Skip to content
/
OCT Payout

Shift4 Payment API (1.7.43)

Overview
URL

https://www.shift4.com/contact-us/

Languages
Servers
Host Direct Test URL

https://api.shift4test.com/api/rest/v1/

Host Direct Production URL

https://api.shift4api.net/api/rest/v1/

Credentials

Operations

Transactions

Operations

Tokens

Operations

Merchants

Operations

Gift Cards

Operations

Cards

Operations

Devices

Operations

Reports

Operations

Batches

Operations

QR Payments

Operations

Mode

Operations

Risk

Operations

PayPal

Operations

3D Secure

Operations

OCT

Operations

OCT Payout

Request

Used to process an original credit transaction to transfer funds from the merchant to the recipient.

Integration Methods:

  • Host Direct

See the Integration Methods and URLs Section sections of the Development Quick Start guide for details regarding each processing option.

See the JSON Body Schemas for more details on the various JSON body formats.

Security
AccessToken
Headers
InterfaceVersionstring<= 11 charactersrequired

Refers to the version of the program or application that is sending requests to Shift4. The following special characters are not allowed: $ % : ^ - ~ < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: 2.1
InterfaceNamestring<= 25 charactersrequired

Refers to the name of the program or application that is sending requests to Shift4. This should be the name of the program that you purchased or created. The following special characters are not allowed: $ % : ^ - ~ ` < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: ForwardPOS
CompanyNamestring<= 26 charactersrequired

Refers to the vendor or partner that designed and certified the interface. The information you use in this field should match what Shift4 has on file or what was agreed upon in your Integration Plan. The following special characters are not allowed: $ % : ^ - ~ ` < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: PAWS
AccessTokenstring(uuid)<= 52 charactersrequired

A security credential used to authenticate API requests and all i4Go® authorizeClient/preauthorizeClient requests. An Access Token is the alias for the merchant account and interface being used. The Access Token is required in all requests except an Access Token Exchange request, which generates an Access Token using an authToken and clientGuid.

Example: EA79FB05-3AA7-4500-AF9A-73F986FF2C1D
Bodyapplication/jsonrequired
One of:
dateTimestring(ISO 8601)required

The date and time in ISO 8601 format including the timezone offset (yyyy-mm-ddThh:mm:ss.nnn+hh:mm).

Must be sent as the local date/time of the merchant. For example, a request processed at a merchant in the Pacific time zone at 9:18am on April 15th 2021 would be sent as 2021-04-15T09:18:23.283-07:00

Example: "2021-04-15T09:18:23.283-07:00"
amountobjectrequired

Object containing information regarding the amount being requested. The total field within the object is required and specifies the amount being requested.

Note: For merchants that are configured to allow multiple currencies, the amount fields can specify up to three decimal places. However, the number of decimal places can not exceed the number allowed for the specified currency. See the Currency Codes section for details.

Example: {"total":135.87}
amount.​totalnumber<= 14 charactersrequired

The amount being charged for a particular transaction. If other amount fields are sent, they must be included in the total amount. Amount cannot be zero.

Example: 135.87
transactionobjectrequired
Example: {"invoice":"192029","notes":"Transaction notes are added here"}
transaction.​invoicestring<= 10 charactersrequired

10 character invoice number assigned by the interface to identify a transaction. An invoice number serves as a unique key that identifies a transaction within a batch in Shift4's Gateway.

Example: "192029"
transaction.​notesstring<= 4096 characters

A free-form notes field that supports the use of HTML tags. This can be used for reference in Lighthouse Transaction Manager and is not sent to the authorization host. Escaped quotation marks should not be sent in the Notes field.

Example: "Transaction notes are added here"
transaction.​vendorReferencestring<= 50 characters

Optional field for information that can be searched in the merchant portal.

cardobjectrequired
Example: {"entryMode":"M","expirationDate":1230,"number":"4321000000001119","present":"N"}
card.​numberstring<= 32 charactersrequired

The payment card number entered in an initial authorization/sale request. This field will always be masked when returned in a response.

Example: "4321000000001119"
card.​expirationDateinteger(MMYY)[ 3 .. 4 ] charactersrequired

Conditional: Send only when card data is manually entered or when using a token. This field should not be specified when using an encrypted device.

Card expiration date in MMYY format. This value should only be populated in the initial sale/authorization request.

Example: 1230
card.​entryModestring= 1 charactersrequired

The method used to capture a payment card.

ValueDescription
MManual Entry
Value"M"
Example: "M"
card.​presentstringrequired

Conditional: Send in the initial authorization/sale request

Indicates whether a card was present (‘Y’) or not (‘N’) at the time a transaction took place. This should be set appropriately in the initial authorization/sale request. In subsequent requests, this field should be left blank or should not be sent.

Note: Subsequent request here does not apply to the secondary request for card on file type transactions or reuse of the same card. An example of a subsequent request would be a capture after an authorization. You would not include card.present in the capture, which is the subsequent request. Another example is when performing an incremental authorization where you perform an authorization, followed by an incremental authorization then a capture. The second authorization (incremental) and the capture are the subsequent requests where you would not include card.present.

Enum"Y""N"
Example: "N"
customerobjectrequired
Example: {"firstName":"John","lastName":"Smith","emailAddress":"johnsmith@email.com","ipAddress":"63.57.84.101"}
One of:
customer.​firstNamestring<= 30 charactersrequired

Customer first name

Example: "John"
customer.​lastNamestring<= 30 charactersrequired

Customer last name

Example: "Smith"
customer.​emailAddressstring<= 80 charactersrequired

Customer email address.

