My Unified API Guide PHP V1.2.1

User Manual:

Open the PDF directly: View PDF PDF.
Page Count: 477

DownloadMy Unified API Guide - PHP V1.2.1
Open PDF In BrowserView PDF
PHP - Moneris Gateway API - Integration Guide
Version: 1.2.1

Copyright © Moneris Solutions, 2018
All rights reserved. No part of this publication may be reproduced,
stored in retrieval systems, or transmitted, in any form or by any means,
electronic, mechanical, photocopying, recording, or otherwise, without
the prior written permission of Moneris Solutions Corporation.

Moneris Gateway API - Integration Guide

Security and Compliance
Your solution may be required to demonstrate compliance with the card associations’ PCI/CISP/PABP
requirements. For more information on how to make your application PCI-DSS compliant, contact the
Moneris Sales Center and visit https://developer.moneris.com to download the PCI_DSS Implementation Guide.
All Merchants and Service Providers that store, process, or transmit cardholder data must comply with
PCI DSS and the Card Association Compliance Programs. However, certification requirements vary by
business and are contingent upon your "Merchant Level" or "Service Provider Level".
The card association has some data security standards that define specific requirements for all organizations that store, process, or transmit cardholder data. As a Moneris client or partner using this
method of integration, your solution must demonstrate compliance to the Payment Card Industry Data
Security Standard (PCI DSS) and/or the Payment Application Data Security Standard (PA DSS). These
standards are designed to help the cardholders and merchants in such ways as they ensure credit card
numbers are encrypted when transmitted/stored in a database and that merchants have strong access
control measures.
Non-compliant solutions may prevent merchant boarding with Moneris. A non-compliant merchant can
also be subject to fines, fees, assessments or termination of processing services.
For further information on PCI DSS & PA DSS requirements, visit http://www.pcisecuritystandards.org.

Confidentiality
You have a responsibility to protect cardholder and merchant related confidential account information.
Under no circumstances should ANY confidential information be sent via email while attempting to diagnose integration or production issues. When sending sample files or code for analysis by Moneris staff,
all references to valid card numbers, merchant accounts and transaction tokens should be removed and
or obscured. Under no circumstances should live cardholder accounts be used in the test environment.

July 2018

Table of Contents
Security and Compliance
Confidentiality

2
2

1 About This Documentation
1.1 Purpose
Getting Help
1.2 Who Is This Guide For?

9
9
9
10

2 Basic Transaction Set
2.1 Basic Transaction Type Definitions
2.2 Purchase
2.3 Pre-Authorization
2.4 Pre-Authorization Completion
2.5 Re-Authorization
2.6 Force Post
2.7 Purchase Correction
2.8 Refund
2.9 Independent Refund
2.10 Card Verification with AVS and CVD
2.11 Batch Close
2.12 Open Totals

11
11
13
18
23
26
28
31
33
35
37
42
43

3 Credential on File
3.1 About Credential on File
3.2 Credential on File Info Object and Variables
3.3 Credential on File Transaction Types
3.4 Initial Transactions in Credential on File
3.5 Vault Tokenize Credit Card and Credential on File
3.6 Credential on File and Converting Temporary Tokens
3.7 Card Verification and Credential on File Transactions
3.7.1 When to Use Card Verification With COF
3.7.2 Credential on File and Vault Add Token
3.7.3 Credential on File and Vault Update Credit Card
3.7.4 Credential on File and Vault Add Credit Card
3.7.5 Credential on File and Recurring Billing

45
45
45
45
46
46
47
47
47
48
48
48
48

4 Vault
4.1 About the Vault Transaction Set
4.2 Vault Transaction Types
4.2.1 Administrative Vault Transaction types
4.2.2 Financial Vault Transaction types
4.3 Vault Administrative Transactions
4.3.1 Vault Add Credit Card – ResAddCC
4.3.1.1 Vault Data Key
4.3.1.2 Vault Encrypted Add Credit Card - EncResAddCC
4.3.2 Vault Temporary Token Add – ResTempAdd
4.3.3 Vault Update Credit Card – ResUpdateCC
4.3.3.1 Vault Encrypted Update CC - EncResUpdateCC
4.3.4 Vault Delete - ResDelete
4.3.5 Vault Lookup Full - ResLookupFull
4.3.6 Vault Lookup Masked - ResLookupMasked
4.3.7 Vault Get Expiring - ResGetExpiring
4.3.8 Vault Is Corporate Card - ResIscorporateCard
4.3.9 Vault Add Token – ResAddToken

50
50
50
50
52
52
52
56
56
59
61
65
68
70
72
73
76
77

4.3.10 Vault Tokenize Credit Card – ResTokenizeCC
4.4 Vault Financial Transactions
4.4.1 Customer ID Changes
4.4.2 Purchase with Vault – ResPurchaseCC
4.4.3 Pre-Authorization with Vault – ResPreauthCC
4.4.4 Vault Independent Refund CC - ResIndRefundCC
4.4.5 Force Post with Vault - ResForcePostCC
4.4.6 Card Verification with Vault – ResCardVerificationCC
4.5 Hosted Tokenization

81
85
85
86
90
95
97
99
104

5 INTERAC® Online Payment
5.1 About INTERAC® Online Payment Transactions
5.2 Other Documents and References
5.3 Website and Certification Requirements
5.3.1 Things to provide to Moneris
5.3.2 Certification process
5.3.3 Client Requirements
5.3.4 Delays
5.4 Transaction Flow for INTERAC® Online Payment
5.5 Sending an INTERAC® Online Payment Purchase Transaction
5.5.1 Fund-Guarantee Request
5.5.2 Online Banking Response and Fund-Confirmation Request
5.6 INTERAC® Online Payment Purchase
5.7 INTERAC® Online Payment Refund
5.8 INTERAC® Online Payment Field Definitions

105
105
105
106
106
106
107
107
108
109
109
110
110
112
114

6 Mag Swipe Transaction Set
6.1 Mag Swipe Transaction Type Definitions
6.1.1 Encrypted Mag Swipe Transactions
6.2 Mag Swipe Purchase
6.2.1 Encrypted Mag Swipe Purchase
6.3 Mag Swipe Pre-Authorization
6.3.1 Encrypted Mag Swipe Pre-Authorization
6.4 Mag Swipe Completion
6.5 Mag Swipe Force Post
6.5.1 Encrypted Mag Swipe Force Post
6.6 Mag Swipe Purchase Correction
6.7 Mag Swipe Refund
6.8 Mag Swipe Independent Refund
6.8.1 Encrypted Mag Swipe Independent Refund

118
118
119
119
122
124
126
128
130
133
135
137
139
141

7 Level 2/3 Transactions
7.1 About Level 2/3 Transactions
7.2 Level 2/3 Visa Transactions
7.2.1 Level 2/3 Transaction Types for Visa
7.2.2 Level 2/3 Transaction Flow for Visa
7.2.3 VS Completion
7.2.4 VS Purchase Correction
7.2.5 VS Force Post
7.2.6 VS Refund
7.2.7 VS Independent Refund
7.2.8 VS Corpais
7.2.8.1 VS Purcha - Corporate Card Common Data
7.2.8.2 VS Purchl - Line Item Details
7.2.8.3 Sample Code for VS Corpais
7.3 Level 2/3 MasterCard Transactions
7.3.1 Level 2/3 Transaction Types for MasterCard

145
145
145
145
148
150
154
156
161
165
170
171
176
179
181
181

7.3.2 Level 2/3 Transaction Flow for MasterCard
7.3.3 MC Completion
7.3.4 MC Force Post
7.3.5 MC Purchase Correction
7.3.6 MC Refund
7.3.7 MC Independent Refund
7.3.8 MC Corpais - Corporate Card Common Data with Line Item Details
7.3.8.1 MC Corpac - Corporate Card Common Data
7.3.8.2 MC Corpal - Line Item Details
7.3.8.3 Tax Array Object - MC Corpais
7.3.8.4 Sample Code for MC Corpais
7.4 Level 2/3 American Express Transactions
7.4.1 Level 2/3 Transaction Types for Amex
7.4.2 Level 2/3 Transaction Flow for Amex
7.4.3 Level 2/3 Data Objects in Amex
7.4.3.1 About the Level 2/3 Data Objects for Amex
7.4.3.2 Defining the AxLevel23 Object
Table 1 Object
Table 1 - Setting the N1Loop Object
Table 1 - Setting the AxRef Object

218

Table 2 Object
Table 2 - Setting the AxIt1Loop Object

219
220

Table 2 - Setting the AxIt106s Object

222

Table 2 - Setting the AxTxi Object

223

Table 3 Object
Table 3 - Setting the AxTxi Object

227
228

7.4.4
7.4.5
7.4.6
7.4.7
7.4.8
8 MPI
8.1
8.2
8.3
8.4
8.5
8.6

183
185
186
189
190
192
194
196
203
206
208
211
211
213
214
214
214
215
216

AX Completion
AX Force Post
AX Purchase Correction
AX Refund
AX Independent Refund

About MPI Transactions
3-D Secure Implementations (VbV, MCSC, SafeKey)
Activating VbV and MCSC
Activating Amex SafeKey
Transaction Flow for MPI
MPI Transactions
8.6.1 VbV, MCSC and SafeKey Responses
8.6.2 MpiTxn Request Transaction
8.6.2.1 TXN Response and Creating the Popup
8.6.3 Vault MPI Transaction – ResMpiTxn
8.6.4 MPI ACS Request Transaction
8.6.4.1 ACS Response and Forming a Transaction
8.6.5 Purchase with 3-D Secure – cavv_purchase
8.6.5.1 Purchase with 3-D Secure and Recurring Billing
8.6.6 Pre-Authorization with 3-D Secure – cavvPreauth
8.6.7 Cavv Result Codes for Verified by Visa
8.6.8 Vault Cavv Purchase
8.6.9 Vault Cavv Pre-Authorization

9 e-Fraud Tools

231
234
237
239
242
247
247
247
248
248
248
249
250
252
253
254
256
257
258
266
268
273
275
277
280

9.1 Address Verification Service
9.1.1 About Address Verification Service (AVS)
9.1.2 AVS Info Object
9.1.3 AVS Response Codes
9.1.4 AVS Sample Code
9.2 Card Validation Digits (CVD)
9.2.1 About Card Validation Digits (CVD)
9.2.2 Transactions Where CVD Is Required
9.2.3 CVD Info Object
9.2.4 CVD Result Codes
9.2.5 Sample Purchase with CVD Info Object
9.3 Transaction Risk Management Tool
9.3.1 About the Transaction Risk Management Tool
9.3.2 Introduction to Queries
9.3.3 Session Query
9.3.3.1 Session Query Transaction Flow
9.3.4 Attribute Query
9.3.4.1 Attribute Query Transaction Flow
9.3.5 Handling Response Information
9.3.5.1 TRMT Response Fields
9.3.5.2 Understanding the Risk Score
9.3.5.3 Understanding the Rule Codes, Rule Names and Rule Messages
9.3.5.4 Examples of Risk Response
Session Query
Attribute Query
9.3.6 Inserting the Profiling Tags Into Your Website
9.4 Encorporating All Available Fraud Tools
9.4.1 Implementation Options for TRMT
9.4.2 Implementation Checklist
9.4.3 Making a Decision

282
282
282
284
286
288
288
288
289
290
290
292
292
292
293
299
300
304
304
305
308
309
316
316
317
317
319
319
319
321

10 Apple Pay In-App and on the Web Integration
10.1 About Apple Pay In-App and on the Web Integration
10.2 About API Integration of Apple Pay
10.2.1 Transaction Types That Use Apple Pay
10.3 Apple Pay In-App Process Flows
10.4 Cavv Purchase – Apple Pay In-App and on the Web
10.5 Cavv Pre-Authorization – Apple Pay

322
322
322
322
323
324
328

11 Convenience Fee
11.1 About Convenience Fee
11.2 Purchase with Convenience Fee
11.3 Convenience Fee Purchase w/ Customer Information
11.4 Convenience Fee Purchase with VbV, MCSC and Amex SafeKey

332
332
332
335
339

12 Recurring Billing
12.1 About Recurring Billing
12.2 Purchase with Recurring Billing
12.3 Recurring Billing Update
12.4 Recurring Billing Response Fields and Codes
12.5 Credential on File and Recurring Billing

343
343
343
346
350
351

13 Customer Information
13.1 Using the Customer Information Object
13.1.1 CustInfo Object – Miscellaneous Properties
13.1.2 CustInfo Object – Billing and Shipping Information
13.1.2.1 Set Methods for Billing and Shipping Info
13.1.2.2 Using Hash Tables for Billing and Shipping Info

353
353
354
354
355
356

13.1.3 CustInfo Object – Item Information
13.1.3.1 Set Methods for Item Information
13.1.3.2 Using Hash Tables for Item Information
13.2 Customer Information Sample Code

356
357
357
357

14 Status Check
14.1 About Status Check
14.2 Using Status Check Response Fields
14.3 Sample Purchase with Status Check

361
361
361
362

15 Visa Checkout
15.1 About Visa Checkout
15.2 Transaction Types - Visa Checkout
15.3 Integrating Visa Checkout Lightbox
15.4 Transaction Flow for Visa Checkout
15.5 Visa Checkout Purchase
15.6 Visa Checkout Pre-Authorization
15.7 Visa Checkout Completion
15.8 Visa Checkout Purchase Correction
15.9 Visa Checkout Refund
15.10 Visa Checkout Information

363
363
363
364
365
366
367
369
371
373
375

16 Testing a Solution
16.1 About the Merchant Resource Center
16.2 Logging In to the QA Merchant Resource Center
16.3 Test Credentials for Merchant Resource Center
16.4 Getting a Unique Test Store ID and API Token
16.5 Processing a Transaction
16.5.1 Overview
16.5.2 HttpsPostRequest Object
16.5.3 Receipt Object
16.6 Testing INTERAC® Online Payment Solutions
16.7 Testing MPI Solutions
16.8 Testing Visa Checkout
16.8.1 Creating a Visa Checkout Configuration for Testing
16.9 Test Cards
16.9.1 Test Cards for Visa Checkout
16.10 Simulator Host

378
378
378
378
380
382
382
383
385
385
386
388
388
388
389
389

17 Moving to Production
17.1 Activating a Production Store Account
17.2 Configuring a Store for Production
17.2.1 Configuring an INTERAC® Online Payment Store for Production
17.2.1.1 Completing the Certification Registration - Merchants
17.2.1.2 Third-Party Service/Shopping Cart Provider
17.3 Receipt Requirements
17.3.1 Certification Requirements

392
392
392
393
393
394
395
395

Appendix A Definitions of Request Fields
A.1 Definitions of Request Fields – Credential on File
A.2 Definition of Request Fields – Recurring
A.3 Definition of Request Fields for Level 2/3 - Visa
A.4 Definition of Request Fields for Level 2/3 - MasterCard
A.5 Definition of Request Fields for Level 2/3 - Amex

396
406
407
408
417
427

Appendix B Definitions of Response Fields

438

Appendix C Error Messages

452

Appendix D Process Flow for Basic Pre-Auth, Re-Auth and Completion Transactions

454

Appendix E Merchant Checklists for INTERAC® Online Payment Certification Testing

455

Appendix F Third-Party Service Provider Checklists for INTERAC® Online Payment Certification Testing

459

Appendix G Merchant Checklists for INTERAC® Online Payment Certification

464

Appendix H INTERAC® Online Payment Certification Test Case Detail
H.1 Common Validations
H.2 Test Cases
H.3 Merchant front-end test case values

467
467
467
471

Copyright Notice

476

Trademarks

476

1 About This Documentation
1.1 Purpose
This document describes the transaction information for using the Java API for sending credit card transactions. In particular, it describes the format for sending transactions and the corresponding responses
you will receive.
This document contains information about the following features:
l
l
l
l
l
l
l
l
l
l
l

Basic transactions
MPI – Verified by Visa, MasterCard Secure Code and American Express SafeKey
INTERAC® Online Payment
Vault
MSR (Magnetic Swipe Reader) and Encrypted MSR
Apple Pay and Android Pay In-App
Transaction Risk Management Tool
Convenience fee
Visa Checkout
MasterCard MasterPass
Level 2/3 Transactions

Getting Help
Moneris has help for you at every stage of the integration process.
Getting Started
Contact our Client
Integration Specialists:
clientintegrations@moneris.com
Hours: Monday – Friday, 8:30am
to 8 pm ET

During Development

Production

If you are already working
with an integration specialist and need technical
development assistance,
contact our eProducts
Technical Consultants:

If your application is already live
and you need production support,
contact Moneris Customer Service:

1-866-319-7450

Available 24/7

onlinepayments@moneris.com
1-866-319-7450

eproducts@moneris.com
Hours: 8am to 8pm ET

For additional support resources, you can also make use of our community forums at
http://community.moneris.com/product-forums/

July 2018

Page 9 of 477

Moneris Gateway API - Integration Guide

1.2 Who Is This Guide For?
The Moneris Gateway API - Integration Guide is intended for developers integrating with the Moneris
Gateway.
This guide assumes that the system you are trying to integrate meets the requirements outlined below
and that you have some familiarity with the PHP programming language.

System Requirements
l
l
l
l

[[[Undefined variable GlobalVariables.ProgrammingLanguageMinimumRequired]]] or above
Port 443 open for bi-directional communication
Web server with a SSL certificate
cURL - PHP interface - this can be downloaded from http://curl.haxx.se/download.html

cURL CA Root Certificate File:
The default installation of PHP/cURL does not include the cURL CA root certificate file. In order for the
Moneris Gateway PHP API to connect to the Moneris Gateway during transaction processing, the ‘mpgclasses.php’ file that’s included with the PHP API package needs to be modified to include a path to the
CA root certificate file. Follow the instructions below to set this up.
1. If cURL was not installed separately from your PHP installation, libcurl is included in your PHP
installation. You will need to download the ‘cacert.pem’ file from http://curl.haxx.se/docs/caextract.html and save it to the necessary directory. Once downloaded,
rename the file to ‘curl-ca-bundle.crt’ (e.g., 'C:\path\to\curl-ca-bundle.crt'). If cURL was installed
separately from PHP, you may need to determine the path to the cURL CA root certificate bundle
on your system (e.g., 'C:\path\to\curl-ca-bundle.crt').
2. Insert the code below into the ‘mpgclasses.php’ file as part of the cURL option setting, at approximately line 73 below the line ‘curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, TRUE);‘
curl_setopt($ch, CURLOPT_CAINFO, 'C:\path\to\curl-ca-bundle.crt');

For more information regarding the CURLOPT_SSL_VERIFYPEER option, please refer to
your PHP manual.

Page 10 of 477

July 2018

2 Basic Transaction Set
l
l
l
l
l
l
l
l
l
l
l
l

2.1 Basic Transaction Type Definitions
2.2 Purchase
2.3 Pre-Authorization
2.4 Pre-Authorization Completion
2.5 Re-Authorization
2.6 Force Post
2.7 Purchase Correction
2.8 Refund
2.9 Independent Refund
2.10 Card Verification with AVS and CVD
2.11 Batch Close
2.12 Open Totals

2.1 Basic Transaction Type Definitions
The following is a list of basic transactions that are supported by the Moneris Java API.
Purchase
Verifies funds on the customer’s card, removes the funds and prepares them for deposit into
the merchant’s account.
Pre-Authorization
Verifies and locks funds on the customer’s credit card. The funds are locked for a specified
amount of time based on the card issuer.
To retrieve the funds that have been locked by a Pre-Authorization transaction so that they
may be settled in the merchant’s account, a Completion transaction must be performed. A
Pre-Authorization transaction may only be "completed" once.
Completion
Retrieves funds that have been locked (by either a Pre-Authorization or a Re-Authorization
transaction), and prepares them for settlement into the merchant’s account.
Re-Authorization
If a Pre-Authorization transaction has already taken place, and not all the locked funds were
released by a Completion transaction, a Re-Authorization allows you to lock the remaining
funds so that they can be released by another Completion transaction in the future.
Re-Authorization is necessary because funds that have been locked by a Pre-Authorization
transaction can only be released by a Completion transaction one time. If the Completion
amount is less than the Pre-Authorization amount, the remaining money cannot be "completed".
Force Post
Retrieves the locked funds and prepares them for settlement into the merchant’s account.
This is used when a merchant obtains the authorization number directly from the issuer by a
third-party authorization method (such as by phone).
Purchase Correction
Restores the full amount of a previous Purchase, Completion or Force Post transaction to the
cardholder's card, and removes any record of it from the cardholder's statement.

July 2018

Page 11 of 477

Moneris Gateway API - Integration Guide
This transaction is sometimes referred to as "void".
This transaction can be used against a Purchase or Completion transaction that occurred
same day provided that the batch containing the original transaction remains open. When
using the automated closing feature, Batch Close occurs daily between 10 and 11pm Eastern
Time.
Refund
Restores all or part of the funds from a Purchase, Completion or Force Post transaction to the
cardholder's card. Unlike a Purchase Correction, there is a record of both the initial charge
and the refund on the cardholder's statement.
Independent Refund
Credits a specified amount to the cardholder’s credit card. The credit card number and expiry
date are mandatory.
It is not necessary for the transaction that you are refunding to have been processed via the
Moneris Gateway
Card Verification
Verifies the validity of the credit card, expiry date and any additional details (such as the Card
Verification Digits or Address Verification details). It does not verify the available amount or
lock any funds on the credit card.
Recur Update
Alters characteristics of a previously registered Recurring Billing transaction.
This transaction is commonly used to update a customer’s credit card information and the
number of recurs to the account.
Recurring billing is explained in more detail in Section 1 (page 1). The Recur Update transaction
is specifically discussed in Section 1.2 (page 1).
Batch Close
Takes the funds from all Purchase, Completion, Refund and Force Post transactions so that
they will be deposited or debited the following business day.
For funds to be deposited the following business day, the batch must close before 11pm
Eastern Time.
Open Totals
Returns the details about the currently open batch.
This transaction is similar to the Batch Close. The difference is that it does not close the batch
for settlement.

Page 12 of 477

July 2018

2 Basic Transaction Set

2.2 Purchase
Purchase transaction object definition
$txnArray = array(‘type’=>’purchase', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Purchase transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Purchase transaction values
Table 1: Purchase transaction object mandatory values
Value

Type

Limits

Set method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Amount

String

9-character decimal

'amount'=>$amount

Credit card number

String

20-character alphanumeric

'pan'=>$pan

Expiry date

String

4-character alphanumeric

'expdate'=>$expiry_date

(YYMM format)
E-commerce indicator

String

1-character alphanumeric

'crypt_type'=>$crypt

Table 2: Purchase transaction object optional values
Value

Type

Limits

Set method

Status Check

Boolean

true/false

$mpgHttpPost =new
mpgHttpsPostStatus($store_
id,$api_
token,$status,$mpgRequest);

Customer information

Object

N/A

$mpgTxn->setCustInfo
($mpgCustInfo);

AVS

Object

N/A

$mpgTxn->setAvsInfo
($mpgAvsInfo);

CVD

Object

N/A

$mpgTxn->setCvdInfo
($mpgCvdInfo);

July 2018

Page 13 of 477

Moneris Gateway API - Integration Guide
Table 2: Purchase transaction object optional values
Value

Type

Limits

Set method

NOTE: When storing
credentials on the initial transaction, the
CVD object must be
sent; for subsequent
transactions using
stored credentials,
CVD can be sent with
cardholder-initiated
transactions only—
merchants must not
store CVD
information.

Convenience fee

Object

N/A

$mpgConvFee = new
mpgConvFeeInfo
($convFeeTemplate);

Object

N/A

$mpgTxn->setRecur
($mpgRecur);

NOTE: This variable
does not apply to Credential on File transactions.

Recurring billing

Page 14 of 477

July 2018

2 Basic Transaction Set
Table 2: Purchase transaction object optional values
Value

Type

Limits

Set method

Dynamic descriptor

String

20-character alphanumeric

'dynamic_
descriptor'=>$dynamic_
descriptor

Wallet indicator1

String

3-character alphanumeric

'wallet_indicator'=>$wallet_
indicator

Object

N/A

NOTE: For basic
Purchase and Preauthorization, the wallet
indicator applies to
Visa Checkout and
MasterCard MasterPass only. For more,
see Appendix A Definitions of Request
Fields

Credential on File Info

$mpgTxn->setCofInfo($cof);

cof
NOTE: This is a nested
object within the transaction, and required
when storing or using
the customer's stored
credentials. The Credential on File Info
object has its own
request variables, listed in blue in the table
below, "Credential on
File Object Request
Variables".

1Available to Canadian integrations only.

July 2018

Page 15 of 477

Moneris Gateway API - Integration Guide

Credential on File Transaction Object Request Fields
Value
Issuer ID

Type
String

NOTE: This variable is
required for all merchant-intiated transactions following the
first one; upon sending
the first transaction,
the Issuer ID value is
received in the transaction response and
then used in subsequent transaction
requests (Issuer ID
does not apply for Discover or Union Pay).

Payment Indicator

Limits
15-character alphanumeric

Set Method
$cof->setIssuerId("VALUE_
FOR_ISSUER_ID");

variable length
NOTE: For a list and explanation of the
possible values to send for this variable,
see Definitions of Request Fields – Credential on File

String

1-character alphabetic

$cof->setPaymentIndicator
("PAYMENT_INDICATOR_VALUE");
NOTE: For a list and explanation of the
possible values to send for this variable,
see Definitions of Request Fields – Credential on File

Payment Information

String

1-character numeric

$cof->setPaymentInformation
("PAYMENT_INFO_VALUE");
NOTE: For a list and explanation of the
possible values to send for this variable,
see Definitions of Request Fields – Credential on File

Sample Purchase
$type,
'order_id'=>$order_id,
'cust_id'=>$cust_id,
'amount'=>$amount,
'pan'=>$pan,
'expdate'=>$expiry_date,
'crypt_type'=>$crypt,
'dynamic_descriptor'=>$dynamic_descriptor
//,'wallet_indicator' => '' //Refer to documentation for details
//,'mcp_amount' => $mcp_amount,
//'mcp_currency_code' => $mcp_currency_code
);
/**************************** Transaction Object *****************************/
$mpgTxn = new mpgTransaction($txnArray);
/******************* Credential on File **********************************/
$cof = new CofInfo();
$cof->setPaymentIndicator("U");
$cof->setPaymentInformation("2");
$cof->setIssuerId("12345678901234");
$mpgTxn->setCofInfo($cof);
/****************************** Request Object *******************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/***************************** HTTPS Post Object *****************************/
/* Status Check Example
$mpgHttpPost =new mpgHttpsPostStatus($store_id,$api_token,$status_check,$mpgRequest);
*/
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/******************************* Response ************************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nIsVisaDebit = " . $mpgResponse->getIsVisaDebit());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());

July 2018

Page 17 of 477

Moneris Gateway API - Integration Guide

Sample Purchase
print("\nStatusCode = " . $mpgResponse->getStatusCode());
print("\nStatusMessage = " . $mpgResponse->getStatusMessage());
print("\nMCPAmount = " . $mpgResponse->getMCPAmount());
print("\nMCPCurrenyCode = " . $mpgResponse->getMCPCurrencyCode());
print("\nHostId = " . $mpgResponse->getHostId());
print("\nIssuerId = " . $mpgResponse->getIssuerId());
?>

2.3 Pre-Authorization
Things to Consider:
l

l

l

If a Pre-Authorization transaction is not followed by a Completion transaction, it must
be reversed via a Completion transaction for 0.00. See "Pre-Authorization Completion"
on page 23
A Pre-Authorization transaction may only be "completed" once . If the Completion
transaction is for less than the original amount, a Re-Authorization transaction is
required to collect the remaining funds by another Completion transaction. See ReAuthorization (page 26).
For a process flow, see "Process Flow for Basic Pre-Auth, Re-Auth and Completion Transactions" on page 454

Pre-Authorization transaction object definition
$txnArray = array(‘type’=>’preauth', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Pre-Authorization transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Pre-Authorization transaction values
For a full description of mandatory and optional values, see Appendix A Definitions of Request Fields

Page 18 of 477

July 2018

2 Basic Transaction Set
Table 3: Pre-Authorization object mandatory values
Value

Type

Limits

Set method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Amount

String

9-character decimal

'amount'=>$amount

Credit card number

String

20-character numeric

'pan'=>$pan

Expiry date

String

4-character numeric

'expdate'=>$expiry_date

E-Commerce indicator

String

1-character alphanumeric

'crypt_type'=>$crypt

Table 4: Pre-Authorization object optional values
Value

Type

Limits

Set method

Status Check

Boolean

true/false

$mpgHttpPost =new
mpgHttpsPostStatus($store_
id,$api_
token,$status,$mpgRequest);

Dynamic descriptor

String

20-character alphanumeric

'dynamic_
descriptor'=>$dynamic_
descriptor

Customer information

Object

N/A

$mpgTxn->setCustInfo
($mpgCustInfo);

AVS

Object

N/A

$mpgTxn->setAvsInfo
($mpgAvsInfo);

CVD

Object

N/A

$mpgTxn->setCvdInfo
($mpgCvdInfo);

NOTE: When storing
credentials on the initial transaction, the
CVD object must be
sent; for subsequent
transactions using
stored credentials,
CVD can be sent with
cardholder-initiated
transactions only—
merchants must not
store CVD
information.

July 2018

Page 19 of 477

Moneris Gateway API - Integration Guide

Value

Type

Limits

Set method

Customer ID

String

50-character alphanumeric

'cust_id'=>$cust_id

Wallet indicator1

String

3-character alphanumeric

'wallet_indicator'=>$wallet_
indicator

Object

N/A

NOTE: For basic
Purchase and Preauthorization, the wallet
indicator applies to
Visa Checkout and
MasterCard MasterPass only. For more,
see Appendix A Definitions of Request
Fields

Credential on File Info

$mpgTxn->setCofInfo($cof);

cof
NOTE: This is a nested
object within the transaction, and required
when storing or using
the customer's stored
credentials. The Credential on File Info
object has its own
request variables, listed in blue in the table
below, "Credential on
File Object Request
Variables".

1Available to Canadian integrations only.

Page 20 of 477

July 2018

2 Basic Transaction Set

Credential on File Transaction Object Request Fields
Value
Issuer ID

Type
String

NOTE: This variable is
required for all merchant-intiated transactions following the
first one; upon sending
the first transaction,
the Issuer ID value is
received in the transaction response and
then used in subsequent transaction
requests (Issuer ID
does not apply for Discover or Union Pay).

Payment Indicator

Limits
15-character alphanumeric

Set Method
$cof->setIssuerId("VALUE_
FOR_ISSUER_ID");

variable length
NOTE: For a list and explanation of the
possible values to send for this variable,
see Definitions of Request Fields – Credential on File

String

1-character alphabetic

$cof->setPaymentIndicator
("PAYMENT_INDICATOR_VALUE");
NOTE: For a list and explanation of the
possible values to send for this variable,
see Definitions of Request Fields – Credential on File

Payment Information

String

1-character numeric

$cof->setPaymentInformation
("PAYMENT_INFO_VALUE");
NOTE: For a list and explanation of the
possible values to send for this variable,
see Definitions of Request Fields – Credential on File

Sample Pre-Authorization
$type,
'order_id'=>$order_id,
'cust_id'=>$cust_id,
'amount'=>$amount,
'pan'=>$pan,
'expdate'=>$expiry_date,
'cavv'=>$cavv,
'crypt_type'=>$crypt_type, //mandatory for AMEX only
//'wallet_indicator'=>$wallet_indicator, //set only for wallet transactions. e.g. APPLE PAY
'dynamic_descriptor'=>$dynamic_descriptor
);
/****************************** Transaction Object *******************************/
$mpgTxn = new mpgTransaction($txnArray);
/******************* Credential on File **********************************/
$cof = new CofInfo();
$cof->setPaymentIndicator("U");
$cof->setPaymentInformation("2");
$cof->setIssuerId("12345678901234");
$mpgTxn->setCofInfo($cof);
/******************************* Request Object **********************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/****************************** HTTPS Post Object *******************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/************************************ Response **********************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
print("\nCavvResultCode = " . $mpgResponse->getCavvResultCode());
print("\nIssuerId = " . $mpgResponse->getIssuerId());
?>

Page 22 of 477

July 2018

2 Basic Transaction Set

2.4 Pre-Authorization Completion
Things to Consider:
l
l

l

l

l

Completion is also known as "capture" or "pre-authorization completion".
A Pre-Authorization or Re-Authorization transaction can only be completed once. Refer
to the Re-Authorization transaction (page 26 for more information on how to perform
multiple Completion transactions.
To reverse the full amount of a Pre-Authorization transaction, use the Completion transaction with the amount set to 0.00.
To process this transaction, you need the order ID and transaction number from the original Pre-Authorization transaction.
For a process flow, see "Process Flow for Basic Pre-Auth, Re-Auth and Completion Transactions" on page 454

Completion transaction object
$txnArray = array(‘type’=>’completion', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Completion transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Completion transaction values
For a full description of mandatory and optional values, see Appendix A Definitions of Request Fields
Table 5: Completion transaction object mandatory values
Value

Type

Limits

Set method

Order ID

String

50-character
alphanumeric

'order_id'=>$order_id

Completion Amount

String

9-character decimal

'comp_amount'=>$comp_amount

Transaction number

String

255-character
alphanumeric

'txn_number'=>$txn_number

E-Commerce indicator

String

1-character
alphanumeric

'crypt_type'=>$crypt

July 2018

Page 23 of 477

Moneris Gateway API - Integration Guide
Table 6: Completion transaction optional values
Value

Type

Limits

Set method

Status Check

Boolean

true/false

$mpgHttpPost =new
mpgHttpsPostStatus($store_
id,$api_
token,$status,$mpgRequest);

Customer ID

String

50-character alphanumeric

'cust_id'=>$cust_id

Dynamic descriptor

String

20-character alphanumeric

'dynamic_
descriptor'=>$dynamic_
descriptor

Shipping indicator1

String

1-character alphanumeric

‘ship_indicator’=>$ship_
indicator

Sample Basic Pre-Authorization Completion
'completion',
'txn_number'=>$txnnumber,
'order_id'=>$orderid,
'comp_amount'=>$compamount,
'crypt_type'=>'7',
'cust_id'=>'customer ID',
//'mcp_amount' => $mcp_amount,
//'mcp_currency_code' => $mcp_currency_code
//'ship_indicator'=>$ship_indicator, //optional
'dynamic_descriptor'=>$dynamic_descriptor
);
## step 2) create a transaction object passing the hash created in
## step 1.
$mpgTxn = new mpgTransaction($txnArray);
## step 3) create a mpgRequest object passing the transaction object created
## in step 2

1Available to Canadian integrations only.

Page 24 of 477

July 2018

2 Basic Transaction Set

Sample Basic Pre-Authorization Completion
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
## step 4) create mpgHttpsPost object which does an https post ##
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
## step 5) get an mpgResponse object ##
$mpgResponse=$mpgHttpPost->getMpgResponse();
## step 6) retrieve data using get methods
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nIsVisaDebit = " . $mpgResponse->getIsVisaDebit());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
print("\nMCPAmount = " . $mpgResponse->getMCPAmount());
print("\nMCPCurrenyCode = " . $mpgResponse->getMCPCurrencyCode());
?>
$compamount='0.10';
$dynamic_descriptor='123';
## step 1) create transaction array ###
$txnArray=array('type'=>'completion',
'txn_number'=>$txnnumber,
'order_id'=>$orderid,
'comp_amount'=>$compamount,
'crypt_type'=>'7',
'cust_id'=>'customer ID',
'dynamic_descriptor'=>$dynamic_descriptor
);
## step 2) create a transaction object passing the hash created in
## step 1.
$mpgTxn = new mpgTransaction($txnArray);
## step 3) create a mpgRequest object passing the transaction object created
## in step 2
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
## step 4) create mpgHttpsPost object which does an https post ##
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
## step 5) get an mpgResponse object ##
$mpgResponse=$mpgHttpPost->getMpgResponse();
## step 6) retrieve data using get methods
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());

July 2018

Page 25 of 477

Moneris Gateway API - Integration Guide

Sample Basic Pre-Authorization Completion
print("\nMessage = " . $mpgResponse->getMessage());
print("\nIsVisaDebit = " . $mpgResponse->getIsVisaDebit());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
?>

2.5 Re-Authorization
For a process flow, Process Flow for Basic Pre-Auth, Re-Auth and Completion Transactions (page 454).

Re-Authorization transaction object definition
$txnArray = array(‘type’=>’reauth', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Re-Authorization transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Re-Authorization transaction values
For a full description of mandatory and optional values, see Appendix A Definitions of Request Fields
Table 7: Re-Authorization transaction object mandatory values
Value

Type

Limits

Set method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Original order ID

String

50-character alphanumeric

'orig_order_id'=>orig_order_
id

Amount

String

9-character decimal

'amount'=>$amount

Transaction number

String

255-character variable
character

'txn_number'=>$txn_number

E-Commerce indicator

String

1-character alphanumeric

'crypt_type'=>$crypt

Page 26 of 477

July 2018

2 Basic Transaction Set
Table 1: Re-Authorization transaction optional values
Value

Type

Limits

Set Method

Customer ID

String

50-character alphanumeric

'cust_id'=>$cust_id

Status check

Boolean

true/false

$mpgHttpPost =new
mpgHttpsPostStatus($store_
id,$api_
token,$status,$mpgRequest);

Dynamic descriptor

String

20-character alphanumeric

'dynamic_
descriptor'=>$dynamic_
descriptor

Customer information

Object

N/A

$mpgTxn->setCustInfo
($mpgCustInfo);

AVS

Object

N/A

$mpgTxn->setAvsInfo
($mpgAvsInfo);

CVD

Object

N/A

$mpgTxn->setCvdInfo
($mpgCvdInfo);

NOTE: When storing
credentials on the initial transaction, the
CVD object must be
sent; for subsequent
transactions using
stored credentials,
CVD can be sent with
cardholder-initiated
transactions only—
merchants must not
store CVD
information.

Sample Re-Authorization
'reauth',
'order_id'=>'ord-'.date("dmy-G:i:s"),
'cust_id'=>'my cust id',
'amount'=>'0.50',
'orig_order_id'=>'ord-110515-10:55:31', //original pre-auth order_id
'txn_number'=>'31393-0_10', //original pre-auth txn number

July 2018

Page 27 of 477

Moneris Gateway API - Integration Guide

Sample Re-Authorization
'crypt_type'=>'7',
'dynamic_descriptor'=>'123456'
);
/****************************** Transaction Object *******************************/
$mpgTxn = new mpgTransaction($txnArray);
/******************************* Request Object **********************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/****************************** HTTPS Post Object *******************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/************************************* Response *********************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType()."
");
print("\nTransAmount = " . $mpgResponse->getTransAmount()."
");
print("\nTxnNumber = " . $mpgResponse->getTxnNumber()."
");
print("\nReceiptId = " . $mpgResponse->getReceiptId()."
");
print("\nTransType = " . $mpgResponse->getTransType()."
");
print("\nReferenceNum = " . $mpgResponse->getReferenceNum()."
");
print("\nResponseCode = " . $mpgResponse->getResponseCode()."
");
print("\nISO = " . $mpgResponse->getISO()."
");
print("\nMessage = " . $mpgResponse->getMessage()."
");
print("\nIsVisaDebit = " . $mpgResponse->getIsVisaDebit()."
");
print("\nAuthCode = " . $mpgResponse->getAuthCode()."
");
print("\nComplete = " . $mpgResponse->getComplete()."
");
print("\nTransDate = " . $mpgResponse->getTransDate()."
");
print("\nTransTime = " . $mpgResponse->getTransTime()."
");
print("\nTicket = " . $mpgResponse->getTicket()."
");
print("\nTimedOut = " . $mpgResponse->getTimedOut()."
");
?>

2.6 Force Post
Things to Consider:
l

l

l

This transaction is an independent completion where the original Pre-Authorization
transaction was not processed via the same Moneris Gateway merchant account.
It is not required for the transaction that you are submitting to have been processed via
the Moneris Gateway. However, a credit card number, expiry date and original authorization number are required.
Force Post transactions are not supported for UnionPay

ForcePost transaction object definition
$txnArray = array(‘type’=>’forcepost', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for ForcePost transaction
$mpgRequest = new mpgRequest($mpgTxn);

Page 28 of 477

July 2018

2 Basic Transaction Set
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Force Post transaction values
For a full description of mandatory and optional values, see Appendix A Definitions of Request Fields
Table 8: Force Post transaction object mandatory values
Value

Type

Limits

Set method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Amount

String

9-character decimal

'amount'=>$amount

Credit card number

String

20-character numeric

'pan'=>$pan

Expiry date

String

4-character numeric

'expdate'=>$expiry_date

Authorization code

String

8-character alphanumeric

'auth_code'=>$auth_code

E-Commerce indicator

String

1-character alphanumeric

'crypt_type'=>$crypt

Table 9: Force Post transaction optional values
Value

Type

Limits

Set method

Customer ID

String

50-character alphanumeric

'cust_id'=>$cust_id

Dynamic descriptor

String

20-character alphanumeric

'dynamic_
descriptor'=>$dynamic_
descriptor

Status Check

Boolean

true/false

$mpgHttpPost =new
mpgHttpsPostStatus($store_
id,$api_
token,$status,$mpgRequest);

Sample Basic Force Post
$type,
'order_id'=>$order_id,
'cust_id'=>$cust_id,
'amount'=>$amount,
'pan'=>$pan,
'expdate'=>$expiry_date,
'auth_code'=>$auth_code,
'crypt_type'=>$crypt,
'dynamic_descriptor'=>$dynamic_descriptor
);
/**************************** Transaction Object *****************************/
$mpgTxn = new mpgTransaction($txnArray);
/****************************** Request Object *******************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/***************************** HTTPS Post Object *****************************/
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);
//Status check example
//$mpgHttpPost = new mpgHttpsPostStatus($store_id,$api_token,$status,$mpgRequest);
/******************************* Response ************************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
print("\nIssuerId = " . $mpgResponse->getIssuerId());
//print("\nStatusCode = " . $mpgResponse->getStatusCode());
//print("\nStatusMessage = " . $mpgResponse->getStatusMessage());

?>

Page 30 of 477

July 2018

2 Basic Transaction Set

2.7 Purchase Correction
Things to Consider:
l
l

Purchase correction is also known as "void" or "correction".
To process this transaction, you need the order ID and the transaction number from
the original Completion, Purchase or Force Post transaction.

Purchase Correction transaction object definition
$txnArray = array(‘type’=>’purchasecorrection', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Purchase Correction transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Purchase Correction transaction object values
For a full description of mandatory and optional values, see Appendix A Definitions of Request Fields
Table 10: Purchase Correction transaction object mandatory values
Value

Type

Limits

Set method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Transaction number

String

255-character variable
character

'txn_number'=>$txn_number

E-Commerce indicator

String

1-character alphanumeric

'crypt_type'=>$crypt

July 2018

Page 31 of 477

Moneris Gateway API - Integration Guide
Table 11: Purchase Correction transaction optional values
Value

Type

Limits

Set method

Status Check

Boolean

true/false

$mpgHttpPost =new
mpgHttpsPostStatus($store_
id,$api_
token,$status,$mpgRequest);

Customer ID

String

50-character alphanumeric

'cust_id'=>$cust_id

Dynamic descriptor

String

20-character alphanumeric

'dynamic_
descriptor'=>$dynamic_
descriptor

Sample Purchase Correction
'purchasecorrection',
'txn_number'=>$txnnumber,
'order_id'=>$orderid,
'crypt_type'=>'7',
'cust_id'=>'customer ID',
'dynamic_descriptor'=>$dynamic_descriptor
);
## step 2) create a transaction object passing the array created in
## step 1.
$mpgTxn = new mpgTransaction($txnArray);
## step 3) create a mpgRequest object passing the transaction object created
## in step 2
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
## step 4) create mpgHttpsPost object which does an https post ##
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
## step 5) get an mpgResponse object ##
$mpgResponse=$mpgHttpPost->getMpgResponse();
## step 6) retrieve data using get methods
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nIsVisaDebit = " . $mpgResponse->getIsVisaDebit());

Page 32 of 477

July 2018

2 Basic Transaction Set

Sample Purchase Correction
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
?>

2.8 Refund
To process this transaction, you need the order ID and transaction number from the original Completion, Purchase or Force Post transaction.

Refund transaction object definition
$txnArray = array(‘type’=>’refund', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Refund transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Refund transaction object values
For a full description of mandatory and optional values, see Appendix A Definitions of Request Fields
Table 12: Refund transaction object mandatory values
Value

Type

Limits

Set method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Amount

String

9-character decimal

'amount'=>$amount

Transaction number

String

255-character variable
character

'txn_number'=>$txn_number

E-Commerce indicator

String

1-character alphanumeric

'crypt_type'=>$crypt

July 2018

Page 33 of 477

Moneris Gateway API - Integration Guide
Table 13: Refund transaction optional values
Value
Status Check

Type
Boolean

Limits
true/false

Set method
$mpgHttpPost =new
mpgHttpsPostStatus($store_
id,$api_
token,$status,$mpgRequest);

Sample Refund
'refund',
'txn_number'=>$txnnumber,
'order_id'=>$orderid,
'amount'=>'0.10',
'crypt_type'=>'7',
'cust_id'=> 'Customer ID',
'dynamic_descriptor'=>$dynamic_descriptor
);
## step 2) create a transaction object passing the array created in
## step 1.
$mpgTxn = new mpgTransaction($txnArray);
## step 3) create a mpgRequest object passing the transaction object created
## in step 2
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
## step 4) create mpgHttpsPost object which does an https post ##
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
## step 5) get an mpgResponse object ##
$mpgResponse=$mpgHttpPost->getMpgResponse();
## step 6) retrieve data using get methods
print ("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nIsVisaDebit = " . $mpgResponse->getIsVisaDebit());

Page 34 of 477

July 2018

2 Basic Transaction Set

Sample Refund
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
?>

2.9 Independent Refund
Things to Consider:
l

Because of the potential for fraud, permission for this transaction is not granted to all
accounts by default. If it is required for your business, it must be requested via your
account manager.

Independent Refund transaction object definition
$txnArray = array(‘type’=>’ind_refund', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Independent Refund transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Independent Refund transaction values
For a full description of mandatory and optional values, see Appendix A Definitions of Request Fields
Table 14: Independent Refund transaction object mandatory values
Value

Type

Limits

Set method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Amount

String

9-character decimal

'amount'=>$amount

Credit card number

String

20-character alphanumeric

'pan'=>$pan

Expiry date

String

4-character alphanumeric

'expdate'=>$expiry_date

July 2018

Page 35 of 477

Moneris Gateway API - Integration Guide
Table 14: Independent Refund transaction object mandatory values (continued)
Value

Type

Limits

Set method

(YYMM format)
E-Commerce indicator

String

1-character alphanumeric

'crypt_type'=>$crypt

Table 15: Independent Refund transaction optional values
Value

Type

Limits

Set method

Customer ID

String

50-character alphanumeric

'cust_id'=>$cust_id

Dynamic descriptor

String

20-character alphanumeric

'dynamic_
descriptor'=>$dynamic_
descriptor

Status Check

Boolean

true/false

$mpgHttpPost =new
mpgHttpsPostStatus($store_
id,$api_
token,$status,$mpgRequest);

Sample Independent Refund
'ind_refund',
'order_id'=>$orderid,
'cust_id'=>'my cust id',
'amount'=>'1.00',
'pan'=>'4242424242424242',
'expdate'=>'1103',
'crypt_type'=>'7',
'dynamic_descriptor'=>$dynamic_descriptor
);
## step 2) create a transaction object passing the array created in
## step 1.
$mpgTxn = new mpgTransaction($txnArray);

Page 36 of 477

July 2018

2 Basic Transaction Set

Sample Independent Refund
## step 3) create a mpgRequest object passing the transaction object created
## in step 2
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
## step 4) create mpgHttpsPost object which does an https post ##
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
## step 5) get an mpgResponse object ##
$mpgResponse=$mpgHttpPost->getMpgResponse();
## step 6) retrieve data using get methods
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nIsVisaDebit = " . $mpgResponse->getIsVisaDebit());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
?>

2.10 Card Verification with AVS and CVD
Things to Consider:
l
l

l
l
l
l

l

The Card Verification transaction is only supported by Visa, MasterCard and Discover
For some Credential on File transactions, Card Verification with AVS and CVD is used as
a prior step to get the Issuer ID used in the subsequent transaction
This transaction is also known as an "account status inquiry"
For Card Verification, CVD is supported by Visa, MasterCard and Discover.
For Card Verification, AVS is supported by Visa, MasterCard and Discover.
When testing Card Verification, please use the Visa and MasterCard test card numbers
provided in the MasterCard Card Verification and Visa Card Verification tables available
in CVD & AVS (E-Fraud) Simulator.
For a full list of possible AVS & CVD result codes refer to the CVD and AVS Result Code
tables.

Card Verification object definition
$txnArray = array(‘type’=>’card_verification', …);
$mpgTxn = new mpgTransaction($txnArray);

July 2018

Page 37 of 477

Moneris Gateway API - Integration Guide

HttpsPostRequest object for Card Verification transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Card Verification transaction values
For a full description of mandatory and optional values, see Appendix A Definitions of Request Fields
Table 16: Card Verification transaction object mandatory values
Value

Type

Limits

Set method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Credit card number

String

20-character alphanumeric

'pan'=>$pan

Expiry date

String

4-character alphanumeric

'expdate'=>$expiry_date

(YYMM format)
E-commerce indicator

String

1-character alphanumeric

'crypt_type'=>$crypt

AVS

Object

N/A

$mpgTxn->setAvsInfo
($mpgAvsInfo);

CVD

Object

N/A

$mpgTxn->setCvdInfo
($mpgCvdInfo);

NOTE: When storing
credentials on the initial transaction, the
CVD object must be
sent; for subsequent
transactions using
stored credentials, CVD
can be sent with cardholder-initiated transactions only—
merchants must not
store CVD information.

Page 38 of 477

July 2018

2 Basic Transaction Set
Table 17: Basic Card Verification transaction object optional values
Value

Type

Credential on File Info

Object

Limits
N/A

Set Method
$mpgTxn->setCofInfo($cof);

cof
NOTE: This is a nested
object within the transaction, and required
when storing or using
the customer's stored
credentials. The Credential on File Info
object has its own
request variables, listed in blue in the table
below, "Credential on
File Object Request
Variables".

July 2018

Page 39 of 477

Moneris Gateway API - Integration Guide

Credential on File Transaction Object Request Fields
Value
Issuer ID

Type
String

NOTE: This variable is
required for all merchant-intiated transactions following the
first one; upon sending
the first transaction,
the Issuer ID value is
received in the transaction response and
then used in subsequent transaction
requests (Issuer ID
does not apply for Discover or Union Pay).

Payment Indicator

Limits
15-character alphanumeric

Set Method
$cof->setIssuerId("VALUE_
FOR_ISSUER_ID");

variable length
NOTE: For a list and explanation of the
possible values to send for this variable,
see Definitions of Request Fields – Credential on File

String

1-character alphabetic

$cof->setPaymentIndicator
("PAYMENT_INDICATOR_VALUE");
NOTE: For a list and explanation of the
possible values to send for this variable,
see Definitions of Request Fields – Credential on File

Payment Information

String

1-character numeric

$cof->setPaymentInformation
("PAYMENT_INFO_VALUE");
NOTE: For a list and explanation of the
possible values to send for this variable,
see Definitions of Request Fields – Credential on File

Sample Card Verification
'card_verification',
'order_id'=>'ord-'.date("dmy-G:i:s"),
'cust_id'=>'my cust id',
'pan'=>'4242424242424242',
'expdate'=>'1512',
'crypt_type'=>'7'
);

Page 40 of 477

July 2018

2 Basic Transaction Set

Sample Card Verification
$mpgTxn = new mpgTransaction($txnArray);
/************************** AVS Variables *****************************/
$avs_street_number = '201';
$avs_street_name = 'Michigan Ave';
$avs_zipcode = 'M1M1M1';
/************************** CVD Variables *****************************/
$cvd_indicator = '1';
$cvd_value = '198';
/********************** AVS Associative Array *************************/
$avsTemplate = array(
'avs_street_number'=>$avs_street_number,
'avs_street_name' =>$avs_street_name,
'avs_zipcode' => $avs_zipcode
);
/********************** CVD Associative Array *************************/
$cvdTemplate = array(
'cvd_indicator' => $cvd_indicator,
'cvd_value' => $cvd_value
);
/************************** AVS Object ********************************/
$mpgAvsInfo = new mpgAvsInfo ($avsTemplate);
/************************** CVD Object ********************************/
$mpgCvdInfo = new mpgCvdInfo ($cvdTemplate);
/*********************** Credential on File ************************/
$cof = new CofInfo();
$cof->setPaymentIndicator("U");
$cof->setPaymentInformation("2");
$cof->setIssuerId("12345678901234");
$mpgTxn->setAvsInfo($mpgAvsInfo);
$mpgTxn->setCvdInfo($mpgCvdInfo);
$mpgTxn->setCofInfo($cof);
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nIsVisaDebit = " . $mpgResponse->getIsVisaDebit());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
print("\nIssuerId = " . $mpgResponse->getIssuerId());
?>

July 2018

Page 41 of 477

Moneris Gateway API - Integration Guide

2.11 Batch Close
Batch Close transaction object definition
$txnArray = array(‘type’=>’batchclose', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Batch Close transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Batch Close transaction values
For a full description of mandatory and optional values, see Appendix A Definitions of Request Fields
Table 18: Batch Close transaction object mandatory values
Value
ECR (electronic cash
register) number

Type

Limits

String

No limit (value
provided by Moneris)

Set method
ecr_number=>$ecr_number

Sample Batch Close
'batchclose',
'ecr_number'=>$ecr_number
);
$mpgTxn = new mpgTransaction($txnArray);
## step 2) create mpgRequest object ###
$mpgReq=new mpgRequest($mpgTxn);
$mpgReq->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgReq->setTestMode(true); //false or comment out this line for production transactions
## step 3) create mpgHttpsPost object which does an https post ##
$mpgHttpPost=new mpgHttpsPost($store_id,$api_token,$mpgReq);
## step 4) get an mpgResponse object ##
$mpgResponse=$mpgHttpPost->getMpgResponse();
##step 5) get array of all credit cards
$creditCards = $mpgResponse->getCreditCards($ecr_number);
## step 6) loop through the array of credit cards and get information

Page 42 of 477

July 2018

2 Basic Transaction Set

Sample Batch Close
for($i=0; $i < count($creditCards); $i++)
{
print "\nCard Type = $creditCards[$i]";
print "\nPurchase Count = "
. $mpgResponse->getPurchaseCount($ecr_number,$creditCards[$i]);
print "\nPurchase Amount = "
. $mpgResponse->getPurchaseAmount($ecr_number,$creditCards[$i]);
print "\nRefund Count = "
. $mpgResponse->getRefundCount($ecr_number,$creditCards[$i]);
print "\nRefund Amount = "
. $mpgResponse->getRefundAmount($ecr_number,$creditCards[$i]);
print "\nCorrection Count = "
. $mpgResponse->getCorrectionCount($ecr_number,$creditCards[$i]);
print "\nCorrection Amount = "
. $mpgResponse->getCorrectionAmount($ecr_number,$creditCards[$i]);
}
?>

2.12 Open Totals
OpenTotals transaction object definition
$txnArray = array(‘type’=>’opentotals', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Open Totals transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Open Totals transaction values
For a full description of mandatory and optional values, see Appendix A Definitions of Request Fields
Table 19: Open Totals transaction object mandatory values
Value
ECR (electronic cash
register) number

Type

Limits

String

No limit (value
provided by Moneris)

Set method
ecr_number=>$ecr_number

Sample Open Totals
'opentotals',
'ecr_number'=>$ecr_number
);
$mpgTxn = new mpgTransaction($txnArray);
## step 2) create mpgRequest object ###
$mpgReq= new mpgRequest($mpgTxn);
$mpgReq->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgReq->setTestMode(true); //false or comment out this line for production transactions
## step 3) create mpgHttpsPost object which does an https post ##
$mpgHttpPost=new mpgHttpsPost($store_id,$api_token,$mpgReq);
## step 4) get an mpgResponse object ##
$mpgResponse=$mpgHttpPost->getMpgResponse();
##step 5) get array of all credit cards
$creditCards = $mpgResponse->getCreditCards($ecr_number);
## step 6) loop through the array of credit cards and get information
for($i=0; $i < count($creditCards); $i++)
{
print "\nCard Type = $creditCards[$i]";
print "\nPurchase Count = "
. $mpgResponse->getPurchaseCount($ecr_number,$creditCards[$i]);
print "\nPurchase Amount = "
. $mpgResponse->getPurchaseAmount($ecr_number,$creditCards[$i]);
print "\nRefund Count = "
. $mpgResponse->getRefundCount($ecr_number,$creditCards[$i]);
print "\nRefund Amount = "
. $mpgResponse->getRefundAmount($ecr_number,$creditCards[$i]);
print "\nCorrection Count = "
. $mpgResponse->getCorrectionCount($ecr_number,$creditCards[$i]);
print "\nCorrection Amount = "
. $mpgResponse->getCorrectionAmount($ecr_number,$creditCards[$i]);
}
?>

Page 44 of 477

July 2018

3 Credential on File
l
l
l
l
l
l

3.1
3.2
3.3
3.4
3.5
3.7

About Credential on File
Credential on File Info Object and Variables
Credential on File Transaction Types
Initial Transactions in Credential on File
Vault Tokenize Credit Card and Credential on File
Card Verification and Credential on File Transactions

3.1 About Credential on File
When storing customers' credit card credentials for use in future authorizations, or when using these credentials in subsequent transactions, card brands now require merchants to indicate this in the transaction request.
In the Moneris API, this is handled by the Moneris Gateway via the inclusion of the Credential on File info
object and its variables in the transaction request.
While the requirements for handling Credential on File transactions relate to Visa, Mastercard and Discover only, in order to avoid confusion and prevent error, please implement these changes for all card
types and the Moneris system will then correctly flow the relevant card data values as appropriate.
While in the testing phase, we recommend that you test with Visa cards because implementation for the
other card brands is still in process.

NOTE: If either the first transaction or a Card Verification authorization is declined when
attempting to store cardholder credentials, those credentials cannot be stored —therefore
the merchant must not use the credential for any subsequent transactions.

3.2 Credential on File Info Object and Variables
The Credential on File Info object is nested within the request for the applicable transaction types.
Object:
cof
Variables in the cof object:
Payment Indicator
Payment Information
Issuer ID
For more information, see Definitions of Request Fields – Credential on File.

3.3 Credential on File Transaction Types
The Credential on File Info object applies to the following transaction types:

July 2018

Page 45 of 477

Moneris Gateway API - Integration Guide

l
l
l
l
l
l
l
l
l
l
l
l
l
l

Purchase
Pre-Authorization
Purchase with 3-D Secure – cavv_purchase
Purchase with 3-D Secure and Recurring Billing
Pre-Authorization with 3-D Secure – cavvPreauth
Purchase with Vault – ResPurchaseCC
Pre-Authorization with Vault – ResPreauthCC
Card Verification with AVS and CVD
Card Verification with Vault – ResCardVerificationCC
Vault Add Credit Card – ResAddCC
Vault Update Credit Card – ResUpdateCC
Vault Add Token – ResAddToken
Vault Tokenize Credit Card – ResTokenizeCC
Recurring Billing

NOTE: For the following transactions, the Credential on File Info object also applies, but Moneris sends the indicators on your behalf:
l
l

Re-Authorization
Level 2/3 transactions

3.4 Initial Transactions in Credential on File
When sending an initial transaction with the Credential on File Info object, i.e., a transaction request
where the cardholder's credentials are being stored for the first time, it is important to understand the
following:
l
l

l

You must send the cardholder's Card Verification Details (CVD)
Issuer ID will be sent without a value on the initial transaction, because it is received in the
response to that initial transaction; for all subsequentmerchant-intiated transactions and all
administrative transactions you send this Issuer ID
The payment information field will always be a value of 0

3.5 Vault Tokenize Credit Card and Credential on File
When you want to store cardholder credentials from previous transactions into the Vault, you use the
Vault Tokenize Credit Card transaction request. Credential on File rules require that only previous transactions with the Credential on File Info object can be tokenized to the Vault.
For more information about this transaction, see 4.3.10 Vault Tokenize Credit Card – ResTokenizeCC.

Page 46 of 477

July 2018

3 Credential on File

3.6 Credential on File and Converting Temporary Tokens
In the event you decide to convert a temporary token representing cardholder credentials into a permanent token, these credentials become stored credentials, and therefore necessary to send Credential
on File information.
For Temporary Token Add transactions where you subsequently decide to convert the temporary token
into a permanent token (stored credentials):
1. Send a transaction request that includes the Credential on File Info object to get the Issuer ID; this
can be a Card Verification, Purchase or Pre-Authorization request
2. After completing the transaction, send the Vault Add Token request with the Credential on File
object(Issuer ID only) in order to convert the temporary token to a permanent one.

3.7 Card Verification and Credential on File Transactions
In certain cases, some Credential on File transactions require the prior use of a Card Verification with
AVS and CVD transaction.
In the absence of a Purchase or Pre-Authorization, a Card Verification transaction is used to get the
unique Issuer ID value that is used in subsequent Credential on File transactions. Issuer ID is a variable
included in the nested Credential on File Info object.
For all first-time transactions, including Card Verification transactions, you must also request the cardholder's Card Verification Details (CVD). For more on CVD, see 9.2 Card Validation Digits (CVD).
For a complete list of these variables, see each transaction type or Definitions of Request Fields – Credential on File
The Card Verification request, including the Credential on File Info object, must be sent immediately prior
to storing cardholder credentials.
For information about Card Verification, see 2.10 Card Verification with AVS and CVD.

3.7.1 When to Use Card Verification With COF
If you are not sending a Purchase or Pre-Authorization transaction (i.e., you are not charging the customer immediately), you must use Card Verification (or in the case of Vault Add Token, Card Verification
with Vault) first before running the transaction in order to get the Issuer ID.
Transactions this applies to:
Vault Add Credit Card – ResAddCC
Vault Update Credit Card – ResUpdateCC
Vault Add Token – ResAddToken
Recurring Billing transactions (first in series), if:
l the first transaction does not begin immediately

July 2018

Page 47 of 477

Moneris Gateway API - Integration Guide

3.7.2 Credential on File and Vault Add Token
For Vault Add Token transactions:
1. Send Card Verification with Vault transaction request including the Credential on File object to get
the Issuer ID
2. Send the Vault Add Token request including the Credential on File object (with Issuer ID only;
other fields are not applicable)
For more on this transaction type, see 4.3.9 Vault Add Token – ResAddToken.

3.7.3 Credential on File and Vault Update Credit Card
For Vault Update Credit Card transactions where you are updating the credit card number:
1. Send Card Verification transaction request including the Credential on File object to get the
Issuer ID
2. Send the Vault Update Credit Card request including the Credential on File Info object (Issuer ID
only).
For more on this transaction type, see 4.3.3 Vault Update Credit Card – ResUpdateCC.

3.7.4 Credential on File and Vault Add Credit Card
For Vault Add Credit Card transactions:
1. Send Card Verification transaction request including the Credential on File object to get the
Issuer ID
2. Send the Vault Add Credit Card request including the Credential on File Info object (Issuer ID only)
For more on this transaction type, see 4.3.1 Vault Add Credit Card – ResAddCC.

3.7.5 Credential on File and Recurring Billing

NOTE: The value of the payment indicator field must be R when sending Recurring Billing
transactions.

For Recurring Billing transactions which are set to start immediately:
l

Send a Purchase transaction request with both the Recurring Billing and Credential on File info
objects.

For Recurring Billing transactions which are set to start on a future date:

Page 48 of 477

July 2018

3 Credential on File
1. Send Card Verification transaction request including the Credential on File info object to get the
Issuer ID
2. Send Purchase transaction request with the Recur and Credential on File info objects included
For updating a Recurring Billing series where you are updating the cardholder credentials (does not apply
if you are only modifying the schedule or amount in a recurring series):
1. Send Card Verification request including the Credential on File info object to get the Issuer ID
2. Send a Recurring Billing Update transaction
For more information about the Recurring Billing object, see Definition of Request Fields – Recurring.

July 2018

Page 49 of 477

4 Vault
l
l
l
l
l

4.1
4.2
4.3
4.4
4.5

About the Vault Transaction Set
Vault Transaction Types
Vault Administrative Transactions
Vault Financial Transactions
Hosted Tokenization

4.1 About the Vault Transaction Set
The Vault feature allows merchants to create customer profiles, edit those profiles, and use them to process transactions without having to enter financial information each time. Customer profiles store customer data essential to processing transactions, including credit and signature debit.
The Vault is a complement to the recurring payment module. It securely stores customer account information on Moneris secure servers. This allows merchants to bill customers for routine products or services
when an invoice is due.

4.2 Vault Transaction Types
The Vault API supports both administrative and financial transactions.

4.2.1 Administrative Vault Transaction types
ResAddCC
Creates a new credit card profile, and generates a unique data key which can be obtained
from the Receipt object.
This data key is the profile identifier that all future financial Vault transactions will use to associate with the saved information.
EncResAddCC
Creates a new credit card profile, but requires the card data to be either swiped or manually
keyed in via a Moneris-provided encrypted mag swipe reader.
ResTempAdd
Creates a new temporary token credit card profile. This transaction requires a duration to be
set to indicate how long the temporary token is to be stored for.
During the lifetime of this temporary token, it may be used for any other vault transaction
before it is permanently deleted from the system.
ResUpdateCC
Updates a Vault profile (based on the data key) to contain credit card information.
All information contained within a credit card profile is updated as indicated by the submitted
fields.
EncResUpdateCC
Updates a profile (based on the data key) to contain credit card information. The encrypted
version of this transaction requires the card data to either be swiped or manually keyed in via
a Moneris-provided encrypted mag swipe reader.

