Checkout

To request a recommendation at this endpoint use either the Checkout Pre-auth or Checkout Post-auth checkpoint.

POST api.ravelin.com/v2/checkout

timestamp integer required

The time at which this data payload was valid. When sending events in realtime, this will usually be 'now'. This is used to merge data that arrives out-of-order.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

eventType string optional

An eventType should identify what event in your system triggered this API call.

Pattern: ^[a-zA-Z0-9][a-zA-Z0-9-_]*$

customerId string important

The ID of the customer navigating through the checkout process. Mutually exclusive with customer.

customer object important

The customer navigating through the checkout process. Mutually exclusive with customerId.

Show definition

customerId string required

The unique identifier of the customer. If your system allows anonymous checkout then we recommend making this the customer's email address.

registrationTime integer important

The time that the customer registered. If this value is unknown, you can set it to 'now' - Ravelin will retain the earliest value you have sent for this customer ID.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

email string important

The email address of the customer.

emailVerifiedTime integer optional

The time at which the customer verified their email, usually by following a link back to your website from an email you sent to their address.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

name string important

The full name of the customer. If you have the name split into parts, consider familyName and givenName instead.

familyName string important

The surname/last name of the customer. If you do not have the name split into parts, consider name instead.

givenName string important

The first/given names of the customer. If you do not have the name split into parts, consider name instead.

telephone string important

The telephone number of the customer. Best in E.164 format with an international dialing code.

telephoneVerifiedTime integer optional

The time at which the customer verified their telephone number, usually by confirming a code from an SMS you sent to the number.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

telephoneCountry string optional

The country the telephone number directs to. Note that the country is not an adequate replacement for the international dialing code in the Dominican Republic or Puerto Rico where multiple dialing codes are used.

A ISO 3166-1 Alpha 3 or Alpha 2 country code.

passwordBcrypted string optional

The bcypted form of the password for this customer. By its nature, the bcrypt operation is slow. Consider using passwordHashed if this is too slow for you.

passwordHashed string optional

The SHA256 form of the password for this customer. This must be base64 encoded.

password string optional

The plaintext password for the customer. We never store the raw password but for security we recommend using one of the hashing options instead of the plaintext option.

passwordChanged boolean optional

Set to true on events where the password has been changed, false or omit otherwise.

tags object optional

The tags to set or unset. Use the tag ID followed by true or false, depending on whether you want to set or unset the tag.

location object optional

Show definition

custom object optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

username string optional

deprecated

The username the customer would log in with.

gender string optional

deprecated

The gender of the customer.

balance object optional

deprecated

The wallet contents of the customer, in the form of an object whose keys are currencies and values the amount held in that currency, in the currency's basic units.

banned boolean optional

deprecated

Whether the customer is banned in your systems.

country string optional

deprecated

The home country for this customer. Doesn't change when the customer is briefly abroad.

market string optional

deprecated

The logical region in which this customer exists.

Pattern: ^[0-9a-z-]*$

marketCity string optional

deprecated

The logical city in which this customer exists.

Pattern: ^[0-9a-z-]*$

tempCustomerId string optional

A temporary ID for a customer when the real account ID has yet to be minted. This must eventually be sent in conjunction with a real customer ID to migrate the data into the full customer account.

order object important

The order describing the goods or services the customer wants to, or has attempted to buy.

Show definition

orderId string required

A unique identifier for this order.

creationTime integer important

The time that the order was submitted by the customer. Used in reporting.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

app object important

The mobile or web app that this order was submitted on. Used for segmenting business analytics and creating app-specific risk profiles.

Show definition

status important

The stage of order in the purchase and delivery flow. Used in reporting.

One of the following:

Pending: The order is yet to be submitted for payment and processing, and you are yet to decide whether you will accept the order.

Show definition

Accepted: The customer has submitted the order and you intend to fulfill it. This stage is useful if you provide the goods and services before taking payment. If you take payment immediately, you can consider the order fulfilled.

Show definition

Failed: Something went wrong, and the order can no longer be fulfilled.

Show definition

Cancelled: The order has been cancelled.

Show definition

Fulfilled: The goods have been provided to the customer and payment has been successfully taken.

Show definition

Refunded: The order has been refunded.

Show definition

price integer important

The total price for this order, including delivery and taxes, in the currency's basic units. This price should always equal the sum of each items', tickets', and rooms' price times quantity.

currency string important

The currency of the price for this order as an ISO 4217 currency code.

Pattern: ^[a-zA-Z]{3}$

country string important

The country the order should be attributed to for reporting and risk bucketing. Should reflect the country segmentation that you use for your reporting internally, whether that's by billing or shipping address, for example.

market string important

The country-group market the customer belongs to. E.g. 'southamerica', 'europe', 'emea'. Used for reporting and risk bucketing.

Pattern: ^[0-9a-z-]*$

marketCity string important

The city that the customer belongs to. Used for reporting and risk bucketing.

Pattern: ^[0-9a-z-]*$

category string optional

The highest level category that applies to this order as a whole, e.g. the type of service provided. See item.category to describe individual order items.

to object important

The delivery or drop-off location of the order. For taxis, can be the requested drop-off location to begin, and updated to the actual drop-off location once known.

Show definition

from object optional

The pick-up location of the order. For taxis, can be the requested pick-up location to begin, and updated to the actual pick-up location once known.

Show definition

items array important

The line items of the order, describing what the customer is purchasing. Including, but not limited to, products, services, journeys, tips, taxes, and delivery fees.

