Skip to content
/
Plaid Public Token Exchan...

Shift4 Payment API (1.7.43)

Overview
URL

https://www.shift4.com/contact-us/

Languages
Servers
Host Direct Test URL

https://api.shift4test.com/api/rest/v1/

Host Direct Production URL

https://api.shift4api.net/api/rest/v1/

Credentials

Operations

Transactions

Operations

Tokens

Operations

Merchants

Operations

Gift Cards

Operations

Cards

Operations

Devices

Operations

Reports

Operations

Batches

Operations

QR Payments

Operations

Mode

Operations

Risk

Operations

PayPal

Operations

3D Secure

Operations

OCT

Operations

ACH

OperationsWebhooks

ACH Verify

Request

Used to verify an ach bank account prior to sending an ACH sale/refund transaction.

Integration Methods:

  • Host Direct

See the Integration Methods and URLs Section sections of the Development Quick Start guide for details regarding each processing option.

Security
AccessToken
Headers
InterfaceVersionstring<= 11 charactersrequired

Refers to the version of the program or application that is sending requests to Shift4. The following special characters are not allowed: $ % : ^ - ~ < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: 2.1
InterfaceNamestring<= 25 charactersrequired

Refers to the name of the program or application that is sending requests to Shift4. This should be the name of the program that you purchased or created. The following special characters are not allowed: $ % : ^ - ~ ` < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: ForwardPOS
CompanyNamestring<= 26 charactersrequired

Refers to the vendor or partner that designed and certified the interface. The information you use in this field should match what Shift4 has on file or what was agreed upon in your Integration Plan. The following special characters are not allowed: $ % : ^ - ~ ` < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: PAWS
AccessTokenstring(uuid)<= 52 charactersrequired

A security credential used to authenticate API requests and all i4Go® authorizeClient/preauthorizeClient requests. An Access Token is the alias for the merchant account and interface being used. The Access Token is required in all requests except an Access Token Exchange request, which generates an Access Token using an authToken and clientGuid.

Example: EA79FB05-3AA7-4500-AF9A-73F986FF2C1D
Bodyapplication/jsonrequired
dateTimestring(ISO 8601)required

The date and time in ISO 8601 format including the timezone offset (yyyy-mm-ddThh:mm:ss.nnn+hh:mm).

Must be sent as the local date/time of the merchant. For example, a request processed at a merchant in the Pacific time zone at 9:18am on April 15th 2021 would be sent as 2021-04-15T09:18:23.283-07:00

Example: "2023-02-08T09:18:23.283-07:00"
achobjectrequired
Example: {"accountNumber":"1234567890","routingNumber":"121000248","accountType":"PC","verificationType":"P","accountHolderName":"John Smith"}
ach.​accountNumberstring<= 17 charactersrequired

Bank Account Number. Do not include any dashes, spaces, or additional zeros.

Example: "1234567890"
ach.​routingNumberstring= 9 charactersrequired

The routing number identifying the bank.

Example: "121000248"
ach.​accountTypestring= 2 charactersrequired

Bank account type

ValueDescription
PCPersonal Checking
PSPersonal Savings
CCCorporate Checking
CSCorporate Savings
Example: "PC"
ach.​verificationTypestringrequired

The type of verification used to validate the account.

ValueDescription
PPrenotification
Value"P"
Example: "P"
ach.​accountHolderNamestring<= 22 charactersrequired

ACH account holder's name

Example: "John Smith"
sourceIpstringrequired

Public source IP Address where the request originates, not the IP Address of the web server.

