--- openapi: 3.1.0 info: title: CAS Restful API Base description: '# Description ## Changelog The full changelog can be found here: [View changelog](./changelog.html) ## Overview This is the specification for a restful API for interfacing with the CAS payment gateway and customer information vault (CIV), enabling: - purchases - preauthorisations & completions - refunds by audit - standalone refunds - voids by audit - lookups of individual transactions - credit card tokenisation This specification conforms to the [OpenAPI standard](https://spec.openapis.org/oas/v3.1.0). There exist a number of tools to generate code stubs from an an OpenAPI specification, such as [OpenAPI Generator](https://openapi-generator.tech/) and [Swagger Codegen](https://swagger.io/tools/swagger-codegen/). This API loosely conforms to the [HAL standard](https://stateless.group/hal\_specification.html). The only deviation from HAL is that the link relation types used in the `_links` response fields have been simplified without the use of CURIES. The API is only intended for use by a backend server. It should not be used by the frontend of a website. Please contact CAS if you have any questions or for frontend payment and tokenisation options. ## Correlation IDs In every request made to the API (other than lookups), a correlation ID must be supplied by the client. This ID should be uniquely generated for each request. Every response for these operations (again excepting lookups) will contain the correlation ID of the corresponding request. This allows for asynchronous requests to be matched with their responses on the client side. ### Transactions Correlation IDs perform an additional role of ensuring idempotency in the case of transaction operations. For transaction operations, correlation IDs **must** at least be uniquely generated for each merchant ID, although it is recommended to use a globally unique format such as UUID. If a transaction request times out or recieves a `5XX` response, the correlation ID can be used to identify and lookup the status of any transaction that may have been created by the request. If that lookup returns a `404` Not Found response, the original transaction was not processed and it is safe to be retried (remember to use a different X-Correlation-Id). Note that while the correlation ID can temporarily be used to identify a transaction, it is only cached in the gateway for a limited time (usually 24 hours). In all normal cases, the audit should be used to identify a transaction. ### Tokenisation As tokenisation operations are much lower risk than transaction operations, correlation IDs cannot be used in the same way. If the server times out or a `5XX` response is recieved, simply perform a lookup on the relevant endpoint to see whether the previous request succeeded or not. For example, if a `POST` request to `/customers` returns a `5XX` HTTP status code or times out, make a `GET` request to `/customers`, optionally searching by the details of the new customer, to see whether or not the new customer was created. ## Character sets The API only accepts a restricted set of ASCII characters in all string fields, as shown in the `pattern` validation of this specification. Accepted characters include all lower and upper case letters, all numeric digits, the space character, and the following punctuation: ``!#$%&()*+,-./:;<=>?@[]^_`{|}~``. The X-Correlation-Id field has a more restricted character set, excluding most punctuation and the space character. KVP key names have a more restricted character set again, allowing only letters, digits and the underscore ( \_ ) and period ( . ) characters. ## API Versioning The API will be updated over time to fix issues and introduce new functionality. To reflect this, each version is given a version number comprised of three parts: major, minor, and patch version. - A major update is one in which existing functionality of the API is changed or removed in a breaking way as defined below. - A minor update is one in which new functionality is introduced or existing functionality is augmented in non-breaking ways. - A patch update is one in which only minor or error fixing changes are made. For example, the version number 1.4.2 denotes major version 1, minor version 4, and patch 2. The major version number of the API is reflected in the URI. For example, the major version 1 of the API will use a URI similar to `http://api.cardaccess.com.au/live/etx/txn/v1`. Updates to the API are separated into non-breaking and breaking changes depending on how they affect the functionality of the API; see below for their definitions. Non-breaking changes involve changing only the minor or patch version numbers; these changes may be applied to the API at any time and do not require introducing a new URI. Breaking changes will always be associated with changing the major version number, and thus using a different URI to the previous version. When a breaking change is introduced, the previous major version of the API will continue to be supported for a reasonable period of time. Clients will be notified of the date after which the old version will no longer be available and that a new version has been released. ## Non-breaking changes Non breaking changes may be implemented on existing versions of this API. Clients should ensure that their applications can handle the following types of non-breaking change without prior notice: #### Endpoints - Addition of a new endpoint. - Addition of a new HTTP method to an existing endpoint. - Addition of a new optional query parameter to an existing HTTP method. - Update of an existing query parameter from required to optional. #### Request body - Addition of a new optional field. - Addition of a new supported value in an existing field. - Update of an existing field from required to optional. #### Response body - Addition of a new field. - Addition of a new value to an existing field where no definitive list of values has previously been specified. - Addition of a new value to an existing field where a definitive list of values has been specified and one of the specified values is `unknown` or `Unknown`. In this case, the client application should treat any unrecognised value as being equivalent to `unknown` or `Unknown`. - A value of `-99` in `status.gateway_status_code` is considered equivalent to `unknown`, and so addition of a new supported value to this field is considered non-breaking. An unrecognised value for this field should be treated as equivalent to `-99`. - Update to the value of a field ending in `_message`. Message text is intended for human interpretation; system logic should depend on the similar field ending in `_code`. - Update to the order of fields. - Update to the overall response length. #### Request header - Addition of a new optional request header. #### Response header - Addition of a new response header. #### Security - Addition of a new alternate security scheme. ## Breaking Changes Breaking changes will only be implemented in new major versions of this API. The following types of changes are considered breaking and do not need to be handled by client applications: #### Endpoints - Deletion of an existing endpoint. - Deletion of an existing HTTP method from an existing endpoint. - Addition of a new required query string parameter to an existing HTTP method. #### Request body - Addition of a new required field. - Deletion of a field. - Deletion of a supported value in an existing field. - Update to the minimum or maximum length of a field or field name where a minimum or maximum length has previously been specified. - Update to the type of an existing field. - Update to the format or pattern of an existing field where a format or pattern has previously been specified. #### Response body - Deletion of a field. - Addition of a new supported value for an existing field where a definitive list of values has previously been specified and none of the specified values are `unknown` or `Unknown`. - A value of `-99` in `status.gateway_status_code` is considered equivalent to `unknown`, and so addition of a new supported value to this field is considered *non-breaking*. - Update to the minimum or maximum length of a field or field name where a minimum or maximum length has previously been specified. - Update to the type of an existing field. - Update to the format or pattern of an existing field where a format or pattern has previously been specified. #### Request header - Addition of a new required request header. #### Response header - Deletion of a response header. #### Response status code - Addition of a new HTTP status code response. - Deletion of an existing HTTP status code response. #### Security - Addition of a new required security scheme. - Update to an existing security scheme. - Deletion of an existing security scheme. #### Other - Addition of any new request validation which changes the logic of the API. For example, a new validation which changes whether a request is accepted or rejected is considered a breaking change. ## Plugins The behaviour of the API can be modified in fixed ways using plugins. Please contact CAS if you want to enable or configure any of these plugins. ### Transaction Surcharges Set a percentage surcharge to be added onto any payment transactions (purchases, preauthorisations and completions). The surcharge can be configured as a default percentage or specified for each payment method and card type. In addition to modifying the total amount of the transaction, the following KVPs are added to describe the surcharge details: | Key | Example | Description | | :------------------------------------------ | :------ | :------------------------------------------------------- | | `CAS.REQUEST.KVP.SURCHARGE.ORIGINAL_AMOUNT` | `2000` | Original amount in cents as submitted in the transaction | | `CAS.REQUEST.KVP.SURCHARGE.PERCENT` | `1.5` | Percentage surcharge configured for this card type | | `CAS.REQUEST.KVP.SURCHARGE.ADDED_AMOUNT` | `30` | Surcharge amount in cents | | `CAS.REQUEST.KVP.SURCHARGE.TOTAL_AMOUNT` | `2030` | Total amount in cents including surcharge | ' contact: email: techsupport@cardaccess.com.au license: name: Apache 2.0 url: http://www.apache.org/licenses/LICENSE-2.0.html version: 1.1.0 servers: - url: http://localhost:8090 description: Local development server. - url: https://api.cardaccess.com.au/test/etx/txn/v1 description: Sandbox (test) server. - url: https://api.cardaccess.com.au/live/etx/txn/v1 description: Live server paths: /customers: get: tags: - Tokenisation summary: Search customers description: 'Search customers by partial match on customer name and/or reference, or simply show all customers. This operation makes use of pagination. The `limit` query parameter may be specified to change the number of results per page. The `offset` query parameter may also be specified to return a different page of results, although it is recommended to use the `_links.next.href` link to browse the next pages instead of manipulating `offset` directly. This link will not be present when there are no more results to show.' operationId: customer_search security: - HTTPBasic: [] parameters: - name: merchant_id in: query required: false schema: type: integer maximum: 2147483647 minimum: 1 description: 'Merchant ID from which to access customer data. Defaults to the merchant ID to which your user is assigned. This field can be a source of `403: Forbidden` errors if improperly set. Most merchants should use the default; please contact CAS if you are unsure of your merchant ID configuration or require assistance.' examples: - 2004 - name: ordering in: query required: false schema: enum: - name - customer_id - reference type: string description: Ordering key. default: name title: Ordering description: Ordering key. - name: name in: query required: false schema: type: string minLength: 1 maxLength: 60 pattern: ^[a-zA-Z0-9!#\$%&\(\)\*\+,\-\./:;<=>\?@\[\]\^_`\{\|\}~ ]*$ description: Customer name (partial match). examples: - John Smith - name: reference in: query required: false schema: type: string minLength: 1 maxLength: 50 pattern: ^[a-zA-Z0-9!#\$%&\(\)\*\+,\-\./:;<=>\?