Show definition

quantity integer required

Number of copies of this item that are present in the basket (set to 0 to remove).

sku string optional

A merchant specific identifier for an item or a service.

name string optional

The name of the product or service that is being purchased.

price integer important

The total price for a single one of these items, in the currency's basic units.

currency string optional

The currency of the price for this order item as an ISO 4217 currency code. Defaults to order currency.

Pattern: ^[a-zA-Z]{3}$

brand string optional

The name of the brand that the item is from.

upc string optional

The name of the Universal Item Code.

category string optional

The highest level category that this item is sold in.

subcategory string optional

A category that this item is sold in.

executionTime integer optional

The scheduled time for the service described by this item.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

eventTicket object optional

If the item being purchased is a ticket for an event, associate the ticket and event information here.

Show definition

ticket object required

The ticket information for this event.

Show definition

event object required

The event the ticket is granting access to. This could be a access to an event, an attraction, or any other activity the customer is purchasing a ticket to attend.

Show definition

eventId string required

A unique identifier for this event.

category string required

The category that best described the type of event.

One of: adventure, attraction, conference, convention, culinary, business, family, festival, health, live show, music, party, social, sport, or other.

venue object required

The location the event will take place.

Show definition

name string optional

The name of the event.

description string optional

A short description of the event.

startTime optional

Timestamp at which event is scheduled to start. If the event is ongoing/recurring, you can use the ticket time here.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

endTime optional

Timestamp at which event is scheduled to end. If the event is ongoing/recurring, you can use the ticket time here.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

guest object optional

The individual who will be attending the event.

Show definition

travelTicket optional

If the item being purchased is a ticket for travel, associate the journey information here.

Show definition

ticketId string required

A unique identifier for the ticket

description string optional

A human-readable text description of what the ticket provides

passenger object optional

The person travelling with this ticket.

Show definition

routes array optional

The list of routes that this ticket grants the holder travel on.

Show definition

direction string optional

The direction of travel along this route, e.g. 'outward' or 'return'.

journeyId string optional

This is an optional unique id to tie routes together. For example, You can tie a outbound and return route together with this. This way you can have multiple return tickets in one order and routes can be logically grouped together. This must be GLOBALLY UNIQUE

legs array optional

This is the list of travel legs taken by the passengers. It may contain any number of legs but must start at the first departure and end up at the final destination

Show definition

legId string required

The ID of the current leg. For flight tickets, flight number (e.g. 'BA101'). For bus tickets, bus number (e.g: 'A7')

departurePortCode string optional

Departure port code for the current leg. For flights: the 3 letter IATA airport code.

departurePort object optional

The location of the departure port for the current leg. For flights: the location of the airport.

Show definition

departureCity string optional

The name of the city of departure for the current leg.

departureCountryCode string optional

The ISO 3166 country code (2- or 3-letter) for the departure country of the current leg.

departureTime integer optional

The departure time for the current leg.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

arrivalPortCode string optional

Arrival port code for the current leg. For flights: the 3 letter IATA airport code.

arrivalPort object optional

The location of the arrival port for the current leg. For flights: the location of the airport.

Show definition

arrivalCity string optional

The name of the city of arrival for the current leg.

arrivalCountryCode string optional

The ISO 3166 country code (2- or 3-letter) for the arrival country of the current leg.

arrivalTime integer optional

The arrival time for the current leg.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

carrierName string optional

The name of the carrier/company conducting the current leg.

carrierCode string optional

A publicly agreed code describing the carrier/company conducting the current leg. For Flights, this is the IATA 2 letter carrier code.

transportationType string optional

The type of transportation.

One of: plane, train, bus, or ship.

seatReservation boolean optional

Whether there are seat reservations on this leg.

custom object optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

custom object optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

travelInsurance boolean optional

If the passenger purchased travel insurance.

ticketClass string optional

The class of travel this ticket grants access to.

One of: business, economy, first, or standard.

ticketType string optional

The type of ticket this belongs to. This includes round trip, multi city, open return, etc

validUntilTime integer optional

The time that this ticket can be used until.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

fulfilmentMethod string optional

The method in which a customer obtains their tickets. E-mail, pickup at station, physical mail, etc

loyaltyCardId string optional

The identifier for a loyalty card used on this order. If no loyalty card is used just omit this field

discountCardId string optional

The identifier for a loyalty card used on this order. If no loyalty card is used just omit this field

accommodation object optional

If the item being purchased represents accommodation being booked, associate the trip information here.

Show definition

refundable boolean required

Whether this booking is refundable or not.

payOnArrival boolean required

Whether the payment is taken at the hotel during check-in.

guest object optional

The individual the booking is registered under (i.e the individual who will be checking in to the hotel). Either the current customer or another individual who the customer is booking the room on behalf of.

Show definition

freeCancellationUntilTime integer optional

Timestamp at which any free cancellation period ends (unix time). Ignore if there is no free cancellation period.

paymentDueBeforeTime integer optional

Timestamp at which payment is due. Ignore if payment is taken immediately at booking.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

hotel object optional

Information on the hotel that the room is located in.

Show definition

room object optional

Information on room being booked.

Show definition

custom object optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

shipping object optional

Shipping details of the order.