July 2018

Page 50 of 477

Moneris Gateway API - Integration Guide
ResDelete
Deletes an existing Vault profile of any type using the unique data key that was assigned when
the profile was added.
It is important to note that after a profile is deleted, the information which was saved within
can no longer be retrieved.
ResLookupFull
Verifies what is currently saved under the Vault profile associated with the given data key. The
response to this transaction returns the latest active data for that profile.
Unlike ResLookupMasked (which returns the masked credit card number), this transaction
returns both the masked and the unmasked credit card numbers.
ResLookupMasked
Verifies what is currently saved under the Vault profile associated with the given data key. The
response to this transaction returns the latest active data for that profile.
Unlike ResLookupFull (which only returns both the masked and the unmasked credit card
numbers), this transaction only returns the masked credit card number.
ResGetExpiring
Verifies which profiles have credit cards that are expiring during the current and next calendar
month. For example, if you are processing this transaction on September 30, then it will
return all cards that expire(d) in September and October of this year.
When generating a list of profiles with expiring credit cards, only the masked credit card numbers are returned.
This transaction can be performed no more than 2 times on any given calendar day, and it
only applies to credit card profiles.
ResIscorporatecard
Determines whether a profile has a corporate card registered within it.
After sending the transaction, the response field to the Receipt object's getCorporateCard
method is either true or false depending on whether the associated card is a corporate
card.
ResAddToken
Converts a Hosted Tokenization temporary token to a permanent Vault token.
A temporary token is valid for 15 minutes after it is created.
ResTokenizeCC
Creates a new credit card profile using the credit card number, expiry date and e-commerce
indicator that were submitted in a previous financial transaction. A transaction that was previously done in Moneris Gateway is taken, and the card data from that transaction is stored
in the Moneris Vault.
As with ResAddCC, a unique data key is generated and returned to the merchant via the
Receipt object. This is the profile identifier that all future financial Vault transactions will use to
associate with the saved information.

Page 51 of 477

July 2018

4 Vault

4.2.2 Financial Vault Transaction types
ResPurchaseCC
Uses the data key to identify a previously registered credit card profile. The details saved
within the profile are then submitted to perform a Purchase transaction.
ResPreauthCC
Uses the data key to identify a previously registered credit card profile. The details within the
profile are submitted to perform a Pre-Authorization transaction.
ResIndRefundCC
Uses the unique data key to identify a previously registered credit card profile, and credits a
specified amount to that credit card.
ResMpiTxn
Uses the data key (as opposed to a credit card number) in a VBV/SecureCode Txn MPI transaction. The merchant uses the data key with ResMpiTxn request, and then reads the
response fields to verify whether the card is enrolled in Verified by Visa or MasterCard
SecureCode. Retrieves the vault transaction value to pass on to Visa or MasterCard.
After it has been validated that the data key is is enrolled in 3-D Secure, a window appears in
which the customer can enter the 3-D Secure password. The merchant may initiate the forming of the validation form getMpiInLineForm().
For more information on integrating with MonerisMPI, refer to 8 MPI

4.3 Vault Administrative Transactions
Administrative transactions allow you to perform such tasks as creating new Vault profiles, deleting existing Vault profiles and updating profile information.
Some Vault Administrative Transactions require the Credential on File object to be sent with the issuer ID
field only.

4.3.1 Vault Add Credit Card – ResAddCC
ResAddCC transaction object definition
$txnArray = array(‘type’=>’res_add_cc', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for ResAddCC transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

ResAddCC transaction values
For a full description of mandatory and optional values, see Appendix A Definitions of Request Fields

July 2018

Page 52 of 477

Moneris Gateway API - Integration Guide
Table 20: Vault Add Credit Card transaction object mandatory values
Value

Type

Limits

Set method

Credit card number

String

20-character alphanumeric

'pan'=>$pan

Expiry date

String

4-character alphanumeric

'expdate'=>$expiry_date

(YYMM format)
E-commerce indicator

String

1-character alphanumeric

Credential on File Info

Object

N/A

'crypt_type'=>$crypt

$mpgTxn->setCofInfo($cof);

cof
NOTE: This is a nested
object within the transaction, and required
when storing or using
the customer's stored
credentials. The Credential on File Info
object has its own
request variables, listed in blue in the table
below, "Credential on
File Object Request
Variables".

Table 21: Vault Add Credit Card transaction optional values
Value

Type

Limits

Set method

Customer ID

String

50-character alphanumeric

'cust_id'=>$cust_id

AVS information

Object

N/A

$mpgTxn->setAvsInfo
($mpgAvsInfo);

Email address

String

30-character alphanumeric

'email'=>$email

Page 53 of 477

July 2018

4 Vault
Table 21: Vault Add Credit Card transaction optional values
Value

Type

Limits

Set method

Phone number

String

30-character alphanumeric

'phone'=>$phone

Note

String

30-character alphanumeric

'note'=>$note

Data key format1

String

2-character alphanumeric

'data_key_format'=>$data_
key_format

Credential on File Transaction Object Request Fields
Value
Issuer ID

Type
String

NOTE: This variable is
required for all merchant-intiated transactions following the
first one; upon sending
the first transaction,
the Issuer ID value is
received in the transaction response and
then used in subsequent transaction
requests (Issuer ID
does not apply for Discover or Union Pay).

Limits
15-character alphanumeric

Set Method
$cof->setIssuerId("VALUE_
FOR_ISSUER_ID");

variable length
NOTE: For a list and explanation of the
possible values to send for this variable,
see Definitions of Request Fields – Credential on File

Sample Vault Add Credit Card
$type,
'cust_id'=>$cust_id,
'phone'=>$phone,
'email'=>$email,
'note'=>$note,
'pan'=>$pan,
'expdate'=>$expiry_date,
//'data_key_format'=>$data_key_format, //optional
'crypt_type'=>$crypt_type
);
/********************** AVS Associative Array *********************************/
$avsTemplate = array(
'avs_street_number' => $avs_street_number,
'avs_street_name' => $avs_street_name,
'avs_zipcode' => $avs_zipcode
);
/************************** AVS Object ***************************************/
$mpgAvsInfo = new mpgAvsInfo ($avsTemplate);
/******************* Credential on File **********************************/
$cof = new CofInfo();
$cof->setIssuerId("139X3130ASCXAS9");
/**************************** Transaction Object *****************************/
$mpgTxn = new mpgTransaction($txnArray);
$mpgTxn->setAvsInfo($mpgAvsInfo);
$mpgTxn->setCofInfo($cof);
/****************************** Request Object *******************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/***************************** HTTPS Post Object *****************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/******************************* Response ************************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nDataKey = " . $mpgResponse->getDataKey());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
print("\nResSuccess = " . $mpgResponse->getResSuccess());
print("\nPaymentType = " . $mpgResponse->getPaymentType());
print("\nIssuerId = " . $mpgResponse->getIssuerId());
//----------------- ResolveData -----------------------------print("\n\nCust ID = " . $mpgResponse->getResDataCustId());
print("\nPhone = " . $mpgResponse->getResDataPhone());
print("\nEmail = " . $mpgResponse->getResDataEmail());

Page 55 of 477

July 2018

4 Vault

Sample Vault Add Credit Card
print("\nNote = " . $mpgResponse->getResDataNote());
print("\nMasked Pan = " . $mpgResponse->getResDataMaskedPan());
print("\nExp Date = " . $mpgResponse->getResDataExpDate());
print("\nCrypt Type = " . $mpgResponse->getResDataCryptType());
print("\nAvs Street Number = " . $mpgResponse->getResDataAvsStreetNumber());
print("\nAvs Street Name = " . $mpgResponse->getResDataAvsStreetName());
print("\nAvs Zipcode = " . $mpgResponse->getResDataAvsZipcode());
?>

Vault response fields
For a list and explanation of (Receipt object) response fields that are available after sending this Vault
transaction, see Definitions of Response Fields (page 438).

4.3.1.1 Vault Data Key
The ResAddCC sample code includes the following instruction from the Receipt object:
print("\nDataKey = " . $mpgResponse->getDataKey());

The data key response field is populated when you send a Vault Add Credit Card – ResAddCC (page 52),
Vault Encrypted Add Credit Card - EncResAddCC (page 56), Vault Tokenize Credit Card – ResTokenizeCC
(page 81), Vault Temporary Token Add – ResTempAdd (page 59) or Vault Add Token – ResAddToken
(page 77) transaction. It is the profile identifier that all future financial Vault transactions will use to associate with the saved information.
The data key is a maximum 28-character alphanumeric string.

4.3.1.2 Vault Encrypted Add Credit Card - EncResAddCC
Vault Encrypted Add Credit Card transaction object definition
$txnArray = array(‘type’=>’enc_res_add_cc', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Vault Encrypted Add Credit Card transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Vault Encrypted Add Credit Card transaction values
For a full description of mandatory and optional values, see Appendix A Definitions of Request Fields

July 2018

Page 56 of 477

Moneris Gateway API - Integration Guide
Table 22: Vault Encrypted Add Credit Card transaction object mandatory values
Value

Type

Limits

Set method

Encrypted Track2 data

String

40-character numeric

'enc_track2'=>$enc_track2

Device type

String

30-character alphanumeric

'device_type'=>$device_type

E-commerce indicator

String

1-character alphanumeric

'crypt_type'=>$crypt

Table 23: Vault Encrypted Add Credit Card transaction optional values
Value

Type

Limits

Set method

Customer ID

String

50-character alphanumeric

'cust_id'=>$cust_id

AVS information

Object

Not applicable. Click
hereSee 9.1 (page 282).

$mpgTxn->setAvsInfo
($mpgAvsInfo);

Email address

String

30-character alphanumeric

'email'=>$email

Phone number

String

30-character alphanumeric

enc_res_add_cc
'phone'=>$phone

Note

String

30-character alphanumeric

'note'=>$note

Data key format1

String

2-character alphanumeric

'data_key_format'=>$data_
key_format

Sample Vault Encrypted Add Credit Card - CA
$type,
'cust_id'=>$cust_id,
'phone'=>$phone,
'email'=>$email,
'note'=>$note,
'enc_track2'=>$enc_track2,
'device_type'=>$device_type,
//'data_key_format'=>$data_key_format, //optional
'crypt_type'=>$crypt_type
);
/********************** AVS Associative Array *********************************/
$avsTemplate = array(
'avs_street_number' => $avs_street_number,
'avs_street_name' => $avs_street_name,
'avs_zipcode' => $avs_zipcode
);
/************************** AVS Object ***************************************/
$mpgAvsInfo = new mpgAvsInfo ($avsTemplate);
/**************************** Transaction Object *****************************/
$mpgTxn = new mpgTransaction($txnArray);
$mpgTxn->setAvsInfo($mpgAvsInfo);
/****************************** Request Object *******************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/***************************** HTTPS Post Object *****************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/******************************* Response ************************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nDataKey = " . $mpgResponse->getDataKey());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
print("\nResSuccess = " . $mpgResponse->getResSuccess());
print("\nPaymentType = " . $mpgResponse->getPaymentType());
//----------------- ResolveData -----------------------------print("\n\nCust ID = " . $mpgResponse->getResDataCustId());
print("\nPhone = " . $mpgResponse->getResDataPhone());
print("\nEmail = " . $mpgResponse->getResDataEmail());
print("\nNote = " . $mpgResponse->getResDataNote());
print("\nMasked Pan = " . $mpgResponse->getResDataMaskedPan());
print("\nExp Date = " . $mpgResponse->getResDataExpDate());
print("\nCrypt Type = " . $mpgResponse->getResDataCryptType());
print("\nAvs Street Number = " . $mpgResponse->getResDataAvsStreetNumber());
print("\nAvs Street Name = " . $mpgResponse->getResDataAvsStreetName());
print("\nAvs Zipcode = " . $mpgResponse->getResDataAvsZipcode());
?>

July 2018

Page 58 of 477

Moneris Gateway API - Integration Guide

Vault response fields
For a list and explanation of (Receipt object) response fields that are available after sending this Vault
transaction, see Definitions of Response Fields (page 438).

4.3.2 Vault Temporary Token Add – ResTempAdd
Creates a new temporary token credit card profile. This transaction requires a duration to be set to indicate how long the temporary token is to be stored for.
During the lifetime of this temporary token, it may be used for any other Vault transaction before it is permanently deleted from the system.
Things to Consider:
l

The duration, or lifetime, of the temporary token can be set to be a maximum of 15
minutes.

Vault Temporary Token Add transaction object definition
$txnArray = array(‘type’=>’res_temp_add', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Vault Temporary Token Add transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Vault Temporary Token Add transaction values
For a full description of mandatory and optional values, see Appendix A Definitions of Request Fields
Table 24: Vault Temporary Token Add transaction object mandatory values
Value

Type

Limits

Set method

Credit card number

String

20-character numeric

'pan'=>$pan

Expiry date

String

4-character numeric

'expdate'=>$expiry_date

Duration

String

3-character numeric

'duration'=>$duration

maximum 15 minutes
E-commerce indicator

Page 59 of 477

String

1-character alpha-

'crypt_type'=>$crypt

July 2018

4 Vault

Value

Type

Limits

Set method

numeric
Table 25: Vault Temporary Token Add transaction optional values
Value
Data key format1

Type
String

Limits
2-character alphanumeric

Set method
'data_key_format'=>$data_
key_format

Sample Vault Temporary Token Add
$type,
'pan'=>$pan,
'expdate'=>$expiry_date,
'duration'=>$duration,
//'data_key_format'=>$data_key_format, //optional
'crypt_type'=>$crypt_type
);
/**************************** Transaction Object *****************************/
$mpgTxn = new mpgTransaction($txnArray);
/****************************** Request Object *******************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/***************************** HTTPS Post Object *****************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/******************************* Response ************************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nDataKey = " . $mpgResponse->getDataKey());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
print("\nResSuccess = " . $mpgResponse->getResSuccess());
print("\nPaymentType = " . $mpgResponse->getPaymentType());
//----------------- ResolveData -----------------------------print("\n\Masked Pan = " . $mpgResponse->getResDataMaskedPan());

1Available to Canadian integrations only.

July 2018

Page 60 of 477

Moneris Gateway API - Integration Guide

Sample Vault Temporary Token Add
print("\nExp Date = " . $mpgResponse->getResDataExpDate());
?>
'crypt_type'=>$crypt_type
);
/**************************** Transaction Object *****************************/
$mpgTxn = new mpgTransaction($txnArray);
/****************************** Request Object *******************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/***************************** HTTPS Post Object *****************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/******************************* Response ************************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nDataKey = " . $mpgResponse->getDataKey());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
print("\nResSuccess = " . $mpgResponse->getResSuccess());
print("\nPaymentType = " . $mpgResponse->getPaymentType());
//----------------- ResolveData -----------------------------print("\n\Masked Pan = " . $mpgResponse->getResDataMaskedPan());
print("\nExp Date = " . $mpgResponse->getResDataExpDate());
?>

Vault response fields
For a list and explanation of (Receipt object) response fields that are available after sending this Vault
transaction, see Definitions of Response Fields (page 438).

4.3.3 Vault Update Credit Card – ResUpdateCC
Things to Consider:
l

l

l

Updates a Vault profile (based on the data key) to contain credit card information. All
information contained within a credit card profile is updated as indicated by the submitted fields.
This will update a profile to contain Credit Card information by referencing the profile’s
unique data_key. If the profile which is being updated was already a Credit Card profile,
all information contained within it will simply be updated as indicated by the submitted
fields. This means that all fields are optional, and only those fields that are submitted
will be updated.
To update a specific field on the profile, only set that specific element using the corresponding set method.

Page 61 of 477

July 2018

4 Vault

Vault Update Credit Card transaction object definition
$txnArray = array(‘type’=>’res_update_cc', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Vault Update Credit Card transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Vault Update Credit Card transaction values
For a full description of mandatory and optional values, see Appendix A Definitions of Request Fields
Table 26: Vault Update Credit Card transaction object mandatory values
Value

Type

Data key

String

Limits
25-character alphanumeric

Set method
'data_key'=>$data_key

Optional values that are submitted to the ResUpdateCC object are updated. Unsubmitted optional values (with one exception) remain unchanged. This allows you to change only the fields you want.
The exception is that if you are making changes to the payment type, all of the variables in the optional
values table below must be submitted.
If you update a profile to a different payment type, it is automatically deactivated and a new credit card
profile is created and assigned to the data key. The only values from the prior profile that will remain
unchanged are the customer ID, phone number, email address, and note.
EXAMPLE: If a profile contains AVS information, but a ResUpdateCC transaction is submitted without an AVSInfo object, the existing AVSInfo details are deactivated and the new
credit card information is registered without AVS.
Table 27: Vault Update Credit Card transaction optional values
Value

Type

Limits

Set method

Credit card number

String

20-character alphanumeric

'pan'=>$pan

Expiry date

String

4-character alphanumeric

'expdate'=>$expiry_date

(YYMM format)
E-commerce indicator

July 2018

String

1-character alphanumeric

'crypt_type'=>$crypt

Page 62 of 477

Moneris Gateway API - Integration Guide

Value

Type

Limits

Set method

Customer ID

String

50-character alphanumeric

'cust_id'=>$cust_id

AVS information

Object

n/a

$mpgTxn->setAvsInfo
($mpgAvsInfo);

Email address

String

30-character alphanumeric

'email'=>$email

Phone number

String

30-character alphanumeric

'phone'=>$phone

Note

String

30-character alphanumeric

'note'=>$note

Credential on File Info

Object

N/A

$mpgTxn->setCofInfo($cof);

cof
NOTE: This is a nested
object within the transaction, and required
when storing or using
the customer's stored
credentials. The Credential on File Info
object has its own
request variables, listed in blue in the table
below, "Credential on
File Object Request
Variables".

Page 63 of 477

July 2018

4 Vault

Credential on File Transaction Object Request Fields
Value
Issuer ID
NOTE: This variable is
required for all merchant-intiated transactions following the
first one; upon sending
the first transaction,
the Issuer ID value is
received in the transaction response and
then used in subsequent transaction
requests (Issuer ID
does not apply for Discover or Union Pay).

Type
String

Limits
15-character alphanumeric

Set Method
$cof->setIssuerId("VALUE_
FOR_ISSUER_ID");

variable length
NOTE: For a list and explanation of the
possible values to send for this variable,
see Definitions of Request Fields – Credential on File

Sample Vault Update Credit Card
$type,
'data_key'=>$data_key,
'cust_id'=>$cust_id,
'phone'=>$phone,
'email'=>$email,
'note'=>$note,
'pan'=>$pan,
'expdate'=>$expiry_date,
'crypt_type'=>$crypt_type
);
/********************** AVS Associative Array *********************************/
$avsTemplate = array(

July 2018

Page 64 of 477

Moneris Gateway API - Integration Guide

Sample Vault Update Credit Card
'avs_street_number' => $avs_street_number,
'avs_street_name' => $avs_street_name,
'avs_zipcode' => $avs_zipcode
);
/************************** AVS Object ***************************************/
$mpgAvsInfo = new mpgAvsInfo ($avsTemplate);
/******************* Credential on File **********************************/
$cof = new CofInfo();
$cof->setIssuerId("168451306048014");
/**************************** Transaction Object *****************************/
$mpgTxn = new mpgTransaction($txnArray);
$mpgTxn->setAvsInfo($mpgAvsInfo);
$mpgTxn->setCofInfo($cof);
/****************************** Request Object *******************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/***************************** HTTPS Post Object *****************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/******************************* Response ************************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nDataKey = " . $mpgResponse->getDataKey());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
print("\nResSuccess = " . $mpgResponse->getResSuccess());
print("\nPaymentType = " . $mpgResponse->getPaymentType());
//----------------- ResolveData -----------------------------print("\n\nCust ID = " . $mpgResponse->getResDataCustId());
print("\nPhone = " . $mpgResponse->getResDataPhone());
print("\nEmail = " . $mpgResponse->getResDataEmail());
print("\nNote = " . $mpgResponse->getResDataNote());
print("\nMasked Pan = " . $mpgResponse->getResDataMaskedPan());
print("\nExp Date = " . $mpgResponse->getResDataExpDate());
print("\nCrypt Type = " . $mpgResponse->getResDataCryptType());
print("\nAvs Street Number = " . $mpgResponse->getResDataAvsStreetNumber());
print("\nAvs Street Name = " . $mpgResponse->getResDataAvsStreetName());
print("\nAvs Zipcode = " . $mpgResponse->getResDataAvsZipcode());
?>

Vault response fields
For a list and explanation of (Receipt object) response fields that are available after sending this Vault
transaction, see Definitions of Response Fields (page 438).

4.3.3.1 Vault Encrypted Update CC - EncResUpdateCC
Vault Encrypted Update CC transaction object definition
$txnArray = array(‘type’=>’enc_res_update_cc', …);
$mpgTxn = new mpgTransaction($txnArray);

Page 65 of 477

July 2018

4 Vault

HttpsPostRequest object for Vault Encrypted Update CC transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Vault Encrypted Update CC transaction values
For a full description of mandatory and optional values, see Appendix A Definitions of Request Fields
Table 28: Vault Encrypted Update CC transaction object mandatory values
Value

Type

Limits

Set method

Data key

String

25-character alphanumeric

'data_key'=>$data_key

Encrypted Track2 data

String

Variable length

'enc_track2'=>$enc_track2

Device type

String

30-character alphanumeric

'device_type'=>$device_type

Optional values that are submitted to the ResUpdateCC object are updated, while unsubmitted optional
values (with one exception) remain unchanged. This allows you to change only the fields you want.
The exception is that if you are making changes to the payment type, all of the variables in the optional
values table below must be submitted.
If you update a profile to a different payment type, it is automatically deactivated and a new credit card
profile is created and assigned to the data key. The only values from the prior profile that will remain
unchanged are the customer ID, phone number, email address, and note.
EXAMPLE: If a profile contains AVS information, but a ResUpdateCC transaction is submitted without an AVSInfo object, the existing AVSInfo details are deactivated and the new
credit card information is registered without AVS.
Table 29: Vault Encrypted Update CC transaction optional values
Value

Type

E-commerce indicator

String

1-character alphanumeric

'crypt_type'=>$crypt

Customer ID

String

50-character alphanumeric

'cust_id'=>$cust_id

AVS information

Object

Not applicable. Click
hereSee 9.1 (page 282).

$mpgTxn->setAvsInfo
($mpgAvsInfo);

July 2018

Limits

Set method

Page 66 of 477

Moneris Gateway API - Integration Guide

Value

Type

Limits

Set method

Email address

String

30-character alphanumeric

'email'=>$email

Phone number

String

30-character alphanumeric

'phone'=>$phone

Note

String

30-character alphanumeric

'note'=>$note

Sample Vault Encrypted Update CC - CA
$type,
'data_key'=>$data_key,
'cust_id'=>$cust_id,
'phone'=>$phone,
'email'=>$email,
'note'=>$note,
'enc_track2'=>$enc_track2,
'device_type'=>$device_type,
'crypt_type'=>$crypt_type
);
/********************** AVS Associative Array *********************************/
$avsTemplate = array(
'avs_street_number' => $avs_street_number,
'avs_street_name' => $avs_street_name,
'avs_zipcode' => $avs_zipcode
);
/************************** AVS Object ***************************************/
$mpgAvsInfo = new mpgAvsInfo ($avsTemplate);
/**************************** Transaction Object *****************************/
$mpgTxn = new mpgTransaction($txnArray);
$mpgTxn->setAvsInfo($mpgAvsInfo);
/****************************** Request Object *******************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions

Page 67 of 477

July 2018

4 Vault

Sample Vault Encrypted Update CC - CA
/***************************** HTTPS Post Object *****************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/******************************* Response ************************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nDataKey = " . $mpgResponse->getDataKey());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
print("\nResSuccess = " . $mpgResponse->getResSuccess());
print("\nPaymentType = " . $mpgResponse->getPaymentType());
//----------------- ResolveData -----------------------------print("\n\nCust ID = " . $mpgResponse->getResDataCustId());
print("\nPhone = " . $mpgResponse->getResDataPhone());
print("\nEmail = " . $mpgResponse->getResDataEmail());
print("\nNote = " . $mpgResponse->getResDataNote());
print("\nMasked Pan = " . $mpgResponse->getResDataMaskedPan());
print("\nExp Date = " . $mpgResponse->getResDataExpDate());
print("\nCrypt Type = " . $mpgResponse->getResDataCryptType());
print("\nAvs Street Number = " . $mpgResponse->getResDataAvsStreetNumber());
print("\nAvs Street Name = " . $mpgResponse->getResDataAvsStreetName());
print("\nAvs Zipcode = " . $mpgResponse->getResDataAvsZipcode());
?>

Vault response fields
For a list and explanation of (Receipt object) response fields that are available after sending this Vault
transaction, see Definitions of Response Fields (page 438).

4.3.4 Vault Delete - ResDelete

NOTE: After a profile has been deleted, the details can no longer be retrieved.

Vault Delete transaction object definition
$txnArray = array(‘type’=>’res_delete', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Vault Delete transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Vault Delete transaction values
For a full description of mandatory and optional values, see Appendix A Definitions of Request Fields

July 2018

Page 68 of 477

Moneris Gateway API - Integration Guide
Table 30: Vault Delete transaction object mandatory values
Value
Data key

Page 69 of 477

Type
String

Limits
25-character alphanumeric

Set method
'data_key'=>$data_key

July 2018

4 Vault

Sample Vault Delete
$type,
'data_key'=>$data_key
);
/**************************** Transaction Object *****************************/
$mpgTxn = new mpgTransaction($txnArray);
/****************************** Request Object *******************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/***************************** HTTPS Post Object *****************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/******************************* Response ************************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nDataKey = " . $mpgResponse->getDataKey());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
print("\nResSuccess = " . $mpgResponse->getResSuccess());
print("\nPaymentType = " . $mpgResponse->getPaymentType());
//----------------- ResolveData -----------------------------print("\n\nCust ID = " . $mpgResponse->getResDataCustId());
print("\nPhone = " . $mpgResponse->getResDataPhone());
print("\nEmail = " . $mpgResponse->getResDataEmail());
print("\nNote = " . $mpgResponse->getResDataNote());
print("\nMasked Pan = " . $mpgResponse->getResDataMaskedPan());
print("\nExp Date = " . $mpgResponse->getResDataExpDate());
print("\nCrypt Type = " . $mpgResponse->getResDataCryptType());
print("\nAvs Street Number = " . $mpgResponse->getResDataAvsStreetNumber());
print("\nAvs Street Name = " . $mpgResponse->getResDataAvsStreetName());
print("\nAvs Zipcode = " . $mpgResponse->getResDataAvsZipcode());
?>

Vault response fields
For a list and explanation of (Receipt object) response fields that are available after sending this Vault
transaction, see Definitions of Response Fields (page 438).

4.3.5 Vault Lookup Full - ResLookupFull
Vault Lookup Full transaction object definition
$txnArray = array(‘type’=>’res_lookup_full', …);

July 2018

Page 70 of 477

Moneris Gateway API - Integration Guide
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Vault Lookup Full transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Vault Lookup Full transaction values
Table 31: Vault Lookup Full transaction object mandatory values
Value
Data key

Type
String

Limits
25-character alphanumeric

Set method
'data_key'=>$data_key

Sample Vault Lookup Full
$type,
'data_key'=>$data_key
);
/**************************** Transaction Object *****************************/
$mpgTxn = new mpgTransaction($txnArray);
/****************************** Request Object *******************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/***************************** HTTPS Post Object *****************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/******************************* Response ************************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nDataKey = " . $mpgResponse->getDataKey());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
print("\nResSuccess = " . $mpgResponse->getResSuccess());
print("\nPaymentType = " . $mpgResponse->getPaymentType());
//----------------- ResolveData -----------------------------print("\n\nCust ID = " . $mpgResponse->getResDataCustId());
print("\nPhone = " . $mpgResponse->getResDataPhone());
print("\nEmail = " . $mpgResponse->getResDataEmail());
print("\nNote = " . $mpgResponse->getResDataNote());

Page 71 of 477

July 2018

4 Vault

Sample Vault Lookup Full
print("\nPan = " . $mpgResponse->getResDataPan());
print("\nMasked Pan = " . $mpgResponse->getResDataMaskedPan());
print("\nExp Date = " . $mpgResponse->getResDataExpDate());
print("\nCrypt Type = " . $mpgResponse->getResDataCryptType());
print("\nAvs Street Number = " . $mpgResponse->getResDataAvsStreetNumber());
print("\nAvs Street Name = " . $mpgResponse->getResDataAvsStreetName());
print("\nAvs Zipcode = " . $mpgResponse->getResDataAvsZipcode());
?>

Vault response fields
For a list and explanation of (Receipt object) response fields that are available after sending this Vault
transaction, see Definitions of Response Fields (page 438).

4.3.6 Vault Lookup Masked - ResLookupMasked
Vault Lookup Masked transaction object definition
$txnArray = array(‘type’=>’res_lookup_masked', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Vault Lookup Masked transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Vault Lookup Masked transaction values
For a full description of mandatory and optional values, see Appendix A Definitions of Request Fields
Table 32: Vault Lookup Masked transaction object mandatory values
Value
Data key

Type
String

Limits
25-character alphanumeric

Set method
'data_key'=>$data_key

Sample Vault Lookup Masked - CA
$type,
'data_key'=>$data_key
);
/**************************** Transaction Object *****************************/
$mpgTxn = new mpgTransaction($txnArray);
/****************************** Request Object *******************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/***************************** HTTPS Post Object *****************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/******************************* Response ************************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nDataKey = " . $mpgResponse->getDataKey());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
print("\nResSuccess = " . $mpgResponse->getResSuccess());
print("\nPaymentType = " . $mpgResponse->getPaymentType());
//----------------- ResolveData -----------------------------print("\n\nCust ID = " . $mpgResponse->getResDataCustId());
print("\nPhone = " . $mpgResponse->getResDataPhone());
print("\nEmail = " . $mpgResponse->getResDataEmail());
print("\nNote = " . $mpgResponse->getResDataNote());
print("\nMasked Pan = " . $mpgResponse->getResDataMaskedPan());
print("\nExp Date = " . $mpgResponse->getResDataExpDate());
print("\nCrypt Type = " . $mpgResponse->getResDataCryptType());
print("\nAvs Street Number = " . $mpgResponse->getResDataAvsStreetNumber());
print("\nAvs Street Name = " . $mpgResponse->getResDataAvsStreetName());
print("\nAvs Zipcode = " . $mpgResponse->getResDataAvsZipcode());
?>

Vault response fields
For a list and explanation of (Receipt object) response fields that are available after sending this Vault
transaction, see Definitions of Response Fields (page 438).

4.3.7 Vault Get Expiring - ResGetExpiring
Vault Get Expiring transaction object definition
$txnArray = array(‘type’=>’res_get_expiring', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Vault Get Expiring transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Page 73 of 477

July 2018

4 Vault

Vault Get Expiring transaction values
ResGetExpiring transaction object mandatory values: None.

July 2018

Page 74 of 477

Moneris Gateway API - Integration Guide

Sample Vault Get Expiring - CA
$type );
/**************************** Transaction Object *****************************/
$mpgTxn = new mpgTransaction($txnArray);
/****************************** Request Object *******************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/***************************** HTTPS Post Object *****************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/******************************* Response ************************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nDataKey = " . $mpgResponse->getDataKey());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
print("\nResSuccess = " . $mpgResponse->getResSuccess());
print("\nPaymentType = " . $mpgResponse->getPaymentType());
//----------------- ResolveData -----------------------------$DataKeys = $mpgResponse->getDataKeys();
for($i=0; $i < count($DataKeys); $i++)
{
$mpgResponse->setResolveData($DataKeys[$i]);
print("\n\nData Key = " . $DataKeys[$i]);
print("\nCust ID = " . $mpgResponse->getResDataCustId());
print("\nPhone = " . $mpgResponse->getResDataPhone());
print("\nEmail = " . $mpgResponse->getResDataEmail());
print("\nNote = " . $mpgResponse->getResDataNote());
print("\nMasked Pan = " . $mpgResponse->getResDataMaskedPan());
print("\nExp Date = " . $mpgResponse->getResDataExpDate());
print("\nCrypt Type = " . $mpgResponse->getResDataCryptType());
print("\nAvs Street Number = " . $mpgResponse->getResDataAvsStreetNumber());
print("\nAvs Street Name = " . $mpgResponse->getResDataAvsStreetName());
print("\nAvs Zipcode = " . $mpgResponse->getResDataAvsZipcode());
}
?>

Vault response fields
For a list and explanation of (Receipt object) response fields that are available after sending this Vault
transaction, see Definitions of Response Fields (page 438).

Page 75 of 477

July 2018

4 Vault

4.3.8 Vault Is Corporate Card - ResIscorporateCard
Vault Is Corporate Card transaction object definition
$txnArray = array(‘type’=>’res_iscorporatecard', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Vault Is Corporate Card transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Vault Is Corporate Card transaction values
Table 33: Vault Is Corporate Card transaction object mandatory values
Value
Data key

Type
String

Limits
25-character alphanumeric

Set method
'data_key'=>$data_key

Sample Vault Is Corporate Card - CA
$type,
'data_key'=>$data_key
);
/**************************** Transaction Object *****************************/
$mpgTxn = new mpgTransaction($txnArray);
/****************************** Request Object *******************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/***************************** HTTPS Post Object *****************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/******************************* Response ************************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nDataKey = " . $mpgResponse->getDataKey());
print("\nCorporateCard = " . $mpgResponse->getCorporateCard());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());

July 2018

Page 76 of 477

Moneris Gateway API - Integration Guide

Sample Vault Is Corporate Card - CA
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
print("\nResSuccess = " . $mpgResponse->getResSuccess());
print("\nPaymentType = " . $mpgResponse->getPaymentType());
?>

Vault response fields
For a list and explanation of (Receipt object) response fields that are available after sending this Vault
transaction, see Definitions of Response Fields (page 438).

4.3.9 Vault Add Token – ResAddToken
Things to Consider:
l

l

l

This transaction is used to convert a temporary token into a permanent token for storage in the Moneris Vault
If you intend to store the token for use in future transactions (i.e., Credential on File
transactions), first you must send either a Vault financial transaction (Purchase
with Vault or Pre-Authorization with Vault) or a Card Verification with Vault in order to
get the Issuer ID
The Vault Add Token request uses the Issuer ID to indicate that it is referencing stored
credentials

Vault Add Token transaction object definition
$txnArray = array(‘type’=>’res_add_token', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Vault Add Token transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Vault Add Token transaction values
For a full description of mandatory and optional values, see Appendix A Definitions of Request Fields

Page 77 of 477

July 2018

4 Vault
Table 34: Vault Add Token transaction object mandatory values
Value

Type

Limits

Set method

Data key

String

28-character alphanumeric

'data_key'=>$data_key

E-commerce indicator

String

1-character alphanumeric

'crypt_type'=>$crypt

Credential on File Info

Object

N/A

$mpgTxn->setCofInfo($cof);

cof
NOTE: This is a nested
object within the transaction, and required
when storing or using
the customer's stored
credentials. The Credential on File Info
object has its own
request variables, listed in blue in the table
below, "Credential on
File Object Request
Variables".

Table 35: Vault Add Token transaction optional values
Value

Type

Limits

Set method

Customer ID

String

50-character alphanumeric

'cust_id'=>$cust_id

AVS information

Object

N/A

$mpgTxn->setAvsInfo
($mpgAvsInfo);

Email address

String

30-character alphanumeric

'email'=>$email

July 2018

Page 78 of 477

Moneris Gateway API - Integration Guide

Value

Type

Limits

Set method

Phone number

String

30-character alphanumeric

'phone'=>$phone

Note

String

30-character alphanumeric

'note'=>$note

Data key format1

String

2-character alphanumeric

'data_key_format'=>$data_
key_format

Credential on File Transaction Object Request Fields
Value
Issuer ID

Type
String

NOTE: This variable is
required for all merchant-intiated transactions following the
first one; upon sending
the first transaction,
the Issuer ID value is
received in the transaction response and
then used in subsequent transaction
requests (Issuer ID
does not apply for Discover or Union Pay).

Limits
15-character numeric
variable length

Set Method
$cof->setIssuerId("VALUE_
FOR_ISSUER_ID");
NOTE: For a list and explanation of the
possible values to send for this variable,
see Definitions of Request Fields – Credential on File

Sample Vault Add Token
$type,
'data_key'=>$temp_data_key,
'cust_id'=>$cust_id,
'phone'=>$phone,
'email'=>$email,
'note'=>$note,
'expdate'=>$expiry_date,
//'data_key_format'=>$data_key_format, //optional
'crypt_type'=>$crypt_type
);
/********************** AVS Associative Array *********************************/
$avsTemplate = array(
'avs_street_number' => $avs_street_number,
'avs_street_name' => $avs_street_name,
'avs_zipcode' => $avs_zipcode
);
/************************** AVS Object ***************************************/
$mpgAvsInfo = new mpgAvsInfo ($avsTemplate);
/******************* Credential on File **********************************/
$cof = new CofInfo();
$cof->setIssuerId("168451306048014");
/**************************** Transaction Object *****************************/
$mpgTxn = new mpgTransaction($txnArray);
$mpgTxn->setAvsInfo($mpgAvsInfo);
$mpgTxn->setCofInfo($cof);
/****************************** Request Object *******************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/***************************** HTTPS Post Object *****************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/******************************* Response ************************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nDataKey = " . $mpgResponse->getDataKey());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
print("\nResSuccess = " . $mpgResponse->getResSuccess());
print("\nPaymentType = " . $mpgResponse->getPaymentType());
print("\nIssuerId = " . $mpgResponse->getIssuerId());
//----------------- ResolveData -----------------------------print("\n\nCust ID = " . $mpgResponse->getResDataCustId());
print("\nPhone = " . $mpgResponse->getResDataPhone());
print("\nEmail = " . $mpgResponse->getResDataEmail());
print("\nNote = " . $mpgResponse->getResDataNote());
print("\nMasked Pan = " . $mpgResponse->getResDataMaskedPan());
print("\nExp Date = " . $mpgResponse->getResDataExpDate());
print("\nCrypt Type = " . $mpgResponse->getResDataCryptType());
print("\nAvs Street Number = " . $mpgResponse->getResDataAvsStreetNumber());
print("\nAvs Street Name = " . $mpgResponse->getResDataAvsStreetName());
print("\nAvs Zipcode = " . $mpgResponse->getResDataAvsZipcode());
?>

July 2018

Page 80 of 477

Moneris Gateway API - Integration Guide

Vault response fields
For a list and explanation of (Receipt object) response fields that are available after sending this Vault
transaction, see Definitions of Response Fields (page 438).

4.3.10 Vault Tokenize Credit Card – ResTokenizeCC
Creates a new credit card profile using the credit card number, expiry date and e-commerce indicator
that were submitted in a previous financial transaction. Previous transactions to be tokenized must have
included the Credential on File Info object.
The Issuer ID received in the previous transaction response is sent in the Vault Tokenize Credit Card
request to reference that this is a stored credential.
Basic transactions that can be tokenized are:
l
l
l

Purchase
Pre-Authorization
Card Verification

The tokenization process is outlined below :

Figure 1: Tokenize process diagram

Vault Tokenize Credit Card transaction object definition
$txnArray = array(‘type’=>’res_tokenize_cc', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Vault Tokenize Credit Card transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Vault Tokenize Credit Card transaction values
These mandatory values reference a previously processed credit card financial transaction. The credit
card number, expiry date, and e-commerce indicator from the original transaction are registered in the

Page 81 of 477

July 2018

4 Vault
Vault for future financial Vault transactions.
Table 36: Vault Tokenize Credit Card transaction object mandatory values
Value

Type

Limits

Set method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Transaction number

String

255-character alphanumeric

'txn_number'=>$txn_number

Table 37: Vault Tokenize Credit Card transaction optional values
Value

Type

Limits

Set method

Customer ID

String

50-character alphanumeric

'cust_id'=>$cust_id

Email address

String

30-character alphanumeric

'email'=>$email

Phone number

String

30-character alphanumeric

'phone'=>$phone

Note

String

30-character alphanumeric

'note'=>$note

July 2018

Page 82 of 477

Moneris Gateway API - Integration Guide

Value

Type

Limits

Set method

AVS information

Object

N/A

$mpgTxn->setAvsInfo
($mpgAvsInfo);

Data key format1

String

2-character alphanumeric

'data_key_format'=>$data_
key_format

Credential on File Info

Object

N/A

$mpgTxn->setCofInfo($cof);

cof
NOTE: This is a nested
object within the transaction, and required
when storing or using
the customer's stored
credentials. The Credential on File Info
object has its own
request variables, listed in blue in the table
below, "Credential on
File Object Request
Variables".

Credential on File Transaction Object Request Fields
Value
Issuer ID

Type
String

NOTE: This variable is
required for all merchant-intiated transactions following the
first one; upon sending
the first transaction,
the Issuer ID value is
received in the transaction response and
then used in subsequent transaction
requests (Issuer ID
does not apply for Discover or Union Pay).

Limits
15-character alphanumeric

Set Method
$cof->setIssuerId("VALUE_
FOR_ISSUER_ID");

variable length
NOTE: For a list and explanation of the
possible values to send for this variable,
see Definitions of Request Fields – Credential on File

1Available to Canadian integrations only.

Page 83 of 477

July 2018

4 Vault
Any field that is not set in the tokenize request is not stored with the transaction. That is, Moneris Gateway does not automatically take the optional information that was part of the original transaction.
The ResolveData that is returned in the response fields indicates what values were registered for this profile.
Sample Vault Tokenize Credit Card
$type,
'order_id'=>$order_id,
'txn_number'=>$txn_number,
//'data_key_format'=>$data_key_format, //optional
'cust_id'=>$cust_id,
'phone'=>$phone,
'email'=>$email,
'note'=>$note
);
/********************** AVS Associative Array *********************************/
$avsTemplate = array(
'avs_street_number' => $avs_street_number,
'avs_street_name' => $avs_street_name,
'avs_zipcode' => $avs_zipcode
);
/************************** AVS Object ***************************************/
$mpgAvsInfo = new mpgAvsInfo ($avsTemplate);
/******************* Credential on File **********************************/
$cof = new CofInfo();
$cof->setIssuerId("168451306048014");
/**************************** Transaction Object *****************************/
$mpgTxn = new mpgTransaction($txnArray);
$mpgTxn->setAvsInfo($mpgAvsInfo);
$mpgTxn->setCofInfo($cof);
/****************************** Request Object *******************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/***************************** HTTPS Post Object *****************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/******************************* Response ************************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nDataKey = " . $mpgResponse->getDataKey());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nMessage = " . $mpgResponse->getMessage());

July 2018

Page 84 of 477

Moneris Gateway API - Integration Guide

Sample Vault Tokenize Credit Card
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
print("\nResSuccess = " . $mpgResponse->getResSuccess());
print("\nPaymentType = " . $mpgResponse->getPaymentType());
//----------------- ResolveData -----------------------------print("\n\nCust ID = " . $mpgResponse->getResDataCustId());
print("\nPhone = " . $mpgResponse->getResDataPhone());
print("\nEmail = " . $mpgResponse->getResDataEmail());
print("\nNote = " . $mpgResponse->getResDataNote());
print("\nMasked Pan = " . $mpgResponse->getResDataMaskedPan());
print("\nExp Date = " . $mpgResponse->getResDataExpDate());
print("\nCrypt Type = " . $mpgResponse->getResDataCryptType());
print("\nAvs Street Number = " . $mpgResponse->getResDataAvsStreetNumber());
print("\nAvs Street Name = " . $mpgResponse->getResDataAvsStreetName());
print("\nAvs Zipcode = " . $mpgResponse->getResDataAvsZipcode());
?>

Vault response fields
For a list and explanation of (Receipt object) response fields that are available after sending this Vault
transaction, see Definitions of Response Fields (page 438).

4.4 Vault Financial Transactions
After a financial transaction is complete, the response fields indicate all the values that are currently
saved under the profile that was used.

4.4.1 Customer ID Changes
Some financial transactions take the customer ID as an optional value. The customer ID may or may not
already be in the Vault profile when the transaction is sent. Therefore, it is possible to change the value of
the customer ID by performing a financial transaction
The table below shows what the customer ID will be in the response field after a financial transaction is
performed.
Table 38: Customer ID use in response fields
Already in profile?

Passed in?

Version used in response

No

No

Customer ID not used in transaction

No

Yes

Passed in

Yes

No

Profile

Yes

Yes

Passed in

Page 85 of 477

July 2018

4 Vault

4.4.2 Purchase with Vault – ResPurchaseCC
Purchase with Vault transaction object definition
$txnArray = array(‘type’=>’res_purchase_cc', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Purchase with Vault transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Purchase with Vault transaction values
For a full description of mandatory and optional values, see Appendix A Definitions of Request Fields
Table 39: Purchase with Vault transaction object mandatory values
Value

Type

Limits

Set method

Data key

String

25-character alphanumeric

'data_key'=>$data_key

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Amount

String

9-character decimal

'amount'=>$amount

E-commerce indicator

String

1-character alphanumeric

'crypt_type'=>$crypt

Credential on File Info

Object

N/A

$mpgTxn->setCofInfo($cof);

cof
NOTE: This is a nested
object within the transaction, and required
when storing or using
the customer's stored
credentials. The Credential on File Info
object has its own
request variables, listed in blue in the table
below, "Credential on
File Object Request
Variables".

July 2018

Page 86 of 477

Moneris Gateway API - Integration Guide
Table 40: Purchase with Vault transaction optional values
Value

Type

Limits

Set method

Status Check

Boolean

true/false

$mpgHttpPost =new
mpgHttpsPostStatus($store_
id,$api_
token,$status,$mpgRequest);

Expiry date

String

4-character numeric

'expdate'=>$expiry_date

YYMM format.
(Note that this is
reversed from the
date displayed on the
card, which is MMYY)
Customer ID

String

50-character alphanumeric

'cust_id'=>$cust_id

Dynamic descriptor

String

20-character alphanumeric

'dynamic_
descriptor'=>$dynamic_
descriptor

Customer information

Object

N/A

$mpgTxn->setCustInfo
($mpgCustInfo);

AVS information

Object

N/A

$mpgTxn->setAvsInfo
($mpgAvsInfo);

CVD information

Object

N/A

$mpgTxn->setCvdInfo
($mpgCvdInfo);

Object

N/A

$mpgTxn->setRecur
($mpgRecur);

NOTE: When storing
credentials on the initial transaction, the
CVD object must be
sent; for subsequent
transactions using
stored credentials,
CVD can be sent with
cardholder-initiated
transactions only—
merchants must not
store CVD
information.

Recurring billing

Page 87 of 477

July 2018

4 Vault

Credential on File Transaction Object Request Fields
Value
Issuer ID

Type
String

NOTE: This variable is
required for all merchant-intiated transactions following the
first one; upon sending
the first transaction,
the Issuer ID value is
received in the transaction response and
then used in subsequent transaction
requests (Issuer ID
does not apply for Discover or Union Pay).

Payment Indicator

Limits
15-character alphanumeric

Set Method
$cof->setIssuerId("VALUE_
FOR_ISSUER_ID");

variable length
NOTE: For a list and explanation of the
possible values to send for this variable,
see Definitions of Request Fields – Credential on File

String

1-character alphabetic

$cof->setPaymentIndicator
("PAYMENT_INDICATOR_VALUE");
NOTE: For a list and explanation of the
possible values to send for this variable,
see Definitions of Request Fields – Credential on File

Payment Information

String

1-character numeric

$cof->setPaymentInformation
("PAYMENT_INFO_VALUE");
NOTE: For a list and explanation of the
possible values to send for this variable,
see Definitions of Request Fields – Credential on File

Sample Purchase with Vault
'res_purchase_cc',
'data_key'=>$data_key,
'order_id'=>$orderid,
'cust_id'=>$custid,
'amount'=>$amount,
'crypt_type'=>$crypt_type,
//'expdate'=>$expdate,
'dynamic_descriptor'=>'12484'
);
/************************ Transaction Object *******************************/
$mpgTxn = new mpgTransaction($txnArray);
/******************* Credential on File **********************************/
$cof = new CofInfo();
$cof->setPaymentIndicator("U");
$cof->setPaymentInformation("2");
$cof->setIssuerId("12345678901234");
$mpgTxn->setCofInfo($cof);
/************************ Request Object **********************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/************************ mpgHttpsPost Object ******************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/************************ Response Object **********************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nDataKey = " . $mpgResponse->getDataKey());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
print("\nAVSResponse = " . $mpgResponse->getAvsResultCode());
print("\nResSuccess = " . $mpgResponse->getResSuccess());
print("\nPaymentType = " . $mpgResponse->getPaymentType());
print("\nIssuerId = " . $mpgResponse->getIssuerId());
//----------------- ResolveData -----------------------------print("\n\nCust ID = " . $mpgResponse->getResDataCustId());
print("\nPhone = " . $mpgResponse->getResDataPhone());
print("\nEmail = " . $mpgResponse->getResDataEmail());
print("\nNote = " . $mpgResponse->getResDataNote());

Page 89 of 477

July 2018

4 Vault

Sample Purchase with Vault
print("\nMasked Pan = " . $mpgResponse->getResDataMaskedPan());
print("\nExp Date = " . $mpgResponse->getResDataExpDate());
print("\nCrypt Type = " . $mpgResponse->getResDataCryptType());
print("\nAvs Street Number = " . $mpgResponse->getResDataAvsStreetNumber());
print("\nAvs Street Name = " . $mpgResponse->getResDataAvsStreetName());
print("\nAvs Zipcode = " . $mpgResponse->getResDataAvsZipcode());
?>

Vault response fields
For a list and explanation of (Receipt object) response fields that are available after sending this Vault
transaction, see Definitions of Response Fields (page 438).

4.4.3 Pre-Authorization with Vault – ResPreauthCC
Pre-Authorization with Vault transaction object definition
$txnArray = array(‘type’=>’res_preauth_cc', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Pre-Authorization with Vault transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Pre-Authorization with Vault transaction values
Table 41: Pre-Authorization with Vault transaction object mandatory values
Value

Type

Limits

Set method

Data key

String

25- character alphanumeric

'data_key'=>$data_key

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Amount

String

9-character decimal

'amount'=>$amount

July 2018

Page 90 of 477

Moneris Gateway API - Integration Guide
Table 41: Pre-Authorization with Vault transaction object mandatory values (continued)
Value

Type

Limits

E-commerce indicator

String

1-character alphanumeric

Credential on File Info

Object

N/A

Set method
'crypt_type'=>$crypt

$mpgTxn->setCofInfo($cof);

cof
NOTE: This is a nested
object within the transaction, and required
when storing or using
the customer's stored
credentials. The Credential on File Info
object has its own
request variables, listed in blue in the table
below, "Credential on
File Object Request
Variables".

Table 42: Pre-Authorization with Vault transaction optional values
Value

Type

Limits

Set method

Status Check

Boolean

true/false

$mpgHttpPost =new
mpgHttpsPostStatus($store_
id,$api_
token,$status,$mpgRequest);

Expiry date

String

4-character alphanumeric

'expdate'=>$expiry_date

(YYMM format)
Customer ID

Page 91 of 477

String

50-character alphanumeric

'cust_id'=>$cust_id

July 2018

4 Vault

Value

Type

Limits

Set method

Customer information

Object

N/A

$mpgTxn->setCustInfo
($mpgCustInfo);

AVS information

Object

N/A

$mpgTxn->setAvsInfo
($mpgAvsInfo);

CVD information

Object

N/A

$mpgTxn->setCvdInfo
($mpgCvdInfo);

NOTE: When storing
credentials on the initial transaction, the
CVD object must be
sent; for subsequent
transactions using
stored credentials,
CVD can be sent with
cardholder-initiated
transactions only—
merchants must not
store CVD
information.

July 2018

Page 92 of 477

Moneris Gateway API - Integration Guide

Credential on File Transaction Object Request Fields
Value
Issuer ID

Type
String

NOTE: This variable is
required for all merchant-intiated transactions following the
first one; upon sending
the first transaction,
the Issuer ID value is
received in the transaction response and
then used in subsequent transaction
requests (Issuer ID
does not apply for Discover or Union Pay).

Payment Indicator

Limits
15-character alphanumeric

Set Method
$cof->setIssuerId("VALUE_
FOR_ISSUER_ID");

variable length
NOTE: For a list and explanation of the
possible values to send for this variable,
see Definitions of Request Fields – Credential on File

String

1-character alphabetic

$cof->setPaymentIndicator
("PAYMENT_INDICATOR_VALUE");
NOTE: For a list and explanation of the
possible values to send for this variable,
see Definitions of Request Fields – Credential on File

Payment Information

String

1-character numeric

$cof->setPaymentInformation
("PAYMENT_INFO_VALUE");
NOTE: For a list and explanation of the
possible values to send for this variable,
see Definitions of Request Fields – Credential on File

Sample Pre-Authorization with Vault
'res_preauth_cc',
'data_key'=>$data_key,
'order_id'=>$orderid,
'cust_id'=>$custid,
'amount'=>$amount,
'crypt_type'=>$crypt_type,
//'expdate=>$expdate,
'dynamic_descriptor'=>'12424'
);
/************************ Transaction Object *******************************/
$mpgTxn = new mpgTransaction($txnArray);
/******************* Credential on File **********************************/
$cof = new CofInfo();
$cof->setPaymentIndicator("U");
$cof->setPaymentInformation("2");
$cof->setIssuerId("12345678901234");
$mpgTxn->setCofInfo($cof);
/************************ Request Object **********************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/************************ mpgHttpsPost Object ******************************/
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/************************ Response Object **********************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nDataKey = " . $mpgResponse->getDataKey());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
print("\nAVSResponse = " . $mpgResponse->getAvsResultCode());
print("\nResSuccess = " . $mpgResponse->getResSuccess());
print("\nPaymentType = " . $mpgResponse->getPaymentType());
print("\nIssuerId = " . $mpgResponse->getIssuerId());
//----------------- ResolveData -----------------------------print("\n\nCust ID = " . $mpgResponse->getResDataCustId());
print("\nPhone = " . $mpgResponse->getResDataPhone());
print("\nEmail = " . $mpgResponse->getResDataEmail());
print("\nNote = " . $mpgResponse->getResDataNote());

July 2018

Page 94 of 477

Moneris Gateway API - Integration Guide

Sample Pre-Authorization with Vault
print("\nMasked Pan = " . $mpgResponse->getResDataMaskedPan());
print("\nExp Date = " . $mpgResponse->getResDataExpDate());
print("\nCrypt Type = " . $mpgResponse->getResDataCryptType());
print("\nAvs Street Number = " . $mpgResponse->getResDataAvsStreetNumber());
print("\nAvs Street Name = " . $mpgResponse->getResDataAvsStreetName());
print("\nAvs Zipcode = " . $mpgResponse->getResDataAvsZipcode());
?>

Vault response fields
For a list and explanation of (Receipt object) response fields that are available after sending this Vault
transaction, see Definitions of Response Fields (page 438).

4.4.4 Vault Independent Refund CC - ResIndRefundCC
Vault Independent Refund transaction object definition
$txnArray = array(‘type’=>’res_ind_refund_cc', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Vault Independent Refund transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Vault Independent Refund transaction values
For a full description of mandatory and optional values, see Appendix A Definitions of Request Fields
Table 43: Vault Independent Refund transaction object mandatory values
Value

Type

Limits

Set method

Data key

String

25-character alphanumeric

'data_key'=>$data_key

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Amount

String

9-character decimal

'amount'=>$amount

E-commerce indicator

String

1-character alphanumeric

'crypt_type'=>$crypt

Page 95 of 477

July 2018

4 Vault
Table 44: Vault Independent Refund transaction optional values
Value

Type

Limits

Set method

Customer ID

String

50-character alphanumeric

'cust_id'=>$cust_id

Expiry date

String

4-character alphanumeric

'expdate'=>$expiry_date

(YYMM format)
Status Check

Boolean

true/false

$mpgHttpPost =new
mpgHttpsPostStatus($store_
id,$api_
token,$status,$mpgRequest);

Dynamic descriptor

String

20-character alphanumeric

'dynamic_
descriptor'=>$dynamic_
descriptor

Sample Vault Independent Refund
'res_ind_refund_cc',
'data_key'=>$data_key,
'order_id'=>$orderid,
'cust_id'=>$custid,
'amount'=>$amount,
'crypt_type'=>$crypt_type,
'dynamic_descriptor'=>'12346'
);
/************************ Transaction Object *******************************/
$mpgTxn = new mpgTransaction($txnArray);
/************************ Request Object **********************************/

July 2018

Page 96 of 477

Moneris Gateway API - Integration Guide

Sample Vault Independent Refund
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/************************ mpgHttpsPost Object ******************************/
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/************************ Response Object **********************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nDataKey = " . $mpgResponse->getDataKey());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
print("\nResSuccess = " . $mpgResponse->getResSuccess());
print("\nPaymentType = " . $mpgResponse->getPaymentType());
//----------------- ResolveData -----------------------------print("\n\nCust ID = " . $mpgResponse->getResDataCustId());
print("\nPhone = " . $mpgResponse->getResDataPhone());
print("\nEmail = " . $mpgResponse->getResDataEmail());
print("\nNote = " . $mpgResponse->getResDataNote());
print("\nMasked Pan = " . $mpgResponse->getResDataMaskedPan());
print("\nExp Date = " . $mpgResponse->getResDataExpDate());
print("\nCrypt Type = " . $mpgResponse->getResDataCryptType());
print("\nAvs Street Number = " . $mpgResponse->getResDataAvsStreetNumber());
print("\nAvs Street Name = " . $mpgResponse->getResDataAvsStreetName());
print("\nAvs Zipcode = " . $mpgResponse->getResDataAvsZipcode());
?>

Vault response fields
For a list and explanation of (Receipt object) response fields that are available after sending this Vault
transaction, see Definitions of Response Fields (page 438).

4.4.5 Force Post with Vault - ResForcePostCC
Force Post with Vault transaction object definition
$txnArray = array(‘type’=>’res_forcepost_cc', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Force Post with Vault transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Page 97 of 477

July 2018

4 Vault

Force Post with Vault transaction object values
Table 1: Force Post with Vault transaction object mandatory values
Value

Type

Limits

Set Method

Amount

String

9-character decimal

'amount'=>$amount

Data key

String

25-character alphanumeric

'data_key'=>$data_key

Authorization code

String

8-character alphanumeric

'auth_code'=>$auth_code

E-commerce indicator

String

1-character alphanumeric

'crypt_type'=>$crypt

Table 2: Force Post with Vault transaction object optional values
Value

Type

Limits

Set Method

Customer ID

String

50-character alphanumeric

'cust_id'=>$cust_id

Dynamic Descriptor

String

20-character alphanumeric

'dynamic_
descriptor'=>$dynamic_
descriptor

Status Check

Boolean

true/false

$mpgHttpPost =new
mpgHttpsPostStatus($store_
id,$api_
token,$status,$mpgRequest);

Sample Force Post with Vault
'res_forcepost_cc',
'order_id'=>$orderid,
'cust_id'=>$custid,

July 2018

Page 98 of 477

Moneris Gateway API - Integration Guide

Sample Force Post with Vault
'amount'=>$amount,
'data_key'=>$data_key,
'crypt_type'=>$crypt_type,
'auth_code'=>$auth_code,
'dynamic_descriptor'=>$dynamic_descriptor
);
/************************ Transaction Object *******************************/
$mpgTxn = new mpgTransaction($txnArray);
/************************ Request Object **********************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/************************ mpgHttpsPost Object ******************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/************************ Response Object **********************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nDataKey = " . $mpgResponse->getDataKey());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
print("\nAVSResponse = " . $mpgResponse->getAvsResultCode());
print("\nResSuccess = " . $mpgResponse->getResSuccess());
print("\nPaymentType = " . $mpgResponse->getPaymentType());
//----------------- ResolveData -----------------------------print("\n\nCust ID = " . $mpgResponse->getResDataCustId());
print("\nPhone = " . $mpgResponse->getResDataPhone());
print("\nEmail = " . $mpgResponse->getResDataEmail());
print("\nNote = " . $mpgResponse->getResDataNote());
print("\nMasked Pan = " . $mpgResponse->getResDataMaskedPan());
print("\nExp Date = " . $mpgResponse->getResDataExpDate());
print("\nCrypt Type = " . $mpgResponse->getResDataCryptType());
print("\nAvs Street Number = " . $mpgResponse->getResDataAvsStreetNumber());
print("\nAvs Street Name = " . $mpgResponse->getResDataAvsStreetName());
print("\nAvs Zipcode = " . $mpgResponse->getResDataAvsZipcode());
?>

4.4.6 Card Verification with Vault – ResCardVerificationCC
Things to Consider:
l
l

This transaction type only applies to Visa, Mastercard and Discover transactions
This transaction is also known as an "account status inquiry"

Page 99 of 477

July 2018

4 Vault

l

l

The card number and expiry date for this transaction are passed using a token, as represented by the data key value
When using a temporary token (e.g., such as with Hosted Tokenization) and you intend
to store the cardholder credentials, this transaction must be run prior to running the
Vault Add Token transaction

Card Verification object definition
$txnArray = array(‘type’=>’res_card_verification_cc', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Card Verification transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Card Verification transaction values
For a full description of mandatory and optional values, see Appendix A Definitions of Request Fields
Table 45: Card Verification with Vault transaction object mandatory values
Value

Type

Limits

Set method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Data key

String

25-character alphanumeric

'data_key'=>$data_key

E-commerce indicator

String

1-character alphanumeric

'crypt_type'=>$crypt

July 2018

Page 100 of 477

Moneris Gateway API - Integration Guide
Table 45: Card Verification with Vault transaction object mandatory values
Value

Type

Limits

Set method

AVS

Object

N/A

$mpgTxn->setAvsInfo
($mpgAvsInfo);

CVD

Object

N/A

$mpgTxn->setCvdInfo
($mpgCvdInfo);

Credential on File Info

Object

N/A

$mpgTxn->setCofInfo($cof);

cof
NOTE: This is a nested
object within the transaction, and required
when storing or using
the customer's stored
credentials. The Credential on File Info
object has its own
request variables, listed in blue in the table
below, "Credential on
File Object Request
Variables".

Page 101 of 477

July 2018

4 Vault

Credential on File Transaction Object Request Fields
Value
Issuer ID

Type
String

NOTE: This variable is
required for all merchant-intiated transactions following the
first one; upon sending
the first transaction,
the Issuer ID value is
received in the transaction response and
then used in subsequent transaction
requests (Issuer ID
does not apply for Discover or Union Pay).

Payment Indicator

Limits
15-character alphanumeric

Set Method
$cof->setIssuerId("VALUE_
FOR_ISSUER_ID");

variable length
NOTE: For a list and explanation of the
possible values to send for this variable,
see Definitions of Request Fields – Credential on File

String

1-character alphabetic

$cof->setPaymentIndicator
("PAYMENT_INDICATOR_VALUE");
NOTE: For a list and explanation of the
possible values to send for this variable,
see Definitions of Request Fields – Credential on File

Payment Information

String

1-character numeric

$cof->setPaymentInformation
("PAYMENT_INFO_VALUE");
NOTE: For a list and explanation of the
possible values to send for this variable,
see Definitions of Request Fields – Credential on File

Sample Card Verification with Vault
'res_card_verification_cc',
'data_key'=>$data_key,
'order_id'=>$orderid,
'crypt_type'=>$crypt_type,
'expdate'=>$expdate
);
/************************** CVD Variables *****************************/
$cvd_indicator = '1';
$cvd_value = '198';
/********************** CVD Associative Array *************************/
$cvdTemplate = array(
'cvd_indicator' => $cvd_indicator,
'cvd_value' => $cvd_value
);
$mpgCvdInfo = new mpgCvdInfo ($cvdTemplate);
/************************** AVS Variables *****************************/
//The AVS portion is optional if AVS details are already stored in this profile
//If AVS details are resent in Purchase transaction, they will replace stored details
$avs_street_number = '';
$avs_street_name = 'bloor st';
$avs_zipcode = '111111';
/********************** AVS Associative Array *************************/
$avsTemplate = array(
'avs_street_number' => $avs_street_number,
'avs_street_name' => $avs_street_name,
'avs_zipcode' => $avs_zipcode
);
$mpgAvsInfo = new mpgAvsInfo ($avsTemplate);
/************************ Transaction Object *******************************/
$mpgTxn = new mpgTransaction($txnArray);
$mpgTxn->setCvdInfo($mpgCvdInfo);
$mpgTxn->setAvsInfo($mpgAvsInfo);
/******************* Credential on File **********************************/
$cof = new CofInfo();
$cof->setPaymentIndicator("U");
$cof->setPaymentInformation("2");
$cof->setIssuerId("12345678901234");
$mpgTxn->setCofInfo($cof);
/************************ Request Object **********************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/************************ mpgHttpsPost Object ******************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/************************ Response Object **********************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nDataKey = " . $mpgResponse->getDataKey());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());

Page 103 of 477

July 2018

4 Vault

Sample Card Verification with Vault
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
print("\nCVDResponse = " . $mpgResponse->getCvdResultCode());
print("\nAVSResponse = " . $mpgResponse->getAvsResultCode());
print("\nResSuccess = " . $mpgResponse->getResSuccess());
print("\nPaymentType = " . $mpgResponse->getPaymentType());
print("\nIssuerId = " . $mpgResponse->getIssuerId());
//----------------- ResolveData -----------------------------print("\n\nCust ID = " . $mpgResponse->getResDataCustId());
print("\nPhone = " . $mpgResponse->getResDataPhone());
print("\nEmail = " . $mpgResponse->getResDataEmail());
print("\nNote = " . $mpgResponse->getResDataNote());
print("\nMasked Pan = " . $mpgResponse->getResDataMaskedPan());
print("\nExp Date = " . $mpgResponse->getResDataExpDate());
print("\nCrypt Type = " . $mpgResponse->getResDataCryptType());
print("\nAvs Street Number = " . $mpgResponse->getResDataAvsStreetNumber());
print("\nAvs Street Name = " . $mpgResponse->getResDataAvsStreetName());
print("\nAvs Zipcode = " . $mpgResponse->getResDataAvsZipcode());
?>

4.5 Hosted Tokenization
Moneris Hosted Tokenization is a solution for online e-commerce merchants who do not want to handle
credit card numbers directly on their websites, yet want the ability to fully customize their check-out web
page appearance.
When an hosted tokenization transaction is initiated, the Moneris Gateway displays (on the merchant’s
behalf) a single text box on the merchant’s checkout page. The cardholder can then securely enter the
credit card information into the text box. Upon submission of the payment information on the checkout
page, Moneris Gateway returns a temporary token representing the credit card number to the merchant. This is then used in an API call to process a financial transaction directly with Moneris to charge
the card. After receiving a response to the financial transaction, the merchant generates a receipt and
allows the cardholder to continue with online shopping.
For more details on how to implement the Moneris Hosted Tokenization feature, see the Hosted Solutions Integration Guide. The guide can be downloaded from the Moneris Developer Portal
(https://developer.moneris.com).

