Search Tokens
Request to find token records that match the query. If the token records span across pages, you can limit the results returned per page and retrieve the next set of results using subsequent requests.
Authentication Copied to clipboard
This operation requires authentication via one of the following methods:
- Certificate authentication.
-
To authenticate to the API two additional NVP parameters must be supplied in the request.
Provide 'merchant.
<your gateway merchant ID>
' in the apiUsername field and your API password in the apiPassword field.
Request Copied to clipboard
Fields Copied to clipboard
String
= SEARCH_TOKENS
FIXED
Any sequence of zero or more unicode characters.
String
OPTIONAL
A transient identifier for the request, that can be used to match the response to the request.
The value provided is not validated, does not persist in the gateway, and is returned as provided in the response to the request.
Data can consist of any characters
Integer
OPTIONAL
The maximum number of records that you want returned in one page.
If you omit this value, the gateway will limit the page to a reasonable size.
A number comprising the digits 0-9, having at least one digit. (For a complete description, see http://www.w3.org/TR/xmlschema-2/#nonNegativeInteger.)
Alphanumeric + additional characters
REQUIRED
The unique identifier issued to you by your payment provider.
This identifier can be up to 12 characters in length.
Data may consist of the characters 0-9, a-z, A-Z, '-', '_'
String
OPTIONAL
Provide this field on subsequent search requests, i.e. if the query matches many records and the search results span across pages.
When initiating the query, you must omit this field (or set it to an empty string), and specify only the query field. To get any subsequent pages, set this field to the value of the nextPage field returned in the previous search response.
Data can consist of any characters
String
OPTIONAL
A JSON formatted query request that must be provided on an initial search request.
The field is ignored when included in subsequent requests to retrieve the next set of results.
The syntax for token queries supports:
- Operators: EQ
- Fields: sourceOfFunds.provided.card.number, token, sourceOfFunds.provided.card.expiry
- Operators: GT
- Fields: usage.lastUpdated
- Operators: LE
- Fields: sourceOfFunds.provided.card.expiry
Examples:
- Search for token:
{"EQ":["token","GD1209-0160 0149 0098 6248"]}
- Search for card:
{"EQ":["sourceOfFunds.provided.card.number","4111111111111111"]}
- Search for card expiry(MMYY):
{"EQ":["sourceOfFunds.provided.card.expiry","0517"]}
{"LE":["sourceOfFunds.provided.card.expiry","0517"]}
- Search for updated tokens:
{"GT":["usage.lastUpdated","2014-10-31T03:11:53Z"]}
Data can consist of any characters
Response Copied to clipboard
Fields Copied to clipboard
String
CONDITIONAL
A transient identifier for the request, that can be used to match the response to the request.
The value provided is not validated, does not persist in the gateway, and is returned as provided in the response to the request.
Data can consist of any characters
String
CONDITIONAL
If this field is present, it indicates that the gateway may have more results to return.
Provide the value in this field in the nextPage field on the request to get more results.
This field will be absent if the gateway has no more results to return.
Data can consist of any characters
CONDITIONAL
Subset of the tokens that matched the search query.
Provide the value in the returned nextPage field in subsequent requests to get the next set of tokens.
CONDITIONAL
Subset of the tokens that matched the search query.
Use returned iterator value in subsequent requests to get more results.
ASCII Text
CONDITIONAL
Unique identifier of the token repository.
Token repositories can be shared across merchants; however, a single merchant can be associated with only one token repository at a given time. Every token repository has a corresponding test token repository, which only the merchants with the corresponding test profiles can access. For example, if the repository ID is ABC, the test repository ID will be TestABC. Hence, the system displays an error if you specify a repository ID that starts with 'Test'
Data consists of ASCII characters
CONDITIONAL
Details about the source of the funds for this payment.
CONDITIONAL
The details of the source of funds when they are directly provided as opposed to via a token or session.
CONDITIONAL
Details as shown on the card.
Enumeration
ALWAYS PROVIDED
The brand name used to describe the card that is recognized and accepted globally.
For many major card types this will match the scheme name. In some markets, a card may also be co-branded with a local brand that is recognized and accepted within its country/region of origin (see card.localBrand).
You may use this information to support surcharging decisions. This information is gathered from 3rd party sources and may not be accurate in all circumstances.
