Checkout

To request a recommendation at this endpoint use either the Checkout Pre-auth or Checkout Post-auth checkpoint.

POST api.ravelin.com/v2/checkout

timestamp integer

required

The time at which this data payload was valid. When sending events in realtime, this will usually be 'now'. This is used to merge data that arrives out-of-order.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

eventType string

optional

An eventType should identify what event in your system triggered this API call.

Pattern: ^[a-zA-Z0-9][a-zA-Z0-9-_]*$

customerId string

important

The ID of the customer navigating through the checkout process. Mutually exclusive with customer.

customer object

important

The customer navigating through the checkout process. Mutually exclusive with customerId.

Show definition

customerId string

required

The unique identifier of the customer. If your system allows anonymous checkout then we recommend making this the customer's email address.

registrationTime integer

important

The time that the customer registered. If this value is unknown, you can set it to 'now' - Ravelin will retain the earliest value you have sent for this customer ID.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

email string

important

The email address of the customer.

emailVerifiedTime integer

optional

The time at which the customer verified their email, usually by following a link back to your website from an email you sent to their address.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

name string

important

The full name of the customer. If you have the name split into parts, consider familyName and givenName instead.

familyName string

important

The surname/last name of the customer. If you do not have the name split into parts, consider name instead.

givenName string

important

The first/given names of the customer. If you do not have the name split into parts, consider name instead.

telephone string

important

The telephone number of the customer. Best in E.164 format with an international dialing code.

telephoneVerifiedTime integer

optional

The time at which the customer verified their telephone number, usually by confirming a code from an SMS you sent to the number.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

telephoneCountry string

optional

The country the telephone number directs to. Note that the country is not an adequate replacement for the international dialing code in the Dominican Republic or Puerto Rico where multiple dialing codes are used.

A ISO 3166-1 Alpha 3 or Alpha 2 country code.

passwordBcrypted string

optional

The bcypted form of the password for this customer. By its nature, the bcrypt operation is slow. Consider using passwordHashed if this is too slow for you.

passwordHashed string

optional

The SHA256 form of the password for this customer. This must be base64 encoded.

password string

optional

The plaintext password for the customer. We never store the raw password but for security we recommend using one of the hashing options instead of the plaintext option.

passwordChanged boolean

optional

Set to true on events where the password has been changed, false or omit otherwise.

tags object

optional

The tags to set or unset. Use the tag ID followed by true or false, depending on whether you want to set or unset the tag.

location object

optional

Show definition

custom object

optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

username string

deprecated

The username the customer would log in with.

gender string

deprecated

The gender of the customer.

balance object

deprecated

The wallet contents of the customer, in the form of an object whose keys are currencies and values the amount held in that currency, in the currency's basic units.

banned boolean

deprecated

Whether the customer is banned in your systems.

country string

deprecated

The home country for this customer. Doesn't change when the customer is briefly abroad.

market string

deprecated

The logical region in which this customer exists.

Pattern: ^[0-9a-z-]*$

marketCity string

deprecated

The logical city in which this customer exists.

Pattern: ^[0-9a-z-]*$

tempCustomerId string

optional

A temporary ID for a customer when the real account ID has yet to be minted. This must eventually be sent in conjunction with a real customer ID to migrate the data into the full customer account.

order object

important

The order describing the goods or services the customer wants to, or has attempted to buy.

Show definition

orderId string

required

A unique identifier for this order.

creationTime integer

important

The time that the order was submitted by the customer. Used in reporting.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

app object

important

The mobile or web app that this order was submitted on. Used for segmenting business analytics and creating app-specific risk profiles.

Show definition

status

important

The stage of order in the purchase and delivery flow. Used in reporting.

One of the following:

Pending: The order is yet to be submitted for payment and processing, and you are yet to decide whether you will accept the order.

Show definition

Accepted: The customer has submitted the order and you intend to fulfill it. This stage is useful if you provide the goods and services before taking payment. If you take payment immediately, you can consider the order fulfilled.

Show definition

Failed: Something went wrong, and the order can no longer be fulfilled.

Show definition

Cancelled: The order has been cancelled.

Show definition

Fulfilled: The goods have been provided to the customer and payment has been successfully taken.

Show definition

Refunded: The order has been refunded.

Show definition

price integer

important

The total price for this order, including delivery and taxes, in the currency's basic units. This price should always equal the sum of each items', tickets', and rooms' price times quantity.

currency string

important

The currency of the price for this order as an ISO 4217 currency code.

Pattern: ^[a-zA-Z]{3}$

country string

important

The country the order should be attributed to for reporting and risk bucketing. Should reflect the country segmentation that you use for your reporting internally, whether that's by billing or shipping address, for example.

market string

important

The country-group market the customer belongs to. E.g. 'southamerica', 'europe', 'emea'. Used for reporting and risk bucketing.

Pattern: ^[0-9a-z-]*$

marketCity string

important

The city that the customer belongs to. Used for reporting and risk bucketing.

Pattern: ^[0-9a-z-]*$

category string

optional

The highest level category that applies to this order as a whole, e.g. the type of service provided. See item.category to describe individual order items.

to object

important

The delivery or drop-off location of the order. For taxis, can be the requested drop-off location to begin, and updated to the actual drop-off location once known.

Show definition

from object

optional

The pick-up location of the order. For taxis, can be the requested pick-up location to begin, and updated to the actual pick-up location once known.

Show definition

items array

important

The line items of the order, describing what the customer is purchasing. Including, but not limited to, products, services, journeys, tips, taxes, and delivery fees.