@\[\]\^_`\{\|\}~ ]*$ description: Customer reference (partial match). examples: - 078dec88-a5bf-4cfd-85bd-7a1974ae3712 - name: limit in: query required: false schema: type: integer maximum: 100 minimum: 1 description: Number of results to show per page. default: 100 title: Limit description: Number of results to show per page. - name: offset in: query required: false schema: type: integer maximum: 2147483547 minimum: 0 description: 'Number of results to be omitted from the response before accumulating results up to the page limit.' default: 0 title: Offset description: 'Number of results to be omitted from the response before accumulating results up to the page limit.' - name: x-correlation-id in: header required: true schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ description: 'Correlation ID. Must be uniquely generated for each request. Uniquely identifies this request-response pair. In operations which create a transaction, it also ensures idempotency.' examples: - 48ac4691-c203-4391-a5cc-52285b8f9c15 title: X-Correlation-Id description: 'Correlation ID. Must be uniquely generated for each request. Uniquely identifies this request-response pair. In operations which create a transaction, it also ensures idempotency.' example: 48ac4691-c203-4391-a5cc-52285b8f9c15 responses: '200': description: Search complete content: application/json: schema: $ref: '#/components/schemas/CustomerSearchResponse' headers: x-correlation-id: description: The correlation ID that was submitted in the request headers. required: true example: 48ac4691-c203-4391-a5cc-52285b8f9c15 schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ '400': description: Missing X-Correlation-Id header content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' default: description: The request was invalid (4XX) or an error occurred (5XX) headers: x-correlation-id: description: The correlation ID that was submitted in the request headers. required: true example: 48ac4691-c203-4391-a5cc-52285b8f9c15 schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' post: tags: - Tokenisation summary: Lookup or create customer description: 'Lookup or create a customer. If the `reference` field matches an existing customer, no customer will be created and the details of the matching customer will be returned in the response instead. Note that the existing customer may not have the same name as given in the request; in this case, the existing name will be preserved and the new name will be ignored' operationId: customer_create security: - HTTPBasic: [] parameters: - name: merchant_id in: query required: false schema: type: integer maximum: 2147483647 minimum: 1 description: 'Merchant ID from which to access customer data. Defaults to the merchant ID to which your user is assigned. This field can be a source of `403: Forbidden` errors if improperly set. Most merchants should use the default; please contact CAS if you are unsure of your merchant ID configuration or require assistance.' examples: - 2004 - name: x-correlation-id in: header required: true schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ description: 'Correlation ID. Must be uniquely generated for each request. Uniquely identifies this request-response pair. In operations which create a transaction, it also ensures idempotency.' examples: - 48ac4691-c203-4391-a5cc-52285b8f9c15 title: X-Correlation-Id description: 'Correlation ID. Must be uniquely generated for each request. Uniquely identifies this request-response pair. In operations which create a transaction, it also ensures idempotency.' example: 48ac4691-c203-4391-a5cc-52285b8f9c15 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CustomersPost' responses: '201': description: Customer successfully created content: application/json: schema: $ref: '#/components/schemas/CustomerResponse' headers: x-correlation-id: description: The correlation ID that was submitted in the request headers. required: true example: 48ac4691-c203-4391-a5cc-52285b8f9c15 schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ '200': description: Customer found headers: x-correlation-id: description: The correlation ID that was submitted in the request headers. required: true example: 48ac4691-c203-4391-a5cc-52285b8f9c15 schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ content: application/json: schema: $ref: '#/components/schemas/CustomerResponse' '400': description: Missing X-Correlation-Id header content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' default: description: The request was invalid (4XX) or an error occurred (5XX) headers: x-correlation-id: description: The correlation ID that was submitted in the request headers. required: true example: 48ac4691-c203-4391-a5cc-52285b8f9c15 schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' /customers/{customer_id}: get: tags: - Tokenisation summary: Lookup customer description: Lookup the details of a customer. operationId: customer_lookup security: - HTTPBasic: [] parameters: - name: customer_id in: path required: true schema: type: integer maximum: 2147483647 minimum: 1 description: Customer ID. examples: - 34567 title: Customer Id description: Customer ID. - name: merchant_id in: query required: false schema: type: integer maximum: 2147483647 minimum: 1 description: 'Merchant ID from which to access customer data. Defaults to the merchant ID to which your user is assigned. This field can be a source of `403: Forbidden` errors if improperly set. Most merchants should use the default; please contact CAS if you are unsure of your merchant ID configuration or require assistance.' examples: - 2004 - name: x-correlation-id in: header required: true schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ description: 'Correlation ID. Must be uniquely generated for each request. Uniquely identifies this request-response pair. In operations which create a transaction, it also ensures idempotency.' examples: - 48ac4691-c203-4391-a5cc-52285b8f9c15 title: X-Correlation-Id description: 'Correlation ID. Must be uniquely generated for each request. Uniquely identifies this request-response pair. In operations which create a transaction, it also ensures idempotency.' example: 48ac4691-c203-4391-a5cc-52285b8f9c15 responses: '200': description: Found customer content: application/json: schema: $ref: '#/components/schemas/CustomerResponse' headers: x-correlation-id: description: The correlation ID that was submitted in the request headers. required: true example: 48ac4691-c203-4391-a5cc-52285b8f9c15 schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ '400': description: Missing X-Correlation-Id header content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' default: description: The request was invalid (4XX) or an error occurred (5XX) headers: x-correlation-id: description: The correlation ID that was submitted in the request headers. required: true example: 48ac4691-c203-4391-a5cc-52285b8f9c15 schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' patch: tags: - Tokenisation summary: Update customer description: Update the details of a customer. operationId: customer_update security: - HTTPBasic: [] parameters: - name: customer_id in: path required: true schema: type: integer maximum: 2147483647 minimum: 1 description: Customer ID. examples: - 34567 title: Customer Id description: Customer ID. - name: merchant_id in: query required: false schema: type: integer maximum: 2147483647 minimum: 1 description: 'Merchant ID from which to access customer data. Defaults to the merchant ID to which your user is assigned. This field can be a source of `403: Forbidden` errors if improperly set. Most merchants should use the default; please contact CAS if you are unsure of your merchant ID configuration or require assistance.' examples: - 2004 - name: x-correlation-id in: header required: true schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ description: 'Correlation ID. Must be uniquely generated for each request. Uniquely identifies this request-response pair. In operations which create a transaction, it also ensures idempotency.' examples: - 48ac4691-c203-4391-a5cc-52285b8f9c15 title: X-Correlation-Id description: 'Correlation ID. Must be uniquely generated for each request. Uniquely identifies this request-response pair. In operations which create a transaction, it also ensures idempotency.' example: 48ac4691-c203-4391-a5cc-52285b8f9c15 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CustomerPatch' responses: '200': description: Customer successfully updated content: application/json: schema: $ref: '#/components/schemas/CustomerResponse' headers: x-correlation-id: description: The correlation ID that was submitted in the request headers. required: true example: 48ac4691-c203-4391-a5cc-52285b8f9c15 schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ '400': description: Missing X-Correlation-Id header content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' default: description: The request was invalid (4XX) or an error occurred (5XX) headers: x-correlation-id: description: The correlation ID that was submitted in the request headers. required: true example: 48ac4691-c203-4391-a5cc-52285b8f9c15 schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' delete: tags: - Tokenisation summary: Delete customer description: Delete a customer. operationId: customer_delete security: - HTTPBasic: [] parameters: - name: customer_id in: path required: true schema: type: integer maximum: 2147483647 minimum: 1 description: Customer ID. examples: - 34567 title: Customer Id description: Customer ID. - name: merchant_id in: query required: false schema: type: integer maximum: 2147483647 minimum: 1 description: 'Merchant ID from which to access customer data. Defaults to the merchant ID to which your user is assigned. This field can be a source of `403: Forbidden` errors if improperly set. Most merchants should use the default; please contact CAS if you are unsure of your merchant ID configuration or require assistance.' examples: - 2004 - name: x-correlation-id in: header required: true schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ description: 'Correlation ID. Must be uniquely generated for each request. Uniquely identifies this request-response pair. In operations which create a transaction, it also ensures idempotency.' examples: - 48ac4691-c203-4391-a5cc-52285b8f9c15 title: X-Correlation-Id description: 'Correlation ID. Must be uniquely generated for each request. Uniquely identifies this request-response pair. In operations which create a transaction, it also ensures idempotency.' example: 48ac4691-c203-4391-a5cc-52285b8f9c15 responses: '204': description: Customer successfully deleted headers: x-correlation-id: description: The correlation ID that was submitted in the request headers. required: true example: 48ac4691-c203-4391-a5cc-52285b8f9c15 schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ '400': description: Missing X-Correlation-Id header content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' default: description: The request was invalid (4XX) or an error occurred (5XX) headers: x-correlation-id: description: The correlation ID that was submitted in the request headers. required: true example: 48ac4691-c203-4391-a5cc-52285b8f9c15 schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' /customers/{customer_id}/tokens: get: tags: - Tokenisation summary: List tokens description: 'List tokens owned by this customer. This operation makes use of pagination. The `limit` query parameter may be specified to change the number of results per page. The `offset` query parameter may also be specified to return a different page of results, although it is recommended to use the `_links.next.href` link to browse the next pages instead of manipulating `offset` directly. This link will not be present when there are no more results to show.' operationId: token_search security: - HTTPBasic: [] parameters: - name: customer_id in: path required: true schema: type: integer maximum: 2147483647 minimum: 1 description: Customer ID. examples: - 34567 title: Customer Id description: Customer ID. - name: merchant_id in: query required: false schema: type: integer maximum: 2147483647 minimum: 1 description: 'Merchant ID from which to access customer data. Defaults to the merchant ID to which your user is assigned. This field can be a source of `403: Forbidden` errors if improperly set. Most merchants should use the default; please contact CAS if you are unsure of your merchant ID configuration or require assistance.' examples: - 2004 - name: limit in: query required: false schema: type: integer maximum: 100 minimum: 1 description: Number of results to show per page. default: 100 title: Limit description: Number of results to show per page. - name: offset in: query required: false schema: type: integer maximum: 2147483547 minimum: 0 description: 'Number of results to be omitted from the response before accumulating results up to the page limit.' default: 0 title: Offset description: 'Number of results to be omitted from the response before accumulating results up to the page limit.' - name: x-correlation-id in: header required: true schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ description: 'Correlation ID. Must be uniquely generated for each request. Uniquely identifies this request-response pair. In operations which create a transaction, it also ensures idempotency.' examples: - 48ac4691-c203-4391-a5cc-52285b8f9c15 title: X-Correlation-Id description: 'Correlation ID. Must be uniquely generated for each request. Uniquely identifies this request-response pair. In operations which create a transaction, it also ensures idempotency.' example: 48ac4691-c203-4391-a5cc-52285b8f9c15 responses: '200': description: Search complete content: application/json: schema: $ref: '#/components/schemas/TokenSearchResponse' headers: x-correlation-id: description: The correlation ID that was submitted in the request headers. required: true example: 48ac4691-c203-4391-a5cc-52285b8f9c15 schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ '400': description: Missing X-Correlation-Id header content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' default: