Skip to content

Shift4 Payment API (1.7.43)

Overview
URL

https://www.shift4.com/contact-us/

Languages
Servers
Host Direct Test URL

https://api.shift4test.com/api/rest/v1/

Host Direct Production URL

https://api.shift4api.net/api/rest/v1/

Credentials

Operations

Transactions

Operations

Tokens

Operations

Merchants

Operations

Gift Cards

Operations

Activate

Request

This function requests that a new gift card be activated for use or that a new gift card be loaded with funds.

Integration Methods:

  • Host Direct
  • Locally Installed UTG

See the Integration Methods and URLs Section sections of the Development Quick Start guide for details regarding each processing option.

See the JSON Body Schemas for more details on the various JSON body formats.

Security
AccessToken
Headers
InterfaceVersionstring<= 11 charactersrequired

Refers to the version of the program or application that is sending requests to Shift4. The following special characters are not allowed: $ % : ^ - ~ < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: 2.1
InterfaceNamestring<= 25 charactersrequired

Refers to the name of the program or application that is sending requests to Shift4. This should be the name of the program that you purchased or created. The following special characters are not allowed: $ % : ^ - ~ ` < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: ForwardPOS
CompanyNamestring<= 26 charactersrequired

Refers to the vendor or partner that designed and certified the interface. The information you use in this field should match what Shift4 has on file or what was agreed upon in your Integration Plan. The following special characters are not allowed: $ % : ^ - ~ ` < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: PAWS
AccessTokenstring(uuid)<= 52 charactersrequired

A security credential used to authenticate API requests and all i4Go® authorizeClient/preauthorizeClient requests. An Access Token is the alias for the merchant account and interface being used. The Access Token is required in all requests except an Access Token Exchange request, which generates an Access Token using an authToken and clientGuid.

Example: EA79FB05-3AA7-4500-AF9A-73F986FF2C1D
Bodyapplication/jsonrequired
One of:
dateTimestring(ISO 8601)required

The date and time in ISO 8601 format including the timezone offset (yyyy-mm-ddThh:mm:ss.nnn+hh:mm).

Must be sent as the local date/time of the merchant. For example, a request processed at a merchant in the Pacific time zone at 9:18am on April 15th 2021 would be sent as 2021-04-15T09:18:23.283-07:00

Example: "2021-04-15T09:18:23.283-07:00"
amountobjectrequired

Object containing information regarding the amount being added onto the card or removed from the card.

Example: {"total":25}
amount.​totalnumber<= 14 charactersrequired

The amount which should be added to the card's balance. Amount cannot be zero.

Example: 25
amount.​checkTotalnumber<= 14 characterswrite-only

Optional field specifying the total amount of the entire bill/invoice that this transaction is part of. It can be larger than amount.total in scenarios where the check is being split or if a portion of the check was already paid in cash or another form of payment.

deviceobjectrequired
Example: {"terminalId":"1742"}
device.​terminalIdstring<= 32 charactersrequired

To prompt a specific UTG-controlled PIN pad in a request, the API Terminal ID configured in UTG TuneUp must be specified in this field.

Example: "1742"
device.​promptCardSecurityCodestring= 1 characters

When using a UTG-controlled PIN pad:

ValueDescription
YForce the PIN pad to prompt the consumer for a CSC.
NDo not force the PIN pad to prompt the consumer for a CSC.

Note: Use only when you want to override MCE (Manual Card Entry) settings in UTG.

Enum"Y""N"
cardobjectrequired
Example: {"present":"Y"}
card.​presentstringrequired

Conditional: Send in the initial authorization/sale request

Indicates whether a card was present (‘Y’) or not (‘N’) at the time a transaction took place. This should be set appropriately in the initial authorization/sale request. In subsequent requests, this field should be left blank or should not be sent.

Note: Subsequent request here does not apply to the secondary request for card on file type transactions or reuse of the same card. An example of a subsequent request would be a capture after an authorization. You would not include card.present in the capture, which is the subsequent request. Another example is when performing an incremental authorization where you perform an authorization, followed by an incremental authorization then a capture. The second authorization (incremental) and the capture are the subsequent requests where you would not include card.present.

Enum"Y""N"
Example: "Y"
transactionobjectrequired
Example: {"invoice":"192029"}
transaction.​invoicestring<= 10 charactersrequired

10-digit invoice number assigned by the interface to identify a transaction. An invoice number serves as a unique key that identifies a transaction within a batch in Shift4's Gateway.

Note: For US and Canadian processing: Although the invoice number is sent as a JSON string it is a numeric value. No alpha characters are allowed.

For processing outside of the US and Canada alpha characters are allowed.

Example: "192029"
application/json
{
  "dateTime": "2021-04-15T09:18:23.283-07:00",
  "amount": {
    "total": 25
  },
  "card": {
    "present": "Y"
  },
  "device": {
    "terminalId": "1742"
  },
  "transaction": {
    "invoice": "192029"
  }
}

Responses

Transaction was processed

Bodyapplication/json
resultArray of objects
Response
application/json
{
  "result": [
    {
      "dateTime": "2021-04-15T09:18:23.283-07:00",
      "amount": {
        "total": 20
      },
      "card": {
        "number": "XXXXXXXXXXXX1333",
        "balance": {},
        "token": {},
        "type": "YC"
      },
      "device": {
        "terminalId": "1742"
      },
      "merchant": {
        "mid": 15877,
        "name": "Merchant XYZ"
      },
      "server": {
        "name": "UTGAPI01CE"
      },
      "transaction": {
        "authSource": "E",
        "invoice": "192030",
        "responseCode": "A"
      }
    }
  ]
}

Allocate

Request

This function requests that a new gift card be allocated for use under a specific Program ID. The new card will be generated during the request and activated with the requested amount.