Example: "johnsmith@email.com"
customer.​ipAddressstring<= 20 charactersrequired

Public source IP Address where the request originates, not the IP Address of the web server.

Example: "63.57.84.101"
sourceIpstringrequired

Public source IP Address where the request originates, not the IP Address of the web server.

Example: "172.110.166.244"
currencyCodestring(ISO 4217 3 Character Alphabetic Code)

Transaction currency code. See the Currency Codes section for details.

Note: This is currently supported when processing for a merchant outside of the US and Canada. If processing for a US or Canadian merchant then this field will be ignored and the transaction will process in the merchant's configured currency.

application/json
{
  "dateTime": "2021-04-15T09:18:23.283-07:00",
  "amount": {
    "total": 135.87
  },
  "card": {
    "entryMode": "M",
    "expirationDate": 1230,
    "number": "4321000000001119",
    "present": "N"
  },
  "customer": {
    "firstName": "John",
    "lastName": "Smith",
    "emailAddress": "johnsmith@email.com",
    "ipAddress": "63.57.84.101"
  },
  "transaction": {
    "invoice": "192029",
    "notes": "Transaction notes are added here"
  },
  "sourceIp": "172.110.166.244"
}

Responses

Transaction was processed

Bodyapplication/json
resultArray of objects
Response
application/json
{
  "result": [
    {
      "dateTime": "2021-04-15T09:18:23.283-07:00",
      "amount": {
        "total": 160
      },
      "card": {
        "number": "XXXXXXXXXXXX1119",
        "type": "VS",
        "token": {}
      },
      "customer": {
        "firstName": "John",
        "lastName": "Smith",
        "emailAddress": "johnsmith@email.com",
        "ipAddress": "63.57.84.101"
      },
      "merchant": {
        "mid": 15877,
        "name": "Merchant XYZ"
      },
      "server": {
        "name": "TM01CE"
      },
      "transaction": {
        "authSource": "A",
        "invoice": "192029",
        "responseCode": "A",
        "retrievalReference": "ICTN-178768-233-79170-FUX"
      }
    }
  ]
}

OCT Update Recipient

Request

Used to update the OCT recipient email address.

Integration Methods:

  • Host Direct

See the Integration Methods and URLs Section sections of the Development Quick Start guide for details regarding each processing option.

Security
AccessToken
Headers
InterfaceVersionstring<= 11 charactersrequired

Refers to the version of the program or application that is sending requests to Shift4. The following special characters are not allowed: $ % : ^ - ~ < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: 2.1
InterfaceNamestring<= 25 charactersrequired

Refers to the name of the program or application that is sending requests to Shift4. This should be the name of the program that you purchased or created. The following special characters are not allowed: $ % : ^ - ~ ` < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: ForwardPOS
CompanyNamestring<= 26 charactersrequired

Refers to the vendor or partner that designed and certified the interface. The information you use in this field should match what Shift4 has on file or what was agreed upon in your Integration Plan. The following special characters are not allowed: $ % : ^ - ~ ` < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: PAWS
AccessTokenstring(uuid)<= 52 charactersrequired

A security credential used to authenticate API requests and all i4Go® authorizeClient/preauthorizeClient requests. An Access Token is the alias for the merchant account and interface being used. The Access Token is required in all requests except an Access Token Exchange request, which generates an Access Token using an authToken and clientGuid.

Example: EA79FB05-3AA7-4500-AF9A-73F986FF2C1D
Bodyapplication/jsonrequired
dateTimestring(ISO 8601)required

The date and time in ISO 8601 format including the timezone offset (yyyy-mm-ddThh:mm:ss.nnn+hh:mm).

Must be sent as the local date/time of the merchant. For example, a request processed at a merchant in the Pacific time zone at 9:18am on April 15th 2021 would be sent as 2021-04-15T09:18:23.283-07:00

customerobjectrequired
customer.​emailAddressstring<= 80 charactersrequired

Customer email address.

customer.​newEmailAddressstring<= 80 charactersrequired

Customer's new email address.

sourceIpstringrequired

Public source IP Address where the request originates, not the IP Address of the web server.

application/json
{
  "dateTime": "2021-04-15T09:18:23.283-07:00",
  "sourceIp": "63.57.84.101",
  "customer": {
    "emailAddress": "oldaddress@email.com",
    "newEmailAddress": "newaddress@email.com"
  }
}

Responses

Transaction was processed

Bodyapplication/json
resultArray of objects
Example: [{"dateTime":"2022-05-10T06:34:25.049-07:00","customer":{"emailAddress":"firstname.lastname@email.com","newEmailAddress":"firstname.lastname@email.com"},"merchant":{"mid":15877,"name":"Merchant XYZ"},"transaction":{"authSource":"A","responseCode":"A"},"server":{"name":"TM01CE"}}]
Response
application/json
{
  "result": [
    {
      "dateTime": "2022-05-10T06:34:25.049-07:00",
      "customer": {
        "emailAddress": "firstname.lastname@email.com",
        "newEmailAddress": "firstname.lastname@email.com"
      },
      "merchant": {
        "mid": 15877,
        "name": "Merchant XYZ"
      },
      "transaction": {
        "authSource": "A",
        "responseCode": "A"
      },
      "server": {
        "name": "TM01CE"
      }
    }
  ]
}

ACH

OperationsWebhooks

Updater

Operations

DCC

Operations

Rules

Operations