Transaction data is sent to our system from the back-end of the Merchant's server by software written or installed by the merchant. This gives the Merchant the ability to completely customize and integrate real time payment processing into his own application. To implement a Direct Mode client, familiarity with sockets and network programming is required.
A transaction is initiated by sending an HTTP POST to our host. The host will respond momentarily with the transaction result on the same socket. All data is URL encoded, just like a standard <form> POST from a browser.
| Host | Port | Path | Description |
|
secure.netbilling.com |
1401 (http1) 1402 (https) |
/gw/sas/getid3.1 | ID generator |
| /gw/sas/direct3.1 | Transaction interface | ||
| /gw/sas/settle3.1 | Batch settlement interface | ||
| 1403 | / | VerisignTM 3 compatibility (not documented here) |
| Parameter | Value |
| pay_type | C |
| tran_type | A |
| account_id | 110006559149 |
| card_number | 4444333322221186 |
| card_expire | 0909 |
| amount | 5.00 |
We can expect to receive the following parameters back in the response:
| Parameter | Value |
| status_code | ? |
| trans_id | ? |
| auth_code | ? |
| auth_date | ? |
| auth_msg | ? |
| avs_code | ? |
| cvv2_code | ? |
| ticket_code | ? |
See the Protocol Response Reference section for more information.
First, the URL encoded HTTP POST request is assembled and sent to secure.netbilling.com port 1401:
POST /gw/sas/direct3.1 HTTP/1.0 Host: secure.netbilling.com:1401 Content-Type: application/x-www-form-urlencoded Content-Length: 104 pay_type=C&tran_type=A&account_id=110006559149&card_number=4444333322221186&card_expire=0909&amount=5.00The system will respond with:
HTTP/1.0 200 OK Approved Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 160 auth_msg=TEST+APPROVED&ticket_code=XXXXXXXXXXXXXXX&avs_code=X&auth_date=2004-06-09+22%3A55%3A08&status_code=T&trans_id=109704163690&auth_code=999999&cvv2_code=MURL encoding is demonstrated in the example above. Parameter-value pairs are separated by ampersands (&), and within each pair, the parameter name and the value are separated by equal signs (=). All non-alphanumeric characters within each value field are substituted with percent signs followed by 2 hexadecimal digits, (%XX) where XX is the hexadecimal value of the encoded ASCII character. The order of the parameter-value pairs doesn't matter.
That's all it takes to execute a basic transaction. In Unix/Linux environments, netcat(1) or nc(1) can be used to recreate this example.
For example, the minimum required parameters for a Credit Card Sale are: account_id, tran_type, pay_type, amount, card_number, card_expire, card_cvv2, bill_name1, bill_name2, bill_street, bill_zip and bill_country.
| Transaction Type Table | |||
|---|---|---|---|
| tran_type = | Required | Optional, commonly used | Special |
| "A" (auth1) |
account_id tran_type <payment information> <customer information> |
trans_id <purchase information> <shipping information> <level 2 information> |
dynip_sec_code <membership>3 <recurring billing>3 |
| "S" (sale1) |
account_id tran_type <payment information> <customer information> |
trans_id <purchase information> <shipping information> <level 2 information> | |
| "R" (refund1) |
account_id tran_type orig_id |
trans_id amount <purchase information> | |
| "C" (credit1) |
account_id tran_type <payment information> <customer information> |
trans_id <purchase information> | |
| "D" (capture1) |
account_id tran_type orig_id |
amount | |
| "B" (batch settle2) |
account_id tran_type pay_type |
| Request Parameter Definition Table | ||
|---|---|---|
General parameters | ||
| Parameter | Max Field Size | Description |
| account_id | 12 | This is the number of your merchant or agent account, as a 12 digit string. Required for all transactions. |
| site_tag | 12 |
The site tag of your website or retail site, as was configured within the system. This field is optional.
It is used to select which email receipt templates will be used, as well as for accounting purposes.