Integration Methods:

  • Host Direct
  • Locally Installed UTG

See the Integration Methods and URLs Section sections of the Development Quick Start guide for details regarding each processing option.

Security
AccessToken
Headers
InterfaceVersionstring<= 11 charactersrequired

Refers to the version of the program or application that is sending requests to Shift4. The following special characters are not allowed: $ % : ^ - ~ < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: 2.1
InterfaceNamestring<= 25 charactersrequired

Refers to the name of the program or application that is sending requests to Shift4. This should be the name of the program that you purchased or created. The following special characters are not allowed: $ % : ^ - ~ ` < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: ForwardPOS
CompanyNamestring<= 26 charactersrequired

Refers to the vendor or partner that designed and certified the interface. The information you use in this field should match what Shift4 has on file or what was agreed upon in your Integration Plan. The following special characters are not allowed: $ % : ^ - ~ ` < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: PAWS
AccessTokenstring(uuid)<= 52 charactersrequired

A security credential used to authenticate API requests and all i4Go® authorizeClient/preauthorizeClient requests. An Access Token is the alias for the merchant account and interface being used. The Access Token is required in all requests except an Access Token Exchange request, which generates an Access Token using an authToken and clientGuid.

Example: EA79FB05-3AA7-4500-AF9A-73F986FF2C1D
Bodyapplication/jsonrequired
dateTimestring(ISO 8601)required

The date and time in ISO 8601 format including the timezone offset (yyyy-mm-ddThh:mm:ss.nnn+hh:mm).

Must be sent as the local date/time of the merchant. For example, a request processed at a merchant in the Pacific time zone at 9:18am on April 15th 2021 would be sent as 2021-04-15T09:18:23.283-07:00

amountobjectrequired

Object containing information regarding the amount being added onto the card or removed from the card.

amount.​totalnumber<= 14 charactersrequired

The amount which should be added to the card's balance. Amount cannot be zero.

amount.​checkTotalnumber<= 14 characterswrite-only

Optional field specifying the total amount of the entire bill/invoice that this transaction is part of. It can be larger than amount.total in scenarios where the check is being split or if a portion of the check was already paid in cash or another form of payment.

transactionobjectrequired
transaction.​invoicestring<= 10 charactersrequired

10-digit invoice number assigned by the interface to identify a transaction. An invoice number serves as a unique key that identifies a transaction within a batch in Shift4's Gateway.

Note: For US and Canadian processing: Although the invoice number is sent as a JSON string it is a numeric value. No alpha characters are allowed.

For processing outside of the US and Canada alpha characters are allowed.

programIdstring<= 16 characters

The ID value for the program you are allocating a gift card under.

application/json
{
  "dateTime": "2021-04-15T09:18:23.283-07:00",
  "amount": {
    "total": 25
  },
  "programId": "95",
  "transaction": {
    "invoice": "192029"
  }
}

Responses

Transaction was processed

Bodyapplication/json
resultArray of objects
Response
application/json
{
  "result": [
    {
      "dateTime": "2021-04-15T09:18:23.283-07:00",
      "amount": {
        "total": 20
      },
      "card": {
        "number": "1000083000004141494",
        "type": "GC",
        "balance": {}
      },
      "merchant": {
        "mid": 15877,
        "name": "Merchant XYZ"
      },
      "programId": "95",
      "server": {
        "name": "UTGAPI01CE"
      },
      "transaction": {
        "invoice": "192029",
        "responseCode": "A"
      }
    }
  ]
}

Deactivate

Request

This function requests that an active gift card be deactivated so that it can’t be used to process transactions. A balance will remain on the gift card (if supported by the processor). If you want to return the card's current balance back to the customer, use the Cashout endpoint instead.

Integration Methods:

  • Host Direct
  • Locally Installed UTG

See the Integration Methods and URLs Section sections of the Development Quick Start guide for details regarding each processing option.

See the JSON Body Schemas for more details on the various JSON body formats.

Security
AccessToken
Headers
InterfaceVersionstring<= 11 charactersrequired

Refers to the version of the program or application that is sending requests to Shift4. The following special characters are not allowed: $ % : ^ - ~ < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: 2.1
InterfaceNamestring<= 25 charactersrequired

Refers to the name of the program or application that is sending requests to Shift4. This should be the name of the program that you purchased or created. The following special characters are not allowed: $ % : ^ - ~ ` < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: ForwardPOS
CompanyNamestring<= 26 charactersrequired

Refers to the vendor or partner that designed and certified the interface. The information you use in this field should match what Shift4 has on file or what was agreed upon in your Integration Plan. The following special characters are not allowed: $ % : ^ - ~ ` < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: PAWS
AccessTokenstring(uuid)<= 52 charactersrequired

A security credential used to authenticate API requests and all i4Go® authorizeClient/preauthorizeClient requests. An Access Token is the alias for the merchant account and interface being used. The Access Token is required in all requests except an Access Token Exchange request, which generates an Access Token using an authToken and clientGuid.

Example: EA79FB05-3AA7-4500-AF9A-73F986FF2C1D
Bodyapplication/jsonrequired
One of:
dateTimestring(ISO 8601)required

The date and time in ISO 8601 format including the timezone offset (yyyy-mm-ddThh:mm:ss.nnn+hh:mm).