July 2018

Page 104 of 477

5 INTERAC® Online Payment
l
l
l
l
l
l
l
l

5.1
5.2
5.3
5.4
5.5
5.6
5.7
5.8

About INTERAC® Online Payment Transactions
Other Documents and References
Website and Certification Requirements
Transaction Flow for INTERAC® Online Payment
Sending an INTERAC® Online Payment Purchase Transaction
INTERAC® Online Payment Purchase
INTERAC® Online Payment Refund
INTERAC® Online Payment Field Definitions

5.1 About INTERAC® Online Payment Transactions
The INTERAC® Online Payment method offers cardholders the ability to pay using online banking. This
payment method can be combined with the Moneris Gateway API solution to allow online payments
using credit and debit cards.
INTERAC® Online Payment transactions via the API require two steps:
1. The cardholder guarantees the funds for the purchase amount using their online banking process.
2. The merchant confirms the payment by sending an INTERAC® Online Payment purchase request
to Moneris using the API.
Any of the transaction objects that are defined in this section can be passed to the HttpsPostRequest
connection object defined in Section 16.5 (page 382)here.
INTERAC® Online Payment transactions are available to Canadian integrations only.

5.2 Other Documents and References
INTERAC® Online Payment is offered by Acxsys Corporation, which is also a licensed user of the Interac
logo. Refer to the following documentation and websites for additional details.

INTERAC® Online PaymentMerchant Guideline
Visit the Moneris Developer Portal (https://developer.moneris.com) to access the latest documentation
and downloads.
This details the requirements for each page consumers visit on a typical INTERAC® Online Payment merchant website. It also details the requirements that can be displayed on any page (that is, requirements
that are not page-specific).

Logos
Visit the Moneris Developer Portal (https://developer.moneris.com) to access the logos and downloads.

July 2018

Canada Only

Page 105 of 477

Moneris Gateway API - Integration Guide

5.3 Website and Certification Requirements
5.3.1 Things to provide to Moneris
Refer to the Merchant Guidelines referenced in Section 5.2 for instructions on proper use of logos and
the term "INTERAC® Online Payment". You need to provide Moneris with the following registration
information:
l

l

l

l

l

Merchant logo to be displayed on the INTERAC® Online Payment Gateway page
l In both French and English
l 120 × 30 pixels
l Only PNG format is supported.
Merchant business name
l In both English and French
l Maximum 30 characters.
List of all referrer URLs. That is, URLs from which the customer may be redirected to the INTERAC®
Online Payment gateway.
List of all URLs that may appear in the IDEBIT_FUNDEDURL field of the https form POST to the
INTERAC® Online Payment Gateway.
List of all URLs that may appear in the IDEBIT_NOTFUNDEDURL field of the https form POST to the
INTERAC® Online Payment Gateway.

Note that if your test and production environments are different, provide the above information for
both environments.

5.3.2 Certification process
Test cases
All independent merchants and third-party service/shopping cart providers must pass the certification
process by conducting all the test cases outlined in Appendix E (page 455) and "Third-Party Service Provider Checklists for INTERAC® Online Payment Certification Testing" on page 459 respectively. This is
required after you have completed all of your testing.
Any major changes to your website after certification (with respect to the INTERAC® Online Payment functionality) require the site to be re-certified by completing the test cases again.
Appendix H (page 467) is the Certification Test Case Detail showing all the information and requirements
for each test case.

Page 106 of 477

Canada Only

July 2018

5 INTERAC® Online Payment

Screenshots
You must provide Moneris with screenshots of your check-out process showing examples of approved
and declined transactions using the INTERAC® Online Payment service.

Checklists
To consistently portray the INTERAC Online service as a secure payment option, you must complete the
respective Merchant Requirement checklist inAppendix E (page 455) or Appendix F (page 459)accordingly.
The detailed descriptions of the requirements in these checklists can be found in the INTERAC® Online
Payment Merchant Guidelines document referred to in 5.2 (page 105). If any item does not apply, mark it
as "N/A".
After completion, fax or email the results to the Moneris Integration Support help desk for review before
implementing the change into the production environment.

5.3.3 Client Requirements
Checklists
As a merchant using an INTERAC® Online Payment-certified third-party solution, your clients must complete the Merchant Checklists for INTERAC® Online Payment Certification form (Appendix G, page 464).
They will not be required to complete any of the test cases.
Your clients must also complete the Merchant Requirement checklist (Appendix G, page 464). Ensure that
your product documentation properly instructs your clients to fax or email the results to the Moneris
Integration Support helpdesk for registration purposes.

Screenshots
Your clients must provide Moneris with screenshots of their check-out process that show examples of
approved and declined transactions using INTERAC® Online Payment.

5.3.4 Delays
Note that merchants that fall under the following category codes listed in Table 46 may experience delays
in the certification or registration process of up to 7 days.
Table 46: Category codes that might introduce certification/registration delays
Category code

Merchant type/name

4812

Telecommunication equipment including telephone sales

4829

Money transfer—merchant

5045

Computers, computer peripheral equipment, software

5732

Electronic sales

6012

Financial institution—merchandise and services

6051

Quasi cash—merchant

July 2018

Canada Only

Page 107 of 477

Moneris Gateway API - Integration Guide
Category code

Merchant type/name

6530

Remote stored value load—merchant

6531

Payment service provider—money transfer for a purchase

6533

Payment service provider—merchant—payment transaction

5.4 Transaction Flow for INTERAC® Online Payment

Figure 2: INTERAC® Online Payment transaction flow diagram
1. Customer selects the INTERAC® Online Payment option on the merchant's web store.
2. Merchant redirects the customer to the IOP gateway to select a financial institution (issuer) of
choice. This step involves form-posting the following required variables over the HTTPS protocol:
l
l
l
l
l
l
l
l
l

IDEBIT_MERCHNUM
IDEBIT_AMOUNT1
IDEBIT_CURRENCY
IDEBIT_FUNDEDURL
IDEBIT_NOTFUNDEDURL
IDEBIT_MERCHLANG
IDEBIT_VERSIONIDEBIT_TERMID - optional
IDEBIT_INVOICE - optional
IDEBIT_MERCHDATA - optional

3. Customer selects an issuer, and is directed to the online banking site. Customer completes the
online banking process and guarantees the funds for the purchase.

1This value is expressed in cents. Therefore, $1 is input as 100

Page 108 of 477

Canada Only

July 2018

5 INTERAC® Online Payment
4. Depending on the results of step 5.4, the issuer re-directs the customer through the IOP Gateway to either the merchant's non-funded URL (4a) or funded URL (4b). Both URLs can appear on
the same page. The funded/non-funded URLs must validate the variables posted back according
to 5.8 (page 114) before continuing.
5.4 shows the variables that are posted back in the re-direction.
If the customer is directed to the non-funded URL, return to step 5.4 and ask for another means
of payment.
If the customer is directed to the funded URL, continue to the next step.
5. Merchant sends an INTERAC® Online Payment purchase request to Moneris Gateway while displaying the "Please wait...." message to the customer. This should be done within 30 minutes of
receiving the response in step 5.4.
6. Moneris' processing host sends a request for payment confirmation to the issuer.
7. The issuer sends a response (either approved or declined) to Moneris host.
8. Moneris Gateway relays the response back to the merchant. If the payment was approved, the
merchant fulfills the order.
Table 47: Funded and non-funded URL variables
To funded URL only

To funded and non-funded URL

IDEBIT_TRACK2

IDEBIT_VERSION

IDEBIT_ISSCONF

IDEBIT_ISSLANG

IDEBIT_ISSNAME

IDEBIT_TERMID (optional)
IDEBIT_INVOICE (optional)
IDEBIT_MERCHDATA (optional)

5.5 Sending an INTERAC® Online Payment Purchase Transaction
5.5.1 Fund-Guarantee Request
After choosing to pay by INTERAC® Online Payment, the customer is redirected using an HTML form post
to the INTERAC® Online PaymentGateway page. Below is a sample code that is used to post the request
to the Gateway.



 









July 2018

Canada Only

Page 109 of 477

Moneris Gateway API - Integration Guide

5.5.2 Online Banking Response and Fund-Confirmation Request
The response variables are posted back in an HTML form to either the funded or non-funded URL that
was provided to INTERAC®.
The following variables must be validated (5.8, page 114):
l
l
l
l
l
l

IDEBIT_TRACK2
IDEBIT_ISSCONF
IDEBIT_ISSNAME
IDEBIT_VERSION
IDEBIT_ISSLANG
IDEBIT_INVOICE

Note that IDEBIT_ISSCONF and IDEBIT_ISSNAME must be displayed on the client’s receipt that is generated by the merchant.
After validation, IDEBIT_TRACK2 is used to form an IDebitPurchase transaction that is sent to Moneris
Gateway to confirm the fund.
If the validation fails, redirect the client to the main page and ask for a different means of payment.
If the validation passes, an IDebitPurchase transaction can be sent to Moneris Gateway.

5.6 INTERAC® Online Payment Purchase
INTERAC® Online Payment Purchase transaction object definition
$txnArray = array(‘type’=>’idebit_purchase', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for INTERAC® Online Payment Purchase transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

INTERAC® Online Payment Purchase transaction values
For a full description of mandatory and optional values, see Appendix A Definitions of Request Fields

Page 110 of 477

Canada Only

July 2018

5 INTERAC® Online Payment
Table 48: INTERAC® Online Payment transaction object mandatory values
Value

Type

Limits

Set method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Amount

String

9-character decimal

'amount'=>$amount

Track2 data

String

40-character alphanumeric

'idebit_track2'=>$idebit_
track2

Table 49: INTERAC® Online Payment Purchase transaction optional values
Value

Type

Limits

Set method

Customer ID

String

50-character alphanumeric

'cust_id'=>$cust_id

Dynamic
descriptor

String

20-character alphanumeric

'dynamic_descriptor'=>$dynamic_
descriptor

Customer
information

Object

Not applicable. Click hereSee $mpgTxn->setCustInfo
($mpgCustInfo);
Section 13 (page 353).

Sample INTERAC® Online Payment Purchase
'idebit_purchase',
'order_id'=>$orderid,
'cust_id'=>'my cust id',
'amount'=>'50.00',
'idebit_track2'=>'3728024906540591206=0609AAAAAAAAAAAAA'
);
## step 2) create a transaction object passing the hash created in
## step 1.
$mpgTxn = new mpgTransaction($txnArray);
## step 3) create a mpgRequest object passing the transaction object created
## in step 2
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
## step 4) create mpgHttpsPost object which does an https post ##
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
## step 5) get an mpgResponse object ##
$mpgResponse=$mpgHttpPost->getMpgResponse();
## step 6) retrieve data using get methods
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());

July 2018

Canada Only

Page 111 of 477

Moneris Gateway API - Integration Guide

Sample INTERAC® Online Payment Purchase
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
?>

5.7 INTERAC® Online Payment Refund
To process this transaction, you need the order ID and transaction number from the original INTERAC®
Online Payment Purchase transaction.

INTERAC® Online Payment Refund transaction object definition
$txnArray = array(‘type’=>’idebit_refund', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for INTERAC® Online Payment Refund transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

INTERAC® Online Payment Refund transaction object values
For a full description of mandatory and optional values, see Appendix A Definitions of Request Fields
Table 50: INTERAC® Online Payment Refund transaction object mandatory variables
Value

Type

Limits

Set method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Amount

String

9-character decimal

'amount'=>$amount

Transaction number

String

255-character alphanumeric

'txn_number'=>$txn_number

Page 112 of 477

Canada Only

July 2018

5 INTERAC® Online Payment
Table 51: INTERAC® Online Payment Refund transaction optional values
Value

Type

Limits

Set method

Customer ID

String

50-character alphanumeric

'cust_id'=>$cust_id

Status Check

Boolean

true/false

$mpgHttpPost =new
mpgHttpsPostStatus($store_
id,$api_
token,$status,$mpgRequest);

July 2018

Canada Only

Page 113 of 477

Moneris Gateway API - Integration Guide

Sample code
Sample INTERAC® Online Payment Refund
'idebit_refund',
'order_id'=>$orderid,
'amount'=>'50.00',
'txn_number'=>$txn_number
);
## step 2) create a transaction object passing the hash created in
## step 1.
$mpgTxn = new mpgTransaction($txnArray);
## step 3) create a mpgRequest object passing the transaction object created
## in step 2
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
## step 4) create mpgHttpsPost object which does an https post ##
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
## step 5) get an mpgResponse object ##
$mpgResponse=$mpgHttpPost->getMpgResponse();
## step 6) retrieve data using get methods
print ("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
?>

5.8 INTERAC® Online Payment Field Definitions
Table 52: Field Definitions
Characters

Limits

Value
Description
IDEBIT_
MERCHNUM

Page 114 of 477

5-14

Numbers and uppercase letters

This field is provided by Moneris. For example, 0003MONMPGXXXX.

Canada Only

July 2018

5 INTERAC® Online Payment
Table 52: Field Definitions (continued)
Characters

Limits

Value
Description
IDEBIT_TERMID 8

Numbers and uppercase letters

Optional field
IDEBIT_
AMOUNT

1-12

IDEBIT_
CURRENCY

3

Numbers

Amount expressed in cents (for example, 1245 for $12.45) to charge to the card.
"CAD" or "USD"

National currency of the transaction.

IDEBIT_INVOICE 1-20

ISO-8859-1 encoded characters restricted to:
l
l
l
l
l

Uppercase and lowercase
Numbers
ÀÁÂÄÈÉÊËÎ Ï Ô ÙÛÜÇàáâäèéêëîïôù û ü ÿ ç
Spaces
#$. , -/ =?@'

Optional field
Can be the Order ID when used with Moneris Gateway fund confirmation transactions.
IDEBIT_
MERCHDATA

1024

ISO-8859-1 restricted to single-byte codes, hex 20 to 7E (consistent with
US-ASCII and ISO-8859-1 Latin-1).
Note that the following character combinations may not be accepted in
the IDEBIT_MERCHDATA field:
l

"/..", "/%2E.", "/.%2E", "/%2E%2E", "\\%2E%2E", "\\%2E.",
"\\.%2E", "\\%2E%2E", "&#", "<", "%3C", ">", "%3E"

Free form data provided by the merchant that will be passed back unchanged to the
merchant once the payment has been guaranteed in online banking.
This may be used to identify the customer, session or both.

July 2018

Canada Only

Page 115 of 477

Moneris Gateway API - Integration Guide
Table 52: Field Definitions (continued)
Characters

Limits

Value
Description
IDEBIT_
FUNDEDURL

1024

ISO-8859-1 restricted to single-byte codes, restricted to:
l
l
l

Uppercase and lowercase letters
Numbers
;/ ?:@&=+$, -_. !~*‘ ()%

Https address to which the issuer will redirect cardholders after guaranteeing the
fund through online banking.
IDEBIT_
1024
NOTFUNDEDURL

ISO-8859-1, restricted to single-byte codes, restricted to:
l
l
l

Uppercase and lowercase letters
Numbers
;/ ?:@&=+$, -_. !~*‘ ()%

Https address to which the issuer redirects cardholders after failing or canceling the
online banking process.
IDEBIT_
MERCHLANG

2

“en” or “fr”

Customer's current language at merchant.

IDEBIT_VERSION 3

Numbers

Initially, the value is 1.
IDEBIT_ISSLANG 2

“en” or “fr”

Customer’s current language at issuer.
IDEBIT_TRACK2

37

ISO-8859-1 (restricted to single-byte codes), hex 20 to 7E (consistent with
US-ASCII and ISO-8859-1 Latin-1)

Value returned by the issuer. It includes the PAN, expiry date, and transaction ID.
IDEBIT_ISSCONF 15

ISO-8859-1 encoded characters restricted to:
l
l
l
l
l

Uppercase and lowercase letters
Numbers
ÀÁÂÄÈÉÊËÎ Ï Ô ÙÛÜÇàáâäèéêëîïôù û ü ÿ ç
Spaces
#$. , -/ =?@'

Confirmation number returned from the issuer to be displayed on the merchant’s
confirmation page and on the receipt.

Page 116 of 477

Canada Only

July 2018

5 INTERAC® Online Payment
Table 52: Field Definitions (continued)
Characters

Limits

Value
Description
IDEBIT_
ISSNAME

30

ISO-8859-1 encoded characters restricted to:
l
l
l
l
l

Uppercase and lowercase letters
Numbers
ÀÁÂÄÈÉÊËÎ Ï Ô ÙÛÜÇàáâäèéêëîïôù û ü ÿ ç
Spaces
#$. , -/ =?@•'

Issuer name to be displayed on the merchant’s confirmation page and on the
receipt.

July 2018

Canada Only

Page 117 of 477

6 Mag Swipe Transaction Set
l
l

l

l
l

l
l
l

6.1 Mag Swipe Transaction Type Definitions
6.2 Mag Swipe Purchase
l 6.2.1 Encrypted Mag Swipe Purchase
6.3 Mag Swipe Pre-Authorization
l 6.3.1 Encrypted Mag Swipe Pre-Authorization
6.4 Mag Swipe Completion
6.5 Mag Swipe Force Post
l 6.5.1 Encrypted Mag Swipe Force Post
6.6 Mag Swipe Purchase Correction
6.7 Mag Swipe Refund
6.8 Mag Swipe Independent Refund
l 6.8.1 Encrypted Mag Swipe Independent Refund

Mag Swipe transactions allow customers to swipe a credit card and submit the Track2 details.
These transactions support the submission of Track2 as well as a manual entry of the credit card number
and expiry date. If all three fields are submitted, the Track2 details are used to process the transaction.

6.1 Mag Swipe Transaction Type Definitions
Purchase
Verifies funds on the customer’s card, removes the funds and prepares them for deposit into
the merchant’s account.
Pre-Authorization
Verifies and locks funds on the customer’s credit card. The funds are locked for a specified
amount of time based on the card issuer.
To retrieve the funds that have been locked by a Pre-Authorization transaction so that they
may be settled in the merchant’s account, a Completion transaction must be performed. A
Pre-Authorization may only be "completed" once.
Completion
Retrieves funds that have been locked (by a Mag Swipe Pre-Authorization transaction), and
prepares them for settlement into the merchant’s account.
Force Post
Retrieves the locked funds and prepares them for settlement into the merchant’s account.
This is used when a merchant obtains the authorization number directly from the issuer by a
third-party authorization method (such as by phone).
Purchase Correction
Restores the full amount of a previous Mag Swipe Purchase or Mag Swipe Completion transaction to the cardholder's card, and removes any record of it from the cardholder's statement. The order ID and transaction number from the original transaction are required, but
the credit card does not need to be re-swiped.
This transaction can be used against a Purchase or Completion transaction that occurred
same day provided that the batch containing the original transaction remains open. When
using the automated closing feature, Batch Close occurs daily between 10 and 11 pm Eastern
Time.

July 2018

Page 118 of 477

Moneris Gateway API - Integration Guide
This transaction is sometimes referred to as "void".
Refund
Restores all or part of the funds from a Mag Swipe Purchase or Mag Swipe Completion transaction to the cardholder's card. Unlike a Purchase Correction, there is a record of the refund.
Independent Refund
Credits a specified amount to the cardholder’s credit card.
This does not require a previous transaction (such as Mag Swipe Purchase) to be logged in the
Moneris Gateway. However, a credit card must be swiped to provide the Track2 data.

6.1.1 Encrypted Mag Swipe Transactions
Encrypted Mag Swipe transactions allow the customer to swipe or key in a credit card using a Monerisprovided encrypted mag swipe reader, and submit the encrypted Track2 details.
The encrypted mag swipe reader can be used for processing:
l
l
l

Swiped card-present transactions
Manually keyed card-present transactions
Manually keyed card-not-present transactions.

Encrypted Mag Swipe transactions are identical to the regular Mag Swipe transactions from the customer's perspective. However, the card data must be swiped or keyed in via a Moneris-provided encrypted mag swipe reader. Contact Moneris for more details.
Only Mag Swipe Purchase and Mag Swipe Pre-Authorization have encrypted versions. Their explanations
appear in this document as subsections of the regular (unencrypted) Mag Swipe Purchase and Mag
Swipe Pre-Authorization transactions respectively.

6.2 Mag Swipe Purchase
Mag Swipe Purchase transaction object definition
$txnArray = array(‘type’=>’track2_purchase', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Mag Swipe Purchase transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Mag Swipe Purchase transaction values
For a full description of mandatory and optional values, see Appendix A Definitions of Request Fields

Page 119 of 477

July 2018

6 Mag Swipe Transaction Set
Table 53: Mag Swipe Purchase transaction object mandatory values
Value

Type

Limits

Set method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Amount

String

9-character decimal

'amount'=>$amount

Credit card number

String

20-character numeric

'pan'=>$pan

OR

OR

OR

Track2 data

40-character numeric

track2=>$track

4-character alphanumeric

'expdate'=>$expiry_date

Expiry date

String

(YYMM format)
POS code

String

2-character numeric

'pos_code'=>$pos_code

Table 54: Mag Swipe Purchase transaction optional values
Value

Type

Limits

Set method

AVS information

Object

N/A

$mpgTxn->setAvsInfo
($mpgAvsInfo);

Customer ID

String

50-character alphanumeric

'cust_id'=>$cust_id

CVD information

Object

N/A

$mpgTxn->setCvdInfo
($mpgCvdInfo);

Dynamic descriptor

String

20-character alphanumeric

'dynamic_
descriptor'=>$dynamic_
descriptor

Status Check

Boolean

true/false

$mpgHttpPost =new
mpgHttpsPostStatus($store_
id,$api_
token,$status,$mpgRequest);

Sample Mag Swipe Purchase
'track2_purchase',
order_id=>$orderid,
cust_id=>$custid,
amount=>$amount,
track2=>$track,
pan=>'',
expdate=>'',
pos_code=>'00',
dynamic_descriptor=>'nqa'
);
/************************ Transaction Object *******************************/
$mpgTxn = new mpgTransaction($txnArray);
/************************ Request Object **********************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/************************ mpgHttpsPost Object ******************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
//Status check example
//$mpgHttpPost = new mpgHttpsPostStatus($store_id,$api_token,$status,$mpgRequest);
/************************ Response Object **********************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());

Page 121 of 477

July 2018

6 Mag Swipe Transaction Set

Sample Mag Swipe Purchase
print("\nTimedOut = " . $mpgResponse->getTimedOut());
print("\nCardLevelResult = " . $mpgResponse->getCardLevelResult());
//print("\nStatusCode = " . $mpgResponse->getStatusCode());
//print("\nStatusMessage = " . $mpgResponse->getStatusMessage());
?>

6.2.1 Encrypted Mag Swipe Purchase
Encrypted Mag Swipe Purchase transaction object definition
$txnArray = array(‘type’=>’enc_track2_purchase', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Encrypted Mag Swipe Purchase transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Encrypted Mag Swipe Purchase transaction values
For a full description of mandatory and optional values, see Appendix A Definitions of Request Fields
Table 55: Encrypted Mag Swipe Purchase transaction object mandatory values
Value

Type

Limits

Set method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Amount

String

9-character decimal

'amount'=>$amount

Encrypted Track2 data

String

n/a

'enc_track2'=>$enc_track2

POS code

String

2-character numeric

'pos_code'=>$pos_code

Device type

String

30-character alphanumeric

'device_type'=>$device_type

July 2018

Page 122 of 477

Moneris Gateway API - Integration Guide
Table 56: Encrypted Mag Swipe Purchase transaction optional values
Value

Type

Limits

Set method

Customer ID

String

50-character alphanumeric

'cust_id'=>$cust_id

Status Check

Boolean

true/false

$mpgHttpPost =new
mpgHttpsPostStatus($store_
id,$api_
token,$status,$mpgRequest);

AVS information

Object

Not applicable. Click
hereSee 9.1 (page
282).

$mpgTxn->setAvsInfo
($mpgAvsInfo);

Dynamic descriptor

String

20-character alphanumeric

'dynamic_
descriptor'=>$dynamic_
descriptor

Sample Encrypted Mag Swipe Purchase
'enc_track2_purchase',
order_id=>$orderid,
cust_id=>'cust',
amount=>$amount,
enc_track2=>$enc_track2,
pos_code=>$pos_code,
device_type=>$device_type
);
/********************** AVS Associative Array *************************/
$avsTemplate = array(
avs_street_number=>"123",
avs_street_name =>"bloor st w",
avs_zipcode => "90210"
);
/************************** AVS Object ********************************/
$mpgAvsInfo = new mpgAvsInfo ($avsTemplate);
/************************ Transaction Object *******************************/
$mpgTxn = new mpgTransaction($txnArray);
/************************ Set AVS and CVD *****************************/
$mpgTxn->setAvsInfo($mpgAvsInfo);
/************************ Request Object **********************************/

Page 123 of 477

July 2018

6 Mag Swipe Transaction Set

Sample Encrypted Mag Swipe Purchase
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/************************ mpgHttpsPost Object ******************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/************************ Response Object **********************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
print("\nMaskedPan = " . $mpgResponse->getMaskedPan());
?>

6.3 Mag Swipe Pre-Authorization
Mag Swipe Pre-Authorization transaction object definition
$txnArray = array(‘type’=>’track2preauth', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Mag Swipe Pre-Authorization transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Mag Swipe Pre-Authorization transaction values
For a full description of mandatory and optional values, see Appendix A Definitions of Request Fields
Table 57: Mag Swipe Pre-Authorization transaction object mandatory values
Value

Type

Limits

Set method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Amount

String

9-character decimal

'amount'=>$amount

Credit card number

String

20-character numeric

'pan'=>$pan

OR

OR

OR

July 2018

Page 124 of 477

Moneris Gateway API - Integration Guide
Table 57: Mag Swipe Pre-Authorization transaction object mandatory values (continued)
Value

Type

Track2 data
Expiry date

String

Limits

Set method

40-character numeric

track2=>$track

4-character alphanumeric

'expdate'=>$expiry_date

(YYMM format)
POS code

String

2-character numeric

'pos_code'=>$pos_code

Table 58: Mag Swipe Pre-Authorization transaction optional values
Value

Type

Limits

Set method

Customer ID

String

50-character alphanumeric

'cust_id'=>$cust_id

Dynamic descriptor

String

20-character alphanumeric

'dynamic_
descriptor'=>$dynamic_
descriptor

Status Check

Boolean

true/false

$mpgHttpPost =new
mpgHttpsPostStatus($store_
id,$api_
token,$status,$mpgRequest);

Sample Mag Swipe Pre-Authorization
'track2_preauth',
order_id=>$orderid,
cust_id=>'cust',
amount=>$amount,
track2=>$track,
pan=>$pan,
expdate=>$expdate,
pos_code=>'00',
dynamic_descriptor=>'nqa'
);
/************************ Transaction Object *******************************/
$mpgTxn = new mpgTransaction($txnArray);
/************************ Request Object **********************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/************************ mpgHttpsPost Object ******************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
//Status check example
//$mpgHttpPost = new mpgHttpsPostStatus($store_id,$api_token,$status,$mpgRequest);
/************************ Response Object **********************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
print("\nCardLevelResult = " . $mpgResponse->getCardLevelResult());
//print("\nStatusCode = " . $mpgResponse->getStatusCode());
//print("\nStatusMessage = " . $mpgResponse->getStatusMessage());
?>

6.3.1 Encrypted Mag Swipe Pre-Authorization
Encrypted Mag Swipe Pre-Authorization transaction object definition
$txnArray = array(‘type’=>’enc_track2_preauth', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Encrypted Mag Swipe Pre-Authorization transaction
$mpgRequest = new mpgRequest($mpgTxn);

July 2018

Page 126 of 477

Moneris Gateway API - Integration Guide
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Encrypted Mag Swipe Pre-Authorization transaction values
For a full description of mandatory and optional values, see Appendix A Definitions of Request Fields
Table 59: Encrypted Mag Swipe Pre-Authorization transaction object mandatory values
Value

Type

Limits

Set method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Amount

String

9-character decimal

'amount'=>$amount

Credit card number

String

20-character numeric

'pan'=>$pan

OR

OR

OR

Encrypted Track2

n/a

'enc_track2'=>$enc_track2

POS code

String

2-character numeric

'pos_code'=>$pos_code

Device type

String

30-character alphanumeric

'device_type'=>$device_type

Table 60: Encrypted Mag Swipe Pre-Authorization transaction optional values
Value

Type

Limits

Customer ID

String

50-character alphanumeric

Status Check

Boolean

true/false

Set method
'cust_id'=>$cust_id

$mpgHttpPost =new
mpgHttpsPostStatus($store_
id,$api_
token,$status,$mpgRequest);

Sample Encrypted Mag Swipe Pre-Authorization
'enc_track2_preauth',
order_id=>$orderid,
cust_id=>'cust',
amount=>$amount,
enc_track2=>$enc_track2,
pos_code=>$pos_code,
device_type=>$device_type,
dynamic_descriptor=>'12345'
);
/************************ Transaction Object *******************************/
$mpgTxn = new mpgTransaction($txnArray);
/************************ Request Object **********************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/************************ mpgHttpsPost Object ******************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/************************ Response Object **********************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
print("\nMaskedPan = " . $mpgResponse->getMaskedPan());
?>

6.4 Mag Swipe Completion
Mag Swipe Completion transaction object definition
$txnArray = array(‘type’=>’track2_completion', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Mag Swipe Completion transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Mag Swipe Completion transaction values
For a full description of mandatory and optional values, see Appendix A Definitions of Request Fields

July 2018

Page 128 of 477

Moneris Gateway API - Integration Guide
Table 61: Mag Swipe Completion transaction object mandatory values
Value

Type

Limits

Set method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Transaction number

String

255-character variable
character

'txn_number'=>$txn_number

Completion Amount

String

9-character decimal

'comp_amount'=>$comp_amount

POS code

String

2-character numeric

track2completion
'pos_code'=>$pos_code

Table 62: Mag Swipe Completion transaction optional values
Value

Type

Limits

Set method

Customer ID

String

50-character alphanumeric

'cust_id'=>$cust_id

Status Check

Boolean

true/false

$mpgHttpPost =new
mpgHttpsPostStatus($store_
id,$api_
token,$status,$mpgRequest);

Dynamic descriptor

String

20-character alphanumeric

'dynamic_
descriptor'=>$dynamic_
descriptor

Sample Mag Swipe Completion
'track2_completion',
order_id=>$orderid,
comp_amount=>$compamount,
txn_number=>$txnnumber,
pos_code=>'00',
dynamic_descriptor=>$dynamic_descriptor
);

Page 129 of 477

July 2018

6 Mag Swipe Transaction Set

Sample Mag Swipe Completion
/************************ Transaction Object *******************************/
$mpgTxn = new mpgTransaction($txnArray);
/************************ Request Object **********************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/************************ mpgHttpsPost Object ******************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
//Status check example
//$mpgHttpPost = new mpgHttpsPostStatus($store_id,$api_token,$status,$mpgRequest);
/************************ Response Object **********************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
//print("\nStatusCode = " . $mpgResponse->getStatusCode());
//print("\nStatusMessage = " . $mpgResponse->getStatusMessage());
?>

6.5 Mag Swipe Force Post
Mag Swipe Force Post transaction object definition
$txnArray = array(‘type’=>’track2_forcepost', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Mag Swipe Force Post transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Mag Swipe Force Post transaction mandatory arguments
For a full description of mandatory and optional values, see Appendix A Definitions of Request Fields

July 2018

Page 130 of 477

Moneris Gateway API - Integration Guide
Table 63: Mag Swipe Force Post transaction object mandatory values
Value

Type

Limits

Set method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Amount

String

9-character decimal

'amount'=>$amount

Credit card number

String

20-character numeric

'pan'=>$pan

OR

OR

OR

Track2 data

40-character numeric

track2=>$track

4-character alphanumeric

'expdate'=>$expiry_date

Expiry date

String

(YYMM format)
POS code

String

2-character numeric

'pos_code'=>$pos_code

Authorization code

String

8-character alphanumeric

'auth_code'=>$auth_code

Table 64: Mag Swipe Force Post transaction optional values
Value

Type

Limits

Set method

Customer ID

String

50-character alphanumeric

'cust_id'=>$cust_id

Status Check

Boolean

true/false

$mpgHttpPost =new
mpgHttpsPostStatus($store_
id,$api_
token,$status,$mpgRequest);

Dynamic descriptor

String

20-character alphanumeric

track2forcePost
'dynamic_
descriptor'=>$dynamic_
descriptor

Sample Mag Swipe Force Post
'track2_forcepost',
order_id=>$orderid,
cust_id=>$custid,
amount=>$amount,
track2=>$track,
pan=>'',
expdate=>'',
pos_code=>'00',
auth_code=>$authcode,
dynamic_descriptor=>'nqa'
);
/************************ Transaction Object *******************************/
$mpgTxn = new mpgTransaction($txnArray);
/************************ Request Object **********************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/************************ mpgHttpsPost Object ******************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
//Status check example
//$mpgHttpPost = new mpgHttpsPostStatus($store_id,$api_token,$status,$mpgRequest);
/************************ Response Object **********************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());

July 2018

Page 132 of 477

Moneris Gateway API - Integration Guide

Sample Mag Swipe Force Post
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
//print("\nStatusCode = " . $mpgResponse->getStatusCode());
//print("\nStatusMessage = " . $mpgResponse->getStatusMessage());
?>

6.5.1 Encrypted Mag Swipe Force Post
The Encrypted Mag Swipe Force Post is used when a merchant obtains the authorization number directly
from the issuer using a phone or any third-party authorization method. This transaction does not
require that an existing order be logged in the Moneris Gateway. However, the credit card must be
swiped or keyed in using a Moneris-provided encrypted mag swipe reader, and the encrypted Track2
details must be submitted. There are also optional fields that may be submitted such as cust_id and
dynamic_descriptor.
To complete the transaction, the authorization number obtained from the issuer must be entered.

Encrypted Mag Swipe Force Post transaction object definition
$txnArray=array(type=>'enc_track2_forcepost', ...);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Encrypted Mag Swipe Force Post transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Encrypted Mag Swipe Force Post transaction object values
Table 1: Encrypted Mag Swipe Force Post transaction object mandatory values
Value

Type

Limits

Set Method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Amount

String

9-character decimal

'amount'=>$amount

Encrypted Track2 data

String

n/a

'enc_track2'=>$enc_track2

Page 133 of 477

July 2018

6 Mag Swipe Transaction Set

Value

Type

Limits

Set Method

POS Code

String

2-character numeric

'pos_code'=>$pos_code

Device type

String

30-character alphanumeric

'device_type'=>$device_type

Authorization Code

String

8-character alphanumeric

'auth_code'=>$auth_code

Table 2: Encrypted Mag Swipe Force Post transaction object optional values
Value

Type

Limits

Set Method

Status Check

Boolean

true/false

$mpgHttpPost =new
mpgHttpsPostStatus($store_
id,$api_
token,$status,$mpgRequest);

Customer ID

String

50-character alphanumeric

'cust_id'=>$cust_id

Dynamic descriptor

String

20-character alphanumeric

'dynamic_
descriptor'=>$dynamic_
descriptor

Sample Encrypted Mag Swipe Force Post
'enc_track2_forcepost',
order_id=>$orderid,
cust_id=>'cust',
amount=>$amount,
enc_track2=>$enc_track2,
pos_code=>$pos_code,
device_type=>$device_type,
auth_code=>$auth_code,
dynamic_descriptor=>'12345'
);

July 2018

Page 134 of 477

Moneris Gateway API - Integration Guide

Sample Encrypted Mag Swipe Force Post
/************************ Transaction Object *******************************/
$mpgTxn = new mpgTransaction($txnArray);
/************************ Request Object **********************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/************************ mpgHttpsPost Object ******************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/************************ Response Object **********************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
print("\nMaskedPan = " . $mpgResponse->getMaskedPan());
?>

6.6 Mag Swipe Purchase Correction
Mag Swipe Purchase Correction transaction object definition
$txnArray = array(‘type’=>’track2_purchasecorrection', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Mag Swipe Purchase Correction transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Mag Swipe Purchase Correction transaction values
For a full description of mandatory and optional values, see Appendix A Definitions of Request Fields

Page 135 of 477

July 2018

6 Mag Swipe Transaction Set
Table 65: Mag Swipe Purchase Correction transaction object mandatory values
Value

Type

Limits

Set method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Transaction number

String

255-character alphanumeric

'txn_number'=>$txn_number

Table 66: Mag Swipe Purchase Correction transaction optional values
Value

Type

Limits

Set method

Customer ID

String

50-character alphanumeric

'cust_id'=>$cust_id

Status Check

Boolean

true/false

$mpgHttpPost =new
mpgHttpsPostStatus($store_
id,$api_
token,$status,$mpgRequest);

Sample Mag Swipe Purchase Correction
'track2_purchasecorrection',
order_id=>$orderid,
txn_number=>$txnnumber,
dynamic_descriptor=>$dynamic_descriptor
);
/************************ Transaction Object *******************************/
$mpgTxn = new mpgTransaction($txnArray);
/************************ Request Object **********************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/************************ mpgHttpsPost Object ******************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
//Status check example
//$mpgHttpPost = new mpgHttpsPostStatus($store_id,$api_token,$status,$mpgRequest);
/************************ Response Object **********************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());

July 2018

Page 136 of 477

Moneris Gateway API - Integration Guide

Sample Mag Swipe Purchase Correction
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
//print("\nStatusCode = " . $mpgResponse->getStatusCode());
//print("\nStatusMessage = " . $mpgResponse->getStatusMessage());
?>

6.7 Mag Swipe Refund
Mag Swipe Refund transaction object definition
$txnArray = array(‘type’=>’track2_refund', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Mag Swipe Refund transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Mag Swipe Refund transaction values
For a full description of mandatory and optional values, see Appendix A Definitions of Request Fields
Table 67: Mag Swipe Refund transaction object mandatory values
Value

Type

Limits

Set method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Amount

String

9-character decimal

'amount'=>$amount

Transaction number

String

255-character alphanumeric

'txn_number'=>$txn_number

Page 137 of 477

July 2018

6 Mag Swipe Transaction Set
Table 68: Mag Swipe Refund transaction optional values
Value

Type

Limits

Set method

Customer ID

String

50-character alphanumeric

'cust_id'=>$cust_id

Status Check

Boolean

true/false

$mpgHttpPost =new
mpgHttpsPostStatus($store_
id,$api_
token,$status,$mpgRequest);

Dynamic descriptor

String

20-character alphanumeric

'dynamic_
descriptor'=>$dynamic_
descriptor

Sample Mag Swipe Refund
'track2_refund',
order_id=>$orderid,
amount=>$amount,
txn_number=>$txnnumber,
dynamic_descriptor=>$dynamic_descriptor
);
/************************ Transaction Object *******************************/
$mpgTxn = new mpgTransaction($txnArray);
/************************ Request Object **********************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/************************ mpgHttpsPost Object ******************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
//Status check example
//$mpgHttpPost = new mpgHttpsPostStatus($store_id,$api_token,$status,$mpgRequest);
/************************ Response Object **********************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nAuthCode = " . $mpgResponse->getAuthCode());

July 2018

Page 138 of 477

Moneris Gateway API - Integration Guide

Sample Mag Swipe Refund
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
//print("\nStatusCode = " . $mpgResponse->getStatusCode());
//print("\nStatusMessage = " . $mpgResponse->getStatusMessage());
?>

6.8 Mag Swipe Independent Refund
NOTE: If you receive a TRANSACTION NOT ALLOWED error, it may mean the Mag
Swipe Independent Refund transaction is not supported on your account. Contact Moneris
to have it temporarily (re-)enabled.

Mag Swipe Independent Refund transaction object definition
$txnArray = array(‘type’=>’track2_ind_refund', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Mag Swipe Independent Refund transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Page 139 of 477

July 2018

6 Mag Swipe Transaction Set

Mag Swipe Independent Refund transaction values
Table 69: Mag Swipe Independent Refund transaction object mandatory values
Value

Type

Limits

Set method

Order ID

String

50-character alphanumeric

'order_id'=>$order_
id

Amount

String

9-character decimal

'amount'=>$amount

Credit card number

String

20-character numeric

'pan'=>$pan

Track2 data

String

40-character numeric

track2=>$track

Expiry date

String

4-character alphanumeric

'expdate'=>$expiry_
date

(YYMM format)
POS code

String

2-character numeric

'pos_code'=>$pos_
code

Table 70: Mag Swipe Independent Refund transaction optional values
Value

Type

Limits

Set method

Customer ID

String

50-character alphanumeric

'cust_id'=>$cust_id

Dynamic descriptor

String

20-character alphanumeric

'dynamic_
descriptor'=>$dynamic_
descriptor

Status Check

Boolean

true/false

$mpgHttpPost =new
mpgHttpsPostStatus($store_
id,$api_
token,$status,$mpgRequest);

Sample Mag Swipe Independent Refund
'track2_ind_refund',
order_id=>$orderid,
cust_id=>$custid,
amount=>$amount,
track2=>$track,
pan=>'',
expdate=>'',
pos_code=>'00',
dynamic_descriptor=>'nqa'
);
/************************ Transaction Object *******************************/
$mpgTxn = new mpgTransaction($txnArray);
/************************ Request Object **********************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/************************ mpgHttpsPost Object ******************************/
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);
//Status check example
//$mpgHttpPost = new mpgHttpsPostStatus($store_id,$api_token,$status,$mpgRequest);
/************************ Response Object **********************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
//print("\nStatusCode = " . $mpgResponse->getStatusCode());
//print("\nStatusMessage = " . $mpgResponse->getStatusMessage());
?>

6.8.1 Encrypted Mag Swipe Independent Refund
The Encrypted Mag Swipe Independent Refund credits a specified amount to the cardholder’s credit
card. The Encrypted Mag Swipe Independent Refund does not require an existing order to be logged in
the Moneris Gateway. However, the credit card must be swiped using the Moneris-provided encrypted
mag swipe reader to provide the encrypted track2 details.

Page 141 of 477

July 2018

6 Mag Swipe Transaction Set
There are also optional fields that may be submitted such as cust_id and dynamic_descriptor. The
transaction format is almost identical to Encrypted Mag Swipe Purchase and Encrypted Mag Swipe
PreAuth.

NOTE:

The Encrypted Mag Swipe Independent Refund transaction may not be supported on
your account. This may yield a TRANSACTION NOT ALLOWED error when attempting the
transaction.
To temporarily enable (or re-enable) the Independent Refund transaction type, contact
Moneris

Encrypted Mag Swipe Independent Refund transaction object definition
$txnArray = array(‘type’=>’enc_track2_ind_refund', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Encrypted Mag Swipe Independent Refund transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Encrypted Mag Swipe Independent Refund transaction object values
Table 1: Encrypted Mag Swipe Independent Refund transaction object mandatory values
Value

Type

Limits

Set Method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Amount

String

9-character decimal

'amount'=>$amount

Encrypted Track 2 data

String

n/a

'enc_track2'=>$enc_track2

Device Type

String

30-character alphanumeric

'device_type'=>$device_type

POS Code

String

2-character numeric

'pos_code'=>$pos_code

July 2018

Page 142 of 477

Moneris Gateway API - Integration Guide
Table 2: Encrypted Mag Swipe Independent Refund transaction object optional values
Value

Type

Limits

Set Method

Status Check

Boolean

true/false

$mpgHttpPost =new
mpgHttpsPostStatus($store_
id,$api_
token,$status,$mpgRequest);

Customer ID

String

50-character alphanumeric

'cust_id'=>$cust_id

Page 143 of 477

July 2018

6 Mag Swipe Transaction Set

Sample Encrypted Mag Swipe Independent Refund
'enc_track2_ind_refund',
order_id=>$orderid,
cust_id=>'cust',
amount=>$amount,
enc_track2=>$enc_track2,
pos_code=>$pos_code,
device_type=>$device_type,
dynamic_descriptor=>'12345'
);
/************************ Transaction Object *******************************/
$mpgTxn = new mpgTransaction($txnArray);
/************************ Request Object **********************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/************************ mpgHttpsPost Object ******************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/************************ Response Object **********************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
print("\nMaskedPan = " . $mpgResponse->getMaskedPan());
?>

July 2018

Page 144 of 477

7 Level 2/3 Transactions
l
l
l
l

7.1
7.2
7.3
7.4

About Level 2/3 Transactions
Level 2/3 Visa Transactions
Level 2/3 MasterCard Transactions
Level 2/3 American Express Transactions

7.1 About Level 2/3 Transactions
The Moneris Gateway API supports passing Level 2/3 purchasing card transaction data for
Visa, MasterCard and American Express corporate cards.
All Level 2/3 transactions use the same Pre-Authorization transaction as described in the topic PreAuthorization (page 18).

7.2 Level 2/3 Visa Transactions
l
l
l
l
l
l
l
l

7.2.1
7.2.2
7.2.3
7.2.5
7.2.4
7.2.6
7.2.7
7.2.8

Level 2/3 Transaction Types for Visa
Level 2/3 Transaction Flow for Visa
VS Completion
VS Force Post
VS Purchase Correction
VS Refund
VS Independent Refund
VS Corpais

7.2.1 Level 2/3 Transaction Types for Visa
This transaction set includes a suite of corporate card financial transactions as well as a transaction that
allows for the passing of Level 2/3 data. Please ensure that Visa Level 2/3 support is enabled on your merchant account. Batch Close, Open Totals and Pre-authorization are identical to the transactions outlined
in the section Basic Transaction Set (page 11).
l

l

When the Pre-authorization response contains CorporateCard equal to true then you can submit
the Visa transactions.
If CorporateCard is false then the card does not support Level 2/3 data and non Level 2/3 transaction are to be used. If the card is not a corporate card, please refer to the section 2 Basic Transaction Set for the appropriate non-corporate card transactions.

NOTE: This transaction set is intended for transactions where Corporate Card is true and
Level 2/3 data will be submitted. If the credit card is found to be a corporate card but you do

July 2018

Page 145 of 477

Moneris Gateway API - Integration Guide
not wish to send any Level 2/3 data then you may submit Visa transactions using the basic
transaction set outlined in 2 Basic Transaction Set.

Pre-authorization– (authorization/pre-authorization)
Pre-authorization verifies and locks funds on the customer’s credit card. The funds are locked
for a specified amount of time, based on the card issuer. To retrieve the funds from a preauth
so that they may be settled in the merchant account a capture must be performed. CorporateCard will return as true if the card supports Level 2/3.
VS Completion – (Capture/Pre-authorization Completion)
Once a Pre-authorization is obtained the funds that are locked need to be retrieved from the
customer’s credit card. The capture retrieves the locked funds and readies them for settlement into the merchant account. Prior to performing a VS Completion, a Pre-authorization
must be performed. Once the transaction is completed, VS Corpais must be used to process
the Level 2/3 data.
VS Force Post – (Force Capture/Pre-authorization Completion)
This transaction is an alternative to VS Completion to obtain the funds locked on Pre-auth
obtained from IVR or equivalent terminal. The VS Force Post retrieves the locked funds and
readies them for settlement in to the merchant account. Once the transaction is completed,
VS Corpais must be used to process the Level 2/3 data.
VS Purchase Correction (Void, Correction)
VS Completion and VS Force Post can be voided the same day* that they occur. A
VS Purchase Correction must be for the full amount of the transaction and will remove any
record of it from the cardholder statement.
VS Refund – (Credit)
A VS Refund can be performed against a VS Completion to refund any part or all of the transaction. Once the transaction is completed, VS Corpais must be used to process the Level 2/3
data.
VS Independent Refund – (Credit)
A VS Independent Refund can be performed against a purchase or a capture to refund any
part, or all of the transaction. Independent refund is used when the originating transaction
was not performed through Moneris Gateway. Once the transaction is completed, VS Corpais
must be used to process the Level 2/3 data.
NOTE: the Independent Refund transaction may or may not be supported on your
account. If you receive a transaction not allowed error when attempting an independent refund, it may mean the transaction is not supported on your account. If you
wish to have the Independent Refund transaction type temporarily enabled (or reenabled), please contact the Service Centre at 1-866-319-7450.
VS Corpais – (Level 2/3 Data)
VS Corpais will contain all the required and optional data fields for Level 2/3 Business to Business data. VS Corpais data can be sent when the card has been identified in the Pre-authorization transaction request as being a corporate card.

Page 146 of 477

July 2018

7 Level 2/3 Transactions
* A VS Purchase Correction can be performed against a transaction as long as the batch that contains the
original transaction remains open. When using the automated closing feature, the batch close occurs
daily between 10 – 11 pm EST.

July 2018

Page 147 of 477

Moneris Gateway API - Integration Guide

7.2.2 Level 2/3 Transaction Flow for Visa
Pre-authorization/Completion Transaction Flow

Page 148 of 477

July 2018

7 Level 2/3 Transactions

Purchase Correction Transaction Flow

July 2018

Page 149 of 477

Moneris Gateway API - Integration Guide

7.2.3 VS Completion
Once a Pre-authorization is obtained, the funds that are locked need to be retrieved from the customer’s
credit card. This VS Completion transaction is used to secure the funds locked by a pre-authorization
transaction and readies them for settlement into the merchant account.

NOTE: Once you have completed this transaction successfully, to submit the complete supplemental level 2/3 data, please proceed to VS Corpais.

VS Completion transaction object definition
$txnArray = array(‘type’=>’vscompletion', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for VS Completion transaction object
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

VS Completion transaction object values
Table 1: VS Completion transaction object mandatory values
Value

Type

Limits

Set Method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Completion amount

String

9-character decimal

'comp_amount'=>$comp_amount

Transaction number

String

255-character alphanumeric

'txn_number'=>$txn_number

E-Commerce Indicator

String

1-character alphanumeric

'crypt_type'=>$crypt

Table 2: Visa - Corporate Card Common Data - Level 2 Request Fields
Req*
Y

Value
National Tax

Limits

Set Method

12-character decimal
'national_
tax'=>$national_
tax

Page 150 of 477

Description
Must reflect
the amount of
National Tax
(GST or HST)
appearing on
the invoice.

July 2018

7 Level 2/3 Transactions

Req*

Value

Limits

Set Method

Description
Minimum 0.01 Maximum
- 999999.99.
Must have 2
decimal places.

Y

Merchant
VAT Registration/Single
Business Reference

20-character alphanumeric

'merchant_vat_
no'=>$merchant_
vat_no

Merchant’s Tax
Registration
Number
must be
provided if tax
is included on
the invoice
NOTE: Must
not be all
spaces or all
zeroes

C

Local Tax

12-character decimal

'local_
tax'=>$local_tax

Must reflect
the amount of
Local Tax (PST
or QST) appearing on the
invoice
If Local Tax
included then
must not be all
spaces or all zeroes; Must be
provided if
Local Tax (PST
or QST) applies
Minimum =
0.01
Maximum =
999999.99
Must have 2
decimal places

C

Local Tax (PST or QST)

July 2018

15-character alpha-

'local_tax_
no'=>$local_tax_no

Merchant's

Page 151 of 477

Moneris Gateway API - Integration Guide

Req*

Value
Registration Number

Limits

Set Method

numeric

Description
Local Tax
(PST/QST)
Registration
Number
Must be
provided if tax
is included on
the invoice; If
Local Tax
included then
must not be all
spaces or all zeroes
Must be
provided if
Local Tax (PST
or QST) applies

C

Customer
VAT Registration Number

13-character alphanumeric

'customer_vat_
no'=>$customer_
vat_no

If the Customer’s Tax
Registration
Number
appears on the
invoice to support tax
exempt transactions it must
be provided
here

C

Customer Code/Customer Reference Identifier (CRI)

16-character alphanumeric

'cri'=>$cri

Value which
the customer
may choose to
provide to the
supplier at the
point of sale –
must be
provided if
given by the
customer

N

Customer Code

17-character alphanumeric

'customer_
code'=>$customer_
code

Optional customer code
field that will
not be passed

Page 152 of 477

July 2018

7 Level 2/3 Transactions

Req*

Value

Limits

Set Method

Description
along to Visa,
but will be
included on
Moneris reporting

N

Invoice Number

17-character alphanumeric

'invoice_
number'=>$invoice_
number

Optional
invoice number
field that will
not be passed
along to Visa,
but will be
included on
Moneris reporting

*Y = Required, N = Optional, C = Conditional
Sample VS Completion
$type,
'order_id'=>$order_id,
'comp_amount'=>$comp_amount,
'txn_number'=>$txn_number,
'crypt_type'=>$crypt,
'national_tax'=>$national_tax,
'merchant_vat_no'=>$merchant_vat_no,
'local_tax'=>$local_tax,
'customer_vat_no'=>$customer_vat_no,
'cri'=>$cri,
'local_tax_no'=>$local_tax_no
);
/**************************** Transaction Object *****************************/

July 2018

Page 153 of 477

Moneris Gateway API - Integration Guide

Sample VS Completion
$mpgTxn = new mpgTransaction($txnArray);
/****************************** Request Object *******************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/***************************** HTTPS Post Object *****************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
//Status check example
//$mpgHttpPost = new mpgHttpsPostStatus($store_id,$api_token,$status,$mpgRequest);
/******************************* Response ************************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
//print("\nStatusCode = " . $mpgResponse->getStatusCode());
//print("\nStatusMessage = " . $mpgResponse->getStatusMessage());
?>

7.2.4 VS Purchase Correction
The VS Purchase Correction (also known as a "void") transaction is used to cancel a transaction that was
performed in the current batch. No amount is required because a void is always for 100% of the original
transaction. The only transaction that can be voided using VS Purchase Correction is a VS Completion or
VS Force Post. To send a void the order_id and txn_number from the VS Completion/VS Force Post are
required.

VS Purchase Correction transaction object definition
$txnArray = array(‘type’=>’vspurchasecorrection', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for VS Purchase Correction transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Page 154 of 477

July 2018

7 Level 2/3 Transactions

VS Purchase Correction transaction object values
Table 1: VS Purchase Correction transaction object mandatory values
Value

Type

Limits

Set Method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Transaction number

String

255-character alphanumeric

'txn_number'=>$txn_number

E-Commerce Indicator

String

1-character alphanumeric

'crypt_type'=>$crypt

Sample VS Purchase Correction
$type,
'order_id'=>$order_id,
'amount'=>$amount,
'txn_number'=>$txn_number,
'crypt_type'=>$crypt
);
/**************************** Transaction Object *****************************/
$mpgTxn = new mpgTransaction($txnArray);
/****************************** Request Object *******************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/***************************** HTTPS Post Object *****************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
//Status check example
//$mpgHttpPost = new mpgHttpsPostStatus($store_id,$api_token,$status,$mpgRequest);
/******************************* Response ************************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());

July 2018

Page 155 of 477

Moneris Gateway API - Integration Guide

Sample VS Purchase Correction
print("\nMessage = " . $mpgResponse->getMessage());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
//print("\nStatusCode = " . $mpgResponse->getStatusCode());
//print("\nStatusMessage = " . $mpgResponse->getStatusMessage());
?>

7.2.5 VS Force Post
The VS Force Post transaction is used to secure the funds locked by a pre-authorization transaction performed over IVR or equivalent terminal. When sending a force post request, you will need Order ID,
Amount,Credit Card Number, Expiry Date, E-commerce Indicator and the Authorization Code received in
the pre-authorization response.

NOTE: Once you have completed this transaction successfully, to submit the complete supplemental level 2/3 data, please proceed to VS Corpais.

VS Force Post transaction object definition
$txnArray = array(‘type’=>’vsforcepost', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for VS Force Post transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

VS Force Post transaction object values
Table 1: VS Force Post transaction object mandatory values
Value

Type

Limits

Set Method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Amount

String

9-character decimal

'amount'=>$amount

Credit card number

String

20-character numeric

'pan'=>$pan

Expiry Date

String

4-character numeric

'expdate'=>$expiry_date

Page 156 of 477

July 2018

7 Level 2/3 Transactions

Value

Type

Limits

Set Method

YYMM format
Authorization code

String

8-character alphanumeric

'auth_code'=>$auth_code

E-commerce Indicator

String

1-character alphanumeric

'crypt_type'=>$crypt

Table 2: VS Force Post transaction object optional values
Value

Type

Customer ID

String

Limits
50-character alphanumeric

Set Method
'cust_id'=>$cust_id

Table 3: Visa - Corporate Card Common Data - Level 2 Request Fields
Req*
Y

Value
National Tax

Limits
12-character decimal

Set Method
'national_
tax'=>$national_
tax

Description
Must reflect
the amount of
National Tax
(GST or HST)
appearing on
the invoice.
Minimum 0.01 Maximum
- 999999.99.
Must have 2
decimal places.

Y

Merchant
VAT Registration/Single
Business Reference

20-character alphanumeric

'merchant_vat_
no'=>$merchant_
vat_no

Merchant’s Tax
Registration
Number
must be
provided if tax
is included on
the invoice
NOTE: Must
not be all
spaces or all
zeroes

July 2018

Page 157 of 477

Moneris Gateway API - Integration Guide

Req*

C

Value

Local Tax

Limits

12-character decimal

Set Method

'local_
tax'=>$local_tax

Description

Must reflect
the amount of
Local Tax (PST
or QST) appearing on the
invoice
If Local Tax
included then
must not be all
spaces or all zeroes; Must be
provided if
Local Tax (PST
or QST) applies
Minimum =
0.01
Maximum =
999999.99
Must have 2
decimal places

C

Local Tax (PST or QST)
Registration Number

15-character alphanumeric

'local_tax_
no'=>$local_tax_no

Merchant's
Local Tax
(PST/QST)
Registration
Number
Must be
provided if tax
is included on
the invoice; If
Local Tax
included then
must not be all
spaces or all zeroes
Must be
provided if
Local Tax (PST
or QST) applies

Page 158 of 477

July 2018

7 Level 2/3 Transactions

Req*

Value

Limits

Set Method

Description

C

Customer
VAT Registration Number

13-character alphanumeric

'customer_vat_
no'=>$customer_
vat_no

If the Customer’s Tax
Registration
Number
appears on the
invoice to support tax
exempt transactions it must
be provided
here

C

Customer Code/Customer Reference Identifier (CRI)

16-character alphanumeric

'cri'=>$cri

Value which
the customer
may choose to
provide to the
supplier at the
point of sale –
must be
provided if
given by the
customer

N

Customer Code

17-character alphanumeric

'customer_
code'=>$customer_
code

Optional customer code
field that will
not be passed
along to Visa,
but will be
included on
Moneris reporting

N

Invoice Number

17-character alphanumeric

'invoice_
number'=>$invoice_
number

Optional
invoice number
field that will
not be passed
along to Visa,
but will be
included on
Moneris reporting

*Y = Required, N = Optional, C = Conditional

July 2018

Page 159 of 477

Moneris Gateway API - Integration Guide

Sample VS Force Post
$type,
'order_id'=>$order_id,
'amount'=>$amount,
'pan'=>$pan,
'expdate'=>$expiry_date,
'auth_code'=>$auth_code,
'crypt_type'=>$crypt,
'national_tax'=>$national_tax,
'merchant_vat_no'=>$merchant_vat_no,
'local_tax'=>$local_tax,
'customer_vat_no'=>$customer_vat_no,
'cri'=>$cri,
'local_tax_no'=>$local_tax_no
);
/**************************** Transaction Object *****************************/
$mpgTxn = new mpgTransaction($txnArray);
/****************************** Request Object *******************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/***************************** HTTPS Post Object *****************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
//Status check example
//$mpgHttpPost = new mpgHttpsPostStatus($store_id,$api_token,$status,$mpgRequest);
/******************************* Response ************************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());

Page 160 of 477

July 2018

7 Level 2/3 Transactions

Sample VS Force Post
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
//print("\nStatusCode = " . $mpgResponse->getStatusCode());
//print("\nStatusMessage = " . $mpgResponse->getStatusMessage());
?>

7.2.6 VS Refund
VS Refund will credit a specified amount to the cardholder’s credit card. A refund can be sent up to the
full value of the original VS Completion or VS Force Post. To send a VS Refund you will require the Order
ID and Transaction Number from the original VS Completion or VS Force Post.

NOTE: Once you have completed this transaction successfully, to submit the complete supplemental level 2/3 data, please proceed to VS Corpais.

VS Refund transaction object definition
$txnArray = array(‘type’=>’vsrefund', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for VS Refund transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

VS Refund transaction object values
Table 1: VS Refund transaction object mandatory values
Value

Type

Limits

Set Method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Transaction number

String

255-character alphanumeric

'txn_number'=>$txn_number

Amount

String

9-character decimal

'amount'=>$amount

E-Commerce Indicator

String

1-character alphanumeric

'crypt_type'=>$crypt

July 2018

Page 161 of 477

Moneris Gateway API - Integration Guide

Table 2: Visa - Corporate Card Common Data - Level 2 Request Fields
Req*
Y

Value
National Tax

Limits
12-character decimal

Set Method
'national_
tax'=>$national_
tax

Description
Must reflect
the amount of
National Tax
(GST or HST)
appearing on
the invoice.
Minimum 0.01 Maximum
- 999999.99.
Must have 2
decimal places.

Y

Merchant
VAT Registration/Single
Business Reference

20-character alphanumeric

'merchant_vat_
no'=>$merchant_
vat_no

Merchant’s Tax
Registration
Number
must be
provided if tax
is included on
the invoice
NOTE: Must
not be all
spaces or all
zeroes

C

Local Tax

12-character decimal

'local_
tax'=>$local_tax

Must reflect
the amount of
Local Tax (PST
or QST) appearing on the
invoice
If Local Tax
included then
must not be all
spaces or all zeroes; Must be
provided if
Local Tax (PST

Page 162 of 477

July 2018

7 Level 2/3 Transactions

Req*

Value

Limits

Set Method

Description
or QST) applies
Minimum =
0.01
Maximum =
999999.99
Must have 2
decimal places

C

Local Tax (PST or QST)
Registration Number

15-character alphanumeric

'local_tax_
no'=>$local_tax_no

Merchant's
Local Tax
(PST/QST)
Registration
Number
Must be
provided if tax
is included on
the invoice; If
Local Tax
included then
must not be all
spaces or all zeroes
Must be
provided if
Local Tax (PST
or QST) applies

C

Customer
VAT Registration Number

13-character alphanumeric

'customer_vat_
no'=>$customer_
vat_no

If the Customer’s Tax
Registration
Number
appears on the
invoice to support tax
exempt transactions it must
be provided
here

C

Customer Code/Customer Reference Identifier (CRI)

16-character alphanumeric

'cri'=>$cri

Value which
the customer
may choose to
provide to the

July 2018

Page 163 of 477

Moneris Gateway API - Integration Guide

Req*

Value

Limits

Set Method

Description
supplier at the
point of sale –
must be
provided if
given by the
customer

N

Customer Code

17-character alphanumeric

'customer_
code'=>$customer_
code

Optional customer code
field that will
not be passed
along to Visa,
but will be
included on
Moneris reporting

N

Invoice Number

17-character alphanumeric

'invoice_
number'=>$invoice_
number

Optional
invoice number
field that will
not be passed
along to Visa,
but will be
included on
Moneris reporting

*Y = Required, N = Optional, C = Conditional
Sample VS Refund
$type,
'order_id'=>$order_id,
'amount'=>$amount,
'txn_number'=>$txn_number,
'crypt_type'=>$crypt,
'national_tax'=>$national_tax,
'merchant_vat_no'=>$merchant_vat_no,
'local_tax'=>$local_tax,
'customer_vat_no'=>$customer_vat_no,
'cri'=>$cri,
'local_tax_no'=>$local_tax_no
);
/**************************** Transaction Object *****************************/
$mpgTxn = new mpgTransaction($txnArray);
/****************************** Request Object *******************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/***************************** HTTPS Post Object *****************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
//Status check example
//$mpgHttpPost = new mpgHttpsPostStatus($store_id,$api_token,$status,$mpgRequest);
/******************************* Response ************************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
//print("\nStatusCode = " . $mpgResponse->getStatusCode());
//print("\nStatusMessage = " . $mpgResponse->getStatusMessage());
?>

7.2.7 VS Independent Refund
VS Independent Refund will credit a specified amount to the cardholder’s credit card. The independent
refund does not require an existing order to be logged in the Moneris Gateway; however, the credit card
number and expiry date will need to be passed. The transaction format is almost identical to a pre-authorization.

July 2018

Page 165 of 477

Moneris Gateway API - Integration Guide

NOTE: Once you have completed this transaction successfully, to submit the complete supplemental level 2/3 data, please proceed to VS Corpais.

VS Independent Refund transaction object definition
$txnArray = array(‘type’=>’vsind_refund', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for VS Independent Refund transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

VS Independent Refund transaction object values
Table 1: VS Independent Refund transaction object mandatory values
Value

Type

Limits

Set Method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Amount

String

9-character decimal

'amount'=>$amount

Credit card number

String

20-character numeric

'pan'=>$pan

Expiry date

String

4-character numeric

'expdate'=>$expiry_date

YYMM format
E-commerce indicator

String

1-character alphanumeric

'crypt_type'=>$crypt

Table 2: VS Independent Refund transaction object optional values
Value

Type

Customer ID

String

Limits
50-character alphanumeric

Set Method
'cust_id'=>$cust_id

Table 3: Visa - Corporate Card Common Data - Level 2 Request Fields
Req*
Y

Value
National Tax

Page 166 of 477

Limits
12-character decimal

Set Method
'national_
tax'=>$national_
tax

Description
Must reflect
the amount of

July 2018

7 Level 2/3 Transactions

Req*

Value

Limits

Set Method

Description
National Tax
(GST or HST)
appearing on
the invoice.
Minimum 0.01 Maximum
- 999999.99.
Must have 2
decimal places.