Example: "172.110.166.244"
transactionobject
application/json
{
  "dateTime": "2023-02-08T09:18:23.283-07:00",
  "ach": {
    "accountNumber": "1234567890",
    "routingNumber": "121000248",
    "accountType": "PC",
    "verificationType": "P",
    "accountHolderName": "John Smith"
  },
  "sourceIp": "172.110.166.244"
}

Responses

Transaction was processed

Bodyapplication/json
resultArray of objects
Example: [{"dateTime":"2023-02-08T09:18:23.283-07:00","merchant":{"mid":15877,"name":"Merchant XYZ"},"token":{"value":"9829283019231234","type":"ACH"},"transaction":{"authSource":"A","responseCode":"P"},"notificationId":"6ca3c55e-1b7c-4cad-8ae2-cac052b5510d","server":{"name":"TM01CE"}}]
Response
application/json
{
  "result": [
    {
      "dateTime": "2023-02-08T09:18:23.283-07:00",
      "merchant": {
        "mid": 15877,
        "name": "Merchant XYZ"
      },
      "token": {
        "value": "9829283019231234",
        "type": "ACH"
      },
      "transaction": {
        "authSource": "A",
        "responseCode": "P"
      },
      "notificationId": "6ca3c55e-1b7c-4cad-8ae2-cac052b5510d",
      "server": {
        "name": "TM01CE"
      }
    }
  ]
}

ACH Sale

Request

Used to process an ach sale transaction.

Integration Methods:

  • Host Direct

See the Integration Methods and URLs Section sections of the Development Quick Start guide for details regarding each processing option.

See the JSON Body Schemas for more details on the various JSON body formats.

Security
AccessToken
Headers
InterfaceVersionstring<= 11 charactersrequired

Refers to the version of the program or application that is sending requests to Shift4. The following special characters are not allowed: $ % : ^ - ~ < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: 2.1
InterfaceNamestring<= 25 charactersrequired

Refers to the name of the program or application that is sending requests to Shift4. This should be the name of the program that you purchased or created. The following special characters are not allowed: $ % : ^ - ~ ` < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: ForwardPOS
CompanyNamestring<= 26 charactersrequired

Refers to the vendor or partner that designed and certified the interface. The information you use in this field should match what Shift4 has on file or what was agreed upon in your Integration Plan. The following special characters are not allowed: $ % : ^ - ~ ` < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: PAWS
AccessTokenstring(uuid)<= 52 charactersrequired

A security credential used to authenticate API requests and all i4Go® authorizeClient/preauthorizeClient requests. An Access Token is the alias for the merchant account and interface being used. The Access Token is required in all requests except an Access Token Exchange request, which generates an Access Token using an authToken and clientGuid.

Example: EA79FB05-3AA7-4500-AF9A-73F986FF2C1D
Bodyapplication/jsonrequired
One of:
dateTimestring(ISO 8601)required

The date and time in ISO 8601 format including the timezone offset (yyyy-mm-ddThh:mm:ss.nnn+hh:mm).

Must be sent as the local date/time of the merchant. For example, a request processed at a merchant in the Pacific time zone at 9:18am on April 15th 2021 would be sent as 2021-04-15T09:18:23.283-07:00

Example: "2023-02-08T09:18:23.283-07:00"
amountobjectrequired

Object containing information regarding the amount being requested. The total field within the object is required and specifies the amount being requested.

Example: {"total":135.87}
amount.​totalnumber<= 11 charactersrequired

The amount being processed for the ACH transaction. The amount must be greater than zero with a maximum amount of 99999999.99.

Example: 135.87
transactionobjectrequired
Example: {"invoice":"192029"}
transaction.​invoicestring<= 10 charactersrequired

10 character invoice number assigned by the interface to identify a transaction. An invoice number serves as a unique key that identifies a transaction within a batch in Shift4's Gateway.

Example: "192029"
transaction.​vendorReferencestring<= 50 characters

Optional field for information that can be searched in the merchant portal.

achobjectrequired
Example: {"accountNumber":"1234567890","routingNumber":"121000248","accountHolderName":"John Smith","accountType":"PC","accountVerified":true}
ach.​accountNumberstring<= 17 charactersrequired

Bank Account Number. Do not include any dashes, spaces, or additional zeros.

Example: "1234567890"
ach.​routingNumberstring= 9 charactersrequired

The routing number identifying the bank.

Example: "121000248"
ach.​accountTypestring= 2 charactersrequired

Bank account type

ValueDescription
PCPersonal Checking
PSPersonal Savings
CCCorporate Checking
CSCorporate Savings
Example: "PC"
ach.​accountHolderNamestring<= 22 charactersrequired

ACH account holder's name

Example: "John Smith"
ach.​accountVerifiedboolean

Send as true if the ACH account was verified through a 3rd party.