Must be sent as the local date/time of the merchant. For example, a request processed at a merchant in the Pacific time zone at 9:18am on April 15th 2021 would be sent as 2021-04-15T09:18:23.283-07:00

Example: "2021-04-15T09:18:23.283-07:00"
deviceobjectrequired
Example: {"terminalId":"1742"}
device.​terminalIdstring<= 32 charactersrequired

To prompt a specific UTG-controlled PIN pad in a request, the API Terminal ID configured in UTG TuneUp must be specified in this field.

Example: "1742"
device.​promptCardSecurityCodestring= 1 characters

When using a UTG-controlled PIN pad:

ValueDescription
YForce the PIN pad to prompt the consumer for a CSC.
NDo not force the PIN pad to prompt the consumer for a CSC.

Note: Use only when you want to override MCE (Manual Card Entry) settings in UTG.

Enum"Y""N"
cardobjectrequired
Example: {"deactivationReason":"Stolen","present":"N"}
card.​deactivationReasonstring<= 32 charactersrequired

In a Gift Card Deactivate or Cashout request, specifies the reason for deactivation. In a Gift Card redemption or inquiry response, specifies the reason for denial sent by the processor.

Example: "Stolen"
card.​presentstringrequired

Conditional: Send in the initial authorization/sale request

Indicates whether a card was present (‘Y’) or not (‘N’) at the time a transaction took place. This should be set appropriately in the initial authorization/sale request. In subsequent requests, this field should be left blank or should not be sent.

Note: Subsequent request here does not apply to the secondary request for card on file type transactions or reuse of the same card. An example of a subsequent request would be a capture after an authorization. You would not include card.present in the capture, which is the subsequent request. Another example is when performing an incremental authorization where you perform an authorization, followed by an incremental authorization then a capture. The second authorization (incremental) and the capture are the subsequent requests where you would not include card.present.

Enum"Y""N"
Example: "N"
transactionobjectrequired
Example: {"invoice":"192029"}
transaction.​invoicestring<= 10 charactersrequired

10-digit invoice number assigned by the interface to identify a transaction. An invoice number serves as a unique key that identifies a transaction within a batch in Shift4's Gateway.

Note: For US and Canadian processing: Although the invoice number is sent as a JSON string it is a numeric value. No alpha characters are allowed.

For processing outside of the US and Canada alpha characters are allowed.

Example: "192029"
application/json
{
  "dateTime": "2021-04-15T09:18:23.283-07:00",
  "card": {
    "deactivationReason": "Stolen",
    "present": "N"
  },
  "device": {
    "terminalId": "1742"
  },
  "transaction": {
    "invoice": "192029"
  }
}

Responses

Transaction was processed

Bodyapplication/json
resultArray of objects
Response
application/json
{
  "result": [
    {
      "dateTime": "2021-04-15T09:18:23.283-07:00",
      "card": {
        "entryMode": "1",
        "number": "XXXXXXXXXXXX1333",
        "present": "Y",
        "deactivationReason": "lost or stolen",
        "balance": {},
        "token": {},
        "type": "YC"
      },
      "device": {
        "terminalId": "1742"
      },
      "merchant": {
        "mid": 15877,
        "name": "Merchant XYZ"
      },
      "server": {
        "name": "UTGAPI01CE"
      },
      "transaction": {
        "authSource": "E",
        "invoice": "192032",
        "responseCode": "A"
      }
    }
  ]
}

Cashback

Request

This function requests that an active gift card be deactivated so that it can’t be used to process transactions. Any current balance is removed from the card so that the funds can be returned to the consumer as cash.

This endpoint replaces the Gift Card Cashout endpoint.

Integration Methods:

  • Host Direct
  • Locally Installed UTG

See the Integration Methods and URLs Section sections of the Development Quick Start guide for details regarding each processing option.

See the JSON Body Schemas for more details on the various JSON body formats.

Security
AccessToken
Headers
InterfaceVersionstring<= 11 charactersrequired

Refers to the version of the program or application that is sending requests to Shift4. The following special characters are not allowed: $ % : ^ - ~ < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: 2.1
InterfaceNamestring<= 25 charactersrequired

Refers to the name of the program or application that is sending requests to Shift4. This should be the name of the program that you purchased or created. The following special characters are not allowed: $ % : ^ - ~ ` < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: ForwardPOS
CompanyNamestring<= 26 charactersrequired

Refers to the vendor or partner that designed and certified the interface. The information you use in this field should match what Shift4 has on file or what was agreed upon in your Integration Plan. The following special characters are not allowed: $ % : ^ - ~ ` < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: PAWS
AccessTokenstring(uuid)<= 52 charactersrequired

A security credential used to authenticate API requests and all i4Go® authorizeClient/preauthorizeClient requests. An Access Token is the alias for the merchant account and interface being used. The Access Token is required in all requests except an Access Token Exchange request, which generates an Access Token using an authToken and clientGuid.

Example: EA79FB05-3AA7-4500-AF9A-73F986FF2C1D
Bodyapplication/jsonrequired
One of:
dateTimestring(ISO 8601)required

The date and time in ISO 8601 format including the timezone offset (yyyy-mm-ddThh:mm:ss.nnn+hh:mm).

Must be sent as the local date/time of the merchant. For example, a request processed at a merchant in the Pacific time zone at 9:18am on April 15th 2021 would be sent as 2021-04-15T09:18:23.283-07:00

Example: "2021-04-15T09:18:23.283-07:00"
deviceobjectrequired
Example: {"terminalId":"1742"}
device.​terminalIdstring<= 32 charactersrequired

To prompt a specific UTG-controlled PIN pad in a request, the API Terminal ID configured in UTG TuneUp must be specified in this field.