Show definition

quantity integer

required

Number of copies of this item that are present in the basket (set to 0 to remove).

sku string

optional

A merchant specific identifier for an item or a service.

name string

optional

The name of the product or service that is being purchased.

price integer

important

The total price for a single one of these items, in the currency's basic units.

currency string

optional

The currency of the price for this order item as an ISO 4217 currency code. Defaults to order currency.

Pattern: ^[a-zA-Z]{3}$

brand string

optional

The name of the brand that the item is from.

upc string

optional

The name of the Universal Item Code.

category string

optional

The highest level category that this item is sold in.

subcategory string

optional

A category that this item is sold in.

executionTime integer

optional

The scheduled time for the service described by this item.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

eventTicket object

optional

If the item being purchased is a ticket for an event, associate the ticket and event information here.

Show definition

ticket object

required

The ticket information for this event.

Show definition

event object

required

The event the ticket is granting access to. This could be a access to an event, an attraction, or any other activity the customer is purchasing a ticket to attend.

Show definition

eventId string

required

A unique identifier for this event.

category string

required

The category that best described the type of event.

One of: adventure, attraction, conference, convention, culinary, business, family, festival, health, live show, music, party, social, sport, or other.

venue object

required

The location the event will take place.

Show definition

name string

optional

The name of the event.

description string

optional

A short description of the event.

startTime

optional

Timestamp at which event is scheduled to start. If the event is ongoing/recurring, you can use the ticket time here.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

endTime

optional

Timestamp at which event is scheduled to end. If the event is ongoing/recurring, you can use the ticket time here.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

guest object

optional

The individual who will be attending the event.

Show definition

travelTicket

optional

If the item being purchased is a ticket for travel, associate the journey information here.

Show definition

ticketId string

required

A unique identifier for the ticket

description string

optional

A human-readable text description of what the ticket provides

passenger object

optional

The person travelling with this ticket.

Show definition

routes array

optional

The list of routes that this ticket grants the holder travel on.

Show definition

direction string

optional

The direction of travel along this route, e.g. 'outward' or 'return'.

journeyId string

optional

This is an optional unique id to tie routes together. For example, You can tie a outbound and return route together with this. This way you can have multiple return tickets in one order and routes can be logically grouped together. This must be GLOBALLY UNIQUE

legs array

optional

This is the list of travel legs taken by the passengers. It may contain any number of legs but must start at the first departure and end up at the final destination

Show definition

legId string

required

The ID of the current leg. For flight tickets, flight number (e.g. 'BA101'). For bus tickets, bus number (e.g: 'A7')

departurePortCode string

optional

Departure port code for the current leg. For flights: the 3 letter IATA airport code.

departurePort object

optional

The location of the departure port for the current leg. For flights: the location of the airport.

Show definition

departureCity string

optional

The name of the city of departure for the current leg.

departureCountryCode string

optional

The ISO 3166 country code (2- or 3-letter) for the departure country of the current leg.

departureTime integer

optional

The departure time for the current leg.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

arrivalPortCode string

optional

Arrival port code for the current leg. For flights: the 3 letter IATA airport code.

arrivalPort object

optional

The location of the arrival port for the current leg. For flights: the location of the airport.

Show definition

arrivalCity string

optional

The name of the city of arrival for the current leg.

arrivalCountryCode string

optional

The ISO 3166 country code (2- or 3-letter) for the arrival country of the current leg.

arrivalTime integer

optional

The arrival time for the current leg.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

carrierName string

optional

The name of the carrier/company conducting the current leg.

carrierCode string

optional

A publicly agreed code describing the carrier/company conducting the current leg. For Flights, this is the IATA 2 letter carrier code.

transportationType string

optional

The type of transportation.

One of: plane, train, bus, or ship.

seatReservation boolean

optional

Whether there are seat reservations on this leg.

custom object

optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

custom object

optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

travelInsurance boolean

optional

If the passenger purchased travel insurance.

ticketClass string

optional

The class of travel this ticket grants access to.

One of: business, economy, first, or standard.

ticketType string

optional

The type of ticket this belongs to. This includes round trip, multi city, open return, etc

validUntilTime integer

optional

The time that this ticket can be used until.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

fulfilmentMethod string

optional

The method in which a customer obtains their tickets. E-mail, pickup at station, physical mail, etc

loyaltyCardId string

optional

The identifier for a loyalty card used on this order. If no loyalty card is used just omit this field

discountCardId string

optional

The identifier for a loyalty card used on this order. If no loyalty card is used just omit this field

accommodation object

optional

If the item being purchased represents accommodation being booked, associate the trip information here.

Show definition

refundable boolean

required

Whether this booking is refundable or not.

payOnArrival boolean

required

Whether the payment is taken at the hotel during check-in.

guest object

optional

The individual the booking is registered under (i.e the individual who will be checking in to the hotel). Either the current customer or another individual who the customer is booking the room on behalf of.

Show definition

freeCancellationUntilTime integer

optional

Timestamp at which any free cancellation period ends (unix time). Ignore if there is no free cancellation period.

paymentDueBeforeTime integer

optional

Timestamp at which payment is due. Ignore if payment is taken immediately at booking.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

hotel object

optional

Information on the hotel that the room is located in.

Show definition

room object

optional

Information on room being booked.