Example: true
ach.​paymentTypeCodestring

Specifies the payment type. If not provided in the request the transaction will default to ST.

ValueDescription
SSingle Entry. Consumer authorizes the use of their ACH credentials for a single transaction. Each subsequent transaction requires the Consumer to authorize the use of their credentials.
RRecurring. Transaction is sent on a set time frame for a set amount. For example, a monthly gym membership.
STStanding Authorization. Consumer authorizes the use of their ACH credentials for the initial and subsequent transactions. Each subsequent transaction does not require the consumer to authorize the use of their credentials.
Enum"S""R""ST"
sourceIpstringrequired

Public source IP Address where the request originates, not the IP Address of the web server.

Example: "172.110.166.244"
application/json
{
  "dateTime": "2023-02-08T09:18:23.283-07:00",
  "amount": {
    "total": 135.87
  },
  "transaction": {
    "invoice": "192029"
  },
  "ach": {
    "accountNumber": "1234567890",
    "routingNumber": "121000248",
    "accountHolderName": "John Smith",
    "accountType": "PC",
    "accountVerified": true
  },
  "sourceIp": "172.110.166.244"
}

Responses

Transaction was processed

Bodyapplication/json
resultArray of objects
Response
application/json
{
  "result": [
    {
      "dateTime": "2023-02-08T09:18:23.283-07:00",
      "amount": {
        "total": 135.87
      },
      "merchant": {
        "mid": 15877,
        "name": "Merchant XYZ"
      },
      "token": {
        "value": "9829283019231234",
        "type": "ACH"
      },
      "ach": {
        "balanceVerificationResult": "VS"
      },
      "transaction": {
        "authSource": "A",
        "invoice": "192029",
        "responseCode": "P"
      },
      "notificationId": "6ca3c55e-1b7c-4cad-8ae2-cac052b5510d",
      "server": {
        "name": "TM01CE"
      }
    }
  ]
}

ACH Refund

Request

Used to process an ach refund transaction.

Integration Methods:

  • Host Direct

See the Integration Methods and URLs Section sections of the Development Quick Start guide for details regarding each processing option.

See the JSON Body Schemas for more details on the various JSON body formats.

Security
AccessToken
Headers
InterfaceVersionstring<= 11 charactersrequired

Refers to the version of the program or application that is sending requests to Shift4. The following special characters are not allowed: $ % : ^ - ~ < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: 2.1
InterfaceNamestring<= 25 charactersrequired

Refers to the name of the program or application that is sending requests to Shift4. This should be the name of the program that you purchased or created. The following special characters are not allowed: $ % : ^ - ~ ` < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: ForwardPOS
CompanyNamestring<= 26 charactersrequired

Refers to the vendor or partner that designed and certified the interface. The information you use in this field should match what Shift4 has on file or what was agreed upon in your Integration Plan. The following special characters are not allowed: $ % : ^ - ~ ` < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: PAWS
AccessTokenstring(uuid)<= 52 charactersrequired

A security credential used to authenticate API requests and all i4Go® authorizeClient/preauthorizeClient requests. An Access Token is the alias for the merchant account and interface being used. The Access Token is required in all requests except an Access Token Exchange request, which generates an Access Token using an authToken and clientGuid.

Example: EA79FB05-3AA7-4500-AF9A-73F986FF2C1D
Bodyapplication/jsonrequired
One of:
dateTimestring(ISO 8601)required

The date and time in ISO 8601 format including the timezone offset (yyyy-mm-ddThh:mm:ss.nnn+hh:mm).

Must be sent as the local date/time of the merchant. For example, a request processed at a merchant in the Pacific time zone at 9:18am on April 15th 2021 would be sent as 2021-04-15T09:18:23.283-07:00

Example: "2023-02-08T09:18:23.283-07:00"
amountobjectrequired

Object containing information regarding the amount being requested. The total field within the object is required and specifies the amount being requested.

Example: {"total":135.87}
amount.​totalnumber<= 11 charactersrequired

The amount being processed for the ACH transaction. The amount must be greater than zero with a maximum amount of 99999999.99.