Example: "1742"
device.​promptCardSecurityCodestring= 1 characters

When using a UTG-controlled PIN pad:

ValueDescription
YForce the PIN pad to prompt the consumer for a CSC.
NDo not force the PIN pad to prompt the consumer for a CSC.

Note: Use only when you want to override MCE (Manual Card Entry) settings in UTG.

Enum"Y""N"
cardobjectrequired
Example: {"deactivationReason":"Stolen","present":"N"}
card.​deactivationReasonstring<= 32 charactersrequired

In a Gift Card Deactivate or Cashout request, specifies the reason for deactivation. In a Gift Card redemption or inquiry response, specifies the reason for denial sent by the processor.

Example: "Stolen"
card.​presentstringrequired

Conditional: Send in the initial authorization/sale request

Indicates whether a card was present (‘Y’) or not (‘N’) at the time a transaction took place. This should be set appropriately in the initial authorization/sale request. In subsequent requests, this field should be left blank or should not be sent.

Note: Subsequent request here does not apply to the secondary request for card on file type transactions or reuse of the same card. An example of a subsequent request would be a capture after an authorization. You would not include card.present in the capture, which is the subsequent request. Another example is when performing an incremental authorization where you perform an authorization, followed by an incremental authorization then a capture. The second authorization (incremental) and the capture are the subsequent requests where you would not include card.present.

Enum"Y""N"
Example: "N"
transactionobjectrequired
Example: {"invoice":"192029"}
transaction.​invoicestring<= 10 charactersrequired

10-digit invoice number assigned by the interface to identify a transaction. An invoice number serves as a unique key that identifies a transaction within a batch in Shift4's Gateway.

Note: For US and Canadian processing: Although the invoice number is sent as a JSON string it is a numeric value. No alpha characters are allowed.

For processing outside of the US and Canada alpha characters are allowed.

Example: "192029"
application/json
{
  "dateTime": "2021-04-15T09:18:23.283-07:00",
  "card": {
    "deactivationReason": "Stolen",
    "present": "N"
  },
  "device": {
    "terminalId": "1742"
  },
  "transaction": {
    "invoice": "192029"
  }
}

Responses

Transaction was processed

Bodyapplication/json
resultArray of objects
Response
application/json
{
  "result": [
    {
      "dateTime": "2021-04-15T09:18:23.283-07:00",
      "amount": {
        "total": 20
      },
      "card": {
        "entryMode": "1",
        "number": "XXXXXXXXXXXX1333",
        "present": "Y",
        "deactivationReason": "lost or stolen",
        "token": {},
        "type": "YC"
      },
      "device": {
        "terminalId": "1742"
      },
      "merchant": {
        "mid": 15877,
        "name": "Merchant XYZ"
      },
      "server": {
        "name": "UTGAPI01CE"
      },
      "transaction": {
        "authSource": "E",
        "invoice": "192034",
        "responseCode": "A"
      }
    }
  ]
}

Reactivate

Request

This function requests that a previously deactivated gift card be reactivated. If there was a balance remaining on the gift card at the time of deactivation, the balance will again become available for use. Funds cannot be added to a gift card during a Reactivate request.

Integration Methods:

  • Host Direct
  • Locally Installed UTG

See the Integration Methods and URLs Section sections of the Development Quick Start guide for details regarding each processing option.

See the JSON Body Schemas for more details on the various JSON body formats.

Security
AccessToken
Headers
InterfaceVersionstring<= 11 charactersrequired

Refers to the version of the program or application that is sending requests to Shift4. The following special characters are not allowed: $ % : ^ - ~ < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: 2.1
InterfaceNamestring<= 25 charactersrequired

Refers to the name of the program or application that is sending requests to Shift4. This should be the name of the program that you purchased or created. The following special characters are not allowed: $ % : ^ - ~ ` < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: ForwardPOS
CompanyNamestring<= 26 charactersrequired

Refers to the vendor or partner that designed and certified the interface. The information you use in this field should match what Shift4 has on file or what was agreed upon in your Integration Plan. The following special characters are not allowed: $ % : ^ - ~ ` < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: PAWS
AccessTokenstring(uuid)<= 52 charactersrequired

A security credential used to authenticate API requests and all i4Go® authorizeClient/preauthorizeClient requests. An Access Token is the alias for the merchant account and interface being used. The Access Token is required in all requests except an Access Token Exchange request, which generates an Access Token using an authToken and clientGuid.

Example: EA79FB05-3AA7-4500-AF9A-73F986FF2C1D
Bodyapplication/jsonrequired
One of:
dateTimestring(ISO 8601)required

The date and time in ISO 8601 format including the timezone offset (yyyy-mm-ddThh:mm:ss.nnn+hh:mm).

Must be sent as the local date/time of the merchant. For example, a request processed at a merchant in the Pacific time zone at 9:18am on April 15th 2021 would be sent as 2021-04-15T09:18:23.283-07:00

Example: "2021-04-15T09:18:23.283-07:00"
deviceobjectrequired
Example: {"terminalId":"1742"}
device.​terminalIdstring<= 32 charactersrequired

To prompt a specific UTG-controlled PIN pad in a request, the API Terminal ID configured in UTG TuneUp must be specified in this field.

