# Changelog # 1.7.51 - 2026-04-28 - PPRA-374: Implemented initial rules based access control infrastructure - PPRA-382: Added `transaction.exemptionAction`and `transaction.exemptionReason` to the following request bodies on the /transactions/authorization and /transactions/sale endpoints: - Card Number Unencrypted - GTV Token - Legacy TrueToken - PPRA-390: Fixed typos in the Core Concepts Guide's table of contents links - PPRA-392: Added `tip.displayNoTip` to the /devices/prompttip and /transactions/sale `Commerce Engine For On Premise` and `Commerce Engine For Cloud` request bodies. - PPRA-395: Updated the GET /devices/info endpoint to mark the `TerminalID` header as conditional: required for UTG but optional for Commerce Engine # 1.7.50 - 2026-04-09 - PPRA-384: Update the iOS SDK to v1.22 # 1.7.49 - 2026-04-07 - PPRA-308: Add `structured` printing format support on /devices/print for the `Commerce Engine For On Premise` and `Commerce Engine For Cloud` request bodies - PPRA-368: Set `tip.headerText` max length to 100 - PPRA-370: Update `card.entryMode` description to indicate entry mode `C` is for mobile wallets. - PPRA-371: Add support for `amount.tipBasis` and `tip.basisNotification` in the /devices/prompttip and /transactions/sale `Commerce Engine For On Premise` and `Commerce Engine For Cloud` request bodies. - PPRA-372: Add the `tip` object to the /transactions/sale `Commerce Engine For On Premise` and `Commerce Engine For Cloud` request bodies. - PPRA-373: Add GET /devices/info `Commerce Engine For On Premise` response body - PPRA-381: Update the .NET & Java SDK download links to use a zip file. # 1.7.48 - 2026-02-23 - PPRA-366: The /rule/verify endpoint was incorrectly listed as /rules/verify # 1.7.47 - 2026-02-17 - PPRA-358: Add `transaction.originalDate` to the /transactions/sale, /transactions/authorization, /transactions/capture, and /transactions/refund endpoints. - PPRA-360: Add [Tax Free Shopping](/guides/advanced-concepts/tax-free-shopping) and [Dynamic Currency Conversion](/guides/advanced-concepts/dynamic-currency-conversion) guide content - PPRA-362: Add `transaction.airline` to the /transactions/capture request - PPRA-364: Fix `dcc.supportIndicator` description so that 0 = DCC not capable and 1 = DCC capable # 1.7.46 - 2026-02-05 - PPRA-363: Add support for the iOS SDK # 1.7.45 - 2026-01-29 - PPRA-348: Add `amount.total` and `card.securityCode.value` to the /giftcards/cashout and /giftcards/cashback request. - PPRA-352: Add `dcc.conversionIndicator = 2` to the /transactions/sale request and `dcc.supportIndicator` to the /dcc/ratelookup response. - PPRA-355: Add support for `form.type = qrDisplay` for the Commerce Engine /devices/processform endpoint. - PPRA-356: Add `amount.total` and `card.securityCode.value` to the /giftcards/cashout and /giftcards/cashback request. - PPRA-357: Remove `ach.​accountVerified` from /ach/sale and /ach/refund request. - PPRA-359: Fixed a few typos in the .NET & Java SDK guides. - PPRA-361: Adjust the middle panel to use more of the width when on wide screen monitors. # 1.7.44 - 2025-11-06 - PPRA-341: Added `dcc.provider` and `dcc.marginOverEcb` to the `dcc` response object and update rate diff over ECB field name - PPRA-346: Added `Commerce Engine For On Premise` and `Commerce Engine For Cloud` request bodies to /cards/verify - PPRA-347: Java SDK: Added the jar file & sample apps and updated methods to start with a lowercase including the sample code # 1.7.43 - 2025-09-18 - PPRA-288: Added transaction history to the /giftcards/balance response when sending the `RETURNHIST` API Option in the request. - PPRA-292: Added Surcharge support - PPRA-332: Updated the conditional statement for `plaid.redirectUrl` on the /ach/plaid/link_token/create endpoint - PPRA-333: Added a link to the Shift4 Payment API in the .Net SDK overview section. - PPRA-334: Added `merchant.gtv.enabled`, `merchant.surcharge.enabled`, and `merchant.autoClose.enabled` to the /merchants/merchant endpoint response. - PPRA-336: Added `dcc.marginOverEcb` and `dcc.displayUnit` to the `dcc` response object - PPRA-338: Updated the .Net SDK content - Added Static Class Definition section - Updated S4Response description - Changed LogVerbosity to S4LogVerbosity in S4Request.SetConfig - Updated S4Request.SetConfig description - Added S4Response.GetHttpError - Updated LogVerbosity description - PPRA-339: Added support for the Java SDK - PPRA-340: Added the Commerce Engine Root CA to the Commerce Engine section of the Guides. # 1.7.42 - 2025-08-25 - PPRA-331: Fixed where the /ach/verify endpoint was missing the request body # 1.7.41 - 2025-08-20 - PPRA-323: Added support for the .NET SDK # 1.7.40 - 2025-08-11 - PPRA-318: Updated `mPos.type` description to remove the dependency on `transaction.source` - PPRA-322: Corrected the `transaction.responseCode` values for the /ach/plaid/public_token/exchange endpoint response. - PPRA-324: Added the `D2` value to `hostResponse.reaseonCode` - PPRA-326: Added `transaction.originalInvoice` to all /transactions/refund request bodies and removed the Linked Refund body. Linked refunds can be used with any request body by sending the optional `transction.originalInvoice` field. - PPRA-327: Added `card.type` as an optional field to the `P2PE - TDES DUKPT - EMV`, `P2PE - TDES DUKPT - MSR/Manual`, `P2PE - ID TECH - EMV/MSR/Manual`, `P2PE - On-Guard SDE - EMV`, and `P2PE - On-Guard SDE - MSR/Manual` request bodies for the following endpoints: - /transactions/sale - /transactions/refund - /transactions/authorization - /transactions/manualauthorization - /transactions/manualsale endpoints - PPRA-328: Split the /devices/promptcardread response into separate responses for encrypted cards and unencrypted cards. # 1.7.39 - 2025-07-09 - PPRA-309: Added `transaction.responseCode` = `P` to the /ach/plaid/public_token/exchange endpoint response - PPRA-311: Removed the /tappp, /trustly, /vippreferred, and /venmo endpoints - PPRA-312: Added Pax L1400 and Verifone V660p, M425, and P630 to the list of Commerce Engine supported devices. # 1.7.38 - 2025-06-30 - PPRA-306: Added Dynamic Currency Conversion (DCC) receipt printing requirements # 1.7.37 - 2025-06-26 - PPRA-304: Marked `transaction.source` as conditional. Required when processing on an unattended device. - PPRA-305: Added `Miura` to `devices.manufacturer` # 1.7.36 - 2025-06-25 - PPRA-300: Added `Castles` to `devices.manufacturer` - PPRA-301: Removed the conditional text from `card.number`, `customer.firstName` and `customer.lastName` - PPRA-302: Updated the description for the `USECARDNAME` apiOption to clarify its use # 1.7.35 - 2025-06-24 - PPRA-293: Added `device.nextStep` to the /devices/promptsignature, /devices/promptcardread, /devices/prompttermsandconditions, /devices/promptinput, /devices/processform, & /devices/prompttip endpoints. - PPRA-294: Added `Commerce Engine For On Premise` and `Commerce Engine For Cloud` request bodies to the /devices/promptinput endpoint - PPRA-295: Added /devices/prompttip via `Commerce Engine For On Premise` and `Commerce Engine For Cloud` - PPRA-296: Added i4Go and 4Res documentation links to the landing page - PPRA-297: Marked `customer.phoneCountry` conditionally required in /3dsecure/standalone if `customer.phoneNumber` is included - PPRA-298: Increased `form.header.value` and `form.subHeader.value` max length to 100 in the /devices/processform endpoint. - PPRA-299: Increase `device.promptTermsAndConditions.header ` and `device.promptTermsAndConditions.ackText` max length to 100 in the /devices/termsandconditions endpoint. # 1.7.34 - 2025-06-13 - PPRA-283: Removed the /3dsecure/sale, /3dsecure/authorization, and /3dsecure/verifycard endpoints and the 3d secure notification web hook - PPRA-284: Clarified the 3D Secure process flow - PPRA-291: Fixed the sale and auth endpoint examples so `transaction.invoice` matches on request and response. - PPRA-290: Added error 9551,88 no fallback to the error code list. # 1.7.33 - 2025-04-07 - PPRA-282: Updated the test trigger for `card.number = 4321000000011001` to return `error.primaryCode = 9951` # 1.7.32 - 2025-04-01 - PPRA-271: Added support for the POST /giftcards/cashback endpoint and deprecated the /giftcards/cashout endpoint - PPRA-275: Added support for `threeDSecure.version` for merchants outside the United States. - PPRA-276: Updated the `threeDSecure.programProtocol` description to indicate it is for the United States only. - PPRA-280: Added `card.entryMode` to the /dcc/ratelookup endpoint for the `P2PE - TDES DUKPT - EMV` and `P2PE - TDES DUKPT - MSR/Manual` request bodies. # 1.7.31 - 2025-03-14 - PPRA-272: Added `amount.CheckTotal` to the /transactions/authorization, /transactions/capture, /transactions/sale, /giftcards/activate, /giftcards/allocate, and /giftcards/reload endpoints - PPRA-277: Added `transaction.authorizationCode` to the /giftcards/reload response # 1.7.30 - 2025-03-07 - PPRA-192: Added support for the /dcc/ratelookup endpoint and added the `dcc` object to the /transactions/authorization and /transactions/sale endpoints - PPRA-229: Added `dcc.enabled`, `dcc.secondaryLookupDisclaimer` and `dcc.cardTypes` to the `merchant` object in the /merchants/merchant response. # 1.7.29 - 2025-02-04 - PPRA-228: Removed the duplicate TransactionCurrencyCode from the raw tags receipt option. - PPRA-252: Removed `paypal.paymentMethodId` from PayPal Sale - PPRA-262: Added a `Linked Refunds` request body to the /transactions/refund endpoint. - PPRA-264: Removed the Max Length for `receipt.printValue` in the /devices/print endpoint. - PPRA-265: Added `Commerce Engine For On Premise` & `Commerce Engine For Cloud` request bodies to the /devices/processform endpoint - PPRA-266: Added `Commerce Engine For On Premise` & `Commerce Engine For Cloud` request bodies to the /devices/promptcardread endpoint - PPRA-267: Added `Commerce Engine For On Premise` request body to the /devices/reset endpoint - PPRA-268: Added `Commerce Engine For On Premise` & `Commerce Engine For Cloud` request bodies to the /transactions/manualauthorization endpoint - PPRA-269: Added `Commerce Engine For On Premise` & `Commerce Engine For Cloud` request bodies to the /transactions/manualsale endpoint - PPRA-270: Updated 3D Secure endpoints to indicate that only the /3dsecure/sale, /3dsecure/authorization, and /3dsecure/verifycard are limited to Europe but /3dsecure/standalone and /3dsecure/completion are not. # 1.7.28 - 2025-01-14 - PPRA-260: Marked `transaction.originalInvoice` as required on the /ach/refund endpoint - PPRA-263: Set `device.displayText` max length to 72 on the /devices/promptsignature endpoint for the `Commerce Engine For On Premise` and `Commerce Engine For Cloud` request bodies. # 1.7.27 - 2024-12-30 - PPRA-256: Marked `card.entryMode` as required for the `Unencrypted Card` request body on the /transactions/sale and /transactions/authorization endpoints - PPRA-257: Set `customer.region` max length to 3 on the /risk/assess endpoint - PPRA-255: Fixed where the `GTV` request body on the /ach/refund endpoint was incorrectly formatted. - PPRA-258: Marked `cardBrandToken.requestorID` as required for the `3D Secure Using Card Number` request body on the /transactions/sale and /transactions/authorization endpoints. # 1.7.26 - 2024-12-10 - PPRA-253: Added `Commerce Engine For On Premise` & `Commerce Engine For Cloud` request bodies to the /devices/termsandconditions endpoint. Requires Commerce Engine version 2.6.4 or higher. # 1.7.25 - 2024-10-29 - PPRA-169: Removed `ach.verificationType` from the /ach/sale and /ach/refund requests and all ach fields except `ach.accountLastFour` from the /ach/plaid/public_token/exchange response. - PPRA-239: Updated the `customer.postalCode` field to min 1 max 9. - PPRA-241: The `merchant.mid` field is defined as a string but it should be a number. - PPRA-245: Added `paypal.paymentMethodId` and `paypal.paymentMethodIdUsage` to the /paypal/sale endpoint. - PPRA-256: Removed `correlationId` from the /ach/plaid/public_token/exchange endpoint response. # 1.7.24 - 2024-09-12 - PPRA-216: Added support for the /devices/getstatus endpoint - PPRA-234: Added Bin Blocking error codes - PPRA-235: Added `Commerce Engine For On Premise` & `Commerce Engine For Cloud` request bodies to the /devices/print endpoint. Requires Commerce Engine version 2.6.2 or higher. - PPRA-237: Added a note to all GET and DELETE endpoints indicating that an empty body may result in an error. # 1.7.23 - 2024-07-30 - PPRA-225: Add support for Account Name Inquiry (ANI) on the /cards/verify request. # 1.7.22 - 2024-07-19 - PPRA-167: Added `merchant.supportedCurrencies` to the GET /merchants/merchant endpoint response. - PPRA-196: Updated `transaction.avs.result` to include values 1-8. - PPRA-200: Added a note to the /tokens/4words endpoint clarifying that it is for Legacy TrueToken style tokens only. - PPRA-202: Updated all endpoints to clarify which integration methods are supported. - PPRA-211: Added support for `amount.taxIndicator` - PPRA-213: Updated the Commerce Engine section to indicate the A35, A77, and A3700 devices are supported. - PPRA-219: Added Account Update Status Triggers to the Test Server Trigger Values section. - PPRA-222: Updated the description for `statementSuffix` to clarify that card issuers may cut off the end of the suffix if its too long. - PPRA-223: Added a note to the `transaction.hostResponse` field indicating it is processor dependent and not returned in the demo environment. # 1.7.21 - 2024-05-28 - PPRA-187: Set `risk.sessionId` max length to 32. - PPRA-195: Added `Commerce Engine For On Premise` & `Commerce Engine For Cloud` request bodies to the /devices/promptsignature endpoint. - PPRA-197: Updated the `card.bin` field to max length 8 in the /cards/identify response. - PPRA-198: Fixed all references of True Token to be TrueToken - PPRA-199: Renamed the `Commerce Engine Controlled Device` request body to `Commerce Engine For On Premise` - PPRA-201: Added `Commerce Engine For On Premise` & `Commerce Engine For Cloud` request bodies to the /tokens/add endpoint. # 1.7.20 - 2024-05-14 - PPRA-189: Updated Commerce Engine supported devices to include A930 and coming soon to include A77. - PPRA-190: Added deployment model diagrams to the Commerce Engine section. - PPRA-191: Moved the Device Functionality section above the Endpoints section. # 1.7.19 - 2024-04-26 - PPRA-175: Added travel fields to the paypal/sale endpoint - PPRA-176: Added support for the paypal/initiate endpoint - PPRA-177: Added timeout test trigger values to the Test Server Trigger Values - PPRA-178: Removed the `payPal` object from the paypal/refund request - PPRA-180: Added a PayPal merchant flow diagram - PPRA-182: Added the `TransactionCurrencyCode`, `SignatureRequired`, and `TerminalID` keys to the raw receipt table - PPRA-183: Removed `transaction.responseCode` from paypal/initiate # 1.7.18 - 2024-04-02 - PPRA-148: Added support for the /updater/request endpoint - PPRA-149: Added support for the /updater/status endpoint - PPRA-171: Updated `emv.fallback` to be on the MSR/Manual request bodies instead of the EMV request bodies and added it to the response body - PPRA-172: Added `card.type` to the `P2PE - On-Guard SDE - MSR/Manual` and `P2PE - TDES DUKPT - MSR/Manual` request bodies for the /transactions/sale, /transactions/authorization, and /transactions/refund endpoints - PPRA-174: Removed Venmo, Trustly, TAPPP, and VIP Preferred # 1.7.17 - 2024-03-27 - PPRA-110: Added card ranges to the /merchants/merchant endpoint response if the `RETURNPROCESSORS` API Option is sent - PPRA-113: Added support for the `Commerce Engine For Cloud` request body type - PPRA-158: Added support for the Commerce Engine request body type - PPRA-160: `cardOnFile.recurringExpiry` and `cardOnFile.recurringFrequency` have a typo in the description where its should be it's - PPRA-162: `hostResponse.reasonCode` has a typo in the description for value 77 - PPRA-163: The `P2PE - TDES DUKPT - MSR/Manual` request body example on the /tokens/add endpoint had incorrect values in the `p2pe` object - PPRA-166: Update the 3D Secure Smart Adviser test triggers to the latest card numbers - PPRA-170: Removed `transaction.auto` from the /transactions/sale endpoint. # 1.7.16 - 2024-02-01 - PPRA-152: Added `accountType` root level field for Interac contact EMV - PPRA-154: Added support for the Manual Card Entry - AES request body on the /tokens/add endpoints - PPRA-155: Added the AccessToken securityScheme to all endpoints except for /credentials/accesstoken - PPRA-156: Fixed examples on the following endpoints to ensure they match the request/response body format. - 3D Secure Notification - /vippreferred/enrollment - /vippreferred/disbursement - /vippreferred/checksale - /vippreferred/addbanking - /vippreferred/accountinquiry - /oct/updaterecipient - PPRA-157: Marked the 3059910000007215 and 30103869233631 test card numbers as Discover - Diners Club International - PPRA-150: Fixed a typo in ACH mandate section where it said mandage instead of mandate - PPRA-153: Updated array size of `device.lineItems` in the /devices/lineitems endpoint to allow a maximum of 10 items. # 1.7.15 - 2023-12-15 - PPRA-144: Added support for Ingenico On-Guard SDE P2PE # 1.7.14 - 2023-12-06 - PPRA-117: 3DS Standalone Fixes: - Removed the value 2 “Bypass 3D Secure authentication” from threeDSecure.initiate field. - Added a note to the customer and shipping elements indicating they are recommended to increase the possibility of frictionless flow”. - Added threeDSecure.securityLevelIndicator to the response on the /3dsecure endpoints - PPRA-118: Add the EMV body to the /tokens/add endpoint - PPRA-119: Fixed the /devices/print request body as it was not correctly showing how to send the data to be printed. - PPRA-122: Added a separate Legacy TrueToken request body for all endpoints with that have a token body - PPRA-123: Added clarification to Two Pass Verification that an issuer can decline the transaction due to invalid CSC rather than returning an approval with an invalid CSC indicator. - PPRA-124: 3D Secure enhancements: - Added the Token request body to the /3dsecure/authorization and /3dsecure/sale endpoints. - Marked the following items as requred for /transasctions/authorization and /transactions/sale using 3D Secure data - `threeDSecure.cryptogram` - `threeDSecure.ecommIndicator` - `threeDSecure.securityLevelIndicator` - `threeDSecure.programProtocol` - `threeDSecure.directoryServerTranId` - Added `threeDSecure.programProtocol` to the /3dsecure/standalone completion response body - Removed 3DS 1.0 from `threeDSecure.programProtocol`. - Removed the Apple Pay/Google Pay information from the /transasctions/authorization and /transactions/sale 3D Secure data request bodies. - PPRA-125: Removed `transaction.saleFlag` from the /3dsecure/standalone response sample. - PPRA-126: Added the F (Funded) value