When using the membership/subscription features, site_tag is required and determines which site the new member will belong to. It can optionally contain a comma separated list of multiple site_tags. The new member will be a primary member of the first site_tag in the list, and a secondary member of each additional site specified. |
| dynip_sec_code | 16 | This field is used when a direct mode client needs to connect to the server from a dynamic or unknown IP address. Normally direct mode clients are authenticated based on a trusted IP address configured on the account's access security settings page. The dynamic IP security code can also be configured on the same page. If the correct code is sent in this field, transactions will be accepted regardless of the IP. |
| pay_type | 1 |
This is required for all transactions. Possible values: C (credit card) K (check) S (stored value card) |
| tran_type | 1 |
This is required for all transactions. Possible values: A - authorize funds only, no funds will be transferred S - sale, funds will be transferred R - refund a previous sale, a partial amount can be specified. C - credit money back when there is no previous sale. D - capture a previous authorization, effectively converting it into a sale. B - batch settlement, all outstanding sale, refund and credit transactions are settled with the bank. |
| trans_id | 12 | Transaction ID for transaction request. This field is optional. When used, the value MUST have been generated by querying getid3.1. This field allows tracking of a transaction, even if a response is never received due to network latency, etc. If no value is supplied, the system will generate a unique ID and returned in the response message. |
| orig_id | 12 | Transaction ID of the original transaction. I.e. trans_id of original Sale or Auth. |
| amount | 10 | This is the total amount of the transaction, including tax and shipping, if any. No spaces, commas or currency signs. It should include all tax and shipping amounts, even if those amounts are specified separately. |
| tax_amount | 10 | This is the tax amount of the transaction. Required to qualify for Purchase/Commercial Card Level-2 processing. No spaces, commas or currency signs. |
| ship_amount | 10 | This is the shipping cost of the transaction. Required to qualify for Purchase/Commercial Card Level-2 processing. No spaces, commas or currency signs. |
| purch_order | 17 | This is the Purchase Order number. Required to qualify for Purchase/Commercial Card Level-2 processing. |
| courier_tracking | 100 | The courier designation, "FEDEX", "UPS", "USPS", "TNT", or "DHL" followed by a colon and the tracking number (no spaces.) For example: "FEDEX:844477771111". Specifying this enables the system to provide automatic links directly to the tracking information for the carrier. |
Customer information parameters | ||
| bill_name1 | 20 | First name of paying customer. |
| bill_name2 | 20 | Last name of paying customer. |
| bill_street | 80 | Street address of paying customer. Must match the credit card billing address, or the bank statement address for NBCheck transactions. |
| bill_city | 40 | City of paying customer. |
| bill_state | 30 | 2 character US state code of paying customer, or foreign state or province. Do not specify spelled out state names for US states. |
| bill_zip | 20 | 5 or 9 digit US zip code or foreign postal code of paying customer. Must match the credit card billing address, or the bank statement address for NBCheck transactions. Format: "55555" or "55555-4444" for US zip codes. |
| bill_country | 2 | The 2 letter ISO3166 country code of paying customer. "US" for the United States, "GB" for the United Kingdom, etc. See http://www.iso.org/iso/en/prods-services/iso3166ma/index.html |
| ship_name1 | 20 | First name of shipping recipient. |
| ship_name2 | 20 | Last name of shipping recipient. |
| ship_street | 80 | Street address of shipping recipient. |
| ship_city | 40 | City of shipping recipient. |
| ship_state | 30 | 2 character US state code or foreign state or province of shipping recipient. Do not specify spelled out state names for US states. |
| ship_zip | 20 | 5 or 9 digit US zip code, or foreign postal code of shipping recipient. Format: "55555" or "55555-4444" for US zip codes. |
| ship_country | 2 | The 2 letter ISO3166 country code of shipping recipient. "US" for the United States, "GB" for the United Kingdom, etc. See http://www.iso.org/iso/en/prods-services/iso3166ma/index.html |
| cust_email | 60 | Email address of the customer. Optional, but necessary for the system to send email receipts. |