Show definition

custom object

optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

note string

optional

Descriptive text relating to the contents or nature of the order being completed.

email string

optional

Contact e-mail for this order.

telephone string

optional

Contact phone number for this order. Best in E.164 format with an international dialing code.

telephoneCountry string

optional

Contact phone number's country

sellerId string

deprecated

The unique identifier of the seller/counterparty in the transaction, if not your business. E.g. The restaurant, driver ID, etc.

custom object

optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

executionTime integer

deprecated

Deprecated in favour of items.executionTime. Execution or pick-up time of the order.

suppliers array

optional

Suppliers (e.g. restaurants, couriers or drivers) involved in this order.

Show definition

paymentMethod object

important

A primary payment method to be charged in completing the checkout process. Mutually exclusive with paymentMethodId and paymentMethods. One of the following:

One of the following:

card: A credit or debit card.

Show definition

methodType string

required

Vault card payment method indicator.

One of: card, creditcard, or debitcard.

paymentMethodId string

required

A unique identifier for this payment, specific to this customer. Two customers should not use the same paymentMethodId.

scheme string

optional

The card network or scheme, such as visa or mastercard. Ravelin will identify the scheme on your behalf if you send the cardBin, which should be preferred.

instrumentId string

important

A unique identifier for the physical card, shared between customers. Used to link cards in Connect. Must not be a hash of the PAN.

If you use multiple PSPs who each generate their own equivalent of an instrumentId, you should consider prefixing their values to indicate their origin to avoid collisions. Common examples include Stripe's fingerprint, or Braintree's unique_number_identifier).

pan string

pci, optional

The full Primary Account Number of the card. Used by Ravelin to determine the instrumentId for this card. If specified, you do not need to provide instrumentId, cardBin or cardLastFour. Only PCI DSS SAQ-D certified merchants should submit the PAN to Ravelin. You must not send requests containing this field to api.ravelin.com, and must instead use pci.ravelin.com. Please see <a href='/guides/pci'>our PCI DSS documentation</a> for more information.

cardBin string

important

The first six digits of the card number/PAN. The Bank Identification Number (BIN), recently more commonly known as the Issuer Identification Number (IIN).

Given the BIN, Ravelin will populate the issuer, country of issuance, and card type on your behalf.

cardLastFour string

important

The last four digits of the card number/PAN.

issuer string

optional

The card issuer, who the true cardholder will report fraud to. Ravelin will identify the issuer on your behalf if you send the cardBin, which should be preferred.

prepaidCard boolean

optional

Whether this is a prepaid debit card. Ravelin will identify whether the card is prepaid on your behalf if you send the cardBin which should be preferred.

countryIssued string

optional

The country that the card was issued in. Ravelin will identify the country of issuance on your behalf if you send the cardBin, which should be preferred.

A ISO 3166-1 Alpha 3 or Alpha 2 country code.

expiryMonth integer

important

The expiry month of the card.

expiryYear integer

important

The expiry year of the card.

eWallet string

deprecated

The e-Wallet to which the customer associated the card.

One of: applepay, googlepay, samsungpay, amazonpay, or visacheckout.

nameOnCard string

important

The cardholder name.

billingAddress object

important

The address of the registered cardholder, as used to pass AVS checks. It is common to have fewer location details for this address, but provide what you have.

Show definition

corporateCard boolean

optional

Whether this payment method is a corporate card.

virtualCard boolean

optional

Whether this payment method is a virtual card.

successfulRegistration boolean

optional

Whether the card was successfully registered with your gateway/PSP.

registrationTime integer

important

The time that the card was saved to the customer's account. (Not the card start date.)

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

lastVerified integer

optional

The time at which the payment method was last verified by the customer. An example mechanism would be a random amount charged to the customer's card that they can confirm the amount of.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

compromised boolean

optional

Whether the card has been compromised.

compromisedReason string

important

The reason why the card is considered compromised.

One of: cloned, databreach, found, lost, stolen, frozen, defrosted, or uncompromised.

custom object

optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

active boolean

deprecated

Whether this card is still saved to the customer's account.

banned boolean

deprecated

Whether this card has been banned.

nickName string

deprecated

The nickname the customer has given the payment method.

cardType string

deprecated

The card network or scheme, such as visa or mastercard. Ravelin will identify the cardType on your behalf if you send the cardBin, which should be preferred.

paymentMethodCipher: An encrypted payment method, containing the full card details encrypted via a Ravelin SDK.

Show definition

methodType string

required

Client-side encrypted card payment method indicator.

Only: paymentMethodCipher.

cardCiphertext string

required, pci

The card ciphertext produced by the Ravelin SDK card encryption.

This field constitutes cardholder data, and submission of this field therefore requires PCI DSS SAQ-A or SAQ-AEP certification. You must not send requests containing this field to api.ravelin.com, and must instead use pci.ravelin.com.

Please see our PCI DSS documentation for more information.

aesKeyCiphertext string

required

The AES Key ciphertext produced by the Ravelin SDK card encryption.

algorithm string

required

The algorithm used to generate the ciphertexts.

paymentMethodId string

optional

A unique identifier for this payment, specific to this customer. Two customers should not use the same paymentMethodId.

ravelinSDKVersion string

optional

The version of the Ravelin SDK that performed this encryption.

keyIndex integer

optional

The index of the public RSA key used to encrypt the card.

keySignature string

optional

An identifier for the public key used during encryption.

billingAddress object

optional

Show definition

registrationTime integer

optional

When the payment method was added to the customer's account. Note: this is not the card start date.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

ravelinjsVersion string

deprecated

The version of the ravelinjs library that performed this encryption.

cash: The customer is paying in cash, or a cash-based payment method.