Example: "1742"
device.​promptCardSecurityCodestring= 1 characters

When using a UTG-controlled PIN pad:

ValueDescription
YForce the PIN pad to prompt the consumer for a CSC.
NDo not force the PIN pad to prompt the consumer for a CSC.

Note: Use only when you want to override MCE (Manual Card Entry) settings in UTG.

Enum"Y""N"
cardobjectrequired
Example: {"present":"Y"}
card.​presentstringrequired

Conditional: Send in the initial authorization/sale request

Indicates whether a card was present (‘Y’) or not (‘N’) at the time a transaction took place. This should be set appropriately in the initial authorization/sale request. In subsequent requests, this field should be left blank or should not be sent.

Note: Subsequent request here does not apply to the secondary request for card on file type transactions or reuse of the same card. An example of a subsequent request would be a capture after an authorization. You would not include card.present in the capture, which is the subsequent request. Another example is when performing an incremental authorization where you perform an authorization, followed by an incremental authorization then a capture. The second authorization (incremental) and the capture are the subsequent requests where you would not include card.present.

Enum"Y""N"
Example: "Y"
transactionobjectrequired
Example: {"invoice":"192029"}
transaction.​invoicestring<= 10 charactersrequired

10-digit invoice number assigned by the interface to identify a transaction. An invoice number serves as a unique key that identifies a transaction within a batch in Shift4's Gateway.

Note: For US and Canadian processing: Although the invoice number is sent as a JSON string it is a numeric value. No alpha characters are allowed.

For processing outside of the US and Canada alpha characters are allowed.

Example: "192029"
application/json
{
  "dateTime": "2021-04-15T09:18:23.283-07:00",
  "card": {
    "present": "Y"
  },
  "device": {
    "terminalId": "1742"
  },
  "transaction": {
    "invoice": "192029"
  }
}

Responses

Transaction was processed

Bodyapplication/json
resultArray of objects
Response
application/json
{
  "result": [
    {
      "dateTime": "2021-04-15T09:18:23.283-07:00",
      "card": {
        "number": "XXXXXXXXXXXX1333",
        "balance": {},
        "token": {},
        "type": "YC"
      },
      "device": {
        "terminalId": "1742"
      },
      "merchant": {
        "mid": 15877,
        "name": "Merchant XYZ"
      },
      "server": {
        "name": "UTGAPI01CE"
      },
      "transaction": {
        "authSource": "E",
        "invoice": "192033",
        "responseCode": "A"
      }
    }
  ]
}

Reload

Request

This function requests that an active gift card be loaded with additional funds.

Integration Methods:

  • Host Direct
  • Locally Installed UTG

See the Integration Methods and URLs Section sections of the Development Quick Start guide for details regarding each processing option.

See the JSON Body Schemas for more details on the various JSON body formats.

Security
AccessToken
Headers
InterfaceVersionstring<= 11 charactersrequired

Refers to the version of the program or application that is sending requests to Shift4. The following special characters are not allowed: $ % : ^ - ~ < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: 2.1
InterfaceNamestring<= 25 charactersrequired

Refers to the name of the program or application that is sending requests to Shift4. This should be the name of the program that you purchased or created. The following special characters are not allowed: $ % : ^ - ~ ` < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: ForwardPOS
CompanyNamestring<= 26 charactersrequired

Refers to the vendor or partner that designed and certified the interface. The information you use in this field should match what Shift4 has on file or what was agreed upon in your Integration Plan. The following special characters are not allowed: $ % : ^ - ~ ` < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: PAWS
AccessTokenstring(uuid)<= 52 charactersrequired

A security credential used to authenticate API requests and all i4Go® authorizeClient/preauthorizeClient requests. An Access Token is the alias for the merchant account and interface being used. The Access Token is required in all requests except an Access Token Exchange request, which generates an Access Token using an authToken and clientGuid.

Example: EA79FB05-3AA7-4500-AF9A-73F986FF2C1D
Bodyapplication/jsonrequired
One of:
dateTimestring(ISO 8601)required

The date and time in ISO 8601 format including the timezone offset (yyyy-mm-ddThh:mm:ss.nnn+hh:mm).

Must be sent as the local date/time of the merchant. For example, a request processed at a merchant in the Pacific time zone at 9:18am on April 15th 2021 would be sent as 2021-04-15T09:18:23.283-07:00

Example: "2021-04-15T09:18:23.283-07:00"
amountobjectrequired

Object containing information regarding the amount being added onto the card or removed from the card.

Example: {"total":25}
amount.​totalnumber<= 14 charactersrequired

The amount which should be added to the card's balance. Amount cannot be zero.

Example: 25
amount.​checkTotalnumber<= 14 characterswrite-only

Optional field specifying the total amount of the entire bill/invoice that this transaction is part of. It can be larger than amount.total in scenarios where the check is being split or if a portion of the check was already paid in cash or another form of payment.

deviceobjectrequired
Example: {"terminalId":"1742"}
device.​terminalIdstring<= 32 charactersrequired

To prompt a specific UTG-controlled PIN pad in a request, the API Terminal ID configured in UTG TuneUp must be specified in this field.

Example: "1742"
device.​promptCardSecurityCodestring= 1 characters

When using a UTG-controlled PIN pad:

ValueDescription
YForce the PIN pad to prompt the consumer for a CSC.
NDo not force the PIN pad to prompt the consumer for a CSC.

Note: Use only when you want to override MCE (Manual Card Entry) settings in UTG.