| cust_phone | 40 | Phone number of the customer. |
| cust_ip | 15 | IP address of the customer for web originating transactions. |
| cust_host | 255 | The resolved DNS host name of the customer for web originating transactions. |
| cust_browser | 200 | The User-Agent customer browser header for web originating transactions. |
Purchase information parameters | ||
| description | 4000 | A description or order reference for the order. |
| user_data | 4000 |
Arbitrary user data that will be stored by the system. It can be used to store attribute value pairs, separated by newline (\n) characters. For example:
Customer-Number: 1234 |
| misc_info | 4000 |
Arbitrary miscellaneous information that will be stored by the system. Merchants submitting NBCheck transactions must populate this field with the transaction date and the full text of the required agreement authorized by the customer at the time of the sale. |
Fraud control and special feature parameters | ||
| disable_avs | 1 | Set this flag to "1" to disable AVS (Address Verification System) for this credit card transaction. |
| disable_cvv2 | 1 | Set this flag to "1" to disable CVV2 (Card Verification Value 2) for this credit card transaction. |
| disable_fraud_checks | 1 | Set this flag to "1" to disable all fraud protection other than AVS/CVV2. This implies disable_negative_db. |
| disable_negative_db | 1 | Set this flag to "1" to disable only the negative database component of the fraud protection system. |
| disable_email_receipts | 1 | Set this flag to "1" to disable automatic sending of both merchant and customer email receipts. |
| cisp_storage | 1 | Set this flag to "1" to indicate that this transactions should be stored securely, and be accessible for future repeat billing. In order to issue another transaction on this card in the future, use "CS:trans_id:last5digits" as the card number for the future transaction, where trans_id is the id returned for the original transaction, and last5digits (optional) is the last 5 digits of the card number. |
Credit card parameters | ||
| card_number | 19 | Credit card number used for the transaction. No spaces or dashes, digits only. |
| card_expire | 4 | Credit card expiration date in MMYY format (no slash). Required whenever card_number is required. |
| card_cvv2 | 4 | Credit card CVV2/CVC value, which is the 3 or 4 digit code on the back of the credit card used for fraud prevention. |
| card_track1 | 79 | Magnetic stripe data for track 1 used in retail environments. When sending magnetic stripe data, the card_number and card_expire fields are optional. Either track1, track2 or both can be sent. Track 1 is alpha-numeric, and will begin with '%' and end with '?'. If both tracks are available, we recommend sending track 1. |
| card_track2 | 40 | Magnetic stripe data for track 2 used in retail environments. When sending magnetic stripe data, the card_number and card_expire fields are optional. Either track1, track2 or both can be sent. Track 2 is numeric, and will begin with ';' and end with '?'. |
| force_code | 15 | Authorization force code (usually 6 digits), typically obtained by phone authorization. This code is used to force a through a sale that would otherwise fail with a CALL CENTER message. |
| 3ds_cavv | 40 | Required when using Verified by VisaTM (also known as 3D Secure.) Format: 40 hexadecimal digits in ASCII, encoding a 20 byte binary value, or 28 characters of Base64 code. This value is provided by the MPI (Merchant Plug-In). |
| 3ds_xid | 40 | Optional even when using Verified by VisaTM. Format: 40 hexadecimal digits in ASCII, encoding a 20 byte binary value, or 28 characters of Base64 code. This value is provided by the MPI (Merchant Plug-In). |
NBCheck parameters | ||
| account_number | 27 | Checking account number in <aba>:<account_no> format, e.g. "123456789:9999999999" where 123456789 is the bank's 9 digit ABA (routing) number, and 9999999999 is the checking account number (both are printed at the bottom of all checks) |
| bill_photo_id_no | 20 | Paying customer's state issued drivers license or photo ID number. Typically only used for check payments. Valid characters are '0'-'9', 'A'-'Z' and '*' (used in WA-state.) Dashes and spaces should not be included. |
| bill_photo_id_state | 2 | Paying customer's 2 letter state code for the state that issued the photo id above. if the photo id is federal, this field should be "US". Typically only used for check payments. |
| bill_tax_id_no | 12 | Paying customer's Tax ID or Social Security number. Format: 333-22-4444 for SS#, 22-7777777 for TID#. Typically only used for check payments. |