to the 3D Secure sale and refund status update notification webhooks. - PPRA-127: Added `card.securityCode.value` and `card.securityCode.indicator` to the /3dsecure/standalone request body. - PPRA-130: Marked `batch.inclusive` as required in the /batches/submit endpoint - PPRA-132: Updated the description for the amount object to remove the quotes around the example values. - PPRA-134: Added content describing the GTV format. - PPRA-135: Fixed where the Printing Receipts section was showing Transaction Time as EMV tag 9C when it should be 9F21. - PPRA-136: Added merchant.mid and merchant.name to the response for the following endpoints: - /transactions/* - /giftcards/* - /tokens/* - /cards/* - /reports/batchtotals - /batches/submit - /qrpayments/* - /risk/assess - /3dsecure/* - /trustly/* - /tappp/* - /paypal/* - /venmo/* - /vippreferred/* - /oct/* - /ach/* - PPRA-137: Marked `threeDSecure.authenticationSource` as required in the /transactions/authorization and /transactions/sale endpoints 3D Secure request bodies - PPRA-138: Updated the Test Server Trigger Values OCT chart - PPRA-139: Return `merchant.defaultCurrency` in the /merchants/merchant response. - PPRA-140: Added a note to the /merchants/merchant `merchant.dayEndingTime` response field indicating that its only application to US merchants. - PPRA-142: Added `statementSuffix` to the following endpoints: - /transactions/authorization - /transactions/capture - /transactions/sale - /transactions/refund - /transactions/manualauthorization - /transactions/manualsale # 1.7.13 - 2023-09-08 - PPRA-114: Renamed the API from 'Shift4 Platform API' to 'Shift4 Payment API' - PPRA-115: Clarified that SaleFlag is deprecated as a request field but still returned as `transaction.saleFlag` in the GET /transactions/invoice response to indicate the state of the transaction. - PPRA-116: Added a note to the `device.promptPostalCode`, `device.promptCardSecurityCode`, and `device.promptStreetNumber` fields to only send them when overriding the UTG MCE settings # 1.7.12 - 2023-08-30 - PPRA-54: Added ACH support - PPRA-90: Updated `hostResponse.reasonCode` to indicated AVS failures will return `77` and CVV failures will return `N7`. - PPRA-93: Added OCT Test Cards under the Test Card Numbers section of the Appendices. - PPRA-94: Fixed a typo in the POSHANDLEAVSFAIL API Option section where it was referencing `transaction.responseCode` - PPRA-95: Added error 9083,1 to the error list - PPRA-97: Added `transaction.deferredAuth` to the /transactions/sale, /transaction/authorization and /transactions/refund endpoints - PPRA-98: Added a note to the URLs section advising existing integrations may be using an older URL. - PPRA-99: Removed `correlationId` from the API documentation. - PPRA-100: Updated references to 'Shift4 Payments' to be 'Shift4' - PPRA-103: Updated char limit for `transaction.retrievalReference` on the OCT Payout response. - PPRA-105: Updated `customer.postalCode` to clarify that it is alphanumeric only and no special characters are allowed. - PPRA-106: Added `merchant.mid` to the DELETE /transactions/invoice response. - PPRA-108: Added `Token` as an optional request header parameter for the GET and DELETE /transactions/invoice endpoint. - PPRA-109: Added clarity to the P2PE Format section for handling EMV tags. - PPRA-111: Added a note to card.present with examples of subsequent transactions - PPRA-112: Updated `transaction.source` to specify value 3 should be sent for card present transactions that are manually entered on a payment device. # 1.7.11 - 2023-06-12 - PPRA-79 Marked `transaction.source` as required - PPRA-80 Marked the `mPos` object as conditionally required if `transaction.source` = 8 (mPos) - PPRA-84 Added mapping for FRC 22 to the FRC Mapping Table - PPRA-85 Fixed the `dateTime` example value in the /credentials/accesstoken to use the proper format. - PPRA-86 Added the /tokens/delete endpoint - PPRA-87 Fixed the /tokens/duplicate example to use a TrueToken instead of a GTV style token # 1.7.10 - 2023-05-09 - PPRA-50: Added mPOS.type to the /transactions/authorization and /transactions/sale endpoints. - PPRA-52: Updated the `transaction.responseCode` list in /cards/verify to remove invalid values - PPRA-67: Added `correlationId` to OCT and OCT trigger values - PPRA-70: Added error 9961,9 to the error codes - PPRA-73: Updated the offline processing section to indicate that UTG offline mode is now enabled by default. - PPRA-74: Added `transaction.purchaseCard.customerReference` to the /cards/verify endpoint - PPRA-75: Made `card.entryMode` and `card.present` optional in the /oct/payout token request body. - PPRA-76: Fixed where the links in the Quick Chip EMV section were not properly linking to the Swipe Ahead section. - PPRA-68: Fixed the test server trigger value header to be `card.securityCode.result` instead of `card.securityCode.valid`. - PPRA-69: Fixed where the `transaction.responseCode` enums had 'T' listed instead of 'X' - PPRA-71: Fixed the incorrect text in the /trustly/statusinquiry description. - PPRA-72: Removed `card.securityCode` from the risk/assess example. # 1.7.9 - 2023-04-26 - PPRA-63: Added the `risk` object to the /transactions/sale and /transactions/authorization endpoint 200 response. - PPRA-64: Fixed a typo in the `correlationId` description - PPRA-65: Updated the endpoint URLs for all endpoints - PPRA-66: Removed `amount.surcharge` from all endpoints # 1.7.8 - 2023-04-05 - PPRA-55: Fixed the server URLs for the OCT, PayPal, TAPPP, Trustly, Venmo, and VIP Preferred endpoints - PPRA-56: Updated the VIP Preferred endpoints to use `ach.accountNumber` and `ach.routingNumber` instead of `ach.bankAccountNumber` and `ach.bankRoutingNumber`. - PPRA-57: Added `transaction.purchaseCard.customerReference` to the /risk/assess endpoint. - PPRA-58: Added support for `correlationID` - PPRA-61: Updated the `threeDSecure.cryptogram`, `threeDSecure.ecommIndicator`, and `threeDSecure.xid` field definitions for Google Pay to remove the reference to `paymentMethodData.tokenizationData.token` # 1.7.7 - 2023-02-02 - PPRA-43: Added support for OTC Payout and Update Recipient - PPRA-53: Add the 'N' value to the riskRules.result for the /risk/rulestatus endpoint # 1.7.6 - 2023-01-19 - PPRA-46: Updated the description for riskRules.result