Enum"Y""N"
cardobjectrequired
Example: {"present":"Y"}
card.​presentstringrequired

Conditional: Send in the initial authorization/sale request

Indicates whether a card was present (‘Y’) or not (‘N’) at the time a transaction took place. This should be set appropriately in the initial authorization/sale request. In subsequent requests, this field should be left blank or should not be sent.

Note: Subsequent request here does not apply to the secondary request for card on file type transactions or reuse of the same card. An example of a subsequent request would be a capture after an authorization. You would not include card.present in the capture, which is the subsequent request. Another example is when performing an incremental authorization where you perform an authorization, followed by an incremental authorization then a capture. The second authorization (incremental) and the capture are the subsequent requests where you would not include card.present.

Enum"Y""N"
Example: "Y"
transactionobjectrequired
Example: {"invoice":"192029"}
transaction.​invoicestring<= 10 charactersrequired

10-digit invoice number assigned by the interface to identify a transaction. An invoice number serves as a unique key that identifies a transaction within a batch in Shift4's Gateway.

Note: For US and Canadian processing: Although the invoice number is sent as a JSON string it is a numeric value. No alpha characters are allowed.

For processing outside of the US and Canada alpha characters are allowed.

Example: "192029"
application/json
{
  "dateTime": "2021-04-15T09:18:23.283-07:00",
  "amount": {
    "total": 25
  },
  "card": {
    "present": "Y"
  },
  "device": {
    "terminalId": "1742"
  },
  "transaction": {
    "invoice": "192029"
  }
}

Responses

Transaction was processed

Bodyapplication/json
resultArray of objects
Response
application/json
{
  "result": [
    {
      "dateTime": "2021-04-15T09:18:23.283-07:00",
      "amount": {
        "total": 20
      },
      "card": {
        "number": "XXXXXXXXXXXX1333",
        "balance": {},
        "token": {},
        "type": "YC"
      },
      "device": {
        "terminalId": "1742"
      },
      "merchant": {
        "mid": 15877,
        "name": "Merchant XYZ"
      },
      "server": {
        "name": "UTGAPI01CE"
      },
      "transaction": {
        "authSource": "E",
        "invoice": "192031",
        "responseCode": "A"
      }
    }
  ]
}

Balance

Request

This function requests that a gift card's balance, masked card number, expiration date, and discount percentage be returned. Merchants may be required to pay a fee for an inquiry request depending on their processor agreement.

Integration Methods:

  • Host Direct
  • Locally Installed UTG

See the Integration Methods and URLs Section sections of the Development Quick Start guide for details regarding each processing option.

See the JSON Body Schemas for more details on the various JSON body formats.

Security
AccessToken
Headers
InterfaceVersionstring<= 11 charactersrequired

Refers to the version of the program or application that is sending requests to Shift4. The following special characters are not allowed: $ % : ^ - ~ < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: 2.1
InterfaceNamestring<= 25 charactersrequired

Refers to the name of the program or application that is sending requests to Shift4. This should be the name of the program that you purchased or created. The following special characters are not allowed: $ % : ^ - ~ ` < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: ForwardPOS
CompanyNamestring<= 26 charactersrequired

Refers to the vendor or partner that designed and certified the interface. The information you use in this field should match what Shift4 has on file or what was agreed upon in your Integration Plan. The following special characters are not allowed: $ % : ^ - ~ ` < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: PAWS
AccessTokenstring(uuid)<= 52 charactersrequired

A security credential used to authenticate API requests and all i4Go® authorizeClient/preauthorizeClient requests. An Access Token is the alias for the merchant account and interface being used. The Access Token is required in all requests except an Access Token Exchange request, which generates an Access Token using an authToken and clientGuid.

Example: EA79FB05-3AA7-4500-AF9A-73F986FF2C1D
Bodyapplication/jsonrequired
One of:
dateTimestring(ISO 8601)required

The date and time in ISO 8601 format including the timezone offset (yyyy-mm-ddThh:mm:ss.nnn+hh:mm).

Must be sent as the local date/time of the merchant. For example, a request processed at a merchant in the Pacific time zone at 9:18am on April 15th 2021 would be sent as 2021-04-15T09:18:23.283-07:00

Example: "2021-04-15T09:18:23.283-07:00"
deviceobjectrequired
Example: {"terminalId":"1742"}
device.​terminalIdstring<= 32 charactersrequired

To prompt a specific UTG-controlled PIN pad in a request, the API Terminal ID configured in UTG TuneUp must be specified in this field.

Example: "1742"
device.​promptCardSecurityCodestring= 1 characters

When using a UTG-controlled PIN pad:

ValueDescription
YForce the PIN pad to prompt the consumer for a CSC.
NDo not force the PIN pad to prompt the consumer for a CSC.

Note: Use only when you want to override MCE (Manual Card Entry) settings in UTG.

Enum"Y""N"
cardobjectrequired
Example: {"present":"Y"}
card.​presentstringrequired

Conditional: Send in the initial authorization/sale request

Indicates whether a card was present (‘Y’) or not (‘N’) at the time a transaction took place. This should be set appropriately in the initial authorization/sale request. In subsequent requests, this field should be left blank or should not be sent.

Note: Subsequent request here does not apply to the secondary request for card on file type transactions or reuse of the same card. An example of a subsequent request would be a capture after an authorization. You would not include card.present in the capture, which is the subsequent request. Another example is when performing an incremental authorization where you perform an authorization, followed by an incremental authorization then a capture. The second authorization (incremental) and the capture are the subsequent requests where you would not include card.present.