description: The request was invalid (4XX) or an error occurred (5XX) headers: x-correlation-id: description: The correlation ID that was submitted in the request headers. required: true example: 48ac4691-c203-4391-a5cc-52285b8f9c15 schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' post: tags: - Tokenisation summary: Create token description: Create a new token for this customer. operationId: token_create security: - HTTPBasic: [] parameters: - name: customer_id in: path required: true schema: type: integer maximum: 2147483647 minimum: 1 description: Customer ID. examples: - 34567 title: Customer Id description: Customer ID. - name: merchant_id in: query required: false schema: type: integer maximum: 2147483647 minimum: 1 description: 'Merchant ID from which to access customer data. Defaults to the merchant ID to which your user is assigned. This field can be a source of `403: Forbidden` errors if improperly set. Most merchants should use the default; please contact CAS if you are unsure of your merchant ID configuration or require assistance.' examples: - 2004 - name: x-correlation-id in: header required: true schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ description: 'Correlation ID. Must be uniquely generated for each request. Uniquely identifies this request-response pair. In operations which create a transaction, it also ensures idempotency.' examples: - 48ac4691-c203-4391-a5cc-52285b8f9c15 title: X-Correlation-Id description: 'Correlation ID. Must be uniquely generated for each request. Uniquely identifies this request-response pair. In operations which create a transaction, it also ensures idempotency.' example: 48ac4691-c203-4391-a5cc-52285b8f9c15 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/TokensPost' responses: '201': description: Token successfully created content: application/json: schema: $ref: '#/components/schemas/TokenResponse' headers: x-correlation-id: description: The correlation ID that was submitted in the request headers. required: true example: 48ac4691-c203-4391-a5cc-52285b8f9c15 schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ '400': description: Missing X-Correlation-Id header content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' default: description: The request was invalid (4XX) or an error occurred (5XX) headers: x-correlation-id: description: The correlation ID that was submitted in the request headers. required: true example: 48ac4691-c203-4391-a5cc-52285b8f9c15 schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' /customers/{customer_id}/tokens/{token_id}: get: tags: - Tokenisation summary: Lookup token description: Lookup the details of a token. operationId: token_lookup security: - HTTPBasic: [] parameters: - name: customer_id in: path required: true schema: type: integer maximum: 2147483647 minimum: 1 description: Customer ID. examples: - 34567 title: Customer Id description: Customer ID. - name: token_id in: path required: true schema: type: integer maximum: 2147483647 minimum: 1 description: Token ID. examples: - 456789 title: Token Id description: Token ID. - name: merchant_id in: query required: false schema: type: integer maximum: 2147483647 minimum: 1 description: 'Merchant ID from which to access customer data. Defaults to the merchant ID to which your user is assigned. This field can be a source of `403: Forbidden` errors if improperly set. Most merchants should use the default; please contact CAS if you are unsure of your merchant ID configuration or require assistance.' examples: - 2004 - name: x-correlation-id in: header required: true schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ description: 'Correlation ID. Must be uniquely generated for each request. Uniquely identifies this request-response pair. In operations which create a transaction, it also ensures idempotency.' examples: - 48ac4691-c203-4391-a5cc-52285b8f9c15 title: X-Correlation-Id description: 'Correlation ID. Must be uniquely generated for each request. Uniquely identifies this request-response pair. In operations which create a transaction, it also ensures idempotency.' example: 48ac4691-c203-4391-a5cc-52285b8f9c15 responses: '200': description: Found token content: application/json: schema: $ref: '#/components/schemas/TokenResponse' headers: x-correlation-id: description: The correlation ID that was submitted in the request headers. required: true example: 48ac4691-c203-4391-a5cc-52285b8f9c15 schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ '400': description: Missing X-Correlation-Id header content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' default: description: The request was invalid (4XX) or an error occurred (5XX) headers: x-correlation-id: description: The correlation ID that was submitted in the request headers. required: true example: 48ac4691-c203-4391-a5cc-52285b8f9c15 schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' patch: tags: - Tokenisation summary: Update token description: Update the detials of a token. operationId: token_update security: - HTTPBasic: [] parameters: - name: customer_id in: path required: true schema: type: integer maximum: 2147483647 minimum: 1 description: Customer ID. examples: - 34567 title: Customer Id description: Customer ID. - name: token_id in: path required: true schema: type: integer maximum: 2147483647 minimum: 1 description: Token ID. examples: - 456789 title: Token Id description: Token ID. - name: merchant_id in: query required: false schema: type: integer maximum: 2147483647 minimum: 1 description: 'Merchant ID from which to access customer data. Defaults to the merchant ID to which your user is assigned. This field can be a source of `403: Forbidden` errors if improperly set. Most merchants should use the default; please contact CAS if you are unsure of your merchant ID configuration or require assistance.' examples: - 2004 - name: x-correlation-id in: header required: true schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ description: 'Correlation ID. Must be uniquely generated for each request. Uniquely identifies this request-response pair. In operations which create a transaction, it also ensures idempotency.' examples: - 48ac4691-c203-4391-a5cc-52285b8f9c15 title: X-Correlation-Id description: 'Correlation ID. Must be uniquely generated for each request. Uniquely identifies this request-response pair. In operations which create a transaction, it also ensures idempotency.' example: 48ac4691-c203-4391-a5cc-52285b8f9c15 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/TokenPatch' responses: '200': description: Token successfully updated content: application/json: schema: $ref: '#/components/schemas/TokenResponse' headers: x-correlation-id: description: The correlation ID that was submitted in the request headers. required: true example: 48ac4691-c203-4391-a5cc-52285b8f9c15 schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ '400': description: Missing X-Correlation-Id header content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' default: description: The request was invalid (4XX) or an error occurred (5XX) headers: x-correlation-id: description: The correlation ID that was submitted in the request headers. required: true example: 48ac4691-c203-4391-a5cc-52285b8f9c15 schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' delete: tags: - Tokenisation summary: Delete token description: Delete a token. operationId: token_delete security: - HTTPBasic: [] parameters: - name: customer_id in: path required: true schema: type: integer maximum: 2147483647 minimum: 1 description: Customer ID. examples: - 34567 title: Customer Id description: Customer ID. - name: token_id in: path required: true schema: type: integer maximum: 2147483647 minimum: 1 description: Token ID. examples: - 456789 title: Token Id description: Token ID. - name: merchant_id in: query required: false schema: type: integer maximum: 2147483647 minimum: 1 description: 'Merchant ID from which to access customer data. Defaults to the merchant ID to which your user is assigned. This field can be a source of `403: Forbidden` errors if improperly set. Most merchants should use the default; please contact CAS if you are unsure of your merchant ID configuration or require assistance.' examples: - 2004 - name: x-correlation-id in: header required: true schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ description: 'Correlation ID. Must be uniquely generated for each request. Uniquely identifies this request-response pair. In operations which create a transaction, it also ensures idempotency.' examples: - 48ac4691-c203-4391-a5cc-52285b8f9c15 title: X-Correlation-Id description: 'Correlation ID. Must be uniquely generated for each request. Uniquely identifies this request-response pair. In operations which create a transaction, it also ensures idempotency.' example: 48ac4691-c203-4391-a5cc-52285b8f9c15 responses: '204': description: Token successfully deleted headers: x-correlation-id: description: The correlation ID that was submitted in the request headers. required: true example: 48ac4691-c203-4391-a5cc-52285b8f9c15 schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ '400': description: Missing X-Correlation-Id header content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' default: description: The request was invalid (4XX) or an error occurred (5XX) headers: x-correlation-id: description: The correlation ID that was submitted in the request headers. required: true example: 48ac4691-c203-4391-a5cc-52285b8f9c15 schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' /transactions/{audit}: get: tags: - Transactions summary: Lookup by audit description: Lookup the details of an existing transaction. operationId: transaction_lookup security: - HTTPBasic: [] parameters: - name: audit in: path required: true schema: type: integer maximum: 2147483647 minimum: 1 description: Audit of the transaction. examples: - 123456 title: Audit description: Audit of the transaction. - name: x-correlation-id in: header required: true schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ description: 'Correlation ID. Must be uniquely generated for each request. Uniquely identifies this request-response pair. In operations which create a transaction, it also ensures idempotency.' examples: - 48ac4691-c203-4391-a5cc-52285b8f9c15 title: X-Correlation-Id description: 'Correlation ID. Must be uniquely generated for each request. Uniquely identifies this request-response pair. In operations which create a transaction, it also ensures idempotency.' example: 48ac4691-c203-4391-a5cc-52285b8f9c15 responses: '200': description: Transaction found content: application/json: schema: $ref: '#/components/schemas/TransactionLookupResponse' headers: x-correlation-id: description: The correlation ID that was submitted in the request headers. required: true example: 48ac4691-c203-4391-a5cc-52285b8f9c15 schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ '400': description: Missing X-Correlation-Id header content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' default: description: The request was invalid (4XX) or an error occurred (5XX) headers: x-correlation-id: description: The correlation ID that was submitted in the request headers. required: true example: 48ac4691-c203-4391-a5cc-52285b8f9c15 schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' /transactions: get: tags: - Transactions summary: Search by correlation ID description: 'Search existing transactions by a recent correlation ID. Transactions can only be searched in this way while the correlation ID is cached, usually for 24 hours. If no such transaction is found, an empty array will be returned with HTTP status code `200`. Consider this operation to be a search that can return at most one result.' operationId: transaction_search security: - HTTPBasic: [] parameters: - name: merchant_id in: query required: true schema: type: integer maximum: 2147483647 minimum: 1 description: Merchant ID. examples: - 2004 title: Merchant Id description: Merchant ID. - name: correlation_id_lookup in: query required: true schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ description: Correlation ID of the request to lookup. examples: - 48ac4691-c203-4391-a5cc-52285b8f9c15 title: Correlation Id Lookup description: Correlation ID of the request to lookup. - name: x-correlation-id in: header required: true schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ description: 'Correlation ID. Must be uniquely generated for each request. Uniquely identifies this request-response pair. In operations which create a transaction, it also ensures idempotency.' examples: - 48ac4691-c203-4391-a5cc-52285b8f9c15 title: X-Correlation-Id description: 'Correlation ID. Must be uniquely generated for each request. Uniquely identifies this request-response pair. In operations which create a transaction, it also ensures idempotency.' example: 48ac4691-c203-4391-a5cc-52285b8f9c15 responses: '200': description: Search complete content: application/json: schema: $ref: '#/components/schemas/TransactionSearchResponse' headers: x-correlation-id: description: The correlation ID that was submitted