Show definition

note string optional

Descriptive text relating to the contents or nature of the order being completed.

email string optional

Contact e-mail for this order.

telephone string optional

Contact phone number for this order. Best in E.164 format with an international dialing code.

telephoneCountry string optional

Contact phone number's country

sellerId string optional

deprecated

The unique identifier of the seller/counterparty in the transaction, if not your business. E.g. The restaurant, driver ID, etc.

custom object optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

executionTime integer optional

deprecated

Deprecated in favour of items.executionTime. Execution or pick-up time of the order.

suppliers array optional

Suppliers (e.g. restaurants, couriers or drivers) involved in this order.

Show definition

paymentMethod object important

A primary payment method to be charged in completing the checkout process. Mutually exclusive with paymentMethodId and paymentMethods. One of the following:

One of the following:

card: A credit or debit card.

Show definition

methodType string required

Vault card payment method indicator.

One of: card, creditcard, or debitcard.

paymentMethodId string required

A unique identifier for this payment, specific to this customer. Two customers should not use the same paymentMethodId.

scheme string optional

The card network or scheme, such as visa or mastercard. Ravelin will identify the scheme on your behalf if you send the cardBin, which should be preferred.

instrumentId string important

A unique identifier for the physical card, shared between customers. Used to link cards in Connect. Must not be a hash of the PAN.

If you use multiple PSPs who each generate their own equivalent of an instrumentId, you should consider prefixing their values to indicate their origin to avoid collisions. Common examples include Stripe's fingerprint, or Braintree's unique_number_identifier).

pan string pci, optional

The full Primary Account Number of the card. Used by Ravelin to generate the instrumentId for this card. If specified, you do not need to provide instrumentId, cardBin or cardLastFour.

Only PCI DSS SAQ-D certified merchants should submit the PAN to Ravelin. You must not send requests containing this field to api.ravelin.com, and must instead use pci.ravelin.com.

Please see our PCI DSS documentation for more information.

cardBin string important

The first six or eight digits of the card number/PAN. The Bank Identification Number (BIN), recently more commonly known as the Issuer Identification Number (IIN).

Given the BIN, Ravelin will populate the issuer, country of issuance, and card type on your behalf.

cardLastFour string important

The last four digits of the card number/PAN. Please note this will be truncated to the last two digits when an eight digit BIN is provided.

issuer string optional

The card issuer, who the true cardholder will report fraud to. Ravelin will identify the issuer on your behalf if you send the cardBin, which should be preferred.

prepaidCard boolean optional

Whether this is a prepaid debit card. Ravelin will identify whether the card is prepaid on your behalf if you send the cardBin which should be preferred.

countryIssued string optional

The country that the card was issued in. Ravelin will identify the country of issuance on your behalf if you send the cardBin, which should be preferred.

A ISO 3166-1 Alpha 3 or Alpha 2 country code.

expiryMonth integer important

The expiry month of the card.

expiryYear integer important

The expiry year of the card.

eWallet string optional

deprecated

The e-Wallet to which the customer associated the card.

One of: applepay, googlepay, samsungpay, amazonpay, or visacheckout.

nameOnCard string important

The cardholder name.

billingAddress object important

The address of the registered cardholder, as used to pass AVS checks. It is common to have fewer location details for this address, but provide what you have.

Show definition

corporateCard boolean optional

Whether this payment method is a corporate card.

virtualCard boolean optional

Whether this payment method is a virtual card.

successfulRegistration boolean optional

Whether the card was successfully registered with your gateway/PSP.

registrationTime integer important

The time that the card was saved to the customer's account. (Not the card start date.)

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

lastVerified integer optional

The time at which the payment method was last verified by the customer. An example mechanism would be a random amount charged to the customer's card that they can confirm the amount of.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

compromised boolean optional

Whether the card has been compromised.

compromisedReason string important

The reason why the card is considered compromised.

One of: cloned, databreach, found, lost, stolen, frozen, defrosted, or uncompromised.

custom object optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

active boolean optional

deprecated

Whether this card is still saved to the customer's account.

banned boolean optional

deprecated

Whether this card has been banned.

nickName string optional

deprecated

The nickname the customer has given the payment method.

cardType string optional

deprecated

The card network or scheme, such as visa or mastercard. Ravelin will identify the cardType on your behalf if you send the cardBin, which should be preferred.

paymentMethodCipher: An encrypted payment method, containing the full card details encrypted via a Ravelin SDK.

Show definition

methodType string required

Client-side encrypted card payment method indicator.

Only: paymentMethodCipher.

cardCiphertext string required, pci

The card ciphertext produced by the Ravelin SDK card encryption.

This field constitutes cardholder data, and submission of this field therefore requires PCI DSS SAQ-A or SAQ-AEP certification. You must not send requests containing this field to api.ravelin.com, and must instead use pci.ravelin.com.

Please see our PCI DSS documentation for more information.

aesKeyCiphertext string required

The AES Key ciphertext produced by the Ravelin SDK card encryption.

algorithm string required

The algorithm used to generate the ciphertexts.

paymentMethodId string optional

A unique identifier for this payment, specific to this customer. Two customers should not use the same paymentMethodId.

ravelinSDKVersion string optional

The version of the Ravelin SDK that performed this encryption.

keyIndex integer optional

The index of the public RSA key used to encrypt the card.

keySignature string optional

An identifier for the public key used during encryption.

billingAddress object optional

Show definition

registrationTime integer optional

When the payment method was added to the customer's account. Note: this is not the card start date.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

ravelinjsVersion string optional

deprecated

The version of the ravelinjs library that performed this encryption.

cash: The customer is paying in cash, or a cash-based payment method.

Show definition

bankaccount: Bank Accounts.

Show definition

methodType string required

Bank account indicator.