Enum"Y""N"
Example: "Y"
transactionobjectrequired
Example: {"invoice":"192029"}
transaction.​invoicestring<= 10 charactersrequired

10-digit invoice number assigned by the interface to identify a transaction. An invoice number serves as a unique key that identifies a transaction within a batch in Shift4's Gateway.

Note: For US and Canadian processing: Although the invoice number is sent as a JSON string it is a numeric value. No alpha characters are allowed.

For processing outside of the US and Canada alpha characters are allowed.

Example: "192029"
apiOptionsArray of stringswrite-only

API Options modify the request being made.

ValueDescription
RETURNHISTReturn the gift card usage history in the history array.
application/json
{
  "dateTime": "2021-04-15T09:18:23.283-07:00",
  "card": {
    "present": "Y"
  },
  "device": {
    "terminalId": "1742"
  },
  "transaction": {
    "invoice": "192029"
  }
}

Responses

Transaction was processed

Bodyapplication/json
resultArray of objects
Response
application/json
{
  "result": [
    {
      "dateTime": "2019-04-15T16:10:44.000-07:00",
      "card": {
        "balance": {},
        "entryMode": "M",
        "number": "XXXXXXXXXXXX1333",
        "token": {},
        "type": "YC"
      },
      "merchant": {
        "mid": 15877,
        "name": "Merchant XYZ"
      },
      "server": {
        "name": "U2API01CE"
      },
      "transaction": {
        "authSource": "E",
        "invoice": "6241932450",
        "responseCode": "A"
      },
      "history": [
        {},
        {}
      ]
    }
  ]
}

Cancel

Request

This function attempts to undo the last /giftcards/* request that was made against a gift card or private label card. For example, an Activate or Reload request may eligible for cancellation. Some processors do not support this functionality. This endpoint cannot be used to cancel a sale or authorization against a gift card - the Void request should be used for that scenario.

Integration Methods:

  • Host Direct
  • Locally Installed UTG

See the Integration Methods and URLs Section sections of the Development Quick Start guide for details regarding each processing option.

Security
AccessToken
Headers
InterfaceVersionstring<= 11 charactersrequired

Refers to the version of the program or application that is sending requests to Shift4. The following special characters are not allowed: $ % : ^ - ~ < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: 2.1
InterfaceNamestring<= 25 charactersrequired

Refers to the name of the program or application that is sending requests to Shift4. This should be the name of the program that you purchased or created. The following special characters are not allowed: $ % : ^ - ~ ` < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: ForwardPOS
CompanyNamestring<= 26 charactersrequired

Refers to the vendor or partner that designed and certified the interface. The information you use in this field should match what Shift4 has on file or what was agreed upon in your Integration Plan. The following special characters are not allowed: $ % : ^ - ~ ` < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: PAWS
AccessTokenstring(uuid)<= 52 charactersrequired

A security credential used to authenticate API requests and all i4Go® authorizeClient/preauthorizeClient requests. An Access Token is the alias for the merchant account and interface being used. The Access Token is required in all requests except an Access Token Exchange request, which generates an Access Token using an authToken and clientGuid.

Example: EA79FB05-3AA7-4500-AF9A-73F986FF2C1D
Bodyapplication/jsonrequired
One of:
dateTimestring(ISO 8601)required

The date and time in ISO 8601 format including the timezone offset (yyyy-mm-ddThh:mm:ss.nnn+hh:mm).

Must be sent as the local date/time of the merchant. For example, a request processed at a merchant in the Pacific time zone at 9:18am on April 15th 2021 would be sent as 2021-04-15T09:18:23.283-07:00

Example: "2021-04-15T09:18:23.283-07:00"
cardobjectrequired
Example: {"token":{"value":"8900004710343233"}}
card.​tokenobjectrequired
Example: {"value":"8900004710343233"}
card.​token.​valuestring<= 16 charactersrequired

This field is used to specify a card token. Whenever CHD is sent in a request, a card token will be returned in this field. Your interface should be designed to store this card token for future use. The latest card token received should be used in any subsequent request that references the same card data.

Example: "8900004710343233"
transactionobjectrequired
Example: {"invoice":"192029"}
transaction.​invoicestring<= 10 charactersrequired

10-digit invoice number assigned by the interface to identify a transaction. An invoice number serves as a unique key that identifies a transaction within a batch in Shift4's Gateway.

Note: For US and Canadian processing: Although the invoice number is sent as a JSON string it is a numeric value. No alpha characters are allowed.

For processing outside of the US and Canada alpha characters are allowed.

Example: "192029"
application/json
{
  "dateTime": "2021-04-15T09:18:23.283-07:00",
  "card": {
    "token": {
      "value": "8900004710343233"
    }
  },
  "transaction": {
    "invoice": "192029"
  }
}

Responses

Transaction was processed

Bodyapplication/json
resultArray of objects
Response
application/json
{
  "result": [
    {
      "dateTime": "2024-05-21T09:18:23.283-07:00",
      "amount": {
        "total": 20
      },
      "card": {
        "number": "XXXXXXXXXXXX8774",
        "type": "YC",
        "balance": {},
        "token": {}
      },
      "device": {
        "terminalId": "1742"
      },
      "merchant": {
        "mid": 15877,
        "name": "Merchant XYZ"
      },
      "transaction": {
        "invoice": "0510093358",
        "responseCode": "A"
      },
      "server": {
        "name": "TM01CE"
      }
    }
  ]
}

CashoutDeprecated

Request

This function requests that an active gift card be deactivated so that it can’t be used to process transactions. Any current balance is removed from the card so that the funds can be returned to the consumer as cash.

