Update Application Transaction Counter

Use this operation to update the Application Transaction Counter (ATC) maintained at the issuer with the latest ATC from the chip on the card. For processing of transaction such as Aggregated Transit Fare, you may be required to send an ATC Update to the issuer in accordance with the scheme rules.

POST https://test-nbkpayment.mtf.gateway.mastercard.com/api/nvp/version/100

Authentication

This operation requires authentication via one of the following methods:


  • Certificate authentication.
  • To authenticate to the API two additional NVP parameters must be supplied in the request. Provide 'merchant.<your gateway merchant ID>' in the apiUsername field and your API password in the apiPassword field.

Request

Fields

apiOperation String = UPDATE_APPLICATION_TRANSACTION_COUNTER FIXED

Any sequence of zero or more unicode characters.

correlationId String OPTIONAL

A transient identifier for the request, that can be used to match the response to the request.

The value provided is not validated, does not persist in the gateway, and is returned as provided in the response to the request.

Data can consist of any characters

Min length: 1 Max length: 100
merchant Alphanumeric + additional characters REQUIRED

The unique identifier issued to you by your payment provider.

This identifier can be up to 12 characters in length.

Data may consist of the characters 0-9, a-z, A-Z, '-', '_'

Min length: 1 Max length: 40
sourceOfFunds REQUIRED

Information about the payment type selected by the payer for this payment and the source of the funds.

Depending on the payment type the source of the funds can be a debit or credit card, bank account, or account with a browser payment provider (such as PayPal).

For card payments the source of funds information may be represented by combining one or more of the following: explicitly provided card details, a session identifier which the gateway will use to look up the card details and/or a card token. Precedence rules will be applied in that explicitly provided card details will override session card details which will override card token details. Each of these may represent partial card details, however the combination must result in a full and complete set of card details. See Using Multiple Sources of Card Details for examples.

sourceOfFunds.provided REQUIRED

Information about the source of funds when it is directly provided (as opposed to via a token or session).

For browser payments, the source of funds details are usually collected from the payer on the payment provider's website and provided to you when you retrieve the transaction details (for a successful transaction). However, for some payment types (such as giropay), you must collect the information from the payer and supply it here.

sourceOfFunds.provided.card REQUIRED

Details about the card.

Use this parameter group when you have sourced payment details using:
Cards: the card details entered directly or collected using a Point of Sale (POS) terminal.
Device payment methods such as Apple Pay, Android Pay, Samsung Pay or Google Pay.
Digital wallets such as Masterpass, Visa Checkout or Amex Express Checkout.
Card scheme tokens where the card was tokenized using a card scheme tokenization service such as Mastercard Digital Enablement Service (MDES).
Alternative IDs provided by the schemes, such as Alt-Id for Guest Checkout payments in India using American Express, Rupay cards issued in India.

sourceOfFunds.provided.card.emvRequest String REQUIRED

This field only applies to transactions that originate from an EMV capable terminal.

It contains selected EMV fields as provided by the terminal.

For the list of field tags to include (if provided by the terminal), see Card Present Payments. Requests with any other tags are rejected by the gateway.

Some of the tags represent data that can occur on explicit fields in this API. You can submit the value either in this field, or in both places. For example, the PAN can be presented as EMV tag 5A in this field, or included both the sourceOfFunds.provided.card.number API field and in EMV tag 5A in this field.

If you specify the EMV tag only, we can populate the explicit field in the API. Fields where this is supported have the text "This field corresponds to EMV tag <tag name>" in their field descriptions.

If you specify both places, there will be no population of the explicit field or validation that the data matches.

The API response will not contain PCI sensitive fields.

Data can consist of any characters

Min length: 1 Max length: 250
sourceOfFunds.provided.card.expiry OPTIONAL

Expiry date, as shown on the card.

sourceOfFunds.provided.card.expiry.month Digits REQUIRED

Month, as shown on the card.

Months are numbered January=1, through to December=12.

Data is a number between 1 and 12 represented as a string.

sourceOfFunds.provided.card.expiry.year Digits REQUIRED

Year, as shown on the card.

The Common Era year is 2000 plus this value.

Data is a string that consists of the characters 0-9.

Min length: 2 Max length: 2
sourceOfFunds.provided.card.number Digits OPTIONAL

Credit card number as printed on the card.

Data is a string that consists of the characters 0-9.

Min length: 9 Max length: 19
sourceOfFunds.provided.card.p2pe OPTIONAL

This holds the PAN in the case where it is encrypted by the terminal using DUKPT key exchange.

sourceOfFunds.provided.card.p2pe.cardBin Digits OPTIONAL

The BIN of the card.

If you provide this, the gateway will check that the decrypted PAN has these leading six digits. If the check fails, the gateway will reject the transaction.

If you do not provided this, the gateway will not perform this check.

Data is a string that consists of the characters 0-9.

Min length: 1 Max length: 6
sourceOfFunds.provided.card.p2pe.encryptionState String REQUIRED

The P2PE encryption state as determined by the terminal.

INVALID means the terminal detected some form of error in the encryption process. The gateway will decline transactions with INVALID encryption state. This field may be omitted when the value is VALID.

Data can consist of any characters

Min length: 5 Max length: 7
sourceOfFunds.provided.card.p2pe.initializationVector Hex REQUIRED

The initialization vector supplied by the terminal to seed the encryption of this payload.