in the /risk/rulestatus endpoint to clarify that it is the success or failure of the status call. - PPRA-47: Updated riskRules.status description to clarify that the 'A' value cannot be used when riskRules.parameter is card or token. - PPRA-48: Changed riskRule.parameter values from cardNumber to card and emailAddress to email. - PPRA-49: Updated riskRules.result to return 'E' when an error occurs. - PPRA-51: Updated the Test Server Trigger Values to use the new trigger amounts for approval, decline, referral and demo host error # 1.7.5 - 2023-01-10 - PPRA-8: Added support for the /3dsecure/standalone endpoint - PPRA-18: Updated the description for `transaction.source` to clarify that type 6 is Unattended Cardholder Activated Terminal - PPRA-20: Resolved an issue where The Understanding AVS and CSC Verification section was duplicated. - PPRA-21: Updated the description for `transaction.responseCode` 'S' and 'I' to clarify the use cases. - PPRA-23: Added a note to the AVS test triggers section indicating that if a value is sent in the `customer.addressLine1` or `customer.postalCode` field and it does not match one of the triggers it will return `transaction.avs.result` = 'N' - PPRA-24: Updated the documentation so that references to API fields are displayed as code - PPRA-25: The /trustly/deposit initial deposit response body was missing the `trusty.redirectReason` field - PPRA-27: Removed `card.type` from the `P2PE via IDTech Device`, `P2PE - TDES DUKPT - EMV`, and `P2PE - TDES DUKPT - MSR/Manual` request bodies on the /transactions/sale, /transactions/authorization, /transactions/refund, /transactions/manualsale, and /transactions/manualauthorization endpoints - PPRA-28: Added `card.token.value` to the /risk/assess response. - PPRA-29: Added `customer.shipping` to the 3dsecure/sale, 3dsecure/authorization, 3dsecure/standalone, and 3dsecure/verifycard endpoints. - PPRA-30: Fixed the spelling of 'canceled' to be 'cancelled' to keep the documentation consistent. - PPRA-31: Added value 6 to the `threeDSecure.eCommIndicator` field. - PPRA-32: Added `currencyCode` to the /tranasctions/capture request. - PPRA-33: Marked `postalCode` as optional for all 3dsecure endpoints. - PPRA-34: Created separate request bodies for Card Number and Token in the 3dsecure/sale, 3dsecure/authorization, 3dsecure/verifycard, and 3dsecure/standalone endpoints - PPRA-35: Fixed the casing on the test and production URLs for the /venmo/customer endpoint. - PPRA-36: Added support for the `reportingData` object in the /transactions/authorization, /transactions/sale, /transactions/refund, /transactions/manualauthorization, /transactions/manualsale, /transactions/capture, /3dsecure/authorization, and /3dsecure/sale endpoints. - PPRA-37: Added clarification to the Access Token Exchange section of the Development Quick Start Guide indicating that the Access Token should be stored securely. - PPRA-38: Added support for the /risk/rulestatus and risk/ruleupdate endpoints - PPRA-39: Added support for returning `emv.tlvData` in the /transactions/authorization, /transactions/sale, and /transactions/refund responses - PPRA-40: Added `transaction.source` to the /3dsecure/authorization, /3dsecure/sale, and /3dsecure/verifycard endpoints - PPRA-41: Removed `transaction.hotel`, `transaction.auto`, `transaction.airline`, and `transaction.amex` from all 3dsecure endpoints. - PPRA-42: Removed `receiptColumns` from all 3dsecure endpoints. - PPRA-44: Removed `transaction.businessDate` from all 3dsecure endpoints. - PPRA-45: Added the /risk/ruleupdate and /riks/rulestatus endpoints. # 1.7.4 - 2022-09-26 - PPRA-12: `cardOnFile.type` should only contain the 'U08' option on the /transactions/capture endpoint - PPRA-13: `cardOnFile.type` should only contain the storage options on the /3dsecure/verifycard endpoint - PPRA-14: Update `cardOnFile.transactionId` description to not store the new transationId received in subsequent transaction responses - PPRA-15: Break out the Wallet/3DSecure using Card Number body into separate bodies for 3D Secure, Apple Pay and Google Pay. - PPRA-16: Add the date format to the `transaction.businessDate` field - PPRA-17: Update the `transaction.airline.tickets.passengerName` description to clarify that there are no dashes in the name # 1.7.3 - 2022-09-12 - PPRA-9: Updated the IIAS amounts to separate the Amount Type 4V 'Vision/Optical' and not include it under the type 4S 'Healthcare' total healthcare amount. - PPRA-10: Added support for SCA contactless EMV requiring card insertion # 1.7.2 - 2022-08-18 - PPRA-2: Added `ReversalReason` to the header parameters in the DELETE /transactions/invoice endpoint - PPRA-3: Added `transaction.source` to the /transactions/authorization, /transactions/sale, /transactions/refund and /transactions/capture endpoint - PPRA-4: Simplified the Card On File API by deprecating many of the fields and replacing them with a `cardOnFile.type` field - PPRA-5: Updated the `amount.total` description to clarify that the amount can not be zero. - PPRA-6: Added support for contactless EMV SCA Online PIN required scenario by returning `transaction.responseCode = S`. - PPRA-7: Added the [Converting Legacy Interfaces]'#tag/Converting-From-Legacy-Interfaces' section to assist vendors who are upgrading from a legacy TCP or HTTP interface. # 1.7.1 - Added support for the vippreferred/accountinquiry endpoint. - Added support for the vippreferred/addbanking endpoint. - Added support for the vippreferred/enrollment endpoint. - Added support for the vippreferred/checksale endpoint. - Added support for the vippreferred/disbursement endpoint. - Added the 3D Secure Smart Adviser Test Triggers section. # 1.7.0 - Added support for card not present payment processing in Europe. - Added support for the 3D Secure Smart Adviser endpoints /3dsecure/sale, /3dsecure/authorization, /3dsecure/completion, /3dsecure/verifycard and 3D Secure Notification. - Added `currencyCode` to the /transactions/sale, /transactions/authorization, /transactions/refund, /transactions/manualauth, and /transactions/manualsale endpoints. - Added 'Y', '1', '2', and '3' to the `card.securityCode.result` response field. - Added `recurringExpiry` and `recurringFrequency` to the `transaction.cardOnFile` object. - Added `transaction.authType` to the /transactions/authorization endpoint. - Added an incremental auth request body to the /transactions/authorization endpoint. - Added `customer.phoneCountry` to the /trustly/capture and /trustly/deposit initial request bodies. - Added `error.code` and `error.severity` to the error response body. - Updated the `credentials.accessToken` field length to 52 characters. - Removed `card.securityCode` from the risk/assess request. - Removed the max length value form the `emv.tlvData` field. - Removed `token.serialNumber` from the giftcard/cancel endpoint. - Updated `customer.region` description to clarify that its using the ISO-3166-2 standard. - Added a Card On File use case table. - Added a Currency Codes table. # 1.6.15 - Added support for the /paypal/sale endpoint. - Added support for the /paypal/refund endpoint. - Added support for the /venmo/sale endpoint. - Added support for the /venmo/refund endpoint. - Added support for the /venmo/customer endpoint. - Fixed `transaction.hostResponse.reasonCode` where it had the value 51 listed twice. - Updated `transaction.expirationDate` to clarify that its 3-4 characters. - Clarified that the `productDescriptors` array is limited to 4 elements and that each element can contain a maximum of 40 characters. - Added `trustly.redirectReason` to the /trustly/capture and /trustly/deposit responses. - Marked `transaction.airline.travelAgencyCode` and `transaction.airline.travelAgencyName` as conditional fields. # 1.6.14 - Modified the trustly notification to be a webhook rather than an endpoint. # 1.6.13 - Added `ticketFare` to the `transaction.airline.ticket` array. # 1.6.12 - Fixed the 504 timeout error response example where the primaryCode was showing 995 instead of 9951. # 1.6.11 - Added `customer.emailAddress` and `customer.ipAddress` to the /transactions/sale and /transactions/authorization endpoints. # 1.6.10 - Added clarifications to the `transaction.cardOnFile.usageIndicator` and `transaction.cardOnFile.transactionId` descriptions. # 1.6.9 - Clarified the format for `transaction.airline.ticket.passengerName` # 1.6.8 - Added the /tokens/duplicate endpoint back to the doc with a note that it is for legacy style tokens only. - Fixed the example in the Trustly notification where `trustly.account.profile` was showing as a string instead of an integer. - Marked the /batches/submit and /reports/batchtotals endpoints as being supported only through the hosted REST servers. # 1.6.7 - Added support for the airlines industry. - Fixed the production URL for the /risk/assess endpoint. - Fixed the GET /merchants/merchant example where the `voiceCenter.accountNumber` was showing as an integer instead of a string. # 1.6.6 - Renamed `transaction.id` to `transaction.s4RiskId` and `risk.id` to `risk.tranId`. - Added clarification to `transaction.responseCode` values 'D' and 'f' regarding the POSHANDLEAVSFAIL API Option. - Added clarification to the POSHANDLEAVSFAIL API Option that one pass AVS/CVV failures will result in `transaction.responseCode` 'f'. - Renamed the Partial Authorization section to Partial Approval. # 1.6.5 - Updated the /giftcards/activate, /giftcards/deactivate, /giftcards/cashout, /giftcards/, /giftcards/reactivate, /giftcards/reload, and /giftcards/balance endpoints to have unique request body schemas based on the request type. - Updated the /tokens/add endpoint to have unique request body schemas based on the request type. - Updated the /cards/verify and /cards/identify endpoints to have unique request body schemas based on the request type. # 1.6.4 - Fixed a typo in the `shoppingCart` array where the field `quantity` was misspelled. # 1.6.3 - Updated all fields that were the type was set as currency to be set as number - Fixed examples where SourceIp was incorrectly listed as SourceIP. # 1.6.2 - Added support for the /risk/assess endpoint - Added `transaction.id`, `risk.id` and `risk.assessment` to the /transactions/sale and /transactions/authorization endpoints. These values must be sent if the /risk/assess call was made prior to the transaction. - Added the 'A' value to `transaction.authSource` - Added `transaction.authSource`, `transaction.responseCode`, and `transaction.hostResponse` to the /trustly/capture, /trustly/deposit, /trustly/refund, and /trustly/cancel endpoints - Added the /trustly/statusinquiry endpoint - Added `transaction.authSource`, and `transaction.responseCode` to the /tappp/cancel, /tappp/capture, /tappp/decryptpayload, /tappp/initiatepayment, and /tappp/tokenstatus endpoints. # 1.6.1 - Added the `lighthouse` object back to the /transactions/sale endpoint with clarification that it is for Skytab transactions only. # 1.6.0 - Added support for the /tappp/initiatepayment endpoint - Added support for the /tappp/decryptpayload endpoint - Added support for the /tappp/tokenstatus endpoint - Added support for the /tappp/capture endpoint - Added support for the /tappp/cancel endpoint - Added `transaction.saleFlag` to the GET /transactions/invoice response # 1.5.8 - Updated the transaction flow diagram to show the 9551,4 error will come back as a 200 response not a 400 response. - Added `transaction.retrievalReference` to the /transactions/authorization, /transactions/capture, /transactions/sale, and /transactions/refund responses. - Added `card.token` to the /cards/verify response. - Added `transaction.cardOnFile` to the /cards/verify request and response. - Added `transaction.cardOnFile` to the /transactions/authorization response. # 1.5.7 - Added the 'X' value to the `transaction.responseCode` field. # 1.5.6 - Fixed the `device.promptInput.index` description so that the values are in a properly formatted table. # 1.5.5 - Added a link to the P2PE format section when referencing P2PE format 05 in the various transaction endpoints. - Added additional values to the `hostResponse.reasonCode` field to cover additional card brands. # 1.5.4 - Added the [Development Quick Start]'#section/Development-Quick-Start' section. # 1.5.3 - Added `merchant.mid` to the merchants/merchant response - Added `transaction.vendorReference` to the trustly notification request. # 1.5.2 - Broke down the /trustly/capture and /trustly/deposit process flow into eparate diagrams for initial and subsequent requests. - Added process flow diagrams to the /trustly/cancel and /trustly/refund requests - Fixed a typo in the Trustly refund response example where the tag was listed as `originalnvoice` instead of `originalInvoice` # 1.5.1 - Added `trustly.transactionId` to the /trustly/cancel and /trustly/refund requests - Removed `amount` from /trustly/cancel request - Added the Restaurant Authorization and Settlement Flow section to Basic Concepts # 1.5.0 - Added support for the /trustly/capture endpoint - Added support for the /trustly/deposit endpoint - Added support for the /trustly/refund endpoint - Added support for the /trustly/cancel endpoint - Added support for the Trustly notification request # 1.4.5 - Updated the /transactions/manualauthorization and /transactions/manualsale endpoints to have unique request body schemas based on the request type. # 1.4.4 - Updated the /transactions/refund endpoint to have unique request body schemas based on the request type. # 1.4.3 - Updated the /mode/offline and /mode/online endpoints to include AccessToken in the header. # 1.4.2 - Updated the /transactions/sale endpoint to have unique request body schemas based on the request type. - Fixed the `cardOnFile.usageIndicator` where the enums were specified as "Initial" and "Subsequent" instead of "01" and "02" - Fixed the `cardOnFile.scheduledIndicator` where the enums were specified as "Scheduled" and "Unscheduled" instead of "01" and "02" - Added `transaction.businessDate` to the /transactions/refund endpoint # 1.4.1 - Added a Wallet/3D Secure Using Card Number request body to the /transactions/authorization endpoint. - Fixed the `receiptColumns` length to 2 characters. # 1.4.0 - Updated the /transactions/authorization endpoint to have unique request body schemas based on the request type. - Updated the [Understanding Card Tokens]'#tag/Understanding-Card-Tokens' section to utilize Global Token Vault tokenization. Moved the legacy tokenization methodology to the [Legacy Card Tokens]'#tag/Legacy-Card-Tokens' - Removed Universal Token from the /giftcard endpoint responses. - Updated the text in the Two Pass Verification section to clarify that the gateway will automatically void a Two Pass Verification failure. # 1.3.0 - Added the /giftcards/allocate endpoint. # 1.2.5 - Added clarification to the /transactions/capture endpoint to indicate that the `card` object is required. # 1.2.4 - Added clarification to `card.entryMode` that the field is not needed when P2PE data is being sent from a non-UTG controlled device. # 1.2.3 - Added `hostResponse` object to transaction object in 200 authorization response. - Added a note to the `transaction.invoice` description to clarify that it is a numeric only field even though it is sent as a JSON String. # 1.2.2 - Added `device.serialNumber` for non-utg controlled devices. - Added `device.manufacturer` and `device.model` to the /refund endpoint # 1.2.1 - Updated the /devices/info responses to reflect the different data that is returned based on device type. # 1.2.0 - Added the /mode endpoint used to put UTG into offline mode via an API call. - Added expiration date to the "Using token" examples for various endpoints. - Clarified the `dateTime` field to be in the merchant's time. - Fixed the /giftcards/cancel endpoint to include token data. # 1.1.8 - Fixed the Max Length for `VendorReference` to 50 - was previously 60. # 1.1.7 - Added `card.present` to the /cards/verify endpoint # 1.1.6 - Added response values to the `threeDSecure.cavvResult` field - Clarified the description for `BusinessDate` on the reports/batchtotals and batches/submit endpoints. # 1.1.5 - Added `ReceiptColumns` to the /transactions/invoice GET and DELETE endpoints # 1.1.4 - Added additional `threeDSecure` fields. - Updated max length for previously configured `threeDSecure` properties. # 1.1.3 - Added `qrCode.qrPayIndicator` to the /transactions/authorization and /transactions/sale endpoint request. # 1.1.2 - Added the `lighthouse` object to the 400 and 504 responses. # 1.1.1 - Added the `extendedCardData` field to the /transactions/authorization and /transactions/sale endpoints. Used when processing 3D Secure, Apple Pay and Google Pay transactions via i4Go. # 1.1.0 - Added endpoints for /qrpayments/getqrcode, /qrpayments/getqrpaymentstatus, /qrpayments/getqrdetails, /qrpayments/cancelqrpayment - Added Apple Pay/3D Secure support to the /transactions/authorization and /transactions/sale endpoints. This feature is still in certification and is subject to change. # 1.0.28 - Added content to the `notes` Field definition stating, "Escaped quotation marks should not be sent in the Notes field." - Added the following note to the Endpoints definition under the Introduction. Note: The Shift4 REST API responses will filter out values that are empty strings, false 'Boolean', or zeros 'numeric'. For example, if a zero is sent in a numeric field such as tax, the API will not return that field in the response. - Added the `amount.tax` field to the /transactions/refund endpoint. - Added the `transaction.purchaseCard` object to the /transactions/refund endpoint. # 1.0.27 - Added Federal law requirement to truncate credit card information on receipts. This was added under Printing Receipts, EMV Receipts, and under the API Option RETURNEXPDATE. # 1.0.26 - Updated the `transaction.manualTranid` definition and updated its application to just Manual Authorization, and Manual Sale. # 1.0.25 - Added `transaction.manualTranid` and `transaction.vendorReference`, to Authorization, Capture, SalePurchase, Refund, Manual Authorization, and Manual Sale. # 1.0.24 - Corrected two typos. One in How Global TokenStore Works 'for the purpose of this example' and the other in Formatted Receipts 'receipts'. # 1.0.23 - Added Acceptable Test Card Trigger Numbers table, Required EMV Authorization Request Tags table, Required Contactless EMV Authorization Request Tags table, and Financially Sensitive EMV Tags table. - Added card types CI 'Citgo' and BC 'Backed Card'. - Added PRINTTIPLINE to the API Options. # 1.0.22 - Added `lighthouse.data` to the 200 response for the /transactions/sale endpoint # 1.0.21 - Added `customer.firstName` and `customer.lastName` to the 200 response for the following endpoints: /transactions/authorization, /transactions/capture, /transactions/sale, /transactions/invoice, /transactions/manualauthorization, and /transactions/manualsale # 1.0.20 - Fixed `promptSecurityCode` to reflect the correct field name - `promptCardSecurityCode`. - Fixed `overrideBusDate` to reflect the correct field name - `transaction.businessDate`. # 1.0.19 - Added header for Device Manufacture Only API Options. - Added CONTACTLESSEMVCAPABLE API Option with definition # 1.0.18 - Changed the `AccessToken` in the example to a working value so that it can just be copied/pasted for quick testing. - Changed the `authToken` and `clientGuid` in the credentials/accesstoken request to a working value so that it can just be copied/pasted for quick testing. # 1.0.17 - Added `receiptColumns` # 1.0.16 - Added API Option header parameter to GET transactions/invoice # 1.0.15 - Added IGNOREEXPIRY Api Option - Added the `lighthouse` object - Added Card On File Transaction content to Advanced Concepts # 1.0.14 - Added `cardOnFile` object - Added universal token object and GET /tokens/universaltoken endpoint - Corrected endpoint for POST /devices/termsandconditions # 1.0.13 - Corrected endpoint for DELETE /tokens - Updated response format and sample for POST /tokens/add - Updated response format for POST /cards/identify - Updated sample responses for several gift card endpoints # 1.0.12 - Updated `device` object - Updated /cards/identify response format # 1.0.11 - Updated parameters for formatted receipt - Reformatted Test Server Trigger Values section # 1.0.10 - Updated use cases - Added trigger for decline on a refund - Updated Citcon section # 1.0.9 - Updated void use case - Updated upload signature request format # 1.0.8 - Updated `responseCode` information # 1.0.7 - Updated `card.type` information # 1.0.6 - Updated void response format - Updated capture request format - Added `transaction.amex` object - Added `transaction.saleFlag` # 1.0.5 - Updated information on UTG and offline behavior - Corrected parameters on some devices endpoints # 1.0.4 - Updated Printing Receipts section - Rebranded DotN to LTM and Shift4's Gateway - Expanded information about closing batches - Added `device.manufacturer` and `device.model` # 1.0.3 - Updated `device.capability` object - Added `formattedReceipt` object and header # 1.0.2 - Added emv fields for fallback scenarios - Updated descriptions for `customer` and `device.capability` objects - Updated sample requests and responses # 1.0.1 - Added the following endpoints: /devices/promptinput, /giftcards/cancel - Added partial approval `responseCode` to the Transaction Flow Diagram - Updated the "conditional" statements about several fields # 1.0.0 - Removed Sandbox URLs - Added the following endpoints: /devices/prompttermsandconditions, /devices/initializereaders, /devices/promptcardread, /devices/processform # 0.7.28 Beta - Added the following endpoints: /devices/promptconfirmation, /devices/lineitems, /devices/info, /devices/reset - Added `apiOption` POSHANDLEAVSFAIL - Added information regarding contactless EMV # 0.7.27 Beta - Updated description of debit-related fields - Removed the /cards/block, /cards/blockstatus, /cards/unblock endpoints # 0.7.26 Beta - Added a test card for Discover's new BIN range - Updated the request formats for some of the /cards, /devices, and /tokens endpoints # 0.7.25 Beta - Added the following endpoints: /cards/verify, /cards/identify, /cards/block, /cards/unblock, /cards/blockstatus, /devices/print, /devices/promptsignature, /tokens/4words # 0.7.24 Beta - Re-added the /tokens/delete endpoint - Added endpoints for /reports/batchtotals and /batches/submit - Added information about responseCode 'P' 'partial approval' - Updated the P2PE data samples # 0.7.23 Beta - Changed `customer.streetAddress` to `customer.addressLine1` # 0.7.22 Beta - Updated samples for Using EMV with P2PE - Updated Transaction Flow Diagram - Added `overrideBusDate` parameter # 0.7.21 Beta - Added URL example for locally installed UTG # 0.7.20 Beta - Added `device.capability` object # 0.7.19 Beta - Updated EMV & P2PE information - Corrected the response format # 0.7.18 Beta - Removed display of meaningless extra names for fields and objects 'ex: CustomerObject' - Added Gift Cards endpoints, Manual Sale and Manual Authorization # 0.7.17 Beta - Added image for Transaction Flow Diagram # 0.7.16 Beta - Added multiple versions of request bodies for several endpoints - Re-ordered request and response fields for greater consistency - Added example value for `signature.data` and `emv.tlvdata` - Fixed missing descriptions on some fields in error result schemas # 0.7.15 Beta - Updated several design consideration sections to reflect API flow changes # 0.7.14 Beta - Updated the response format for several endpoints - Removed references to a few deprecated API Options and fields # 0.7.13 Beta - Split "Design Considerations" into multiple groups and relocated them to be after "Endpoints" - Updated references to old field names - Fixed unintentional linebreaks on several "Warning" messages # 0.7.12 Beta - Updated sample error responses to be more accurate for each endpoint # 0.7.11 Beta - Added `clerk` to sample response for multiple endpoints - Added 504 response type - Added information about special characters on some header parameters - Converted several lists to tables 'for enum's' # 0.7.10 Beta - Updated name for /transactions/authorization endpoint - Added header fields for /credentials/accesstoken endpoint # 0.7.9 Beta - Removed `metatoken` object and RETURNMETATOKEN APIOption # 0.7.8 Beta - Added `result` parent object in responses - Removed /tokens/delete endpoint # 0.7.7 Beta - Added the Hotel and Auto Rental blocks to the Capture request. - Removed the body from the DELETE functions in transactions/invoice and tokens/delete. - Fixed where some string fields were showing up as non-strings in the examples. # 0.7.6 Beta - Fixed the `credential` object in the Access Token Exchange request so that it is singular. - Fixed the `dateTime` description and examples to show the colon in the time offset. - Fixed the server URLs to include /api/rest in the path. # 0.7.5 Beta - Extended the Trigger Values section - Extended the Error Codes section # 0.7.4 Beta - Changed the casing on the Header parameters. # 0.7.3 Beta - Added Receipt Printing Requirements content - Removed `apiOptions` from responses