Y

Merchant
VAT Registration/Single
Business Reference

20-character alphanumeric

'merchant_vat_
no'=>$merchant_
vat_no

Merchant’s Tax
Registration
Number
must be
provided if tax
is included on
the invoice
NOTE: Must
not be all
spaces or all
zeroes

C

Local Tax

12-character decimal

'local_
tax'=>$local_tax

Must reflect
the amount of
Local Tax (PST
or QST) appearing on the
invoice
If Local Tax
included then
must not be all
spaces or all zeroes; Must be
provided if
Local Tax (PST
or QST) applies
Minimum =
0.01
Maximum =
999999.99

July 2018

Page 167 of 477

Moneris Gateway API - Integration Guide

Req*

Value

Limits

Set Method

Description
Must have 2
decimal places

C

Local Tax (PST or QST)
Registration Number

15-character alphanumeric

'local_tax_
no'=>$local_tax_no

Merchant's
Local Tax
(PST/QST)
Registration
Number
Must be
provided if tax
is included on
the invoice; If
Local Tax
included then
must not be all
spaces or all zeroes
Must be
provided if
Local Tax (PST
or QST) applies

C

Customer
VAT Registration Number

13-character alphanumeric

'customer_vat_
no'=>$customer_
vat_no

If the Customer’s Tax
Registration
Number
appears on the
invoice to support tax
exempt transactions it must
be provided
here

C

Customer Code/Customer Reference Identifier (CRI)

16-character alphanumeric

'cri'=>$cri

Value which
the customer
may choose to
provide to the
supplier at the
point of sale –
must be
provided if
given by the
customer

Page 168 of 477

July 2018

7 Level 2/3 Transactions

Req*

Value

Limits

Set Method

Description

N

Customer Code

17-character alphanumeric

'customer_
code'=>$customer_
code

Optional customer code
field that will
not be passed
along to Visa,
but will be
included on
Moneris reporting

N

Invoice Number

17-character alphanumeric

'invoice_
number'=>$invoice_
number

Optional
invoice number
field that will
not be passed
along to Visa,
but will be
included on
Moneris reporting

*Y = Required, N = Optional, C = Conditional
Sample VS Independent Refund
$type,
'order_id'=>$order_id,
'cust_id'=>$cust_id,
'amount'=>$amount,
'pan'=>$pan,
'expdate'=>$expiry_date,

July 2018

Page 169 of 477

Moneris Gateway API - Integration Guide

Sample VS Independent Refund
'crypt_type'=>$crypt,
'national_tax'=>$national_tax,
'merchant_vat_no'=>$merchant_vat_no,
'local_tax'=>$local_tax,
'customer_vat_no'=>$customer_vat_no,
'cri'=>$cri,
'local_tax_no'=>$local_tax_no
);
/**************************** Transaction Object *****************************/
$mpgTxn = new mpgTransaction($txnArray);
/****************************** Request Object *******************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/***************************** HTTPS Post Object *****************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
//Status check example
//$mpgHttpPost = new mpgHttpsPostStatus($store_id,$api_token,$status,$mpgRequest);
/******************************* Response ************************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
//print("\nStatusCode = " . $mpgResponse->getStatusCode());
//print("\nStatusMessage = " . $mpgResponse->getStatusMessage());
?>

7.2.8 VS Corpais
VS Corpais will contain all the required and optional data fields for Level 2/3 Purchasing Card Addendum
data. VS Corpais data can be sent when the card has been identified in the Pre-authorization transaction
request as being a corporate card.
In addition to the Order ID and Transaction number, this transaction also contains two objects:
l
l

VS Purcha – Corporate Card Common Data
VS Purchl – Line Item Details

VS Corpais request must be preceded by a financial transaction (VS Completion, VS Force Post, VS
Refund, VS Independent Refund) and the Corporate Card flag must be set to “true” in the Pre-authorization response.

Page 170 of 477

July 2018

7 Level 2/3 Transactions

VS Corpais transaction object definition
$txnArray = array(‘type’=>’vscorpais', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for VS Corpais transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

VS Corpais transaction object values
Table 1: VS Corpais transaction object mandatory values
Value

Type

Limits

Set Method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Transaction number

String

255-character alphanumeric

'txn_number'=>$txn_number

vsPurcha

Object

n/a

$vsPurcha = new vsPurcha();
$mpgVsLevel23 = new
mpgVsLevel23();

For a list of the variables that appear in
this object, see the
table below
vsPurchl

$mpgVsLevel23->setVsPurch
($vsPurcha, $vsPurchl);

Object

$vsPurchl = new vsPurchl();

n/a

$mpgVsLevel23 = new
mpgVsLevel23();

For a list of the variables that appear in
this object, see the
table below

$mpgVsLevel23->setVsPurch
($vsPurcha, $vsPurchl);

*Y = Required, N = Optional, C = Conditional

7.2.8.1 VS Purcha - Corporate Card Common Data
VS Corpais transactions use the VS Purcha object to contain Level 2 data.
Table 1: Corporate Card Common Data - Level 2 Request Fields - VSPurcha
Req*
C

Value
Buyer Name

July 2018

Limits
30-character
alphanumeric

Set Method
$vsPurcha->setBuyerName
($buyer_name);

Description
Buyer/Recipient
Name

Page 171 of 477

Moneris Gateway API - Integration Guide

Req*

Value

Limits

Set Method

Description
NOTE: Name
required by CRA on
transactions >$150

C

Local Tax Rate

4-character
decimal

$vsPurcha>setLocalTaxRate
($local_tax_rate);

Indicates the
detailed tax rate
applied in relationship to a local
tax amount
EXAMPLE: 8% PST
should be 8.0

Minimum = 0.01
Maximum = 99.99
NOTE: Must be
provided if Local
Tax (PST or QST)
applies.

N

Duty Amount

9-character
decimal

$vsPurcha>setDutyAmount($duty_
amount);

Duty on total purchase amount
A minus sign
means 'amount is a
credit', plus sign or
no sign means
'amount is a debit'
maximum without
sign is 999999.99

N

Invoice Discount
Treatment

1-character
numeric

$vsPurcha>setDiscountTreatment
($discount_treatment);

Indicates how the
merchant is managing discounts
Must be one of the
following values:
0 - if no invoice level
discounts apply for this
invoice
1 - if Tax was calculated on Post-Discount totals

Page 172 of 477

July 2018

7 Level 2/3 Transactions

Req*

Value

Limits

Set Method

Description
2 - if Tax was calculated on Pre-Discount
totals

N

Invoice Level Discount Amount

9-character
decimal

$vsPurcha>setDiscountAmt
($discount_amt);

Amount of discount (if provided
at the invoice level
according to the
Invoice Discount
Treatment)
Must be non-zero
if Invoice Discount
Treatment is 1 or 2
Minimum amount
is 0.00 and maximum is 999999.99

C

Ship To Postal
Code / Zip Code

10-character
alphanumeric

$vsPurcha>setShipToPostalCode
($ship_to_pos_code);

The postal code or
zip code for the
destination where
goods will be
delivered
NOTE: Required if
shipment is
involved

Full alpha postal
code - Valid
ANANAN
format required if
shipping to an
address within
Canada
C

Ship From Postal
Code / Zip Code

10-character
alphanumeric

$vsPurcha>setShipFromPostalCode
($ship_from_pos_code);

The postal code or
zip code from
which items were
shipped
For Canadian
addresses,requires
full alpha postal
code for the merchant with Valid
ANANAN

July 2018

Page 173 of 477

Moneris Gateway API - Integration Guide

Req*

Value

Limits

Set Method

Description
format

C

Destination
Country Code

2-character alphanumeric

$vsPurcha>setDesCouCode($des_
cou_code);

Code of country
where purchased
goods will be
delivered
Use ISO 3166-1
alpha-2 format
NOTE: Required if
it appears on the
invoice for an international transaction

Y

Unique VAT
Invoice Reference Number

25-character
alphanumeric

$vsPurcha->setVatRefNum
($vat_ref_num);

Unique Value
Added Tax Invoice
Reference Number
Must be populated
with the invoice
number and this
cannot be all
spaces or zeroes

Y

Tax Treatment

1-character alphanumeric

$vsPurcha>setTaxTreatment($tax_
treatment);

Must be one of the
following values:
0 = Net Prices with tax
calculated at line item
level;
1 = Net Prices with tax
calculated at invoice
level;
2 = Gross prices given
with tax information
provided at line item
level;
3 = Gross prices given
with tax information
provided at invoice
level;
4 = No tax applies
(small merchant) on
the invoice for the
transaction

Page 174 of 477

July 2018

7 Level 2/3 Transactions

Req*
N

Value
Freight/Shipping
Amount (Ship
Amount)

Limits
9-character
decimal

Set Method
$vsPurcha>setFreightAmount
($freight_amount);

Description
Freight charges on
total purchase
If shipping is not
provided as a line
item it must be
provided here, if
applicable
Signed monetary
amount:
Minus (-) sign
means 'amount is a
credit',
Plus (+) sign or no
sign means
'amount is a debit'
Maximum without
sign is 999999.99

C

GST HST Freight
Rate

4-character
decimal

$vsPurcha>setGstHstFreightAmount
($gst_hst_freight_
amount);

Rate of GST
(excludes PST) or
HST charged on the
shipping amount
(in accordance with
the Tax Treatment)
If Freight/Shipping
Amount is
provided then this
(National GST or
HST) tax rate must
be provided.
Monetary amount,
maximum is 99.99.
Such as 13% HST is
13.00

C

GST HST Freight
Amount

9-character
decimal

$vsPurcha>setGstHstFreightRate
($gst_hst_freight_
rate);

Amount of GST
(excludes PST) or
HST charged on the
shipping amount
If Freight/Shipping
Amount is

July 2018

Page 175 of 477

Moneris Gateway API - Integration Guide

Req*

Value

Limits

Set Method

Description
provided then this
(National GST or
HST) tax amount
must be provided if
taxTreatment is 0
or 2
Signed monetary
amount: maximum
without sign is
999999.99.

7.2.8.2 VS Purchl - Line Item Details
VS Corpais transactions use the VS Purchl object to contain Level 3 data.

Line Item Details for VS Purchl
$item_com_code = array("X3101", "X84802");
$product_code = array("CHR123", "DDSK200");
$item_description = array("Office Chair", "Disk Drive");
$item_quantity = array("3", "1");
$item_uom = array("EA", "EA");
$unit_cost = array("0.20", "0.40");
$vat_tax_amt = array("0.00", "0.00");
$vat_tax_rate = array("13.00", "13.00");
$discount_treatmentL = array("0", "0");
$discount_amtL = array("0.00", "0.00");

Setting VS Purchl Line Item Details
$vsPurchl->setVsPurchl($item_com_code[0], $product_code[0], $item_description
[0], $item_quantity[0], $item_uom[0], $unit_cost[0], $vat_tax_amt[0], $vat_
tax_rate[0], $discount_treatmentL[0], $discount_amtL[0]);

Table 1: Corporate Card Common Data - Level 3 Request Fields - VSPurchl
Req*
C

Value
Item Commodity
Code

Page 176 of 477

Limits
12-character alphanumeric

Variable/Field
item_com_code

Description
Line item Comodity Code (if this
field is not sent,

July 2018

7 Level 2/3 Transactions

Req*

Value

Limits

Variable/Field

Description
then Product Code
must be sent)

Y

Product Code

12-character alphanumeric

product_code

Product code for
this line item – merchant’s product
code, manufacturer’s
product code or
buyer’s product
code
Typically this will
be the SKU or identifier by which the
merchant tracks
and prices the item
or service
This should always
be provided for
every line item

Y

Item Description

35-character alphanumeric

item_description

Line item description

Y

Item Quantity

12-character decimal

item_quantity

Quantity invoiced
for this line item
Up to 4 decimal
places supported,
whole numbers
are accepted
Minimum = 0.0001
Maximum =
999999999999

Y

Y

Item Unit of
Measure

2-character alphanumeric

item_uom

Item Unit Cost

12-character decimal

unit_cost

July 2018

Unit of measure
Use ANSI X-12 EDI
Allowable Units of
Measure and
Codes
Line item cost per
unit

Page 177 of 477

Moneris Gateway API - Integration Guide

Req*

Value

Limits

Variable/Field

Description
2-4 decimal places
accepted
Minimum = 0.0001
Maximum =
999999.9999

N

VAT Tax Amount

12-character decimal

vat_tax_amt

Any value-added
tax or other sales
tax amount
Must have 2
decimal places
Minimum = 0.01
Maximum =
999999.99

N

VAT Tax Rate

4-character decimal

vat_tax_rate

Sales tax rate
EXAMPLE: 8% PST
should be 8.0

maximum 99.99
Y

Discount Treatment

1-character numeric

discount_treatmentL

Must be one of the
following values:
0 if no invoice level discounts apply for this
invoice
1 if Tax was calculated
on Post-Discount totals
2 if Tax was calculated
on Pre-Discount totals

C

Discount
Amount

12-character decimal

discount_amtL

Amount of discount, if provided
for this line item
according to the
Line Item Discount
Treatment
Must be non-zero
if Line Item Discount Treatment is

Page 178 of 477

July 2018

7 Level 2/3 Transactions

Req*

Value

Limits

Variable/Field

Description
1 or 2
Must have 2
decimal places
Minimum = 0.01
Maximum =
999999.99

7.2.8.3 Sample Code for VS Corpais
Sample VS Corpais
setBuyerName($buyer_name);
$vsPurcha->setLocalTaxRate($local_tax_rate);
$vsPurcha->setDutyAmount($duty_amount);
$vsPurcha->setDiscountTreatment($discount_treatment);
$vsPurcha->setDiscountAmt($discount_amt);

July 2018

Page 179 of 477

Moneris Gateway API - Integration Guide

Sample VS Corpais
$vsPurcha->setFreightAmount($freight_amount);
$vsPurcha->setShipToPostalCode($ship_to_pos_code);
$vsPurcha->setShipFromPostalCode($ship_from_pos_code);
$vsPurcha->setDesCouCode($des_cou_code);
$vsPurcha->setVatRefNum($vat_ref_num);
$vsPurcha->setTaxTreatment($tax_treatment);
$vsPurcha->setGstHstFreightAmount($gst_hst_freight_amount);
$vsPurcha->setGstHstFreightRate($gst_hst_freight_rate);
//Create and set VsPurchl
$vsPurchl = new vsPurchl();
$vsPurchl->setVsPurchl($item_com_code[0], $product_code[0], $item_description[0], $item_quantity
[0], $item_uom[0], $unit_cost[0], $vat_tax_amt[0], $vat_tax_rate[0], $discount_treatmentL[0],
$discount_amtL[0]);
$vsPurchl->setVsPurchl($item_com_code[1], $product_code[1], $item_description[1], $item_quantity
[1], $item_uom[1], $unit_cost[1], $vat_tax_amt[1], $vat_tax_rate[1], $discount_treatmentL[1],
$discount_amtL[1]);
//Create and set VsLevel23
$mpgVsLevel23 = new mpgVsLevel23();
$mpgVsLevel23->setVsPurch($vsPurcha, $vsPurchl);
/*********************** Transactional Associative Array **********************/
$txnArray=array('type'=>$type,
'order_id'=>$order_id,
'txn_number'=>$txn_number,
);
/**************************** Transaction Object *****************************/
$mpgTxn = new mpgTransaction($txnArray);
$mpgTxn->setLevel23Data($mpgVsLevel23);
/****************************** Request Object *******************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/***************************** HTTPS Post Object *****************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
//Status check example
//$mpgHttpPost = new mpgHttpsPostStatus($store_id,$api_token,$status,$mpgRequest);
/******************************* Response ************************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
//print("\nStatusCode = " . $mpgResponse->getStatusCode());
//print("\nStatusMessage = " . $mpgResponse->getStatusMessage());
?>

Page 180 of 477

July 2018

7 Level 2/3 Transactions

7.3 Level 2/3 MasterCard Transactions
l
l
l
l
l
l
l
l

7.3.1
7.3.2
7.3.3
7.3.4
7.3.5
7.3.6
7.3.7
7.3.8

Level 2/3 Transaction Types for MasterCard
Level 2/3 Transaction Flow for MasterCard
MC Completion
MC Force Post
MC Purchase Correction
MC Refund
MC Independent Refund
MC Corpais - Corporate Card Common Data with Line Item Details

7.3.1 Level 2/3 Transaction Types for MasterCard
This transaction set includes a suite of corporate card financial transactions as well as a transaction that
allows for the passing of Level 2/3 data. Please ensure MC Level 2/3 processing support is enabled on
your merchant account. Batch Close, Open Totals and Pre-authorization are identical to the transactions
outlined in the section Basic Transaction Set (page 11).
When the Preauth response contains CorporateCard equal to true then you can submit the MC transactions.
If CorporateCard is false then the card does not support Level 2/3 data and non Level 2/3 transaction are
to be used. If the card is not a corporate card, please refer to section 4 for the appropriate non-corporate
card transactions.

NOTE: This transaction set is intended for transactions where Corporate Card is true and
Level 2/3 data will be submitted. If the credit card is found to be a corporate card but you do
not wish to send any Level 2/3 data then you may submit MC transactions using the transaction set outlined in Basic Transaction Set (page 11).

Pre-auth – (authorization/pre-authorization)
The pre-auth verifies and locks funds on the customer’s credit card. The funds are locked for a
specified amount of time, based on the card issuer. To retrieve the funds from a pre-auth so
that they may be settled in the merchant account a capture must be performed. Level 2/3
data submission is not supported as part of a pre-auth as a pre-auth is not settled. When CorporateCard is returned true then Level 2/3 data may be submitted.
MC Completion – (Capture/Preauth Completion)
Once a Pre-authorization is obtained the funds that are locked need to be retrieved from the
customer’s credit card. The capture retrieves the locked funds and readies them for settlement in to the merchant account. Prior to performing an MCCompletion a Pre-auth must
be performed.

July 2018

Page 181 of 477

Moneris Gateway API - Integration Guide
MC Force Post – (Force Capture/Preauth Completion)
This transaction is an alternative to MC Completion to obtain the funds locked on Preauth
obtained from IVR or equivalent terminal. The MC Force Post requires that the original Preauthorization’s auth code is provided and it retrieves the locked funds and readies them for
settlement in to the merchant account.
MC Purchase Correction – (Void, Correction)
MC Completions can be voided the same day* that they occur. A void must be for the full
amount of the transaction and will remove any record of it from the cardholder statement. *
An MC Purchase Correction can be performed against a transaction as long as the batch that
contains the original transaction remains open. When using the automated closing feature
batch close occurs daily between 10 – 11 pm EST.
MC Refund – (Credit)
A MC Refund can be performed against an MC Completion or MC Force Post to refund an
amount less than or equal to the amount of the original transaction.
MC Independent Refund – (Credit)
A MC Indpendent Refund can be performed against an completion to refund any part, or all
of the transaction. Independent refund is used when the originating transaction was not performed through Moneris Gateway. Please note, the MC Independent Refund transaction
may or may not be supported on your account. If you receive a transaction not allowed error
when attempting an MC Independent Refund, it may mean the transaction is not supported
on your account. If you wish to have the MC Independent Refund transaction type temporarily enabled (or re-enabled), please contact the Service Centre at 1-866-319-7450.
MC Corpais Common Line Item – (Level 2/3 Data)
MC Corpais Common Line Item will contain the entire required and optional data field for
Level 2/3 data. MCCorpais Common Line Item data can be sent when the card has been identified in the transaction request as being a corporate card. This transaction supports multiple
data types and combinations:
l

Page 182 of 477

Purchasing Card Data:
l Corporate card common data with Line Item Details

July 2018

7 Level 2/3 Transactions

7.3.2 Level 2/3 Transaction Flow for MasterCard
Pre-authorization/Completion Transaction Flow

July 2018

Page 183 of 477

Moneris Gateway API - Integration Guide

Purchase Correction Transaction Flow

Page 184 of 477

July 2018

7 Level 2/3 Transactions

7.3.3 MC Completion
The MC Completion transaction is used to secure the funds locked by a pre-authorization transaction.
When sending a capture request you will need two pieces of information from the original pre-authorization– the Order ID and the transaction number from the returned response.
Once you have completed this transaction successfully, to submit the complete supplemental level 2/3 data, please proceed to MC Corpais.

MC Completion transaction object definition
$txnArray = array(‘type’=>’mccompletion', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for MC Completion transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

MC Completion transaction object values
Table 1: MC Completion transaction object mandatory values
Value

Type

Limits

Set Method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Completion amount

String

9-character decimal

'comp_amount'=>$comp_amount

Transaction number

String

255-character alphanumeric

'txn_number'=>$txn_number

Merchant reference
number

String

19-character alphanumeric

'merchant_ref_
no'=>$merchant_ref_no

E-commerce indicator

String

1-character alphanumeric

'crypt_type'=>$crypt

Sample MC Completion
$type,
'order_id'=>$order_id,
'comp_amount'=>$comp_amount,
'txn_number'=>$txn_number,
'merchant_ref_no' => $merchant_ref_no,
'crypt_type'=>$crypt
);
/**************************** Transaction Object *****************************/
$mpgTxn = new mpgTransaction($txnArray);
/****************************** Request Object *******************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/***************************** HTTPS Post Object *****************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
//Status check example
//$mpgHttpPost = new mpgHttpsPostStatus($store_id,$api_token,$status,$mpgRequest);
/******************************* Response ************************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
//print("\nStatusCode = " . $mpgResponse->getStatusCode());
//print("\nStatusMessage = " . $mpgResponse->getStatusMessage());
?>

7.3.4 MC Force Post
MC Force Post transaction is used to secure the funds locked by a pre-authorization transaction performed over IVR or equivalent terminal`. When sending a force post request, you will need order_id,
amount, pan (card number), expiry date, crypt type and the authorization code received in the preauthorization response.

Page 186 of 477

July 2018

7 Level 2/3 Transactions

MC Force Post transaction object definition
$txnArray = array(‘type’=>’mcforcepost', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for MC Force Post transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

MC Force Post transaction object values
Table 1: MC Force Post transaction object mandatory values
Value

Type

Limits

Set Method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Amount

String

9-character decimal

'amount'=>$amount

Credit card number

String

20-character alphanumeric

'pan'=>$pan

Expiry date

String

4-character alphanumeric

'expdate'=>$expiry_date

(YYMM format)
Authorization code

String

8-character alphanumeric

'auth_code'=>$auth_code

E-commerce indicator

String

1-character alphanumeric

'crypt_type'=>$crypt

Merchant reference
number

String

19-character alphanumeric

'merchant_ref_
no'=>$merchant_ref_no

Table 2: MC Force Post transaction object optional values
Value
Customer ID

July 2018

Type
String

Limits
50-character alphanumeric

Set Method
'cust_id'=>$cust_id

Page 187 of 477

Moneris Gateway API - Integration Guide

Sample MC Force Post
$type,
'order_id'=>$order_id,
'cust_id'=>$cust_id,
'amount'=>$amount,
'pan'=>$pan,
'expdate'=>$expiry_date,
'auth_code'=>$auth_code,
'merchant_ref_no' => $merchant_ref_no,
'crypt_type'=>$crypt
);
/**************************** Transaction Object *****************************/
$mpgTxn = new mpgTransaction($txnArray);
/****************************** Request Object *******************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/***************************** HTTPS Post Object *****************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
//Status check example
//$mpgHttpPost = new mpgHttpsPostStatus($store_id,$api_token,$status,$mpgRequest);
/******************************* Response ************************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
//print("\nStatusCode = " . $mpgResponse->getStatusCode());
//print("\nStatusMessage = " . $mpgResponse->getStatusMessage());
?>

Page 188 of 477

July 2018

7 Level 2/3 Transactions

7.3.5 MC Purchase Correction
The MC Purchase Correction (void) transaction is used to cancel a transaction that was performed in the
current batch. No amount is required because a void is always for 100% of the original transaction. The
only transaction that can be voided is completion. To send a void, the Order ID and Transaction Number
from the MC Completion or MC Force Post are required.

MC Purchase Correction transaction object definition
$txnArray = array(‘type’=>’mcpurchasecorrection', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for MC Purchase Correction transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

MC Purchase Correction transaction object values
Table 1: MC Purchase Correction transaction object mandatory values
Value

Type

Limits

Set Method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Transaction number

String

255-character alphanumeric

'txn_number'=>$txn_number

E-commerce indicator

String

1-character alphanumeric

'crypt_type'=>$crypt

Sample MC Purchase Correction
$type,
'order_id'=>$order_id,

July 2018

Page 189 of 477

Moneris Gateway API - Integration Guide

Sample MC Purchase Correction
'txn_number'=>$txn_number,
'crypt_type'=>$crypt
);
/**************************** Transaction Object *****************************/
$mpgTxn = new mpgTransaction($txnArray);
/****************************** Request Object *******************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/***************************** HTTPS Post Object *****************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
//Status check example
//$mpgHttpPost = new mpgHttpsPostStatus($store_id,$api_token,$status,$mpgRequest);
/******************************* Response ************************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
//print("\nStatusCode = " . $mpgResponse->getStatusCode());
//print("\nStatusMessage = " . $mpgResponse->getStatusMessage());
?>

7.3.6 MC Refund
The MC Refund will credit a specified amount to the cardholder’s credit card. A refund can be sent up to
the full value of the original capture. To send a refund you will require the Order ID and Transaction Number from the original MC Completion or MC Force Post.

MC Refund transaction object definition
$txnArray = array(‘type’=>’mcrefund', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for MC Refund transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Page 190 of 477

July 2018

7 Level 2/3 Transactions

MC Refund transaction object values
Table 1: MC Refund transaction object mandatory values
Value

Type

Limits

Set Method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Amount

String

9-character decimal

'amount'=>$amount

Transaction number

String

255-character alphanumeric

'txn_number'=>$txn_number

E-commerce indicator

String

1-character alphanumeric

'crypt_type'=>$crypt

Merchant reference
number

String

19-character alphanumeric

'merchant_ref_
no'=>$merchant_ref_no

Sample MC Refund
$type,
'order_id'=>$order_id,
'amount'=>$amount,
'txn_number'=>$txn_number,
'merchant_ref_no' => $merchant_ref_no,
'crypt_type'=>$crypt
);
/**************************** Transaction Object *****************************/
$mpgTxn = new mpgTransaction($txnArray);
/****************************** Request Object *******************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/***************************** HTTPS Post Object *****************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
//Status check example

July 2018

Page 191 of 477

Moneris Gateway API - Integration Guide

Sample MC Refund
//$mpgHttpPost = new mpgHttpsPostStatus($store_id,$api_token,$status,$mpgRequest);
/******************************* Response ************************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
//print("\nStatusCode = " . $mpgResponse->getStatusCode());
//print("\nStatusMessage = " . $mpgResponse->getStatusMessage());
?>

7.3.7 MC Independent Refund
MC Independent Refund is used when the originating transaction was not performed through Moneris
Gateway and does not require an existing order to be logged in the Moneris Gateway; however, the
credit card number and the expiry date will need to be passed. The transaction format is almost identical
to a purchase or a pre-authorization.

NOTE: Independent refund transactions are not supported on all accounts. If you receive a
transaction not allowed error when attempting an independent refund transaction, it may
mean the feature is not supported on your account. To have Independent Refund transaction functionality temporarily enabled (or re-enabled), please contact the MonerisCustomer Service Centre at 1-866-319-7450.

Once you have completed this transaction successfully, to submit the complete supplemental level 2/3 data, please proceed to MC Corpais.

MC Independent Refund transaction object definition
$txnArray = array(‘type’=>’mcind_refund', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for MC Independent Refund transaction
$mpgRequest = new mpgRequest($mpgTxn);

Page 192 of 477

July 2018

7 Level 2/3 Transactions
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

MC Independent Refund transaction object values
Table 1: MC Independent Refund transaction object mandatory values
Value

Type

Limits

Set Method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Amount

String

9-character decimal

'amount'=>$amount

E-commerce indicator

String

1-character alphanumeric

'crypt_type'=>$crypt

Credit card number

String

20-character numeric

'pan'=>$pan

Expiry date

String

4-character numeric

'expdate'=>$expiry_date

(YYMM format)
Merchant reference
number

String

19-character alphanumeric

'merchant_ref_
no'=>$merchant_ref_no

Table 2: MC Independent Refund transaction object optional values
Value
Customer ID

Type
String

Limits
50-character alphanumeric

Set Method
'cust_id'=>$cust_id

Sample MC Independent Refund
$type,
'order_id'=>$order_id,
'cust_id'=>$cust_id,
'amount'=>$amount,
'pan'=>$pan,
'expdate'=>$expiry_date,
'merchant_ref_no' => $merchant_ref_no,
'crypt_type'=>$crypt
);
/**************************** Transaction Object *****************************/
$mpgTxn = new mpgTransaction($txnArray);
/****************************** Request Object *******************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/***************************** HTTPS Post Object *****************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
//Status check example
//$mpgHttpPost = new mpgHttpsPostStatus($store_id,$api_token,$status,$mpgRequest);
/******************************* Response ************************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
//print("\nStatusCode = " . $mpgResponse->getStatusCode());
//print("\nStatusMessage = " . $mpgResponse->getStatusMessage());
?>

7.3.8 MC Corpais - Corporate Card Common Data with Line Item Details
This transaction example includes the following elements for Level 2 and 3 purchasing card corporate
card data processing:
l

Corporate Card Common Data (MC Corpac)
l only 1 set of MC Corpac fields can be submitted
l this data set includes data elements that apply to the overall order, e.g., the total overall
taxes

Page 194 of 477

July 2018

7 Level 2/3 Transactions

l

Line Item Details (MC Corpal)
l 1-998 counts of MC Corpal line items can be submitted
l This data set includes the details about each individual item or service purchased

The MC Corpais request must be preceded by a financial transaction (MC Completion, MC Force Post,
MC Refund, MC Independent Refund) and the Corporate Card flag must be set to “true” in the Preauthorization response. The MC Corpais request will need to contain the Order ID of the financial transaction as well as the Transaction Number.
In addition, MC Corpais has a tax array object that can be sent via the Tax fields in MC Corpac and
MC Corpal. For more about the tax array object, see 7.3.8.3 Tax Array Object - MC Corpais.
For descriptions of the Level 2/3 fields, please see Definition of Request Fields for Level 2/3 - MasterCard
(page 417).

MC Corpais transaction object definition
$txnArray = array(‘type’=>’mccorpais', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for MC Corpais transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

MC Corpais transaction object values
Table 1: MC Corpais transaction object mandatory values
Value

Type

Limits

Set Method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Transaction number

String

255-character alphanumeric

'txn_number'=>$txn_number

MCCorpac

Object

n/a

$mpgMcLevel23 = new
mpgMcLevel23();
$mpgMcLevel23->setMcCorpac
($mcCorpac);

MC Corpal

Object

n/a

$mpgMcLevel23 = new
mpgMcLevel23();
$mpgMcLevel23->setMcCorpal
($mcCorpal);

*Y = Required, N = Optional, C = Conditional

July 2018

Page 195 of 477

Moneris Gateway API - Integration Guide

7.3.8.1 MC Corpac - Corporate Card Common Data
Table 1: Corporate Card Common Data - Level 2 Request Fields - MCCorpac
Req*

Value

Limits

Set Method

Description

N

AustinTetra
Number

15-character alphanumeric

$mcCorpac>setAustinTetraNumber
($austin_tetra_number);

The Austin-Tetra Number
assigned to the card
acceptor

N

NAICS
Code

15-character alphanumeric

$mcCorpac->setNaicsCode
($naics_code);

North American Industry
Classification System
(NAICS) code assigned to
the card acceptor

N

Customer
Code

25-character alphanumeric

$mcCorpac->setCustomerCode1
($customer_code1_c);

A control number, such as
purchase order number,
project number, department allocation number or
name that the purchaser
supplied the merchant
Left-justified; may be
spaces

N

Unique
Invoice
Number

17-character alphanumeric

$mcCorpac>setUniqueInvoiceNumber
($unique_invoice_number_c);

Unique number associated
with the individual transaction provided by the merchant

N

Commodity
Code

15-character alphanumeric

$mcCorpac->setCommodityCode
($commodity_code);

Code assigned by the merchant that best categorizes
the item(s) being purchased

N

Order
Date

6-character
numeric

$mcCorpac->setOrderDate
($order_date_c);

The date the item was
ordered

YYMMDD
format
N

Corporation
VAT Number

Page 196 of 477

20-character alphanumeric

NOTE: If present, must contain a valid date

$mcCorpac>setCorporationVatNumber
($corporation_vat_number_
c);

Contains a corporation’s
value added tax (VAT) number

July 2018

7 Level 2/3 Transactions

Re-

Value

Limits

N

Customer
VAT Number

20-character alphanumeric

$mcCorpac>setCustomerVatNumber
($customer_vat_number_c);

Contains the VAT number
for the customer / cardholder used to identify the
customer when purchasing
goods and services from
the merchant

N

Freight
Amount

12-character
decimal

$mcCorpac>setFreightAmount1
($freight_amount_c);

The freight on the total purchase

q*

Set Method

Description

Must have 2 decimals
Minimum = 0.00 Maximum
= 999999.99

N

Duty
Amount

12-character
decimal

$vsPurcha->setDutyAmount
($duty_amount);

The duty on the total purchase
Must have 2 decimals
Minimum = 0.00
Maximum = 999999.99

N

Destination
State /
Province
Code

3-character
alphanumeric

$mcCorpac>setDestinationProvinceCode
($destination_province_
code);

State or Province of the
country where the goods
will be delivered
Left justified with trailing
spaces
EXAMPLE: ONT = Ontario

N

Destination
Country
Code

3-character
alphanumeric

$mcCorpac>setDestinationCountryCode
($destination_country_
code);

ISO 3166-1
alpha-3
format

The country code where
goods will be delivered
Left justified with trailing
spaces
ISO 3166-1 alpha-3 format
EXAMPLE: CAN = Canada

N

Ship From
Postal
Code

July 2018

10-character alphanumeric

$mcCorpac>setShipFromPosCode($ship_
from_pos_code);

The postal code or zip code
from which items were
shipped

Page 197 of 477

Moneris Gateway API - Integration Guide

Req*

Value

Limits

Set Method

ANA NAN
format

N

Description
Full alpha postal code Valid ANANAN
format

$mcCorpac->setShipToPosCode
($ship_to_pos_code_c);

Destination
Postal
Code

10-character alphanumeric

The postal code or zip code
where goods will be
delivered

N

Authorized
Contact
Name

36-character alphanumeric

$mcCorpac>setAuthorizedContactName
($authorized_contact_name_
c);

Name of an individual or
company contacted for
company authorized purchases

N

Authorized
Contact
Phone

17-character alphanumeric

$mcCorpac>setAuthorizedContactPhone
($authorized_contact_
phone);

Phone number of an individual or company contacted for company
authorized purchases

N

Additional
Card
Acceptor
Data

40-character alphanumeric

$mcCorpac>setAdditionalCardAcceptorD
ata($additional_card_
acceptor_data);

Information pertaining to
the card acceptor

N

Card
Acceptor
Type

8-character
alphanumeric

$mcCorpac>setCardAcceptorType($card_
acceptor_type);

Various classifications of
business ownership characteristics

Full alpha postal code Valid ANANAN
format if shipping to an
address within Canada

This field takes 8 characters. Each character represents a different
component, as follows:
1st character represents
‘Business Type’ and contains a code to identify the
specific classification or
type of business:
1. Corporation
2. Not known
3. Individual/Sole Pro-

Page 198 of 477

July 2018

7 Level 2/3 Transactions

Req*

Value

Limits

Set Method

Description

4.
5.
6.
7.
8.
9.

prietorship
Partnership
Association/Estate/Trust
Tax Exempt Organizations (501C)
International Organization
Limited Liability Company (LLC)
Government Agency

2nd character represents
'Business Owner Type'.
Contains a code to identify
specific characteristics
about the business owner.
1 - No application
classification
2 - Female business
owner
3 - Physically handicapped female
business owner
4 - Physically handicapped male business owner
0 - Unknown
3rd character represents
'Business Certification
Type'. Contains a code to
identify specific characteristics about the business certification type,
such as small business, disadvantaged, or other certification type:
1 - Not certified
2 - Small Business
Administration (SBA)

July 2018

Page 199 of 477

Moneris Gateway API - Integration Guide

Req*

Value

Limits

Set Method

Description
certification small
business
3 - SBA certification
as small disadvantaged business
4 - Other government or agencyrecognized certification (such as
Minority Supplier
Development Council)
5 - Self-certified small
business
6 - SBA certification
as small and other
government or
agency-recognized
certification
7 - SBA certification
as small disadvantaged business and other
government or
agency-recognized
certification
8 - Other government or agencyrecognized certification and self-certified small business
A - SBA certification
as 8(a)
B - Self-certified
small disadvantaged
business (SDB)
C - SBA certification
as HUBZone
0 - Unknown

Page 200 of 477

July 2018

7 Level 2/3 Transactions

Req*

Value

Limits

Set Method

Description
4th character represents
'Business Racial/Ethnic
Type'. Contains a code
identifying the racial or ethnic type of the majority
owner of the business.
1 - African American
2 - Asian Pacific
American
3 - Subcontinent
Asian American
4 - Hispanic American
5 - Native American
Indian
6 - Native Hawaiian
7 - Native Alaskan
8 - Caucasian
9 - Other
0 - Unknown
5th character represents
'Business Type Provided
Code'
Y - Business type is
provided.
N - Business type
was not provided.
R - Card acceptor
refused to provide
business type
6th character represents
'Business Owner Type
Provided Code'
Y - Business owner
type is provided.
N - Business owner
type was not
provided.

July 2018

Page 201 of 477

Moneris Gateway API - Integration Guide

Req*

Value

Limits

Set Method

Description
R - Card acceptor
refused to provide
business type
7th character represents
'Business Certification Type
Provided Code'
Y - Business certification type is
provided.
N - Business certification type was
not provided.
R - Card acceptor
refused to provide
business type
8th character represents
'Business Racial/Ethnic
Type’
Y - Business
racial/ethnic type is
provided.
N - Business
racial/ethnic type
was not provided.
R - Card acceptor
refused to provide
business racial/ethnic type

N

Card
Acceptor
Tax ID

20-character alphanumeric

$mcCorpac>setCardAcceptorTaxTd
($card_acceptor_tax_id_c);

US federal tax ID number or
value-added tax (VAT) ID

N

Card
Acceptor
Reference
Number

25-character alphanumeric

$mcCorpac>setCardAcceptorReferenceNu
mber($card_acceptor_
reference_number);

Code that facilitates card
acceptor/corporation communication and record
keeping

Page 202 of 477

July 2018

7 Level 2/3 Transactions

Req*
N

C

Value

Limits

Set Method

Description

Card
Acceptor
VAT Number

20-character alphanumeric

$mcCorpac>setCardAcceptorVatNumber
($card_acceptor_vat_number_
c);

Value added tax (VAT) number for the card acceptor
location

Tax

Up to 6
arrays

Used to identify the card
acceptor when collecting
and reporting taxes
$mcCorpac->setTax($mcTax_
c);

Can have up to 6 arrays
containing different tax
details
NOTE: If you use this variable, you must fill in all the
fields of tax array mentioned
below.

7.3.8.2 MC Corpal - Line Item Details
MC Corpal Object - Line Item Details
$mcCorpal->setMcCorpal($customer_code1_l[0], $line_item_date_l[0], $ship_date_
l[0], $order_date1_l[0], $product_code1_l[0], $item_description_l[0], $item_
quantity_l[0], $unit_cost_l[0], $item_unit_measure_l[0], $ext_item_amount_l
[0], $discount_amount_l[0], $commodity_code_l[0], $type_of_supply_l[0], $vat_
ref_num_l[0], $mcTax_l[0]);

Table 1: Line Item Details - Level 3 Request Fields - MC Corpal
Req*

Value

Limits

Variable

Description

N

Customer Code

25-character alphanumeric

customer_code1_l

A control number,
such as purchase
order number, project number,
department allocation number or
name that the purchaser supplied
the merchant

N

Line Item Date

6-character numeric

line_item_date_l

The purchase date
of the line item referenced in the
associated Cor-

YYMMDD format

July 2018

Page 203 of 477

Moneris Gateway API - Integration Guide

Req*

Value

Limits

Variable

Description
porate Card Line
Item Detail
Fixed length 6
Numeric, in
YYMMDD format

N

Ship Date

6-character numeric

ship_date_l

YYMMDD format

The date the merchandise was
shipped to the destination
Fixed length 6
Numeric, in
YYMMDD format

N

Order Date

6-character numeric

order_date1_ll

YYMMDD format

The date the item
was ordered
Fixed length 6-character numeric, in
YYMMDD format

Y

Product Code

12-character alphanumeric

product_code1_ll

Line item Product
Code
Contains the nonfuel related
product code of
the individual item
purchased

Y

Item Description

35-character alphanumeric

item_description_ll

Line Item description
Contains the
description of the
individual item purchased

Y

Item Quantity

12-character alphanumeric

item_quantity_ll

Quantity of line
item
Up to 5 decimal
places supported

Page 204 of 477

July 2018

7 Level 2/3 Transactions

Req*

Value

Limits

Variable

Description
Minimum amount
is 0.0 and maximum is
9999999.99999

Y

Unit Cost

12-character decimal

unit_cost_ll

Line item cost per
unit.
Must contain a
minimum of 2
decimal places, up
to 5 decimal places
supported.
Minimum amount
is 0.00001 and maximum is
999999.99999

Y

Item Unit Measure

12-character alphanumeric

item_unit_measure_
ll

The line item unit
of measurement
code
ANSI X-12 EDI
Allowable Units of
Measure and
Codes

Y

Extended Item
Amount

9-character decimal

ext_item_amount_ll

Contains the individual item
amount that is normally calculated as
price multiplied by
quantity
Must contain 2
decimal places
Minimum amount
is 0.00 and maximum is 999999.99

N

Discount
Amount

9-character decimal

discount_amount_ll

Contains the item
discount amount
Must contain 2
decimal places
Minimum amount

July 2018

Page 205 of 477

Moneris Gateway API - Integration Guide

Req*

Value

Limits

Variable

Description
is 0.00 and maximum is 999999.99

N

Commodity
Code

15-character alphanumeric

commodity_code_ll

Code assigned to
the merchant that
best categorizes
the item(s) being
purchased

C

Tax

Up to 6 arrays

tax_l

Can have up to 6
arrays containing
different tax details
–see Tax Array
Request Fields
table below for
each field description
NOTE: If you use
this variable, you
must fill in all the
fields of tax array
mentioned below.

7.3.8.3 Tax Array Object - MC Corpais
The tax array object is used when you use the Tax field of both MC Corpac and MC Corpal. If you use the
tax array object, all of the array fields must be sent.
Setting the tax array differs slightly between the two objects.

Setting tax array for MC Corpac
//Tax Details
$tax_amount_c = array("1.19", "1.29");
$tax_rate_c = array("6.0", "7.0");
$tax_type_c = array("GST", "PST");
$tax_id_c = array("gst1298", "pst1298");
$tax_included_in_sales_c = array("Y", "N");
//Create and set Tax for McCorpac
$mcTax_c = new mcTax();

Page 206 of 477

July 2018

7 Level 2/3 Transactions
$mcTax_c->setTax($tax_amount_c[0], $tax_rate_c[0], $tax_type_c[0], $tax_id_c
[0], $tax_included_in_sales_c[0]);
$mcTax_c->setTax($tax_amount_c[1], $tax_rate_c[1], $tax_type_c[1], $tax_id_c
[1], $tax_included_in_sales_c[1]);

Setting tax array for MC Corpal
//Tax Details for Items
$tax_amount_l = array("0.52", "1.48");
$tax_rate_l = array("13.0", "13.0");
$tax_type_l = array("HST", "HST");
$tax_id_l = array("hst1298", "hst1298");
$tax_included_in_sales_l = array("Y", "Y");
//Create and set Tax for McCorpal
$mcTax_l = array(new mcTax(), new mcTax());
$mcTax_l[0]->setTax($tax_amount_l[0], $tax_rate_l[0], $tax_type_l[0], $tax_id_
l[0], $tax_included_in_sales_l[0]);
$mcTax_l[1]->setTax($tax_amount_l[1], $tax_rate_l[1], $tax_type_l[1], $tax_id_
l[1], $tax_included_in_sales_l[1]);

Table 1: MC Corpais Tax Array Request Fields
Req*
Y

Value
Tax Amount

Limits
12-character decimal

Variable
tax_amount_c/tax_
amount_l

Description
Contains detail tax
amount for purchase of goods or
services
Must be 2 decimal
places. Minimum
amount is 0.00 and
maximum is
999999.99

Y

Tax Rate

5-character decimal

tax_rate_c/tax_
rate_l

Contains the
detailed tax rate
applied in relationship to a specific tax amount
EXAMPLE: 5% GST
should be ‘5.0’ or
or 9.975% QST

July 2018

Page 207 of 477

Moneris Gateway API - Integration Guide

Req*

Value

Limits

Variable

Description
should be ‘9.975’

May contain up to
3 decimals, minimum 0.001, maximum up to 9999.9
Y

Tax Type

4-character alphanumeric

tax_type_c/tax_
type_l

Contains tax type,
such as
GST,QST,PST,HST

Y

Tax ID

20-character alphanumeric

tax_id_c/tax_id_l

Provides an identification number
used by the card
acceptor with the
tax authority in
relationship to a
specific tax
amount, such as
GST/HST number

Y

Tax included in
sales indicator

1-character alphanumeric

tax_included_in_
sales_c/tax_
included_in_sales_l

This is the indicator
used to reflect additional tax capture
and reporting
Valid values are:
Y = Tax included in
total purchase amount
N = Tax not included in
total purchase amount

7.3.8.4 Sample Code for MC Corpais
Sample MC Corpais - Corporate Card Common Data with Line Item Details
setTax($tax_amount_c[0], $tax_rate_c[0], $tax_type_c[0], $tax_id_c[0], $tax_included_in_
sales_c[0]);
$mcTax_c->setTax($tax_amount_c[1], $tax_rate_c[1], $tax_type_c[1], $tax_id_c[1], $tax_included_in_
sales_c[1]);
//Create and set McCorpac for common data - only set values that you know
$mcCorpac = new mcCorpac();
$mcCorpac->setCustomerCode1($customer_code1_c);
$mcCorpac->setCardAcceptorTaxTd($card_acceptor_tax_id_c);
$mcCorpac->setCorporationVatNumber($corporation_vat_number_c);
$mcCorpac->setFreightAmount1($freight_amount_c);
$mcCorpac->setDutyAmount1($duty_amount_c);
$mcCorpac->setShipToPosCode($ship_to_pos_code_c);
$mcCorpac->setOrderDate($order_date_c);
$mcCorpac->setCustomerVatNumber($customer_vat_number_c);

July 2018

Page 209 of 477

Moneris Gateway API - Integration Guide

Sample MC Corpais - Corporate Card Common Data with Line Item Details
$mcCorpac->setUniqueInvoiceNumber($unique_invoice_number_c);
$mcCorpac->setAuthorizedContactName($authorized_contact_name_c);
$mcCorpac->setTax($mcTax_c);
//Create and set Tax for McCorpal
$mcTax_l = array(new mcTax(), new mcTax());
$mcTax_l[0]->setTax($tax_amount_l[0], $tax_rate_l[0], $tax_type_l[0], $tax_id_l[0], $tax_included_
in_sales_l[0]);
$mcTax_l[1]->setTax($tax_amount_l[1], $tax_rate_l[1], $tax_type_l[1], $tax_id_l[1], $tax_included_
in_sales_l[1]);
//Create and set McCorpal for each item
$mcCorpal = new mcCorpal();
$mcCorpal->setMcCorpal($customer_code1_l[0], $line_item_date_l[0], $ship_date_l[0], $order_date1_l
[0], $medical_services_ship_to_health_industry_number_l[0], $contract_number_l[0],
$medical_services_adjustment_l[0], $medical_services_product_number_qualifier_l[0], $product_
code1_l[0], $item_description_l[0], $item_quantity_l[0],
$unit_cost_l[0], $item_unit_measure_l[0], $ext_item_amount_l[0], $discount_amount_l[0],
$commodity_code_l[0], $type_of_supply_l[0], $vat_ref_num_l[0], $mcTax_l[0]);
$mcCorpal->setMcCorpal($customer_code1_l[1], $line_item_date_l[1], $ship_date_l[1], $order_date1_l
[1], $medical_services_ship_to_health_industry_number_l[1], $contract_number_l[1],
$medical_services_adjustment_l[1], $medical_services_product_number_qualifier_l[1], $product_
code1_l[1], $item_description_l[1], $item_quantity_l[1],
$unit_cost_l[1], $item_unit_measure_l[1], $ext_item_amount_l[1], $discount_amount_l[1],
$commodity_code_l[1], $type_of_supply_l[1], $vat_ref_num_l[1], $mcTax_l[1]);
//Create and set McLevel23
$mpgMcLevel23 = new mpgMcLevel23();
$mpgMcLevel23->setMcCorpac($mcCorpac);
$mpgMcLevel23->setMcCorpal($mcCorpal);
/*********************** Transactional Associative Array **********************/
$txnArray=array('type'=>$type,
'order_id'=>$order_id,
'txn_number'=>$txn_number,
);
/**************************** Transaction Object *****************************/
$mpgTxn = new mpgTransaction($txnArray);
$mpgTxn->setLevel23Data($mpgMcLevel23);
/****************************** Request Object *******************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/***************************** HTTPS Post Object *****************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
//Status check example
//$mpgHttpPost = new mpgHttpsPostStatus($store_id,$api_token,$status,$mpgRequest);
/******************************* Response ************************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());

Page 210 of 477

July 2018

7 Level 2/3 Transactions

Sample MC Corpais - Corporate Card Common Data with Line Item Details
print("\nTimedOut = " . $mpgResponse->getTimedOut());
//print("\nStatusCode = " . $mpgResponse->getStatusCode());
//print("\nStatusMessage = " . $mpgResponse->getStatusMessage());
?>

7.4 Level 2/3 American Express Transactions
l
l
l
l
l
l
l

7.4.1
7.4.2
7.4.4
7.4.5
7.4.6
7.4.7
7.4.8

Level 2/3 Transaction Types for Amex
Level 2/3 Transaction Flow for Amex
AX Completion
AX Force Post
AX Purchase Correction
AX Refund
AX Independent Refund

7.4.1 Level 2/3 Transaction Types for Amex
This transaction set includes a suite of corporate card financial transactions as well as a transaction that
allows for the passing of Level 2/3 data. Please ensure American Express Level 2/3 processing support is
enabled on your merchant account. Batch Close, Open Totals and Pre-authorization are identical to the
transactions outlined in the section Basic Transaction Set (page 11).
l

l

When the Pre-authorization response contains CorporateCard equal to true then you can submit
the AX transactions.
If CorporateCard is false then the card does not support Level 2/3 data and non Level 2/3 transaction are to be used. If the card is not a corporate card, please refer to 2 Basic Transaction Set for
the appropriate non-corporate card transactions.

NOTE: This transaction set is intended for transactions where Corporate Card is true and
Level 2/3 data will be submitted. If the credit card is found to be a corporate card but you do
not wish to send any Level 2/3 data then you may submit AX transactions using the transaction set outlined in the section Basic Transaction Set (page 11).

Pre-authorization – (authorization)
The preauth verifies and locks funds on the customer’s credit card. The funds are locked for a
specified amount of time, based on the card issuer. To retrieve the funds from a pre-auth so
that they may be settled in the merchant account a capture must be performed. CorporateCard will return as true if the card supports Level 2/3.

July 2018

Page 211 of 477

Moneris Gateway API - Integration Guide
AX Completion – (Capture/Pre-authorization Completion)
Once a Pre-authorization is obtained the funds that are locked need to be retrieved from the
customer’s credit card. The capture retrieves the locked funds and readies them for settlement in to the merchant account. Prior to performing an AXCompletion a Preauth must be
performed.
AX Force Post – (Force Capture/Pre-authorization Completion)
This transaction is an alternative to AX Completion to obtain the funds locked on a Pre-authorization obtained from IVR or equivalent terminal. The capture retrieves the locked funds and
readies them for settlement in to the merchant account.
AX Purchase Correction – (Void, Correction)
AX Completion and AX Force Post can be voided the same day* that they occur. A void must
be for the full amount of the transaction and will remove any record of it from the cardholder
statement. * An AX Purchase Correction can be performed against a transaction as long as
the batch that contains the original transaction remains open. When using the automated
closing feature, the batch close occurs daily between 10 – 11 pm EST.
AX Refund – (Credit)
An AX Refund can be performed against an AX Completion and AX Force Post to refund any
part, or all of the transaction.
AX Independent Refund – (Credit)
An AX Independent Refund can be performed against a purchase or a capture to refund any
part, or all of the transaction. Independent refund is used when the originating transaction
was not performed through Moneris Gateway. Please note, the Independent Refund transaction may or may not be supported on your account. If you receive a transaction not
allowed error when attempting an independent refund, it may mean the transaction is not
supported on your account. If you wish to have the AX Independent Refund transaction type
temporarily enabled (or re-enabled), please contact the Service Centre at 1-866-319-7450.

Page 212 of 477

July 2018

7 Level 2/3 Transactions

7.4.2 Level 2/3 Transaction Flow for Amex

July 2018

Page 213 of 477

Moneris Gateway API - Integration Guide

7.4.3 Level 2/3 Data Objects in Amex
l
l

7.4.3.1 About the Level 2/3 Data Objects for Amex
7.4.3.2 Defining the AxLevel23 Object
l
Table 1 Object
l
Table 2 Object
l
Table 3 Object

7.4.3.1 About the Level 2/3 Data Objects for Amex
Many of the Level 2/3 transaction requests using American Express also include a mandatory data object
called AxLevel23. AxLevel23 is also comprised of other objects, also described in this section.
The Level 2/3 data objects within this section apply to all of the following transactions and are passed as
part of the transaction request for:
AX Completion
AX Force Post
AX Refund
AX Independent Refund

l
l
l
l

Things to Consider:
l
l

Please ensure the addendum data below is complete and accurate.
Please ensure the math on quantities calculations, amounts, discounts, taxes, etc. properly adds up to the overall transaction amount. Incorrect amounts will cause the transaction to be rejected.

7.4.3.2 Defining the AxLevel23 Object

AxLevel23 object definition
$mpgAxLevel23 = new mpgAxLevel23();

The AXLevel23 object itself has three objects, Table1, Table2 and Table3, all of which are mandatory.
Table 1: AxLevel23 Object
Req*
Y

Value
Table1

Page 214 of 477

Limits
Object

Set Method

Description

$mpgAxLevel23>setTable1($big04,
$big05, $big10,
$axN1Loop);

Refer below for further breakdown
and definition of
table1

July 2018

7 Level 2/3 Transactions

Req*

Value

Limits

Set Method

Description

Y

Table2

Object

$mpgAxLevel23>setTable2
($axItLoop);

Refer below for further breakdown
and definition of
table2

Y

Table3

Object

$mpgAxLevel23>setTable3
($taxTbl3);

Refer below for further breakdown
and definition of
table3

*Y = Required, N = Optional, C = Conditional
Table 1 Object

Table 1 contains the addendum data heading information. Contains information such as identification
elements that uniquely identify an invoice (transaction), the customer name and shipping address.

Table 1 object definition
$mpgAxLevel23->setTable1($big04, $big05, $big10, $axN1Loop);

Table 1: AxLevel23 object - Table 1 object fields
Req*
C

Value
Purchase Order
Number

Limits
22-character alphanumeric

Set Method
'big04'=>$big04

Description
The cardholder supplied Purchase Order
Number, which is
entered by the merchant at the point-ofsale
This entry is used in
the Statement/Reporting process and may include
accounting information specific to the
client
NOTE: This element
is mandatory, if the
merchant’s customer
provides a Purchase
Order Number.

N

Release Number

July 2018

30-character alphanumeric

'big05'=>$big05

A number that identifies a release

Page 215 of 477

Moneris Gateway API - Integration Guide

Req*

Value

Limits

Set Method

Description
against a Purchase
Order previously
placed by the parties
involved in the transaction

N

Invoice Number

8-character alphanumeric

'big10'=>$big10

Contains the Amex
invoice/reference
number

N

N1Loop

Object

'n1Loop'=>$n1Loop

Refer below for further breakdown and
definition of N1Loop
object

*Y = Required, N = Optional, C = Conditional
Table 1 also has its own objects:
l
l

N1Loop object
AxRef object

Table 1 - Setting the N1Loop Object

The N1Loop data set contains the Requester names. It can also optionally contain the buying group, ship
from, ship to and receiver details.
A minimum of at least 1 n1Loop must be set. Up to 5 n1Loop can be set.

N1Loop object definition
$axN1Loop = new axN1Loop();
$axN1Loop->setN1Loop($n101, $n102, $n301, $n401, $n402, $n403, $axRef1);

Table 1: AxLevel23 object - Table 1 object - N1Loop object fields
Req*
Y

Value
Entity Identifier
Code

Limits
2-character alphanumeric

Variable or Set Method
n101

Description
Supported values:
R6 - Requester
(required)
BG - Buying Group
(optional)
SF - Ship From
(optional)
ST - Ship To (optional)

Page 216 of 477

July 2018

7 Level 2/3 Transactions

Req*

Value

Limits

Variable or Set Method

Description
40 - Receiver (optional)

Y

Name

40-character alphanumeric

n102

n101
code

n102
meaning

R6

Requester
Name

BG

Buying Group
Name

SF

Ship
From Name

ST

Ship To Name

40

Receiver Name

N

Address

40-character alphanumeric

n301

Address

N

City

30-character alphanumeric

n401

City

N

State or Province

2-character alphanumeric

n402

State or province

N

Postal Code

15-character alphanumeric

n403

Postal Code

N

AxRef

Object

$axRef1 = new axRef
();

Refer below for further breakdown
and definition of
AxRef object.
This object contains the customer
postal code (mandatory) and customer reference
number (optional)
A minimum of 1
axRef1 must be
set; maximum of 2
axRef1’s may be
set

*Y = Required, N = Optional, C = Conditional

July 2018

Page 217 of 477

Moneris Gateway API - Integration Guide
Table 1 - Setting the AxRef Object

Setting AXRef object
$axRef1 = new axRef();
$ref01 = array("4C", "CR"); //Reference ID Qualifier
$ref02 = array("M5T3A5", "16802309004"); //Reference ID
$axRef1->setRef($ref01[0], $ref02[0]);
$axRef1->setRef($ref01[1], $ref02[1]);

Table 1: AxLevel23 object - Table 1 object - AxRef object fields
Req*
Y

Value
Reference
Identification
Qualifier

Limits
2-character alphanumeric

Variable
ref01

Description
This element may contain the following qualifiers for the
corresponding occurrences of the N1Loop:
n101
value
R6

ref01
denotation
Supported values:
4C - Shipment
Destination
Code (mandatory)
CR - Customer
Reference
Number (conditional)

Y

Reference
Identification

Page 218 of 477

15-character alphanumeric

ref02

BG

n/a

SF

n/a

ST

n/a

40

n/a

This field must be populated for each ref01
provided

July 2018

7 Level 2/3 Transactions

Req*

Value

Limits

Variable

Description
ref01 ref02 denotavalue
tion
4C
(n101
value =
R6)

This element must
contain the Amex
Ship-to Postal Code
of the destination
where the commodity was shipped.
If the Ship-to Postal
Code is unavailable,
the postal code of
the merchant location where the
transaction took
place may be substituted.

CR
(n101
value =
R6):

This element must
contain the Amex
Card member Reference Number (e.g.,
purchase order, cost
center, project number, etc.) that corresponds to this
transaction, if
provided by the
Cardholder.
This information
may be displayed in
the statement/reporting process and may include
client-specific
accounting information.

*Y = Required, N = Optional, C = Conditional
Table 2 Object

Table 2 includes the transaction’s addendum detail. It contains transaction data including reference
codes, debit or credit and tax amounts, line item detail descriptions, shipping information and much
more. All transaction data in an invoice relate to a single transaction and cardholder account number.

Table 2 object definition
$mpgAxLevel23->setTable2($axItLoop);

July 2018

Page 219 of 477

Moneris Gateway API - Integration Guide
Table 1: AxLevel23 object - Table 2 object fields
Req*
N

Value
It1loop

Limits
Object

Set Method

Description

'axIt1Loop'=>$axIt1Loop

Refer below for
further breakdown and
definition of
object details.

*Y = Required, N = Optional, C = Conditional
Table 2 - Setting the AxIt1Loop Object

The AxIt1Loop data defines the baseline item data for the invoice. This data is defined for each item/service purchased and included within this invoice. This data set contains basic transaction data, including
quantity, unit of measure, unit price and goods/services reference information.
l
l

A minimum of 1 it1Loop required
A maximum of 999 it1Loop’s supported

AxIt1Loop object definition
$axItLoop = new axIt1Loop();
$axItLoop->setIt1Loop($it102[0], $it103[0], $it104[0], $it105[0], $it106s[0],
$txi[0], $pam05[0], $pid05[0]);
$axItLoop->setIt1Loop($it102[1], $it103[1], $it104[1], $it105[1], $it106s[1],
$txi[1], $pam05[1], $pid05[1]);

Table 1: AxLevel23 object - Table 2 object - AxIt1Loop object fields
Req*
Y

Value
Line Item Quantity Invoiced

Limits
10-character decimal

Variable
it102

Description
Quantity of line
item
Up to 2 decimal
places supported
Minimum amount
is 0.0 and maximum is
9999999999

Y

Unit or Basis for
Measurement
Code

Page 220 of 477

2-character alphanumeric

it103

The line item unit
of measurement
code

July 2018

7 Level 2/3 Transactions

Req*

Value

Limits

Variable

Description
Must contain a
code that specifies
the units in which
the value is
expressed or the
manner in which a
measurement is
taken
EXAMPLE: EA =
each, E5=inches

See ANSI X-12 EDI
Allowable Units of
Measure and
Codes for the list
of codes
Y

Unit Price

15-character decimal

it104

Line item cost per
unit
Must contain 2
decimal places
Minimum amount
is 0.00 and maximum is 999999.99

N

Basis or Unit
Price Code

2-character alphanumeric

it105

Code identifying
the type of unit
price for an item
EXAMPLE: DR =
dealer, AP =
advise price

See ASC X12
004010 Element
639 for list of codes
N

AxIt106s

object

it106s

Refer below for further breakdown
and definition of
object details.

N

AxTxi

object

txi

Refer below for further breakdown

July 2018

Page 221 of 477

Moneris Gateway API - Integration Guide

Req*

Value

Limits

Variable

Description
and definition of
object details
A maximum of 12
AxTxi (tax information data sets)
may be defined
NOTE: that if line
item level tax
information is populated in AxTxi in
Table2, then tax
totals for the
entire invoice
(transaction) must
be entered in
Table3.

Y

Line Item Extended Amount

8-character decimal

pam05

Contains the individual item
amount that is normally calculated as
price multiplied by
quantity
Must contain 2
decimal places
Minimum amount
is 0.00 and maximum is 99999.99

Y

Line Item Description

80-character alphanumeric

pid05

Line Item description
Contains the
description of the
individual item purchased
This field pertain to
each line item in
the transaction

*Y = Required, N = Optional, C = Conditional
Table 2 - Setting the AxIt106s Object

$it10618 = array("MG", "MG", "MG", "MG", "MG"); //Product/Service ID qualifier

Page 222 of 477

July 2018

7 Level 2/3 Transactions
$it10719 = array("DJFR4", "JFJ49", "FEF33", "FEE43", "DISCOUNT");
//Product/Service ID (corresponds to it10618)
$it106s = array();
$it106s[0] = new axIt106s($it10618[0], $it10719[0]);
$it106s[1] = new axIt106s($it10618[1], $it10719[1]);
$it106s[2] = new axIt106s($it10618[2], $it10719[2]);
$it106s[3] = new axIt106s($it10618[3], $it10719[3]);
$it106s[4] = new axIt106s($it10618[4], $it10719[4]);

Table 1: AxLevel23 object - Table 2 object - AxIt106s object fields
Req*
N

Value
Product/Service
ID Qualifier

Limits
2-character alphanumeric

Set Method

Description

'it10618'=>$it10618

Supported values:
MG - Manufacturer’s
Part Number
VC - Supplier Catalog
Number
SK - Supplier Stock
Keeping Unit Number
UP - Universal Product
Code
VP – Vendor Part Number
PO – Purchase Order
Number
AN – Client Defined
Asset Code

N

Product/Service
ID

it10618

it10719 size/type

VC

20-character
alphanumeric

PO

22-character
alphanumeric

Other

30-character
alphanumeric

'it10719'=>$it10719

Product/Service ID
corresponds to the
preceding qualifier
defined by it10618
The maximum
length depends on
the qualifier
defined in it10618

*Y = Required, N = Optional, C = Conditional
Table 2 - Setting the AxTxi Object

Table 2 AxiTxi object definition
$txi01_GST = array("GS", "GS", "GS", "GS", "GS"); //Tax type code

July 2018

Page 223 of 477

Moneris Gateway API - Integration Guide
$txi02_GST = array("0.70", "1.75", "1.00", "0.80","0.00"); //Monetary amount
$txi03_GST = array("5.0", "5.0", "5.0", "5.0","5.0"); //Percent
$txi06_GST = array("", "", "", "",""); //Tax exempt code
$txi01_PST = array("PG", "PG", "PG","PG","PG"); //Tax type code
$txi02_PST = array("0.80", "2.00", "1.00", "0.80","0.00"); //Monetary amount
$txi03_PST = array("7.0", "7.0", "7.0", "7.0","7.0"); //Percent
$txi06_PST = array("", "", "", "",""); //Tax exempt code
$txi = array(new axTxi(), new axTxi(), new axTxi(), new axTxi(), new axTxi());
$txi[0]->setTxi($txi01_GST[0], $txi02_GST[0], $txi03_GST[0], $txi06_GST[0]);
$txi[0]->setTxi($txi01_PST[0], $txi02_PST[0], $txi03_PST[0], $txi06_PST[0]);
$txi[1]->setTxi($txi01_GST[1], $txi02_GST[1], $txi03_GST[1], $txi06_GST[1]);
$txi[1]->setTxi($txi01_PST[1], $txi02_PST[1], $txi03_PST[1], $txi06_PST[1]);
$txi[2]->setTxi($txi01_GST[2], $txi02_GST[2], $txi03_GST[2], $txi06_GST[2]);
$txi[2]->setTxi($txi01_PST[2], $txi02_PST[2], $txi03_PST[2], $txi06_PST[2]);
$txi[3]->setTxi($txi01_GST[3], $txi02_GST[3], $txi03_GST[3], $txi06_GST[3]);
$txi[3]->setTxi($txi01_PST[3], $txi02_PST[3], $txi03_PST[3], $txi06_PST[3]);
$txi[4]->setTxi($txi01_GST[4], $txi02_GST[4], $txi03_GST[4], $txi06_GST[4]);
$txi[4]->setTxi($txi01_PST[4], $txi02_PST[4], $txi03_PST[4], $txi06_PST[4]);

Table 1: AxLevel23 object - Table 2 object - AxiTxi object fields
Req*
C

Value
Tax Type code

Limits
txi01

Variable
2-character alphanumeric

Description
Tax type code
applicable to
Canada and US
only
For Canada, this
field must contain
a code that specifies the type of
tax
If txi01 is used,
then txi02, txi03 or
txi06 must be populated
Valid codes include

Page 224 of 477

July 2018

7 Level 2/3 Transactions

Req*

Value

Limits

Variable

Description
the following:
CT – County/Tax
(optional)
CA – City Tax
(optional)
EV – Environmental
Tax (optional)
GS – Good and Services Tax (GST)
(optional)
LS – State and Local
Sales Tax (optional)
LT – Local Sales Tax
(optional)
PG – Provincial Sales
Tax (PST) (optional)
SP – State/Provincial
Tax a.k.a. Quebec
Sales Tax (QST)
(optional)
ST – State Sales Tax
(optional)
TX – All Taxes
(required)
VA – Value-Added Tax
a.k.a. Canadian Harmonized Sales Tax
(HST) (optional)

C

Monetary
Amount

txi02

6-character decimal

This element may
contain the monetary tax amount
that corresponds
to the Tax Type
Code in txi01
NOTE:
If txi02 is used in
mandatory occurrence txi01=TX, txi02
must contain the
total tax amount
applicable to the
entire invoice (transaction)
If taxes are not

July 2018

Page 225 of 477

Moneris Gateway API - Integration Guide

Req*

Value

Limits

Variable

Description
applicable for the
entire invoice (transaction), txi02 must
be 0.00.