Only: bankaccount.

paymentMethodId string required

A unique identifier for this payment, specific to this customer. Two customers should not use the same paymentMethodId.

transferType string required

The type of transfer: whether the customer is initiating the payment, or you are withdrawing funds from the customer's bank account based on an agreement to initiate payments on their behalf. Use "push" for a customer-initiated payment (e.g. a bank transfer) and "pull" for a merchant-initiated payment (e.g. Direct Debit).

One of: push, or pull.

scheme string important

The name of the payment scheme or instrument used for the transfer of funds.

iban string optional

IBAN (International Bank Account Number) Following the ISO 13616:2007 standard.

countryIssued string optional

A ISO 3166-1 Alpha 3 or Alpha 2 country code.

accountAddress object optional

Show definition

accountOwnerName string optional

The name of the account owner.

bankCode string optional

Code assigned by central bank to identify bank that account is associated with. Multiple bank code formats are supported.

bankName string optional

Name of bank which account belongs to.

bic string optional

BIC - business identifier code for banks and other institutions. Following the ISO9362 standard.

accountNumber string optional

The account number issued by the bank.

nickName string optional

The nickname for the payment method that the customers gives, if applicable.

registrationTime integer important

The time that the card was saved to the customer's account. (Not the card start date.)

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

custom object optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

paypal: PayPal payments.

Show definition

methodType string required

PayPal indicator.

Only: paypal.

paymentMethodId string required

A unique identifier for this payment, specific to this customer. Two customers should not use the same paymentMethodId.

payerId string optional

PayPal payer ID.

email string important

Account email address.

billingAddress object optional

The address of the account holder. It is common to have fewer location details for this address, but provide what you have.

Show definition

registrationTime integer important

The time that the card was saved to the customer's account. (Not the card start date.)

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

lastVerified integer optional

The time at which the payment method was last verified by the customer. An example mechanism would be a random amount charged to the customer's card that they can confirm the amount of.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

nickName string optional

The nickname for the payment method that the customers gives, if applicable.

countryIssued string optional

The two-character IS0-3166-1 account country_code sent by PayPal.

verifiedAccount boolean optional

The customer’s PayPal account status. Indicates whether the account is verified or not.

custom object optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

banned boolean optional

deprecated

If the payment method has been banned

active boolean optional

deprecated

Whether the payment method is active for use by this account

credit: This payment method type should be used for any payments made using credit that a customer has with the merchant.

Show definition

invoice: This payment method should be used whenever the merchant provides credit to the customer.

Show definition

methodType string required

Invoice payment indicator.

Only: invoice.

paymentMethodId string required

A unique identifier for this payment, specific to this customer. Two customers should not use the same paymentMethodId.

scheme string important

The name of the invoice or 'buy now, pay later' scheme used, if applicable.

registrationTime integer optional

When the payment method was added to the customer's account.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

lastVerified integer optional

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

accountOwnerName string optional

The nickname for the payment method that the customers gives, if applicable.

accountAddress object optional

Show definition

email string optional

The email address used by the customer to register an invoice or 'buy now, pay later' payment method.

custom object optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

wallet: A digital wallet payment method.

Show definition

methodType string required

Vault card payment method indicator.

Only: wallet.

paymentMethodId string required

A unique identifier for this payment, specific to this customer. Two customers should not use the same paymentMethodId.

scheme string required

The name of the digital wallet scheme or electronic payment service.

cardScheme string optional

The card network or scheme of the card used within a wallet payment method, such as visa or mastercard. Ravelin will identify the cardScheme on your behalf if you send the cardBin, which should be preferred.

instrumentId string important

A unique identifier for the physical card, shared between customers. Used to link cards in Connect. Must not be a hash of the PAN.

pan string pci, optional

The full Primary Account Number of the card. Used by Ravelin to generate the instrumentId for this card. If specified, you do not need to provide instrumentId, cardBin or cardLastFour.

Only PCI DSS SAQ-D certified merchants should submit the PAN to Ravelin. You must not send requests containing this field to api.ravelin.com, and must instead use pci.ravelin.com.

Please see our PCI DSS documentation for more information.

cardBin string important

The first six digits of the card number/PAN. The Bank Identification Number (BIN), recently more commonly known as the Issuer Identification Number (IIN).

Given the BIN, Ravelin will populate the issuer, country of issuance, and card type on your behalf.

cardLastFour string important

The last four digits of the card number/PAN.

cardType string optional

deprecated

The card network or scheme, such as visa or mastercard. Ravelin will identify the cardType on your behalf if you send the cardBin, which should be preferred.

issuer string optional

The card issuer, who the true cardholder will report fraud to. Ravelin will identify the issuer on your behalf if you send the cardBin, which should be preferred.

prepaidCard boolean optional

Whether this is a prepaid debit card. Ravelin will identify whether the card is prepaid on your behalf if you send the cardBin which should be preferred.

countryIssued string optional

The country that the card was issued in. Ravelin will identify the country of issuance on your behalf if you send the cardBin, which should be preferred.

A ISO 3166-1 Alpha 3 or Alpha 2 country code.

expiryMonth integer important

The expiry month of the card.

expiryYear integer important

The expiry year of the card.

nameOnCard string important

The cardholder name.

billingAddress object important

The address of the registered cardholder, as used to pass AVS checks. It is common to have fewer location details for this address, but provide what you have.

Show definition

successfulRegistration boolean optional

Whether the card was successfully registered with your gateway/PSP.

registrationTime integer important

The time that the card was saved to the customer's account. (Not the card start date.)