Example: 135.87
transactionobjectrequired
Example: {"invoice":"192030","originalInvoice":"192029"}
transaction.​invoicestring<= 10 charactersrequired

10 character invoice number assigned by the interface to identify a transaction. An invoice number serves as a unique key that identifies a transaction within a batch in Shift4's Gateway.

Example: "192030"
transaction.​originalInvoicestring<= 10 charactersrequired

The invoice number from the original sale. Used to link the refund to the original sale.

Note: For US and Canadian processing: Although the invoice number is sent as a JSON string it is a numeric value. No alpha characters are allowed.

For processing outside of the US and Canada alpha characters are allowed.

Example: "192029"
transaction.​vendorReferencestring<= 50 characters

Optional field for information that can be searched in the merchant portal.

achobjectrequired
Example: {"accountNumber":"1234567890","routingNumber":"121000248","accountType":"PC","accountHolderName":"John Smith"}
ach.​accountNumberstring<= 17 charactersrequired

Bank Account Number. Do not include any dashes, spaces, or additional zeros.

Example: "1234567890"
ach.​routingNumberstring= 9 charactersrequired

The routing number identifying the bank.

Example: "121000248"
ach.​accountTypestring= 2 charactersrequired

Bank account type

ValueDescription
PCPersonal Checking
PSPersonal Savings
CCCorporate Checking
CSCorporate Savings
Example: "PC"
ach.​accountHolderNamestring<= 22 charactersrequired

ACH account holder's name

Example: "John Smith"
ach.​accountVerifiedboolean

Send as true if the ACH account was verified through a 3rd party.

sourceIpstringrequired

Public source IP Address where the request originates, not the IP Address of the web server.

Example: "172.110.166.244"
application/json
{
  "dateTime": "2023-02-08T09:18:23.283-07:00",
  "amount": {
    "total": 135.87
  },
  "transaction": {
    "invoice": "192030",
    "originalInvoice": "192029"
  },
  "ach": {
    "accountNumber": "1234567890",
    "routingNumber": "121000248",
    "accountType": "PC",
    "accountHolderName": "John Smith"
  },
  "sourceIp": "172.110.166.244"
}

Responses

Transaction was processed

Bodyapplication/json
resultArray of objects
Response
application/json
{
  "result": [
    {
      "dateTime": "2023-02-08T09:18:23.283-07:00",
      "amount": {
        "total": 135.87
      },
      "merchant": {
        "mid": 15877,
        "name": "Merchant XYZ"
      },
      "token": {
        "value": "9829283019231234",
        "type": "ACH"
      },
      "transaction": {
        "authSource": "A",
        "invoice": "192030",
        "originalInvoice": "192029",
        "responseCode": "P"
      },
      "notificationId": "6ca3c55e-1b7c-4cad-8ae2-cac052b5510d",
      "server": {
        "name": "TM01CE"
      }
    }
  ]
}

Create Plaid Link Token

Request

Used to create a Plaid Link token to use with the Plaid Link UI.

Integration Methods:

  • Host Direct

See the Integration Methods and URLs Section sections of the Development Quick Start guide for details regarding each processing option.

Security
AccessToken
Headers
InterfaceVersionstring<= 11 charactersrequired

Refers to the version of the program or application that is sending requests to Shift4. The following special characters are not allowed: $ % : ^ - ~ < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: 2.1
InterfaceNamestring<= 25 charactersrequired

Refers to the name of the program or application that is sending requests to Shift4. This should be the name of the program that you purchased or created. The following special characters are not allowed: $ % : ^ - ~ ` < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: ForwardPOS
CompanyNamestring<= 26 charactersrequired

Refers to the vendor or partner that designed and certified the interface. The information you use in this field should match what Shift4 has on file or what was agreed upon in your Integration Plan. The following special characters are not allowed: $ % : ^ - ~ ` < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: PAWS
AccessTokenstring(uuid)<= 52 charactersrequired

A security credential used to authenticate API requests and all i4Go® authorizeClient/preauthorizeClient requests. An Access Token is the alias for the merchant account and interface being used. The Access Token is required in all requests except an Access Token Exchange request, which generates an Access Token using an authToken and clientGuid.