in the request headers. required: true example: 48ac4691-c203-4391-a5cc-52285b8f9c15 schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ '400': description: Missing X-Correlation-Id header content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' default: description: The request was invalid (4XX) or an error occurred (5XX) headers: x-correlation-id: description: The correlation ID that was submitted in the request headers. required: true example: 48ac4691-c203-4391-a5cc-52285b8f9c15 schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' /transactions/purchase: post: tags: - Transactions summary: Purchase description: Make a purchase request. operationId: purchase_request security: - HTTPBasic: [] parameters: - name: x-correlation-id in: header required: true schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ description: 'Correlation ID. Must be uniquely generated for each request. Uniquely identifies this request-response pair. In operations which create a transaction, it also ensures idempotency.' examples: - 48ac4691-c203-4391-a5cc-52285b8f9c15 title: X-Correlation-Id description: 'Correlation ID. Must be uniquely generated for each request. Uniquely identifies this request-response pair. In operations which create a transaction, it also ensures idempotency.' example: 48ac4691-c203-4391-a5cc-52285b8f9c15 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/PurchasePost' responses: '201': description: Purchase request processed. content: application/json: schema: $ref: '#/components/schemas/TransactionRefundableResponse' headers: x-correlation-id: description: The correlation ID that was submitted in the request headers. required: true example: 48ac4691-c203-4391-a5cc-52285b8f9c15 schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ '400': description: Missing X-Correlation-Id header content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' default: description: The request was invalid (4XX) or an error occurred (5XX) headers: x-correlation-id: description: The correlation ID that was submitted in the request headers. required: true example: 48ac4691-c203-4391-a5cc-52285b8f9c15 schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' /transactions/preauthorisation: post: tags: - Transactions summary: Preauthorisation description: Make a preauthorisation request. operationId: preauthorisation_request security: - HTTPBasic: [] parameters: - name: x-correlation-id in: header required: true schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ description: 'Correlation ID. Must be uniquely generated for each request. Uniquely identifies this request-response pair. In operations which create a transaction, it also ensures idempotency.' examples: - 48ac4691-c203-4391-a5cc-52285b8f9c15 title: X-Correlation-Id description: 'Correlation ID. Must be uniquely generated for each request. Uniquely identifies this request-response pair. In operations which create a transaction, it also ensures idempotency.' example: 48ac4691-c203-4391-a5cc-52285b8f9c15 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/PreauthorisationPost' responses: '201': description: Preauthorisation request processed. content: application/json: schema: $ref: '#/components/schemas/TransactionPreauthorisationResponse' headers: x-correlation-id: description: The correlation ID that was submitted in the request headers. required: true example: 48ac4691-c203-4391-a5cc-52285b8f9c15 schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ '400': description: Missing X-Correlation-Id header content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' default: description: The request was invalid (4XX) or an error occurred (5XX) headers: x-correlation-id: description: The correlation ID that was submitted in the request headers. required: true example: 48ac4691-c203-4391-a5cc-52285b8f9c15 schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' /transactions/{audit}/completion: post: tags: - Transactions summary: Completion description: Make a completion request on an existing preuathorisation. operationId: completion_request security: - HTTPBasic: [] parameters: - name: audit in: path required: true schema: type: integer maximum: 2147483647 minimum: 1 description: Audit of the transaction. examples: - 123456 title: Audit description: Audit of the transaction. - name: x-correlation-id in: header required: true schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ description: 'Correlation ID. Must be uniquely generated for each request. Uniquely identifies this request-response pair. In operations which create a transaction, it also ensures idempotency.' examples: - 48ac4691-c203-4391-a5cc-52285b8f9c15 title: X-Correlation-Id description: 'Correlation ID. Must be uniquely generated for each request. Uniquely identifies this request-response pair. In operations which create a transaction, it also ensures idempotency.' example: 48ac4691-c203-4391-a5cc-52285b8f9c15 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CompletionPost' responses: '201': description: Completion request processed. content: application/json: schema: $ref: '#/components/schemas/TransactionRefundableResponse' headers: x-correlation-id: description: The correlation ID that was submitted in the request headers. required: true example: 48ac4691-c203-4391-a5cc-52285b8f9c15 schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ '400': description: Missing X-Correlation-Id header content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' default: description: The request was invalid (4XX) or an error occurred (5XX) headers: x-correlation-id: description: The correlation ID that was submitted in the request headers. required: true example: 48ac4691-c203-4391-a5cc-52285b8f9c15 schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' /transactions/{audit}/refund: post: tags: - Transactions summary: Refund by audit description: 'Make a refund request on an existing transaction. Multiple partial refunds can be made on the same transaction, but the total refunded amount can never exceed the original transaction amount.' operationId: refund_by_audit_request security: - HTTPBasic: [] parameters: - name: audit in: path required: true schema: type: integer maximum: 2147483647 minimum: 1 description: Audit of the transaction. examples: - 123456 title: Audit description: Audit of the transaction. - name: x-correlation-id in: header required: true schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ description: 'Correlation ID. Must be uniquely generated for each request. Uniquely identifies this request-response pair. In operations which create a transaction, it also ensures idempotency.' examples: - 48ac4691-c203-4391-a5cc-52285b8f9c15 title: X-Correlation-Id description: 'Correlation ID. Must be uniquely generated for each request. Uniquely identifies this request-response pair. In operations which create a transaction, it also ensures idempotency.' example: 48ac4691-c203-4391-a5cc-52285b8f9c15 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/RefundByAuditPost' responses: '201': description: Refund request processed. content: application/json: schema: $ref: '#/components/schemas/TransactionVoidableResponse' headers: x-correlation-id: description: The correlation ID that was submitted in the request headers. required: true example: 48ac4691-c203-4391-a5cc-52285b8f9c15 schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ '400': description: Missing X-Correlation-Id header content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' default: description: The request was invalid (4XX) or an error occurred (5XX) headers: x-correlation-id: description: The correlation ID that was submitted in the request headers. required: true example: 48ac4691-c203-4391-a5cc-52285b8f9c15 schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' /transactions/refund: post: tags: - Transactions summary: Standalone refund description: 'Make a refund request without reference to a previous transaction. This operation is not recommended, as without reference to the original transaction it is possible to refund more than the original amount. Instead, [refund by audit](#tag/Transactions/operation/refund_by_audit_request) is recommended.' operationId: refund_standalone_request security: - HTTPBasic: [] parameters: - name: x-correlation-id in: header required: true schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ description: 'Correlation ID. Must be uniquely generated for each request. Uniquely identifies this request-response pair. In operations which create a transaction, it also ensures idempotency.' examples: - 48ac4691-c203-4391-a5cc-52285b8f9c15 title: X-Correlation-Id description: 'Correlation ID. Must be uniquely generated for each request. Uniquely identifies this request-response pair. In operations which create a transaction, it also ensures idempotency.' example: 48ac4691-c203-4391-a5cc-52285b8f9c15 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/RefundStandalonePost' responses: '201': description: Refund request processed. content: application/json: schema: $ref: '#/components/schemas/TransactionVoidableResponse' headers: x-correlation-id: description: The correlation ID that was submitted in the request headers. required: true example: 48ac4691-c203-4391-a5cc-52285b8f9c15 schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ '400': description: Missing X-Correlation-Id header content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' default: description: The request was invalid (4XX) or an error occurred (5XX) headers: x-correlation-id: description: The correlation ID that was submitted in the request headers. required: true example: 48ac4691-c203-4391-a5cc-52285b8f9c15 schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' /transactions/{audit}/void: post: tags: - Transactions summary: Void description: Make a void request on an existing transaction. operationId: void_request security: - HTTPBasic: [] parameters: - name: audit in: path required: true schema: type: integer maximum: 2147483647 minimum: 1 description: Audit of the transaction. examples: - 123456 title: Audit description: Audit of the transaction. - name: x-correlation-id in: header required: true schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ description: 'Correlation ID. Must be uniquely generated for each request. Uniquely identifies this request-response pair. In operations which create a transaction, it also ensures idempotency.' examples: - 48ac4691-c203-4391-a5cc-52285b8f9c15 title: X-Correlation-Id description: 'Correlation ID. Must be uniquely generated for each request. Uniquely identifies this request-response pair. In operations which create a transaction, it also ensures idempotency.' example: 48ac4691-c203-4391-a5cc-52285b8f9c15 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/VoidPost' responses: '201': description: Void request processed. content: application/json: schema: $ref: '#/components/schemas/TransactionVoidResponse' headers: x-correlation-id: description: The correlation ID that was submitted in the request headers. required: true example: 48ac4691-c203-4391-a5cc-52285b8f9c15 schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ '400': description: Missing X-Correlation-Id header content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' default: description: The request was invalid (4XX) or an error occurred (5XX) headers: x-correlation-id: description: The correlation ID that was submitted in the request headers. required: true example: 48ac4691-c203-4391-a5cc-52285b8f9c15 schema: type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9\+\-_:\.,]*$ content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' components: schemas: AcquirerResponse: properties: response_code: type: string maxLength: 2 minLength: 2 pattern: ^[0-9A-Z]*$ title: Response Code description: 'Acquirer response code. See acquirer_response_message for a human readable interpretation of this code. A full list of response codes can be found here: ' examples: - '00' response_message: type: string title: Response Message description: Human readable interpretation of `acquirer_response_code`. examples: - Approved settlement_date: type: string format: date description: 'Settlement date as recorded by the acquirer. May not be provided for a declined transaction.' examples: - '2024-03-26' authorisation_code: type: string maxLength: 10 minLength: 1 pattern: ^[a-zA-Z0-9!#\$%&\(\)\*\+,\-\./:;<=>\?@\[\]\^_`\{\|\}~ ]*$ description: 'Authorisation code from the acquirer. Varies wildly in composition between acquirers. Only provided for credit card transactions. May not be provided for declined transactions and directdebit payment methods.' examples: - '12345' type: object required: - response_code - response_message title: AcquirerResponse description: 'Response from the acquirer. If omitted, check `gateway_status_code` to find out whether the transaction was denied by the gateway or if an error occurred.' AcquirerResponseLookup: properties: response_code: type: string maxLength: 2 minLength: 2 pattern: ^[0-9A-Z]*$ title: Response Code description: 'Acquirer response code. See acquirer_response_message for a human readable interpretation of this code. A full list of response codes can be found here: ' examples: - '00' response_message: type: string title: Response Message description: Human readable interpretation of `acquirer_response_code`. examples: - Approved settlement_date: type: string format: date description: 'Settlement date as recorded by the acquirer. May not be provided for a declined transaction.' examples: - '2024-03-26' authorisation_code: type: string maxLength: 10 minLength: 1 pattern: ^[a-zA-Z0-9!