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

lastVerified integer optional

The time at which the payment method was last verified by the customer. An example mechanism would be a random amount charged to the customer's card that they can confirm the amount of.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

custom object optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

active boolean optional

deprecated

Whether this card is still saved to the customer's account.

banned boolean optional

deprecated

Whether this card has been banned.

nickName string optional

deprecated

The nickname the customer has given the payment method.

fromTransaction: Refer to the payment method used by a named transaction. For usage examples, see Saving payment methods after checkout and Associating refunds with payment methods.

Show definition

~~directdebit: Direct Debits.~~ - deprecated.

Show definition

methodType string required

Direct Debit indicator.

Only: directdebit.

paymentMethodId string required

A unique identifier for this payment, specific to this customer. Two customers should not use the same paymentMethodId.

transferType string required

Bank transfer type

Only: directdebit.

scheme string required

The type of direct debit scheme.

One of: autogiro, bacs, becs, becsnz, betalingsservice, or sepa.

iban string optional

IBAN (International Bank Account Number) Following the ISO 13616:2007 standard.

countryIssued string optional

A ISO 3166-1 Alpha 3 or Alpha 2 country code.

accountAddress object optional

Show definition

accountOwnerName string optional

The name of the account owner.

bankCode string optional

Code assigned by central bank to identify bank that account is associated with. Multiple bank code formats are supported.

bankName string optional

Name of bank which account belongs to.

bic string optional

BIC - business identifier code for banks and other institutions. Following the ISO9362 standard.

accountNumber string optional

The account number issued by the bank.

mandateRef string optional

The unique reference issued for the direct debit mandate.

mandateURL string optional

A URL to access the direct debit mandate agreement.

nickName string optional

The nickname for the payment method that the customers gives, if applicable.

custom object optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

~~banktransfer: Bank Transfers.~~ - deprecated.

Show definition

methodType string required

Bank transfer indicator.

Only: banktransfer.

paymentMethodId string required

A unique identifier for this payment, specific to this customer. Two customers should not use the same paymentMethodId.

transferType string required

Bank transfer type

One of: bancontact, eps, giropay, ideal, inghomepay, sofort, or sepa.

iban string optional

IBAN (International Bank Account Number) Following the ISO 13616:2007 standard.

countryIssued string optional

A ISO 3166-1 Alpha 3 or Alpha 2 country code.

accountAddress object optional

Show definition

accountOwnerName string optional

The name of the account owner.

bankCode string optional

Code assigned by central bank to identify bank that account is associated with. Multiple bank code formats are supported.

bankName string optional

Name of bank which account belongs to.

bic string optional

BIC - business identifier code for banks and other institutions. Following the ISO9362 standard.

accountNumber string optional

The account number issued by the bank.

nickName string optional

The nickname for the payment method that the customers gives, if applicable.

registrationTime integer important

The time that the card was saved to the customer's account. (Not the card start date.)

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

custom object optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

~~Others~~ - deprecated.

Show definition

Removal: Used for marking a saved payment method as removed from the account.

Show definition

paymentMethods array important

One or more payment methods to be charged in completing the checkout process. Mutually exclusive with paymentMethod and paymentMethodId.

paymentMethodId string important

The ID of the primary payment method to be charged in completing the checkout process. Mutually exclusive with paymentMethod and paymentMethods.

transaction object important

An attempt to charge a payment method to pay or be refunded for an order. Mutually exclusive with transactions.

Show definition

transactionId string important

A unique identifier for the transaction.

Required when sending a transaction before talking to the PSP, because the alternative gatewayReference cannot be known. If telling Ravelin about the transaction after processing it (as with a refund, for example) transactionId can be omitted in place of gateway and gatewayReference.

time integer important

The time that the transaction is being attempted.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

amount integer important

The amount to be charged to the payment method, in the currency's basic units.

currency string optional

The currency of the amount of this transaction, as an ISO 4217 currency code.

Pattern: ^[a-zA-Z]{3}$

type string important

The type of transaction interacting with the payment method.

auth: An auth transaction is used to reserve funds on the customer's card without yet deducting it. Useful to verify whether the customer has sufficient funds in their account and reserving a limit when the final order price cannot be known. Sometimes known as a pre-auth.
capture: A capture transaction is used to immediately deduct authorised funds (up to the amount auth'd) from a customer's card.
auth_capture: A simultaneous combination of auth and capture in one transaction, for when there is no need to separately auth then capture. Typical with straight-forward "buy now"-style checkout.
refund: A refund transaction credit's a customer's payment method. If you do not know the payment method ID you are refunding to, but do know the original transaction, see Associating refunds with payment methods.
void: A void transaction is the explicit discarding of authorization of funds.
use, redeem: Deprecated. See voucherRedemption on /v2/chargeback or /v2/paymentmethod/voucher.

One of: preauth, auth, capture, auth_capture, void, refund, redeem, or use.

paymentMethodId string important

The ID of the payment method to be charged in this transaction.

gateway string important

The gateway responsible for processing the transaction. Used to link to chargebacks. Usually only available after attempting the payment.

gatewayReference string important

The reference given to this transaction by the processing gateway. Used to link to chargebacks. Usually only available after attempting the payment. Each transaction should have a unique gateway reference.

success boolean important

Whether the transaction successfully completed with no error.

3ds object optional

Details on how 3D Secure (3DS) was used to authenticate the transaction.