| bill_birth_date | 17 | Paying customer's birth date in YYYY-MM-DD format. Typically only used for check payments. |
| assent_key | 16 | This is a unique numeric key required by the system to verify that a customer has agreed to the NBCheck Terms Of Service. The merchant checkout page must include a specific <img> tag and JavaScript code which cause the assent_key to be linked with the customer's agreement to the Terms Of Service language contained in the image. Please review the assent_key documentation which include an example of how to use this feature. For merchant initiated repeat billing of the same customer, the assent_key value from the original transaction should be included. The customer must have agreed to repeat/recurring billing at the time of the original transaction. Future repeat billing of transactions that were originally processed before the assent_key feature was introduced are grand-fathered, and will continue to be approved without it. All new ACH transactions require a valid assent_key. |
Stored value card parameters | ||
| card_pin | 20 | The PIN code for for the stored value cardholder. |
Hotel industry parameters | ||
| hotel_checkin_date | 6 | Actual or anticipated checkin date YYMMDD format for hotel industry transactions. |
| hotel_checkout_date | 6 | Actual or anticipated checkout date YYMMDD format for hotel industry transactions. |
| hotel_flags | 10 |
This field contains a string of one or more single-letter flags pertaining to the transaction:
None, One or Several of the following flags can be specified
None or One of the following flags can be specified When specifying multiple flags, simply append them together without spaces. The order is not important. |
| hotel_room_rate | 10 | The daily room rate. No spaces, commas or currency signs. |
| mcc_override | 4 |
4 digit MCC (Merchant Category Code) override. Can be used to
indicate that a specific transaction was not a hotel-industry transaction,
even thought the account is setup for hotel processing by default.
This field is used to indicate the appropriate industry code for a separate restaurant. gift shop or other purchase, that is not processed together with hotel charges. |
Membership and Recurring Billing | ||
| member_username | 40 | Name of the subscribing member. This is the name that will be used by the member to login to the subscription site. It must be unique with respect to other members of the same site_tag. If a name is already in use, the request will fail and no transaction will be processed. |
| member_duration | 6 | The duration in days of the initial membership. |
| member_password | 40 | The password the member will use to login to the subscription site. |
| member_memo | 4000 | An optional merchant memo to attach to this member. |
| recurring_amount | 10 | The amount to bill the subscriber for at the end of the initial membership. If a recurring billing is successful, the subscriber's expiration date is automatically pushed forward until the time of the next recurring billing. |
| recurring_period | 100 | The time period between subsequent recurring billings. This is specified either as a number of days, or a special expression as generated by the Button Editor in the Online Administration can be used. |
| recurring_count | 10 | Stop the recurring billing after this number of successful recurring billings have been processed. The default is no limit. |
| recurring_prorate | 4 |
When set to "true", the next recurring billing will occur either at the end of the initial
membership period (member_duration), or at the next matching recurring_period special expression,
whichever is sooner. The amount of the first recurring billing will be be reduced based on
how many days early the recurring billing occured compared to the number of days specified in
member_duration.
Example: member_duration=30 & recurring_period=last_day%28sysdate%29%2B1 & recurring_prorate=true This recurring_period expression specifies that this subscriber should be billed on the 1st of every month. If the subscriber joined on the 18th of February, the first recurring billing would occur on the 1st of March. The amount would be reduced by 2/3rd of the initial transaction amount, because the initial payment was for a 30 day membership, but the first recurring billing was processed after only 10 days, thus a credit is given for 20 days. From then on, the subscriner will always be billed the amount specified in recurring_amount on the 1st of each month. |
IMPORTANT NOTE: Properly implemented client software --
| Transaction Response Parameter Definition Table | |
|---|---|
| status_code |
Single character status code.