Show definition

bankaccount: Bank Accounts.

Show definition

methodType string

required

Bank account indicator.

Only: bankaccount.

paymentMethodId string

required

A unique identifier for this payment, specific to this customer. Two customers should not use the same paymentMethodId.

transferType string

required

The type of transfer: whether the customer is initiating the payment, or you are withdrawing funds from the customer's bank account based on an agreement to initiate payments on their behalf. Use "push" for a customer-initiated payment (e.g. a bank transfer) and "pull" for a merchant-initiated payment (e.g. Direct Debit).

One of: push, or pull.

scheme string

important

The name of the payment scheme or instrument used for the transfer of funds.

iban string

optional

IBAN (International Bank Account Number) Following the ISO 13616:2007 standard.

countryIssued string

optional

A ISO 3166-1 Alpha 3 or Alpha 2 country code.

accountAddress object

optional

Show definition

accountOwnerName string

optional

The name of the account owner.

bankCode string

optional

Code assigned by central bank to identify bank that account is associated with. Multiple bank code formats are supported.

bankName string

optional

Name of bank which account belongs to.

bic string

optional

BIC - business identifier code for banks and other institutions. Following the ISO9362 standard.

accountNumber string

optional

The account number issued by the bank.

nickName string

optional

The nickname for the payment method that the customers gives, if applicable.

registrationTime integer

important

The time that the card was saved to the customer's account. (Not the card start date.)

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

custom object

optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

paypal: PayPal payments.

Show definition

methodType string

required

PayPal indicator.

Only: paypal.

paymentMethodId string

required

A unique identifier for this payment, specific to this customer. Two customers should not use the same paymentMethodId.

payerId string

optional

PayPal payer ID.

email string

important

Account email address.

billingAddress object

optional

The address of the account holder. It is common to have fewer location details for this address, but provide what you have.

Show definition

registrationTime integer

important

The time that the card was saved to the customer's account. (Not the card start date.)

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

lastVerified integer

optional

The time at which the payment method was last verified by the customer. An example mechanism would be a random amount charged to the customer's card that they can confirm the amount of.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

nickName string

optional

The nickname for the payment method that the customers gives, if applicable.

countryIssued string

optional

The two-character IS0-3166-1 account country_code sent by PayPal.

verifiedAccount boolean

optional

The customer’s PayPal account status. Indicates whether the account is verified or not.

custom object

optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

banned boolean

deprecated

If the payment method has been banned

active boolean

deprecated

Whether the payment method is active for use by this account

credit: This payment method type should be used for any payments made using credit that a customer has with the merchant.

Show definition

invoice: This payment method should be used whenever the merchant provides credit to the customer.

Show definition

methodType string

required

Invoice payment indicator.

Only: invoice.

paymentMethodId string

required

A unique identifier for this payment, specific to this customer. Two customers should not use the same paymentMethodId.

scheme string

important

The name of the invoice or 'buy now, pay later' scheme used, if applicable.

registrationTime integer

optional

When the payment method was added to the customer's account.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

lastVerified integer

optional

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

accountOwnerName string

optional

The nickname for the payment method that the customers gives, if applicable.

accountAddress object

optional

Show definition

email string

optional

The email address used by the customer to register an invoice or 'buy now, pay later' payment method.

custom object

optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

wallet: A digital wallet payment method.

Show definition

methodType string

required

Vault card payment method indicator.

Only: wallet.

paymentMethodId string

required

A unique identifier for this payment, specific to this customer. Two customers should not use the same paymentMethodId.

scheme string

required

The name of the digital wallet scheme or electronic payment service.

cardScheme string

optional

The card network or scheme of the card used within a wallet payment method, such as visa or mastercard. Ravelin will identify the cardScheme on your behalf if you send the cardBin, which should be preferred.

instrumentId string

important

A unique identifier for the physical card, shared between customers. Used to link cards in Connect. Must not be a hash of the PAN.

pan string

pci, optional

cardBin string

important

The first six digits of the card number/PAN. The Bank Identification Number (BIN), recently more commonly known as the Issuer Identification Number (IIN).

Given the BIN, Ravelin will populate the issuer, country of issuance, and card type on your behalf.

cardLastFour string

important

The last four digits of the card number/PAN.

cardType string

deprecated

The card network or scheme, such as visa or mastercard. Ravelin will identify the cardType on your behalf if you send the cardBin, which should be preferred.

issuer string

optional

The card issuer, who the true cardholder will report fraud to. Ravelin will identify the issuer on your behalf if you send the cardBin, which should be preferred.

prepaidCard boolean

optional

Whether this is a prepaid debit card. Ravelin will identify whether the card is prepaid on your behalf if you send the cardBin which should be preferred.

countryIssued string

optional

The country that the card was issued in. Ravelin will identify the country of issuance on your behalf if you send the cardBin, which should be preferred.

A ISO 3166-1 Alpha 3 or Alpha 2 country code.

expiryMonth integer

important

The expiry month of the card.

expiryYear integer

important

The expiry year of the card.

nameOnCard string

important

The cardholder name.

billingAddress object

important

The address of the registered cardholder, as used to pass AVS checks. It is common to have fewer location details for this address, but provide what you have.

Show definition

successfulRegistration boolean

optional

Whether the card was successfully registered with your gateway/PSP.

registrationTime integer

important

The time that the card was saved to the customer's account. (Not the card start date.)