The maximum
value that can be
entered in this
field is “9999.99”,
which is $9,999.99
(CAD)
A debit is entered
as: 9999.99
A credit is entered
as: –9999.99
C

Percent

txi03

10-character decimal

Contains the tax
percentage (in
decimal format)
that corresponds
to the tax type
code defined in
txi01
Up to 2 decimal
places supported

C

Tax Exempt Code

txi06

1-character alphanumeric

This element may
contain the Tax
Exempt Code that
identifies the
exemption status
from sales and tax
that corresponds
to the Tax Type
Code in txi01
Supported values:
1 – Yes (Tax Exempt)
2 – No (Not Tax
Exempt)
4 – Not Exempt/For
Resale
A – Labor Taxable,
Material Exempt

Page 226 of 477

July 2018

7 Level 2/3 Transactions

Req*

Value

Limits

Variable

Description
B – Material Taxable,
Labor Exempt
C – Not Taxable
F – Exempt (Goods /
Services Tax)
G – Exempt (Provincial
Sales Tax)
L – Exempt Local Service
R – Recurring Exempt
U – Usage Exempt

*Y = Required, N = Optional, C = Conditional
Table 3 Object

Table 3 includes the transaction addendum summary. It contains the total invoice (transaction) amount,
sales tax, freight and/or handling charges and invoice summary information, including total line items,
number of segments in the invoice, and the transaction set control number (a.k.a., batch number).

Table 3 object definition
$mpgAxLevel23->setTable3($taxTbl3);

Table 1: AxLevel23 object - Table 3 object fields
Req*
C

Value
AxTxi

Limits
Object

Set Method

Description

'taxTbl3'=>$taxTbl3

Refer below for further breakdown
and definition of
object details.
NOTE: if line item
level tax information is populated
in AxTxi in Table2,
then tax totals for
the entire invoice
(transaction) must
be entered in
Table3. A maximum of 10
AxTxi’s may be set
in Table3.

July 2018

Page 227 of 477

Moneris Gateway API - Integration Guide
*Y = Required, N = Optional, C = Conditional
Table 3 - Setting the AxTxi Object

The mandatory tax information data set must contain the total tax amount applicable to the entire
invoice (transaction) which includes all line items identified in Table2. If taxes are not applicable for the
entire invoice (transaction), then txi02 must be set to 0.00.
Tax totals must be entered in this mandatory tax information segment in Table 3, even if line item detail
level tax data is reported in Table 2.
At least one occurrence of txi02, txi03 or txi06 is required.

Table 3 AxiTxi object definition
$taxTbl3 = new axTxi();
$taxTbl3->setTxi("GS", "4.25","5.0",""); //sum of GST taxes
$taxTbl3->setTxi("PG", "4.60","7.0",""); //sum of PST taxes
$taxTbl3->setTxi("TX", "8.85","13.0",""); //sum of all taxes
$mpgAxLevel23->setTable3($taxTbl3);

Table 1: AxLevel23 object - Table 3 object - AxiTxi object fields
Req*
C

Value
Tax Type code

Limits
txi01

Variable
2-character alphanumeric

Description
Tax type code
applicable to
Canada and US
only
For Canada, this
field must contain
a code that specifies the type of
tax
If txi01 is used,
then txi02, txi03 or
txi06 must be populated
Valid codes include
the following:
CT – County/Tax
(optional)
CA – City Tax
(optional)
EV – Environmental
Tax (optional)

Page 228 of 477

July 2018

7 Level 2/3 Transactions

Req*

Value

Limits

Variable

Description
GS – Good and Services Tax (GST)
(optional)
LS – State and Local
Sales Tax (optional)
LT – Local Sales Tax
(optional)
PG – Provincial Sales
Tax (PST) (optional)
SP – State/Provincial
Tax a.k.a. Quebec
Sales Tax (QST)
(optional)
ST – State Sales Tax
(optional)
TX – All Taxes
(required)
VA – Value-Added Tax
a.k.a. Canadian Harmonized Sales Tax
(HST) (optional)

C

Monetary
Amount

txi02

6-character decimal

This element may
contain the monetary tax amount
that corresponds
to the Tax Type
Code in txi01
NOTE:
If txi02 is used in
mandatory occurrence txi01=TX, txi02
must contain the
total tax amount
applicable to the
entire invoice (transaction)
If taxes are not
applicable for the
entire invoice (transaction), txi02 must
be 0.00.

The maximum
value that can be
entered in this
field is “9999.99”,
which is $9,999.99

July 2018

Page 229 of 477

Moneris Gateway API - Integration Guide

Req*

Value

Limits

Variable

Description
(CAD)
A debit is entered
as: 9999.99
A credit is entered
as: –9999.99

C

Percent

txi03

10-character decimal

Contains the tax
percentage (in
decimal format)
that corresponds
to the tax type
code defined in
txi01
Up to 2 decimal
places supported

C

Tax Exempt Code

txi06

1-character alphanumeric

This element may
contain the Tax
Exempt Code that
identifies the
exemption status
from sales and tax
that corresponds
to the Tax Type
Code in txi01
Supported values:
1 – Yes (Tax Exempt)
2 – No (Not Tax
Exempt)
4 – Not Exempt/For
Resale
A – Labor Taxable,
Material Exempt
B – Material Taxable,
Labor Exempt
C – Not Taxable
F – Exempt (Goods /
Services Tax)
G – Exempt (Provincial
Sales Tax)

Page 230 of 477

July 2018

7 Level 2/3 Transactions

Req*

Value

Limits

Variable

Description
L – Exempt Local Service
R – Recurring Exempt
U – Usage Exempt

*Y = Required, N = Optional, C = Conditional

7.4.4 AX Completion
The AX Completion transaction is used to secure the funds locked by a pre-authorization transaction.
When sending a capture request you will need two pieces of information from the original pre-authorization – the Order ID and the transaction number from the returned response.

AX Completion transaction object definition
$txnArray = array(‘type’=>’axcompletion', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for AX Completion
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

AX Completion transaction object values
Table 1: AX Completion transaction object mandatory values
Value

Type

Limits

Set Method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Completion amount

String

9-character decimal

'comp_amount'=>$comp_amount

Transaction number

String

255-character alphanumeric

'txn_number'=>$txn_number

E-commerce indicator

String

1-character alphanumeric

'crypt_type'=>$crypt

Level 2/3 Data

Object

n/a

$mpgTxn->setLevel23Data
($mpgAxLevel23);

July 2018

Page 231 of 477

Moneris Gateway API - Integration Guide

Sample AX Completion
setRef($ref01[0], $ref02[0]);
$axRef1->setRef($ref01[1], $ref02[1]);
$axN1Loop = new axN1Loop();
$axN1Loop->setN1Loop($n101, $n102, $n301, $n401, $n402, $n403, $axRef1);
$mpgAxLevel23->setTable1($big04, $big05, $big10, $axN1Loop);
//Create Table 2 with details
//the sum of the extended amount field (pam05) must equal the level 1 amount field
$it102
$it103
$it104
$it105

=
=
=
=

array("1", "1", "1", "1", "1"); //Line item quantity invoiced
array("EA", "EA", "EA", "EA", "EA"); //Line item unit or basis of measurement code
array("10.00", "25.00", "8.62", "10.00", "-10.00"); //Line item unit price
array("", "", "", "", ""); //Line item basis of unit price code

$it10618 = array("MG", "MG", "MG", "MG", "MG"); //Product/Service ID qualifier
$it10719 = array("DJFR4", "JFJ49", "FEF33", "FEE43", "DISCOUNT"); //Product/Service ID
(corresponds to it10618)
$txi01_GST
$txi02_GST
$txi03_GST
$txi06_GST

=
=
=
=

array("GS", "GS", "GS", "GS", "GS"); //Tax type code
array("0.70", "1.75", "1.00", "0.80","0.00"); //Monetary amount
array("", "", "", "",""); //Percent
array("", "", "", "",""); //Tax exempt code

$txi01_PST = array("PG", "PG", "PG","PG","PG"); //Tax type code
$txi02_PST = array("0.80", "2.00", "1.00", "0.80","0.00"); //Monetary amount
$txi03_PST = array("", "", "", "",""); //Percent
$txi06_PST = array("", "", "", "",""); //Tax exempt code
$pam05 = array("11.50", "28.75", "10.62", "11.50", "-10.00"); //Extended line-item amount
$pid05 = array("Stapler", "Lamp", "Bottled Water", "Fountain Pen", "DISCOUNT"); //Line item
description
$it106s = array(new axIt106s(), new axIt106s(), new axIt106s(), new axIt106s(), new axIt106s());
$it106s[0]->setIt10618($it10618[0]);
$it106s[0]->setIt10719($it10719[0]);

Page 232 of 477

July 2018

7 Level 2/3 Transactions

Sample AX Completion
$it106s[1]->setIt10618($it10618[1]);
$it106s[1]->setIt10719($it10719[1]);
$it106s[2]->setIt10618($it10618[2]);
$it106s[2]->setIt10719($it10719[2]);
$it106s[3]->setIt10618($it10618[3]);
$it106s[3]->setIt10719($it10719[3]);
$it106s[4]->setIt10618($it10618[4]);
$it106s[4]->setIt10719($it10719[4]);
$txi = array(new axTxi(), new axTxi(), new axTxi(), new axTxi(), new axTxi());
$txi[0]->setTxi($txi01_GST[0], $txi02_GST[0], $txi03_GST[0], $txi06_GST[0]);
$txi[0]->setTxi($txi01_PST[0], $txi02_PST[0], $txi03_PST[0], $txi06_PST[0]);
$txi[1]->setTxi($txi01_GST[1], $txi02_GST[1], $txi03_GST[1], $txi06_GST[1]);
$txi[1]->setTxi($txi01_PST[1], $txi02_PST[1], $txi03_PST[1], $txi06_PST[1]);
$txi[2]->setTxi($txi01_GST[2], $txi02_GST[2], $txi03_GST[2], $txi06_GST[2]);
$txi[2]->setTxi($txi01_PST[2], $txi02_PST[2], $txi03_PST[2], $txi06_PST[2]);
$txi[3]->setTxi($txi01_GST[3], $txi02_GST[3], $txi03_GST[3], $txi06_GST[3]);
$txi[3]->setTxi($txi01_PST[3], $txi02_PST[3], $txi03_PST[3], $txi06_PST[3]);
$txi[4]->setTxi($txi01_GST[4], $txi02_GST[4], $txi03_GST[4], $txi06_GST[4]);
$txi[4]->setTxi($txi01_PST[4], $txi02_PST[4], $txi03_PST[4], $txi06_PST[4]);
$axItLoop = new axIt1Loop();
$axItLoop->setIt1Loop($it102[0], $it103[0], $it104[0], $it105[0], $it106s[0], $txi[0], $pam05[0],
$pid05[0]);
$axItLoop->setIt1Loop($it102[1], $it103[1], $it104[1], $it105[1], $it106s[1], $txi[1], $pam05[1],
$pid05[1]);
$axItLoop->setIt1Loop($it102[2], $it103[2], $it104[2], $it105[2], $it106s[2], $txi[2], $pam05[2],
$pid05[2]);
$axItLoop->setIt1Loop($it102[3], $it103[3], $it104[3], $it105[3], $it106s[3], $txi[3], $pam05[3],
$pid05[3]);
$axItLoop->setIt1Loop($it102[4], $it103[4], $it104[4], $it105[4], $it106s[4], $txi[4], $pam05[4],
$pid05[4]);
$mpgAxLevel23->setTable2($axItLoop);
//Create Table 3 with details
$taxTbl3 = new axTxi();
$taxTbl3->setTxi("GS", "4.25","",""); //sum of GST taxes
$taxTbl3->setTxi("PG", "4.60","",""); //sum of PST taxes
$taxTbl3->setTxi("TX", "8.85","",""); //sum of all taxes
$mpgAxLevel23->setTable3($taxTbl3);
/*********************** Transactional Associative Array **********************/
$txnArray=array('type'=>$type,
'order_id'=>$order_id,
'comp_amount'=>$comp_amount,
'txn_number'=> $txn_number,
'crypt_type'=>$crypt
);
/**************************** Transaction Object *****************************/
$mpgTxn = new mpgTransaction($txnArray);
$mpgTxn->setLevel23Data($mpgAxLevel23);
/****************************** Request Object *******************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/***************************** HTTPS Post Object *****************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
//Status check example
//$mpgHttpPost = new mpgHttpsPostStatus($store_id,$api_token,$status,$mpgRequest);
/******************************* Response ************************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());

July 2018

Page 233 of 477

Moneris Gateway API - Integration Guide

Sample AX Completion
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
//print("\nStatusCode = " . $mpgResponse->getStatusCode());
//print("\nStatusMessage = " . $mpgResponse->getStatusMessage());
?>

7.4.5 AX Force Post
The AX Force Post transaction is used to secure the funds locked by a pre-authorization transaction performed over IVR or equivalent terminal. When sending an AX Force Post request, you will need the order
ID, amount, credit card number, expiry date, authorization code and e-commerce indicator.

AX Force Post transaction object definition
$txnArray = array(‘type’=>’axforcepost', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for AX Force Post transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

AX Force Post transaction object values
Table 1: AX Force Post transaction object mandatory values
Value

Type

Limits

Set Method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Amount

String

9-character decimal

'amount'=>$amount

Credit card number

String

20-character alphanumeric

'pan'=>$pan

Expiry date

String

4-character alphanumeric

'expdate'=>$expiry_date

Page 234 of 477

July 2018

7 Level 2/3 Transactions

Value

Type

Limits

Set Method

(YYMM format)
Authorization code

String

8-character alphanumeric

'auth_code'=>$auth_code

E-commerce indicator

String

1-character alphanumeric

'crypt_type'=>$crypt

Level 2/3 Data

Object

n/a

$mpgTxn->setLevel23Data
($mpgAxLevel23);

Table 2: AX Force Post transaction object optional values
Value
Customer ID

Type
String

Limits
50-character alphanumeric

Set Method
'cust_id'=>$cust_id

Sample AX Force Post
setRef($ref01[0], $ref02[0]);
$axRef1->setRef($ref01[1], $ref02[1]);
$axN1Loop = new axN1Loop();
$axN1Loop->setN1Loop($n101, $n102, $n301, $n401, $n402, $n403, $axRef1);
$mpgAxLevel23->setTable1($big04, $big05, $big10, $axN1Loop);
//Create Table 2 with details
//the sum of the extended amount field (pam05) must equal the level 1 amount field
$it102
$it103
$it104
$it105

=
=
=
=

array("1", "1", "1", "1", "1"); //Line item quantity invoiced
array("EA", "EA", "EA", "EA", "EA"); //Line item unit or basis of measurement code
array("10.00", "25.00", "8.62", "10.00", "-10.00"); //Line item unit price
array("", "", "", "", ""); //Line item basis of unit price code

$it10618 = array("MG", "MG", "MG", "MG", "MG"); //Product/Service ID qualifier
$it10719 = array("DJFR4", "JFJ49", "FEF33", "FEE43", "DISCOUNT"); //Product/Service ID
(corresponds to it10618)
$txi01_GST
$txi02_GST
$txi03_GST
$txi06_GST

=
=
=
=

array("GS", "GS", "GS", "GS", "GS"); //Tax type code
array("0.70", "1.75", "1.00", "0.80","0.00"); //Monetary amount
array("", "", "", "",""); //Percent
array("", "", "", "",""); //Tax exempt code

$txi01_PST = array("PG", "PG", "PG","PG","PG"); //Tax type code
$txi02_PST = array("0.80", "2.00", "1.00", "0.80","0.00"); //Monetary amount
$txi03_PST = array("", "", "", "",""); //Percent
$txi06_PST = array("", "", "", "",""); //Tax exempt code
$pam05 = array("11.50", "28.75", "10.62", "11.50", "-10.00"); //Extended line-item amount
$pid05 = array("Stapler", "Lamp", "Bottled Water", "Fountain Pen", "DISCOUNT"); //Line item
description
$it106s = array();
$it106s[0] = new axIt106s($it10618[0], $it10719[0]);
$it106s[1] = new axIt106s($it10618[1], $it10719[1]);
$it106s[2] = new axIt106s($it10618[2], $it10719[2]);
$it106s[3] = new axIt106s($it10618[3], $it10719[3]);
$it106s[4] = new axIt106s($it10618[4], $it10719[4]);
$txi = array(new axTxi(), new axTxi(), new axTxi(), new axTxi(), new axTxi());
$txi[0]->setTxi($txi01_GST[0], $txi02_GST[0], $txi03_GST[0], $txi06_GST[0]);
$txi[0]->setTxi($txi01_PST[0], $txi02_PST[0], $txi03_PST[0], $txi06_PST[0]);
$txi[1]->setTxi($txi01_GST[1], $txi02_GST[1], $txi03_GST[1], $txi06_GST[1]);
$txi[1]->setTxi($txi01_PST[1], $txi02_PST[1], $txi03_PST[1], $txi06_PST[1]);
$txi[2]->setTxi($txi01_GST[2], $txi02_GST[2], $txi03_GST[2], $txi06_GST[2]);
$txi[2]->setTxi($txi01_PST[2], $txi02_PST[2], $txi03_PST[2], $txi06_PST[2]);
$txi[3]->setTxi($txi01_GST[3], $txi02_GST[3], $txi03_GST[3], $txi06_GST[3]);
$txi[3]->setTxi($txi01_PST[3], $txi02_PST[3], $txi03_PST[3], $txi06_PST[3]);
$txi[4]->setTxi($txi01_GST[4], $txi02_GST[4], $txi03_GST[4], $txi06_GST[4]);
$txi[4]->setTxi($txi01_PST[4], $txi02_PST[4], $txi03_PST[4], $txi06_PST[4]);
$axItLoop = new axIt1Loop();
$axItLoop->setIt1Loop($it102[0], $it103[0], $it104[0], $it105[0], $it106s[0], $txi[0], $pam05[0],
$pid05[0]);
$axItLoop->setIt1Loop($it102[1], $it103[1], $it104[1], $it105[1], $it106s[1], $txi[1], $pam05[1],
$pid05[1]);
$axItLoop->setIt1Loop($it102[2], $it103[2], $it104[2], $it105[2], $it106s[2], $txi[2], $pam05[2],
$pid05[2]);
$axItLoop->setIt1Loop($it102[3], $it103[3], $it104[3], $it105[3], $it106s[3], $txi[3], $pam05[3],
$pid05[3]);
//$axItLoop->setIt1Loop($it102[4], $it103[4], $it104[4], $it105[4], $it106s[4], $txi[4], $pam05
[4], $pid05[4]);
$mpgAxLevel23->setTable2($axItLoop);
//Create Table 3 with details

Page 236 of 477

July 2018

7 Level 2/3 Transactions

Sample AX Force Post
$taxTbl3 = new axTxi();
$taxTbl3->setTxi("GS", "4.25","",""); //sum of GST taxes
$taxTbl3->setTxi("PG", "4.60","",""); //sum of PST taxes
$taxTbl3->setTxi("TX", "8.85","",""); //sum of all taxes
$mpgAxLevel23->setTable3($taxTbl3);
/*********************** Transactional Associative Array **********************/
$txnArray=array('type'=>$type,
'order_id'=>$order_id,
'amount'=>$amount,
'pan'=>$pan,
'expdate'=>$expiry_date,
'auth_code'=>$auth_code,
'crypt_type'=>$crypt
);
/**************************** Transaction Object *****************************/
$mpgTxn = new mpgTransaction($txnArray);
$mpgTxn->setLevel23Data($mpgAxLevel23);
/****************************** Request Object *******************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/***************************** HTTPS Post Object *****************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
//Status check example
//$mpgHttpPost = new mpgHttpsPostStatus($store_id,$api_token,$status,$mpgRequest);
/******************************* Response ************************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
//print("\nStatusCode = " . $mpgResponse->getStatusCode());
//print("\nStatusMessage = " . $mpgResponse->getStatusMessage());
?>

7.4.6 AX Purchase Correction
The AX Purchase Correction (Void) transaction is used to cancel a transaction that was performed in the
current batch. No amount is required because a void is always for 100% of the original transaction. The
only transaction that can be voided using AX Purchase Correction is AX Completion and AX Force Post.
To send an AX Purchase Correction the Order ID and transaction number from the AX Completion or AX
Force Post are required.

July 2018

Page 237 of 477

Moneris Gateway API - Integration Guide

AX Purchase Correction transaction object definition
$txnArray = array(‘type’=>’axpurchasecorrection', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for AX Purchase Correction transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

AX Purchase Correction transaction object values
Table 1: AX Purchase Correction transaction object mandatory values
Value

Type

Limits

Set Method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Transaction number

String

255-character alphanumeric

'txn_number'=>$txn_number

E-commerce indicator

String

1-character alphanumeric

'crypt_type'=>$crypt

AX Purchase Correction
$type,
'order_id'=>$order_id,
'txn_number'=> $txn_number,
'crypt_type'=>$crypt_type
);
/**************************** Transaction Object *****************************/
$mpgTxn = new mpgTransaction($txnArray);
/****************************** Request Object *******************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/***************************** HTTPS Post Object *****************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Page 238 of 477

July 2018

7 Level 2/3 Transactions

AX Purchase Correction
//Status check example
//$mpgHttpPost = new mpgHttpsPostStatus($store_id,$api_token,$status,$mpgRequest);
/******************************* Response ************************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
//print("\nStatusCode = " . $mpgResponse->getStatusCode());
//print("\nStatusMessage = " . $mpgResponse->getStatusMessage());
?>

7.4.7 AX Refund
The AX Refund will credit a specified amount to the cardholder’s credit card. A refund can be sent up to
the full value of the original AX Completion or AX Force Post. To send an AX Refund you will require the
Order ID and transaction number from the original AX Completion or AX Force Post.

AX Refund transaction object definition
$txnArray = array(‘type’=>’axrefund', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for AX Refund transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

July 2018

Page 239 of 477

Moneris Gateway API - Integration Guide

AX Refund transaction object values
Table 1: AX Refund transaction object mandatory values
Value

Type

Limits

Set Method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Transaction number

String

255-character alphanumeric

'txn_number'=>$txn_number

Amount

String

9-character decimal

'amount'=>$amount

E-commerce indicator

String

1-character alphanumeric

'crypt_type'=>$crypt

Level 2/3 Data

Object

n/a

$mpgTxn->setLevel23Data
($mpgAxLevel23);

Sample AX Refund
setRef($ref01[0], $ref02[0]);
$axRef1->setRef($ref01[1], $ref02[1]);
$axN1Loop = new axN1Loop();
$axN1Loop->setN1Loop($n101, $n102, $n301, $n401, $n402, $n403, $axRef1);
$mpgAxLevel23->setTable1($big04, $big05, $big10, $axN1Loop);

Page 240 of 477

July 2018

7 Level 2/3 Transactions

Sample AX Refund
//Create Table 2 with details
//the sum of the extended amount field (pam05) must equal the level 1 amount field
$it102
$it103
$it104
$it105

=
=
=
=

array("1", "1", "1", "1", "1"); //Line item quantity invoiced
array("EA", "EA", "EA", "EA", "EA"); //Line item unit or basis of measurement code
array("10.00", "25.00", "8.62", "10.00", "-10.00"); //Line item unit price
array("", "", "", "", ""); //Line item basis of unit price code

$it10618 = array("MG", "MG", "MG", "MG", "MG"); //Product/Service ID qualifier
$it10719 = array("DJFR4", "JFJ49", "FEF33", "FEE43", "DISCOUNT"); //Product/Service ID
(corresponds to it10618)
$txi01_GST
$txi02_GST
$txi03_GST
$txi06_GST

=
=
=
=

array("GS", "GS", "GS", "GS", "GS"); //Tax type code
array("0.70", "1.75", "1.00", "0.80","0.00"); //Monetary amount
array("", "", "", "",""); //Percent
array("", "", "", "",""); //Tax exempt code

$txi01_PST = array("PG", "PG", "PG","PG","PG"); //Tax type code
$txi02_PST = array("0.80", "2.00", "1.00", "0.80","0.00"); //Monetary amount
$txi03_PST = array("", "", "", "",""); //Percent
$txi06_PST = array("", "", "", "",""); //Tax exempt code
$pam05 = array("11.50", "28.75", "10.62", "11.50", "-10.00"); //Extended line-item amount
$pid05 = array("Stapler", "Lamp", "Bottled Water", "Fountain Pen", "DISCOUNT"); //Line item
description
$it106s = array();
$it106s[0] = new axIt106s($it10618[0], $it10719[0]);
$it106s[1] = new axIt106s($it10618[1], $it10719[1]);
$it106s[2] = new axIt106s($it10618[2], $it10719[2]);
$it106s[3] = new axIt106s($it10618[3], $it10719[3]);
$it106s[4] = new axIt106s($it10618[4], $it10719[4]);
$txi = array(new axTxi(), new axTxi(), new axTxi(), new axTxi(), new axTxi());
$txi[0]->setTxi($txi01_GST[0], $txi02_GST[0], $txi03_GST[0], $txi06_GST[0]);
$txi[0]->setTxi($txi01_PST[0], $txi02_PST[0], $txi03_PST[0], $txi06_PST[0]);
$txi[1]->setTxi($txi01_GST[1], $txi02_GST[1], $txi03_GST[1], $txi06_GST[1]);
$txi[1]->setTxi($txi01_PST[1], $txi02_PST[1], $txi03_PST[1], $txi06_PST[1]);
$txi[2]->setTxi($txi01_GST[2], $txi02_GST[2], $txi03_GST[2], $txi06_GST[2]);
$txi[2]->setTxi($txi01_PST[2], $txi02_PST[2], $txi03_PST[2], $txi06_PST[2]);
$txi[3]->setTxi($txi01_GST[3], $txi02_GST[3], $txi03_GST[3], $txi06_GST[3]);
$txi[3]->setTxi($txi01_PST[3], $txi02_PST[3], $txi03_PST[3], $txi06_PST[3]);
$txi[4]->setTxi($txi01_GST[4], $txi02_GST[4], $txi03_GST[4], $txi06_GST[4]);
$txi[4]->setTxi($txi01_PST[4], $txi02_PST[4], $txi03_PST[4], $txi06_PST[4]);
$axItLoop = new axIt1Loop();
$axItLoop->setIt1Loop($it102[0], $it103[0], $it104[0], $it105[0], $it106s[0], $txi[0], $pam05[0],
$pid05[0]);
$axItLoop->setIt1Loop($it102[1], $it103[1], $it104[1], $it105[1], $it106s[1], $txi[1], $pam05[1],
$pid05[1]);
$axItLoop->setIt1Loop($it102[2], $it103[2], $it104[2], $it105[2], $it106s[2], $txi[2], $pam05[2],
$pid05[2]);
$axItLoop->setIt1Loop($it102[3], $it103[3], $it104[3], $it105[3], $it106s[3], $txi[3], $pam05[3],
$pid05[3]);
//$axItLoop->setIt1Loop($it102[4], $it103[4], $it104[4], $it105[4], $it106s[4], $txi[4], $pam05
[4], $pid05[4]);
$mpgAxLevel23->setTable2($axItLoop);
//Create Table 3 with details
$taxTbl3 = new axTxi();
$taxTbl3->setTxi("GS", "4.25","",""); //sum of GST taxes
$taxTbl3->setTxi("PG", "4.60","",""); //sum of PST taxes
$taxTbl3->setTxi("TX", "8.85","",""); //sum of all taxes
$mpgAxLevel23->setTable3($taxTbl3);

July 2018

Page 241 of 477

Moneris Gateway API - Integration Guide

Sample AX Refund
/*********************** Transactional Associative Array **********************/
$txnArray=array('type'=>$type,
'order_id'=>$order_id,
'amount'=>$amount,
'txn_number'=> $txn_number,
'crypt_type'=>$crypt
);
/**************************** Transaction Object *****************************/
$mpgTxn = new mpgTransaction($txnArray);
$mpgTxn->setLevel23Data($mpgAxLevel23);
/****************************** Request Object *******************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/***************************** HTTPS Post Object *****************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
//Status check example
//$mpgHttpPost = new mpgHttpsPostStatus($store_id,$api_token,$status,$mpgRequest);
/******************************* Response ************************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
//print("\nStatusCode = " . $mpgResponse->getStatusCode());
//print("\nStatusMessage = " . $mpgResponse->getStatusMessage());
?>

7.4.8 AX Independent Refund
The AX Independent Refund will credit a specified amount to the cardholder’s credit card. The independent refund does not require an existing order to be logged in the Moneris Gateway; however, the
credit card number and expiry date will need to be passed.

AX Independent Refund transaction object definition
$txnArray = array(‘type’=>’axind_refund', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for AX Independent Refund transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Page 242 of 477

July 2018

7 Level 2/3 Transactions

AX Independent Refund transaction object values
Table 1: AX Independent Refund transaction object mandatory values
Value

Type

Limits

Set Method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Amount

String

9-character decimal

'amount'=>$amount

Credit card number

String

20-character alphanumeric

'pan'=>$pan

Expiry date

String

4-character alphanumeric

'expdate'=>$expiry_date

(YYMM format)
E-commerce indicator

String

1-character alphanumeric

'crypt_type'=>$crypt

Table 2: AX Independent Refund transaction object optional values
Value
Customer ID

Type
String

Limits
50-character alphanumeric

Set Method
'cust_id'=>$cust_id

Sample AX Independent Refund
setRef($ref01[0], $ref02[0]);
$axRef1->setRef($ref01[1], $ref02[1]);
$axN1Loop = new axN1Loop();
$axN1Loop->setN1Loop($n101, $n102, $n301, $n401, $n402, $n403, $axRef1);
$mpgAxLevel23->setTable1($big04, $big05, $big10, $axN1Loop);
//Create Table 2 with details
//the sum of the extended amount field (pam05) must equal the level 1 amount field
$it102
$it103
$it104
$it105

=
=
=
=

array("1", "1", "1", "1", "1"); //Line item quantity invoiced
array("EA", "EA", "EA", "EA", "EA"); //Line item unit or basis of measurement code
array("10.00", "25.00", "8.62", "10.00", "-10.00"); //Line item unit price
array("", "", "", "", ""); //Line item basis of unit price code

$it10618 = array("MG", "MG", "MG", "MG", "MG"); //Product/Service ID qualifier
$it10719 = array("DJFR4", "JFJ49", "FEF33", "FEE43", "DISCOUNT"); //Product/Service ID
(corresponds to it10618)
$txi01_GST
$txi02_GST
$txi03_GST
$txi06_GST

=
=
=
=

array("GS", "GS", "GS", "GS", "GS"); //Tax type code
array("0.70", "1.75", "1.00", "0.80","0.00"); //Monetary amount
array("", "", "", "",""); //Percent
array("", "", "", "",""); //Tax exempt code

$txi01_PST = array("PG", "PG", "PG","PG","PG"); //Tax type code
$txi02_PST = array("0.80", "2.00", "1.00", "0.80","0.00"); //Monetary amount
$txi03_PST = array("", "", "", "",""); //Percent
$txi06_PST = array("", "", "", "",""); //Tax exempt code
$pam05 = array("11.50", "28.75", "10.62", "11.50", "-10.00"); //Extended line-item amount
$pid05 = array("Stapler", "Lamp", "Bottled Water", "Fountain Pen", "DISCOUNT"); //Line item
description
$it106s = array();
$it106s[0] = new axIt106s($it10618[0], $it10719[0]);
$it106s[1] = new axIt106s($it10618[1], $it10719[1]);
$it106s[2] = new axIt106s($it10618[2], $it10719[2]);
$it106s[3] = new axIt106s($it10618[3], $it10719[3]);
$it106s[4] = new axIt106s($it10618[4], $it10719[4]);
$txi = array(new axTxi(), new axTxi(), new axTxi(), new axTxi(), new axTxi());
$txi[0]->setTxi($txi01_GST[0], $txi02_GST[0], $txi03_GST[0], $txi06_GST[0]);
$txi[0]->setTxi($txi01_PST[0], $txi02_PST[0], $txi03_PST[0], $txi06_PST[0]);
$txi[1]->setTxi($txi01_GST[1], $txi02_GST[1], $txi03_GST[1], $txi06_GST[1]);
$txi[1]->setTxi($txi01_PST[1], $txi02_PST[1], $txi03_PST[1], $txi06_PST[1]);
$txi[2]->setTxi($txi01_GST[2], $txi02_GST[2], $txi03_GST[2], $txi06_GST[2]);
$txi[2]->setTxi($txi01_PST[2], $txi02_PST[2], $txi03_PST[2], $txi06_PST[2]);
$txi[3]->setTxi($txi01_GST[3], $txi02_GST[3], $txi03_GST[3], $txi06_GST[3]);
$txi[3]->setTxi($txi01_PST[3], $txi02_PST[3], $txi03_PST[3], $txi06_PST[3]);
$txi[4]->setTxi($txi01_GST[4], $txi02_GST[4], $txi03_GST[4], $txi06_GST[4]);
$txi[4]->setTxi($txi01_PST[4], $txi02_PST[4], $txi03_PST[4], $txi06_PST[4]);
$axItLoop = new axIt1Loop();
$axItLoop->setIt1Loop($it102[0], $it103[0], $it104[0], $it105[0], $it106s[0], $txi[0], $pam05[0],
$pid05[0]);
$axItLoop->setIt1Loop($it102[1], $it103[1], $it104[1], $it105[1], $it106s[1], $txi[1], $pam05[1],

Page 244 of 477

July 2018

7 Level 2/3 Transactions

Sample AX Independent Refund
$pid05[1]);
$axItLoop->setIt1Loop($it102[2], $it103[2], $it104[2], $it105[2], $it106s[2], $txi[2], $pam05[2],
$pid05[2]);
$axItLoop->setIt1Loop($it102[3], $it103[3], $it104[3], $it105[3], $it106s[3], $txi[3], $pam05[3],
$pid05[3]);
//$axItLoop->setIt1Loop($it102[4], $it103[4], $it104[4], $it105[4], $it106s[4], $txi[4], $pam05
[4], $pid05[4]);
$mpgAxLevel23->setTable2($axItLoop);
//Create Table 3 with details
$taxTbl3 = new axTxi();
$taxTbl3->setTxi("GS", "4.25","",""); //sum of GST taxes
$taxTbl3->setTxi("PG", "4.60","",""); //sum of PST taxes
$taxTbl3->setTxi("TX", "8.85","",""); //sum of all taxes
$mpgAxLevel23->setTable3($taxTbl3);
/*********************** Transactional Associative Array **********************/
$txnArray=array('type'=>$type,
'order_id'=>$order_id,
'cust_id'=>$cust_id,
'amount'=>$amount,
'pan'=>$pan,
'expdate'=>$expiry_date,
'crypt_type'=>$crypt
);
/**************************** Transaction Object *****************************/
$mpgTxn = new mpgTransaction($txnArray);
$mpgTxn->setLevel23Data($mpgAxLevel23);
/****************************** Request Object *******************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/***************************** HTTPS Post Object *****************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
//Status check example
//$mpgHttpPost = new mpgHttpsPostStatus($store_id,$api_token,$status,$mpgRequest);
/******************************* Response ************************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
//print("\nStatusCode = " . $mpgResponse->getStatusCode());
//print("\nStatusMessage = " . $mpgResponse->getStatusMessage());
?>

July 2018

Page 245 of 477

8 MPI
l
l
l
l
l
l

8.1
8.2
8.3
8.4
8.5
8.6

About MPI Transactions
3-D Secure Implementations (VbV, MCSC, SafeKey)
Activating VbV and MCSC
Activating Amex SafeKey
Transaction Flow for MPI
MPI Transactions

8.1 About MPI Transactions
The Moneris Gateway can enable transactions using the 3-D Secure protocol via Merchant Plug-In (MPI)
and Access Control Server (ACS) .
Moneris Gateway supports the following 3-D Secure implementations:
l
l
l

Verified by Visa (VbV)
Mastercard Secure Code (MCSC)
American Express SafeKey (applies to Canadian integrations only)

8.2 3-D Secure Implementations (VbV, MCSC, SafeKey)
Verified by Visa (VbV), MasterCard Secure Code (MCSC) and American Express SafeKey are programs
based on the 3-D Secure Protocol to improve the security of online transactions.
These programs involve authentication of the cardholder during an online e-commerce transaction.
Authentication is based on the issuer’s selected method of authentication.
The following are examples of authentication methods:
l
l
l

Risk-based authentication
Dynamic passwords
Static passwords.

Some benefits of these programs are reduced risk of fraudulent transactions and protection against
chargebacks for certain fraudulent transactions.

Additional eFraud features
To further decrease fraudulent activity, Moneris also recommends implementing the following features:
l
l

AVS: Address Verification Service (page 282)
CVD: Card Validation Digits ().

July 2018

Page 247 of 477

Moneris Gateway API - Integration Guide

8.3 Activating VbV and MCSC
To integrate Verified by Visa and/or MasterCard Secure Code transaction functionality in your system,
call Moneris Sales Support to have Moneris enroll you in the program(s) and enable the functionality on
your account.

8.4 Activating Amex SafeKey
To Activate Amex SafeKey transaction functionality with your system via the Moneris Gateway API:
1. Enroll in the SafeKey program with American Express
at: https://network.americanexpress.com/ca/en/safekey/index.aspx
2. Call your Moneris sales centre at 1-855-465-4980 to get Amex SafeKey functionality enabled on
your account.

8.5 Transaction Flow for MPI

Figure 3: Transaction flow diagram
1. Cardholder enters the credit card number and submits the transaction information to the merchant.
2. Upon receiving the transaction request, the merchant calls the MonerisMPI API and passes a
TXN type request. For sample code please refer to MpiTxn Request Transaction (page 252).
3. The Moneris MPI receives the request, authenticates the merchant and sends the transaction
information to Visa, MasterCard or American Express.
4. Visa/MasterCard/Amex verifies that the card is enrolled and returns the issuer URL.
5. Moneris MPI receives the response from Visa, MasterCard or Amex and forwards the information to the merchant.
6. The MonerisMPI API installed at the merchant receives the response from the Moneris MPI.
If the response is "Y" for enrolled, the merchant makes a call to the API, which opens a popup/inline window in the cardholder browser.
If the response is “N” for not enrolled, a transaction could be sent to the processor identifying it
as VBV/MCSC/SafeKey attempted with an ECI value of 6.

Page 248 of 477

July 2018

8 MPI

7.
8.
9.
10.
11.

12.

If the response is “U” for unable to authenticate or the response times out, the transaction can
be sent to the processor with an ECI value of 7. The merchant can then choose to continue with
the transaction and be liable for a chargeback, or the merchant can choose to end the transaction.
The cardholder browser uses the URL that was returned from Visa/MasterCard/Amex via the merchant to communicate directly to the bank. The contents of the popup are loaded and the cardholder enters the PIN.
The information is submitted to the bank and authenticated. A response is then returned to the
client browser.
The client browser receives the response from the bank, and forwards it to the merchant.
The merchant receives the response information from the cardholder browser, and passes an
ACS request type to the Moneris MPI API.
Moneris MPI receives the ACS request and authenticates the information. The Moneris MPI then
provides a CAVV value (getCavv()) and a crypt type (getMpiEciO) to the merchant.
If the getSuccess() of the response is “true”, the merchant may proceed with the cavv purchase
or cavv preauth.
If the getSuccess() of the response is “false” and the getMessage() is “N”, the transaction must be
cancelled because the cardholder failed to authenticate.
If the getSuccess() of the response is “false” and the getMessage is “U”, the transaction can be
processed as a normal purchase or PreAuth; however in this case the merchant assumes liability
of a chargeback.
If the response times out, the transaction can be processed as a normal purchase or PreAuth;
however in this case the merchant assumes liability of a chargeback.
The merchant retrieves the CAVV value, and formats a cavv purchase or a cavv preauth request
using the method that is normally used. As part of this transaction method, the merchant must
pass the CAVV value and the crypt type.

8.6 MPI Transactions
Any of the transaction objects that are defined in this section can be passed to the HttpsPostRequest
connection object defined in Section 16.5 (page 382)here.
TXN
Sends the initial transaction data to the Moneris MPI to verify whether the card is enrolled.
The browser returns a PARes as well as a success field.
ACS
Passes the PARes (received in the response to the TXN transaction) to the Moneris MPI API.
Cavv Purchase
After receiving confirmation from the ACS transaction, this verifies funds on the customer’s
card, removes the funds and prepares them for deposit into the merchant’s account.
Cavv Pre-Authorization
After receiving confirmation from the ACS transaction, this verifies and locks funds on the customer’s credit card. The funds are locked for a specified amount of time based on the card
issuer.

July 2018

Page 249 of 477

Moneris Gateway API - Integration Guide
To retrieve the funds that have been locked by a Pre-Authorization transaction so that they
may be settled in the merchant’s account, a basic Completion transaction (page 23) must be
performed. A PreAuthorization transaction may only be "completed" once.

NOTE: Cavv Purchase and Cavv Pre-Authorization transactions are also used to process
Apple Pay and Android Pay transactions. For further details on how to process these wallet
transactions, please refer to 10 Apple Pay In-App and on the Web Integration.

8.6.1 VbV, MCSC and SafeKey Responses
For each transaction, a crypt type is sent to identify whether it is a VbV-, MCSC- or SafeKey-authenticated
transaction. Below are the tables defining the possible crypt types as well as the possible VARes and
PARes responses.
Table 71: Crypt type definitions
Crypt
type
5

Visa definition
l
l

6

l
l

7

l
l
l

Fully authenticated
There is a liability shift,
and the merchant is protected from chargebacks

VbV has been attempted
There is a liability shift,
and the merchant is protected from certain
chargebacks on fraudulent transactions

Non-VbV transaction
No liability shift
Merchant is not protected from chargebacks

Page 250 of 477

MasterCard definition
l
l

l

l

l
l
l

Fully authenticated
There is a liability shift,
and the merchant is protected from chargebacks.

MCSC has been attempted
There is a liability shift,
and the merchant is protected from certain
chargebacks on fraudulent transactions

Non-MCSC transaction
No liability shift
Merchant is not protected from chargebacks

American Express Definition
l
l

l

l

l
l
l

Fully authenticated
There is a liability shift,
and the merchant is protected from chargebacks.

SafeKey has been attempted
There is a liability shift,
and the merchant is protected from certain
chargebacks on fraudulent transactions

Non-SafeKey transaction
No liability shift
Merchant is not protected from chargebacks

July 2018

8 MPI
Table 72: VERes response definitions
VERes Response

Response Definition

N

The card/issuer is not enrolled.
Sent as a normal Purchase/PreAuth transaction with a crypt type of 6.

U

The card type is not participating in VbV/MCSC/SafeKey. It could be corporate
card or another card plan that Visa/MasterCard/Amex excludes.
Proceed with a regular transaction with a crypt type of 7 or cancel the transaction.

Y

The card is enrolled.
Proceed to create the VbV/MCSC/SafeKey inline window for cardholder authentication. Proceed to PARes for crypt type.

Table 73: PARes response definitions
PARes response

Response definition

A

Attempted to verify PIN, and will receive a CAVV.
Send as a cavv_purchase/cavv_preAuth, which returns a crypt type of 6.

Y

Fully authenticated, and will receive a CAVV.
Send as a cavv_purchase/cavv_preAuth which will return a crypt type of 5.

N

Failed to authenticate. No CAVV is returned.
Cancel transaction.
Merchant may proceed with a crypt type of 7 although this is strongly discouraged.

Table 74: 3-D Secure/CAVV transaction handling
Step 1: VERes

Step 2: PARes

Cardholder/issuer
enrolled?

VbV/MCSC InLine
window response

Step 3: Transaction
Are you protected?

Y

Y

Send a CAVV transaction

Y

N

Cancel transaction. Authentication failed or high-risk
transaction.

Y

A

Send a CAVV transaction

U

n/a

Send a regular transaction with a crypt type of 7

N

n/a

Send a regular transaction with a crypt type of 6

July 2018

Page 251 of 477

Moneris Gateway API - Integration Guide

8.6.2 MpiTxn Request Transaction
MpiTxn transaction object definition
$txnArray = array(‘type’=>’mpitxn', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for MpiTxn transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

MpiTxn transaction values
For a full description of mandatory and optional values, see Appendix A Definitions of Request Fields
Table 75: MpiTxn transaction object mandatory values
Value

Type

Limits

Set method

XID

String

20-character alphanumeric

'xid'=>$xid

Credit card number

String

20-character numeric

'pan'=>$pan

Expiry date

String

4-character alphanumeric

'expdate'=>$expiry_date

(YYMM format)
Amount

String

9-character decimal

'amount'=>$amount

Must contain at least 3
digits including two
penny values.
MD

String

1024-character alphanumeric

MD=>$MD

Merchant URL

String

N/A

merchantUrl=>$merchantUrl

Accept

String

N/A

accept=>$accept

User Agent

String

N/A

userAgent=>$userAgent

Page 252 of 477

July 2018

8 MPI

Sample MpiTxn Request
'txn',
'xid'=>$xid,
'amount'=>$purchase_amount,
'pan'=>$pan,
'expdate'=>$expiry,
'MD'=> "xid=" . $xid //MD is merchant data that can be passed along
."&pan=" . $pan
."&expiry=".$expiry
."&amount=" .$purchase_amount,
'merchantUrl'=>$merchUrl,
'accept'=>$HTTP_ACCEPT,
'userAgent'=>$HTTP_USER_AGENT
);
$mpgTxn = new mpgTransaction($txnArray);
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production
transactions
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
$mpgResponse=$mpgHttpPost->getMpgResponse();
if($mpgResponse->getMpiMessage() == 'Y')
{
$vbvInLineForm = $mpgResponse->getMpiInLineForm();
print "$vbvInLineForm\n";
}
else {
if ($mpgResponse->getMpiMessage() == 'U') {
// merchant assumes liability for charge back (usu. corporate cards)
$crypt_type='7';
}
else {
// merchant is not liable for chargeback (attempt was made)
$crypt_type='6';
}
//Perform regular transaction with $crypt_type='7'
}
?>

8.6.2.1 TXN Response and Creating the Popup
The TXN request returns a response with one of several possible values. The get Message method of the
response object returns “Y”, “U”, or “N”.

July 2018

Page 253 of 477

Moneris Gateway API - Integration Guide
N
Purchase or Pre-Authorization can be sent as a crypt type of 6 (attempted authentication).
Y
A call to the API to create the VBV form is made.
U
(Returned for non-participating cards such as corporate cards)
Merchant can send the transaction with crypt_type 7. However, the merchant is liable for
chargebacks.

8.6.3 Vault MPI Transaction – ResMpiTxn
Vault MPI Transaction transaction object definition
$txnArray = array(‘type’=>’res_mpitxn', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Vault MPI Transaction transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Vault MPI Transaction transaction values
For a full description of mandatory and optional values, see Appendix A Definitions of Request Fields
Table 76: Vault MPI Transaction transaction object mandatory values
Value

Type

Limits

Set method

Data key

String

25-character alphanumeric

'data_key'=>$data_key

XID

String

20-character alphanumeric

'xid'=>$xid

Amount

String

9-character decimal

'amount'=>$amount

MD

String

1024-character alphanumeric

MD=>$MD

Merchant URL

String

n/a

merchantUrl=>$merchantUrl

Page 254 of 477

July 2018

8 MPI
Table 76: Vault MPI Transaction transaction object mandatory values (continued)
Value

Type

Limits

Set method

Accept

String

n/a

accept=>$accept

User Agent

String

n/a

userAgent=>$userAgent

Expiry date

String

4-character alphanumeric

'expdate'=>$expiry_date

(YYMM format)

Sample Vault MPI Transaction
'res_mpitxn',
data_key=>$data_key,
//expdate=>$expdate,
amount=>$amount,
xid=>$xid,
MD=>$MD,
merchantUrl=>$merchantUrl,
accept=>$accept,
userAgent=>$userAgent
);
/************************ Transaction Object *******************************/
$mpgTxn = new mpgTransaction($txnArray);
/************************ Request Object **********************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/************************ mpgHttpsPost Object ******************************/
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/************************ Response Object **********************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nMpiSuccess = " . $mpgResponse->getMpiSuccess());
if($mpgResponse->getMpiSuccess() == "true")
{
print($mpgResponse->getMpiInLineForm());
}
else

July 2018

Page 255 of 477

Moneris Gateway API - Integration Guide

Sample Vault MPI Transaction
{
print("\nMpiMessage = " . $mpgResponse->getMpiMessage());
}
?>

Vault response fields
For a list and explanation of (Receipt object) response fields that are available after sending this Vault
transaction, see Definitions of Response Fields (page 438).

8.6.4 MPI ACS Request Transaction
MPI ACS Request transaction object definition
$txnArray = array(‘type’=>’acs', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for MPI ACS Request transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

MPI ACS Request transaction values
For a full description of mandatory and optional values, see Appendix A Definitions of Request Fields
Table 77: MPI ACS Request transaction object mandatory values
Value

Type

Limits

Set method

XID

String

20-character alphanumeric

MD

String

1024-character alphanumeric

MD=>$MD

PARes

String

n/a

'PaRes'=>$PaRes

NOTE: Is the concatenated 20-character
prefix that forms part of the variable MD

Sample MPI ACS Request - CA
$type,
'PaRes'=>$PaRes,
'MD'=>$MD,
);
/****************************** Transaction Object *******************************/
$mpgTxn = new mpgTransaction($txnArray);
/******************************* Request Object **********************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/****************************** HTTPS Post Object *******************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/************************************* Response *********************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nMpiMessage = " . $mpgResponse->getMpiMessage());
print("\nMpiSuccess = " . $mpgResponse->getMpiSuccess());
if (strcmp($mpgResponse->getMpiSuccess(),"true") == 0)
{
print("\nCAVV = " . $mpgResponse->getMpiCavv());
print("\nECI = " . $mpgResponse->getMpiEci());
}
?>

8.6.4.1 ACS Response and Forming a Transaction
The ACS response contains the CAVV value and the e-commerce indicator. These values are to be passed
to the transaction engine using the Cavv Purchase or Cavv Pre-Authorization request. Please see the documentation provided by your payment solution.
Outlined below is how to send a transaction to Moneris Gateway.
if ( mpiRes.getSuccess().equals("true") )
{
//Send transaction to host using CAVV purchase or CAVV preauth, refer to sample
//code for Moneris Gateway. Call mpiRes.getCavv() to obtain the CAVV value.
//If you are using preauth/capture model, be sure to call getMessage() so the
//value can be stored and used in the capture transaction after on to protect
//your chargeback liability. (e.g. getMPIMessage()= A = crypt type of 6 for
//follow on transaction and getMPIMessage() = Y = crypt type of 5 for follow on
//transaction.
}
else
{
if (mpiRes.getMessage().equals(“N”))
{
//Do not send transaction as the cardholder failed authentication.
}
else
{
//Optional to send transaction using the mpg API. In this case merchant

July 2018

Page 257 of 477

Moneris Gateway API - Integration Guide
//assumes liability.
}
}

8.6.5 Purchase with 3-D Secure – cavv_purchase
The Purchase with 3-D Secure transaction follows a 3-D Secure MPI authentication. After receiving confirmation from the MPI ACS transaction, this Purchase verifies funds on the customer’s card, removes
the funds and prepares them for deposit into the merchant’s account.
To perform the 3-D Secure authentication, the Moneris MPI or any 3rd party MPI may be used.
This transaction can also be used to process an Apple Pay transaction. This transaction is applicable only
if choosing to integrate directly to Apple Wallet (if not using the Moneris Apple Pay SDK). Please refer to
10 Apple Pay In-App and on the Web Integration for more details on your integration options.
Refer to Apple's developer portal for details on integrating directly to the wallet to retrieve the payload
data.

Purchase with 3-D Secure transaction object definition
$txnArray = array(‘type’=>’cavv_purchase', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Purchase with 3-D Secure transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Cavv Purchase transaction values
For a full description of mandatory and optional values, see Appendix A Definitions of Request Fields
Table 78: Purchase with 3-D Secure transaction object mandatory values
Value

Type

Limits

Set method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Amount

String

9-character decimal

'amount'=>$amount

Credit card number

String

20-character alphanumeric

'pan'=>$pan

Page 258 of 477

July 2018

8 MPI
Table 78: Purchase with 3-D Secure transaction object mandatory values
Value
Expiry date

Type
String

Limits
4-character alphanumeric

Set method
'expdate'=>$expiry_date

(YYMM format)
CAVV

String

50-character alphanumeric

cavv=>$cavv

String

1-character alphanumeric

'crypt_type'=>$crypt

NOTE: For Apple Pay
Cavv Purchase and
Cavv Pre-Authorization
transactions, CAVV
field contains the
decrypted cryptogram.
For more, see
Appendix A Definitions
of Request Fields.

E-commerce indicator
NOTE: For Apple Pay
Cavv Purchase and
Cavv Pre-Authorization
transactions, the Ecommerce indicator is
a mandatory field containing the value
received from the
decrypted payload or a
default value of 5. If
you get a 2-character
value (e.g.,. 05 or 07)
from the payload,
remove the initial 0
and just send us the
2nd character. For
more, see Appendix A
Definitions of Request
Fields.

July 2018

Page 259 of 477

Moneris Gateway API - Integration Guide
Table 1: INTERAC® e-Commerce Fields – Required for Apple Pay and Google Pay Only
Variable and Field
Name
Network

Type

Limits

String

alphabetical

String

3-character alphanumeric

Set Method

NOTE: This request
variable is mandatory
for INTERAC® e-Commerce transactions conducted via Apple Pay,
and is not for use with
credit card transactions.

Data Type
NOTE: This request
variable is mandatory
for INTERAC® e-Commerce transactions conducted via Apple Pay,
and is not for use with
credit card transactions.

Table 2: Purchase with 3-D Secure transaction object optional values
Value

Type

Limits

Set Method

Status Check

Boolean

true/false

$mpgHttpPost =new
mpgHttpsPostStatus($store_
id,$api_
token,$status,$mpgRequest);

Customer ID

String

50-character alphanumeric

'cust_id'=>$cust_id

Dynamic descriptor

String

20-character alphanumeric

'dynamic_
descriptor'=>$dynamic_
descriptor

Customer information

Object

N/A

$mpgTxn->setCustInfo
($mpgCustInfo);

AVS

Object

N/A

$mpgTxn->setAvsInfo
($mpgAvsInfo);

Page 260 of 477

July 2018

8 MPI

Value

Type

Limits

Set Method

CVD

Object

N/A

$mpgTxn->setCvdInfo
($mpgCvdInfo);

Convenience fee

Object

N/A

$mpgConvFee = new
mpgConvFeeInfo
($convFeeTemplate);

Object

N/A

NOTE: Not applicable
when processing
Apple Pay transactions.

Recurring billing
recur

$mpgTxn->setRecur
($mpgRecur);

NOTE: For sample
code for a Purchase
with 3-D Secure including the Recurring
Billing Info Object, see
8.6.5.1 Purchase with
3-D Secure and Recurring Billing .

July 2018

Page 261 of 477

Moneris Gateway API - Integration Guide

Value
Wallet indicator

Type

Limits

String

3-character alphanumeric

Object

N/A

Set Method
'wallet_indicator'=>$wallet_
indicator

NOTE: For Cavv
Purchase and Cavv
Pre-Authorization, wallet indicator applies to
Apple Pay or Android
Pay only. For more,
see Appendix A Definitions of Request
Fields

Credential on File Info
cof
NOTE: This is a nested
object within the transaction, and required
when storing or using
the customer's stored
credentials. The Credential on File Info
object has its own
request variables, listed in blue in the table
below, "Credential on
File Object Request
Variables".

Page 262 of 477

July 2018

8 MPI

Credential on File Transaction Object Request Fields
Value
Issuer ID

Type
String

NOTE: This variable is
required for all merchant-intiated transactions following the
first one; upon sending
the first transaction,
the Issuer ID value is
received in the transaction response and
then used in subsequent transaction
requests (Issuer ID
does not apply for Discover or Union Pay).

Payment Indicator

Limits
15-character alphanumeric

Set Method
$cof->setIssuerId("VALUE_
FOR_ISSUER_ID");

variable length
NOTE: For a list and explanation of the
possible values to send for this variable,
see Definitions of Request Fields – Credential on File

String

1-character alphabetic

$cof->setPaymentIndicator
("PAYMENT_INDICATOR_VALUE");
NOTE: For a list and explanation of the
possible values to send for this variable,
see Definitions of Request Fields – Credential on File

Payment Information

String

1-character numeric

$cof->setPaymentInformation
("PAYMENT_INFO_VALUE");
NOTE: For a list and explanation of the
possible values to send for this variable,
see Definitions of Request Fields – Credential on File

Recurring Billing Info Object Request Fields
Variable and Field Name

Type and Limits

Number of Recurs

String

num_recurs

numeric, 1-99

Period

String

July 2018

Description
The number of times that the
transaction must recur
Number of recur units that
must pass between recurring

Page 263 of 477

Moneris Gateway API - Integration Guide

Variable and Field Name

Type and Limits

Description

period

numeric, 1-999

billings

Start Date

String

start_date

YYYY/MM/DD

Date of the first future recurring
billing transaction
This value must be a date in the
future
If an additional charge is to be
made immediately, the value of
Start Now must be set to true

Start Now

String

start_now

true/false

If a single charge is to be made
against the card immediately,
set this value to true; the
amount to be billed immediately may differ from the
amount billed on a regular
basis thereafter
If the billing is to start in the
future, set this value to false
When set to false, use Card Verification prior to sending the
Purchase with Recur and Credential on File objects

Recurring Amount

String

recur_amount

9-character decimal; Up to 6
digits (dollars) + decimal point
+ 2 digits (cents) after the
decimal point
EXAMPLE:
123456.78

Recur Unit

String

recur_unit

day, week, month or eom

Amount of the recurring transaction
This is the amount that will be
billed on the Start Date and
then billed repeatedly based on
the interval defined by Period
and Recur Unit

Unit to be used as a basis for
the interval
Works in conjunction with
Period to define the billing frequency
Possible values are:

Page 264 of 477

July 2018

8 MPI

Variable and Field Name

Type and Limits

Description
day
week
month
eom (end of month)

Sample Purchase with 3-D Secure - cavv_purchase
$type,
'order_id'=>$order_id,
'cust_id'=>$cust_id,
'amount'=>$amount,
'pan'=>$pan,
'expdate'=>$expiry_date,
'cavv'=>$cavv,
'crypt_type'=>$crypt_type, //mandatory for AMEX only
//'wallet_indicator'=>$wallet_indicator, //set only for wallet transactions. e.g. APPLE PAY
//'network'=> "Interac", //set only for Interac e-commerce
//'data_type'=> "3DSecure", //set only for Interac e-commerce
'dynamic_descriptor'=>$dynamic_descriptor
);
/****************************** Transaction Object *******************************/
$mpgTxn = new mpgTransaction($txnArray);
/******************* Credential on File **********************************/
$cof = new CofInfo();
$cof->setPaymentIndicator("Z");
$cof->setPaymentInformation("0");
$cof->setIssuerId("12345678901234");
$mpgTxn->setCofInfo($cof);
/******************************* Request Object **********************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/****************************** HTTPS Post Object *******************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);

July 2018

Page 265 of 477

Moneris Gateway API - Integration Guide

Sample Purchase with 3-D Secure - cavv_purchase
/************************************* Response *********************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
print("\nCavvResultCode = " . $mpgResponse->getCavvResultCode());
print("\nIssuerId = " . $mpgResponse->getIssuerId());
?>

8.6.5.1 Purchase with 3-D Secure and Recurring Billing
The example below illustrates the Purchase with 3-D Secure when also sending the Recurring Billing Info
object in the transaction.
Purchase with 3-D Secure and Recurring Billing
$type,
'order_id'=>$order_id,
'cust_id'=>$cust_id,

Page 266 of 477

July 2018

8 MPI

Purchase with 3-D Secure and Recurring Billing
'amount'=>$amount,
'pan'=>$pan,
'expdate'=>$expiry_date,
'cavv'=>$cavv,
'crypt_type'=>$crypt_type, //mandatory for AMEX only
//'wallet_indicator'=>$wallet_indicator, //set only for wallet transactions. e.g. APPLE PAY
//'network'=> "Interac", //set only for Interac e-commerce
//'data_type'=> "3DSecure", //set only for Interac e-commerce
'dynamic_descriptor'=>$dynamic_descriptor
);
/*********************** Recur Associative Array **********************/
$recurArray = array('recur_unit'=>$recurUnit, // (day | week | month)
'start_date'=>$startDate, //yyyy/mm/dd
'num_recurs'=>$numRecurs,
'start_now'=>$startNow,
'period' => $recurInterval,
'recur_amount'=> $recurAmount
);
$mpgRecur = new mpgRecur($recurArray);
/****************************** Transaction Object *******************************/
$mpgTxn = new mpgTransaction($txnArray);
/****************************** Recur Object *********************************/
$mpgTxn->setRecur($mpgRecur);
/******************* Credential on File **********************************/
$cof = new CofInfo();
$cof->setPaymentIndicator("R");
$cof->setPaymentInformation("2");
$cof->setIssuerId("168451306048014");
$mpgTxn->setCofInfo($cof);
/******************************* Request Object **********************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/****************************** HTTPS Post Object *******************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/************************************* Response *********************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
print("\nCavvResultCode = " . $mpgResponse->getCavvResultCode());
print("\nIssuerId = " . $mpgResponse->getIssuerId());
?>

July 2018

Page 267 of 477

Moneris Gateway API - Integration Guide

8.6.6 Pre-Authorization with 3-D Secure – cavvPreauth
The Pre-Authorization with 3-D Secure transaction follows a 3-D Secure MPI authentication. After receiving confirmation from the MPI ACS transaction, this Pre-Authorization verifies funds on the customer’s
card, removes the funds and prepares them for deposit into the merchant’s account.
To perform the 3-D Secure authentication, the Moneris MPI or any 3rd party MPI may be used.
This transaction can also be used to process an Apple Pay transaction. This transaction is applicable only
if choosing to integrate directly to Apple Wallet (if not using the Moneris Apple Pay SDK). Please refer to
10 Apple Pay In-App and on the Web Integration for more details on your integration options.
Refer to Apple's developer portal for details on integrating directly to the wallet to retrieve the payload
data.

Pre-Authorization with 3-D Secure transaction object definition
$txnArray = array(‘type’=>’cavv_preauth', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Pre-Authorization with 3-D Secure transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Pre-Authorization with 3-D Secure transaction values
For a full description of mandatory and optional values, see Appendix A Definitions of Request Fields
Table 79: Pre-Authorization with 3-D Secure object mandatory values
Value

Type

Limits

Set method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Amount

String

9-character decimal

'amount'=>$amount

Credit card number

String

20-character numeric

'pan'=>$pan

Cardholder Authentication Verification
Value (CAVV)

String

50-character alphanumeric

cavv=>$cavv

NOTE: For Apple Pay
Cavv Purchase and
Cavv Pre-Authorization
transactions, CAVV
field contains the
decrypted cryptogram.
For more, see

Page 268 of 477

July 2018

8 MPI

Value

Type

Limits

Set method

Appendix A Definitions
of Request Fields.

Expiry date

String

4-character numeric

'expdate'=>$expiry_date

E-commerce indicator

String

1-character alphanumeric

'crypt_type'=>$crypt

NOTE: For Apple Pay
Cavv Purchase and
Cavv Pre-Authorization
transactions, the Ecommerce indicator is
a mandatory field containing the value
received from the
decrypted payload or a
default value of 5. If
you get a 2-character
value (e.g.,. 05 or 07)
from the payload,
remove the initial 0
and just send us the
2nd character. For
more, see Appendix A
Definitions of Request
Fields.

July 2018

Page 269 of 477

Moneris Gateway API - Integration Guide
Table 1: INTERAC® e-Commerce Fields – Required for Apple Pay and Google Pay Only
Variable and Field
Name
Network

Type

Limits

String

alphabetical

String

3-character alphanumeric

Set Method

NOTE: This request
variable is mandatory
for INTERAC® e-Commerce transactions conducted via Apple Pay,
and is not for use with
credit card transactions.

Data Type
NOTE: This request
variable is mandatory
for INTERAC® e-Commerce transactions conducted via Apple Pay,
and is not for use with
credit card transactions.

Table 2: Pre-Authorization with 3-D Secure object optional values
Value

Type

Limits

Set method

Status Check

Boolean

true/false

$mpgHttpPost =new
mpgHttpsPostStatus($store_
id,$api_
token,$status,$mpgRequest);

Customer ID

String

50-character alphanumeric

'cust_id'=>$cust_id

Dynamic descriptor

String

20-character alphanumeric

'dynamic_
descriptor'=>$dynamic_
descriptor

AVS

Object

N/A

$mpgTxn->setAvsInfo
($mpgAvsInfo);

CVD

Object

N/A

$mpgTxn->setCvdInfo
($mpgCvdInfo);

Page 270 of 477

July 2018

8 MPI

Value

Wallet indicator

Type

Limits

String

3-character alphanumeric

Object

N/A

Set method

'wallet_indicator'=>$wallet_
indicator

NOTE: For Cavv
Purchase and Cavv
Pre-Authorization, wallet indicator applies to
Apple Pay or Android
Pay only. For more,
see Appendix A Definitions of Request
Fields

Credential on File Info
cof
NOTE: This is a nested
object within the transaction, and required
when storing or using
the customer's stored
credentials. The Credential on File Info
object has its own
request variables, listed in blue in the table
below, "Credential on
File Object Request
Variables".