1 - Successful monetary transaction Any unexpected status code other than "0" and "F" should be interpreted as a successful transaction. |
| trans_id | If trans_id was supplied in the request, the same code will be returned (except for Duplicate transaction errors.) If trans_id was not supplied in the request, a unique system generated ID will be returned. |
| auth_code | A 6 digit bank authorization code for the transaction. |
| auth_date | This is the date and time in GMT (UTC) when the transaction was authorized by the system. "YYYY-MM-DD HH:MM:SS" format. |
| auth_msg | A human readable approval message, for example "APPROVED 123456", or "DECLINED 05". These messages are processor specific, may change, and are not intended to be machine readable. |
| avs_code | Single character AVS result code. See the AVS popup window in the online administration system for a list of codes. |
| cvv2_code | Single character CVV2 result code. See the CVV2 popup window in the online administration system for a list of codes. |
| ticket_code | Typically not used. Processor specific additional transaction reference code. |
| reason_code2 | Typically not used. Processor specific additional DECLINE-reason code. Consult the transaction details screen for a declined transaction in the online administration system for verbose reason code messages. |
| member_id | Returned when a new subscriber/member was added. |
| recurring_id | Returned when a recurring billing record was established for a new subscriber/member. |
| settle_amount | The settlement amount. The same as the request amount, except for Dynamic Currency Conversion merchants, where this field together with settle_currency indicate the actual amount and currency billed to the cardholder. |
| settle_currency | The settlement currency, typically "USD". For Dynamic Currency Conversion merchants, this field together with settle_amount indicate the actual amount and currency billed to the cardholder. |
"STATUS","PAY_TYPE","ID","REPORT_DATE","CLOSE_BALANCE","CLOSE_MSG" "1","C","200522350933","2005-03-07 23:59:19","999.99","TEST BATCH" "O","K","","","",""In this example, 2 records are returned. The first record indicates a successful credit card batch settlement. The second record indicates that no open NBCheck transactions are available for settlement. Only the STATUS and PAY_TYPE fields are guaranteed to always be defined.
| Settlement Response Parameter Definition Table | |
|---|---|
| STATUS |
Single character batch settlement status code.
1 - (one) Successful batch settlement Any unexpected status code other than "0" and "O" should be interpreted as a successful settlement. |
| PAY_TYPE | Single character pay_type, echoed from request. |
| ID | System ID number uniquely identifying the batch settlement record. |
| REPORT_DATE | This is the date and time in GMT (UTC) when the batch settlement was performed. "YYYY-MM-DD HH:MM:SS" format. |
| CLOSE_BALANCE | The settlement balance. Positive for net deposits, negative if there are more refunds than sales in the batch. |
| CLOSE_MSG | A human readable settlement message, for example "BATCH SETTLED". These messages are processor specific, may change, and are not intended to be machine readable. |
POST /gw/sas/direct3.1 HTTP/1.0 Host: secure.netbilling.com:1401 Content-Type: application/x-www-form-urlencoded Content-Length: 104 pay_type=C&tran_type=A&account_ix=110006559149&card_number=4444333322221186&card_expire=0909&amount=5.00The following will be returned by the system:
HTTP/1.0 604 Missing Parameter (account_id) Connection: close Content-Type: text/plain Content-Length: 0All HTTP codes other than 200 (604 in this case) indicates an exception. The HTTP message "Missing Parameter (account_id)", contains a brief description of the error.