#\$%&\(\)\*\+,\-\./:;<=>\?@\[\]\^_`\{\|\}~ ]*$ description: 'Authorisation code from the acquirer. Varies wildly in composition between acquirers. Only provided for credit card transactions. May not be provided for declined transactions and directdebit payment methods.' examples: - '12345' preauthorisation_code: type: string maxLength: 12 minLength: 1 pattern: ^[a-zA-Z0-9!#\$%&\(\)\*\+,\-\./:;<=>\?@\[\]\^_`\{\|\}~ ]*$ description: 'Preauthorisation code from the acquirer for preuathorisation transactions. Often, but not always, identical to the authorisation code. May not be provided for declined transactions.' examples: - '12345' type: object required: - response_code - response_message title: AcquirerResponseLookup description: 'Response from the acquirer. If omitted, check `gateway_status_code` to find out whether the transaction was denied by the gateway or if an error occurred.' AcquirerResponsePreauthorisation: properties: response_code: type: string maxLength: 2 minLength: 2 pattern: ^[0-9A-Z]*$ title: Response Code description: 'Acquirer response code. See acquirer_response_message for a human readable interpretation of this code. A full list of response codes can be found here: ' examples: - '00' response_message: type: string title: Response Message description: Human readable interpretation of `acquirer_response_code`. examples: - Approved settlement_date: type: string format: date description: 'Settlement date as recorded by the acquirer. May not be provided for a declined transaction.' examples: - '2024-03-26' authorisation_code: type: string maxLength: 10 minLength: 1 pattern: ^[a-zA-Z0-9!#\$%&\(\)\*\+,\-\./:;<=>\?@\[\]\^_`\{\|\}~ ]*$ description: 'Authorisation code from the acquirer. Varies wildly in composition between acquirers. May not be provided for declined transactions.' examples: - '12345' preauthorisation_code: type: string maxLength: 12 minLength: 1 pattern: ^[a-zA-Z0-9!#\$%&\(\)\*\+,\-\./:;<=>\?@\[\]\^_`\{\|\}~ ]*$ description: 'Preauthorisation code from the acquirer for preuathorisation transactions. Often, but not always, identical to the authorisation code. May not be provided for declined transactions.' examples: - '12345' type: object required: - response_code - response_message title: AcquirerResponsePreauthorisation description: 'Response from the acquirer. If omitted, check `gateway_status_code` to find out whether the transaction was denied by the gateway or if an error occurred.' AmountDetails: properties: total_amount: type: integer maximum: 2147483647.0 minimum: 1.0 title: Total Amount description: 'The total amount of the transaction in the smallest conventional unit of the currency, usually cents or equivalent. Some common currencies include cents in AUD, NZD, EUR, and USD; pence in GBP; and yen in JPY.' examples: - '500' currency: type: string maxLength: 3 minLength: 3 pattern: ^[A-Z]*$ title: Currency description: Currency expressed as an ISO 4127 alpha code. examples: - AUD type: object required: - total_amount - currency title: AmountDetails description: The amount and currency for this transaction. CASTokenDetails: properties: virtual_pan: type: string maxLength: 19 minLength: 13 pattern: ^[0-9]*$ title: Virtual Pan description: Virtual PAN identifying a tokenised customer account. examples: - '9988111111111111' type: object required: - virtual_pan title: CASTokenDetails description: The CAS token storing the customer's payment details. CASTokenDetailsObfuscated: properties: virtual_pan: type: string maxLength: 19 minLength: 13 pattern: ^[0-9X]*$ title: Virtual Pan description: Obfuscated virtual PAN identifying a tokenised customer account. examples: - 9988XXXXXXXX1111 type: object required: - virtual_pan title: CASTokenDetailsObfuscated description: The obfuscated CAS token used for the transaction. CompletionPost: properties: merchant: $ref: '#/components/schemas/Merchant' kvps: patternProperties: ^[a-zA-Z0-9\._]{1,64}$: type: string maxLength: 512 minLength: 0 pattern: ^[a-zA-Z0-9!#\$%&\(\)\*\+,\-\./:;<=>\?@\[\]\^_`\{\|\}~ ]*$ description: 'A KVP value storing miscelaneous information associated with the transaction.' examples: - Some value propertyNames: maxLength: 64 minLength: 1 type: object title: Kvps description: "KVPs associated with the transaction.\n\nKVPs submitted in\ \ a request may have the prefix `CAS.REQUEST.KVP.` prepended\nto the key\ \ by the gateway.\nFor example, if a request is submitted with the KVP\n\ `\"CUSTOMER.full_name\": \"John Smith\"`, the response will include the\ \ KVP\n`\"CAS.REQUEST.KVP.CUSTOMER.full_name\": \"John Smith\"`.\n\nEach\ \ KVP key must be at most 64 characters long and use only the following\n\ characters:\n - `A-Z`\n - `a-z`\n - `0-9`\n - `.` (period)\n - `_`\ \ (underscore)" default: {} examples: - CUSTOMER.pmt_no: '123456789' transaction: $ref: '#/components/schemas/TransactionWithAmount' type: object required: - merchant - transaction title: CompletionPost description: Body of POST to /transactions/{audit}/completion. CreditcardDetails: properties: pan: type: string maxLength: 19 minLength: 13 pattern: ^[0-9]*$ title: Pan description: Credit card number. examples: - '4000000000000002' expiry_date: type: string maxLength: 4 minLength: 4 pattern: ^(0[1-9]|1[012])[0-9]{2}$ title: Expiry Date description: Credit card expiry date in format MMYY. examples: - '0224' cvv: type: string maxLength: 4 minLength: 3 pattern: ^[0-9]*$ description: 'Card Verification Value / Card Verification Code. This is the 3 or 4 digit security code on the back of the card. Depending on the settings of your merchant ID and the preference of the acquiring bank, the CVV may or may not be required.' examples: - '567' type: object required: - pan - expiry_date title: CreditcardDetails description: The customer's credit card details. CreditcardDetailsObfuscated: properties: pan: type: string maxLength: 19 minLength: 13 pattern: ^[0-9X]*$ title: Pan description: Obfuscated credit card number. examples: - 4000XXXXXXXX0002 type: type: string enum: - VISA - MASTERCARD - AMEX - DINERS - JCB - '' title: Type description: 'Credit card type. Blank if unknown.' examples: - '' type: object required: - pan - type title: CreditcardDetailsObfuscated description: The customer's obfuscated credit card details. CustomerHyperlinks: properties: self: $ref: '#/components/schemas/Hyperlink' description: 'The hyperlink with which to [lookup the customer](#tag/Tokenisation/operation/customer_lookup).' examples: - href: http://api.cardaccess.com.au/test/etx/txn/v1/customers/34567 tokens: $ref: '#/components/schemas/Hyperlink' description: 'The hyperlink with which to [list the tokens](#tag/Tokenisation/operation/customer_lookup) owned by this customer.' examples: - href: http://api.cardaccess.com.au/test/etx/txn/v1/customers/34567/tokens type: object required: - self - tokens title: CustomerHyperlinks description: The hyperlinks associated with this customer. CustomerPatch: properties: reference: type: string maxLength: 50 minLength: 1 pattern: ^[a-zA-Z0-9!#\$%&\(\)\*\+,\-\./:;<=>\?@\[\]\^_`\{\|\}~ ]*$ description: Unique reference for the customer. examples: - 078dec88-a5bf-4cfd-85bd-7a1974ae3712 name: type: string maxLength: 60 minLength: 1 pattern: ^[a-zA-Z0-9!#\$%&\(\)\*\+,\-\./:;<=>\?@\[\]\^_`\{\|\}~ ]*$ description: Customer name. examples: - John Smith type: object title: CustomerPatch description: Body of PATCH to /customers/{customer_id}. CustomerResponse: properties: id: type: integer maximum: 2147483647.0 minimum: 1.0 title: Id description: Customer ID. examples: - 34567 name: type: string maxLength: 60 minLength: 1 pattern: ^[a-zA-Z0-9!#\$%&\(\)\*\+,\-\./:;<=>\?@\[\]\^_`\{\|\}~ ]*$ description: Customer name. examples: - John Smith reference: type: string maxLength: 50 minLength: 1 pattern: ^[a-zA-Z0-9!#\$%&\(\)\*\+,\-\./:;<=>\?@\[\]\^_`\{\|\}~ ]*$ title: Reference description: Unique reference for the customer. examples: - 078dec88-a5bf-4cfd-85bd-7a1974ae3712 _links: $ref: '#/components/schemas/CustomerHyperlinks' type: object required: - id - name - reference - _links title: CustomerResponse description: Response body of customer create, lookup and update. CustomerSearchHyperlinks: properties: self: $ref: '#/components/schemas/Hyperlink' description: The hyperlink to the current page of results. first: $ref: '#/components/schemas/Hyperlink' description: The hyperlink to the first page of results. prev: $ref: '#/components/schemas/Hyperlink' description: The hyperlink to the previous page of results. next: $ref: '#/components/schemas/Hyperlink' description: 'The hyperlink to the next page of results. If this is omitted, the results have been exhausted.' type: object required: - self - first title: CustomerSearchHyperlinks description: The hyperlinks for iterating though the pages of the search results. examples: - first: href: https://api.cardaccess.com.au/test/etx/txn/v1/customers?limit=10&offset=0 next: href: https://api.cardaccess.com.au/test/etx/txn/v1/customers?limit=10&offset=30 prev: href: https://api.cardaccess.com.au/test/etx/txn/v1/customers?limit=10&offset=10 self: href: https://api.cardaccess.com.au/test/etx/txn/v1/customers?limit=10&offset=20 CustomerSearchResponse: properties: _links: $ref: '#/components/schemas/CustomerSearchHyperlinks' results: items: $ref: '#/components/schemas/CustomerResponse' type: array title: Results description: Search results. type: object required: - _links - results title: CustomerSearchResponse description: Response body of customer search. CustomersPost: properties: reference: type: string maxLength: 50 minLength: 1 pattern: ^[a-zA-Z0-9!#\$%&\(\)\*\+,\-\./:;<=>\?@\[\]\^_`\{\|\}~ ]*$ title: Reference description: Unique reference for the customer. examples: - 078dec88-a5bf-4cfd-85bd-7a1974ae3712 name: type: string maxLength: 60 minLength: 1 pattern: ^[a-zA-Z0-9!#\$%&\(\)\*\+,\-\./:;<=>\?@\[\]\^_`\{\|\}~ ]*$ title: Name description: Customer name. examples: - John Smith type: object required: - reference - name title: CustomersPost description: Body of POST to /customers. DirectdebitDetails: properties: account_title: type: string maxLength: 32 minLength: 1 pattern: ^[a-zA-Z0-9!#\$%&\(\)\*\+,\-\./:;<=>\?@\[\]\^_`\{\|\}~ ]*$ title: Account Title description: Account title. examples: - John Smith account_bsb: type: string maxLength: 6 minLength: 6 pattern: ^[0-9]*$ title: Account Bsb description: Account BSB. examples: - '123456' account_number: type: string maxLength: 9 minLength: 8 pattern: ^[0-9]*$ title: Account Number description: Account number. examples: - '12345678' type: object required: - account_title - account_bsb - account_number title: DirectdebitDetails description: The customer's bank account details. DirectdebitDetailsObfuscated: properties: account_title: type: string maxLength: 32 minLength: 1 pattern: ^[a-zA-Z0-9!#\$%&\(\)\*\+,\-\./:;<=>\?@\[\]\^_`\{\|\}~ ]*$ title: Account Title description: Account title. examples: - John Smith account_bsb: type: string maxLength: 6 minLength: 6 pattern: ^[0-9]*$ title: Account Bsb description: Account BSB. examples: - '123456' account_number: type: string maxLength: 9 minLength: 8 pattern: ^[0-9X]*$ title: Account Number description: Obfuscated account number. examples: - XXXX5678 type: object required: - account_title - account_bsb - account_number title: DirectdebitDetailsObfuscated description: The customer's obfuscated bank account details. ErrorModel: properties: error_code: type: string title: Error Code description: Short code identifying the error. error_message: type: string title: Error Message description: Human readable error message. location: items: anyOf: - type: string - type: integer type: array minItems: 1 description: Location of the error if applicable. type: object required: - error_code - error_message title: ErrorModel description: Error model for use in error responses. ErrorResponse: properties: errors: items: $ref: '#/components/schemas/ErrorModel' type: array minItems: 1 title: Errors description: One or more errors which occurred during the handling of the the request. type: object required: - errors title: ErrorResponse description: Error response model. GeneralCreditcardRequest: properties: CARD.PAN: type: string maxLength: 19 minLength: 13 pattern: ^[0-9]*$ title: Card.Pan description: Credit card number. examples: - '4000000000000002' CARD.EXPIRY: type: string maxLength: 4 minLength: 4 pattern: ^(0[1-9]|1[012])[0-9]{2}$ title: Card.Expiry description: Credit card expiry date in format MMYY. examples: - '0224' CARD.NAME: type: string maxLength: 50 pattern: ^[a-zA-Z0-9!#\$%&\(\)\*\+,\-\./:;<=>\?