July 2018

Page 271 of 477

Moneris Gateway API - Integration Guide

Credential on File Transaction Object Request Fields
Value
Issuer ID

Type
String

NOTE: This variable is
required for all merchant-intiated transactions following the
first one; upon sending
the first transaction,
the Issuer ID value is
received in the transaction response and
then used in subsequent transaction
requests (Issuer ID
does not apply for Discover or Union Pay).

Payment Indicator

Limits
15-character alphanumeric

Set Method
$cof->setIssuerId("VALUE_
FOR_ISSUER_ID");

variable length
NOTE: For a list and explanation of the
possible values to send for this variable,
see Definitions of Request Fields – Credential on File

String

1-character alphabetic

$cof->setPaymentIndicator
("PAYMENT_INDICATOR_VALUE");
NOTE: For a list and explanation of the
possible values to send for this variable,
see Definitions of Request Fields – Credential on File

Payment Information

String

1-character numeric

$cof->setPaymentInformation
("PAYMENT_INFO_VALUE");
NOTE: For a list and explanation of the
possible values to send for this variable,
see Definitions of Request Fields – Credential on File

Sample Pre-Authorization with 3-D Secure – cavvPreauth
$type,
'order_id'=>$order_id,
'cust_id'=>$cust_id,
'amount'=>$amount,
'pan'=>$pan,
'expdate'=>$expiry_date,
'cavv'=>$cavv,
'crypt_type'=>$crypt_type, //mandatory for AMEX only
//'wallet_indicator'=>$wallet_indicator, //set only for wallet transactions. e.g. APPLE PAY
'dynamic_descriptor'=>$dynamic_descriptor
);
/****************************** Transaction Object *******************************/
$mpgTxn = new mpgTransaction($txnArray);
/******************************* Request Object **********************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/****************************** HTTPS Post Object *******************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/************************************ Response **********************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
print("\nCavvResultCode = " . $mpgResponse->getCavvResultCode());
?>

8.6.7 Cavv Result Codes for Verified by Visa
Table 80: CAVV result codes for VbV
Code
0

July 2018

Message

Significance

CAVV authentication results
invalid

For this transaction, you may not receive protection from chargebacks as a result of using VbV
because the CAVV was considered invalid at the

Page 273 of 477

Moneris Gateway API - Integration Guide
Table 80: CAVV result codes for VbV (continued)
Code

Message

Significance
time the financial transaction was processed.
Check that you are following the VbV process correctly and passing the correct data in our transactions.

1

CAVV failed validation;
authentication

Provided that you have implemented the VbV
process correctly, the liability for this transaction
should remain with the Issuer for chargeback
reason codes covered by Verified by Visa.

2

CAVV passed validation;
authentication

The CAVV was confirmed as part of the financial
transaction. This transaction is a fully authenticated VbV transaction (ECI 5)

3

CAVV passed validation;
attempt

The CAVV was confirmed as part of the financial
transaction. This transaction is an attempted
VbV transaction (ECI 6)

4

CAVV failed validation;
attempt

Provided that you have implemented the VbV
process correctly the liability for this transaction
should remain with the Issuer for chargeback
reason codes covered by Verified by Visa.

7

CAVV failed validation;
attempt (US issued cards
only)

Please check that you are following the VbV process correctly and passing the correct data in
your transactions.
Provided that you have implemented the VbV
process correctly the liability for this transaction
should be the same as an attempted transaction
(ECI 6)

8

CAVV passed validation;
attempt (US issued cards
only

The CAVV was confirmed as part of the financial
transaction. This transaction is an attempted
VbV transaction (ECI 6)

9

CAVV failed validation;
attempt (US issued cards
only)

Please check that you are following the VbV process correctly and passing the correct data in our
transactions.
Provided that you have implemented the VbV
process correctly the liability for this transaction
should be the same as an attempted transaction
(ECI 6)

Page 274 of 477

July 2018

8 MPI
Table 80: CAVV result codes for VbV (continued)
Code

Message

Significance

A

CAVV passed validation;
attempt (US issued cards
only)

The CAVV was confirmed as part of the financial
transaction. This transaction is an attempted
VbV transaction (ECI 6)

B

CAVV passed validation;
information only, no liability
shift

The CAVV was confirmed as part of the financial
transaction. However, this transaction does not
qualify for the liability shift. Treat this transaction
the same as an ECI 7.

8.6.8 Vault Cavv Purchase
Vault Cavv Purchase transaction object definition
$txnArray = array(‘type’=>’res_cavv_purchase_cc', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Vault Cavv Purchase transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Vault Cavv Purchase transaction details
Table 81: Vault Cavv Purchase transaction object mandatory values
Value

Type

Limits

Set method

Data Key

String

25-character alphanumeric

'data_key'=>$data_key

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Amount

String

9-character decimal

'amount'=>$amount

Cardholder Authentication Verification Value
(CAVV)

String

50-character alphanumeric

cavv=>$cavv

E-commerce indicator

String

1-character alphanumeric

'crypt_type'=>$crypt

July 2018

Page 275 of 477

Moneris Gateway API - Integration Guide
Table 82: Vault Cavv Purchase transaction object optional values
Value

Type

Limits

Set method

Customer ID

String

50-character alphanumeric

'cust_id'=>$cust_id

Status Check

Boolean

true/false

$mpgHttpPost =new
mpgHttpsPostStatus($store_
id,$api_
token,$status,$mpgRequest);

Expiry date

String

4-character alphanumeric

'expdate'=>$expiry_date

(YYMM format)

Sample Vault Cavv Purchase
'res_cavv_purchase_cc',
'data_key'=>$data_key,
'order_id'=>$orderid,
'cust_id'=>$custid,
'amount'=>$amount,
'cavv'=>$cavv,
//'expdate'=>$expdate, //mandatory for temp tokens only
//'crypt_type'=>$crypt_type, //set for AMEX SafeKey only
'dynamic_descriptor'=>'12346'
);
/************************ Transaction Object *******************************/
$mpgTxn = new mpgTransaction($txnArray);
/************************ Request Object **********************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/************************ mpgHttpsPost Object ******************************/
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/************************ Response Object **********************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nDataKey = " . $mpgResponse->getDataKey());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());

Page 276 of 477

July 2018

8 MPI

Sample Vault Cavv Purchase
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
print("\nAVSResponse = " . $mpgResponse->getAvsResultCode());
print("\nResSuccess = " . $mpgResponse->getResSuccess());
print("\nPaymentType = " . $mpgResponse->getPaymentType());
print("\nCavvResultCode = " . $mpgResponse->getCavvResultCode());
//----------------- ResolveData -----------------------------print("\n\nCust ID = " . $mpgResponse->getResDataCustId());
print("\nPhone = " . $mpgResponse->getResDataPhone());
print("\nEmail = " . $mpgResponse->getResDataEmail());
print("\nNote = " . $mpgResponse->getResDataNote());
print("\nMasked Pan = " . $mpgResponse->getResDataMaskedPan());
print("\nExp Date = " . $mpgResponse->getResDataExpDate());
print("\nCrypt Type = " . $mpgResponse->getResDataCryptType());
print("\nAvs Street Number = " . $mpgResponse->getResDataAvsStreetNumber());
print("\nAvs Street Name = " . $mpgResponse->getResDataAvsStreetName());
print("\nAvs Zipcode = " . $mpgResponse->getResDataAvsZipcode());
?>

8.6.9 Vault Cavv Pre-Authorization
Vault Cavv Pre-Authorization transaction object definition
$txnArray = array(‘type’=>’res_cavv_preauth_cc', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Vault Cavv Pre-Authorization
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

July 2018

Page 277 of 477

Moneris Gateway API - Integration Guide

Vault Cavv Pre-Authorization transaction details
Table 83: Vault Cavv Pre-Authorization object mandatory values
Value

Type

Limits

Set method

Data Key

String

25-character alphanumeric

'data_key'=>$data_key

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Amount

String

9-character decimal

'amount'=>$amount

CAVV

String

50-character alphanumeric

cavv=>$cavv

E-commerce indicator

String

1-character alphanumeric

'crypt_type'=>$crypt

Table 84: Vault Cavv Pre-Authorization object optional values
Value
Customer ID

Type
String

Limits
50-character
alphanumeric

Set method
'cust_id'=>$cust_id

Status Check

Boolean

true/false

$mpgHttpPost =new
mpgHttpsPostStatus($store_
id,$api_
token,$status,$mpgRequest);

Expiry date

String

4-character numeric

'expdate'=>$expiry_date

Sample Vault Cavv Pre-Authorization
'res_cavv_preauth_cc',
'data_key'=>$data_key,
'order_id'=>$orderid,
'cust_id'=>$custid,
'amount'=>$amount,
'cavv'=>$cavv,
//'expdate'=>$expdate, //mandatory for temp tokens only
//'crypt_type'=>$crypt_type, //set for AMEX SafeKey only
'dynamic_descriptor'=>'12346'
);
/************************ Transaction Object *******************************/
$mpgTxn = new mpgTransaction($txnArray);
/************************ Request Object **********************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/************************ mpgHttpsPost Object ******************************/
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/************************ Response Object **********************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nDataKey = " . $mpgResponse->getDataKey());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
print("\nAVSResponse = " . $mpgResponse->getAvsResultCode());
print("\nResSuccess = " . $mpgResponse->getResSuccess());
print("\nPaymentType = " . $mpgResponse->getPaymentType());
print("\nCavvResultCode = " . $mpgResponse->getCavvResultCode());
//----------------- ResolveData -----------------------------print("\n\nCust ID = " . $mpgResponse->getResDataCustId());
print("\nPhone = " . $mpgResponse->getResDataPhone());
print("\nEmail = " . $mpgResponse->getResDataEmail());
print("\nNote = " . $mpgResponse->getResDataNote());
print("\nMasked Pan = " . $mpgResponse->getResDataMaskedPan());
print("\nExp Date = " . $mpgResponse->getResDataExpDate());
print("\nCrypt Type = " . $mpgResponse->getResDataCryptType());
print("\nAvs Street Number = " . $mpgResponse->getResDataAvsStreetNumber());
print("\nAvs Street Name = " . $mpgResponse->getResDataAvsStreetName());
print("\nAvs Zipcode = " . $mpgResponse->getResDataAvsZipcode());
?>

July 2018

Page 279 of 477

9 e-Fraud Tools
l
l
l

9.1 Address Verification Service
9.2 Card Validation Digits (CVD)
9.3 Transaction Risk Management Tool

July 2018

Page 280 of 477

9.1 Address Verification Service
l
l
l
l

9.1.1
9.1.2
9.1.3
9.1.4

About Address Verification Service (AVS)
AVS Info Object
AVS Response Codes
AVS Sample Code

9.1.1 About Address Verification Service (AVS)
Address Verification Service (AVS) is an optional fraud-prevention tool offered by issuing banks whereby a
cardholder's address is submitted as part of the transaction authorization. The AVS address is then compared to the address kept on file at the issuing bank. AVS checks whether the street number, street
name and zip/postal code match. The issuing bank returns an AVS result code indicating whether the
data was matched successfully. Regardless of the AVS result code returned, the credit card is authorized
by the issuing bank.
The response that is received from AVS verification is intended to provide added security and fraud prevention, but the response itself does not affect the completion of a transaction. Upon receiving a
response, the choice to proceed with a transaction is left entirely to the merchant. The responses is not a
strict guideline of whether a transaction will be approved or declined.
The following transactions support AVS:
l
l
l
l
l

Purchase (Basic and Mag Swipe)
Pre-Authorization (Basic)
Re-Authorization (Basic)
ResAddCC (Vault)
ResUpdateCC (Vault)

Things to Consider:
l
l

l

AVS is supported by Visa, MasterCard, American Express, Discover and JCB.
When testing AVS, you must only use the Visa test card numbers 4242424242424242 or
4005554444444403, and the amounts described in the Simulator eFraud Response
Codes document available at the Moneris developer portal (https://developer.moneris.com).
Store ID “store5” is set up to support AVS testing.

9.1.2 AVS Info Object
AVSInfo object definition
$avsTemplate = array(
'avs_street_number'=>$avs_street_number,

July 2018

Page 282 of 477

Moneris Gateway API - Integration Guide
'avs_street_name' =>$avs_street_name,
'avs_zipcode' => $avs_zipcode,
'avs_hostname'=>$avs_hostname,
'avs_browser' =>$avs_browser,
'avs_shiptocountry' => $avs_shiptocountry,
'avs_merchprodsku' => $avs_merchprodsku,
'avs_custip'=>$avs_custip,
'avs_custphone' => $avs_custphone
);
$mpgAvsInfo = new mpgAvsInfo ($avsTemplate);

Transaction object set method
$mpgTxn->setAvsInfo($mpgAvsInfo);

Table 1: AVS Info Object – Required Fields
Variable and Field
Name
AVS street number

Type and Limits
String

Set Method

Description

'avs_street_
number'=>'212'

Cardholder street number

'avs_street_name'
=>'Payton Street'

Cardholder street
name

'avs_zipcode'
=>'M1M1M1'

Cardholder zip/postal
code

19-character alphanumeric
NOTE: this character
limit is a combined
total allowed for
AVS street number and
AVS street name

AVS street name

String
19-character alphanumeric
NOTE: this character
limit is the combined
total allowed for
AVS street number and
AVS street name

AVS zip/postal code

String
9-character alpha-

Page 283 of 477

July 2018

Variable and Field
Name

Type and Limits

Set Method

Description

numeric

9.1.3 AVS Response Codes
Below is a full list of possible AVS response codes. These can be returned when you call the $mpgResponse->getAvsResultCode() method .
Table 85: AVS result codes
Value

Visa

MasterCard/Discover

A

Street address matches, zip/postal code
does not. Acquirer rights not implied.

B

Street address matches. Zip/Postal code not N/A
verified due to incompatible formats.
(Acquirer sent both street address and zip/postal code.)

N/A

C

Street address not verified due to incompatible formats. (Acquirer sent both street
address and zip/postal code.)

N/A

N/A

D

Street address and zip/postal code match.

N/A

Customer name incorrect, zip/postal code
matches

E

N/A

N/A

Customer name incorrect, billing address and
zip/postal code match

F

(Applies to UK only) Street address and zip/- N/A
postal code match.

July 2018

Address matches, zip/postal code does not.

Amex/JCB
Billing address
matches, zip/postal
code does not.

Customer name incorrect, billing address
matches.

Page 284 of 477

Moneris Gateway API - Integration Guide
Table 85: AVS result codes (continued)
Value
G

Visa
Address information not verified for international transaction. Any of the following
may be true:
l
l

l

MasterCard/Discover

Amex/JCB

N/A

N/A

Issuer is not an AVS participant.
AVS data was present in the request,
but issuer did not return an AVS result.
Visa performs AVS on behalf of the
issuer and there was no address
record on file for this account.

I

Address information not verified.

N/A

N/A

K

N/A

N/A

Customer name
matches.

L

N/A

N/A

Customer name and
postal code match.

N/A

N/A

Customer name and
zip/postal code match.

M

Street address and zip/postal code match.

N/A

Customer name, billing
address, and zip/postal
code match.

N

No match.

Neither address nor
postal code matches.

Billing address and
postal code do not
match.

Also used when acquirer requests AVS but
sends no AVS data.
O

N/A

N/A

Customer name and
billing address match

P

Postal code matches. Acquirer sent both
postal code and street address, but street
address not verified due to incompatible
formats.

N/A

N/A

R

Retry: System unavailable or timed out.
Issuer ordinarily performs AVS, but was
unavailable.

Retry. System unable to Retry. System unavailprocess.
able.

The code R is used by Visa when issuers are
unavailable. Issuers should refrain from
using this code.

Page 285 of 477

July 2018

Table 85: AVS result codes (continued)
Value

Visa

MasterCard/Discover

Amex/JCB

S

N/A

AVS currently not supported.

AVS currently not supported.

T

N/A

Nine-digit zip/postal
code matches, address
does not match.

N/A

U

Address not verified for domestic transaction. One of the following is true:

No data from
Issuer/Authorization
system.

Information is unavailable.

l
l

l

Issuer is not an AVS participant
AVS data was present in the request,
but issuer did not return an AVS result
Visa performs AVS on behalf of the
issuer and there was no address
record on file for this account.

W

Not applicable. If present, replaced with ‘Z’
by Visa. Available for U.S. issuers only.

For US Addresses, nine- Customer name, billing
digit zip/postal code
address, and zip/postal
matches, address does code are all correct.
not. For addresses outside the US, zip/postal
code matches, address
does not.

X

N/A

For US addresses, nine- N/A
digit zip/postal code
and address match. For
addresses outside the
US,zip/postal code and
address match.

Y

Street address and zip/postal code match.

For US addresses, fivedigit zip/postal code
and address match.

Z

Zip/postal code matches, but street address For U.S. addresses, five- Postal code matches,
either does not match or street address was digit zip code matches, billing address does not
not included in request.
address does not
match.
match.

Billing address and zip/postal code match.

9.1.4 AVS Sample Code
This is a sample of Java code illustrating how AVS is implemented with a Purchase transaction. Purchase
object information that is not relevant to AVS has been removed.

July 2018

Page 286 of 477

Moneris Gateway API - Integration Guide
For more about Purchase transactions, see 2.2 Purchase.
Sample Purchase with AVS information
$avs_street_number = '201';
$avs_street_name = 'Michigan Ave';
$avs_zipcode = 'M1M1M1';
$avs_email = 'test@host.com';
$avs_hostname = "www.testhost.com';
$avs_browser = 'Mozilla';
$avs_shiptocountry = 'Canada';
$avs_merchprodsku = '123456';
$avs_custip = '192.168.0.1';
$avs_custphone = '5556667777';
$avsTemplate = array(
'avs_street_number'=>$avs_street_number,
'avs_street_name' =>$avs_street_name,
'avs_zipcode' => $avs_zipcode,
'avs_hostname'=>$avs_hostname,
'avs_browser' =>$avs_browser,
'avs_shiptocountry' => $avs_shiptocountry,
'avs_merchprodsku' => $avs_merchprodsku,
'avs_custip'=>$avs_custip,
'avs_custphone' => $avs_custphone
);
$mpgAvsInfo = new mpgAvsInfo ($avsTemplate);
$txnArray=array(
'type'=>'purchase',
'order_id'=>$order_id,
'cust_id'=>$cust_id,
'amount'=>$amount,
'pan'=>$pan,
'expdate'=>$expiry_date,
'crypt_type'=>$crypt
);
$mpgTxn = new mpgTransaction($txnArray);
$mpgTxn->setAvsInfo($mpgAvsInfo);

Page 287 of 477

July 2018

9.2 Card Validation Digits (CVD)
l
l
l
l

9.2.1
9.2.3
9.2.4
9.2.5

About Card Validation Digits (CVD)
CVD Info Object
CVD Result Codes
Sample Purchase with CVD Info Object

9.2.1 About Card Validation Digits (CVD)
The Card Validation Digits (CVD) value is an additional number printed on credit cards that is used as an
additional check when verifying cardholder credentials during a transaction.
The response that is received from CVD verification is intended to provide added security and fraud prevention, but the response itself does not affect the completion of a transaction. Upon receiving a
response, the choice whether to proceed with a transaction is left entirely to the merchant. The
responses is not a strict guideline of which transaction will approve or decline.
The following transactions support CVD:
l
l
l

Purchase (Basic, Vault and Mag Swipe)
Pre-Authorization (Basic and Vault)
Re-Authorization

Things to Consider:
l

l

l

l

CVD is only supported by Visa, MasterCard, American Express, Discover, JCB and
UnionPay.
For UnionPay cards, the CVD response will not be returned; the issuer will approve or
decline based on the CVD result.
When testing CVD, you must only use the Visa test card numbers 4242424242424242 or
4005554444444403, and the amounts described in the Simulator eFraud Response
Codes document available at the Moneris developer portal (https://developer.moneris.com).
Test store_id “store5” is set up to support CVD testing.

9.2.2 Transactions Where CVD Is Required
The Card Validation Digits (CVD) object is required in transaction requests in the following scenarios:
l

l

Initial transactions when storing cardholder credentials in Credential on File scenarios; subsequent
follow-on transactions do not use CVD
Any Purchase, Pre-Authorization or Card Verification where you are not storing cardholder credentials

July 2018

Page 288 of 477

Moneris Gateway API - Integration Guide

9.2.3 CVD Info Object

NOTE: The CVD value must only be passed to the Moneris Gateway. Under no circumstances may it be stored for subsequent uses or displayed as part of the receipt information.

CvdInfo object definition
$cvdTemplate = array(
'cvd_indicator' => $cvd_indicator,
'cvd_value' => $cvd_value
);
$mpgCvdInfo = new mpgCvdInfo ($cvdTemplate);

Transaction object set method
$mpgTxn->setCvdInfo($mpgCvdInfo);

Table 1: CVD Info Object – Required Fields
Variable and Field
Name
CVD indicator

Type and Limits
String

Set Method
'cvd_indicator'
=>'1'

1-character numeric

Description
Indicates presence of
CVD
Possible values:
0: CVD value is deliberately
bypassed or is not provided
by the merchant.
1: CVD value is present.
2: CVD value is on the card,
but is illegible.
9: Cardholder states that
the card has no CVD
imprint.

CVD value

String
4-character numeric

'cvd_value'
=>'123'

CVD value located on
credit card
NOTE: The CVD value
must only be passed to

Page 289 of 477

July 2018

Variable and Field

Type and Limits

Name

Set Method

Description

the Moneris Gateway.
Under no circumstances may it be
stored for subsequent
uses or displayed as
part of the receipt
information.

9.2.4 CVD Result Codes
Value

Definition

M

Match

N

No match

P

Not processed

S

CVD should be on the card, but Merchant has
indicated that CVD is not present

U

Issuer is not a CVD participant

Y

Match for Amex/JCB only

D

Invalid security code for Amex or JCB only

Other

Invalid response code

9.2.5 Sample Purchase with CVD Info Object
This is a sample of Java code illustrating how CVD is implemented with a Purchase transaction. Purchase
object information that is not relevant to CVD has been removed.
Sample Purchase with CVD Information
$cvdTemplate = array(
'cvd_indicator' => '1',
'cvd_value' => '123'
);
$mpgCvdInfo = new mpgCvdInfo ($cvdTemplate);

July 2018

Page 290 of 477

Moneris Gateway API - Integration Guide

Sample Purchase with CVD Information
$txnArray=array(
'type'=>'purchase',
'order_id'=>$order_id,
'cust_id'=>$cust_id,
'amount'=>$amount,
'pan'=>$pan,
'expdate'=>$expiry_date,
'crypt_type'=>$crypt
);
$mpgTxn = new mpgTransaction($txnArray);
$mpgTxn->setCvdInfo($mpgCvdInfo);

Page 291 of 477

July 2018

9.3 Transaction Risk Management Tool
l
l
l
l
l
l

9.3.1
9.3.2
9.3.3
9.3.4
9.3.6
9.3.6

About the Transaction Risk Management Tool
Introduction to Queries
Session Query
Attribute Query
Inserting the Profiling Tags Into Your Website
Inserting the Profiling Tags Into Your Website

The Transaction Risk Management Tool (TRMT) is available to Canadian integrations only.

9.3.1 About the Transaction Risk Management Tool
The Transaction Risk Management Tool provides additional information to assist in identifying fraudulent transactions. To maximize the benefits from the Transaction Risk Management Tool, it is highly
recommended that you:
l

l

Carefully consider the business logic and processes that you need to implement surrounding the
handling of response information the Transaction Risk Management Tool provides.
Implement the other fraud tools available through Moneris Gateway (such as AVS, CVD, Verified
by Visa, MasterCard SecureCode and American Express SafeKey).

9.3.2 Introduction to Queries
There are two types of transactions associated with the Transaction Risk Management Tool (TRMT):
l
l

Session Query (page 293)
Attribute Query (page 300)

The Session Query and Attribute Query are used at the time of the transaction to obtain the risk assessment.
Moneris recommends that you use the Session Query as much as possible for obtaining your risk assessment because it uses the device fingerprint as well as other transaction information when providing the
risk scores.
To use the Session Query, you must implement two components:
l
l

Tags on your website to collect the device fingerprinting information
Session Query transaction.

If you are not able to collect the necessary information for the Session Query (such as the device fingerprint), then use the Attribute Query.

July 2018

Canada Only

Page 292 of 477

Moneris Gateway API - Integration Guide

9.3.3 Session Query
Once a device profiling session has been initiated upon a client device, the Session Query API is used at
the time of the transaction or even to obtain a device identifier or ‘fingerprint’, attribute list and risk
assessment for the client device.

Session Query transaction object definition
$riskTxn = new riskTransaction($txnArray);

HttpsPostRequest object for Session Query transaction
$riskHttpsPost =new riskHttpsPost($store_id,$api_token,$riskRequest);

Session Query transaction values
Table 86: Session Query transaction object mandatory values
Type

Limits

Set method

Value
Description
Session ID

'session_id'=>$session_id

String 9-character decimal
Permitted characters: [a-z], [A-Z],
0-9, _, -

Web server session identifier generated when device profiling was initiated.
Service type

'service_type'=>$service_type

String 9-character decimal
Which output fields are returned.

session -- returns IP and device related attributes.
Event type

'event_type'=>$event_type

String payment

Defines the type of transaction or event for reporting purposes.
payment - Purchasing of goods/services.
Credit card
String 20-character numeric
number (PAN)
No spaces or dashes

'pan'=>$pan

Most credit card numbers today are 16 digits, but some 13-digit numbers are still
accepted by some issuers. This field has been intentionally expanded to 20 digits in
consideration for future expansion and potential support of private label card ranges.
'account_address_
Account
String 32-character alphanumeric
street1'=>$account_address_
address street
street1
1
First portion of the street address component of the billing address.

Page 293 of 477

Canada Only

July 2018

Table 86: Session Query transaction object mandatory values (continued)
Type

Limits

Set method

Value
Description
'account_address_
Account
String 32-character alphanumeric
street2'=>$account_address_
Address street
street2
2
Second portion of the street address component of the billing address.

Account
address city

String 50-character alphanumeric

'account_address_
city'=>$account_address_city

The city component of the billing address.
'account_address_
Account
String 64-character alphanumeric
state'=>$account_address_state
address state/province
The state/province component of the billing address.
'account_address_
Account
String 2-character alphanumeric
country'=>$account_address_
address councountry
try
ISO2 country code of the billing addresses.

Account
address ZIP/postal code

String 8-character alphanumeric

'account_address_zip'=>$account_
address_zip

ZIP/postal code of the billing address.

'shipping_address_
Shipping
String 32-character alphanumeric
street1'=>$shipping_address_
address street
street1
1
First portion of the street address component of the shipping address.
'shipping_address_
Shipping
String 32-character alphanumeric
street2'=>$shipping_address_
address street
street2
2
Second portion of the street address component of the shipping address.

Shipping
address city

String 50-character alphanumeric

'shipping_address_
city'=>$shipping_address_city

City component of the shipping address.
'shipping_address_
Shipping
String 64-character alphanumeric
state'=>$shipping_address_state
address state/province
The state/province component of the shipping address.

July 2018

Canada Only

Page 294 of 477

Moneris Gateway API - Integration Guide
Table 86: Session Query transaction object mandatory values (continued)
Type

Limits

Set method

Value
Description
'shipping_address_
Shipping
String 2-character alphanumeric
country'=>$shipping_address_
address councountry
try
ISO2 country code of the account address country.

Shipping
address ZIP

'shipping_address_
zip'=>$shipping_address_zip

String 8-character alphanumeric

The ZIP/postal code component of the shipping address.
Local attribute String 255-character alphanumeric
1-5
These five attributes can be used to pass custom attribute data. These are used if you
wish to correlate some data with the returned device information.
Transaction
amount

String 255-character alphanumeric
Must contain 2 decimal places
The numeric currency amount.

Transaction
currency

String 10-character numeric
The currency type that the transaction was denominated in. If TransactionAmount is
passed, the TransactionCurrency is required.
Values to be used are:
l
l

CAD – 124
USD – 840

Table 87: Session Query transaction object optional values
Type

Limits

Set method

Value
Description
Account login

String 255-character alphanumeric

'account_login'=>$account_login

The Account Login name.
Password
hash

Page 295 of 477

String 40-character alphanumeric

'password_hash' =>$password_hash

The input must be a SHA-2 hash of the password in hexadecimal format. Used to check
if it is on a watch list.

Canada Only

July 2018

Table 87: Session Query transaction object optional values (continued)
Type

Limits

Set method

Value
Description
Account num- String 255-character alphanumeric
ber
The account number for the account.

'account_number' => $account_
number

Account name String 255-character alphanumeric

'account_name' => $account_name

Account name (or concatenation of first and last name of account holder).
Account email String 100-character alphanumeric

'account_email'=>$account_email

The email address entered into the form for this contact. Used to check if this is a high
risk account email id.
Account telephone

String 32-character alphanumeric
Contact telephone number including country and city codes. All whitespace is
removed.
Must be in format: 0..9,,(,),[,] braces must be matched.

Address street String 32-character alphanumeric
1
The first portion of the street address component of the account address.
Address street String 32-character alphanumeric
2
The second portion of the street address component of the account address.
Address city

String 50-character alphanumeric
The city component of the account address.

Address state/- String 64-character alphanumeric
province
The state/province component of the account address
Address coun- String 2-character alphanumeric
try
The 2 character ISO2 country code of the account address country
Address ZIP

String 8-character alphanumeric
The ZIP/postal code of the account address.

July 2018

Canada Only

Page 296 of 477

Moneris Gateway API - Integration Guide
Table 87: Session Query transaction object optional values (continued)
Type

Limits

Set method

Value
Description
Ship Address
Street 1

String 32-character alphanumeric
The first portion of the street address component of the shipping address

Ship Address
Street 2

String 32-character alphanumeric
The second portion of the street address component of the shipping address

Ship Address
City

String 50-character alphanumeric
The city component of the shipping address

Ship Address String 64-character alphanumeric
State/Province
The state/province component of the shipping address
Ship Address
Country

String 2-character alphanumeric
The 2 character ISO2 country code of the shipping address country

Ship Address
ZIP

String 8-character alphanumeric
The ZIP/postal code of the shipping address

CC Number
Hash

String 255-character alphanumeric
This is a SHA-2 hash (in hexadecimal format) of the credit card number.

Custom Attrib- String 255-character alphanumeric
ute 1-8
These 8 attributes can be used to pass custom attribute data which can be used within
the rules.

Sample Session Query - CA
$account_login,
'password_hash' =>$password_hash,
'account_number' => $account_number,
'account_name' => $account_name,
'account_email'=>$account_email,
'pan' =>$pan
);
/************************** SessionAccountInfo Object ********************************/
$mpgSessionAccountInfo = new mpgSessionAccountInfo ($sessionAccountInfoTemplate);
/***************** Transactional Associative Array ********************/
$txnArray=array(
'type'=>$type,
'order_id'=>$order_id,
'session_id'=>$session_id,
'service_type'=>$service_type
);
/********************** Transaction Object ****************************/
$riskTxn = new riskTransaction($txnArray);
/************************ Set SessionAccountInfo *****************************/
$riskTxn->setSessionAccountInfo($mpgSessionAccountInfo);
/************************ Request Object ******************************/

July 2018

Canada Only

Page 298 of 477

Moneris Gateway API - Integration Guide

Sample Session Query - CA
$riskRequest = new riskRequest($riskTxn);
$riskRequest->setTestMode(true);
/*********************** HTTPS Post Object ****************************/
$riskHttpsPost =new riskHttpsPost($store_id,$api_token,$riskRequest);
/***************************** Response ******************************/
$riskResponse=$riskHttpsPost->getRiskResponse();
//print("\nResponse = " . $riskResponse);
print("\nResponseCode = " . $riskResponse->getResponseCode());
print("\nMessage = " . $riskResponse->getMessage());
$results = $riskResponse->getResults();
foreach($results as $key => $value)
{
print("\n".$key ." = ". $value);
}
$rules = $riskResponse->getRules();
//print_r($rules);
foreach ($rules as $i)
{
foreach ($i as $key => $value)
{
echo "\n$key = $value";
}
}
?>

9.3.3.1 Session Query Transaction Flow

Figure 4: Session Query transaction flow
1. Cardholder logs onto the merchant website.
2. When the page has loaded in the cardholder's browser, special tags within the site allow information from the device to be gathered and sent to ThreatMetrix as the device fingerprint.
The HTML tags should be placed where the cardholder is resident on the page for a couple of
seconds to get the broadest data possible.
3. Customer submits a transaction.
4. Merchant’s web application makes a Session Query transaction to the Moneris Gateway using
the same session id that was included in the device fingerprint. This call must be made within 30
minutes of profiling (2).
5. Moneris Gateway submits the Session Query data to ThreatMetrix.
6. ThreatMetrix uses the Session Query data and the device fingerprint information to assess the
transaction against the rules. A score is generated based on the rules.

Page 299 of 477

Canada Only

July 2018

7. The merchant uses the returned device information in its risk analysis to make a business
decision. The merchant may wish to continue or cancel with the cardholder’s payment transaction.

9.3.4 Attribute Query
The Attribute Query is used to obtain a risk assessment of transaction-related identifiers such as the
email address and the card number. Unlike the Session Query, the Attribute Query does not require the
device fingerprinting information to be provided.

AttributeQuery transaction object definition
$riskTxn = new riskTransaction($txnArray);

HttpsPostRequest object for AttributeQuery transaction
$riskHttpsPost =new riskHttpsPost($store_id,$api_token,$riskRequest);

Attribute Query transaction values
Table 88: Attribute Query transaction object mandatory values
Type

Limits

Set method

Value
Description
Service type

'service_type'=>$service_type

String N/A
Which output fields are returned.

session -- returns IP and device related attributes.
Device ID

String 36-character alphanumeric

'device_id'=>$device_id

Unique device identifier generated by a previous call to the ThreatMetrix sessionquery API.
Credit card
number

String 20-character numeric

'pan'=>$pan

No spaces or dashes
Most credit card numbers today are 16 digits, but some 13-digit numbers are still
accepted by some issuers. This field has been intentionally expanded to 20 digits in
consideration for future expansion and potential support of private label card ranges.

IP address

String 64-character alphanumeric

'ip_address'=>$ip_address

True IP address. Results will be returned as true_ip_geo, true_ip_score and so on.

July 2018

Canada Only

Page 300 of 477

Moneris Gateway API - Integration Guide
Table 88: Attribute Query transaction object mandatory values (continued)
Type

Limits

Set method

Value
Description
IP forwarded

String 64-character alphanumeric

'ip_forwarded'=>$ip_forwarded

The IP address of the proxy. If the IPAddress is supplied, results will be returned as
proxy_ip_geo and proxy_ip_score.
If the IP Address is not supplied, this IP address will be treated as the true IP address
and results will be returned as true_ip_geo, true_ip_score and so on
'account_address_
Account
String 32-character alphanumeric
street1'=>$account_address_
address street
street1
1
First portion of the street address component of the billing address.
'account_address_
Account
String 32-character alphanumeric
street2'=>$account_address_
Address Street
street2
2
Second portion of the street address component of the billing address.

Account
address city

String 50-character alphanumeric

'account_address_
city'=>$account_address_city

The city component of the billing address.
'account_address_
Account
String 64-character alphanumeric
state'=>$account_address_state
address state/province
The state component of the billing address.
'account_address_
Account
String 2-character alphanumeric
country'=>$account_address_
address councountry
try
ISO2 country code of the billing addresses.

Account
address zip/postal code

String 8-character alphanumeric

'account_address_zip'=>$account_
address_zip

Zip/postal code of the billing address.

Shipping
String 32-character alphanumeric
address street
1
Account address country

'shipping_address_
street1'=>$shipping_address_
street1

'shipping_address_
Shipping
String 32-character alphanumeric
street2'=>$shipping_address_
Address Street
street2
2
Second portion of the street address component of the shipping address.

Page 301 of 477

Canada Only

July 2018

Table 88: Attribute Query transaction object mandatory values (continued)
Type

Limits

Set method

Value
Description
Shipping
Address City

String 50-character alphanumeric

'shipping_address_
city'=>$shipping_address_city

City component of the shipping address.
'shipping_address_
Shipping
String 64-character alphanumeric
state'=>$shipping_address_state
Address
State/Province State/Province component of the shipping address.
'shipping_address_
Shipping
String 2-character alphanumeric
country'=>$shipping_address_
Address Councountry
try
ISO2 country code of the account address country.

Shipping
Address zip/postal code

String 8-character alphanumeric

'shipping_address_
zip'=>$shipping_address_zip

The zip/postal code component of the shipping address.

Sample Attribute Query
$account_login,
'password_hash' =>$password_hash,
'account_number' => $acount_number,
'account_name' => $account_name,
'account_email'=>$account_email,
'pan' =>$pan
);
/************************** SessionAccountInfo Object ********************************/
$mpgSessionAccountInfo = new mpgSessionAccountInfo ($sessionAccountInfoTemplate);
/***************** Transactional Associative Array ********************/
$txnArray=array(
'type'=>$type,
'order_id'=>$order_id,
'session_id'=>$session_id,
'service_type'=>$service_type
);
/********************** Transaction Object ****************************/
$riskTxn = new riskTransaction($txnArray);
/************************ Set SessionAccountInfo *****************************/
$riskTxn->setSessionAccountInfo($mpgSessionAccountInfo);
/************************ Request Object ******************************/
$riskRequest = new riskRequest($riskTxn);
$riskRequest->setTestMode(true);
/*********************** HTTPS Post Object ****************************/
$riskHttpsPost =new riskHttpsPost($store_id,$api_token,$riskRequest);
/***************************** Response ******************************/
$riskResponse=$riskHttpsPost->getRiskResponse();
//print("\nResponse = " . $riskResponse);
print("\nResponseCode = " . $riskResponse->getResponseCode());
print("\nMessage = " . $riskResponse->getMessage());
$results = $riskResponse->getResults();
foreach($results as $key => $value)
{
print("\n".$key ." = ". $value);
}
$rules = $riskResponse->getRules();
//print_r($rules);
foreach ($rules as $i)
{
foreach ($i as $key => $value)
{
echo "\n$key = $value";
}
}
?>

Page 303 of 477

Canada Only

July 2018

9.3.4.1 Attribute Query Transaction Flow

Figure 5: Attribute query transaction flow
1. Cardholder logs onto merchant website and submits a transaction.
2. The merchant’s web application makes an Attribute Query transaction that includes the session
ID to the Moneris Gateway.
3. Moneris Gateway submits Attribute Query data to ThreatMetrix.
4. ThreatMetrix uses the Attribute Query data to assess the transaction against the rules. A score is
generated based on the rules.
5. The merchant uses the returned device information in its risk analysis to make a business
decision. The merchant may wish to continue or cancel with the cardholder's payment transaction.

9.3.5 Handling Response Information
When reviewing the response information and determining how to handle the transaction, it is recommended that you (either manually or through automated logic on your site) use the following pieces of
information:
l
l
l

l

Risk score
Rules triggered (such as Rule Codes, Rule Names, Rule Messages)
Results obtained from Verified by Visa, MasterCard Secure Code, AVS, CVD and the financial transaction authorization
Response codes for the Transaction Risk Management Transaction that are included by automated processes.

July 2018

Canada Only

Page 304 of 477

Moneris Gateway API - Integration Guide

9.3.5.1 TRMT Response Fields
Table 89: Receipt object response values for TRMT
Type

Limits

Get method

Value
Definition
Response
Code

String

3-character alphanumeric

$mpgResponse->getResponseCode();

001 – Success
981 – Data error
982 – Duplicate Order ID
983 – Invalid Transaction
984 – Previously asserted
985 – Invalid activity description
986- Invalid impact description
987 – Invalid Confidence description
988 - Cannot find Previous
Message

String

N/A

$mpgResponse->getMessage();

Response message
Event type

String

N/A

Type of transaction or event returned in the response.
Org ID

String

N/A

ThreatMetrix-defined unique transaction identifier
Policy

String

N/A

Policy used for the Session Query will be returned with the return request. If the Policy
was not included, then the Policy name default is returned.
Policy score

String

N/A

The sum of all the risks weights from triggered rules within the selected policy in the
range [-100…100]
Request dur- String
N/A
ation
Length of time it takes for the transaction to be processed.

Page 305 of 477

Canada Only

July 2018

Table 89: Receipt object response values for TRMT (continued)
Type

Limits

Get method

Value
Definition
Request ID

String

N/A

Unique number and will always be returned with the return request.
Request res- String
N/A
ult
See 9.3.5.1 (page 305).
Review
status

String

Risk rating

String

N/A

The transaction status based on the assessments and risk scores.
N/A

The rating based on the assessments and risk scores.
Service type String

N/A

The service type will be returned in the attribute query response.
Session ID

String

N/A

Temporary identifier unique to the visitor will be returned in the return request.
Summary
risk score

String

Transaction
ID

String

Unknown
session

String

N/A

Based on all of the returned values in the range [-100 … 100]
N/A

This is the transaction identifier and will always be returned in the response when supplied as input.
N/A

If present, the value is "yes". It indicates the session ID that was passed was not found.

Table 90: Response code descriptions
Value

July 2018

Definition

001

Success

981

Data error

982

Duplicate order ID

983

Invalid transaction

984

Previously asserted

985

Invalid activity description

Canada Only

Page 306 of 477

Moneris Gateway API - Integration Guide

Value

Definition

986

Invalid impact description

987

Invalid confidence description

988

Cannot find previous

Table 91: Request result values and descriptions
Value

Definition

fail_duplicate_entities_of_same_type

More than one entity of the same was specified,
e.g. password_hash was specified twice.

fail_incomplete

ThreatMetrix was unable to process the request
due to incomplete or incorrect input data

fail_invalid_account_number

The format of the supplied account number was
invalid

fail_invalid_characters

Invalid characters submitted

fail_invalid_charset

The value of character set was invalid

fail_invalid_currency_code

The format of the currency_code was invalid

fail_invalid_currency_format

The format of the currency_format was invalid

fail_invalid_telephone_number

Format of the supplied telephone number was
invalid

fail_access

ThreatMetrix was unable to process the request
because of API verification failing

fail_internal_error

ThreatMetrix encountered an error while processing the request

fail_invalid_device_id

Format of the supplied device_id was invalid

fail_invalid_email_address

Format of the supplied email address was invalid

fail_invalid_fuzzy_device_id

The format of fuzzy_device_id was invalid

fail_invalid_ip_address_parameter

Format of a supplied ip_address parameter was
invalid

fail_invalid_parameter

The format of the parameter was invalid, or the

Page 307 of 477

Canada Only

July 2018

Value

Definition
value is out of boundary

fail_invalid_sha_hash

The format of a parameter specified as a sha hash
was invalid, sha hash included sha1/2/3 hash

fail_invalid_submitter_id

The format of the submitter id was invalid or the
value is out of boundary

fail_no_policy_configured

No policy was configured against the org_id

fail_not_enough_params

Not enough device attributes were collected during profiling to perform a fingerprint match

fail_parameter_overlength

The value of the parameter was overlength

fail_temporarily_unavailable

Request failed because the service is temporarily
unavailable

fail_too_many_instances_of_same_parameter

Multiple values for some parameters which only
allow one instance

fail_verification

API query limit reached

success

ThreatMetrix was able to process the request successfully

9.3.5.2 Understanding the Risk Score
For each Session Query or Attribute Query, a score with a value between -100 and +100 is returned based
on the rules that were triggered for the transaction.
Table 92 defines the risk scores ranges.
Table 92: Session Query and Attribute Query risk score definitions
Risk score

Visa definition

-100 to -1

A lower score indicates a higher probability that the transaction is fraudulent.

0

Neutral transaction

1 to 100

A higher score indicates a lower probability that the transaction is fraudulent.
Note: All e-commerce transactions have some level of risk associated with them.
Therefore, it is rare to see risk score in the high positive values.

July 2018

Canada Only

Page 308 of 477

Moneris Gateway API - Integration Guide
When evaluating the risk of a transaction, the risk score gives an initial indicator of the potential risk that
the transaction is fraudulent. Because some of the rules that are evaluated on each transaction may not
be relevant to your business scenario, review the rules that were triggered for the transaction before
determining how to handle the transaction.

9.3.5.3 Understanding the Rule Codes, Rule Names and Rule Messages
The rule codes, rule names and rule messages provide details about what rules were triggered during the
assessment of the information provided in the Session or Attribute Query. Each rule code has a rule
name and rule message. The rule name and rule message are typically similar. Table 93 provides additional information on each rule.
When evaluating the risk of a transaction, it is recommended that you review the rules that were
triggered for the transaction and assess the relevance to your business. (That is, how does it relate to the
typical buying habits of your customer base?)
If you are automating some or all of the decision-making processes related to handling the responses,
you may want to use the rule codes. If you are documenting manual processes, you may want to refer to
the more user-friendly rule name or rule message.
Table 93: Rule names, numbers and messages
Rule name

Rule number

Rule message
Rule explanation

White lists
DeviceWhitelisted

WL001

Device White Listed

Device is on the white list. This indicates that the device has
been flagged as always "ok".
Note: This rule is currently not in use.
IPWhitelisted

WL002

IP White Listed

IP address is on the white list. This indicates the device has
been flagged as always "ok".
Note: This rule is currently not in use.
EmailWhitelisted

WL003

Email White Listed

Email address is on the white list. This indicates that the
device has been flagged as always "ok".
Note: This rule is currently not in use.
Event velocity
2DevicePayment

EV003

2 Device Payment Velocity

Multiple payments were detected from this device in the
past 24 hours.

Page 309 of 477

Canada Only

July 2018

Table 93: Rule names, numbers and messages (continued)
Rule name
2IPPaymentVelocity

Rule number

Rule message
Rule explanation

EV006

2 IP Payment Velocity

Multiple payments were detected from this IP within the
past 24 hours.
2ProxyPaymentVelocity

EV008

2 Proxy Payment Velocity

The device has used 3 or more different proxies during a 24
hour period. This could be a risk or it could be someone
using a legitimate corporate proxy.
Email
3EmailPerDeviceDay

EM001

3 Emails for the Device ID in 1 Day

This device has presented 3 different email IDs within the
past 24 hours.
3EmailPerDeviceWeek

EM002

3 emails for the Device ID in 1 week

This device has presented 3 different email IDs within the
past week.
3DevciePerEmailDay

EM003

3 Device Ids for email address in 1 day

This email has been presented from three different devices
in the past 24 hours.
3DevciePerEmailWeek

EM004

3 Device Ids for email address in 1 week

This email has been presented from three different devices
in the past week.
EmailDistanceTravelled

EM005

Email Distance Travelled

This email address has been associated with different physical locations in a short period of time.
3EmailPerSmartIDHour

EM006

3 Emails for SmartID in 1 Hour

The SmartID for this device has been associated with 3 different email addresses in 1 hour.
GlobalEMailOverOneMonth

EM007

Global Email over 1 month

The e-mail address involved in the transaction over 30 days
ago. This generally indicates that the transaction is less
risky.
Note: This rule is set so that it does not impact the policy
score or risk rating.
ComputerGeneratedEmailAddress

July 2018

EM008

Canada Only

Computer Generated Email Address

Page 310 of 477

Moneris Gateway API - Integration Guide
Table 93: Rule names, numbers and messages (continued)
Rule name

Rule number

Rule message
Rule explanation

This transaction used a computer-generated email address.
Account Number
3AccountNumberPerDeviceDay

AN001

3 Account Numbers for device in 1 day

This device has presented 3 different user accounts within
the past 24 hours.
3AccountNumberPerDeviceWeek

AN002

3 Account Numbers for device in 1
week

This device has presented 3 different user accounts within
the past week.
3DevciePerAccountNumberDay

AN003

3 Device IDs for account number in 1
day

This user account been used from three different devices in
the past 24 hours.
3DevciePerAccountNumberWeek

AN004

3 Device IDs for account number in 1
week

This card number has been used from three different
devices in the past week.
AccountNumberDistanceTravelled

AN005

Account Number distance travelled

This card number has been used from a number of physically different locations in a short period of time.
Credit card/payments
3CreditCardPerDeviceDay

CP001

3 credit cards for device in 1 day

This device has used three credit cards within 24 hours.
3CreditCardPerDeviceWeek

CP002

3 credit cards for device in 1 week

This device has used three credit cards within 1 week.
3DevicePerCreditCardDay

CP003

3 device ids for credit card in 1 day

This credit card has been used on three different devices in
24 hours.
3DevciePerCreditCardWeek

CP004

3 device ids for credit card in 1 week

This credit card has been used on three different devices in 1
week.

Page 311 of 477

Canada Only

July 2018

Table 93: Rule names, numbers and messages (continued)
Rule name
CredtCardDistanceTravelled

Rule number

Rule message
Rule explanation

CP005

Credit Card has travelled

The credit card has been used at a number of physically different locations in a short period of time.
CreditCardShipAddressGeoMismatch

CP006

Credit Card and Ship Address do not
match

The credit card was issued in a region different from the Ship
To Address information provided.
CreditCardBillAddressGeoMismatch

CP007

Credit Card and Billing Address do not
match

The credit card was issued in a region different from the
Billing Address information provided.
CreditCardDeviceGeoMismatch

CP008

Credit Card and device location do not
match

The device is located in a region different from where the
card was issued.
CreditCardBINShipAddressGeoMismatch CP009

Credit Card issuing location and Shipping address do not match

The credit card was issued in a region different from the Ship
To Address information provided.
CreditCardBINBillAddressGeoMismatch

CP010

Credit Card issuing location and Billing
address do not match

The credit card was issued in a region different from the
Billing Address information provided.
CreditCardBINDeviceGeoMismatch

CP011

Credit Card issuing location and location of the device do not match

The device is located in a region different from where the
card was issued.
TransactionValueDay

CP012

Daily Transaction Value Threshold

The transaction value exceeds the daily threshold.
TransactionValueWeek

CP013

Weekly Transaction Value Threshold

The transaction value exceeds the weekly threshold.
Proxy rules
3ProxyPerDeviceDay

PX001

3 Proxy Ips in 1 day

This device has used three different proxy servers in the past
24 hours.

July 2018

Canada Only

Page 312 of 477

Moneris Gateway API - Integration Guide
Table 93: Rule names, numbers and messages (continued)
Rule name
AnonymousProxy

Rule number

Rule message
Rule explanation

PX002

Anonymous Proxy IP

This device is using an anonymous proxy
UnusualProxyAttributes

PX003

Unusual Proxy Attributes

This transaction is coming from a source with unusual proxy
attributes.
AnonymousProxy

PX004

Anonymous Proxy

This device is connecting through an anonymous proxy connection.
HiddenProxy

PX005

Hidden Proxy

This device is connecting via a hidden proxy server.
OpenProxy

PX006

Open Proxy

This transaction is coming from a source that is using an
open proxy.
TransparentProxy

PX007

Transparent Proxy

This transaction is coming from a source that is using a transparent proxy.
DeviceProxyGeoMismatch

PX008

Proxy and True GEO Match

This device is connecting through a proxy server that didn’t
match the devices geo-location.
ProxyTrueISPMismatch

PX009

Proxy and True ISP Match

This device is connecting through a proxy server that
doesn’t match the true IP address of the device.
ProxyTrueOrganizationMismatch

PX010

Proxy and True Org Match

The Proxy information and True ISP information for this
source do not match.
DeviceProxyRegionMismatch

PX011

Proxy and True Region Match

The proxy and device region location information do not
match.
ProxyNegativeReputation

PX012

Proxy IP Flagged Risky in Reputation
Network

This device is connecting from a proxy server with a known
negative reputation.

Page 313 of 477

Canada Only

July 2018

Table 93: Rule names, numbers and messages (continued)
Rule name
SatelliteProxyISP

Rule number

Rule message
Rule explanation

PX013

Satellite Proxy

This transaction is coming from a source that is using a satellite proxy.
GEO
DeviceCountriesNotAllowed

GE001

True GEO in Countries Not Allowed
blacklist

This device is connecting from a high-risk geographic location.
DeviceCountriesNotAllowed

GE002

True GEO in Countries Not Allowed
(negative whitelist)

The device is from a region that is not on the whitelist of
regions that are accepted.
DeviceProxyGeoMismatch

GE003

True GEO different from Proxy GEO

The true geographical location of this device is different from
the proxy geographical location.
DeviceAccountGeoMismatch

GE004

Account Address different from True
GEO

This device has presented an account billing address that
doesn't match the devices geolocation.
DeviceShipGeoMismatch

GE005

Device and Ship Geo mismatch

The location of the device and the shipping address do not
match.
DeviceShipGeoMismatch

GE006

Device and Ship Geo mismatch

The location of the device and the shipping address do not
match.
Device
SatelliteISP

DV001

Satellite ISP

This transaction is from a source that is using a satellite ISP.
MidsessionChange

DV002

Session Changed Mid-session

This device changed session details and identifiers in the
middle of a session.

July 2018

Canada Only

Page 314 of 477

Moneris Gateway API - Integration Guide
Table 93: Rule names, numbers and messages (continued)
Rule name
LanguageMismatch

Rule number

Rule message
Rule explanation

DV003

Language Mismatch

The language of the user does not match the primary language spoken in the location where the True IP is registered.
NoDeviceID

DV004

No Device ID

No device ID was available for this transaction.
Dial-upConnection

DV005

Dial-up connection

This device uses a less identifiable dial-up connection.
DeviceNegativeReputation

DV006

Device Blacklisted in Reputational Network

This device has a known negative reputation as reported to
the fraud network.
DeviceGlobalBlacklist

DV007

Device on the Global Black List

This device has been flagged on the global blacklist of known
problem devices.
DeviceCompromisedDay

DV008

Device compromised in last day

This device has been reported as compromised in the last 24
hours.
DeviceCompromisedHour

DV009

Device compromised in last hour

This device has been reported as compromised in the last
hour.
FlashImagesCookiesDisabled

DV010

Flash Images Cookies Disabled

Key browser functions/identifiers have been disabled on
this device.
FlashCookiesDisabled

DV011

Flash Cookies Disabled

Key browser functions/identifiers have been disabled on
this device.
FlashDisabled

DV012

Flash Disabled

Key browser functions/identifiers have been disabled on
this device.
ImagesDisabled

DV013

Images Disabled

Key browser functions/identifiers have been disabled on
this device.

Page 315 of 477

Canada Only

July 2018

Table 93: Rule names, numbers and messages (continued)
Rule number

Rule name

Rule message
Rule explanation

CookiesDisabled

DV014

Cookies Disabled

Key browser functions/identifiers have been disabled on
this device.
DeviceDistanceTravelled

DV015

Device Distance Travelled

The device has been used from multiple physical locations in
a short period of time.
PossibleCookieWiping

DV016

Cookie Wiping

This device appears to be deleting cookies after each session.
PossibleCookieCopying

DV017

Possible Cookie Copying

This device appears to be copying cookies.
PossibleVPNConnection

DV018

Possibly using a VPN Connection

This device may be using a VPN connection

9.3.5.4 Examples of Risk Response
Session Query

Sample Risk Response - Session Query



001
Success

abc123
yes
payment
session
-25
riskcheck42
11kue096
91C1879B-33D4-4D72-8FCB-B60A172B3CAC
medium
success
-25
default
review


ComputerGeneratedEMail
UN001

July 2018

Canada Only

Page 316 of 477

Moneris Gateway API - Integration Guide

Sample Risk Response - Session Query
Unknown Rule
Regle Inconnus


NoDeviceID
DV004
No Device ID
null




Attribute Query

Sample Risk Response - Attribute Query






11kue096
443D7FB5-CC5C-4917-A57E-27EAC824069C
session
medium
-25
success
default
-25
riskcheck19
review


ComputerGeneratedEMail
UN001
Unknown Rule
Regle Inconnus


NoDeviceID
DV004
No Device ID
null




9.3.6 Inserting the Profiling Tags Into Your Website
Place the profiling tags on an HTML page served by your web application such that ThreatMetrix can collect device information from the customer’s web browser. The tags must be placed on a page that a visitor would display in a browser window for 3-5 seconds (such as a page that requires a user to input

Page 317 of 477

Canada Only

July 2018

data). After the device is profiled, a Session Query may be used to obtain the detail device information
for risk assessment before submitting a financial payment transaction.
There are two profiling tags that require two variables. Those tags are org_id and session_id. session_id must match the session ID value that is to be passed in the Session Query transaction. The
valid org_id values are:
11kue096
QA testing environment.
lbhqgx47
Production environment.
Below is an HTML sample of the profiling tags.

NOTE: Your site must replace  in the sample code with a unique alphanumeric value each time you fingerprint a new customer.













July 2018

Canada Only

Page 318 of 477

9.4 Encorporating All Available Fraud Tools
l
l
l

9.4.1 Implementation Options for TRMT
9.4.2 Implementation Checklist
9.4.3 Making a Decision

To minimize fraudulent activity in online transactions, Moneris recommends that you implement all of
the fraud tools available through the Moneris Gateway. These are explained below:
Address Verification Service (AVS)
Verifies the cardholder's billing address information.
Verified by Visa, MasterCard Secure Code and Amex SafeKey (VbV/MCSC/SafeKey)
Authenticates the cardholder at the time of an online transaction.
Card Validation Digit (CVD)
Validates that cardholder is in possession of a genuine credit card during the transaction.
Note that all responses that are returned from these verification methods are intended to provide added
security and fraud prevention. The response itself does not affect the completion of a transaction. Upon
receiving a response, the choice to proceed with a transaction is left entirely to the merchant.

9.4.1 Implementation Options for TRMT
Option A
Process a Transaction Risk Management Tool query and obtain the response. You can then decide
whether to continue with the transaction, abort the transaction, or use additional efraud features.
If you want to use additional efraud features, perform one or both of the following to help make your
decision about whether to continue with the transaction or abort it:
l

l

Process a VbV/MCSC/SafeKey transaction and obtain the response. The merchant then makes the
decision whether to continue with the transaction or to abort it.
Process a financial transaction including AVS/CVD details and obtain the response. The merchant
then makes a decision whether to continue with the transaction or to abort it.

Option B
1.
2.
3.
4.

Process a Transaction Risk Management Tool query and obtain the response.
Process a VbV/MCSC/SafeKey transaction and obtain the response.
Process a financial transaction including AVS/CVD details and obtain the response.
Merchant then makes a one-time decision based on the responses received from the eFraud
tools.

9.4.2 Implementation Checklist
The following checklists provide high-level tasks that are required as part of your implementation of the
Transaction Risk Management Tool. Because each organization has certain project requirements for
implementing system and process changes, this list is only a guideline, and does not cover all aspects of
your project.

July 2018

Page 319 of 477

Moneris Gateway API - Integration Guide

Download and review all of the applicable APIs and Integration Guides
Please review the sections outlined within this document that refers to the following feature
Table 94: API documentation
Document/API

Use the document if you are….

Transaction Risk Management Tool Integration
Guide (Section #)

Implementing or updating your integration for the
Transaction Risk Management Tool

Moneris MPI – Verified by Visa/MasterCard
SecureCode/American Express SafeKey – Java API
Integration Guide

Implementing or updating Verified by Visa, MasterCard SecureCode or American Express SafeKey

Basic transaction with VS and CVD (Section#)

Implementing or updating transaction processing,
AVS or CVD

Design your transaction flow and business processes
When designing your transaction flow, think about which scenarios you would like to have automated,
and which scenarios you would like to have handled manually by your employees.
The “Understand Transaction Risk Management Transaction Flow” and Handling Response Information
(page 304) sections can help you work through the design of your transaction and process flows.
Things to consider when designing your process flows:
l

l
l

Processes for notifying people within your organization when there is scheduled maintenance for
Moneris Gateway.
Handling refunds, canceled orders and so on.
Communicating with customers when you will not be shipping the goods because of suspected
fraud, back-ordered goods and so on.

Complete your development and testing
l

The Moneris Gateway API - Integration Guide provides the technical details required for the development and testing. Ensure that you follow the testing instructions and data provided.

If you are an integrator
l
l
l

Ensure that your solution meets the requirements for PCI-DSS/PA-DSS as applicable.
Send an email to eproducts@moneris.com with the subject line “Certification Request”.
Develop material to set up your customers as quickly as possible with your solution and a Moneris
account. Include information such as:
l Steps they must take to enter their store ID or API token information into your solution.

Page 320 of 477

July 2018

l

Any optional services that you support via Moneris Gateway (such as TRMT, AVS, CVD,
VBV/MCSC/SafeKey and so on) so that customers can request these features.

9.4.3 Making a Decision
Depending on your business policies and processes, the information obtained from the fraud tools (such
as AVS, CVD, VbV/MCSC/SafeKey and TRMT) can help you make an informed decision about whether to
accept a transaction or deny it because it is potentially fraudulent.
If you do not want to continue with a likely fraudulent transaction, you must inform the customer that
you are not proceeding with their transaction.
If you are attempting to do further authentication by using the available fraud tools, but you have
received an approval response instead, cancel the financial transaction by doing one of the following:
l

l

If the original transaction is a Purchase, use a Purchase Correction or Refund transaction. You will
need the original order ID and transaction number.
If the original transaction is a Pre-Authorization, use a Completion transaction for $0.00.

July 2018

Page 321 of 477

10 Apple Pay In-App and on the Web Integration
l

l
l
l

l

10.1 About Apple Pay In-App and on the Web Integration10.1 About Apple Pay In-App and on the
Web Integration
10.2 About API Integration of Apple Pay
10.3 Apple Pay In-App Process Flows10.3 Apple Pay In-App Process Flows
10.4 Cavv Purchase – Apple Pay In-App and on the Web10.4 Cavv Purchase – Apple Pay In-App and
on the Web
10.5 Cavv Pre-Authorization – Apple Pay

10.1 About Apple Pay In-App and on the Web Integration
The Moneris Gateway enables merchants to process in-app or on the web payment methods in mobile
applications and the Safari web browser on Apple devices via Apple Pay.
Moneris Solutions offers two processing and integration methods for Apple Pay. Merchants can choose
to use one of two methods:
l
l

Software Development Kit (SDK), or
API

While both methods provide the same basic payment features, there are differences in their implementations.
This guide only deals with the API method; for detailed information about the SDK method of integration, see the Moneris Developer Portal at https://developer.moneris.com.

10.2 About API Integration of Apple Pay
An API integration works to provide a communication link between the merchants’ server and Moneris’
server. APIs are required to complete any transaction, and therefore the APIs for Apple Pay are also
included within an SDK integration.
If the merchant chooses to use only an API integration, the merchant must decrypt payload information
themselves before sending the decrypted information to the Moneris Gateway to be processed. Because
this process is complicated, Apple recommend only businesses with expertise and a previously integrated payment processing system use APIs instead of SDKs.

10.2.1 Transaction Types That Use Apple Pay
In the Moneris Gateway API, there are two transaction types that allow you to process decrypted transaction payload information with Apple Pay:
l

l

10.4 Cavv Purchase – Apple Pay In-App and on the Web10.4 Cavv Purchase – Apple Pay In-App
and on the Web
10.5 Cavv Pre-Authorization – Apple Pay

July 2018

Page 322 of 477

Moneris Gateway API - Integration Guide

NOTE: INTERAC® e-Commerce functionality is currently available using the Cavv
Purchase transaction type only.

Once you have processed the initial transaction using Cavv Purchase or Cavv Pre-Authorization, if
required you can then process any of the following transactions:
l
l
l

Refund (page 33)
Pre-Authorization Completion (page 23)
Purchase Correction (page 31)

10.3 Apple Pay In-App Process Flows
For both API and SDK methods of mobile in-app integration, the merchant’s iOS app uses Apple’s PassKit
Framework to request and receive encrypted payment details from Apple. When payment details are
returned in their encrypted form, they can be decrypted and processed by the Moneris Gateway in one
of two ways: SDK or API.

Steps in the Apple Pay In-App and on the Web payment process
API
1. Merchant’s mobile application or web page requests and receives the encrypted payload.
2. Encrypted payload is sent to the merchant’s server, where it is decrypted.

Page 323 of 477

July 2018

10 Apple Pay In-App and on the Web Integration
3. Moneris Gateway receives the decrypted payload from the merchant’s server, and processes the
Cavv Purchase – Apple Pay In-App and on the Web (page 324)Cavv Purchase – Apple Pay In-App
and on the Web (page 324) or Cavv Pre-Authorization – Apple Pay (page 328)Cavv Pre-Authorization – Apple Pay (page 328) transaction.
a. Please ensure the wallet indicator is properly populated with the correct value (APP for
Apple Pay In-App or APW for Apple Pay on the Web).

SDK
1. Merchant's mobile application or web page requests and receives the encrypted payload.
2. Encrypted payload is sent from the merchant’s server to the Moneris Gateway, and the payload is
decrypted and processed.
This guide only deals with the API method; for detailed information about the SDK method of integration, see the Moneris Developer Portal at https://developer.moneris.com.

10.4 Cavv Purchase – Apple Pay In-App and on the Web
The Cavv Purchase for Apple Pay transaction follows a 3-D Secure model but it does not require an MPI.
Once the Apple Pay payload has been decrypted, this Purchase verifies funds on the customer’s card,
removes the funds and prepares them for deposit into the merchant’s account.
For Apple Pay processing, this transaction is only applicable if choosing to integrate directly to the Apple
Wallet (if not using the Moneris Apple Pay SDK). Please refer to 10 Apple Pay In-App and on the Web
Integration for more details on your integration options.
Refer to Apple's Developer Portal for details on integrating directly to Apple Wallet to retrieve the payload data.

CavvPurchase transaction object definition
$txnArray = array(‘type’=>’cavv_purchase', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Cavv Purchase transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Cavv Purchase transaction values
For a full description of mandatory and optional values, see Appendix A Definitions of Request Fields

July 2018

Page 324 of 477

Moneris Gateway API - Integration Guide
Table 95: Cavv Purchase transaction object mandatory values
Value

Type

Limits

Set method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Amount

String

9-character decimal

'amount'=>$amount

Credit card number

String

20-character alphanumeric

'pan'=>$pan

Expiry date

String

4-character alphanumeric

'expdate'=>$expiry_date

YYMM format
CAVV

String

100-character alphanumeric

cavv=>$cavv

String

1-character alphanumeric

'crypt_type'=>$crypt

NOTE: For Apple Pay
Cavv Purchase and
Cavv Pre-Authorization
transactions, CAVV
field contains the
decrypted cryptogram.
For more, see
Appendix A Definitions
of Request Fields.

E-commerce indicator
NOTE: For Apple Pay
Cavv Purchase and
Cavv Pre-Authorization
transactions, the Ecommerce indicator is
a mandatory field containing the value
received from the
decrypted payload or a
default value of 5. If
you get a 2-character
value (e.g.,. 05 or 07)
from the payload,
remove the initial 0
and just send us the
2nd character. For
more, see Appendix A
Definitions of Request
Fields.