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

lastVerified integer

optional

The time at which the payment method was last verified by the customer. An example mechanism would be a random amount charged to the customer's card that they can confirm the amount of.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

custom object

optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

active boolean

deprecated

Whether this card is still saved to the customer's account.

banned boolean

deprecated

Whether this card has been banned.

nickName string

deprecated

The nickname the customer has given the payment method.

fromTransaction: Refer to the payment method used by a named transaction. For usage examples, see Saving payment methods after checkout and Associating refunds with payment methods.

Show definition

~~directdebit: Direct Debits.~~ - deprecated.

Show definition

methodType string

required

Direct Debit indicator.

Only: directdebit.

paymentMethodId string

required

A unique identifier for this payment, specific to this customer. Two customers should not use the same paymentMethodId.

transferType string

required

Bank transfer type

Only: directdebit.

scheme string

required

The type of direct debit scheme.

One of: autogiro, bacs, becs, becsnz, betalingsservice, or sepa.

iban string

optional

IBAN (International Bank Account Number) Following the ISO 13616:2007 standard.

countryIssued string

optional

A ISO 3166-1 Alpha 3 or Alpha 2 country code.

accountAddress object

optional

Show definition

accountOwnerName string

optional

The name of the account owner.

bankCode string

optional

Code assigned by central bank to identify bank that account is associated with. Multiple bank code formats are supported.

bankName string

optional

Name of bank which account belongs to.

bic string

optional

BIC - business identifier code for banks and other institutions. Following the ISO9362 standard.

accountNumber string

optional

The account number issued by the bank.

mandateRef string

optional

The unique reference issued for the direct debit mandate.

mandateURL string

optional

A URL to access the direct debit mandate agreement.

nickName string

optional

The nickname for the payment method that the customers gives, if applicable.

custom object

optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

~~banktransfer: Bank Transfers.~~ - deprecated.

Show definition

methodType string

required

Bank transfer indicator.

Only: banktransfer.

paymentMethodId string

required

A unique identifier for this payment, specific to this customer. Two customers should not use the same paymentMethodId.

transferType string

required

Bank transfer type

One of: bancontact, eps, giropay, ideal, inghomepay, sofort, or sepa.

iban string

optional

IBAN (International Bank Account Number) Following the ISO 13616:2007 standard.

countryIssued string

optional

A ISO 3166-1 Alpha 3 or Alpha 2 country code.

accountAddress object

optional

Show definition

accountOwnerName string

optional

The name of the account owner.

bankCode string

optional

Code assigned by central bank to identify bank that account is associated with. Multiple bank code formats are supported.

bankName string

optional

Name of bank which account belongs to.

bic string

optional

BIC - business identifier code for banks and other institutions. Following the ISO9362 standard.

accountNumber string

optional

The account number issued by the bank.

nickName string

optional

The nickname for the payment method that the customers gives, if applicable.

registrationTime integer

important

The time that the card was saved to the customer's account. (Not the card start date.)

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

custom object

optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

~~Others~~ - deprecated.

Show definition

Removal: Used for marking a saved payment method as removed from the account.

Show definition

paymentMethods array

important

One or more payment methods to be charged in completing the checkout process. Mutually exclusive with paymentMethod and paymentMethodId.

paymentMethodId string

important

The ID of the primary payment method to be charged in completing the checkout process. Mutually exclusive with paymentMethod and paymentMethods.

transaction object

important

An attempt to charge a payment method to pay or be refunded for an order. Mutually exclusive with transactions.

Show definition

transactionId string

important

A unique identifier for the transaction.

Required when sending a transaction before talking to the PSP, because the alternative gatewayReference cannot be known. If telling Ravelin about the transaction after processing it (as with a refund, for example) transactionId can be omitted in place of gateway and gatewayReference.

time integer

important

The time that the transaction is being attempted.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

amount integer

important

The amount to be charged to the payment method, in the currency's basic units.

currency string

optional

The currency of the amount of this transaction, as an ISO 4217 currency code.

Pattern: ^[a-zA-Z]{3}$

type string

important

The type of transaction interacting with the payment method.

auth: An auth transaction is used to reserve funds on the customer's card without yet deducting it. Useful to verify whether the customer has sufficient funds in their account and reserving a limit when the final order price cannot be known. Sometimes known as a pre-auth.
capture: A capture transaction is used to immediately deduct authorised funds (up to the amount auth'd) from a customer's card.
auth_capture: A simultaneous combination of auth and capture in one transaction, for when there is no need to separately auth then capture. Typical with straight-forward "buy now"-style checkout.
refund: A refund transaction credit's a customer's payment method. If you do not know the payment method ID you are refunding to, but do know the original transaction, see Associating refunds with payment methods.
void: A void transaction is the explicit discarding of authorization of funds.
use, redeem: Deprecated. See voucherRedemption on /v2/chargeback or /v2/paymentmethod/voucher.

One of: preauth, auth, capture, auth_capture, void, refund, redeem, or use.

paymentMethodId string

important

The ID of the payment method to be charged in this transaction.

gateway string

important

The gateway responsible for processing the transaction. Used to link to chargebacks. Usually only available after attempting the payment.

gatewayReference string

important

The reference given to this transaction by the processing gateway. Used to link to chargebacks. Usually only available after attempting the payment. Each transaction should have a unique gateway reference.

success boolean

important

Whether the transaction successfully completed with no error.

3ds object

optional

Details on how 3D Secure (3DS) was used to authenticate the transaction.