@\[\]\^_`\{\|\}~ ]*$ description: Name on the card. examples: - John Smith type: object required: - CARD.PAN - CARD.EXPIRY title: GeneralCreditcardRequest description: 'Credit card details. Note that this object uses a different naming convention for compatibility reasons.' GeneralCreditcardResponse: properties: CARD.PAN: type: string maxLength: 19 minLength: 13 pattern: ^[0-9X]*$ title: Card.Pan description: Obfuscated credit card number. examples: - 4000XXXXXXXX0002 CARD.EXPIRY: type: string const: XXXX title: Card.Expiry description: Obfuscated credit card expiry date in format MMYY. CARD.NAME: type: string maxLength: 50 pattern: ^[a-zA-Z0-9!#\$%&\(\)\*\+,\-\./:;<=>\?@\[\]\^_`\{\|\}~ ]*$ title: Card.Name description: Name on the card. examples: - John Smith CARD.TYPE: type: string enum: - VISA - MASTERCARD - AMEX - DINERS - JCB - '' title: Card.Type description: 'Credit card type. Blank if unknown.' examples: - '' type: object required: - CARD.PAN - CARD.EXPIRY - CARD.NAME - CARD.TYPE title: GeneralCreditcardResponse description: 'Credit card details. Note that this object uses a different naming convention for compatibility reasons.' GeneralCreditcardUpdate: properties: CARD.PAN: type: string maxLength: 19 minLength: 13 pattern: ^[0-9]*$ description: Credit card number. examples: - '4000000000000002' CARD.EXPIRY: type: string maxLength: 4 minLength: 4 pattern: ^(0[1-9]|1[012])[0-9]{2}$ description: Credit card expiry date in format MMYY. examples: - '0224' CARD.NAME: type: string maxLength: 50 pattern: ^[a-zA-Z0-9!#\$%&\(\)\*\+,\-\./:;<=>\?@\[\]\^_`\{\|\}~ ]*$ description: Name on the card. examples: - John Smith type: object title: GeneralCreditcardUpdate description: 'Credit card details. Note that this object uses a different naming convention for compatibility reasons.' Hyperlink: properties: href: type: string minLength: 1 format: uri title: Href description: The URI of the hyperlink. examples: - http://api.cardaccess.com.au/test/etx/txn/v1/ type: object required: - href title: Hyperlink description: Hyperlink to another resource or operation. Merchant: properties: id: type: integer maximum: 2147483647.0 minimum: 1.0 title: Id description: CAS merchant ID. examples: - 2004 type: object required: - id title: Merchant description: Information describing the merchant. PaymentMethodCASToken: properties: cas_token: $ref: '#/components/schemas/CASTokenDetails' type: object required: - cas_token title: CAS token description: The payment method for this transaction. PaymentMethodCASTokenObfuscated: properties: cas_token: $ref: '#/components/schemas/CASTokenDetailsObfuscated' type: object required: - cas_token title: CAS token description: The payment method for this transaction. PaymentMethodCreditcard: properties: creditcard: $ref: '#/components/schemas/CreditcardDetails' type: object required: - creditcard title: Credit card description: The payment method for this transaction. PaymentMethodCreditcardObfuscated: properties: creditcard: $ref: '#/components/schemas/CreditcardDetailsObfuscated' type: object required: - creditcard title: Credit card description: The payment method for this transaction. PaymentMethodDirectdebit: properties: directdebit: $ref: '#/components/schemas/DirectdebitDetails' type: object required: - directdebit title: Direct debit description: The payment method for this transaction. PaymentMethodDirectdebitObfuscated: properties: directdebit: $ref: '#/components/schemas/DirectdebitDetailsObfuscated' type: object required: - directdebit title: Direct debit description: The payment method for this transaction. PreauthorisationHyperlinks: properties: self: $ref: '#/components/schemas/Hyperlink' description: 'The hyperlink with which to [lookup the transaction](#tag/Transactions/operation/transaction_lookup).' examples: - href: http://api.cardaccess.com.au/test/etx/txn/v1/transactions/123456 void: $ref: '#/components/schemas/Hyperlink' description: 'The hyperlink with which to [void the transaction](#tag/Transactions/operation/void_request).' examples: - href: http://api.cardaccess.com.au/test/etx/txn/v1/transactions/123456/void completion: $ref: '#/components/schemas/Hyperlink' description: 'The hyperlink with which to [complete the transaction](#tag/Transactions/operation/completion_request).' examples: - href: http://api.cardaccess.com.au/test/etx/txn/v1/transactions/123456/completion type: object required: - self title: PreauthorisationHyperlinks description: 'The hyperlinks to operations associated with this response. Links are generated and returned dynamically depending on the result of the transaction request. The API will attempt to return all valid links and no invalid links, but this is not guaranteed.' PreauthorisationPost: properties: merchant: $ref: '#/components/schemas/Merchant' kvps: patternProperties: ^[a-zA-Z0-9\._]{1,64}$: type: string maxLength: 512 minLength: 0 pattern: ^[a-zA-Z0-9!#\$%&\(\)\*\+,\-\./:;<=>\?@\[\]\^_`\{\|\}~ ]*$ description: 'A KVP value storing miscelaneous information associated with the transaction.' examples: - Some value propertyNames: maxLength: 64 minLength: 1 type: object title: Kvps description: "KVPs associated with the transaction.\n\nKVPs submitted in\ \ a request may have the prefix `CAS.REQUEST.KVP.` prepended\nto the key\ \ by the gateway.\nFor example, if a request is submitted with the KVP\n\ `\"CUSTOMER.full_name\": \"John Smith\"`, the response will include the\ \ KVP\n`\"CAS.REQUEST.KVP.CUSTOMER.full_name\": \"John Smith\"`.\n\nEach\ \ KVP key must be at most 64 characters long and use only the following\n\ characters:\n - `A-Z`\n - `a-z`\n - `0-9`\n - `.` (period)\n - `_`\ \ (underscore)" default: {} examples: - CUSTOMER.pmt_no: '123456789' transaction: $ref: '#/components/schemas/TransactionPreauthorisation' type: object required: - merchant - transaction title: PreauthorisationPost description: Body of POST to /transactions/preauthorisation. PurchasePost: properties: merchant: $ref: '#/components/schemas/Merchant' kvps: patternProperties: ^[a-zA-Z0-9\._]{1,64}$: type: string maxLength: 512 minLength: 0 pattern: ^[a-zA-Z0-9!#\$%&\(\)\*\+,\-\./:;<=>\?@\[\]\^_`\{\|\}~ ]*$ description: 'A KVP value storing miscelaneous information associated with the transaction.' examples: - Some value propertyNames: maxLength: 64 minLength: 1 type: object title: Kvps description: "KVPs associated with the transaction.\n\nKVPs submitted in\ \ a request may have the prefix `CAS.REQUEST.KVP.` prepended\nto the key\ \ by the gateway.\nFor example, if a request is submitted with the KVP\n\ `\"CUSTOMER.full_name\": \"John Smith\"`, the response will include the\ \ KVP\n`\"CAS.REQUEST.KVP.CUSTOMER.full_name\": \"John Smith\"`.\n\nEach\ \ KVP key must be at most 64 characters long and use only the following\n\ characters:\n - `A-Z`\n - `a-z`\n - `0-9`\n - `.` (period)\n - `_`\ \ (underscore)" default: {} examples: - CUSTOMER.pmt_no: '123456789' transaction: $ref: '#/components/schemas/TransactionWithPaymentMethod' type: object required: - merchant - transaction title: PurchasePost description: Body of POST to /transactions/purchase. RefundByAuditPost: properties: merchant: $ref: '#/components/schemas/Merchant' kvps: patternProperties: ^[a-zA-Z0-9\._]{1,64}$: type: string maxLength: 512 minLength: 0 pattern: ^[a-zA-Z0-9!#\$%&\(\)\*\+,\-\./:;<=>\?@\[\]\^_`\{\|\}~ ]*$ description: 'A KVP value storing miscelaneous information associated with the transaction.' examples: - Some value propertyNames: maxLength: 64 minLength: 1 type: object title: Kvps description: "KVPs associated with the transaction.\n\nKVPs submitted in\ \ a request may have the prefix `CAS.REQUEST.KVP.` prepended\nto the key\ \ by the gateway.\nFor example, if a request is submitted with the KVP\n\ `\"CUSTOMER.full_name\": \"John Smith\"`, the response will include the\ \ KVP\n`\"CAS.REQUEST.KVP.CUSTOMER.full_name\": \"John Smith\"`.\n\nEach\ \ KVP key must be at most 64 characters long and use only the following\n\ characters:\n - `A-Z`\n - `a-z`\n - `0-9`\n - `.` (period)\n - `_`\ \ (underscore)" default: {} examples: - CUSTOMER.pmt_no: '123456789' transaction: $ref: '#/components/schemas/TransactionWithAmount' type: object required: - merchant - transaction title: RefundByAuditPost description: Body of POST to /transactions/{audit}/refund. RefundStandalonePost: properties: merchant: $ref: '#/components/schemas/Merchant' kvps: patternProperties: ^[a-zA-Z0-9\._]{1,64}$: type: string maxLength: 512 minLength: 0 pattern: ^[a-zA-Z0-9!#\$%&\(\)\*\+,\-\./:;<=>\?@\[\]\^_`\{\|\}~ ]*$ description: 'A KVP value storing miscelaneous information associated with the transaction.' examples: - Some value propertyNames: maxLength: 64 minLength: 1 type: object title: Kvps description: "KVPs associated with the transaction.\n\nKVPs submitted in\ \ a request may have the prefix `CAS.REQUEST.KVP.` prepended\nto the key\ \ by the gateway.\nFor example, if a request is submitted with the KVP\n\ `\"CUSTOMER.full_name\": \"John Smith\"`, the response will include the\ \ KVP\n`\"CAS.REQUEST.KVP.CUSTOMER.full_name\": \"John Smith\"`.\n\nEach\ \ KVP key must be at most 64 characters long and use only the following\n\ characters:\n - `A-Z`\n - `a-z`\n - `0-9`\n - `.` (period)\n - `_`\ \ (underscore)" default: {} examples: - CUSTOMER.pmt_no: '123456789' transaction: $ref: '#/components/schemas/TransactionWithPaymentMethod' type: object required: - merchant - transaction title: RefundStandalonePost description: Body of POST to /transactions/refund. RefundableHyperlinks: properties: self: $ref: '#/components/schemas/Hyperlink' description: 'The hyperlink with which to [lookup the transaction](#tag/Transactions/operation/transaction_lookup).' examples: - href: http://api.cardaccess.com.au/test/etx/txn/v1/transactions/123456 void: $ref: '#/components/schemas/Hyperlink' description: 'The hyperlink with which to [void the transaction](#tag/Transactions/operation/void_request).' examples: - href: http://api.cardaccess.com.au/test/etx/txn/v1/transactions/123456/void refund: $ref: '#/components/schemas/Hyperlink' description: 'The hyperlink with which to [refund the transaction](#tag/Transactions/operation/refund_by_audit_request).' examples: - href: http://api.cardaccess.com.au/test/etx/txn/v1/transactions/123456/refund type: object required: - self title: RefundableHyperlinks description: 'The hyperlinks to operations associated with this response. Links are generated and returned dynamically depending on the result of the transaction request. The API will attempt to return all valid links and no invalid links, but this is not guaranteed.' Status: properties: gateway_status_code: type: integer maximum: 99.0 minimum: -99.0 title: Gateway Status Code description: "Status code from CAS; also known as scode.\nSee gateway_status_message\ \ for a human readable interpretation.\n\nCommon scodes are listed here:\n\ \ - 0: successfully handled by gateway; check acquirer response for approval\n\ \ - -9: invalid field\n - 17: gateway timed out\n - -19: denied by\ \ gateway\n - -28: denied by switch\n - 60: gateway internal error\n\ \ - -99: unknown error\n\nPositive codes denote a temporary failure;\ \ making the same request at a later\ntime may succeed. Negative codes\ \ denote a permanent failure; this request\nwill never succeed." examples: - 0 gateway_status_message: type: string title: Gateway Status Message description: Human readable interpretation of gateway_status_code. examples: - Transaction successfully processed by gateway. transaction_status_code: type: string enum: - approved - declined - pending - error title: Transaction Status Code description: 'The overall status of the transaction. `pending` is only applicable to transactions made using direct debit.' acquirer: $ref: '#/components/schemas/AcquirerResponse' type: object required: - gateway_status_code - gateway_status_message - transaction_status_code title: Status description: The status of the transaction. StatusLookup: properties: gateway_status_code: type: integer maximum: 99.0 minimum: -99.0 title: Gateway Status Code description: "Status code from CAS; also known as scode.\nSee gateway_status_message\ \ for a human readable interpretation.\n\nCommon scodes are listed here:\n\ \ - 0: successfully handled by gateway; check acquirer response for approval\n\ \ - -9: invalid field\n - 17: gateway timed out\n - -19: denied by\ \ gateway\n - -28: denied by switch\n - 60: gateway internal error\n\ \ - -99: unknown error\n\nPositive codes denote a temporary failure;\ \ making the same request at a later\ntime may succeed. Negative codes\ \ denote a permanent failure; this request\nwill never succeed." examples: - 0 gateway_status_message: type: string title: Gateway Status Message description: Human readable interpretation of gateway_status_code. examples: - Transaction successfully processed by gateway. transaction_status_code: type: string enum: - approved - declined - pending - error - voided - reversed title: Transaction Status Code description: 'The overall status of the transaction. `pending` is only applicable to transactions made using direct debit.' acquirer: $ref: '#/components/schemas/AcquirerResponseLookup' type: object required: - gateway_status_code - gateway_status_message - transaction_status_code title: StatusLookup description: The status of the transaction. StatusPreauthorisation: properties: gateway_status_code: type: integer maximum: 99.0 minimum: -99.0 title: Gateway Status Code description: "Status code from CAS; also known as scode.