Skip to content

Shift4 Payment API (1.7.43)

Overview
URL

https://www.shift4.com/contact-us/

Languages
Servers
Host Direct Test URL

https://api.shift4test.com/api/rest/v1/

Host Direct Production URL

https://api.shift4api.net/api/rest/v1/

Credentials

Operations

Transactions

Operations

Tokens

Operations

Merchants

Operations

Gift Cards

Operations

Cards

Operations

Devices

Operations

Reports

Operations

Batches

Operations

QR Payments

Operations

Mode

Operations

Risk Assess

Request

Used to check the level of risk before processing a transaction. Risk assessment returns four possible values: approve, deny, escalate and review. If the risk transaction is approved or review, you will be able to make a payment call with the risk assessment, risk id and transaction id you get in response.

Integration Methods:

  • Host Direct

See the Integration Methods and URLs Section sections of the Development Quick Start guide for details regarding each processing option.

See the JSON Body Schemas for more details on the various JSON body formats.

Security
AccessToken
Headers
InterfaceVersionstring<= 11 charactersrequired

Refers to the version of the program or application that is sending requests to Shift4. The following special characters are not allowed: $ % : ^ - ~ < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: 2.1
InterfaceNamestring<= 25 charactersrequired

Refers to the name of the program or application that is sending requests to Shift4. This should be the name of the program that you purchased or created. The following special characters are not allowed: $ % : ^ - ~ ` < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: ForwardPOS
CompanyNamestring<= 26 charactersrequired

Refers to the vendor or partner that designed and certified the interface. The information you use in this field should match what Shift4 has on file or what was agreed upon in your Integration Plan. The following special characters are not allowed: $ % : ^ - ~ ` < > , ? “ ” ‘ ’ { } [ ] \ + =

Example: PAWS
AccessTokenstring(uuid)<= 52 charactersrequired

A security credential used to authenticate API requests and all i4Go® authorizeClient/preauthorizeClient requests. An Access Token is the alias for the merchant account and interface being used. The Access Token is required in all requests except an Access Token Exchange request, which generates an Access Token using an authToken and clientGuid.

Example: EA79FB05-3AA7-4500-AF9A-73F986FF2C1D
Bodyapplication/jsonrequired
One of:
dateTimestring(ISO 8601)required

The date and time in ISO 8601 format including the timezone offset (yyyy-mm-ddThh:mm:ss.nnn+hh:mm).

Must be sent as the local date/time of the merchant. For example, a request processed at a merchant in the Pacific time zone at 9:18am on April 15th 2021 would be sent as 2021-04-15T09:18:23.283-07:00

Example: "2022-02-07T12:36:42.948061-05:00"
cardobjectrequired
Example: {"type":"CC","number":"342877777777705","expirationDate":"1123,","entryMode":"M","present":"N"}
card.​numberstring<= 32 charactersrequired

The payment card number entered in an initial authorization/sale request. This field will always be masked when returned in a response.

Example: "342877777777705"
card.​typestringrequired

Payment Type submitted by merchant:

ValueDescription
APApple Pay
CCCredit Card
PPPayPal
GCGift Card
Enum"AP""CC""PP""GC"
Example: "CC"
card.​expirationDateinteger(MMYY)[ 3 .. 4 ] characters

Conditional: Send only when card data is manually entered or when using a token. This field should not be specified when using an encrypted device.

Card expiration date in MMYY format. This value should only be populated in the initial sale/authorization request.

Example: "1123,"
card.​entryModestring= 1 characters

Conditional: The Card Entry Mode should be sent in an initial request; in subsequent requests, it should be left blank or not sent. When using a Universal Transaction Gateway® (UTG®)-controlled PIN pad, this field should be left blank or not sent in a request; the UTG will capture the card entry mode and return it in the response. When P2PE data is being sent from a non-UTG controlled device, this field is not needed

The method used to capture a payment card in an authorization/sale request.

ValueDescription
1Track 1 Only or Dual Track (Track 1 & 2)
2Track 2 Only
CEMV Contactless
EEMV Chip
MManual Entry
QQR Code
RContactless MSD via card or mobile wallet
Enum"1""2""C""E""M""Q""R"
Example: "M"
card.​presentstring

Conditional: Send in the initial authorization/sale request

Indicates whether a card was present (‘Y’) or not (‘N’) at the time a transaction took place. This should be set appropriately in the initial authorization/sale request. In subsequent requests, this field should be left blank or should not be sent.

Note: Subsequent request here does not apply to the secondary request for card on file type transactions or reuse of the same card. An example of a subsequent request would be a capture after an authorization. You would not include card.present in the capture, which is the subsequent request. Another example is when performing an incremental authorization where you perform an authorization, followed by an incremental authorization then a capture. The second authorization (incremental) and the capture are the subsequent requests where you would not include card.present.