Value must be a member of the following list. The values are case sensitive.
AMEX
American Express
CHINA_UNIONPAY
China UnionPay
DINERS_CLUB
Diners Club
DISCOVER
Discover
JCB
JCB (Japan Credit Bureau)
LOCAL_BRAND_ONLY
The card does not have a global brand.
MAESTRO
Maestro
MASTERCARD
MasterCard
RUPAY
RuPay
UATP
UATP (Universal Air Travel Plan)
UNKNOWN
The brand of the card used in the transaction could not be identified
VISA
Visa
CONDITIONAL
Expiry date, as shown on the card.
Digits
ALWAYS PROVIDED
Month, as shown on the card.
Months are numbered January=1, through to December=12.
Data is a number between 1 and 12 represented as a string.
Digits
ALWAYS PROVIDED
Year, as shown on the card.
The Common Era year is 2000 plus this value.
Data is a string that consists of the characters 0-9.
Enumeration
ALWAYS PROVIDED
The method used by the payer to provide the funds for the payment.
You may use this information to support surcharging decisions. This information is gathered from 3rd party sources and may not be accurate in all circumstances.
Value must be a member of the following list. The values are case sensitive.
CHARGE
The payer has a line of credit with the issuer which must be paid off monthly.
CREDIT
The payer has a revolving line of credit with the issuer.
DEBIT
Funds are immediately debited from the payer's account with the issuer.
UNKNOWN
The account funding method could not be determined.
Enumeration
CONDITIONAL
The brand name used to describe a card that is recognized and accepted within its country/region of origin.
The card may also be co-branded with a brand name that is recognized and accepted globally (see card.brand).
You may use this information to support surcharging decisions. This information is gathered from 3rd party sources and may not be accurate in all circumstances.
Value must be a member of the following list. The values are case sensitive.
BANAMEX_COSTCO
Banamex Costco (Mexico)
BANKAXEPT
BankAxept (Norway)
CARNET
Carnet (Mexico)
CARTE_BANCAIRE
Carte Bancaire (France)
COSTCO_MEMBER_CREDIT
Costco Member Credit
EBT
Electronic Benefit Transfer (USA)
EFTPOS
Eftpos(Aus)
ELO
Elo (Brazil)
FARMERS
Farmers Card (New Zealand)
GIROCARD_JCB
Girocard (JCB)
GIROCARD_MAESTRO
Girocard (Maestro)
GIROCARD_VISA
Girocard (Visa)
LASER
Laser (Ireland)
OTHER
Other local card brand
PAGOBANCOMAT
PagoBANCOMAT (Italy)
Q_CARD
Q Card (New Zealand)
SORIANA
Soriana (Mexico)
TRUE_REWARDS
True Rewards (New Zealand)
Masked digits
CONDITIONAL
The account number embossed onto the card.
The number will be masked according to your masking settings and how you authenticated your call to the API.
If you authenticated using certificate authentication, then your masking settings will be used. This allows you to return unmasked card numbers if you have chosen not to apply masking.
If you authenticated to the API by a means other than certificate authentication, then the card number will be returned with your masking settings or 6.4; whichever is more restrictive for example, 000000xxxxxx0000.
Data is a string that consists of the characters 0-9, plus 'x' for masking
Enumeration
CONDITIONAL
The organization that owns a card brand and defines operating regulations for its use.
The card scheme also controls authorization and settlement of card transactions among issuers and acquirers.
Value must be a member of the following list. The values are case sensitive.
AMEX
American Express
CHINA_UNIONPAY
China UnionPay
DINERS_CLUB
Diners Club
DISCOVER
Discover
JCB
JCB (Japan Credit Bureau)
MASTERCARD
MasterCard
OTHER
The scheme of the card used in the transaction could not be identified.
RUPAY
RuPay
UATP
UATP (Universal Air Travel Plan)
VISA
Visa
Enumeration
CONDITIONAL
The payment method your payer has chosen for this payment.
Value must be a member of the following list. The values are case sensitive.
CARD
The customer selected to pay using a credit or debit card. The payer's card details must be provided.
Enumeration
CONDITIONAL
The payment method your payer has chosen for this payment.