This endpoint has been deprecated and should no longer be used. It has been replaced by the Gift Card Cashback endpoint.

Integration Methods:

  • Host Direct
  • Locally Installed UTG

See the Integration Methods and URLs Section sections of the Development Quick Start guide for details regarding each processing option.

See the JSON Body Schemas for more details on the various JSON body formats.

Security
AccessToken
Headers
InterfaceVersionstring<= 11 charactersrequired

Refers to the version of the program or application that is sending requests to Shift4. The following special characters are not allowed: $ % : ^ - ~ < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: 2.1
InterfaceNamestring<= 25 charactersrequired

Refers to the name of the program or application that is sending requests to Shift4. This should be the name of the program that you purchased or created. The following special characters are not allowed: $ % : ^ - ~ ` < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: ForwardPOS
CompanyNamestring<= 26 charactersrequired

Refers to the vendor or partner that designed and certified the interface. The information you use in this field should match what Shift4 has on file or what was agreed upon in your Integration Plan. The following special characters are not allowed: $ % : ^ - ~ ` < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: PAWS
AccessTokenstring(uuid)<= 52 charactersrequired

A security credential used to authenticate API requests and all i4Go® authorizeClient/preauthorizeClient requests. An Access Token is the alias for the merchant account and interface being used. The Access Token is required in all requests except an Access Token Exchange request, which generates an Access Token using an authToken and clientGuid.

Example: EA79FB05-3AA7-4500-AF9A-73F986FF2C1D
Bodyapplication/jsonrequired
One of:
dateTimestring(ISO 8601)required

The date and time in ISO 8601 format including the timezone offset (yyyy-mm-ddThh:mm:ss.nnn+hh:mm).

Must be sent as the local date/time of the merchant. For example, a request processed at a merchant in the Pacific time zone at 9:18am on April 15th 2021 would be sent as 2021-04-15T09:18:23.283-07:00

Example: "2021-04-15T09:18:23.283-07:00"
deviceobjectrequired
Example: {"terminalId":"1742"}
device.​terminalIdstring<= 32 charactersrequired

To prompt a specific UTG-controlled PIN pad in a request, the API Terminal ID configured in UTG TuneUp must be specified in this field.

Example: "1742"
device.​promptCardSecurityCodestring= 1 characters

When using a UTG-controlled PIN pad:

ValueDescription
YForce the PIN pad to prompt the consumer for a CSC.
NDo not force the PIN pad to prompt the consumer for a CSC.

Note: Use only when you want to override MCE (Manual Card Entry) settings in UTG.

Enum"Y""N"
cardobjectrequired
Example: {"deactivationReason":"Stolen","present":"N"}
card.​deactivationReasonstring<= 32 charactersrequired

In a Gift Card Deactivate or Cashout request, specifies the reason for deactivation. In a Gift Card redemption or inquiry response, specifies the reason for denial sent by the processor.

Example: "Stolen"
card.​presentstringrequired

Conditional: Send in the initial authorization/sale request

Indicates whether a card was present (‘Y’) or not (‘N’) at the time a transaction took place. This should be set appropriately in the initial authorization/sale request. In subsequent requests, this field should be left blank or should not be sent.

Note: Subsequent request here does not apply to the secondary request for card on file type transactions or reuse of the same card. An example of a subsequent request would be a capture after an authorization. You would not include card.present in the capture, which is the subsequent request. Another example is when performing an incremental authorization where you perform an authorization, followed by an incremental authorization then a capture. The second authorization (incremental) and the capture are the subsequent requests where you would not include card.present.

Enum"Y""N"
Example: "N"
transactionobjectrequired
Example: {"invoice":"192029"}
transaction.​invoicestring<= 10 charactersrequired

10-digit invoice number assigned by the interface to identify a transaction. An invoice number serves as a unique key that identifies a transaction within a batch in Shift4's Gateway.

Note: For US and Canadian processing: Although the invoice number is sent as a JSON string it is a numeric value. No alpha characters are allowed.

For processing outside of the US and Canada alpha characters are allowed.

Example: "192029"
application/json
{
  "dateTime": "2021-04-15T09:18:23.283-07:00",
  "card": {
    "deactivationReason": "Stolen",
    "present": "N"
  },
  "device": {
    "terminalId": "1742"
  },
  "transaction": {
    "invoice": "192029"
  }
}

Responses

Transaction was processed

Bodyapplication/json
resultArray of objects
Response
application/json
{
  "result": [
    {
      "dateTime": "2021-04-15T09:18:23.283-07:00",
      "amount": {
        "total": 20
      },
      "card": {
        "entryMode": "1",
        "number": "XXXXXXXXXXXX1333",
        "present": "Y",
        "deactivationReason": "lost or stolen",
        "token": {},
        "type": "YC"
      },
      "device": {
        "terminalId": "1742"
      },
      "merchant": {
        "mid": 15877,
        "name": "Merchant XYZ"
      },
      "server": {
        "name": "UTGAPI01CE"
      },
      "transaction": {
        "authSource": "E",
        "invoice": "192034",
        "responseCode": "A"
      }
    }
  ]
}

Cards

Operations

Devices

Operations

Reports

Operations

Batches

Operations

QR Payments

Operations

Mode

Operations

Risk

Operations

PayPal

Operations

3D Secure

Operations

OCT

Operations

ACH

OperationsWebhooks

Updater

Operations

DCC

Operations

Rules

Operations