Example: EA79FB05-3AA7-4500-AF9A-73F986FF2C1D
Bodyapplication/jsonrequired
dateTimestring(ISO 8601)required

The date and time in ISO 8601 format including the timezone offset (yyyy-mm-ddThh:mm:ss.nnn+hh:mm).

Must be sent as the local date/time of the merchant. For example, a request processed at a merchant in the Pacific time zone at 9:18am on April 15th 2021 would be sent as 2021-04-15T09:18:23.283-07:00

plaidobjectrequired
plaid.​client_user_idstringrequired

A unique ID representing the end user. Typically this will be a user ID number from your application. Personally identifiable information, such as an email address or phone number, should not be used in the client_user_id.

plaid.​languagestring

The language that Link should be displayed in. If no language is sent it will default to English.

ValueDescription
daDanish
nlDutch
enEnglish
etEstonian
frFrench
deGerman
itItalian
lvLatvian
ltLithuanian
noNorwegian
poPolish
roRomanian
esSpanish
seSwedish
Enum"da""nl""en""et""fr""de""it""lv""lt""no"
plaid.​redirectUrlstring

Contains the URL to which the browser should be redirected.

Conditional: must be sent if the customer is using a 'mobile device' or 'website with redirection'. Also the same url needs to be provided during onboarding or later via LBM.

application/json
{
  "dateTime": "2024-05-21T09:18:23.283-07:00",
  "plaid": {
    "client_user_id": "ae1a59fe-8646-4637-bbb8-d270856c508c",
    "language": "en",
    "redirectUrl": "merchant.com"
  }
}

Responses

Request was processed

Bodyapplication/json
resultArray of objects
Response
application/json
{
  "result": [
    {
      "dateTime": "2023-02-08T09:18:23.283-07:00",
      "merchant": {
        "mid": 15877,
        "name": "Merchant XYZ"
      },
      "transaction": {
        "authSource": "A",
        "responseCode": "S"
      },
      "plaid": {
        "link_token": "link-sandbox-bea285c1-ad79-4191-8d1b-aaf537f7df59",
        "expiration": "2023-02-13T21:00:25Z",
        "client_user_id": "ae1a59fe-8646-4637-bbb8-d270856c508c"
      },
      "server": {
        "name": "TM01CE"
      }
    }
  ]
}

Plaid Public Token Exchange

Request

Used to create a Plaid Link token to use with the Plaid Link UI.

Integration Methods:

  • Host Direct

See the Integration Methods and URLs Section sections of the Development Quick Start guide for details regarding each processing option.

Security
AccessToken
Headers
InterfaceVersionstring<= 11 charactersrequired

Refers to the version of the program or application that is sending requests to Shift4. The following special characters are not allowed: $ % : ^ - ~ < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: 2.1
InterfaceNamestring<= 25 charactersrequired

Refers to the name of the program or application that is sending requests to Shift4. This should be the name of the program that you purchased or created. The following special characters are not allowed: $ % : ^ - ~ ` < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: ForwardPOS
CompanyNamestring<= 26 charactersrequired

Refers to the vendor or partner that designed and certified the interface. The information you use in this field should match what Shift4 has on file or what was agreed upon in your Integration Plan. The following special characters are not allowed: $ % : ^ - ~ ` < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: PAWS
AccessTokenstring(uuid)<= 52 charactersrequired

A security credential used to authenticate API requests and all i4Go® authorizeClient/preauthorizeClient requests. An Access Token is the alias for the merchant account and interface being used. The Access Token is required in all requests except an Access Token Exchange request, which generates an Access Token using an authToken and clientGuid.

Example: EA79FB05-3AA7-4500-AF9A-73F986FF2C1D
Bodyapplication/jsonrequired
dateTimestring(ISO 8601)required

The date and time in ISO 8601 format including the timezone offset (yyyy-mm-ddThh:mm:ss.nnn+hh:mm).