Show definition

attempted boolean

optional

Set to true if the 3D Secure authentication process was initiated for the transaction. The 3DS process is considered initiated when a check is performed to confirm issuer and cardholder enrolment, before asking for a challenge to be performed.

This is set to false if the 3DS process was not initiated and the transaction proceeded to authorisation.

challenged boolean

optional

Set to true if a step-up authentication was initiated, for example, the customer was asked to enter a password or use a form of biometric authentication.

If attempted is set to false, then challenged should be omitted. If attempted is set to true, and a challenge was not presented to the customer, then this field should be set to false.

In 3DS2, if a customer achieves a frictionless authentication this should also be set to false.

success boolean

optional

Set to true if the customer was successfully authenticated using 3D Secure (either through frictionless authentication or a challenge) and the 3DS process was completed successfully.

This field should be set to false if the customer was unable to authenticate themselves during the challenge process, if an error occured, or frictionless authentication was not successful.

This field should be omitted if attempted is set to false.

startTime integer

optional

The time at which the customer was directed to 3DS.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

endTime integer

optional

The time at which the customer returned from 3DS.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

timedOut boolean

optional

Whether the customer is believed to have abandoned 3DS.

version string

optional

The version of 3DS which was used to authenticate the customer. Either 1.0.2 or 2.1.0

liabilityShifted boolean

optional

Whether the liability of the transaction resulting in a chargeback has moved from the merchant to the card issuer. (See Liability Shift.)

authenticationValue string

deprecated

This field is deprecated, we do not use it in the Ravelin platform.

eci string

optional

The Electronic Commerce Indicator (ECI) value returned by the issuer after authentication was attempted.

transStatus string

optional

The Transaction Status (transStatus) value received in the final authentication message. The final message type (PaRes, ARes, CRes) will vary depending on the version of 3DS and whether the customer was challenged.

transStatusReason string

optional

Provides information on why the transStatus field has the specified value. Will only be provided by the issuer when the transStatus value is N, U or R. (3DS 2 only)

messageType string

optional

Identifies the type of message from which the transStatus value was received. (3DS 2 only)

iReqCode string

optional

If the transStatus value is U the accompanying invalid request code (iReqCode) should be provided to further explain the reason authentication could not be performed. (3DS 1 only)

declineCode string

important

the decline code from the payment gateway, if applicable.

authCode string

optional

A code returned from the payment gateway after an attempt to charge, if applicable.

avsResultCode object

optional

The result of AVS checks. You must have at least one of street or postal code.

Any of the following:

Show definition

cvvResultCode string

optional

The result of CVV verification from the issuer, compatible with common PSP codes.

mcc string

optional

The Merchant Category Code associated with the transaction.

mid string

optional

The merchant ID that the transaction was processed under. The merchant ID is used to identify you to your acquirer and the financial institutions that will be involved in processing the transaction.

acquirerId string

optional

The acquirer is a financial institution with whom the merchant has a bank account.

acquirerBin string

optional

The BIN (Bank Identification Number) of the acquirer.

acquirerCountryCode string

optional

The three letter country code of the country in which your acquirer will settle the payment.

custom object

optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

chargeback boolean

deprecated

Whether this transaction is associated with a chargeback.

email string

deprecated

The e-mail that the customer wants to be notified about this transaction on.

debit integer

deprecated

Deprecated in favour of amount. The debit amount of the transaction in the lowest denomination of the currency.

credit integer

deprecated

Deprected in favour of amount. The credit amount of the transaction in the lowest denomination of the currency.

transactions array

important

One or more attempts to charge a payment method to pay or be refunded for an order. Mutually exclusive with transaction.

Show definition

transactionId string

important

A unique identifier for the transaction.

time integer

important

The time that the transaction is being attempted.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

amount integer

important

The amount to be charged to the payment method, in the currency's basic units.

currency string

optional

The currency of the amount of this transaction, as an ISO 4217 currency code.

Pattern: ^[a-zA-Z]{3}$

type string

important

The type of transaction interacting with the payment method.

auth: An auth transaction is used to reserve funds on the customer's card without yet deducting it. Useful to verify whether the customer has sufficient funds in their account and reserving a limit when the final order price cannot be known. Sometimes known as a pre-auth.
capture: A capture transaction is used to immediately deduct authorised funds (up to the amount auth'd) from a customer's card.
auth_capture: A simultaneous combination of auth and capture in one transaction, for when there is no need to separately auth then capture. Typical with straight-forward "buy now"-style checkout.
refund: A refund transaction credit's a customer's payment method. If you do not know the payment method ID you are refunding to, but do know the original transaction, see Associating refunds with payment methods.
void: A void transaction is the explicit discarding of authorization of funds.
use, redeem: Deprecated. See voucherRedemption on /v2/chargeback or /v2/paymentmethod/voucher.

One of: preauth, auth, capture, auth_capture, void, refund, redeem, or use.

paymentMethodId string

important

The ID of the payment method to be charged in this transaction.

gateway string

important

The gateway responsible for processing the transaction. Used to link to chargebacks. Usually only available after attempting the payment.

gatewayReference string

important

success boolean

important

Whether the transaction successfully completed with no error.

3ds object

optional

Details on how 3D Secure (3DS) was used to authenticate the transaction.

Show definition

attempted boolean

optional

This is set to false if the 3DS process was not initiated and the transaction proceeded to authorisation.

challenged boolean

optional

Set to true if a step-up authentication was initiated, for example, the customer was asked to enter a password or use a form of biometric authentication.