Value must be a member of the following list. The values are case sensitive.
CARD
The customer selected to pay using a credit or debit card. The payer's card details must be provided.
Alphanumeric
CONDITIONAL
Uniquely identifies a card and associated details.
The format of this token id depends on the Tokenization Strategy configured for the merchant:
- RANDOM_WITH_LUHN: Token is 16 digits long, starts with 9, and is in the format of 9nnnnnnnnnnnnnnC, where n represents any number, and C represents a check digit such that the token will conform to the Luhn algorithm.
- PRESERVE_6_4: The first 6 and last 4 digits of the token are the same as the first 6 and last 4 digits of the provided card number, middle digits are randomized, the token id does NOT conform to Luhn algorithm.
- MERCHANT_PROVIDED: The merchant must supply the token id in the Save request
Data may consist of the characters 0-9, a-z, A-Z
ALWAYS PROVIDED
Details about the token.
DateTime
CONDITIONAL
The timestamp indicating the time the token was last updated
An instant in time expressed in ISO8601 date + time format - "YYYY-MM-DDThh:mm:ss.SSSZ"
Alphanumeric + additional characters
CONDITIONAL
The merchant identifier of the merchant that last updated the token
Data may consist of the characters 0-9, a-z, A-Z, '-', '_'
DateTime
CONDITIONAL
The timestamp indicating the time the gateway considers the token to have been last used for an order
An instant in time expressed in ISO8601 date + time format - "YYYY-MM-DDThh:mm:ss.SSSZ"
Enumeration
CONDITIONAL
The strategy used to verify the card details before they are stored.
If not provided, the verification strategy set on your merchant profile by your payment provider will be used.
Value must be a member of the following list. The values are case sensitive.
ACQUIRER
The gateway verifies the card details by performing an authorization for a nominal amount (for example, $1.00). The card details are sent to the acquirer for verification. This method requires your merchant profile to be configured with ""Auth Then Capture"" transaction mode.
BASIC
The gateway validates the card number format and checks if the card number falls within a valid BIN range.
NONE
The gateway does not perform card verification.
Enumeration
ALWAYS PROVIDED
A system-generated high level overall result of the operation.
Value must be a member of the following list. The values are case sensitive.
FAILURE
The operation was declined or rejected by the gateway, acquirer or issuer
PENDING
The operation is currently in progress or pending processing
SUCCESS
The operation was successfully processed
UNKNOWN
The result of the operation is unknown
Errors Copied to clipboard
Information on possible error conditions that may occur while processing an operation using the API.
Enumeration
Broadly categorizes the cause of the error.
For example, errors may occur due to invalid requests or internal system failures.
Value must be a member of the following list. The values are case sensitive.
CONSTRAINT_VIOLATION
The request was rejected due to the request parameters violating the constraints.
INVALID_REQUEST
The request was rejected because it did not conform to the API protocol.
REQUEST_REJECTED
The request was rejected due to security reasons such as firewall rules, expired certificate, etc.
SERVER_BUSY
The server did not have enough resources to process the request at the moment.
SERVER_FAILED
There was an internal system failure.
String
Textual description of the error based on the cause.
This field is returned only if the cause is INVALID_REQUEST, SERVER_BUSY or CONSTRAINT_VIOLATION.
Data can consist of any characters
String
Indicates the name of the field that failed validation or has violated the payment constraints.
This field is returned only if the cause is INVALID_REQUEST and a field level validation error was encountered; or if the cause is CONSTRAINT_VIOLATION and a field level constraint was violated.
Data can consist of any characters
String
Indicates the code that helps the support team to quickly identify the exact cause of the error.
This field is returned only if the cause is SERVER_FAILED or REQUEST_REJECTED.
Data can consist of any characters
Enumeration
Indicates the type of field validation error.
This field is returned only if the cause is INVALID_REQUEST and a field level validation error was encountered.
Value must be a member of the following list. The values are case sensitive.
INVALID
The request contained a field with a value that did not pass validation.
MISSING
The request was missing a mandatory field.
UNSUPPORTED
The request contained a field that is unsupported.
Enumeration
A system-generated high level overall result of the operation.
Value must be a member of the following list. The values are case sensitive.
ERROR
The operation resulted in an error and hence cannot be processed.