\nSee gateway_status_message\ \ for a human readable interpretation.\n\nCommon scodes are listed here:\n\ \ - 0: successfully handled by gateway; check acquirer response for approval\n\ \ - -9: invalid field\n - 17: gateway timed out\n - -19: denied by\ \ gateway\n - -28: denied by switch\n - 60: gateway internal error\n\ \ - -99: unknown error\n\nPositive codes denote a temporary failure;\ \ making the same request at a later\ntime may succeed. Negative codes\ \ denote a permanent failure; this request\nwill never succeed." examples: - 0 gateway_status_message: type: string title: Gateway Status Message description: Human readable interpretation of gateway_status_code. examples: - Transaction successfully processed by gateway. transaction_status_code: type: string enum: - approved - declined - pending - error title: Transaction Status Code description: 'The overall status of the transaction. `pending` is only applicable to transactions made using direct debit.' acquirer: $ref: '#/components/schemas/AcquirerResponsePreauthorisation' type: object required: - gateway_status_code - gateway_status_message - transaction_status_code title: StatusPreauthorisation description: The status of the transaction. TokenAccountRequest: properties: general_creditcard: $ref: '#/components/schemas/GeneralCreditcardRequest' type: object required: - general_creditcard title: TokenAccountRequest description: 'Tokenised account. CAS supports a number of different tokenisation account types. Please contact CAS if you would like to store and use information other than credit card details.' TokenAccountResponse: properties: general_creditcard: $ref: '#/components/schemas/GeneralCreditcardResponse' type: object required: - general_creditcard title: TokenAccountResponse description: 'Tokenised account. CAS supports a number of different tokenisation account types. Please contact CAS if you would like to store and use information other than credit card details.' TokenAccountUpdate: properties: general_creditcard: $ref: '#/components/schemas/GeneralCreditcardUpdate' type: object required: - general_creditcard title: TokenAccountUpdate description: 'Tokenised account. CAS supports a number of different tokenisation account types. Please contact CAS if you would like to store and use information other than credit card details.' TokenHyperlinks: properties: self: $ref: '#/components/schemas/Hyperlink' description: 'The hyperlink with which to [lookup the token](#tag/Tokenisation/operation/token_lookup).' examples: - href: http://api.cardaccess.com.au/test/etx/txn/v1/customers/34567/tokens/456789 customer: $ref: '#/components/schemas/Hyperlink' description: 'The hyperlink with which to [lookup the customer](#tag/Tokenisation/operation/customer_lookup) that owns this token.' examples: - href: http://api.cardaccess.com.au/test/etx/txn/v1/customers/34567 type: object required: - self - customer title: TokenHyperlinks description: The hyperlinks associated with this token. TokenPatch: properties: preferred_name: type: string maxLength: 50 minLength: 1 pattern: ^[a-zA-Z0-9!#\$%&\(\)\*\+,\-\./:;<=>\?@\[\]\^_`\{\|\}~ ]*$ description: 'Unique name of the token. This must be unique per customer.' examples: - b327170c-6a9f-4f34-b32a-7202f7e52aae active: type: boolean description: Whether or not this token is active. account: $ref: '#/components/schemas/TokenAccountUpdate' type: object title: TokenPatch description: Body of PATCH to /customers/{customer_id}/tokens/{token_id}. TokenResponse: properties: id: type: integer maximum: 2147483647.0 minimum: 1.0 title: Id description: Token account ID. examples: - '456789' virtual_pan: type: string maxLength: 19 minLength: 13 pattern: ^[0-9]*$ title: Virtual Pan description: Virtual PAN identifying a tokenised customer account. examples: - '9988111111111111' preferred_name: type: string maxLength: 50 minLength: 1 pattern: ^[a-zA-Z0-9!#\$%&\(\)\*\+,\-\./:;<=>\?@\[\]\^_`\{\|\}~ ]*$ title: Preferred Name description: 'Unique name of the token. This must be unique per customer.' examples: - b327170c-6a9f-4f34-b32a-7202f7e52aae active: type: boolean title: Active description: Whether or not this token is active. account: $ref: '#/components/schemas/TokenAccountResponse' _links: $ref: '#/components/schemas/TokenHyperlinks' type: object required: - id - virtual_pan - preferred_name - active - account - _links title: TokenResponse description: Response body of token create, lookup and update. TokenSearchHyperlinks: properties: self: $ref: '#/components/schemas/Hyperlink' description: The hyperlink to the current page of results. first: $ref: '#/components/schemas/Hyperlink' description: The hyperlink to the first page of results. prev: $ref: '#/components/schemas/Hyperlink' description: The hyperlink to the previous page of results. next: $ref: '#/components/schemas/Hyperlink' description: 'The hyperlink to the next page of results. If this is omitted, the results have been exhausted.' type: object required: - self - first title: TokenSearchHyperlinks description: The hyperlinks for iterating though the pages of the search results. examples: - first: href: https://api.cardaccess.com.au/test/etx/txn/v1/customers/34567/tokens?limit=10&offset=0 next: href: https://api.cardaccess.com.au/test/etx/txn/v1/customers/34567/tokens?limit=10&offset=30 prev: href: https://api.cardaccess.com.au/test/etx/txn/v1/customers/34567/tokens?limit=10&offset=10 self: href: https://api.cardaccess.com.au/test/etx/txn/v1/customers/34567/tokens?limit=10&offset=20 TokenSearchResponse: properties: _links: $ref: '#/components/schemas/TokenSearchHyperlinks' results: items: $ref: '#/components/schemas/TokenResponse' type: array title: Results description: Search results. type: object required: - _links - results title: TokenSearchResponse description: Response body of token search. TokensPost: properties: preferred_name: type: string maxLength: 50 minLength: 1 pattern: ^[a-zA-Z0-9!#\$%&\(\)\*\+,\-\./:;<=>\?@\[\]\^_`\{\|\}~ ]*$ title: Preferred Name description: 'Unique name of the token. This must be unique per customer.' examples: - b327170c-6a9f-4f34-b32a-7202f7e52aae active: type: boolean title: Active description: Whether or not this token is active. account: $ref: '#/components/schemas/TokenAccountRequest' type: object required: - preferred_name - active - account title: TokensPost description: Body of POST to /customers/{customer_id}/tokens. TransactionBase: properties: reference: type: string maxLength: 512 minLength: 0 pattern: ^[a-zA-Z0-9!#\$%&\(\)\*\+,\-\./:;<=>\?@\[\]\^_`\{\|\}~ ]*$ title: Reference description: 'Reference field for use by the merchant. This field can contain any value and will appear in all reports.' default: '' examples: - 2873eadd-fe37-4b17-adf2-adee3f5ea7ee type: object title: TransactionBase description: Details about the transaction. TransactionHyperlinks: properties: self: $ref: '#/components/schemas/Hyperlink' description: 'The hyperlink with which to [lookup the transaction](#tag/Transactions/operation/transaction_lookup).' examples: - href: http://api.cardaccess.com.au/test/etx/txn/v1/transactions/123456 type: object required: - self title: TransactionHyperlinks description: 'The hyperlinks to operations associated with this response. Links are generated and returned dynamically depending on the result of the transaction request. The API will attempt to return all valid links and no invalid links, but this is not guaranteed.' TransactionLookupHyperlinks: properties: self: $ref: '#/components/schemas/Hyperlink' description: 'The hyperlink with which to [lookup the transaction](#tag/Transactions/operation/transaction_lookup).' examples: - href: http://api.cardaccess.com.au/test/etx/txn/v1/transactions/123456 void: $ref: '#/components/schemas/Hyperlink' description: 'The hyperlink with which to [void the transaction](#tag/Transactions/operation/void_request).' examples: - href: http://api.cardaccess.com.au/test/etx/txn/v1/transactions/123456/void completion: $ref: '#/components/schemas/Hyperlink' description: 'The hyperlink with which to [complete the transaction](#tag/Transactions/operation/completion_request).' examples: - href: http://api.cardaccess.com.au/test/etx/txn/v1/transactions/123456/completion refund: $ref: '#/components/schemas/Hyperlink' description: 'The hyperlink with which to [refund the transaction](#tag/Transactions/operation/refund_by_audit_request).' examples: - href: http://api.cardaccess.com.au/test/etx/txn/v1/transactions/123456/refund target: $ref: '#/components/schemas/Hyperlink' description: 'The hyperlink with which to [lookup the transaction](#tag/Transactions/operation/transaction_lookup) that this one acted upon. Only present for ''refund by audit'' and ''void'' transaction types.' examples: - href: http://api.cardaccess.com.au/test/etx/txn/v1/transactions/123123 type: object required: - self title: TransactionLookupHyperlinks description: 'The hyperlinks to operations associated with this response. Links are generated and returned dynamically depending on the result of the transaction request. The API will attempt to return all valid links and no invalid links, but this is not guaranteed.' TransactionLookupResponse: properties: audit: type: integer maximum: 2147483647.0 minimum: 1.0 title: Audit description: The audit of this transaction. examples: - 123456 gateway_timestamp: type: string format: date-time title: Gateway Timestamp description: 'Timestamp as recorded by the gateway in ISO8601 date-time format; Sydney time (changes with daylight savings). For transaction requests, this is approximated by the API. The exact gateway timestamp will only be returned in a lookup operation.' examples: - '2024-03-26T12:14:51+11:00' merchant: $ref: '#/components/schemas/Merchant' kvps: patternProperties: ^[a-zA-Z0-9\._]*$: type: string maxLength: 512 minLength: 0 pattern: ^[a-zA-Z0-9!#\$%&\(\)\*\+,\-\./:;<=>\?@\[\]\^_`\{\|\}~ ]*$ description: 'A KVP value storing miscelaneous information associated with the transaction.' examples: - Some value propertyNames: maxLength: 128 minLength: 1 type: object title: Kvps description: 'KVPs associated with the transaction. This includes KVPs submitted in the request by the merchant and those generated by the gateway in the response. Direct debit transactions may not return any KVPs. In that case, simply perform a lookup on the audit to get any required KVPs.' examples: - CAS.REQUEST.KVP.CUSTOMER.pmt_no: '123456789' CAS.RESPONSE.KVP.EXAMPLE: some response data transaction: $ref: '#/components/schemas/TransactionObfuscated' status: $ref: '#/components/schemas/StatusLookup' _links: $ref: '#/components/schemas/TransactionLookupHyperlinks' type: object required: - audit - gateway_timestamp - merchant - kvps - transaction - status - _links title: TransactionLookupResponse description: Transaction lookup response body. TransactionObfuscated: properties: reference: type: string maxLength: 512 minLength: 0 pattern: ^[a-zA-Z0-9!#\$%&\(\)\*\+,\-\./:;<=>\?@\[\]\^_`\{\|\}~ ]*$ title: Reference description: 'Reference field for use by the merchant. This field can contain any value and will appear in all reports.' examples: - 2873eadd-fe37-4b17-adf2-adee3f5ea7ee transaction_type: type: string enum: - purchase - refund by audit - standalone refund - preauthorisation - completion - void - reverse - unknown title: Transaction Type description: The type of transaction. examples: - purchase target_audit: type: integer maximum: 2147483647.0 minimum: 1.0 description: 'The audit of the original transaction that this one acted upon. Only present for ''refund by audit'' and ''void'' transaction types.' examples: - 123123 amount_details: $ref: '#/components/schemas/AmountDetails' payment_method: anyOf: - $ref: '#/components/schemas/PaymentMethodCreditcardObfuscated' - $ref: '#/components/schemas/PaymentMethodDirectdebitObfuscated' - $ref: '#/components/schemas/PaymentMethodCASTokenObfuscated' title: Payment Method description: The payment method for this transaction. directdebit_mode: type: string enum: - debit - credit description: The mode of direct debit transaction. Only present for direct debit transaction. type: object required: - reference - transaction_type title: TransactionObfuscated description: Details about the transaction. TransactionPreauthorisation: properties: reference: type: string maxLength: 512 minLength: 0 pattern: ^[a-zA-Z0-9!#\$%&\(\)\*\+,\-\./:;<=>\?