If attempted is set to false, then challenged should be omitted. If attempted is set to true, and a challenge was not presented to the customer, then this field should be set to false.

In 3DS2, if a customer achieves a frictionless authentication this should also be set to false.

success boolean

optional

Set to true if the customer was successfully authenticated using 3D Secure (either through frictionless authentication or a challenge) and the 3DS process was completed successfully.

This field should be set to false if the customer was unable to authenticate themselves during the challenge process, if an error occured, or frictionless authentication was not successful.

This field should be omitted if attempted is set to false.

startTime integer

optional

The time at which the customer was directed to 3DS.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

endTime integer

optional

The time at which the customer returned from 3DS.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

timedOut boolean

optional

Whether the customer is believed to have abandoned 3DS.

version string

optional

The version of 3DS which was used to authenticate the customer. Either 1.0.2 or 2.1.0

liabilityShifted boolean

optional

Whether the liability of the transaction resulting in a chargeback has moved from the merchant to the card issuer. (See Liability Shift.)

authenticationValue string

deprecated

This field is deprecated, we do not use it in the Ravelin platform.

eci string

optional

The Electronic Commerce Indicator (ECI) value returned by the issuer after authentication was attempted.

transStatus string

optional

transStatusReason string

optional

Provides information on why the transStatus field has the specified value. Will only be provided by the issuer when the transStatus value is N, U or R. (3DS 2 only)

messageType string

optional

Identifies the type of message from which the transStatus value was received. (3DS 2 only)

iReqCode string

optional

If the transStatus value is U the accompanying invalid request code (iReqCode) should be provided to further explain the reason authentication could not be performed. (3DS 1 only)

declineCode string

important

the decline code from the payment gateway, if applicable.

authCode string

optional

A code returned from the payment gateway after an attempt to charge, if applicable.

avsResultCode object

optional

The result of AVS checks. You must have at least one of street or postal code.

Any of the following:

Show definition

cvvResultCode string

optional

The result of CVV verification from the issuer, compatible with common PSP codes.

mcc string

optional

The Merchant Category Code associated with the transaction.

mid string

optional

The merchant ID that the transaction was processed under. The merchant ID is used to identify you to your acquirer and the financial institutions that will be involved in processing the transaction.

acquirerId string

optional

The acquirer is a financial institution with whom the merchant has a bank account.

acquirerBin string

optional

The BIN (Bank Identification Number) of the acquirer.

acquirerCountryCode string

optional

The three letter country code of the country in which your acquirer will settle the payment.

custom object

optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

chargeback boolean

deprecated

Whether this transaction is associated with a chargeback.

email string

deprecated

The e-mail that the customer wants to be notified about this transaction on.

debit integer

deprecated

Deprecated in favour of amount. The debit amount of the transaction in the lowest denomination of the currency.

credit integer

deprecated

Deprected in favour of amount. The credit amount of the transaction in the lowest denomination of the currency.

voucherRedemption object

optional

A voucher that is being used to pay for some of the order.

Show definition

voucherRedemptions array

optional

Any vouchers that are being used to pay for some of the order.

Show definition

device object

important

The device used by the customer to trigger this update.

Show definition

deviceId string

required

The ID of the device used by the customer to trigger this update.

ipAddress string

important

The IP address of the device connecting to your services. Used in fraud and account-takeover detection.

When extracting this IP address, consider X-Forwarded-For.

language string

optional

The ISO 639 code of your customer's device's preferred language, or the IET Language Tag (BCP 47) values from the browser's Accept-Language header.

userAgent string

important

The browser user-agent string, if the device represents a web browser - window.navigator.userAgent.

model string

important

The model/identifier name of the device if the device represents a native app. See here for iOS models: https://www.theiphonewiki.com/wiki/Models and here for Google Play supported models: http://storage.googleapis.com/play_public/supported_devices.csv.

os string

important

The operating system that the device is running.

type string

optional

The type of device.

One of: computer, phone, or tablet.

manufacturer string

optional

The maker of the device.

location object

optional

The geolocated position of the device.

Show definition

custom object

optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

browser string

deprecated

The name of the web browser being used, if applicable. Prefer userAgent.

javascriptEnabled boolean

deprecated

Whether Javascript is enabled on the web browser.

cookiesEnabled boolean

deprecated

Whether cookies are enabled on the web browser.

screenResolution string

deprecated

The resolution of the screen on the device in the format XxY

deviceId string

important

The ID of the device used by the customer to trigger this update.

nationalIdentifications array

optional

Identifications are used by online customers to verify their real-world identity. These forms of identification can be authenticated with government authorities or authorised third-parties to confirm the credentials are legitimate. Extra steps should be taken to confirm the customer is the legitimate holder of these credentials.

Show definition

driversLicense object

optional

A driving license permitting the holder to operate one or more types of motorized vehicle.

Show definition

passport object

optional

A passport certifying the identity and nationality of its holder primarily for the purpose of international travel.

Show definition

nationalId object

optional

National identification cards and numbers, such as the US Social Security Number, Brazilian cédula de identidade, or UK's Insurance Number.