Omit this value if the terminal is not using an initialization vector to seed encryption.

Data is hexadecimal encoded

Min length: 16 Max length: 32
sourceOfFunds.provided.card.p2pe.keySerialNumber Hex REQUIRED

The DUKPT key serial number supplied by the terminal.

Data is hexadecimal encoded

Min length: 20 Max length: 24
sourceOfFunds.provided.card.p2pe.payload Hex REQUIRED

The DUKPT encrypted payload supplied by the terminal.

Data is hexadecimal encoded

Min length: 32 Max length: 1024
sourceOfFunds.provided.card.sequenceNumber Digits OPTIONAL

A number used to differentiate between cards with the same Primary Account Number (PAN).

This field corresponds to EMV tag 5F34

Data is a number between 0 and 999 represented as a string.

sourceOfFunds.provided.card.track2 Track 2 Data OPTIONAL

This field contains the full track data.

You may optionally include the start and end sentinels and LRC.

Provide this for stripe and EMV fallback to stripe cases.

The contents of this field must match the PAN and expiry fields included in the Transaction Request.

This field corresponds to EMV tag 57

Data must comply with ISO 7811-2 track 2 data character set.
Data may consist of the characters: ? D F ]]>

Min length: 2 Max length: 40
sourceOfFunds.type Enumeration REQUIRED

The payment method used for this payment.

If you are passing card data (in any form) on the API, then you need to set this value, and also provide the card details in the sourceOfFunds.provided.card group. In the case of digital wallets or device payment methods, you must also populate the order.walletProvider field.

If you are making a payment with a gateway token, then you can leave this field unset, and only populate the sourceOfFunds.token field. However you can set this to CARD if you want to overwrite or augment the token data with a card security code, expiry date, or cardholder name.

Value must be a member of the following list. The values are case sensitive.

CARD

Use this value for payments that obtained the card details either directly from the card, or from a POS terminal, or from a wallet, or through a device payment method.

EBT_CARD

Use this value for Electronic Benefits Transfer (EBT) card payments. The additional EBT data must also be provided in the sourceOfFunds.provided.ebt parameter group.

GIFT_CARD

The payer chose to pay using a gift card. The payer's gift card details must be provided under the sourceOfFunds.provided.giftCard parameter group.

SCHEME_TOKEN

Use this value for payments using scheme tokens provided by Mastercard Digital Enablement Service (MDES), or Visa Token Service (VTS), or American Express Token Service (AETS).

Response

Fields

correlationId String CONDITIONAL

A transient identifier for the request, that can be used to match the response to the request.

The value provided is not validated, does not persist in the gateway, and is returned as provided in the response to the request.

Data can consist of any characters

Min length: 1 Max length: 100
merchant Alphanumeric + additional characters ALWAYS PROVIDED

The unique identifier issued to you by your payment provider.

This identifier can be up to 12 characters in length.

Data may consist of the characters 0-9, a-z, A-Z, '-', '_'

Min length: 1 Max length: 40
response ALWAYS PROVIDED
response.result Enumeration ALWAYS PROVIDED

A system-generated high level overall result of the operation.

Value must be a member of the following list. The values are case sensitive.

FAILURE

The operation was declined or rejected by the gateway, acquirer or issuer

PENDING

The operation is currently in progress or pending processing

SUCCESS

The operation was successfully processed

UNKNOWN

The result of the operation is unknown

transaction ALWAYS PROVIDED

Information about this transaction.

transaction.receipt ASCII Text ALWAYS PROVIDED

A unique reference generated by the acquirer for a specific merchant interaction.

The reference may be used when contacting the acquirer about a specific transaction.

Data consists of ASCII characters

Min length: 1 Max length: 100

Errors

error

Information on possible error conditions that may occur while processing an operation using the API.

error.cause Enumeration

Broadly categorizes the cause of the error.

For example, errors may occur due to invalid requests or internal system failures.

Value must be a member of the following list. The values are case sensitive.

INVALID_REQUEST

The request was rejected because it did not conform to the API protocol.

REQUEST_REJECTED

The request was rejected due to security reasons such as firewall rules, expired certificate, etc.

SERVER_BUSY

The server did not have enough resources to process the request at the moment.

SERVER_FAILED

There was an internal system failure.

error.explanation String

Textual description of the error based on the cause.

This field is returned only if the cause is INVALID_REQUEST or SERVER_BUSY.

Data can consist of any characters

Min length: 1 Max length: 1000
error.field String

Indicates the name of the field that failed validation.

This field is returned only if the cause is INVALID_REQUEST and a field level validation error was encountered.

Data can consist of any characters

Min length: 1 Max length: 100
error.supportCode String

Indicates the code that helps the support team to quickly identify the exact cause of the error.

This field is returned only if the cause is SERVER_FAILED or REQUEST_REJECTED.

Data can consist of any characters

Min length: 1 Max length: 100
error.validationType Enumeration

Indicates the type of field validation error.

This field is returned only if the cause is INVALID_REQUEST and a field level validation error was encountered.

Value must be a member of the following list. The values are case sensitive.

INVALID

The request contained a field with a value that did not pass validation.

MISSING

The request was missing a mandatory field.

UNSUPPORTED

The request contained a field that is unsupported.

result Enumeration

A system-generated high level overall result of the operation.

Value must be a member of the following list. The values are case sensitive.

ERROR

The operation resulted in an error and hence cannot be processed.