Enum"Y""N"
Example: "N"
transactionobjectrequired
Example: {"toShip":"Y","orderId":"orderId","invoice":"0207123502","vendorReference":"simulator1.0:0207123502"}
transaction.​invoicestring<= 10 charactersrequired

10-digit invoice number assigned by the interface to identify a transaction. An invoice number serves as a unique key that identifies a transaction within a batch in Shift4's Gateway.

Note: For US and Canadian processing: Although the invoice number is sent as a JSON string it is a numeric value. No alpha characters are allowed.

For processing outside of the US and Canada alpha characters are allowed.

Example: "0207123502"
transaction.​toShipstring<= 1 characters

Merchants acknowledgement to ship/process the order.

Enum"Y""N"
Example: "Y"
transaction.​orderIdstring

Merchant’s Order Number

Example: "orderId"
transaction.​vendorReferencestring<= 50 characters

Optional field for information that can be searched in the merchant portal.

Example: "simulator1.0:0207123502"
transaction.​purchaseCardobject
amountobjectrequired

Object containing information regarding the amount being requested. The total field within the object is required and specifies the amount being requested. All other fields are for informational purposes and must also be included in the total field. For example, a purchase of $100 with $8 tax would be “108.00” in the total field and "8.00" in the tax field.

Note: For merchants that are configured to allow multiple currencies, the amount fields can specify up to three decimal places. However, the number of decimal places can not exceed the number allowed for the specified currency. See the Currency Codes section for details.

Example: {"total":76001.99}
amount.​totalnumber<= 14 charactersrequired

The amount being charged for a particular transaction. If other amount fields are sent, they must be included in the total amount. Amount cannot be zero.

Example: 76001.99
amount.​taxnumber<= 14 characters

The amount of sales tax charged for a transaction. The tax amount is used by businesses to track tax expenses for accounting purposes. Identifying the tax amount also helps consumers understand the total amount that they were billed. This field is part of Level 2 card data.

currencyCodestring(ISO 4217 3 Character Alphabetic Code)required

Transaction currency code. See the Currency Codes section for details.

Note: This is currently supported when processing for a merchant outside of the US and Canada. If processing for a US or Canadian merchant then this field will be ignored and the transaction will process in the merchant's configured currency.

Example: "USD"
riskobjectrequired
Example: {"sessionId":"123420552ab34024b461455de4bcb482"}
risk.​sessionIdstring<= 32 charactersrequired

Unique Session ID. Must be unique over a 30-day span.

Example: "123420552ab34024b461455de4bcb482"
sourceIpstringrequired

Public source IP Address where the request originates, not the IP Address of the web server.

Example: "10.249.11.239"
customerobject
Example: {"emailAddress":"firstname.lastname@email.com"}
shoppingCartArray of objects

Array of objects detailing the individual items being purchased

application/json
{
  "dateTime": "2022-02-07T12:36:42.948061-05:00",
  "transaction": {
    "toShip": "Y",
    "orderId": "orderId",
    "invoice": "0207123502",
    "vendorReference": "simulator1.0:0207123502"
  },
  "card": {
    "type": "CC",
    "number": "342877777777705",
    "expirationDate": "1123,",
    "entryMode": "M",
    "present": "N"
  },
  "amount": {
    "total": 76001.99
  },
  "currencyCode": "USD",
  "risk": {
    "sessionId": "123420552ab34024b461455de4bcb482"
  },
  "sourceIp": "10.249.11.239",
  "customer": {
    "emailAddress": "firstname.lastname@email.com"
  },
  "shoppingCart'": [
    {
      "type": "Deodarant",
      "description": "New Spice Fiji",
      "sku": "579446588",
      "quantity": "5",
      "price": 4
    },
    {
      "type": "Toothbrush",
      "description": "Electric Model",
      "sku": "135488945",
      "quantity": "1",
      "price": 104.99
    }
  ]
}

Responses

Risk assessment was processed

Bodyapplication/json
resultArray of objects
Response
application/json
{
  "result": [
    {
      "dateTime": "2021-04-15T09:18:23.283-07:00",
      "amount": {
        "total": 76001.99
      },
      "card": {
        "token": {}
      },
      "merchant": {
        "mid": 15877,
        "name": "Merchant XYZ"
      },
      "risk": {
        "tranId": "DDWT0P3LG6LL",
        "assessment": "A"
      },
      "transaction": {
        "s4RiskId": "EC52377F-5A8E-4534-BE7A-CF779A35BE45",
        "invoice": "0207123502",
        "orderId": "orderId"
      }
    }
  ]
}

PayPal

Operations

3D Secure

Operations

OCT

Operations

ACH

OperationsWebhooks

Updater

Operations

DCC

Operations

Rules

Operations