Show definition

attempted boolean optional

Set to true if the 3D Secure authentication process was initiated for the transaction. The 3DS process is considered initiated when a check is performed to confirm issuer and cardholder enrolment, before asking for a challenge to be performed.

This is set to false if the 3DS process was not initiated and the transaction proceeded to authorisation.

challenged boolean optional

Set to true if a step-up authentication was initiated, for example, the customer was asked to enter a password or use a form of biometric authentication.

If attempted is set to false, then challenged should be omitted. If attempted is set to true, and a challenge was not presented to the customer, then this field should be set to false.

In 3DS2, if a customer achieves a frictionless authentication this should also be set to false.

success boolean optional

Set to true if the customer was successfully authenticated using 3D Secure (either through frictionless authentication or a challenge) and the 3DS process was completed successfully.

This field should be set to false if the customer was unable to authenticate themselves during the challenge process, if an error occured, or frictionless authentication was not successful.

This field should be omitted if attempted is set to false.

startTime integer optional

The time at which the customer was directed to 3DS.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

endTime integer optional

The time at which the customer returned from 3DS.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

timedOut boolean optional

Whether the customer is believed to have abandoned 3DS.

version string optional

The version of 3DS which was used to authenticate the customer. Either 1.0.2 or 2.1.0

liabilityShifted boolean optional

Whether the liability of the transaction resulting in a chargeback has moved from the merchant to the card issuer. (See Liability Shift.)

authenticationValue string optional

deprecated

This field is deprecated, we do not use it in the Ravelin platform.

eci string optional

The Electronic Commerce Indicator (ECI) value returned by the issuer after authentication was attempted.

transStatus string optional

The Transaction Status (transStatus) value received in the final authentication message. The final message type (PaRes, ARes, CRes) will vary depending on the version of 3DS and whether the customer was challenged.

transStatusReason string optional

Provides information on why the transStatus field has the specified value. Will only be provided by the issuer when the transStatus value is N, U or R. (3DS 2 only)

messageType string optional

Identifies the type of message from which the transStatus value was received. (3DS 2 only)

iReqCode string optional

If the transStatus value is U the accompanying invalid request code (iReqCode) should be provided to further explain the reason authentication could not be performed. (3DS 1 only)

declineCode string important

the decline code from the payment gateway, if applicable.

authCode string optional

A code returned from the payment gateway after an attempt to charge, if applicable.

avsResultCode object optional

The result of AVS checks. You must have at least one of street or postal code.

Any of the following:

Show definition

cvvResultCode string optional

The result of CVV verification from the issuer, compatible with common PSP codes.

mcc string optional

The Merchant Category Code associated with the transaction.

mid string optional

The merchant ID that the transaction was processed under. The merchant ID is used to identify you to your acquirer and the financial institutions that will be involved in processing the transaction.

acquirerId string optional

The acquirer is a financial institution with whom the merchant has a bank account.

acquirerBin string optional

The BIN (Bank Identification Number) of the acquirer.

acquirerCountryCode string optional

The three letter country code of the country in which your acquirer will settle the payment.

custom object optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

chargeback boolean optional

deprecated

Whether this transaction is associated with a chargeback.

email string optional

deprecated

The e-mail that the customer wants to be notified about this transaction on.

debit integer optional

deprecated

Deprecated in favour of amount. The debit amount of the transaction in the lowest denomination of the currency.

credit integer optional

deprecated

Deprected in favour of amount. The credit amount of the transaction in the lowest denomination of the currency.

transactions array important

One or more attempts to charge a payment method to pay or be refunded for an order. Mutually exclusive with transaction.

Show definition

transactionId string important

A unique identifier for the transaction.

time integer important

The time that the transaction is being attempted.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

amount integer important

The amount to be charged to the payment method, in the currency's basic units.

currency string optional

The currency of the amount of this transaction, as an ISO 4217 currency code.

Pattern: ^[a-zA-Z]{3}$

type string important

The type of transaction interacting with the payment method.

auth: An auth transaction is used to reserve funds on the customer's card without yet deducting it. Useful to verify whether the customer has sufficient funds in their account and reserving a limit when the final order price cannot be known. Sometimes known as a pre-auth.
capture: A capture transaction is used to immediately deduct authorised funds (up to the amount auth'd) from a customer's card.
auth_capture: A simultaneous combination of auth and capture in one transaction, for when there is no need to separately auth then capture. Typical with straight-forward "buy now"-style checkout.
refund: A refund transaction credit's a customer's payment method. If you do not know the payment method ID you are refunding to, but do know the original transaction, see Associating refunds with payment methods.
void: A void transaction is the explicit discarding of authorization of funds.
use, redeem: Deprecated. See voucherRedemption on /v2/chargeback or /v2/paymentmethod/voucher.

One of: preauth, auth, capture, auth_capture, void, refund, redeem, or use.

paymentMethodId string important

The ID of the payment method to be charged in this transaction.

gateway string important

The gateway responsible for processing the transaction. Used to link to chargebacks. Usually only available after attempting the payment.

gatewayReference string important

success boolean important

Whether the transaction successfully completed with no error.

3ds object optional

Details on how 3D Secure (3DS) was used to authenticate the transaction.

Show definition

attempted boolean optional

This is set to false if the 3DS process was not initiated and the transaction proceeded to authorisation.

challenged boolean optional

Set to true if a step-up authentication was initiated, for example, the customer was asked to enter a password or use a form of biometric authentication.

If attempted is set to false, then challenged should be omitted. If attempted is set to true, and a challenge was not presented to the customer, then this field should be set to false.

