https://apitest.cybersource.com
/pts/v2/payments/
{id}
/refunds
The
{id}
 is the transaction ID returned in the capture or sale response.

Required Fields for Processing a
Refund

REST Interactive Example: Processing a Refund

Refund a Payment

REST Example: Processing a Refund

Request
{
    "orderInformation": {
        "amountDetails": {
            "totalAmount": "100.00",
            "currency": "EUR"
        }
    }
}
Response to a Successful Request
{
    "_links": {
        "void": {
            "method": "POST",
            "href": "/pts/v2/credits/6699964581696622603955/voids"
        },
        "self": {
            "method": "GET",
            "href": "/pts/v2/credits/6699964581696622603955"
        }
    },
    "clientReferenceInformation": {
        "code": "1669996458298"
    },
    "creditAmountDetails": {
        "currency": "eur",
        "creditAmount": "100.00"
    },
    "id": "6699964581696622603955",
    "orderInformation": {
        "amountDetails": {
            "currency": "EUR"
        }
    },
    "paymentAccountInformation": {
        "card": {
            "type": "062"
        }
    },
    "paymentInformation": {
        "tokenizedCard": {
            "type": "062"
        },
        "card": {
            "type": "062"
        }
    },
    "processorInformation": {
        "approvalCode": "888888",
        "networkTransactionId": "016153570198200",
        "responseCode": "100"
    },
    "reconciliationId": "61873329OAILG3Q6",
    "status": "PENDING",
    "submitTimeUtc": "2022-12-02T15:54:18Z"
}

Voids for a Capture or Credit

This section describes how to void a capture or credit that was submitted but not yet processed by the processor.

Endpoints

Void a Capture
Production:
POST
https://api.cybersource.com
/pts/v2/captures/
{id}
/voids
Test:
POST
https://apitest.cybersource.com
/pts/v2/captures/
{id}
/voids
Void a Credit
Production:
POST
https://api.cybersource.com
/pts/v2/credits/
{id}
/voids
Test:
POST
https://apitest.cybersource.com
/pts/v2/credits/
{id}
/voids
The
{id}
 is the transaction ID returned during the capture or credit response.

Required Fields for Voiding a Capture or Credit

Including this field is recommended, but not required.

REST Example: Voiding a Capture or Credit

Request
{
    "clientReferenceInformation": {
        "code": "test123"
    }
}
Response to a Successful Request
{
    "_links": {
        "self": {
            "method": "GET",
            "href": "/pts/v2/voids/6541933390746728203005"
        }
    },
    "clientReferenceInformation": {
        "code": "1654193339056"
    },
    "id": "6541933390746728203005",
    "orderInformation": {
        "amountDetails": {
        "currency": "USD"
        }
    },
    "status": "VOIDED",
    "submitTimeUtc": "2022-06-02T18:08:59Z",
    "voidAmountDetails": {
        "currency": "usd",
        "voidAmount": "100.00"
    }
}

China UnionPay
 Test Cards

Use these
China UnionPay
 cards to test services. Replace each X with a 0 (zero). before using the card numbers.
Card-not-present 3-D Secure enabled card
  • Card:
    625X947XXXXXXX14
  • Expiration date (YYMM):
    3312
  • CVV2:
    123
Card-not-present 3-D Secure 2.2 enabled card
  • Frictionless:
    • 81XXX1XXXXXXX142
    • 621XX3823532713X
  • Challenge:
    • 81XXX1XXXXXXX688
    • 621XX3257857442
Domestic China-issued card
  • Card:
    6222X4XXXXX3XX12
  • Expiration date (YYMM):
    4912
  • CVV2:
    123
International-issued card
  • Card:
    625X94X5XXXXXXX6
  • Expiration date (YYMM):
    4912
  • CVV2:
    123
UnionPay International and Visa co-branded card
  • Card:
    44278X2641XX4797
  • Expiration date (YYMM):
    4912
  • CVV2:
    123
UnionPay International and Mastercard co-branded card
  • Card:
    552XX123456789X3
  • Expiration date (YYMM):
    4912
  • CVV2:
    123

Pre-Authorizations

A pre-authorization enables you to authorize a payment when the final amount is unknown. It is typically used for lodging, auto rental, e-commerce, and restaurant transactions.
For a pre-authorization:
  • The authorization amount must be greater than zero.
  • The authorization must be submitted for capture within 30 calendar days of its request.
  • After 30 days, the issuer will release the hold on the authorized amount.
  • Send a new authorization request to claim the amount.