Codes 699 and 799 are general codes returned for many different reasons. If you need to do special processing for one of those codes, your application also needs to look at the first 5 digits of the HTTP message in order to match a particular error.
| Exception code ranges | |
|---|---|
| 600 - 698 | Exception is most likely due to invalid input. The HTTP message contains a human-readable error message. |
| 700 - 798 | Exception is most likely due to processing error. The HTTP message contains a human-readable error message. |
| 699, 799 | The HTTP message will begin with an addition 5 digit machine-readable code that is used to further
narrow down the error in software exception handling. For example:
HTTP/1.0 699 20112: Invalid card expiration date 0x09 Connection: close Content-Type: text/plain Content-Length: 0In this example, 20112 indicates that an invalid card expiration date was given. |
NOTE: You should never send a "home made" trans_id number. When using this field, all trans_id numbers must be obtained using the getid3.1 method.
ID numbers are obtained by a GET or POST request to http://secure.netbilling.com:1401/gw/sas/getid3.1. For high speed applications that wish to take advantage of ID number caching, up to 10 IDs can be requested simultaneously, by passing a number (1-10) in the body of a POST, or in the query string of a GET request. e.g. http://secure.netbilling.com:1401/gw/sas/getid3.1?3.
The ID numbers are returned in the body of the text/plain response. Multiple IDs are separated by new-line characters.
To take advantage of this feature, the cisp_storage=1 parameter must be specified for the initial transaction. The Transaction ID (trans_id) for that transaction, together with the last 5 digits of the card number become the virtual account number handle for that customer.
To perform a future repeat billing for the same customer, instead of having to store and specify the card number and billing address again, simply send "CS:121212121212:4444" as the card_number/account_number, where 121212121212 is the trans_id of the original transaction, and 4444 is the last 4 digits of the card number (optional).
To change any of the stored information, such as the billing address, the updated information can be specified when issuing a Repeat Billing, which will over-ride the previously stored information. The new trans_id for the updated transaction can be used in the future to perform another Repeat Billing using the updated default information.
This feature can be used across accounts, which makes it possible for a merchant's affiliates to bill one of the merchant's customers, without having to know the card number or billing information. This can be used to implement cross-selling partnerships. In order for a merchant to allow its affiliates to cross-bill its customers, the partners must first be authorized by entering their account numbers on the Credit Card Setup page in the online adminstration system under PCI Managed Storage, Authorized Partners. The merchant needs to share each appropriate "CS:" virtual account number with the affiliate, in accordance with their mutual agreement.
For example, a merchant may have a checkbox on its payment form for a special offer from one of its affiliates. If a customer selects to take advantage of this offer, after completing the transaction, the merchant will send the virtual "CS:" account number to the affiliate. The affiliate will then proceed to bill the customer for the sale and ship the product.
Membership and recurring billing records can be automatically managed by the system, including PCI compliant storage of cardholder data. While these features are primarily intended to automate much of the management for developers of member-based websites, this feature can be used by any merchants that are interested in setting up some form of automated billing for their customers.
All recurring billing records that will be setup for automatic management must be created in association with a membership. The setup of such recurring billing records can be accomplished by including the "site_tag" parameter as well as all relevant and required "Membership and Recurring Billing" fields with the transaction request (as outlined in section 2.2 of this document). If this option is used all information relating to the membership and the associated recurring billing setup will be stored and processed automatically by the system. For member based websites the system can also manage the login and password information automatically by sending information to a control CGI on your webserver. The specifics of the CGI Membership postings are covered in detail in separate documentation.
Recurring billings setup through Direct Mode can be used to automatically rebill the customer's credit card to renew the membership on a regular basis. Rebilling periods can be specified as either a number of days between recurring billing attempts (ex. 1, 7, 30) or as a special period expression. If specified as a special period expression the initial membership period can also be prorated. This allows membership signups to take place at any time during the month but automatically scale the charge amount to match the possible reduced period of time until the first scheduled recurring billing.
Please note that a membership can be associated with multiple site tags by including a comma separated list of site tags as the value for the "site_tag" field instead of just a single tag. The first site tag in this list will become the member's primary site while the others will be automatically set as additional sites that membership has been granted access to.