Page 325 of 477

July 2018

10 Apple Pay In-App and on the Web Integration
Table 1: CavvPurchase transaction object optional values
Value

Type

Limits

Set Method

Status Check

Boolean

true/false

$mpgHttpPost =new
mpgHttpsPostStatus($store_
id,$api_
token,$status,$mpgRequest);

Customer ID

String

50-character alphanumeric

'cust_id'=>$cust_id

Dynamic descriptor

String

20-character alphanumeric

'dynamic_
descriptor'=>$dynamic_
descriptor

Customer information

Object

N/A

$mpgTxn->setCustInfo
($mpgCustInfo);

Network

String

alphabetical

String

3-character alphanumeric

NOTE: This request
variable is mandatory
for INTERAC® e-Commerce transactions
conducted via Apple
Pay, and is not for use
with credit card transactions.

Data Type
NOTE: This request
variable is mandatory
for INTERAC® e-Commerce transactions
conducted via Apple
Pay, and is not for use
with credit card transactions.

Sample Cavv Purchase for Apple Pay
$type,
'order_id'=>$order_id,
'cust_id'=>$cust_id,
'amount'=>$amount,
'pan'=>$pan,
'expdate'=>$expiry_date,
'cavv'=>$cavv,
'crypt_type'=>$crypt_type, //mandatory for AMEX only
//'wallet_indicator'=>$wallet_indicator, //set only for wallet transactions. e.g. APPLE PAY
//'network'=> "Interac", //set only for Interac e-commerce
//'data_type'=> "3DSecure", //set only for Interac e-commerce
'dynamic_descriptor'=>$dynamic_descriptor
);
/****************************** Transaction Object *******************************/
$mpgTxn = new mpgTransaction($txnArray);
/******************* Credential on File **********************************/
$cof = new CofInfo();
$cof->setPaymentIndicator("Z");
$cof->setPaymentInformation("0");
$cof->setIssuerId("12345678901234");
$mpgTxn->setCofInfo($cof);
/******************************* Request Object **********************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/****************************** HTTPS Post Object *******************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/************************************* Response *********************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
print("\nCavvResultCode = " . $mpgResponse->getCavvResultCode());
print("\nIssuerId = " . $mpgResponse->getIssuerId());
?>

Page 327 of 477

July 2018

10 Apple Pay In-App and on the Web Integration

10.5 Cavv Pre-Authorization – Apple Pay
The Cavv Pre-Authorization for Apple Pay transaction follows a 3-D Secure model but it does not require
an MPI. Once the Apple Pay payload has been decrypted, this Pre-Authorization verifies funds on the customer’s card, and holds the funds. To prepare the funds for deposit into the merchant’s account please
process a Pre-Authorization Completion transaction.
For Apple Pay processing, this transaction is only applicable if choosing to integrate directly to the Apple
Wallet (if not using the Moneris Apple Pay SDK). Please refer to 10 Apple Pay In-App and on the Web
Integration for more details on your integration options.
Refer to Apple's Developer Portal for details on integrating directly to Apple Wallet to retrieve the payload data.

NOTE: INTERAC® e-Commerce functionality is currently available using the Cavv
Purchase transaction type only.

Cavv Pre-Authorization transaction object definition
$txnArray = array(‘type’=>’cavv_preauth', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Cavv Pre-Authorization transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Cavv Pre-Authorization transaction values
Table 96: Cavv Pre-Authorization object mandatory values
Value

Type

Limits

Set method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Amount

String

9-character decimal

'amount'=>$amount

Credit card number

String

20-character numeric

'pan'=>$pan

Cardholder Authentication Verification
Value (CAVV)

String

50-character alphanumeric

cavv=>$cavv

NOTE: For Apple Pay
Cavv Purchase and
Cavv Pre-Authorization

July 2018

Page 328 of 477

Moneris Gateway API - Integration Guide

Value

Type

Limits

Set method

transactions, CAVV
field contains the
decrypted cryptogram.
For more, see
Appendix A Definitions
of Request Fields.

Expiry date

String

4-character numeric

'expdate'=>$expiry_date

E-commerce indicator

String

1-character alphanumeric

'crypt_type'=>$crypt

NOTE: For Apple Pay
Cavv Purchase and
Cavv Pre-Authorization
transactions, the Ecommerce indicator is
a mandatory field containing the value
received from the
decrypted payload or a
default value of 5. If
you get a 2-character
value (e.g.,. 05 or 07)
from the payload,
remove the initial 0
and just send us the
2nd character. For
more, see Appendix A
Definitions of Request
Fields.

Table 1: Cavv Pre-Authorization object optional values
Value

Type

Limits

Set method

Status Check

Boolean

true/false

$mpgHttpPost =new
mpgHttpsPostStatus($store_
id,$api_
token,$status,$mpgRequest);

Customer ID

String

50-character alphanumeric

'cust_id'=>$cust_id

Dynamic descriptor

String

20-character alphanumeric

'dynamic_
descriptor'=>$dynamic_
descriptor

Network

String

alphabetical

Page 329 of 477

July 2018

10 Apple Pay In-App and on the Web Integration

Value

Type

Limits

Set method

NOTE: This request
variable is mandatory
for INTERAC® e-Commerce transactions
conducted via Apple
Pay, and is not for use
with credit card transactions.

Data Type

String

3-character alphanumeric

NOTE: This request
variable is mandatory
for INTERAC® e-Commerce transactions
conducted via Apple
Pay, and is not for use
with credit card transactions.

Sample Cavv Pre-Authorization for Apple Pay
$type,
'order_id'=>$order_id,
'cust_id'=>$cust_id,
'amount'=>$amount,
'pan'=>$pan,
'expdate'=>$expiry_date,
'cavv'=>$cavv,
'crypt_type'=>$crypt_type, //mandatory for AMEX only
//'wallet_indicator'=>$wallet_indicator, //set only for wallet transactions. e.g. APPLE PAY
'dynamic_descriptor'=>$dynamic_descriptor

July 2018

Page 330 of 477

Moneris Gateway API - Integration Guide

Sample Cavv Pre-Authorization for Apple Pay
);
/****************************** Transaction Object *******************************/
$mpgTxn = new mpgTransaction($txnArray);
/******************************* Request Object **********************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/****************************** HTTPS Post Object *******************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/************************************ Response **********************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
print("\nCavvResultCode = " . $mpgResponse->getCavvResultCode());
?>

Page 331 of 477

July 2018

11 Convenience Fee
l
l
l
l

11.1
11.2
11.3
11.4

About Convenience Fee
Purchase with Convenience Fee
Convenience Fee Purchase w/ Customer Information
Convenience Fee Purchase with VbV, MCSC and Amex SafeKey

11.1 About Convenience Fee
The Convenience Fee program was designed to allow merchants to offer the convenience of an alternative payment channel to the cardholder at a charge. This applies only when providing a true "convenience" in the form of an alternative payment channel outside the merchant's customary face-to-face
payment channels. The convenience fee will be a separate charge on top of what the consumer is paying
for the goods and/or services they were given, and this charge will appear as a separate line item on the
consumer’s statement.

NOTE: The Convenience Fee program is only offered to certain supported Merchant Category Codes (MCCs). Please speak to your account manager for further details.

11.2 Purchase with Convenience Fee
NOTE: Convenience Fee Purchase with Customer Information is also supported.

Convenience Fee Purchase transaction object definition
$txnArray = array(‘type’=>’purchase', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Convenience Fee Purchase transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Convenience Fee Purchase transaction object values
For a full description of mandatory and optional values, see Appendix A Definitions of Request Fields

July 2018

Page 332 of 477

Moneris Gateway API - Integration Guide
Table 1: Convenience Fee Purchase transaction object mandatory values
Value

Type

Limits

Set Method

Convenience Fee

Object

n/a

$mpgConvFee = new
mpgConvFeeInfo
($convFeeTemplate);

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Amount

String

9-character decimal

'amount'=>$amount

Credit card number

String

20-character numeric

'pan'=>$pan

Expiry date

String

4-character numeric
YYMM format

'expdate'=>$expiry_date

E-commerce indicator

String

1-character alphanumeric

'crypt_type'=>$crypt

Convenience fee
amount

String

9-character decimal

$convFeeTemplate = array
(convenience_fee=>$convfee_
amount);

Table 2: Convenience Fee Purchase transaction object optional values
Value

Type

Limits

Set Method

Customer ID

String

50-character alphanumeric

'cust_id'=>$cust_id

Dynamic descriptor

String

20-character alphanumeric

'dynamic_
descriptor'=>$dynamic_
descriptor

AVS information

Object

$mpgTxn->setAvsInfo
($mpgAvsInfo);

CVD information

Object

$mpgTxn->setCvdInfo
($mpgCvdInfo);

Sample Purchase with Convenience Fee
'purchase',
order_id=>$orderid,
cust_id=>'cust',
amount=>$amount,
pan=>$pan,
expdate=>$expiry_date,
crypt_type=>'7',
dynamic_descriptor=>$dynamic_descriptor
);
/********************** ConvFee Associative Array *************************/
$convFeeTemplate = array(
convenience_fee=>'1.00'
);
/************************** ConvFee Object ********************************/
$mpgConvFee = new mpgConvFeeInfo($convFeeTemplate);
/************************ Transaction Object *******************************/
$mpgTxn = new mpgTransaction($txnArray);
/************************ Set ConvFee *****************************/
$mpgTxn->setConvFeeInfo($mpgConvFee);
/************************ Request Object **********************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"CA" for sending transaction to Canadian environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/************************ mpgHttpsPost Object ******************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
//Status check example
//$mpgHttpPost = new mpgHttpsPostStatus($store_id,$api_token,$status,$mpgRequest);
/************************ Response Object **********************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nISO = " . $mpgResponse->getISO());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
print("\nCardLevelResult = " . $mpgResponse->getCardLevelResult());
print("\nCfSuccess = " . $mpgResponse->getCfSuccess());
print("\nCfStatus = " . $mpgResponse->getCfStatus());
print("\nFeeAmount = " . $mpgResponse->getFeeAmount());

July 2018

Page 334 of 477

Moneris Gateway API - Integration Guide

Sample Purchase with Convenience Fee
print("\nFeeRate = " . $mpgResponse->getFeeRate());
print("\nFeeType = " . $mpgResponse->getFeeType());
//print("\nStatusCode = " . $mpgResponse->getStatusCode());
//print("\nStatusMessage = " . $mpgResponse->getStatusMessage());
?>

11.3 Convenience Fee Purchase w/ Customer Information
Convenience Fee Purchase with Customer information transaction object definition
$txnArray = array(‘type’=>’purchase', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Convenience Fee Purchase with Customer Info transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Convenience Fee Purchase with Customer information transaction object values
For a full description of mandatory and optional values, see Appendix A Definitions of Request Fields
Table 1: Convenience Fee Purchase w/ Customer Info transaction object mandatory values
Value

Type

Limits

Set Method

Convenience Fee

Object

n/a

$mpgConvFee = new
mpgConvFeeInfo
($convFeeTemplate);

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Amount

String

9-character decimal

'amount'=>$amount

Credit card number

String

20-character numeric

'pan'=>$pan

Page 335 of 477

July 2018

11 Convenience Fee
Table 1: Convenience Fee Purchase w/ Customer Info transaction object mandatory values (continued)
Value

Type

Limits

Set Method

Expiry date

String

4-character numeric
YYMM format

'expdate'=>$expiry_date

E-commerce indicator

String

1-character alphanumeric

'crypt_type'=>$crypt

Convenience fee
amount

String

9-character decimal

$mpgConvFee = new
mpgConvFeeInfo
($convFeeTemplate);

Table 2: Convenience Fee Purchase w/ Customer Info transaction object optional values
Value

Type

Limits

Set Method

Customer ID

String

50-character alphanumeric

'cust_id'=>$cust_id

Dynamic descriptor

String

20-character alphanumeric

'dynamic_
descriptor'=>$dynamic_
descriptor

Customer information

Object

n/a

$mpgTxn->setCustInfo
($mpgCustInfo);

AVS information

Object

n/a

$mpgTxn->setAvsInfo
($mpgAvsInfo);

CVD information

Object

n/a

$mpgTxn->setCvdInfo
($mpgCvdInfo);

Sample Convenience Fee Purchase with Customer Information
 $first_name,
'last_name' => $last_name,
'company_name' => $company_name,
'address' => $address,
'city' => $city,
'province' => $province,
'postal_code' => $postal_code,
'country' => $country,
'phone_number' => $phone_number,
'fax' => $fax,
'tax1' => $tax1,
'tax2' => $tax2,
'tax3' => $tax3,
'shipping_cost' => $shipping_cost
);
$mpgCustInfo->setBilling($billing);
$shipping = array(
'first_name' => $first_name,
'last_name' => $last_name,
'company_name' => $company_name,
'address' => $address,
'city' => $city,
'province' => $province,
'postal_code' => $postal_code,

Page 337 of 477

July 2018

11 Convenience Fee

Sample Convenience Fee Purchase with Customer Information
'country' => $country,
'phone_number' => $phone_number,
'fax' => $fax,
'tax1' => $tax1,
'tax2' => $tax2,
'tax3' => $tax3,
'shipping_cost' => $shipping_cost
);
$mpgCustInfo->setShipping($shipping);
$mpgCustInfo->setEmail($email);
$mpgCustInfo->setInstructions($instructions);
/*********************** Set Line Item Information *********************/
$item[0] = array(
'name'=>$item_name[0],
'quantity'=>$item_quantity[0],
'product_code'=>$item_product_code[0],
'extended_amount'=>$item_extended_amount[0]
);
$item[1] = array(
'name'=>$item_name[1],
'quantity'=>$item_quantity[1],
'product_code'=>$item_product_code[1],
'extended_amount'=>$item_extended_amount[1]
);
$mpgCustInfo->setItems($item[0]);
$mpgCustInfo->setItems($item[1]);
/********************** ConvFee Associative Array *************************/
$convFeeTemplate = array(
'convenience_fee'=>'2.00'
);
/************************** ConvFee Object ********************************/
$mpgConvFee = new mpgConvFeeInfo($convFeeTemplate);
/***************** Transactional Associative Array ********************/
$txnArray=array(
'type'=>$type,
'order_id'=>$order_id,
'cust_id'=>$cust_id,
'amount'=>$amount,
'pan'=>$pan,
'expdate'=>$expiry_date,
'crypt_type'=>$crypt
);
/********************** Transaction Object ****************************/
$mpgTxn = new mpgTransaction($txnArray);
/******************** Set Customer Information ************************/
$mpgTxn->setCustInfo($mpgCustInfo);
/************************ Set ConvFee *****************************/
$mpgTxn->setConvFeeInfo($mpgConvFee);
/************************* Request Object *****************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/************************ HTTPS Post Object ***************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/****************8********** Response *********************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());

July 2018

Page 338 of 477

Moneris Gateway API - Integration Guide

Sample Convenience Fee Purchase with Customer Information
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nIsVisaDebit = " . $mpgResponse->getIsVisaDebit());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
?>

11.4 Convenience Fee Purchase with VbV, MCSC and Amex SafeKey
Convenience Fee Purchase with VbV/MCSC/SafeKey transaction object definition
$txnArray = array(‘type’=>’cavv_purchase', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for Convenience Fee Purchase w/ VbV/MCSC/SafeKey transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Convenience Fee Purchase with VbV/MCSC/SafeKey transaction object values
For a full description of mandatory and optional values, see Appendix A Definitions of Request Fields
Table 1: Convenience Fee Purchase with VbV, MCSC, SafeKey - Required Fields
Value

Type

Limits

Set Method

Convenience Fee

Object

N/A

$mpgConvFee = new
mpgConvFeeInfo
($convFeeTemplate);

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Amount

String

9-character decimal

'amount'=>$amount

Credit card number

String

20-character numeric

'pan'=>$pan

Expiry date

String

4-character numeric
YYMM format

'expdate'=>$expiry_date

E-Commerce indicator

String

1-character alpha-

'crypt_type'=>$crypt

Page 339 of 477

July 2018

11 Convenience Fee

Value

Type

Limits

Set Method

numeric
Cardholder Authentication Verification Value
(CAVV)

String

50-character alphanumeric

Convenience fee
amount

String

9-character decimal

cavv=>$cavv

$convFeeTemplate = array
(convenience_fee=>$convfee_
amount);

Table 2: Convenience Fee Purchase with VbV, MCSC, SafeKey - Optional Values
Value

Type

Limits

Set Method

Status Check

Boolean

true/false

$mpgHttpPost =new
mpgHttpsPostStatus($store_
id,$api_
token,$status,$mpgRequest);

Customer ID

String

50-character alphanumeric

'cust_id'=>$cust_id

Dynamic descriptor

String

20-character alphanumeric

'dynamic_
descriptor'=>$dynamic_
descriptor

E-commerce indicator

String

1-character numeric

'crypt_type'=>$crypt

Customer Information

Object

N/A

$mpgTxn->setCustInfo
($mpgCustInfo);

AVS Information

Object

N/A

$mpgTxn->setAvsInfo
($mpgAvsInfo);

CVD Information

Object

N/A

$mpgTxn->setCvdInfo
($mpgCvdInfo);

Sample Purchase with VbV/MCSC/SafeKey
$type,
order_id=>$order_id,
cust_id=>$cust_id,
amount=>$amount,
pan=>$pan,
expdate=>$expiry_date,
cavv=>$cavv,
commcard_invoice=>$commcard_invoice,
commcard_tax_amount=>$commcard_tax_amount,
crypt_type=>$crypt_type, //mandatory for AMEX only
dynamic_descriptor=>'test'
);
/********************** ConvFee Associative Array *************************/
$convFeeTemplate = array(
convenience_fee=>'1.00'
);
/************************** ConvFee Object ********************************/
$mpgConvFee = new mpgConvFeeInfo($convFeeTemplate);
/****************************** Transaction Object *******************************/
$mpgTxn = new mpgTransaction($txnArray);
/************************ Set ConvFee *****************************/
$mpgTxn->setConvFeeInfo($mpgConvFee);
/******************************* Request Object **********************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"CA" for sending transaction to Canadian environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/****************************** HTTPS Post Object *******************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
//Status check example
//$mpgHttpPost = new mpgHttpsPostStatus($store_id,$api_token,$status,$mpgRequest);
/************************************* Response *********************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());

Page 341 of 477

July 2018

11 Convenience Fee

Sample Purchase with VbV/MCSC/SafeKey
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
print("\nCardLevelResult = " . $mpgResponse->getCardLevelResult());
print("\nCavvResultCode = " . $mpgResponse->getCavvResultCode());
print("\nCfSuccess = " . $mpgResponse->getCfSuccess());
print("\nCfStatus = " . $mpgResponse->getCfStatus());
print("\nFeeAmount = " . $mpgResponse->getFeeAmount());
print("\nFeeRate = " . $mpgResponse->getFeeRate());
print("\nFeeType = " . $mpgResponse->getFeeType());
//print("\nStatusCode = " . $mpgResponse->getStatusCode());
//print("\nStatusMessage = " . $mpgResponse->getStatusMessage());
?>

July 2018

Page 342 of 477

12 Recurring Billing
l
l
l
l
l

12.1
12.2
12.3
12.4
12.5

About Recurring Billing
Purchase with Recurring Billing
Recurring Billing Update
Recurring Billing Response Fields and Codes
Credential on File and Recurring Billing

12.1 About Recurring Billing
Recurring Billing allows you to set up payments whereby Moneris automatically processes the transactions and bills customers on your behalf based on the billing cycle information you provide.
Recurring Billing series are created by sending the Recurring Billing object in these transactions:
l
l
l

Purchase
Purchase with Vault
Purchase with 3-D Secure (cavvPurchase)

You can modify a Recurring Billing series after it has been created by sending the Recurring Billing Update
administrative transaction.

NOTE: Alternatively, if you prefer to manage recurring series on your own merchant system, you can send the periodic payments as basic Purchase transactions with the e-commerce indicator (crypt_type) value = 2 and with the Credential on File info object
included.

12.2 Purchase with Recurring Billing
Recurring Billing Info Object Definition
$recurArray = array(
'recur_unit'=>$recurUnit, // (day | week | month)
'start_date'=>$startDate, //yyyy/mm/dd
'num_recurs'=>$numRecurs,
'start_now'=>$startNow,
'period' => $recurInterval,
'recur_amount'=> $recurAmount
);
$mpgRecur = new mpgRecur($recurArray);

July 2018

Page 343 of 477

Moneris Gateway API - Integration Guide

Transaction object set method
$mpgTxn->setRecur($mpgRecur);

Recurring Billing Info Object Request Fields
Variable and Field Name

Type and Limits

Number of Recurs

String

num_recurs

numeric, 1-99

Period

String

period

numeric, 1-999

Start Date

String

start_date

YYYY/MM/DD

Description
The number of times that the
transaction must recur
Number of recur units that
must pass between recurring
billings
Date of the first future recurring
billing transaction
This value must be a date in the
future
If an additional charge is to be
made immediately, the value of
Start Now must be set to true

Start Now

String

start_now

true/false

If a single charge is to be made
against the card immediately,
set this value to true; the
amount to be billed immediately may differ from the
amount billed on a regular
basis thereafter
If the billing is to start in the
future, set this value to false
When set to false, use Card Verification prior to sending the
Purchase with Recur and Credential on File objects

Recurring Amount

String

recur_amount

9-character decimal; Up to 6
digits (dollars) + decimal point
+ 2 digits (cents) after the
decimal point

Page 344 of 477

Amount of the recurring transaction
This is the amount that will be
billed on the Start Date and
then billed repeatedly based on
the interval defined by Period
and Recur Unit

July 2018

12 Recurring Billing

Variable and Field Name

Type and Limits

Description

EXAMPLE:
123456.78
Recur Unit

String

recur_unit

day, week, month or eom

Unit to be used as a basis for
the interval
Works in conjunction with
Period to define the billing frequency
Possible values are:
day
week
month
eom (end of month)

Sample Purchase with Recurring Billing
$recurUnit, // (day | week | month)
'start_date'=>$startDate, //yyyy/mm/dd
'num_recurs'=>$numRecurs,
'start_now'=>$startNow,
'period' => $recurInterval,
'recur_amount'=> $recurAmount
);
$mpgRecur = new mpgRecur($recurArray);
/*********************** Transactional Associative Array **********************/

July 2018

Page 345 of 477

Moneris Gateway API - Integration Guide

Sample Purchase with Recurring Billing
$txnArray=array('type'=>'purchase',
'order_id'=>$orderId,
'cust_id'=>$custId,
'amount'=>$nowAmount,
'pan'=>$creditCard,
'expdate'=>$expiryDate,
'crypt_type'=>$cryptType
);
/**************************** Transaction Object *****************************/
$mpgTxn = new mpgTransaction($txnArray);
/****************************** Recur Object *********************************/
$mpgTxn->setRecur($mpgRecur);
/******************* Credential on File **********************************/
$cof = new CofInfo();
$cof->setPaymentIndicator("R");
$cof->setPaymentInformation("2");
$cof->setIssuerId("168451306048014");
$mpgTxn->setCofInfo($cof);
/****************************** Request Object *******************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/***************************** HTTPS Post Object *****************************/
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/******************************* Response ************************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print ("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nIsVisaDebit = " . $mpgResponse->getIsVisaDebit());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
print("\nRecurSuccess = " . $mpgResponse->getRecurSuccess());
print("\nIssuerId = " . $mpgResponse->getIssuerId());
?>

12.3 Recurring Billing Update
After you have set up a Recurring Billing transaction series, you can change some of the details of the
series as long as it has not yet completed the preset recurring duration (i.e., it hasn’t terminated yet).
Before sending a Recurring Billing Update transaction that updates the credit card number, you must
send a Card Verification request. This requirement does not apply if you are only updating the schedule
or amount.

Page 346 of 477

July 2018

12 Recurring Billing

Things to Consider:
l

When completing the update recurring billing portion please keep in mind that the
recur bill dates cannot be changed to have an end date greater than 10 years from
today and cannot be changed to have an end date end today or earlier.

Recurring Billing Update transaction object definition
$txnArray=array('type'=>'recur_update',... );

HttpsPostRequest object for Recurring Billing Update transaction
$mpgTxn = new mpgTransaction($txnArray);
$mpgRequest = new mpgRequest($mpgTxn);

Recurring Billing Update transaction values
Table 1: Recurring Billing Update – Basic Required Fields
Variable and Field Name

Type and Limits

Order ID

String

order_id

50-character alphanumeric

Set Method
'cust_id'=>$cust_id

Table 2: Recurring Billing Update – Basic Optional Fields
Variable and Field Name

Type and Limits

Customer ID

String

cust_id

50-character alphanumeric

Credit card number

String

pan

20-character alphanumeric

Expiry date

String

expdate

YYMM

July 2018

Set Method
'cust_id'=>$cust_id

'pan'=>$pan

'expdate'=>$expiry_date

Page 347 of 477

Moneris Gateway API - Integration Guide
Table 3: Recurring Billing Update – Recurring Billing Required Fields
Variable and Field
Name

Type and Limits

Recurring amount

String

recur_amount

9-character decimal;
Up to 6 digits
(dollars) + decimal
point + 2 digits (cents)
after the decimal point

Set Method

Description

'recur_
amount'=>$recur_
amount

Changes the amount that is
billed recurrently

'add_num_recurs'
=> $add_num

Adds to the given number
of recurring transactions to
the current (remaining)
number

The change takes effect on
the next charge

EXAMPLE:
123456.78
Add number of recurs

String

add_num

numeric, 1-999

This can be used if a customer decides to extend a
membership or subscription
Cannot be used to decrease
the current number of recurring transactions; use
Change number of recurs
instead

numeric, 1-999

'total_num_
recurs' =>
$total_num

Replaces the current
(remaining) number of
recurring transactions

Hold recurring billing

String

'hold' => $hold

Temporarily pauses recurring billing

hold

true/false

Terminate recurring
transaction

String

Change number of
recurs

String

total_num

terminate

Page 348 of 477

true/false

While a transaction is on
hold, it is not billed for the
recurring amount; however,
the number of remaining
recurs continues to be
decremented during that
time

'terminate' =>
$terminate

Terminates recurring billing
NOTE: After it has

July 2018

12 Recurring Billing

Variable and Field
Name

Type and Limits

Set Method

Description

been terminated, a
recurring transaction
cannot be reactivated;
a new purchase transaction with recurring
billing must be submitted.

Sample Recurring Billing Update
$type,
'order_id'=>$order_id,
'cust_id'=>$cust_id,
'recur_amount'=>$recur_amount,
'pan'=>$pan,
'expdate'=>$expiry_date,
'add_num_recurs' => $add_num,
'total_num_recurs' => $total_num,
'hold' => $hold,
'terminate' => $terminate
);
/******************* Credential on File **********************************/
$cof = new CofInfo();
$cof->setIssuerId("168451306048014");
/**************************** Transaction Object *****************************/
$mpgTxn = new mpgTransaction($txnArray);
$mpgTxn->setCofInfo($cof);
/****************************** Request Object *******************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/***************************** HTTPS Post Object *****************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/******************************* Response ************************************/

July 2018

Page 349 of 477

Moneris Gateway API - Integration Guide

Sample Recurring Billing Update
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
print("\nRecurUpdateSuccess = " . $mpgResponse->getRecurUpdateSuccess());
print("\nNextRecurDate = " . $mpgResponse->getNextRecurDate());
print("\nRecurEndDate = " . $mpgResponse->getRecurEndDate());
?>

12.4 Recurring Billing Response Fields and Codes
Table 97 outlines the response fields that are part of recurring billing. Some are available when you set up
recurring billing (such as with a Purchase transaction), and some are available when you update an existing transaction with the Recurring Billing transaction.

Receipt object definition
$mpgResponse=$mpgHttpPost->getMpgResponse();

Table 97: Recurring Billing response fields
Value

Type

Limits

Get method
Description

Transaction object with Recurring Billing response fields
Response code String 3-character numeric

$mpgResponse->getResponseCode()

See Table 98: for a description of possible response codes.
Recur success

$mpgResponse->getRecurSuccess()

String TBD

Indicates whether the transaction successfully registered
Recur update object response fields
Recur update
success

String true/false

$mpgResponse->getRecurUpdateSuccess
()

Indicates whether the transaction successfully updated.
Next recur
date

String yyyy-mm-dd format

$mpgResponse->getNextRecurDate()

Indicates when the transaction will be billed again.

Recur end date String yyyy-mm-dd format

$mpgResponse->getRecurEndDate()

Indicates when the Recurring Billing Transaction will end.

Page 350 of 477

July 2018

12 Recurring Billing
The Recur Update response is a 3-digit numeric value. The following is a list of all possible responses after
a Recur Update transaction has been sent.
Table 98: Recur update response codes
Request Value

Definition

001

Recurring transaction successfully updated (optional: terminated)

983

Cannot find the previous transaction

984

Data error: (optional: field name)

985

Invalid number of recurs

986

Incomplete: timed out

null

Error: Malformed XML

12.5 Credential on File and Recurring Billing
NOTE: The value of the payment indicator field must be R when sending Recurring Billing
transactions.

For Recurring Billing transactions which are set to start immediately:
l

Send a Purchase transaction request with both the Recurring Billing and Credential on File info
objects.

For Recurring Billing transactions which are set to start on a future date:
1. Send Card Verification transaction request including the Credential on File info object to get the
Issuer ID
2. Send Purchase transaction request with the Recur and Credential on File info objects included
For updating a Recurring Billing series where you are updating the cardholder credentials (does not apply
if you are only modifying the schedule or amount in a recurring series):
1. Send Card Verification request including the Credential on File info object to get the Issuer ID
2. Send a Recurring Billing Update transaction
For more information about the Recurring Billing object, see Definition of Request Fields – Recurring.

July 2018

Page 351 of 477

13 Customer Information
l
l

13.1 Using the Customer Information Object
13.2 Customer Information Sample Code

An optional add-on to a number of transactions the Customer Information object. The Customer Information object offers a number of fields to be submitted as part of the financial transaction, and stored by
Moneris. These details may be viewed in the future in the Merchant Resource Center.
The following transactions support the Customer Information object :
l
l
l

Purchase (Basic, Interac Debit and Vault)
Pre-Authorization (Basic and Vault)
Re-Authorization (Basic)

The Customer Information object holds three types of information:
l
l
l

Miscellaneous customer information properties
Billing/Shipping information
Item information

Things to Consider:
l

l
l
l

If you send characters that are not included in the allowed list, these extra transaction
details may not be stored.
All fields are alphanumeric and allow the following characters: a-z A-Z 0-9 _ - : . @ $ = /
All French accents should be encoded as HTML entities, such as é.
The data sent in Billing and Shipping Address fields will not be used for any address verification.

13.1 Using the Customer Information Object
l
l
l

13.1.1 CustInfo Object – Miscellaneous Properties
13.1.2 CustInfo Object – Billing and Shipping Information
13.1.3 CustInfo Object – Item Information

In addition to instantiating a transaction object and a connection object (as you would for a normal transaction), you must instantiate a CustInfo object.
Any transaction that supports CustInfo has a setCustInfo method. This is used to write the customer
information to the transaction object before writing the transaction object to the connection object.

CustInfo object definition
$mpgCustInfo = new mpgCustInfo();

July 2018

Page 353 of 477

Moneris Gateway API - Integration Guide

Transaction object set method
$mpgTxn->setCustInfo($mpgCustInfo);

13.1.1 CustInfo Object – Miscellaneous Properties
While most of the customer information data is organized into objects, there are some values that are
properties of the CustInfo object itself. They are explained in the table below.
Table 99: CustInfo object miscellaneous properties
Value
Email
Address

Type

Limits

Set method

String 60-character alphanumeric

Instructions String 100-character alphanumeric

$mpgCustInfo->setEmail($email);
$mpgCustInfo->setInstructions($note);

13.1.2 CustInfo Object – Billing and Shipping Information
Billing and shipping information is stored as part of the CustInfo object. They can be written to the object
in one of two ways:
l
l

Using set methods
Using hash tables

Whichever method you use, you will be writing the information found in the table below for both the
billing information and the shipping information.
All values are alphanumeric strings. Their maximum lengths are given in the Limit column.

Table 100: Billing and shipping information values
Value

Limit

Hash table key

First name

30

"first_name"

Last name

30

"last_name"

Company name

50

"company_name"

Address

70

"address"

City

30

"city"

Province/State

30

"province"

Postal/Zip code

30

"postal_code"

Country

30

"country"

Page 354 of 477

July 2018

13 Customer Information
Table 100: Billing and shipping information values (continued)
Value

Limit

Hash table key

Phone number (voice)

30

"phone"

Fax number

30

"fax"

Federal tax

10

"tax1"

Provincial/State tax

10

"tax2"

County/Local/Specialty tax

10

"tax3"

Shipping cost

10

"shipping_cost"

13.1.2.1 Set Methods for Billing and Shipping Info
The billing information and the shipping information for a given CustInfo object are written by using the
$mpgCustInfo->setBilling($billing); and $mpgCustInfo->setShipping($shipping);
methods respectively:
$billing = array(
'first_name' => $first_name,
'last_name' => $last_name,
'company_name' => $company_name,
'address' => $address,
'city' => $city,
'province' => $province,
'postal_code' => $postal_code,
'country' => $country,
'phone_number' => $phone_number,
'fax' => $fax,
'tax1' => $tax1,
'tax2' => $tax2,
'tax3' => $tax3,
'shipping_cost' => $shipping_cost
);
$mpgCustInfo->setBilling($billing);
$shipping = array(
'first_name' => $first_name,

July 2018

Page 355 of 477

Moneris Gateway API - Integration Guide
'last_name' => $last_name,
'company_name' => $company_name,
'address' => $address,
'city' => $city,
'province' => $province,
'postal_code' => $postal_code,
'country' => $country,
'phone_number' => $phone_number,
'fax' => $fax,
'tax1' => $tax1,
'tax2' => $tax2,
'tax3' => $tax3,
'shipping_cost' => $shipping_cost
);
$mpgCustInfo->setShipping($shipping);

Both of these methods have the same set of mandatory arguments. They are described in the Billing and
shipping information values table in 13.1.2.1 Set Methods for Billing and Shipping Info.
For sample code, see 13.2 Customer Information Sample Code.

13.1.2.2 Using Hash Tables for Billing and Shipping Info
Writing billing or shipping information using hash tables is done as follows:
1. Instantiate a CustInfo object.
2. Instantiate a hash table object. (The sample code uses a different hash table for billing and shipping for clarity purposes. However, the skillful developer can re-use the same one.)
3. Build the hash table using put methods with the hash table keys found in the Billing and shipping
information values table in 13.1.2 CustInfo Object – Billing and Shipping Information.
4. Call the CustInfo object's setBilling/setShipping method to pass the hash table information to
the CustInfo object
5. Call the transaction object's setCustInfo method to write the CustInfo object (with the billing/shipping information to the transaction object.
For sample code, see 13.2 Customer Information Sample Code.

13.1.3 CustInfo Object – Item Information
The CustInfo object can hold information about multiple items. For each item, the values in the table
below can be written.
All values are strings, but note the guidelines in the Limits column.

Page 356 of 477

July 2018

13 Customer Information
Table 101: Item information values
Value

Limits

Hash table key

Item name

45-character alphanumeric

"name"

Item quantity

5-character numeric

"quantity"

Item product code 20-character alphanumeric

"product_code"

Item extended
amount

"extended_
amount"

9-character decimal with at least 3 digits and 2 penny values.
0.01-999999.99

One way of representing multiple items is with four arrays. This is the method used in the sample code.
However, there are two ways to write the item information to the CustInfo object:
l
l

Set methods
Hash tables

13.1.3.1 Set Methods for Item Information
All the item information found in the Item information values table in 13.1.3 CustInfo Object – Item
Information is written to the CustInfo object in one instruction for a given item. Such as:
customer.setItem(item_description, item_quantity, item_product_code, item_
extended_amount);

For sample code (showing how to use arrays to write information about two items), see 13.2 Customer
Information Sample Code.

13.1.3.2 Using Hash Tables for Item Information
Writing item information using hash tables is done as follows:
1. Instantiate a CustInfo object.
2. Instantiate a hash table object. (The sample code uses a different hash table for each item for clarity purposes. However, the skillful developer can re-use the same one.)
3. Build the hash table using put methods with the hash table keys in the Item information values
table in 13.1.3 CustInfo Object – Item Information.
4. Call the CustInfo object's setItem method to pass the hash table information to the CustInfo
object
5. Call the transaction object's setCustInfo method to write the CustInfo object (with the item
information to the transaction object.
For sample code that shows how to use arrays to write information about two items, see 13.2 Customer
Information Sample Code.

13.2 Customer Information Sample Code
Below is an example of a Basic Purchase with Customer Information transaction.

July 2018

Page 357 of 477

Moneris Gateway API - Integration Guide
Note that the two items ordered are represented by four arrays, and the billing and shipping details are
the same.

Sample Purchase with Customer Information
## Example php -q TestPurchase-CustInfo.php
require "../../mpgClasses.php";
/************************ Request Variables ***************************/
$store_id='store5';
$api_token='yesguy';
/********************* Transactional Variables ************************/
$type='purchase';
$order_id='ord-'.date("dmy-G:i:s");
$cust_id='my cust id';
$amount='1.00';
$pan='4242424242424242';
$expiry_date='0812'; //December 2008
$crypt='7';
/******************* Customer Information Variables ********************/
$first_name = 'Cedric';
$last_name = 'Benson';
$company_name = 'Chicago Bears';
$address = '334 Michigan Ave';
$city = 'Chicago';
$province = 'Illinois';
$postal_code = 'M1M1M1';
$country = 'United States';
$phone_number = '453-989-9876';
$fax = '453-989-9877';
$tax1 = '1.01';
$tax2 = '1.02';
$tax3 = '1.03';
$shipping_cost = '9.95';
$email ='Joe@widgets.com';
$instructions ="Make it fast";
/*********************** Line Item Variables **************************/
$item_name[0] = 'Guy Lafleur Retro Jersey';
$item_quantity[0] = '1';
$item_product_code[0] = 'JRSCDA344';
$item_extended_amount[0] = '129.99';
$item_name[1] = 'Patrick Roy Signed Koho Stick';
$item_quantity[1] = '1';
$item_product_code[1] = 'JPREEA344';
$item_extended_amount[1] = '59.99';
/******************** Customer Information Object *********************/
$mpgCustInfo = new mpgCustInfo();
/********************** Set Customer Information **********************/
$billing = array(
'first_name' => $first_name,
'last_name' => $last_name,
'company_name' => $company_name,
'address' => $address,
'city' => $city,
'province' => $province,
'postal_code' => $postal_code,
'country' => $country,
'phone_number' => $phone_number,

Page 358 of 477

July 2018

13 Customer Information

Sample Purchase with Customer Information
'fax' => $fax,
'tax1' => $tax1,
'tax2' => $tax2,
'tax3' => $tax3,
'shipping_cost' => $shipping_cost
);
$mpgCustInfo->setBilling($billing);
$shipping = array(
'first_name' => $first_name,
'last_name' => $last_name,
'company_name' => $company_name,
'address' => $address,
'city' => $city,
'province' => $province,
'postal_code' => $postal_code,
'country' => $country,
'phone_number' => $phone_number,
'fax' => $fax,
'tax1' => $tax1,
'tax2' => $tax2,
'tax3' => $tax3,
'shipping_cost' => $shipping_cost
);
$mpgCustInfo->setShipping($shipping);
$mpgCustInfo->setEmail($email);
$mpgCustInfo->setInstructions($instructions);
/*********************** Set Line Item Information *********************/
$item[0] = array(
'name'=>$item_name[0],
'quantity'=>$item_quantity[0],
'product_code'=>$item_product_code[0],
'extended_amount'=>$item_extended_amount[0]
);
$item[1] = array(
'name'=>$item_name[1],
'quantity'=>$item_quantity[1],
'product_code'=>$item_product_code[1],
'extended_amount'=>$item_extended_amount[1]
);
$mpgCustInfo->setItems($item[0]);
$mpgCustInfo->setItems($item[1]);
/***************** Transactional Associative Array ********************/
$txnArray=array(
'type'=>$type,
'order_id'=>$order_id,
'cust_id'=>$cust_id,
'amount'=>$amount,
'pan'=>$pan,
'expdate'=>$expiry_date,
'crypt_type'=>$crypt
);
/********************** Transaction Object ****************************/
$mpgTxn = new mpgTransaction($txnArray);
/******************** Set Customer Information ************************/
$mpgTxn->setCustInfo($mpgCustInfo);
/************************* Request Object *****************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions

July 2018

Page 359 of 477

Moneris Gateway API - Integration Guide

Sample Purchase with Customer Information
/************************ HTTPS Post Object ***************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/*************************** Response *********************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nIsVisaDebit = " . $mpgResponse->getIsVisaDebit());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
?>

Page 360 of 477

July 2018

14 Status Check
l
l
l

14.1 About Status Check
14.2 Using Status Check Response Fields
14.3 Sample Purchase with Status Check

14.1 About Status Check
Status Check is a connection object value that allows merchants to verify whether a previously sent transaction was processed successfully.
To submit a Status Check request, resend the original transaction with all the same parameter values,
but set the status check value to either true or false.
Once set to “true”, the gateway will check the status of a transaction that has an order_id that matches
the one passed.
l
l

If the transaction is found, the gateway will respond with the specifics of that transaction.
If the transaction is not found, the gateway will respond with a not found message.

Once it is set to “false”, the transaction will process as a new transaction.
For example, if you send a Purchase transaction with Status Check, include the same values as the original Purchase such as the order ID and the amount.
The feature must be enabled in your merchant profile. To have it enabled, contact Moneris.
Things to Consider:
l

l

l

The Status Check request should only be used once and immediately (within 2 minutes)
after the last transaction that had failed.
The Status Check request should not be used to check openTotals & batchClose
requests.
Do not resend the Status Check request if it has timed out. Additional investigation is
required.

14.2 Using Status Check Response Fields
After you have used the connection object to send a Status Check request, you can use the Receipt
object to obtain the information you want regarding the success of the original transaction.
The status response fields related to the status check are Status Code and Status Message.
Possible Status Code response values:
l
l

0-49: successful transaction
50-999: unsuccessful transaction.

July 2018

Page 361 of 477

Moneris Gateway API - Integration Guide
Possible Status Message response values:
l
l

Found: Status code is 0-49
Not found or Null: Status code is 50-999)

If the Status Message is Found, all other response fields are the same as those from the original transaction.
If the Status Message is Not found, all other response fields will be Null.

14.3 Sample Purchase with Status Check
Sample Purchase transaction with Status Check
'purchase',
'order_id'=>'order',
'cust_id'=>'cust',
'amount'=>'1.00',
'pan'=>'4242424242424242',
'expdate'=>'2202',
'crypt_type'=>'1',
'dynamic_descriptor'=>''
);
$mpgTxn = new mpgTransaction($txnArray);
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA");
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
$mpgHttpPost =new mpgHttpsPostStatus($store_id,$api_token,$status_check,$mpgRequest);
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nStatusCode = " . $mpgResponse->getStatusCode());
print("\nStatusMessage = " . $mpgResponse->getStatusMessage());
?>

Page 362 of 477

July 2018

15 Visa Checkout
l
l
l
l
l
l
l
l
l
l

15.1 About Visa Checkout
15.2 Transaction Types - Visa Checkout
15.3 Integrating Visa Checkout Lightbox
15.4 Transaction Flow for Visa Checkout
15.5 Visa Checkout Purchase
15.6 Visa Checkout Pre-Authorization
15.7 Visa Checkout Completion
15.8 Visa Checkout Purchase Correction
15.9 Visa Checkout Refund
15.10 Visa Checkout Information

15.1 About Visa Checkout
Visa Checkout is a digital wallet service offered to customers using credit cards. Visa Checkout functionality can be integrated into the Moneris Gateway via the API.

15.2 Transaction Types - Visa Checkout
Below is a list of transactions supported by the Visa Checkout API, other terms used for the transaction
type are indicated in brackets.
VdotMePurchase (sale)
Call to Moneris to obtain funds on the Visa Checkout callId and ready them for deposit
into the merchant’s account. It also updates the customer’s Visa Checkout transaction history.
VdotMePreAuth (authorisation / pre-authorization)
Call to Moneris to verify funds on the Visa Checkout callid and reserve those funds for
your merchant account. The funds are locked for a specified amount of time, based on the
card issuer. To retrieve the funds from this call so that they may be settled in the merchant’s
account, a VdotMeCompletion must be performed. It also updates the customer’s Visa
Checkout transaction history.
VdotMeCompletion (Completion / Capture)
Call to Moneris to obtain funds reserved by VdotMePreAuth call. This transaction call
retrieves the locked funds and readies them for settlement into the merchant’s account. This
call must be made typically within 72 hours of performing VdotMePreAuth. It also updates
the customer’s Visa Checkout transaction history.
VdotMePurchaseCorrection (Void / Purchase Correction)
Call to Moneris to void the VdotMePurchases and VdotMeCompletions the same day* that
they occurred on. It also updates the customer’s Visa Checkout transaction history.
VdotMeRefund (Credit)
Call to Moneris to refund against a VdotMePurchase or VdotMeCompletion to refund
any part, or all of the transaction. It also updates the customer’s Visa Checkout transaction
history.

July 2018

Page 363 of 477

Moneris Gateway API - Integration Guide
VdotMeInfo (Credit)
Call to Moneris to obtain cardholder details such as, name on card, partial card number,
expiry date, shipping and billing information.

15.3 Integrating Visa Checkout Lightbox
1. Using the API Key you obtained when you configured your Visa Checkout store, create Visa Checkout Lightbox integration with JavaScript by following the Visa documentation, which is available
on Visa Developer portal:
Visa Checkout General Information (JavaScript SDK download)
https://developer.visa.com/products/visa_checkout
Getting Started With Visa checkout
https://developer.visa.com/products/visa_checkout/guides#getting_started
Adding Visa Checkout to Your Web Page
https://developer.visa.com/products/visa_checkout/guides#adding_to_page
Submitting the Consumer Payment Request
https://developer.visa.com/products/visa_checkout/guides#submitting_csr
2. If you get a payment success event from the resulting Visa Lightbox JavaScript, you will have to
parse and obtain the callid from their JSON response. The additional information is obtained
using VdotMeInfo.
Once you have obtained the callid from Visa Lightbox, you can make appropriate Visa Checkout VdotMe
transaction call to Moneris to process your transaction and obtain your funds.

NOTE: During Visa Checkout testing in our QA test environment, please use the API key
that you generated in the Visa Checkout configuration for the V.Init call in your
JavaScript.

Page 364 of 477

July 2018

15 Visa Checkout

15.4 Transaction Flow for Visa Checkout

July 2018

Page 365 of 477

Moneris Gateway API - Integration Guide

15.5 Visa Checkout Purchase
VdotMePurchase transaction object definition
$txnArray = array(‘type’=>’vdotme_purchase', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest for VdotMePurchase transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

VdotMePurchase transaction object values
Table 1: VdotMePurchase transaction object mandatory values
Value

Type

Limits

Set Method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Call ID

String

20-character numeric

'callid'=>$callid

Amount

String

9-character decimal

'amount'=>$amount

E-commerce indicator

String

1-character alphanumeric

'crypt_type'=>$crypt

Table 2: VdotMePurchase transaction object optional values
Value

Type

Limits

Set Method

Dynamic
descriptor

String

20-character 'dynamic_descriptor'=>$dynamic_
alphanumeric descriptor

Status
check

Boolean

true/false

$mpgHttpPost =new
mpgHttpsPostStatus($store_id,$api_
token,$status,$mpgRequest);

Sample VdotMePurchase
$type,
'order_id'=>$order_id,
'amount'=>$amount,
'callid'=>$callid,
'crypt_type'=>$crypt,
'cust_id'=>$cust_id,
'dynamic_descriptor'=>$dynamic_descriptor
);
/**************************** Transaction Object *****************************/
$mpgTxn = new mpgTransaction($txnArray);
/****************************** Request Object *******************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/***************************** HTTPS Post Object *****************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/******************************* Response ************************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nIsVisaDebit = " . $mpgResponse->getIsVisaDebit());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
?>

15.6 Visa Checkout Pre-Authorization
VdotMePreAuth is virtually identical to the VdotMePurchase with the exception of the transaction

type name.
If the order could not be completed for some reason, such as an order is cancelled, made in error or not
fulfillable, the VdotMePreAuth transaction must be reversed within 72 hours.
To reverse an authorization, perform a VdotMeCompletion transaction for $0.00 (zero dollars).

VdotMePreAuth transaction object definition
$txnArray = array(‘type’=>’vdotme_preauth', …);

July 2018

Page 367 of 477

Moneris Gateway API - Integration Guide
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for VdotMePreAuth transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

VdotMePreAuth transaction object values
Table 1: VdotMePreAuth transaction object mandatory values
Value

Type

Limits

Set Method

Amount

String

9-character decimal

'amount'=>$amount

Call ID

String

20-character numeric

'callid'=>$callid

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

E-commerce indicator

String

1-character alphanumeric

'crypt_type'=>$crypt

Table 2: VdotMePreAuth transaction object optional values
Value

Type

Limits

Set Method

Customer ID

String

50-character alphanumeric

'cust_id'=>$cust_id

Dynamic descriptor

String

20-character alphanumeric

'dynamic_
descriptor'=>$dynamic_
descriptor

Sample VdotMePreAuth
$type,
'order_id'=>$order_id,
'amount'=>$amount,
'callid'=>$callid,
'crypt_type'=>$crypt,
'cust_id'=>$cust_id,
'dynamic_descriptor'=>$dynamic_descriptor
);
/**************************** Transaction Object *****************************/
$mpgTxn = new mpgTransaction($txnArray);
/****************************** Request Object *******************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/***************************** HTTPS Post Object *****************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/******************************* Response ************************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nIsVisaDebit = " . $mpgResponse->getIsVisaDebit());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
?>

15.7 Visa Checkout Completion
The VdotMeCompletion transaction is used to secure the funds locked by a VdotMePreAuth transaction.
You may also perform this transaction at $0.00 (zero dollars) to reverse a VdotMePreauth transaction
that you are unable to fulfill.

VdotMeCompletion transaction object definition
$txnArray = array(‘type’=>’vdotme_completion', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for VdotMeCompletion transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

July 2018

Page 369 of 477

Moneris Gateway API - Integration Guide

VdotMeCompletion transaction object values
Table 1: VdotMeCompletion transaction object mandatory values
Value

Type

Limits

Set Method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Transaction number

String

255-character alphanumeric

'txn_number'=>$txn_number

Completion amount

String

9-character decimal

'comp_amount'=>$comp_amount

E-commerce indicator

String

1-character alphanumeric

'crypt_type'=>$crypt

Table 2: VdotMeCompletion transaction object optional values
Value

Type

Limits

Set Method

Customer ID

String

50-character alphanumeric

'cust_id'=>$cust_id

Dynamic descriptor

String

20-character alphanumeric

'dynamic_
descriptor'=>$dynamic_
descriptor

Sample VdotMeCompletion
$type,
'order_id'=>$order_id,
'comp_amount'=>$comp_amount,
'txn_number'=>$txn_number,
'crypt_type'=>$crypt,
'cust_id'=>$cust_id,

Page 370 of 477

July 2018

15 Visa Checkout

Sample VdotMeCompletion
'dynamic_descriptor'=>$dynamic_descriptor
);
/**************************** Transaction Object *****************************/
$mpgTxn = new mpgTransaction($txnArray);
/****************************** Request Object *******************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/***************************** HTTPS Post Object *****************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/******************************* Response ************************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nIsVisaDebit = " . $mpgResponse->getIsVisaDebit());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
?>

15.8 Visa Checkout Purchase Correction
VdotMePurchaseCorrection is used to cancel a VdotMeCompletion or VdotMePurchase trans-

action that was performed in the current batch. No other transaction types can be corrected using this
method.
No amount is required because it is always for 100% of the original transaction.

VdotMePurchaseCorrection transaction object definition
$txnArray = array(‘type’=>’vdotme_purchasecorrection', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for VdotMePurchaseCorrection transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

July 2018

Page 371 of 477

Moneris Gateway API - Integration Guide

VdotMePurchaseCorrection transaction object values
Table 1: VdotMePurchaseCorrection transaction object mandatory values
Value

Type

Limits

Set Method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Transaction number

String

255-character alphanumeric

'txn_number'=>$txn_number

Table 2: VdotMePurchaseCorrection transaction object optional values
Value

Type

Limits

Set Method

Customer ID

String

50-character alphanumeric

'cust_id'=>$cust_id

Status check

Boolean

true/false

$mpgHttpPost =new
mpgHttpsPostStatus($store_
id,$api_
token,$status,$mpgRequest);

Sample VdotMePurchaseCorrection
$type,
'order_id'=>$order_id,
'txn_number'=>$txn_number,
'crypt_type'=>$crypt,
'cust_id'=>$cust_id,
);
/**************************** Transaction Object *****************************/
$mpgTxn = new mpgTransaction($txnArray);
/****************************** Request Object *******************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/***************************** HTTPS Post Object *****************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);

Page 372 of 477

July 2018

15 Visa Checkout

Sample VdotMePurchaseCorrection
/******************************* Response ************************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nIsVisaDebit = " . $mpgResponse->getIsVisaDebit());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
?>

15.9 Visa Checkout Refund
VdotMeRefund will credit a specified amount to the cardholder’s credit card and update their Visa Checkout transaction history. A refund can be sent up to the full value of the original VdotMeCompletion or
VdotMePurchase.

VdotMeRefund transaction object definition
$txnArray = array(‘type’=>’vdotme_refund', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for VdotMeRefund transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

VdotMeRefund transaction object values
Table 1: VdotMeRefund transaction object mandatory values
Value

Type

Limits

Set Method

Order ID

String

50-character alphanumeric

'order_id'=>$order_id

Amount

String

9-character decimal

'amount'=>$amount

Transaction number

String

255-character alphanumeric

'txn_number'=>$txn_number

July 2018

Page 373 of 477

Moneris Gateway API - Integration Guide

Value

Type

E-commerce indicator

String

Limits
1-character alphanumeric

Set Method
'crypt_type'=>$crypt

Table 2: VdotMeRefund transaction object optional values
Value

Type

Limits

Set Method

Customer ID

String

50-character alphanumeric

'cust_id'=>$cust_id

Dynamic descriptor

String

20-character alphanumeric

'dynamic_
descriptor'=>$dynamic_
descriptor

Status check

Boolean

true/false

$mpgHttpPost =new
mpgHttpsPostStatus($store_
id,$api_
token,$status,$mpgRequest);

Sample VdotMeRefund
$type,
'order_id'=>$order_id,
'txn_number'=>$txn_number,
'amount'=>$amount,
'crypt_type'=>$crypt,
'cust_id'=>$cust_id,
'dynamic_descriptor'=>$dynamic_descriptor
);
/**************************** Transaction Object *****************************/
$mpgTxn = new mpgTransaction($txnArray);
/****************************** Request Object *******************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions

Page 374 of 477

July 2018

15 Visa Checkout

Sample VdotMeRefund
/***************************** HTTPS Post Object *****************************/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/******************************* Response ************************************/
$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nIsVisaDebit = " . $mpgResponse->getIsVisaDebit());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
?>

15.10 Visa Checkout Information
VdotMeInfo will get customer information from their Visa Checkout wallet. The details returned are

dependent on what the customer has stored in Visa Checkout.

VdotMeInfo transaction object definition
$txnArray = array(‘type’=>’vdotme_getpaymentinfo', …);
$mpgTxn = new mpgTransaction($txnArray);

HttpsPostRequest object for VdotMeInfo transaction
$mpgRequest = new mpgRequest($mpgTxn);
$mpgHttpPost = new mpgHttpsPost($store_id,$api_token,$mpgRequest);

VdotMeInfo transaction object values
Table 1: VdotMeInfo transaction object mandatory values
Value
Call ID

Type
String

Limits
20-character numeric

Set Method
'callid'=>$callid

Sample VdotMeInfo
'vdotme_getpaymentinfo',
'callid'=>$callid
);
/**************************** Transaction Object *****************************/
$mpgTxn = new mpgTransaction($txnArray);
/****************************** Request Object *******************************/
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
$mpgRequest->setTestMode(true); //false or comment out this line for production transactions
/***************************** HTTPS Post Object *****************************/
/* Status Check Example
$mpgHttpPost =new mpgHttpsPostStatus($store_id,$api_token,$status_check,$mpgRequest);
*/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);
/******************************* Response ************************************/
$vdotmeinfo=$mpgHttpPost->getMpgResponse();
print("\nResponse Code: " . $vdotmeinfo->getResponseCode());
print("\nResponse Message: " . $vdotmeinfo->getMessage());
print("\nCurrency Code: " . $vdotmeinfo->getCurrencyCode());
print("\nPayment Totals: " . $vdotmeinfo->getPaymentTotal());
print("\nUser First Name: " . $vdotmeinfo->getUserFirstName());
print("\nUser Last Name: " . $vdotmeinfo->getUserLastName());
print("\nUsername: " . $vdotmeinfo->getUserName());
print("\nUser Email: " . $vdotmeinfo->getUserEmail());
print("\nEncrypted User ID: " . $vdotmeinfo->getEncUserId());
print("\nCreation Time Stamp: " . $vdotmeinfo->getCreationTimeStamp());
print("\nName on Card: " . $vdotmeinfo->getNameOnCard());
print("\nExpiration Month: " . $vdotmeinfo->getExpirationDateMonth());
print("\nExpiration Year: " . $vdotmeinfo->getExpirationDateYear());
print("\nLast 4 Digits: " . $vdotmeinfo->getLastFourDigits());
print("\nBin Number (6 Digits): " . $vdotmeinfo->getBinSixDigits());
print("\nCard Brand: " . $vdotmeinfo->getCardBrand());
print("\nCard Type: " . $vdotmeinfo->getVDotMeCardType());
print("\nBilling Person Name: " . $vdotmeinfo->getBillingPersonName());
print("\nBilling Address Line 1: " . $vdotmeinfo->getBillingAddressLine1());
print("\nBilling City: " . $vdotmeinfo->getBillingCity());
print("\nBilling State/Province Code: " . $vdotmeinfo->getBillingStateProvinceCode());
print("\nBilling Postal Code: " . $vdotmeinfo->getBillingPostalCode());
print("\nBilling Country Code: " . $vdotmeinfo->getBillingCountryCode());
print("\nBilling Phone: " . $vdotmeinfo->getBillingPhone());
print("\nBilling ID: " . $vdotmeinfo->getBillingId());
print("\nBilling Verification Status: " . $vdotmeinfo->getBillingVerificationStatus());
print("\nPartial Shipping Country Code: " . $vdotmeinfo->getPartialShippingCountryCode());
print("\nPartial Shipping Postal Code: " . $vdotmeinfo->getPartialShippingPostalCode());
print("\nShipping Person Name: " . $vdotmeinfo->getShippingPersonName());
print("\nShipping Address Line 1: " . $vdotmeinfo->getShippingAddressLine1());
print("\nShipping City: " . $vdotmeinfo->getShippingCity());
print("\nShipping State/Province Code: " . $vdotmeinfo->getShippingStateProvinceCode());
print("\nShipping Postal Code: " . $vdotmeinfo->getShippingPostalCode());
print("\nShipping Country Code: " . $vdotmeinfo->getShippingCountryCode());
print("\nShipping Phone: " . $vdotmeinfo->getShippingPhone());

Page 376 of 477

July 2018

15 Visa Checkout

Sample VdotMeInfo
print("\nShipping Default: " . $vdotmeinfo->getShippingDefault());
print("\nShipping ID: " . $vdotmeinfo->getShippingId());
print("\nShipping Verification Status: " . $vdotmeinfo->getShippingVerificationStatus());
print("\nisExpired: " . $vdotmeinfo->getIsExpired());
print("\nBase Image File Name: " . $vdotmeinfo->getBaseImageFileName());
print("\nHeight: " . $vdotmeinfo->getHeight());
print("\nWidth: " . $vdotmeinfo->getWidth());
print("\nIssuer Bid: " . $vdotmeinfo->getIssuerBid());
print("\nRisk Advice: " . $vdotmeinfo->getRiskAdvice());
print("\nRisk Score: " . $vdotmeinfo->getRiskScore());
print("\nAVS Response Code: " . $vdotmeinfo->getAvsResponseCode());
print("\nCVV Response Code: " . $vdotmeinfo->getCvvResponseCode());
?>

July 2018

Page 377 of 477

16 Testing a Solution
l
l
l
l
l
l
l
l
l
l

16.1 About the Merchant Resource Center
16.2 Logging In to the QA Merchant Resource Center
16.3 Test Credentials for Merchant Resource Center
16.4 Getting a Unique Test Store ID and API Token
16.5 Processing a Transaction
16.6 Testing INTERAC® Online Payment Solutions
16.7 Testing MPI Solutions
16.8 Testing Visa Checkout
16.9 Test Cards
16.10 Simulator Host

16.1 About the Merchant Resource Center
The Merchant Resource Center is the user interface for Moneris Gateway services. There is also a
QA version of the Merchant Resource Center site specifically allocated for you and other developers to
use to test your API integrations with the gateway.
You can access the Merchant Resource Center in the test environment at:
https://esqa.moneris.com/mpg (Canada)
The test environment is generally available 24/7, but 100% availability is not guaranteed. Also, please be
aware that other merchants are using the test environment in the Merchant Resource Center. Therefore,
you may see transactions and user IDs that you did not create. As a courtesy to others who are testing,
we ask that you use only the transactions/users that you created. This applies to processing Refund
transactions, changing passwords or trying other functions.

16.2 Logging In to the QA Merchant Resource Center
To log in to the QA Merchant Resource Center for testing purposes:
1. Go to the Merchant Resource Center QA website at https://esqa.moneris.com/mpg
2. Enter your username and password, which are the same email address and password you use to
log in to the Developer Portal
3. Enter your Store ID, which you obtained from the Developer Portal's My Testing Credentials as
described in Test Credentials for Merchant Resource Center (page 378)

16.3 Test Credentials for Merchant Resource Center
For testing purposes, you can either use the pre-existing test stores in the Merchant Resource Center, or
you can create your own unique test store where you will only see your own transactions. If you want to
use the pre-existing stores, use the test credentials provided in the following tables with the corresponding lines of code, as in the examples below.

July 2018

Page 378 of 477

Moneris Gateway API - Integration Guide

Example of Corresponding Code For Canada:
$store_id='monca00392';
$api_token='qYdISUhHiOdfTr1CLNpN';
$mpgRequest->setProcCountryCode("CA");
$mpgRequest->setTestMode(true);

Table 102: Test Server Credentials - Canada
store_id

api_token

Username

Password

Other Information

store1

yesguy

demouser

password

store2

yesguy

demouser

password

store3

yesguy

demouser

password

store4

yesguy

demouser

password

store5

yesguy

demouser

password

monca00392

yesguy

demouser

password

Use this store to
test Convenience
Fee transactions

moncaqagt1

mgtokenguy1

demouser

password

Use this store to
test Token Sharing

moncaqagt2

mgtokenguy2

demouser

password

Use this store to
test Token Sharing

moncaqagt3

mgtokenguy3

demouser

password

Use this store to
test Token Sharing

monca01428

mcmpguy

demouser

password

Use this store to
test MasterCard
MasterPass

Alternatively, you can create and use a unique test store where you will only see your own
transactions. For more on this, see Getting a Unique Test Store ID and API Token (page 380)

Page 379 of 477

July 2018

16 Testing a Solution

16.4 Getting a Unique Test Store ID and API Token
Transactions requests via the API will require you to have a Store ID and a corresponding API token.For
testing purposes, you can either use the pre-existing test stores in the Merchant Resource Center, or you
can create your own unique test store where you will only see your own transactions.
To get your unique Store ID and API token:
1. Log in to the Developer Portal at https://developer.moneris.com
2.
3.
4.
5.

In the My Profile dialog, click the Full Profile
button
Under My Testing Credentials, select Request Testing Credentials
Enter your Developer Portal password and select your country
Record the Store ID and API token that are given, as you will need them for logging in to the Merchant Resource Center (Store ID) and for API requests (API token).

Alternatively, you can use the pre-existing test stores already set up in the Merchant Resource Center as
described in Test Credentials for Merchant Resource Center (page 378).

July 2018

Page 380 of 477

16.5 Processing a Transaction
l
l
l

1.1 Overview
1.2 HttpsPostRequest Object
1.3 Receipt Object

16.5.1 Overview
There are some common steps for every transaction that is processed.
1. Instantiate the transaction object (e.g., Purchase), and update it with object definitions that
refer to the individual transaction.
2. Instantiate the HttpsPostRequest connection object and update it with connection information,
host information and the transaction object that you created in step 16.5
Section 16.5 (page 382) provides the HttpsPostRequest connection object definition. This object
and its variables apply to every transaction request.
3. Invoke the HttpsPostRequest object's send() method.
4. Instantiate the Receipt object, by invoking the HttpsPostRequest object's get Receipt method.
Use this object to retrieve the applicable response details.
Some transactions may require steps in addition to the ones listed here. Below is a sample Purchase
transaction with each major step outlined. For extensive code samples of other transaction types, refer
to the PHP API ZIP file.

NOTE: For illustrative purposes, the order in which lines of code appear below may differ
slightly from the same sample code presented elsewhere in this document.

$type,
'order_id'=>$order_id,
'cust_id'=>$cust_id,
'amount'=>$amount,
'pan'=>$pan,
'expdate'=>$expiry_date,
'crypt_type'=>$crypt,
'dynamic_descriptor'=>$dynamic_descriptor
);

Instantiate the transaction object and
assign values to properties.