@\[\]\^_`\{\|\}~ ]*$ title: Reference description: 'Reference field for use by the merchant. This field can contain any value and will appear in all reports.' default: '' examples: - 2873eadd-fe37-4b17-adf2-adee3f5ea7ee amount_details: $ref: '#/components/schemas/AmountDetails' payment_method: anyOf: - $ref: '#/components/schemas/PaymentMethodCreditcard' - $ref: '#/components/schemas/PaymentMethodCASToken' title: Payment Method description: The payment method for this transaction. type: object required: - amount_details - payment_method title: TransactionPreauthorisation description: Details about the transaction. TransactionPreauthorisationResponse: properties: audit: type: integer maximum: 2147483647.0 minimum: 1.0 title: Audit description: The audit of this transaction. examples: - 123456 gateway_timestamp: type: string format: date-time title: Gateway Timestamp description: 'Timestamp as recorded by the gateway in ISO8601 date-time format; Sydney time (changes with daylight savings). For transaction requests, this is approximated by the API. The exact gateway timestamp will only be returned in a lookup operation.' examples: - '2024-03-26T12:14:51+11:00' merchant: $ref: '#/components/schemas/Merchant' kvps: patternProperties: ^[a-zA-Z0-9\._]*$: type: string maxLength: 512 minLength: 0 pattern: ^[a-zA-Z0-9!#\$%&\(\)\*\+,\-\./:;<=>\?@\[\]\^_`\{\|\}~ ]*$ description: 'A KVP value storing miscelaneous information associated with the transaction.' examples: - Some value propertyNames: maxLength: 128 minLength: 1 type: object title: Kvps description: 'KVPs associated with the transaction. This includes KVPs submitted in the request by the merchant and those generated by the gateway in the response. Direct debit transactions may not return any KVPs. In that case, simply perform a lookup on the audit to get any required KVPs.' examples: - CAS.REQUEST.KVP.CUSTOMER.pmt_no: '123456789' CAS.RESPONSE.KVP.EXAMPLE: some response data status: $ref: '#/components/schemas/StatusPreauthorisation' _links: $ref: '#/components/schemas/PreauthorisationHyperlinks' type: object required: - audit - gateway_timestamp - merchant - kvps - status - _links title: TransactionPreauthorisationResponse description: Preauthorisation response body. TransactionRefundableResponse: properties: audit: type: integer maximum: 2147483647.0 minimum: 1.0 title: Audit description: The audit of this transaction. examples: - 123456 gateway_timestamp: type: string format: date-time title: Gateway Timestamp description: 'Timestamp as recorded by the gateway in ISO8601 date-time format; Sydney time (changes with daylight savings). For transaction requests, this is approximated by the API. The exact gateway timestamp will only be returned in a lookup operation.' examples: - '2024-03-26T12:14:51+11:00' merchant: $ref: '#/components/schemas/Merchant' kvps: patternProperties: ^[a-zA-Z0-9\._]*$: type: string maxLength: 512 minLength: 0 pattern: ^[a-zA-Z0-9!#\$%&\(\)\*\+,\-\./:;<=>\?@\[\]\^_`\{\|\}~ ]*$ description: 'A KVP value storing miscelaneous information associated with the transaction.' examples: - Some value propertyNames: maxLength: 128 minLength: 1 type: object title: Kvps description: 'KVPs associated with the transaction. This includes KVPs submitted in the request by the merchant and those generated by the gateway in the response. Direct debit transactions may not return any KVPs. In that case, simply perform a lookup on the audit to get any required KVPs.' examples: - CAS.REQUEST.KVP.CUSTOMER.pmt_no: '123456789' CAS.RESPONSE.KVP.EXAMPLE: some response data status: $ref: '#/components/schemas/Status' _links: $ref: '#/components/schemas/RefundableHyperlinks' type: object required: - audit - gateway_timestamp - merchant - kvps - status - _links title: TransactionRefundableResponse description: Refundable transaction response body. TransactionSearchResponse: properties: results: items: $ref: '#/components/schemas/TransactionLookupResponse' type: array maxItems: 1 minItems: 0 title: Results description: Search results. type: object required: - results title: TransactionSearchResponse description: Transaction search response body. TransactionVoidResponse: properties: audit: type: integer maximum: 2147483647.0 minimum: 1.0 title: Audit description: The audit of this transaction. examples: - 123456 gateway_timestamp: type: string format: date-time title: Gateway Timestamp description: 'Timestamp as recorded by the gateway in ISO8601 date-time format; Sydney time (changes with daylight savings). For transaction requests, this is approximated by the API. The exact gateway timestamp will only be returned in a lookup operation.' examples: - '2024-03-26T12:14:51+11:00' merchant: $ref: '#/components/schemas/Merchant' kvps: patternProperties: ^[a-zA-Z0-9\._]*$: type: string maxLength: 512 minLength: 0 pattern: ^[a-zA-Z0-9!#\$%&\(\)\*\+,\-\./:;<=>\?@\[\]\^_`\{\|\}~ ]*$ description: 'A KVP value storing miscelaneous information associated with the transaction.' examples: - Some value propertyNames: maxLength: 128 minLength: 1 type: object title: Kvps description: 'KVPs associated with the transaction. This includes KVPs submitted in the request by the merchant and those generated by the gateway in the response. Direct debit transactions may not return any KVPs. In that case, simply perform a lookup on the audit to get any required KVPs.' examples: - CAS.REQUEST.KVP.CUSTOMER.pmt_no: '123456789' CAS.RESPONSE.KVP.EXAMPLE: some response data status: $ref: '#/components/schemas/Status' _links: $ref: '#/components/schemas/TransactionHyperlinks' type: object required: - audit - gateway_timestamp - merchant - kvps - status - _links title: TransactionVoidResponse description: Void response body. TransactionVoidableResponse: properties: audit: type: integer maximum: 2147483647.0 minimum: 1.0 title: Audit description: The audit of this transaction. examples: - 123456 gateway_timestamp: type: string format: date-time title: Gateway Timestamp description: 'Timestamp as recorded by the gateway in ISO8601 date-time format; Sydney time (changes with daylight savings). For transaction requests, this is approximated by the API. The exact gateway timestamp will only be returned in a lookup operation.' examples: - '2024-03-26T12:14:51+11:00' merchant: $ref: '#/components/schemas/Merchant' kvps: patternProperties: ^[a-zA-Z0-9\._]*$: type: string maxLength: 512 minLength: 0 pattern: ^[a-zA-Z0-9!#\$%&\(\)\*\+,\-\./:;<=>\?@\[\]\^_`\{\|\}~ ]*$ description: 'A KVP value storing miscelaneous information associated with the transaction.' examples: - Some value propertyNames: maxLength: 128 minLength: 1 type: object title: Kvps description: 'KVPs associated with the transaction. This includes KVPs submitted in the request by the merchant and those generated by the gateway in the response. Direct debit transactions may not return any KVPs. In that case, simply perform a lookup on the audit to get any required KVPs.' examples: - CAS.REQUEST.KVP.CUSTOMER.pmt_no: '123456789' CAS.RESPONSE.KVP.EXAMPLE: some response data status: $ref: '#/components/schemas/Status' _links: $ref: '#/components/schemas/VoidableHyperlinks' type: object required: - audit - gateway_timestamp - merchant - kvps - status - _links title: TransactionVoidableResponse description: Voidable transaction response body. TransactionWithAmount: properties: reference: type: string maxLength: 512 minLength: 0 pattern: ^[a-zA-Z0-9!#\$%&\(\)\*\+,\-\./:;<=>\?@\[\]\^_`\{\|\}~ ]*$ title: Reference description: 'Reference field for use by the merchant. This field can contain any value and will appear in all reports.' default: '' examples: - 2873eadd-fe37-4b17-adf2-adee3f5ea7ee amount_details: $ref: '#/components/schemas/AmountDetails' type: object required: - amount_details title: TransactionWithAmount description: Details about the transaction. TransactionWithPaymentMethod: properties: reference: type: string maxLength: 512 minLength: 0 pattern: ^[a-zA-Z0-9!#\$%&\(\)\*\+,\-\./:;<=>\?@\[\]\^_`\{\|\}~ ]*$ title: Reference description: 'Reference field for use by the merchant. This field can contain any value and will appear in all reports.' default: '' examples: - 2873eadd-fe37-4b17-adf2-adee3f5ea7ee amount_details: $ref: '#/components/schemas/AmountDetails' payment_method: anyOf: - $ref: '#/components/schemas/PaymentMethodCreditcard' - $ref: '#/components/schemas/PaymentMethodDirectdebit' - $ref: '#/components/schemas/PaymentMethodCASToken' title: Payment Method description: The payment method for this transaction. type: object required: - amount_details - payment_method title: TransactionWithPaymentMethod description: Details about the transaction. VoidPost: properties: merchant: $ref: '#/components/schemas/Merchant' kvps: patternProperties: ^[a-zA-Z0-9\._]{1,64}$: type: string maxLength: 512 minLength: 0 pattern: ^[a-zA-Z0-9!#\$%&\(\)\*\+,\-\./:;<=>\?@\[\]\^_`\{\|\}~ ]*$ description: 'A KVP value storing miscelaneous information associated with the transaction.' examples: - Some value propertyNames: maxLength: 64 minLength: 1 type: object title: Kvps description: "KVPs associated with the transaction.\n\nKVPs submitted in\ \ a request may have the prefix `CAS.REQUEST.KVP.` prepended\nto the key\ \ by the gateway.\nFor example, if a request is submitted with the KVP\n\ `\"CUSTOMER.full_name\": \"John Smith\"`, the response will include the\ \ KVP\n`\"CAS.REQUEST.KVP.CUSTOMER.full_name\": \"John Smith\"`.\n\nEach\ \ KVP key must be at most 64 characters long and use only the following\n\ characters:\n - `A-Z`\n - `a-z`\n - `0-9`\n - `.` (period)\n - `_`\ \ (underscore)" default: {} examples: - CUSTOMER.pmt_no: '123456789' transaction: $ref: '#/components/schemas/TransactionBase' type: object required: - merchant - transaction title: VoidPost description: Body of POST to /transactions/{audit}/void. VoidableHyperlinks: properties: self: $ref: '#/components/schemas/Hyperlink' description: 'The hyperlink with which to [lookup the transaction](#tag/Transactions/operation/transaction_lookup).' examples: - href: http://api.cardaccess.com.au/test/etx/txn/v1/transactions/123456 void: $ref: '#/components/schemas/Hyperlink' description: 'The hyperlink with which to [void the transaction](#tag/Transactions/operation/void_request).' examples: - href: http://api.cardaccess.com.au/test/etx/txn/v1/transactions/123456/void type: object required: - self title: VoidableHyperlinks description: 'The hyperlinks to operations associated with this response. Links are generated and returned dynamically depending on the result of the transaction request. The API will attempt to return all valid links and no invalid links, but this is not guaranteed.' securitySchemes: HTTPBasic: type: http scheme: basic tags: - name: Transactions description: '### Identification Transactions are stored in the gateway and identified by their audit (also referred to as audit number). Each successful transaction request will create a new audit of the pertinent type: purchase, preauthorisation, completion, standalone refund, refund by audit, and void. Completions, refunds by audit and voids act on and refer back to the original transaciton, but are still considered individual transactions themselves. Merchants should record the audit for each transaction as a permanent reference for later refunds etc. CAS staff require the audit to identify a transaction when providing support. ### HTTP Response Codes A `2XX` HTTP response code does *not* denote an approved transaction. It merely denotes that a response was received from the gateway. In most cases, the `status.transaction_status_code` field can be used to determine the outcome of the transaction request. If its value is `approved`, the transaction has been approved. If its value is `declined`, the transaction has been declined. A value of `pending` denotes that the transaction is a direct debit transaction and is waiting for confirmation from the acquirer; This will usually take multiple working days. If its value is `error`, the fields `status.gateway_status_code` and `status.acquirer.response_code` can be used to diagnose the issue. A `4XX` HTTP response code denotes an improper request. The transaction is never approved. In the event of a `5XX` HTTP response code for a transaction request, it is *strongly recommended* that a lookup be called on either the audit, if given, or the idempotency key. An error may have occurred at any point in the chain between the client and the acquirer, so the transaction may have been approved or declined. If the lookup does not also return an error, it will show the status of the transaction. If the lookup returns a `404` HTTP response code, then the transaction was not processed and it can safely be reattempted. ' - name: Tokenisation description: '### Overview Tokenisation is only available to merchants with the CIV product. Please contact CAS for more information or to request use of this product. A token, also known as a registered account, is a stored payment method which can be used in later transactions. Sensitive payment information is stored in the customer information vault (CIV), and identified by the token ID. The Virtual PAN (VPAN) can then be used in place of the payment information when performing transactions on CAS systems. Each token is owned by a customer. Customers usually correspond with the real customers of a merchant, but may be used as an arbitrary collection of tokens. A customer may have zero, one or many tokens. Currently tokens can store either credit card or bank account details, however the tokenisation system has the capability to store other customer information. Please contact CAS if you have a use for storing extended information. '