In 3DS2, if a customer achieves a frictionless authentication this should also be set to false.

success boolean optional

Set to true if the customer was successfully authenticated using 3D Secure (either through frictionless authentication or a challenge) and the 3DS process was completed successfully.

This field should be set to false if the customer was unable to authenticate themselves during the challenge process, if an error occured, or frictionless authentication was not successful.

This field should be omitted if attempted is set to false.

startTime integer optional

The time at which the customer was directed to 3DS.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

endTime integer optional

The time at which the customer returned from 3DS.

A unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

timedOut boolean optional

Whether the customer is believed to have abandoned 3DS.

version string optional

The version of 3DS which was used to authenticate the customer. Either 1.0.2 or 2.1.0

liabilityShifted boolean optional

Whether the liability of the transaction resulting in a chargeback has moved from the merchant to the card issuer. (See Liability Shift.)

authenticationValue string optional

deprecated

This field is deprecated, we do not use it in the Ravelin platform.

eci string optional

The Electronic Commerce Indicator (ECI) value returned by the issuer after authentication was attempted.

transStatus string optional

transStatusReason string optional

Provides information on why the transStatus field has the specified value. Will only be provided by the issuer when the transStatus value is N, U or R. (3DS 2 only)

messageType string optional

Identifies the type of message from which the transStatus value was received. (3DS 2 only)

iReqCode string optional

If the transStatus value is U the accompanying invalid request code (iReqCode) should be provided to further explain the reason authentication could not be performed. (3DS 1 only)

declineCode string important

the decline code from the payment gateway, if applicable.

authCode string optional

A code returned from the payment gateway after an attempt to charge, if applicable.

avsResultCode object optional

The result of AVS checks. You must have at least one of street or postal code.

Any of the following:

Show definition

cvvResultCode string optional

The result of CVV verification from the issuer, compatible with common PSP codes.

mcc string optional

The Merchant Category Code associated with the transaction.

mid string optional

The merchant ID that the transaction was processed under. The merchant ID is used to identify you to your acquirer and the financial institutions that will be involved in processing the transaction.

acquirerId string optional

The acquirer is a financial institution with whom the merchant has a bank account.

acquirerBin string optional

The BIN (Bank Identification Number) of the acquirer.

acquirerCountryCode string optional

The three letter country code of the country in which your acquirer will settle the payment.

custom object optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

chargeback boolean optional

deprecated

Whether this transaction is associated with a chargeback.

email string optional

deprecated

The e-mail that the customer wants to be notified about this transaction on.

debit integer optional

deprecated

Deprecated in favour of amount. The debit amount of the transaction in the lowest denomination of the currency.

credit integer optional

deprecated

Deprected in favour of amount. The credit amount of the transaction in the lowest denomination of the currency.

voucherRedemption object optional

A voucher that is being used to pay for some of the order.

Show definition

voucherRedemptions array optional

Any vouchers that are being used to pay for some of the order.

Show definition

device object important

The device used by the customer to trigger this update.

Show definition

deviceId string required

The ID of the device used by the customer to trigger this update.

ipAddress string important

The IP address of the device connecting to your services. Used in fraud and account-takeover detection.

When extracting this IP address, consider X-Forwarded-For.

language string optional

The ISO 639 code of your customer's device's preferred language, or the IET Language Tag (BCP 47) values from the browser's Accept-Language header.

userAgent string important

The browser user-agent string, if the device represents a web browser - window.navigator.userAgent.

model string important

The model/identifier name of the device if the device represents a native app. See here for iOS models: https://www.theiphonewiki.com/wiki/Models and here for Google Play supported models: http://storage.googleapis.com/play_public/supported_devices.csv.

os string important

The operating system that the device is running.

type string optional

The type of device.

One of: computer, phone, or tablet.

manufacturer string optional

The maker of the device.

location object optional

The geolocated position of the device.

Show definition

custom object optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

browser string optional

deprecated

The name of the web browser being used, if applicable. Prefer userAgent.

javascriptEnabled boolean optional

deprecated

Whether Javascript is enabled on the web browser.

cookiesEnabled boolean optional

deprecated

Whether cookies are enabled on the web browser.

screenResolution string optional

deprecated

The resolution of the screen on the device in the format XxY

deviceId string important

The ID of the device used by the customer to trigger this update.

nationalIdentifications array optional

Identifications are used by online customers to verify their real-world identity. These forms of identification can be authenticated with government authorities or authorised third-parties to confirm the credentials are legitimate. Extra steps should be taken to confirm the customer is the legitimate holder of these credentials.

Show definition

driversLicense object optional

A driving license permitting the holder to operate one or more types of motorized vehicle.

Show definition

passport object optional

A passport certifying the identity and nationality of its holder primarily for the purpose of international travel.

Show definition

nationalId object optional

National identification cards and numbers, such as the US Social Security Number, Brazilian cédula de identidade, or UK's Insurance Number.