Show definition

POST https://api.ravelin.com/v2/checkout?score=checkoutPreAuth HTTP/1.1
Authorization: token ...
Content-Type: application/json

{
  "timestamp": 1512828988826,
  "customer": {
    "customerId": "abc-123-ZYZ",
    "registrationTime": 1512828988826,
    "email": "jsmith123@example.com",
    "name": "John Smith",
    "telephone": "+447000000001",
    "telephoneCountry": "GBR"
  },
  "device": {
    "deviceId": "65fc5ac0-2ba3-4a3b-aa5e-f5a77b845260",
    "type": "phone",
    "manufacturer": "google",
    "model": "Pixel XL",
    "os": "android",
    "language": "en-US",
    "ipAddress": "81.152.92.84"
  },
  "order": {
    "orderId": "abcde12345-ZXY",
    "creationTime": 1512828988826,
    "price": 1500,
    "currency": "GBP",
    "market": "emea",
    "country": "GBR",
    "marketCity": "london",
    "items": [
      {
        "sku": "0001",
        "name": "Margherita Pizza",
        "quantity": 1,
        "price": 1500
      }
    ],
    "status": {
      "stage": "pending",
      "actor": "merchant"
    }
  },
  "paymentMethods": [
    {
      "paymentMethodId": "pm-abc123",
      "instrumentId": "fp_abc123",
      "methodType": "card",
      "scheme": "visa",
      "cardBin": "535522",
      "cardLastFour": "0001",
      "expiryMonth": 7,
      "expiryYear": 2020,
      "nameOnCard": "John Smith",
      "billingAddress": {
        "addresseeName": "John Smith",
        "street1": "123 High Street",
        "city": "London",
        "country": "GBR",
        "postalCode": "E1 1AA"
      }
    }
  ],
  "transactions": [
    {
      "transactionId": "123-abc-XYZ",
      "paymentMethodId": "pm-abc123",
      "time": 1512828988826,
      "amount": 1000,
      "currency": "GBP",
      "type": "auth",
      "gateway": "example-gateway"
    }
  ]
}

Response

status integer

The HTTP response status code.

timestamp integer

A unix timestamp indicating when we finished handling the request.

message string

If an error has occurred, a description of the error.

data object

Contains our recommendations and related details.

Show definition

action string

Our payment fraud recommendation.

Use this to determine how you should handle the order.

One of: ALLOW, REVIEW, or PREVENT.

score integer

The fraud score produced by the machine learning model. A value between 0 and 100. The higher the number the more fraudulently the model scored the customer.

This may not be the source of the final recommendation, see source.

source string

The source of the action recommendation.

Do not implement any logic based upon this field, we may add new values in the future without warning.

One of: CHARGEBACK, LOOKUP, MANUAL_REVIEW, NETWORK, RATE_LIMIT, RAVELIN, or RULE.

customerId string

The ID of the customer to which this recommendation applies.

scoreId string

A unique ID for this score.

transactionOptimisation object

If transaction optimisation is enabled, and a transaction optimisation recommendation was requested, this will contain the recommendation and related details.

Show definition

warnings array

Warnings when the data you are sending may negatively impact fraud detection.

Show definition

cachedScore boolean

In order to provide resiliency, on the rare occasion that Ravelin isn’t able to calculate a fraud score, a cached score is used to determine the action. If a cached score was used, this field will be true.

effectiveTime string

Response Version 1

Specifies the time the score was originally calculated. Uses the format 2020-01-01T00:00:00.00000000Z.

comment string

Response Version 1

If the customer was manually reviewed, the comment left by the reviewer.

rules object

Response Version 2

Contains details about the rules which were triggered by this customer.

Show definition

connect object

Response Version 2

Contains details about the network the customer is connected to.

Show definition

lookup object

Response Version 2

Contains details about the Lookup results for the customer.

Show definition

market object

Response Version 2

Contains details about the market for the customer.

Show definition

thresholds object

Response Version 2

Contains details about the machine learning fraud score thresholds.

Show definition

orderId string

Response Version 3

The ID of the order used to calculate the recommendation, typically the customer's latest order.

transactionId string

Response Version 3

The ID of the transaction used to calculate the recommendation, typically the customer's latest transaction.

{
  "status": 200,
  "timestamp": 1512828988826,
  "data": {
    "action": "ALLOW",
    "score": 12,
    "source": "RAVELIN",
    "customerId": "abc-123-ZYZ",
    "scoreId": "2bf39d-d1299-31",
    "transactionOptimisation": {
      "transactionId": "123-abc-XYZ",
      "action": "AUTHENTICATE",
      "exemption": "TRANSACTION_RISK_ANALYSIS",
      "threeDSChallengePreference": "NO_CHALLENGE_REQUESTED",
      "actionSource": "CLIENT_RULE",
      "rules": {
        "triggered": [
          {
            "ruleId": 1,
            "ruleVersion": 1,
            "action": "AUTHENTICATE",
            "exemption": "TRANSACTION_RISK_ANALYSIS",
            "threeDSChallengePreference": "NO_CHALLENGE_REQUESTED",
            "triggered": true,
            "state": "active"
          }
        ]
      }
    },
    "warnings": [
      {
        "class": "customer-not-found",
        "help": "https://developer.ravelin.com/api/warnings/#customer-not-found",
        "msg": "Customer \"abc-123-ZYZ\" not found."
      }
    ]
  }
}

Response Versions

You can request additional details in the response by specifying a response version in the Accept request header.

The fields which are returned in the different versions are marked in the Checkout Response API reference above.

Each response version will also return all the fields from the versions before it. For example, Response Version 2 will include the fields in Response Version 1.

The request headers for the different response versions are shown below:

Response Version 1: Accept: application/vnd.ravelin.score.v1+json

Response Version 2: Accept: application/vnd.ravelin.score.v2+json

Response Version 3: Accept: application/vnd.ravelin.score.v3+json

Feedback

Was this page helpful?