Must be sent as the local date/time of the merchant. For example, a request processed at a merchant in the Pacific time zone at 9:18am on April 15th 2021 would be sent as 2021-04-15T09:18:23.283-07:00

achobjectrequired
ach.​accountHolderNamestring<= 22 charactersrequired

ACH account holder's name

plaidobjectrequired
plaid.​public_tokenstringrequired

Plaid Public Token

plaid.​metadatastringrequired

JSON encoded object received from the Plaid SDK. The metadata object received from the Plaid SDK must be json encoded and sent in this object.

application/json
{
  "dateTime": "2024-05-21T09:18:23.283-07:00",
  "ach": {
    "accountHolderName": "John Smith"
  },
  "plaid": {
    "public_token": "public-sandbox-0b7f845f-fa53-4e0a-b77b-9476e71be5ae",
    "metadata": "{\"status\":null,\"link_session_id\":\"81fcbacf-e2f8-422b-b041-5e629b32ae3c\",\"institution\":{\"name\":\"Houndstooth Bank\",\"institution_id\":\"ins_109512\"},\"accounts\":[{\"id\":\"dvMPrZ9kR1C8xdRvLR6QIaREG5vBo6SBjaRrr\",\"name\":\"Plaid Checking\",\"mask\":\"0000\",\"type\":\"depository\",\"subtype\":\"checking\",\"verification_status\":\"pending_automatic_verification\",\"class_type\":null}],\"account\":{\"id\":\"dvMPrZ9kR1C8xdRvLR6QIaREG5vBo6SBjaRrr\",\"name\":\"Plaid Checking\",\"mask\":\"0000\",\"type\":\"depository\",\"subtype\":\"checking\",\"verification_status\":\"pending_automatic_verification\",\"class_type\":null},\"account_id\":\"dvMPrZ9kR1C8xdRvLR6QIaREG5vBo6SBjaRrr\",\"transfer_status\":null,\"wallet\":null,\"public_token\":\"public-sandbox-b5e58738-1a75-4a51-b4de-10f24c561038\"}"
  }
}

Responses

Request was processed

Bodyapplication/json
resultArray of objects
Response
application/json
{
  "result": [
    {
      "dateTime": "2023-02-08T09:18:23.283-07:00",
      "merchant": {
        "mid": 15877,
        "name": "Merchant XYZ"
      },
      "transaction": {
        "authSource": "A",
        "responseCode": "A"
      },
      "notificationId": "6ca3c55e-1b7c-4cad-8ae2-cac052b5510d",
      "ach": {
        "accountLastFour": "7890"
      },
      "token": {
        "value": "9829283019231234",
        "type": "ACH"
      },
      "server": {
        "name": "TM01CE"
      }
    }
  ]
}

NotificationWebhook

Request

This is an outbound HTTP POST message from the Shift4 gateway to the merchant's environment that provides status of the ach request. This notification request will be sent from Shift4 to the URL provided in the merchant's boarding configuration.

This requires the interface vendor to establish a listening service to receive these requests.

Bodyapplication/jsonrequired
One of:
eventobject
Example: {"type":"ach.verify.verification_status_update"}
achobject
Example: {"verificationType":"P"}
tokenobject
Example: {"value":"9829283019231234","type":"ACH"}
transactionobject
Example: {"authSource":"A","responseCode":"A"}
notificationIdstring(uuid)= 36 characters

Notification ID value generated by Shift4 and returned in the response. Used for matching webhook notifications back to their original request.

Example: "6ca3c55e-1b7c-4cad-8ae2-cac052b5510d"
serverobject
Example: {"name":"TM01CE"}
application/json
{
  "event": {
    "type": "ach.verify.verification_status_update"
  },
  "ach": {
    "verificationType": "P"
  },
  "token": {
    "value": "9829283019231234",
    "type": "ACH"
  },
  "transaction": {
    "authSource": "A",
    "responseCode": "A"
  },
  "notificationId": "6ca3c55e-1b7c-4cad-8ae2-cac052b5510d",
  "server": {
    "name": "TM01CE"
  }
}

Responses

Return 200 status to indicate that the Notification was received successfully.

Updater

Operations

DCC

Operations

Rules

Operations