Show definition

POST https://api.ravelin.com/v2/checkout?score=checkoutPreAuth HTTP/1.1
Authorization: token ...
Content-Type: application/json

{
  "timestamp": 1512828988826,
  "customer": {
    "customerId": "abc-123-ZYZ",
    "registrationTime": 1512828988826,
    "email": "jsmith123@example.com",
    "name": "John Smith",
    "telephone": "+447000000001",
    "telephoneCountry": "GBR"
  },
  "device": {
    "deviceId": "65fc5ac0-2ba3-4a3b-aa5e-f5a77b845260",
    "type": "phone",
    "manufacturer": "google",
    "model": "Pixel XL",
    "os": "android",
    "language": "en-US",
    "ipAddress": "81.152.92.84"
  },
  "order": {
    "orderId": "abcde12345-ZXY",
    "creationTime": 1512828988826,
    "price": 1500,
    "currency": "GBP",
    "market": "emea",
    "country": "GBR",
    "marketCity": "london",
    "items": [
      {
        "sku": "0001",
        "name": "Margherita Pizza",
        "quantity": 1,
        "price": 1500
      }
    ],
    "status": {
      "stage": "pending",
      "actor": "merchant"
    },
    "shipping": {
      "daysToDispatch": 7,
      "method": "STANDARD",
      "destinationType": "HOME",
      "carrier":"DHL"
    }
  },
  "paymentMethods": [
    {
      "paymentMethodId": "pm-abc123",
      "instrumentId": "fp_abc123",
      "methodType": "card",
      "scheme": "visa",
      "cardBin": "535522",
      "cardLastFour": "0001",
      "expiryMonth": 7,
      "expiryYear": 2020,
      "nameOnCard": "John Smith",
      "billingAddress": {
        "addresseeName": "John Smith",
        "street1": "123 High Street",
        "city": "London",
        "country": "GBR",
        "postalCode": "E1 1AA"
      }
    }
  ],
  "transactions": [
    {
      "transactionId": "123-abc-XYZ",
      "paymentMethodId": "pm-abc123",
      "time": 1512828988826,
      "amount": 1000,
      "currency": "GBP",
      "type": "auth",
      "gateway": "example-gateway"
    }
  ]
}

Response

status integer

The HTTP response status code.

timestamp integer

A unix timestamp indicating when we finished handling the request.

message string

If an error has occurred, a description of the error.

data object

Contains our recommendations and related details.

Show definition

action string

Our payment fraud recommendation.

Use this to determine how you should handle the order.

One of: ALLOW, REVIEW, or PREVENT.

score integer

The fraud score produced by the machine learning model. A value between 0 and 100. The higher the number the more fraudulently the model scored the customer.

This may not be the source of the final recommendation, see source.

source string

The source of the action recommendation.

Do not implement any logic based upon this field, we may add new values in the future without warning.

One of: CHARGEBACK, LOOKUP, MANUAL_REVIEW, NETWORK, RATE_LIMIT, RAVELIN, or RULE.

customerId string

The ID of the customer to which this recommendation applies.

scoreId string

A unique ID for this score.

transactionOptimisation object

If transaction optimisation is enabled, and a transaction optimisation recommendation was requested, this will contain the recommendation and related details.

Show definition

warnings array

Warnings when the data you are sending may negatively impact fraud detection.

Show definition

cachedScore boolean

In order to provide resiliency, on the rare occasion that Ravelin isn’t able to calculate a fraud score, a cached score is used to determine the action. If a cached score was used, this field will be true.

effectiveTime string

Response Version 1

Specifies the time the score was originally calculated. Uses the format 2020-01-01T00:00:00.00000000Z.

comment string

Response Version 1

If the customer was manually reviewed, the comment left by the reviewer.

rules object

Response Version 2

Contains details about the rules which were triggered by this customer.

Show definition

connect object

Response Version 2

Contains details about the network the customer is connected to.

Show definition

lookup object

Response Version 2

Contains details about the Lookup results for the customer.

Show definition

market object

Response Version 2

Contains details about the market for the customer.

Show definition

thresholds object

Response Version 2

Contains details about the machine learning fraud score thresholds.

Show definition

orderId string

Response Version 3

The ID of the order used to calculate the recommendation, typically the customer's latest order.

transactionId string

Response Version 3

The ID of the transaction used to calculate the recommendation, typically the customer's latest transaction.

{
  "status": 200,
  "timestamp": 1512828988826,
  "data": {
    "action": "ALLOW",
    "score": 12,
    "source": "RAVELIN",
    "customerId": "abc-123-ZYZ",
    "scoreId": "2bf39d-d1299-31",
    "transactionOptimisation": {
      "transactionId": "123-abc-XYZ",
      "action": "AUTHENTICATE",
      "exemption": "TRANSACTION_RISK_ANALYSIS",
      "threeDSChallengePreference": "NO_CHALLENGE_REQUESTED",
      "actionSource": "CLIENT_RULE",
      "rules": {
        "triggered": [
          {
            "ruleId": 1,
            "ruleVersion": 1,
            "action": "AUTHENTICATE",
            "exemption": "TRANSACTION_RISK_ANALYSIS",
            "threeDSChallengePreference": "NO_CHALLENGE_REQUESTED",
            "triggered": true,
            "state": "active"
          }
        ]
      }
    },
    "warnings": [
      {
        "class": "customer-not-found",
        "help": "https://developer.ravelin.com/api/warnings/#customer-not-found",
        "msg": "Customer \"abc-123-ZYZ\" not found."
      }
    ]
  }
}

Response Versions

You can request additional details in the response by specifying a response version in the Accept request header.

The fields which are returned in the different versions are marked in the Checkout Response API reference above.

Each response version will also return all the fields from the versions before it. For example, Response Version 2 will include the fields in Response Version 1.

The request headers for the different response versions are shown below:

Response Version 1: Accept: application/vnd.ravelin.score.v1+json

Response Version 2: Accept: application/vnd.ravelin.score.v2+json

Response Version 3: Accept: application/vnd.ravelin.score.v3+json

Feedback

Was this page helpful?