$mpgTxn = new mpgTransaction($txnArray);
$mpgRequest = new mpgRequest($mpgTxn);
$mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to
US environment
$mpgRequest->setTestMode(true); //false or comment out this line for
production transactions
/* Status Check Example
$mpgHttpPost =new mpgHttpsPostStatus($store_id,$api_token,$status_
check,$mpgRequest);
*/
$mpgHttpPost =new mpgHttpsPost($store_id,$api_token,$mpgRequest);

$mpgResponse=$mpgHttpPost->getMpgResponse();
print("\nCardType = " . $mpgResponse->getCardType());
print("\nTransAmount = " . $mpgResponse->getTransAmount());
print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
print("\nReceiptId = " . $mpgResponse->getReceiptId());
print("\nTransType = " . $mpgResponse->getTransType());
print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
print("\nResponseCode = " . $mpgResponse->getResponseCode());
print("\nISO = " . $mpgResponse->getISO());
print("\nMessage = " . $mpgResponse->getMessage());
print("\nIsVisaDebit = " . $mpgResponse->getIsVisaDebit());
print("\nAuthCode = " . $mpgResponse->getAuthCode());
print("\nComplete = " . $mpgResponse->getComplete());
print("\nTransDate = " . $mpgResponse->getTransDate());
print("\nTransTime = " . $mpgResponse->getTransTime());
print("\nTicket = " . $mpgResponse->getTicket());
print("\nTimedOut = " . $mpgResponse->getTimedOut());
print("\nStatusCode = " . $mpgResponse->getStatusCode());
print("\nStatusMessage = " . $mpgResponse->getStatusMessage());
?>

Instantiate connection
object and assign values to properties,
including the transaction object you just
created.
Instantiate the Receipt
object and use its get
methods to retrieve
the desired response
data.

16.5.2 HttpsPostRequest Object
The transaction object that you instantiate becomes a property of this object when you call its set transaction method.

HttpsPostRequest Object Definition
HttpsPostRequest mpgReq = new HttpsPostRequest();

After instantiating the HttpsPostRequest object, update its mandatory and optional values as outlined in
the following values tables.

Page 383 of 477

July 2018

Table 103: HttpsPostRequest object mandatory values
Type

Set method

Limits

Value

Description
Processing
String
2-character alphabetic
country code
CA for Canada, US for USA.

$mpgRequest->setProcCountryCode
("CA");

Test mode

$mpgRequest->setTestMode(true);

Boolean

true/false

Set to true when in test mode. Set to false (or comment out entire line) when in production mode.
Store ID

String

10-character alphanumeric

$mpgHttpPost = new
mpgHttpsPostStatus($store_
id,$api_token,$status_
check,$mpgRequest);

Unique identifier provided by Moneris upon merchant account set up.
See 16.1 About the Merchant Resource Center for test environment details.
API Token

String

20-character alphanumeric

$mpgHttpPost = new
mpgHttpsPostStatus($store_
id,$api_token,$status_
check,$mpgRequest);

Unique alphanumeric string assigned upon merchant account activation. To locate your
production API token, refer to the Merchant Resource Center Admin Store Settings.
See 16.3 Test Credentials for Merchant Resource Center for test environment details.
Transaction

Object

$mpgRequest = new mpgRequest
($mpgTxn);

Not applicable

This argument is one of the numerous transaction types discussed in the rest of this
manual. (Such as Purchase, Refund and so on.) This object is instantiated in step 1
above.
Table 1: HttpsPostRequest object optional values
Type
Value

Set method

Limits

Description
Status
Check

Boolean true/false $mpgHttpPost = new mpgHttpsPostStatus($store_
id,$api_token,$status_check,$mpgRequest);

See Appendix A Definitions of Request Fields.
NOTE: while this value belongs to the HttpsPostRequest object, it is only supported by some transactions.
Check the individual transaction definition to find out whether Status Check can be used.

July 2018

Page 384 of 477

Moneris Gateway API - Integration Guide

16.5.3 Receipt Object
After you send a transaction using the HttpsPostRequest object's send method, you can instantiate a
receipt object.

Receipt Object Definition
$mpgResponse=$mpgHttpPost->getMpgResponse();

For an in-depth explanation of Receipt object methods and properties, see Appendix B Definitions of
Response Fields.

16.6 Testing INTERAC® Online Payment Solutions
Acxsys has two websites where merchants can post transactions for testing the fund guarantee porting
of INTERAC® Online Payment transactions. The test IDEBIT_MERCHNUM value is provided by Moneris
after registering in the test environment.
After registering, the following two links become accessible:
l
l

Merchant Test Tool
Certification Test Tool

Merchant Test Tool
https://merchant-test.interacidebit.ca/gateway/merchant_test_processor.do
This URL is used to simulate the transaction response process, to validate response variables, and to
properly integrate your checkout process.
When testing INTERAC® Online Payment transactions, you are forwarded to the INTERAC® Online Payment Merchant Testing Tool. A screen appears where certain fields need to be completed.
For an approved response, do not alter any of the fields except for the ones listed here.
IDEBIT_TRACK2
To form a track2 when testing with the Moneris Gateway, use one of these three numbers:
3728024906540591206=01121122334455000
5268051119993326=01121122334455000000
453781122255=011211223344550000000000
IDEBIT_ISSNAME
RBC
IDEBIT_ISSCONF
123456
For a declined response, provide any other value as the IDEBIT_TRACK2. Click Post to Merchant.
Whether the transaction is approved or declined, do not click Validate Data. This will return validation
errors.

Page 385 of 477

July 2018

Certification Test Tool
https://merchant-test.interacidebit.ca/gateway/merchant_certification_processor.do
This URL is used to complete the required INTERAC® Online Payment Merchant Front-End Certification
test cases, which are outlined in Appendix E (page 455) and Appendix F (page 459).
To confirm the fund that was guaranteed above, an INTERAC® Online Payment Purchase must be sent to
the Moneris Gateway QAusing the following test store information:
Host: esqa.moneris.com
Store ID: store3
API Token: yesguy
You can always log into the Merchant Resource Center to check the results using the following information:
URL: https://esqa.moneris.com/mpg
Store ID: store3
Note that all response variables that are posted back from the IOP gateway in step 5.4 of 5.4 must be validated for length of field, permitted characters and invalid characters.

16.7 Testing MPI Solutions
When testing your implementation of the Moneris MPI, you can use the Visa/MasterCard/Amex PIT (production integration testing) environment. The testing process is slightly different than a production environment in that when the inline window is generated, it does not contain any input boxes. Instead, it
contains a window of data and a Submit button. Clicking Submit loads the response in the testing window. The response will not be displayed in production.

NOTE: MasterCard SecureCode and Amex SafeKey may not be directly tested within our
current test environment. However, the process and behavior tested with the Visa test
cards will be the same for MCSC and SafeKey.

When testing you may use the following test card numbers with any future expiry date. Use the appropriate test card information from the tables below: Visa and MasterCard use the same test card information, while Amex uses unique information.

July 2018

Page 386 of 477

Moneris Gateway API - Integration Guide
Table 104: MPI test card numbers (Visa and MasterCard only)
Card Number

VERes

4012001037141112 Y

PARes

Action

true

TXN – Call function to create inLine window.
ACS – Send CAVV to Moneris Gateway using either the Cavv
Purchase or the Cavv Pre-Authorization transaction.

4012001038488884 U

NA

Send transaction to Moneris Gateway using either the basic
Purchase or the basic Pre-Authorization transaction. Set crypt_
type = 7.

4012001038443335 N

NA

Send transaction to Moneris Gateway using either the basic
Purchase or the basic Pre-Authorization transaction.

4242424242424242

Set crypt_type = 6.
4012001037461114 Y

false

Card failed to authenticate. Merchant may chose to send transaction or decline transaction. If transaction is sent, use crypt
type = 7.

Table 105: MPI test card numbers (Amex only)
Card Number

Password
VERes Required? PARes

Action

375987000000062 U

Not
required

N/A

TXN – Call function to create inLine window.
ACS – Send CAVV to Moneris Gateway using either the
Cavv Purchase or the Cavv Pre-Authorization transaction.Set crypt_type = 7.

375987000000021 Y

Yes:
false
test13fail

Card failed to authenticate. Merchant may chose to
send transaction or decline transaction. If transaction
is sent, use crypt type = 7.

375987000000013 N

Not
required

N/A

Send transaction to Moneris Gateway using either the
basic Purchase or the basic Pre-Authorization transaction. Set crypt_type = 6.

374500261001009 Y

Yes:
test09

true

Card failed to authenticate. Merchant may choose to
send transaction or decline transaction. Set crypt_
type = 5.

VERes
The result U, Y or N is obtained by using getMessage().
PARes
The result “true” or “false” is obtained by using getSuccess().
To access the Merchant Resource Center in the test environment go to https://esqa.moneris.com/mpg.

Page 387 of 477

July 2018

Transactions in the test environment should not exceed $11.00.

16.8 Testing Visa Checkout
In order to test Visa Checkout you need to:
1. Create a Visa Checkout configuration profile in the Merchant Resource Center QA environment at
https://esqa.moneris.com/mpg. To learn more about this, see "Creating a Visa Checkout Configuration for Testing" below.
2. Obtain a Lightbox API key to be used for Lightbox integration. To learn more about this, see "Integrating Visa Checkout Lightbox" on page 364.
3. For test card numbers specifically for use when testing Visa Checkout, see "Test Cards for Visa
Checkout" on the next page

16.8.1 Creating a Visa Checkout Configuration for Testing
Once you have a test store created, you need to activate Visa Checkout in the QA environment.
To activate Visa Checkout in QA:
1.
2.
3.
4.

Log in to the the QA environment at https://esqa.moneris.com/mpg
In the Admin menu, select Visa Checkout
Complete the applicable fields
Click Save.

16.9 Test Cards
Because of security and compliance reasons, the use of live credit and debit card numbers for testing is
strictly prohibited. Only test credit and debit card numbers are to be used.
To test general transactions, use the following test card numbers:
Table 106: General test card numbers
Card Number

Card Plan
MasterCard

5454545454545454

Visa

4242424242424242

Amex

373599005095005

JCB

3566007770015365

July 2018

Page 388 of 477

Moneris Gateway API - Integration Guide

Card Number

Card Plan
Diners

36462462742008

Track2

5258968987035454=06061015454001060101?

Discover

6510000000000182

UnionPay

6250944000000771

To test Level 2/3 transactions, use the following test card numbers:
Table 107: Level 2/3 test card numbers
Card Number

Card Plan
MasterCard

5454545442424242

Visa

4242424254545454

Amex

373269005095005

Diners

36462462742008

16.9.1 Test Cards for Visa Checkout
Table 1: Test Cards Numbers - Visa Checkout
Card Plan

Card Number

Visa

4005520201264821 (without card art)

Visa

4242424242424242 (with card art)

MasterCard

5500005555555559

American Express

340353278080900

Discover

6011003179988686

16.10 Simulator Host
The test environment has been designed to replicate the production environment as closely as possible.
One major difference is that Moneris is unable to send test transactions onto the production authorization network. Therefore, issuer responses are simulated. Additionally, the requirement to emulate
approval, decline and error situations dictates that certain transaction variables initiate various response
and error situations.

Page 389 of 477

July 2018

The test environment approves and declines transactions based on the penny value of the amount sent.
For example, a transaction made for the amount of $9.00 or $1.00 is approved because of the .00 penny
value.
Transactions in the test environment must not exceed $11.00.
For a list of all current test environment responses for various penny values, please see the Test Environment Penny Response Table available at https://developer.moneris.com.

NOTE: These responses may change without notice. Check the Moneris Developer Portal
(https://developer.moneris.com) regularly to access the latest documentation and downloads.

July 2018

Page 390 of 477

17 Moving to Production
l
l
l
l

17.1 Activating a Production Store Account
17.2 Configuring a Store for Production
17.3 Receipt Requirements
1 Getting Help

17.1 Activating a Production Store Account
The steps below outline how to activate your production account so that you can process production
transactions.
1.
2.
3.
4.

Obtain your activation letter/fax from Moneris.
Go to [[[Undefined variable URLs.ActivationCanada]]].
Input your store ID and merchant ID from the letter/fax and click Activate.
Follow the on-screen instructions to create an administrator account. This account will grant you
access to the Merchant Resource Center.
5. Log into the Merchant Resource Center at https://www3.moneris.com/mpg using the user credentials created in step 17.1.
6. Proceed to ADMIN and then STORE SETTINGS.
7. Locate the API token at the top of the page. You will use this API token along with the store ID
that you received in your letter/fax and to send any production transactions through the API.
When your production store is activated, you need to configure your store so that it points to the production host. To learn how do to this, see Configuring a Store for Production (page 392)

NOTE: For more information about how to use the Merchant Resource Center, see the Moneris Gateway Merchant Resource Center User’s Guide, which is available at
https://developer.moneris.com.

17.2 Configuring a Store for Production
After you have completed your testing and have activated your production store, you are ready to point
your store to the production host.
To configure a store for production:
1. Change the test mode set method from true to false.
2. Change the Store ID to reflect the production store ID that you received when you activated your
production store. To review the steps for activating a production store, see Activating a Production Store Account (page 392).
3. Change the API token to the production token that you received during activation.
4. If you haven't done so already, change the code to reflect the correct processing country (Canada
for most merchants). For more on this, see
The table below illustrates the steps above using the relevant code (and where X is an alphanumeric character).

July 2018

Page 392 of 477

Moneris Gateway API - Integration Guide

Step
1

Code in Testing
No string changes for this item, only set
method is altered:

Changes for Production
Set method for production:
$mpgRequest->setTestMode(false);

$mpgRequest->setTestMode(true);

2

String:

String for Production:

$store_id='store5';

$store_id='monXXXXXXXX';

Associated Set Method:
'store_id'=>$store_id

3

String:

String for Production:

$api_token='yesguy';

$api_token='XXXX';

Associated Set Method:
'api_token'=>$api_token

17.2.1 Configuring an INTERAC® Online Payment Store for Production
Before you can process INTERAC® Online Payment transactions through your web site, you need to complete the certification registration process with Moneris, as described below. The production IDEBIT_
MERCHNUM value is provided by Moneris after you have successfully completed the certification.
Acxsys’ production INTERAC® Online PaymentGateway URL is https://gateway.interaconline.com/merchant_processor.do.
To access the Moneris Moneris Gateway production gateway URL, use the following:
Store ID: Provided by Moneris
API Token: Generated during your store activation process.
Processing country code: CA
The production Merchant Resource Center URL is https://www3.moneris.com/mpg/

17.2.1.1 Completing the Certification Registration - Merchants
To complete the certification registration, fax or email the information below to our Integration Support
helpdesk:

Page 393 of 477

July 2018

17 Moving to Production

l

l

l

l

l

Merchant logo to be displayed on the INTERAC® Online Payment Gateway page
l In both French and English
l 120 × 30 pixels
l Only PNG format is supported.
Merchant business name
l In both English and French
l Maximum 30 characters.
List of all referrer URLs. That is, URLs from which the customer may be redirected to the INTERAC®
Online Payment gateway.
List of all URLs that may appear in the IDEBIT_FUNDEDURL field of the https form POST to the
INTERAC® Online Payment Gateway.
List of all URLs that may appear in the IDEBIT_NOTFUNDEDURL field of the https form POST to the
INTERAC® Online Payment Gateway.

17.2.1.2 Third-Party Service/Shopping Cart Provider
In your product documentation, instruct your clients to provide the information below to the Moneris
Gateway Integration Support helpdesk for certification registration:
l

l

l

l

l

Merchant logo to be displayed on the INTERAC® Online Payment Gateway page
l In both French and English
l 120 × 30 pixels
l Only PNG format is supported.
Merchant business name
l In both English and French
l Maximum 30 characters.
List of all referrer URLs. That is, URLs from which the customer may be redirected to the INTERAC®
Online Payment gateway.
List of all URLs that may appear in the IDEBIT_FUNDEDURL field of the https form POST to the
INTERAC® Online Payment Gateway.
List of all URLs that may appear in the IDEBIT_NOTFUNDEDURL field of the https form POST to the
INTERAC® Online Payment Gateway.

See 5.3.3, page 107 for additional client requirements.

July 2018

Page 394 of 477

Moneris Gateway API - Integration Guide

17.3 Receipt Requirements
Visa and MasterCard expect certain details to be provided to the cardholder and on the receipt when a
transaction is approved.
Receipts must comply with the standards outlined within the Integration Receipts Requirements. For all
the receipt requirements covering all transaction scenarios, visit the Moneris Developer Portal at
https://developer.moneris.com.
Production of the receipt must begin when the appropriate response to the transaction request is
received by the application. The transaction may be any of the following:
l
l
l
l
l
l

Sale (Purchase)
Authorization (PreAuth, Pre-Authorization)
Authorization Completion (Completion, Capture)
Offline Sale (Force Post)
Sale Void (Purchase Correction, Void)
Refund.

The boldface terms listed above are the names for transactions as they are to be displayed on receipts.
Other terms used for the transaction are indicated in brackets.

17.3.1 Certification Requirements
Card-present transaction receipts are required to complete certification.
Card-not-present integration
Certification is optional but highly recommended.
Card-present integration
After you have completed the development and testing, your application must undergo a certification process where all the applicable transaction types must be demonstrated, and the
corresponding receipts properly generated.
Contact a Client Integration Specialist for the Certification Test checklist that must be completed and returned for verification. (See "Getting Help" on page 1 for contact details.) Be sure
to include the application version of your product. Any further changes to the product after
certification requires re-certification.
After the certification requirements are met, Moneris will provide you with an official certification letter.

Page 395 of 477

July 2018

Appendix A Definitions of Request Fields
This appendix deals with values that belong to transaction objects. For information on values that
belong to the (HttpsPostRequest) connection object, see "Processing a Transaction" on page 382.

NOTE:

Alphanumeric fields allow the following characters: a-z A-Z 0-9 _ - : . @ spaces
All other request fields allow the following characters: a-z A-Z 0-9 _ - : . @ $ = /

Note that the values listed in Appendix A are not mandatory for every transaction. Check the transaction
definition. If it says that a value is mandatory, a further description is found here.
Table 108: Request fields
Type

Limits

Sample code variable definition

Value
Description
General transaction values
Order ID

String

50-character
alphanumeric

order_id

Merchant-defined transaction identifier that must be unique for every Purchase,
PreAuth and Independent Refund transaction. No two transactions of these
types may have the same order ID.
For Refund, Completion and Purchase Correction transactions, the order ID must
be the same as that of the original transaction.
The last 10 characters of the order ID are displayed in the “Invoice Number” field
on the Merchant Direct Reports. However only letters, numbers and spaces are
sent to Merchant Direct.
A minimum of 3 and a maximum of 10 valid characters are sent to Merchant
Direct. Only the last characters beginning after any invalid characters are sent. For
example, if the order ID is 1234-567890, only 567890 is sent to Merchant Direct.
If the order ID has fewer than 3 characters, it may display a blank or 0000000000
in the Invoice Number field.

July 2018

Page 396 of 477

Moneris Gateway API - Integration Guide
Table 108: Request fields (continued)
Type

Limits

Sample code variable definition

Value
Description
Amount

String

9-character decimal

amount

Transaction amount. Used in a number of transactions. Note that this is different
from the amount used in a Completion transaction, which is an alphanumeric
value.
This must contain at least 3 digits, two of which are penny values.
The minimum allowable value is $0.01, and the maximum allowable value is 999
999.99. Transaction amounts of $0.00 are not allowed.
Credit card number String

20-character numeric pan
(no spaces or dashes)

Most credit card numbers today are 16 digits, but some 13-digit numbers are still
accepted by some issuers. This field has been intentionally expanded to 20 digits
in consideration for future expansion and potential support of private label card
ranges.
Expiry date

String

4-character numeric

expdate

(YYMM format)
Note: This is the reverse of the date displayed on the physical card, which is
MMYY.

Page 397 of 477

July 2018

Appendix A Definitions of Request Fields
Table 108: Request fields (continued)
Type

Limits

Sample code variable definition

Value
Description
E-Commerce
indicator

String

1-character alphanumeric

crypt_type

1: Mail Order / Telephone Order—Single
2: Mail Order / Telephone Order—Recurring
3: Mail Order / Telephone Order—Instalment
4: Mail Order / Telephone Order—Unknown classification
5: Authenticated e-commerce transaction (VbV/MCSC/SafeKey)
6: Non-authenticated e-commerce transaction (VbV/MCSC/SafeKey)
7: SSL-enabled merchant
8: Non-secure transaction (web- or email-based)
9: SET non-authenticated transaction

NOTE:
When processing a Cavv Purchase or Pre-Authorization for
Apple Pay or Android Pay transactions whereby the merchant is
using their own API to decrypt the payload, this field is
mandatory.
For Apple Pay or Android Pay, send the value returned in the
eciIndicator or 3dsEciIndicator respectively. If the value is not
present, please send the value as 5. If you get a 2-character
value (e.g.,. 05 or 07) from the payload, remove the initial 0 and
just send us the 2nd character.
Supported values for Apple Pay and Android Pay are:
5: Authenticated e-commerce transaction
7: SSL-enabled merchant

July 2018

Page 398 of 477

Moneris Gateway API - Integration Guide
Table 108: Request fields (continued)
Type

Limits

Sample code variable definition

Value
Description
Completion
Amount

String

9-character decimal

comp_amount

Amount of a Completion transaction. This may not be equal to the amount value
(described on page 396), which appeared in the original Pre-Authorization
transaction.

Shipping Indicator1 String

1-character alphanumeric

ship_indicator

Used to identify completion transactions that require multiple shipments, also
referred to as multiple completions. By default, if the shipping indicator is not
passed, all completions are listed as final completions. To indicate that the
completion is to be left open by the issuer as supplemental shipments or
completions are pending, a value of P is submitted.
Possible values:
P = Partial
F = Final

Transaction number

String

255-character
alphanumeric

txn_number

Used when performing follow-on transactions. (That is, Completion, Purchase Correction or Refund.) This must be the value that was returned as the transaction
number in the response of the original transaction.
When performing a Completion, this value must reference the Pre-Authorization.
When performing a Refund or a Purchase Correction, this value must reference
the Completion or the Purchase.
Authorization code String

8-character alphanumeric

auth_code

Authorization code provided in the transaction response from the issuing bank.
This is required for Force Post transactions.

1Available to Canadian integrations only.

Page 399 of 477

July 2018

Appendix A Definitions of Request Fields
Table 108: Request fields (continued)
Type

Limits

Sample code variable definition

Value
Description
ECR number

String

8-character alphanumeric

ecr_number

Electronic cash register number, also referred to as TID or Terminal ID.
MPI transaction values
XID

String

20-character alphanumeric

xid

Can also be used as your order ID when using Moneris Gateway. Fixed length —
must be exactly 20 characters.
MD (Merchant
Data)

String

1024-character alpha- MD
numeric

Information to be echoed back in the response.
Merchant URL

String

Variable length

merchantUrl

URL to which the MPI response is to be sent.
Accept

String

Variable length

accept

MIME types that the browser accepts
User Agent

String

Variable length

userAgent

Browser details
PARes

String

Variable length

(Not shown)

Value passed back to the API during the TXN, and returned to the MPI when an
ACS request is made.
cavv
Cardholder
String
50-character alphaAuthentication Verinumeric
fication Value
Value provided by the Moneris MPI or by a third-party MPI. It is part of a Verified
(CAVV)
by Visa/MasterCard SecureCode/American Express SafeKey transaction.
NOTE: For Apple Pay and Android Pay Cavv Purchase and Cavv Pre-Authorization transactions,
CAVV field contains the decrypted cryptogram.

Vault transaction values

July 2018

Page 400 of 477

Moneris Gateway API - Integration Guide
Table 108: Request fields (continued)
Type

Limits

Sample code variable definition

Value
Description
Data key

String

28-character alphanumeric

data_key

Profile identifier that all future financial Vault transactions (that is, they occur after
the profile was registered by a Vault Add Credit Card- ResAddCC, Vault Encrypted
Add Credit Card - EncResAddCC, Vault Tokenize Credit Card - ResTokenizeCC,
Vault Add Temporary Token - ResTempAdd or Vault Add Token - ResAddToken
transaction) will use to associate with the saved information.
The data key is generated by Moneris, and is returned to the merchant (via the
Receipt object) when the profile is first registered.
Duration

String

3-character numeric

duration

Amount of time the temporary token should be available, up to 900 seconds.
Data key format1

String

2-character alphanumeric

data_key_format;

This field will specify the data key format being returned. If left blank, Data Key
format will default to 25-character alphanumeric.
Valid values:
no value sent or 0 = 25-character alpha-numeric Data Key
By using the following values, a unique token is generated specifically for the PAN
that is presented for tokenization. Any subsequent tokenization requests for the
same PAN will result in the same token
0U = 25-character alpha-numeric Data Key, Unique

Mag Swipe transaction values

1Available to Canadian integrations only.

Page 401 of 477

July 2018

Appendix A Definitions of Request Fields
Table 108: Request fields (continued)
Type

Limits

Sample code variable definition

Value
Description
POS code

String

20-character numeric

pos_code

Under normal presentment situations, the value is 00.
If a Pre-Authorization transaction was card-present and keyed-in, then the
POS code for the corresponding Completion transaction is 71.
In an unmanned kiosk environment where the card is present, the value is 27.
If the solution is not “merchant and cardholder present”, contact Moneris for the
proper POS code.
Track2 data

String

40-character
alphanumeric

track2

Retrieved from the mag stripe of a credit card by swiping it through a card reader,
or the "fund guarantee" value returned by the INTERAC® Online Payment system.
Encrypted track2
data

String

Device type

String

Variable length

enc_track2

String that is retrieved by swiping or keying in a credit card number through a
Moneris-provided encrypted mag swipe card reader. It is part of an encrypted
keyed or swiped transaction only. This string must be retrieved by a specific
device. (See below for the list of current available devices.)
30-character alphanumeric

device_type

Type of encrypted mag swipe reader that was read the credit card. This must be a
Moneris-provided device so that the values are properly encrypted and
decrypted.
This field is case-sensitive. Available values are:
"idtech_bdk"

July 2018

Page 402 of 477

Moneris Gateway API - Integration Guide
Note that the values listed in Appendix A are not supported by every transaction. Check the transaction
definition. If it says that a value is optional, a further description is found here.
Table 109: Optional transaction values
Type

Limits

Sample code variable definition

Value
Description
General transaction values
Customer ID

String

30-character alphanumeric

cust_id

This can be used for policy number, membership number, student ID, invoice number and so on.
This field is searchable from the Moneris Merchant Resource Center.
Status Check

String

true/false

status_check

20-character alphanumeric

dynamic_descriptor

See .
Dynamic
descriptor

String

Combined with merchant's business name cannot exceed 25 characters.
Merchant-defined description sent on a per-transaction basis that will appear on the
credit card statement appended to the merchant’s business name.

Page 403 of 477

July 2018

Appendix A Definitions of Request Fields
Table 109: Optional transaction values (continued)
Type

Limits

Sample code variable definition

Value
Description
Wallet
indicator1

String

3-character alphanumeric

wallet_indicator

Optional value to indicate when the credit card details were collected from a wallet
such as Apple Pay, Android Pay, Visa Checkout, MasterCard MasterPass.
This field is applicable to Apple Pay and Android Pay transactions whereby the merchant is using their own API to decrypt the payload. This is a mandatory field for
these types of Apple Pay and Android Pay transactions.
l

l

Apple Pay and Android Pay wallet indicator is applicable to Cavv Purchase –
Apple Pay In-App and on the Web and Cavv Pre-Authorization – Apple Pay
Visa Checkout and MasterCard MasterPass wallet indicator is applicable to
basic Purchase and Pre-Authorization

Possible values are:
l
l
l
l
l

APP = Apple Pay In-App
APW = Apple Pay on the Web
ANP = Android Pay In-App
VCO = Visa Checkout
MMP = MasterCard MasterPass

NOTE: Please note that if this field is included to indicate Apple Pay or Android Pay, then Convenience Fee is not supported.

Vault transaction values
Phone number

String

30-character alphanumeric

phone

Phone number of the customer. Can be sent in when creating or updating a Vault profile.
Email address

String

30-character alphanumeric

email

Email address of the customer. Can be sent in when creating or updating a Vault profile.
Additional
notes

String

30-character alphanumeric

note

This optional field can be used for supplementary information to be sent in with the
transaction. This field can be sent in when creating or updating a Vault profile.

For information about Customer Information request fields see 13 Customer Information
1Available to Canadian integrations only.

July 2018

Page 404 of 477

Moneris Gateway API - Integration Guide
For information about Address Verification Service (AVS) request fields see 9.1 Address Verification Service
For information about Card Validation Digits (CVD) request fields see
For information about Recurring Billing request fields see Appendix A Recurring Billing.
For information about Convenience Fee request fields see Appendix A Convenience Fee.
For information about Level 2/3 Visa, Level 2/3 MasterCard and Level 2/3 American Express, see A.3 Definition of Request Fields for Level 2/3 - Visa, A.5 Definition of Request Fields for Level 2/3 - Amex

Page 405 of 477

July 2018

Appendix A Definitions of Request Fields

A.1 Definitions of Request Fields – Credential on File
Variable Name
Issuer ID

Type
String

NOTE: This variable is
required for all merchant-intiated transactions following the
first one; upon sending
the first transaction,
the Issuer ID value is
received in the transaction response and
then used in subsequent transaction
requests (Issuer ID
does not apply for Discover or Union Pay).

Payment Indicator

Limits

Description

15-character alphanumeric

Unique identifier for the cardholder's
stored credentials

Variable length

Sent back in the response from the
card brand when processing a Credential on File transaction
If the cardholder's credentials are
being stored for the first time, you
must save the Issuer ID on your system to use in subsequent Credential
on File transactions
Issuer ID must be saved to your system in the following cases:

String

1-character alphabetic

Indicates the intended or current use
of the credentials
Possible values for first transactions:
C - unscheduled credential on file (first transaction only)
R - recurring

Possible values for subsequent transactions:
R - recurring
U - unscheduled merchant-initiated transaction
Z - unscheduled cardholder-initiated transaction

Payment Information

String

1-character numeric

Describes whether the transaction is
the first or subsequent in the series
Possible values are:
0 - first transaction in a series (storing payment details provided by the cardholder)
2 - subsequent transactions (using previously
stored payment details)

July 2018

Page 406 of 477

Moneris Gateway API - Integration Guide

A.2 Definition of Request Fields – Recurring
Recurring Billing Info Object Request Fields
Variable and Field Name

Type and Limits

Number of Recurs

String

num_recurs

numeric, 1-99

Period

String

period

numeric, 1-999

Start Date

String

start_date

YYYY/MM/DD

Description
The number of times that the
transaction must recur
Number of recur units that
must pass between recurring
billings
Date of the first future recurring
billing transaction
This value must be a date in the
future
If an additional charge is to be
made immediately, the value of
Start Now must be set to true

Start Now

String

start_now

true/false

If a single charge is to be made
against the card immediately,
set this value to true; the
amount to be billed immediately may differ from the
amount billed on a regular
basis thereafter
If the billing is to start in the
future, set this value to false
When set to false, use Card Verification prior to sending the
Purchase with Recur and Credential on File objects

Recurring Amount

String

recur_amount

9-character decimal; Up to 6
digits (dollars) + decimal point
+ 2 digits (cents) after the
decimal point

Page 407 of 477

Amount of the recurring transaction
This is the amount that will be
billed on the Start Date and
then billed repeatedly based on
the interval defined by Period
and Recur Unit

July 2018

Appendix A Definitions of Request Fields

Variable and Field Name

Type and Limits

Description

EXAMPLE:
123456.78
Recur Unit

String

recur_unit

day, week, month or eom

Unit to be used as a basis for
the interval
Works in conjunction with
Period to define the billing frequency
Possible values are:
day
week
month
eom (end of month)

A.3 Definition of Request Fields for Level 2/3 - Visa
Table 1: Visa - Corporate Card Common Data - Level 2 Request Fields
Req*
Y

Field Name
National Tax

Limits
12-character decimal

Set Method
'national_
tax'=>$national_
tax

Description
Must reflect the
amount of
National Tax
(GST or HST)
appearing on
the invoice.
Minimum - 0.01
Maximum 999999.99.
Must have 2
decimal places.

Y

Merchant
VAT Registration/Single
Business Reference
Number

July 2018

20-character alphanumeric

'merchant_vat_
no'=>$merchant_
vat_no

Merchant’s Tax
Registration
Number
must be
provided if tax is
included on the
invoice

Page 408 of 477

Moneris Gateway API - Integration Guide

Req*

Field Name

Limits

Set Method

Description
NOTE: Must
not be all
spaces or all
zeroes

C

Local Tax

12-character decimal

'local_
tax'=>$local_tax

Must reflect the
amount of Local
Tax (PST or QST)
appearing on
the invoice
If Local Tax
included then
must not be all
spaces or all zeroes; Must be
provided if Local
Tax (PST or QST)
applies
Minimum = 0.01
Maximum =
999999.99
Must have 2
decimal places

C

Local Tax (PST or QST)
Registration Number

15-character alphanumeric

'local_tax_
no'=>$local_tax_no

Merchant's
Local Tax
(PST/QST) Registration Number
Must be
provided if tax is
included on the
invoice; If Local
Tax included
then must not
be all spaces or
all zeroes
Must be
provided if Local
Tax (PST or QST)
applies

Page 409 of 477

July 2018

Appendix A Definitions of Request Fields

Req*

Field Name

Limits

Set Method

Description

C

Customer
VAT Registration Number

13-character alphanumeric

'customer_vat_
no'=>$customer_
vat_no

If the Customer’s Tax
Registration
Number
appears on the
invoice to support tax exempt
transactions it
must be
provided here

C

Customer Code/Customer Reference Identifier (CRI)

16-character alphanumeric

'cri'=>$cri

Value which the
customer may
choose to
provide to the
supplier at the
point of sale –
must be
provided if
given by the customer

N

Customer Code

17-character alphanumeric

'customer_
code'=>$customer_
code

Optional customer code field
that will not be
passed along to
Visa, but will be
included on
Moneris reporting

N

Invoice Number

17-character alphanumeric

'invoice_
number'=>$invoice_
number

Optional invoice
number field
that will not be
passed along to
Visa, but will be
included on
Moneris reporting

*Y = Required, N = Optional, C = Conditional
Table 2: Visa - Corporate Card Common Data- Level 2 Request Fields (VSPurcha)
Req
C*

Variable Name
Buyer Name

July 2018

Field Name
buyer_name

Size/Type
30-character alphanumeric

Description
Buyer/Receipient
Name

Page 410 of 477

Moneris Gateway API - Integration Guide

Req

Variable Name

Field Name

Size/Type

Description
*only required by
CRA if transaction is
>$150

C*

Local tax rate

local_tax_rate

4-character decimal

Indicates the
detailed tax rate
applied in relationship to a local
tax amount
EXAMPLE: 8% PST
should be 8.0.

maximum 99.99
*Must be provided
if Local Tax (PST or
QST) applies.
N

Duty Amount

duty_amount

9-character decimal

Duty on total purchase amount
A minus sign
means 'amount is a
credit', plus sign or
no sign means
'amount is a debit'
maximum without
sign is 999999.99

N

Invoice Discount
Treatment

discount_treatment

1-character numeric

Indicates how the
merchant is managing discounts
Must be one of the
following values:
0 - if no invoice level
discounts apply for this
invoice
1 - if Tax was calculated on Post-Discount totals
2 - if Tax was calculated on Pre-Discount
totals

Page 411 of 477

July 2018

Appendix A Definitions of Request Fields

Req

Variable Name

N

Invoice Level Discount Amount

Field Name
discount_amt

Size/Type
9-character decimal

Description
Amount of discount (if provided
at the invoice level
according to the
Invoice Discount
Treatment)
Must be non-zero if
Invoice Discount
Treatment is 1 or 2
Minimum amount
is 0.00 and maximum is 999999.99

C*

Ship To Postal
Code / Zip Code

ship_to_pos_code

10-character alphanumeric

The postal code or
zip code for the destination where
goods will be
delivered
*Required if shipment is involved
Full alpha postal
code - Valid
ANANAN
format required if
shipping to an
address within
Canada

C

Ship From Postal
Code / Zip Code

ship_from_pos_code

10-character alphanumeric

The postal code or
zip code from
which items were
shipped
For Canadian
addresses,requires
full alpha postal
code for the merchant with Valid
ANANAN
format

C*

Destination Coun- des_cou_code
try Code

July 2018

2-character alphanumeric

Code of country
where purchased
goods will be

Page 412 of 477

Moneris Gateway API - Integration Guide

Req

Variable Name

Field Name

Size/Type

Description
delivered
Use ISO 3166-1
alpha-2 format
NOTE: Required if
it appears on the
invoice for an international transaction

Y

Unique VAT
Invoice Reference Number

vat_ref_num

25-character alphanumeric

Unique Value
Added Tax Invoice
Reference Number
Must be populated
with the invoice
number and this
cannot be all
spaces or zeroes

Y

Tax Treatment

tax_treatment

1-character numeric

Must be one of the
following values:
0 = Net Prices with tax
calculated at line item
level;
1 = Net Prices with tax
calculated at invoice
level;
2 = Gross prices given
with tax information
provided at line item
level;
3 = Gross prices given
with tax information
provided at invoice
level;
4 = No tax applies
(small merchant) on
the invoice for the transaction

N

Freight/Shipping
Amount (Ship
Amount)

Page 413 of 477

freight_amount

9-character decimal

Freight charges on
total purchase
If shipping is not
provided as a line

July 2018

Appendix A Definitions of Request Fields

Req

Variable Name

Field Name

Size/Type

Description
item it must be
provided here, if
applicable
Signed monetary
amount: minus
sign means
'amount is a credit',
plus sign or no sign
means 'amount is a
debit', maximum
without sign is
999999.99

C

GST HST Freight
Rate

gst_hst_freight_rate

4-character decimal

Rate of GST
(excludes PST) or
HST charged on the
shipping amount
(in accordance with
the Tax Treatment)
If Freight/Shipping
Amount is
provided then this
(National GST or
HST) tax rate must
be provided.
Monetary amount,
maximum is 99.99.
Such as 13% HST is
13.00

C

GST HST Freight
Amount

gst_hst_freight_
amount

9-character decimal

Amount of GST
(excludes PST) or
HST charged on the
shipping amount
If Freight/Shipping
Amount is
provided then this
(National GST or
HST) tax amount
must be provided if
taxTreatment is 0
or 2
Signed monetary

July 2018

Page 414 of 477

Moneris Gateway API - Integration Guide

Req

Variable Name

Field Name

Size/Type

Description
amount: maximum
without sign is
999999.99.

Table 3: Visa - Line Item Details - Level 3 Request Fields (VSPurchl)
Req

Variable Name

Field Name

Size/Type

Description

C

Item Commodity
Code

item_com_code

12-character alphanumeric

Line item Commodity Code (if this
field is not sent,
then productCode
must be sent)

Y

Product Code

product_code

12-character alphanumeric

Product code for
this line item – merchant’s product
code, manufacturer’s product
code or buyer’s
product code
Typically this will be
the SKU or identifier by which the
merchant tracks
and prices the item
or service
This should always
be provided for
every line item

Y

Item Description

item_description

35-character alphanumeric

Line item description

Y

Item Quantity

item_quantity

12-character decimal

Quantity invoiced
for this line item
Up to 4 decimal
places supported,
whole numbers are
accepted
Minimum = 0.0001

Page 415 of 477

July 2018

Appendix A Definitions of Request Fields

Req

Variable Name

Field Name

Size/Type

Description
Maximum =
999999999999

Y

Y

Item Unit of
Measure

item_uom

Item Unit Cost

unit_cost

2-character alphanumeric

Unit of Measure
Use ANSI X-12 EDI
Allowable Units of
Measure and
Codes

12-character decimal

Line item cost per
unit
2-4 decimal places
accepted
Minimum = 0.0001
Maximum =
999999.9999

N

VAT Tax Amount

vat_tax_amt

12-character decimal

Any value-added
tax or other sales
tax amount
Must have 2
decimal places
Minimum = 0.01
Maximum =
999999.99

N

VAT Tax Rate

vat_tax_rate

4-character decimal

Sales tax rate
EXAMPLE: 8% PST
should be 8.0

maximum 99.99
Y

Discount Treatment

discount_treatmentL

1-character numeric

Must be one of the
following values:
0 if no invoice level discounts apply for this
invoice
1 if Tax was calculated
on Post-Discount totals

July 2018

Page 416 of 477

Moneris Gateway API - Integration Guide

Req

Variable Name

Field Name

Size/Type

Description
2 if Tax was calculated
on Pre-Discount totals.

C

Discount Amount

discount_amtL

12-character decimal

Amount of discount, if provided
for this line item
according to the
Line Item Discount
Treatment
Must be non-zero if
Line Item Discount
Treatment is 1 or 2
Must have 2
decimal places
Minimum = 0.01
Maximum =
999999.99

A.4 Definition of Request Fields for Level 2/3 - MasterCard
Table 1: Objects - Level 2/3 MasterCard
MCCorpais Objects

Description

MCCorpac

Corporate Card Common data

MCCorpal

Line Item Details

Table 2: MasterCard - Corporate Card Common Data (MCCorpac) - Level 2 Request Fields
Req

Variable Name

Field Name

Size/Type

Description

N

AustinTetraNumber

AustinTetra Number

15-character
alphanumeric

Merchant’s Austin-Tetra Number

N

NaicsCode

NAICS Code

15-character
alphanumeric

North American Industry Classification System (NAICS) code
assigned to the merchant

N

CustomerCode

Customer
Code

25-character
alpha-

A control number, such as purchase order number, project

Page 417 of 477

July 2018

Appendix A Definitions of Request Fields

Req

Variable Name

Field Name

Size/Type

Description

numeric

number, department allocation number or name that
the purchaser supplied the
merchant. Left-justified; may
be spaces

N

UniqueInvoiceNumber

Unique
Invoice
Number

17-character
alphanumeric

Unique number associated
with the individual transaction
provided by the merchant

N

CommodityCode

Commodity
Code

15-character
alphanumeric

Code assigned by the merchant that best categorizes
the item(s) being purchased

N

OrderDate

Order Date

6-character
numeric

The date the item was
ordered. If present, must contain a valid date in the format
YYMMDD.

N

CorporationVatNumber

Corporation
VAT Number

20-character
alphanumeric

Contains a corporation’s value
added tax (VAT) number

N

CustomerVatNumber

Customer
VAT Number

20-character
alphanumeric

Contains the VAT number for
the customer/cardholder
used to identify the customer
when purchasing goods and
services from the merchant

N

FreightAmount

Freight
Amount

12-character
decimal

The freight on the total purchase. Must have 2 decimals

N

DutyAmount

Duty
Amount

12-character
decimal

The duty on the total purchase, Must have 2 decimals

N

DestinationProvinceCode

Destination
State /
Province
Code

3-character
alphanumeric

State or Province of the country where the goods will be
delivered. Left justified with
trailing spaces. e.g., ONT Ontario

N

DestinationCountryCode

Destination
Country
Code

3-character
alphanumeric

The country code where
goods will be delivered. Left
justified with trailing spaces.
e.g., CAN - Canada

July 2018

Page 418 of 477

Moneris Gateway API - Integration Guide

Req

Variable Name

Field Name

Size/Type

Description

N

ShipFromPosCode

Ship From
Postal
Code

10-character
alphanumeric

The postal code or zip code
from which items were
shipped

N

ShipToPosCode

Destination
Postal
Code

10-character
alphanumeric

The postal code or zip code
where goods will be delivered

N

AuthorizedContactName

Authorized
Contact
Name

36-character
alphanumeric

Name of an individual or company contacted for company
authorized purchases

N

AuthorizedContactPhone

Authorized
Contact
Phone

17-character
alphanumeric

Phone number of an individual or company contacted
for company authorized purchases

N

AdditionalCardAcceptordata

Additional
Card
Acceptor
Data

40-character
alphanumeric

Information pertaining to the
card acceptor

N

CardAcceptorType

Card
Acceptor
Type

8-character
alphanumeric

Various classifications of business ownership characteristics
This field takes 8 characters.
Each character represents a
different component, as follows:
1st character represents ‘Business Type’ and contains a
code to identify the specific
classification or type of business:
1. Corporation
2. Not known
3. Individual/Sole Proprietorship
4. Partnership
5. Association/Estate/Trust
6. Tax Exempt Organizations (501C)
7. International Organization

Page 419 of 477

July 2018

Appendix A Definitions of Request Fields

Req

Variable Name

Field Name

Size/Type

Description
8. Limited Liability Company (LLC)
9. Government Agency
2nd character represents 'Business Owner Type'. Contains a
code to identify specific characteristics about the business
owner.
1 - No application classification
2 - Female business
owner
3 - Physically handicapped female business owner
4 - Physically handicapped male business
owner
0 - Unknown
3rd character represents 'Business Certification Type'. Contains a code to identify specific
characteristics about the business certification type, such as
small business, disadvantaged, or other certification type:
1 - Not certified
2 - Small Business
Administration (SBA)
certification small business
3 - SBA certification as
small disadvantaged
business
4 - Other government
or agency-recognized
certification (such as
Minority Supplier Development Council)

July 2018

Page 420 of 477

Moneris Gateway API - Integration Guide

Req

Variable Name

Field Name

Size/Type

Description
5 - Self-certified small
business
6 - SBA certification as
small and other government or agencyrecognized certification
7 - SBA certification as
small disadvantaged
business and other government or agencyrecognized certification
8 - Other government
or agency-recognized
certification and self-certified small business
A - SBA certification as 8
(a)
B - Self-certified small
disadvantaged business (SDB)
C - SBA certification as
HUBZone
0 - Unknown
4th character represents 'Business Racial/Ethnic Type'. Contains a code identifying the
racial or ethnic type of the
majority owner of the business.
1 - African American
2 - Asian Pacific American
3 - Subcontinent Asian
American
4 - Hispanic American
5 - Native American
Indian
6 - Native Hawaiian
7 - Native Alaskan
8 - Caucasian
9 - Other

Page 421 of 477

July 2018

Appendix A Definitions of Request Fields

Req

Variable Name

Field Name

Size/Type

Description
0 - Unknown
5th character represents 'Business Type Provided Code'
Y - Business type is
provided.
N - Business type was
not provided.
R - Card acceptor
refused to provide business type
6th character represents 'Business Owner Type Provided
Code'
Y - Business owner type
is provided.
N - Business owner type
was not provided.
R - Card acceptor
refused to provide business type
7th character represents 'Business Certification Type
Provided Code'
Y - Business certification
type is provided.
N - Business certification type was not
provided.
R - Card acceptor
refused to provide business type
8th character represents 'Business Racial/Ethnic Type’
Y - Business racial/ethnic type is provided.
N - Business racial/ethnic type was not

July 2018

Page 422 of 477

Moneris Gateway API - Integration Guide

Req

Variable Name

Field Name

Size/Type

Description
provided.
R - Card acceptor
refused to provide business racial/ethnic type

N

CardAcceptorTaxId

Card
Acceptor
Tax ID

20-character
alphanumeric

US Federal tax ID number for
value added tax (VAT) ID.

N

CardAcceptorReferenceNumber

Card
Acceptor
Reference
Number

25-character
alphanumeric

Code that facilitates card
acceptor/corporation communication and record keeping

N

CardAcceptorVatNumber

Card
Acceptor
VAT Number

20-character
alphanumeric

Value added tax (VAT) number
for the card acceptor location
used to identify the card
acceptor when collecting and
reporting taxes

C*

Tax

Tax

up to 6
arrays

Can have up to 6 arrays contains different tax details. See
Tax Array below for each field
description.
*This field is conditionally mandatory — if you use this array,
you must fill in all tax array
fields as listed in the Tax Array
Request Fields below.

Table 3: MasterCard - Line Item Details (MCCorpal) - Level 3 Request Fields
Req
N

Variable Name
CustomerCode

Page 423 of 477

Field Name
Customer Code

Size/Type
25-character alphanumeric

Description
A control number,
such as purchase
order number, project number,
department allocation number or
name that the pur-

July 2018

Appendix A Definitions of Request Fields

Req

Variable Name

Field Name

Size/Type

Description
chaser supplied the
merchant. Left-justified; may be
spaces

N

LineItemDate

Line Item Date

6-character numeric

The purchase date
of the line item referenced in the associated Corporate
Card Line Item
Detail.
YYMMDD format

N

ShipDate

Ship Date

6-character numeric

The date the merchandise was
shipped to the destination.
YYMMDD format

N

OrderDate

Order Date

6-character numeric

The date the item
was ordered
YYMMDD format

Y

ProductCode

Product Code

12-character alphanumeric

Line item Product
Code (if this field is
not sent, then
itemComCode)
If the order has a
Freight/Shipping
line item, the productCode value
has to be
“Freight/Shipping”
If the order has a
Discount line item,
the productCode
value has to be
“Discount”

Y

ItemDescription

Item Description

35-character alphanumeric

Line Item description

Y

ItemQuantity

Item Quantity

12-character alpha-

Quantity of line

July 2018

Page 424 of 477

Moneris Gateway API - Integration Guide

Req

Y

Variable Name

UnitCost

Field Name

Unit Cost

Size/Type

Description

numeric

item

12-character decimal

Line item cost per
unit.
Must contain a
minimum of 2
decimal places, up
to 5 decimal places
supported.
Minimum amount
is 0.00001 and maximum is
999999.99999

Y

ItemUnitMeasure

Item Unit Measure

12-character alphanumeric

The line item unit
of measurement
code

Y

ExtItemAmount

Extended Item
Amount

9-character decimal

Contains the individual item
amount that is normally calculated as
price multiplied by
quantity
Must contain 2
decimal places
Minimum amount
is 0.00 and maximum is 999999.99

N

DiscountAmount

Discount Amount

9-character decimal

Contains the item
discount amount
Must contain 2
decimal places
Minimum amount
is 0.00 and maximum is 999999.99

N

CommodityCode

Page 425 of 477

Commodity Code

15-character alphanumeric

Code assigned to
the merchant that
best categorizes
the item(s) being
purchased

July 2018

Appendix A Definitions of Request Fields

Req
C*

Variable Name
Tax

Field Name
Tax

Size/Type
Up to 6 arrays

Description
Can have up to 6
arrays contains different tax details.
See Tax Array
below for each field
description.
*This field is conditionally mandatory — if you use
this array, you
must fill in all tax
array fields as listed
in the Tax Array
Request Fields
below.

Table 4: Tax Array Request Fields - MasterCard Level 2/3 Transactions
Req
M

Variable Name
tax_amount

Field Name
Tax Amount

Size/Type
12-character decimal

Description
Contains detail tax
amount for purchase of goods or
service
Must be 2 decimal
places
Maximum
999999.99

M

tax_rate

Tax Rate

5-character decimal

Contains the
detailed tax rate
applied in relationship to a specific tax amount
EXAMPLE: 5% GST
should be ‘5.0’ or
or 9.975% QST
should be ‘9.975’

May contain up to
3 decimals, minimum 0.001, max-

July 2018

Page 426 of 477

Moneris Gateway API - Integration Guide

Req

Variable Name

Field Name

Size/Type

Description
imum up to 9999.9

M

tax_type

Tax Type

4-character alphanumeric

Contains tax type
such as
GST,QST,PST,HST

M

tax_id

Tax ID

20-character alphanumeric

Provides an identification number
used by the card
acceptor with the
tax authority in relationship to a specific tax amount
such as GST/HST
number

M

tax_included_in_
sales

Tax included in sales
indicator

1-character alphanumeric

This is the indicator
used to reflect additional tax capture
and reporting.
Valid values are:
Y = Tax included in total
purchase amount
N = Tax not included in
total purchase amount

A.5 Definition of Request Fields for Level 2/3 - Amex
Table 1: Amex- Level 2/3 Request Fields - Table 1 - Heading Fields
Req
C

Variable Name
big04

Field Name
Purchase Order Number

Size/Type
22-character alphanumeric

Description
The cardholder supplied Purchase Order
Number, which is
entered by the merchant at the point-ofsale
This entry is used in
the Statement/Reporting process and may include

Page 427 of 477

July 2018

Appendix A Definitions of Request Fields

Req

Variable Name

Field Name

Size/Type

Description
accounting information specific to the
client
Mandatory if the merchant's customer
provides a Purchase
Order Number

N

big05

Release Number

30-character alphanumeric

A number that identifies a release
against a Purchase
Order previously
placed by the parties
involved in the transaction

N

big10

Invoice Number

8-character alphanumeric

Contains the Amex
invoice/reference
number

Y

n101

Entity Identifier Code

2-character alphanumeric

Supported values:
‘R6’ - Requester
(required)
‘BG’ - Buying Group
(optional)
‘SF’ - Ship From
(optional)
‘ST’ - Ship To (optional)
‘40’ - Receiver (optional)

Y

n102

July 2018

Name

40-character alphanumeric

n101
code

n102
meaning

R6

Requester
Name

BG

Buying Group
Name

SF

Ship
From Name

ST

Ship To Name

40

Receiver Name

Page 428 of 477

Moneris Gateway API - Integration Guide

Req

Variable Name

Field Name

Size/Type

Description

N

n301

Address

40-character alphanumeric

Address

N

n401

City

30-character alphanumeric

City

N

n402

State or Province

2-character alphanumeric

State or Province

N

n403

Postal Code

15-character alphanumeric

Postal Code

Y

ref01

Reference Identification Qualifier

2-character alphanumeric

This element may
contain the following
qualifiers for the corresponding occurrences of the
N1Loop:
n101
ref01
value denotation
R6

Supported values:
4C - Shipment
Destination
Code (mandatory)
CR - Customer
Reference
Number (conditional)

Y

ref02

Page 429 of 477

Reference Identification

15-character alphanumeric

BG

n/a

SF

n/a

ST

n/a

40

n/a

VR is the Vendor
ID Number, other
codes describe the
following:

July 2018

Appendix A Definitions of Request Fields

Req

Variable Name

Field Name

Size/Type

Description
ref01
ref02
code denotation
4C

Ship to Zip or
Canadian
Postal Code
(required)

CR

Cardmember
Reference
Number
(optional)

Table 2: Amex - Level 2/3 Request Fields - Table 2 - Detail Fields
Req
Y

Variable Name
it102

Field Name
Line Item Quantity
Invoiced

Size/Type
10-character decimal

Description
Quantity of line
item.
Up to 2 decimal
places supported.
Minimum amount
is 0.0 and maximum is
9999999999.

Y

it103

Unit or Basis for Measurement Code

2-character alphanumeric

The line item unit of
measurement code
Must contain a
code that specifies
the units in which
the value is
expressed or the
manner in which a
measurement is
taken
EXAMPLE: EA =
each, E5=inches

See ANSI X-12 EDI
Allowable Units of
Measure and
Codes for the list of
codes

July 2018

Page 430 of 477

Moneris Gateway API - Integration Guide

Req
Y

Variable Name
it104

Field Name
Unit Price

Size/Type
15-character decimal

Description
Line item cost per
unit
Must contain 2
decimal places
Minimum amount
is 0.00 and maximum is 999999.99

N

it105

Basis or Unit Price
Code

2-character alphanumeric

Code identifying
the type of unit
price for an item
EXAMPLE: DR =
dealer, AP = advise
price

See ASC X12 004010
Element 639 for list
of codes
N

it10618

Product/Service ID
Qualifier

2-character alphanumeric

Supported values:
‘MG’ - Manufacturer’s
Part Number
‘VC’ - Supplier Catalog
Number
‘SK’ - Supplier Stock
Keeping Unit Number
‘UP’ - Universal Product
Code
‘VP’ – Vendor Part Number
‘PO’ – Purchase Order
Number
‘AN’ – Client Defined
Asset Code

N

it10719

Page 431 of 477

Product/Service ID

it10618

it10719 size/type

VC

20-character
alphanumeric

PO

22-character
alphanumeric

Product/Service ID
corresponds to the
preceding qualifier
defined in it10618
The maximum
length depends on

July 2018

Appendix A Definitions of Request Fields

Req

Variable Name

Field Name

Size/Type
it10618
Other

C

txi01

Tax Type code

it10719 size/type

Description
the qualifier
defined in it10618

30-character
alphanumeric

2-character alphanumeric

Supported values:
‘CA’ – City Tax
(optional)
‘CT’ – County/Tax
(optional)
‘EV’ – Environmental
Tax (optional)
‘GS’ – Good and Services Tax (GST)
(optional)
‘LS’ – State and Local
Sales Tax (optional)
‘LT’ – Local Sales Tax
(optional)
‘PG’ – Provincial Sales
Tax (PST) (optional)
‘SP’ – State/Provincial
Tax a.k.a. Quebec Sales
Tax (QST) (optional)
‘ST’ – State Sales Tax
(optional)
‘TX’ – All Taxes
(required)
‘VA’ – Value-Added Tax
a.k.a. Canadian Harmonized Sales Tax
(HST) (optional)

C

txi02

Monetary Amount

6-character decimal

This element may
contain the monetary tax amount
that corresponds
to the Tax Type
Code in txi01
NOTE:
If txi02 is used in mandatory occurrence

July 2018

Page 432 of 477

Moneris Gateway API - Integration Guide

Req

Variable Name

Field Name

Size/Type

Description
txi01=TX, txi02 must
contain the total tax
amount applicable to
the entire invoice
(transaction)
If taxes are not applicable for the entire
invoice (transaction),
txi02 must be 0.00.

The maximum
value that can be
entered in this field
is “9999.99”, which
is $9,999.99 (CAD)
A debit is entered
as: 9999.99
A credit is entered
as: –9999.99
C

txi03

Percent

10-character decimal

Contains the tax
percentage (in
decimal format)
that corresponds
to the tax type
code defined in
txi01
Up to 2 decimal
places supported

C

txi06

Tax Exempt Code

1-character alphanumeric

This element may
contain the Tax
Exempt Code that
identifies the
exemption status
from sales and tax
that corresponds
to the Tax Type
Code in txi01
Supported values:
1 – Yes (Tax Exempt)
2 – No (Not Tax
Exempt)
4 – Not Exempt/For
Resale

Page 433 of 477

July 2018

Appendix A Definitions of Request Fields

Req

Variable Name

Field Name

Size/Type

Description
A – Labor Taxable,
Material Exempt
B – Material Taxable,
Labor Exempt
C – Not Taxable
F – Exempt (Goods /
Services Tax)
G – Exempt (Provincial
Sales Tax)
L – Exempt Local Service
R – Recurring Exempt
U – Usage Exempt

Y

pam05

Line Item Extended
Amount

8-character decimal

Contains the individual item amount
that is normally calculated as price multiplied by quantity
Must contain 2
decimal places
Minimum amount
is 0.00 and maximum is 99999.99

Y

pid05

Line Item Description

80-character alphanumeric

Line Item description
Contains the
description of the
individual item purchased
This field pertain to
each line item in
the transaction

July 2018

Page 434 of 477

Moneris Gateway API - Integration Guide
Table 3: Amex - Level 2/3 Request Fields - Table 3 - Summary Fields
Req
C

Variable Name
txi01

Field Name
Tax Type code

Size/Type
2-character alphanumeric

Description
Supported values:
‘CA’ – City Tax
(optional)
‘CT’ – County/Tax
(optional)
‘EV’ – Environmental
Tax (optional)
‘GS’ – Good and Services Tax (GST)
(optional)
‘LS’ – State and Local
Sales Tax (optional)
‘LT’ – Local Sales Tax
(optional)
‘PG’ – Provincial Sales
Tax (PST) (optional)
‘SP’ – State/Provincial
Tax a.k.a. Quebec Sales
Tax (QST) (optional)
‘ST’ – State Sales Tax
(optional)
‘TX’ – All Taxes
(required)
‘VA’ – Value-Added Tax
a.k.a. Canadian Harmonized Sales Tax
(HST) (optional)

C

txi02

Monetary Amount

6-character decimal

This element may
contain the monetary tax amount
that corresponds
to the Tax Type
Code in txi01
NOTE:
If txi02 is used in mandatory occurrence
txi01=TX, txi02 must
contain the total tax
amount applicable to
the entire invoice
(transaction)
If taxes are not applic-

Page 435 of 477

July 2018

Appendix A Definitions of Request Fields

Req

Variable Name

Field Name

Size/Type

Description
able for the entire
invoice (transaction),
txi02 must be 0.00.

The maximum
value that can be
entered in this field
is “9999.99”, which
is $9,999.99 (CAD)
A debit is entered
as: 9999.99
A credit is entered
as: –9999.99
C

txi03

Percent

10-character decimal

Contains the tax
percentage (in
decimal format)
that corresponds
to the tax type
code defined in
txi01
Up to 2 decimal
places supported

C

txi06

Tax Exempt Code

1-character alphanumeric

Supported values:
1 – Yes (Tax Exempt)
2 – No (Not Tax
Exempt)
4 – Not Exempt/For
Resale
A – Labor Taxable,
Material Exempt
B – Material Taxable,
Labor Exempt
C – Not Taxable
F – Exempt (Goods /
Services Tax)
G – Exempt (Provincial
Sales Tax)
L – Exempt Local Service

July 2018

Page 436 of 477

Moneris Gateway API - Integration Guide

Req

Variable Name

Field Name

Size/Type

Description
R – Recurring Exempt
U – Usage Exempt

Page 437 of 477

July 2018

Appendix B Definitions of Response Fields
Table 110: Receipt object response values
Value

Type

Limits

Get Method
Description

General response fields
Card type

String

2-character
alphabetic (min. 1)

$mpgResponse->getCardType();

Represents the type of card in the transaction, e.g., Visa, Mastercard.
Possible values:
l
l
l
l
l
l
l
l

Transaction
amount

String

Transaction number

String

V = Visa
M = Mastercard
AX = American Express
DC = Diner's Card
NO = Novus/Discover
SE = Sears
D = Debit
C1 = JCB

9-character decimal

$mpgResponse->getTransAmount();

Transaction amount that was processed.
255-character
alphanumeric

$mpgResponse->getTxnNumber();

Gateway Transaction identifier often needed for follow-on transactions (such as
Refund and Purchase Correction) to reference the originally processed
transaction.
Receipt ID

String

50-character
alphanumeric

$mpgResponse->getReceiptId();

Order ID that was specified in the transaction request.
Transaction type

String
l
l
l
l
l

July 2018

2-character
alphanumeric

$mpgResponse->getTransType();

0 = Purchase
1 = Pre-Authorization
2 = Completion
4 = Refund
11 = Void

Page 438 of 477

Moneris Gateway API - Integration Guide
Table 110: Receipt object response values (continued)
Type

Value

Limits

Get Method
Description

Reference number

String

18-character
numeric

$mpgResponse->getReferenceNum();

Terminal used to process the transaction as well as the shift, batch and sequence
number. This data is typically used to reference transactions on the host systems,
and must be displayed on any receipt presented to the customer.
This information is to be stored by the merchant.
Example: 660123450010690030
l
l
l
l

Response code

String
l
l
l

66012345: Terminal ID
001: Shift number
069: Batch number
003: Transaction number within the batch.
3-character numeric $mpgResponse->getResponseCode();

< 50: Transaction approved
≥ 50: Transaction declined
Null: Transaction incomplete.

For further details on the response codes that are returned, see the Response
Codes document at https://developer.moneris.com.
ISO

String

2-character numeric $mpgResponse->getISO();

ISO response code
Bank totals

Object
Response data returned in a Batch Close and Open Totals request. See
"Definitions of Response Fields" on the previous page.

Message

String

100-character alpha- $mpgResponse->getMessage();
numeric

Response description returned from issuer.
The message returned from the issuer is intended for merchant information only,
and is not intended for customer receipts.
Authorization code String

8-character
alphanumeric

$mpgResponse->getAuthCode();

Authorization code returned from the issuing institution.

Page 439 of 477

July 2018

Appendix B Definitions of Response Fields
Table 110: Receipt object response values (continued)
Value

Type

Limits

Get Method
Description

Complete

String

true/false

$mpgResponse->getComplete();

Transaction was sent to authorization host and a response was received
Transaction date

String

Format: yyyy-mmdd

$mpgResponse->getTransDate();

Processing host date stamp
Transaction time

String

Format: ##:##:##

$mpgResponse->getTransTime();

Processing host time stamp
Ticket

String

N/A

$mpgResponse->getTicket();

Reserved field.
Timed out

String

true/false

$mpgResponse->getTimedOut();

Transaction failed due to a process timing out.
Is Visa Debit

String

true/false

$mpgResponse->getIsVisaDebit();

Indicates whether the card processed is a Visa Debit.

Batch Close/Open Totals response fields
Processed card
types

String
Array

N/A

Returns all of the processed card types in the current batch for the terminal
ID/ECR Number from the request.
Terminal IDs

String

8-character alphanumeric

Returns the terminal ID/ECR Number from the request.
Purchase count

String

4-character numeric $mpgResponse->getPurchaseCount
($ecr_number,$creditCards[$i]);

Indicates the # of Purchase, Pre-Authorization Completion and Force Post transactions processed. If none were processed in the batch, then the value returned
will be 0000.

July 2018

Page 440 of 477

Moneris Gateway API - Integration Guide
Table 110: Receipt object response values (continued)
Value

Type

Limits

Get Method
Description

Purchase amount

String

11-character alphanumeric

$mpgResponse->getPurchaseAmount
($ecr_number,$creditCards[$i]);

Indicates the dollar amount processed for Purchase, Pre-Authorization Completion or Force Post transactions. This field begins with a + and is followed by 10
numbers, the first 8 indicate the amount and the last 2 indicate the penny value.
EXAMPLE: +0000000000 = 0.00 and +0000041625 = 416.25

Refund count

String

4-character numeric $mpgResponse->getRefundAmount($ecr_
number,$creditCards[$i]);

Indicates the # of Refund or Independent Refund transactions processed. If none
were processed in the batch, then the value returned will be 0000.
Refund amount

String

11-character alphanumeric

$mpgResponse->getRefundAmount($ecr_
number,$creditCards[$i]);

Indicates the dollar amount processed for Refund, Independent Refund or ACH
Credit transactions. This field begins with a + and is followed by 10 numbers, the
first 8 indicate the amount and the last 2 indicate the penny value.
Example, +0000000000 = 0.00 and +0000041625 = 416.25
Correction count

String

4-character numeric $mpgResponse->getCorrectionCount
($ecr_number,$creditCards[$i]);

Indicates the # of Purchase Correction transactions processed. If none were processed in the batch, then the value returned will be 0000.
Correction amount

String

11-character alphanumeric

$mpgResponse->getCorrectionAmount
($ecr_number,$creditCards[$i]);

Indicates the dollar amount processed for Purchase Correction transactions. This
field begins with a + and is followed by 10 numbers, the first 8 indicate the
amount and the last 2 indicate the penny value.
EXAMPLE: +0000000000 = 0.00 and +0000041625 = 416.25

Recurring Billing Response Fields (see Appendix A, page 1)
$mpgResponse->getRecurSuccess();
Recurring billing suc- String
true/false
cess
Indicates whether the recurring billing transaction has been successfully set up
for future billing.

Page 441 of 477

July 2018

Appendix B Definitions of Response Fields
Table 110: Receipt object response values (continued)
Value

Type

Limits

Get Method
Description

Recur update success

String

true/false

$mpgResponse->getRecurUpdateSuccess
();

Indicates recur update success.
Next recur date

String

yyyy-mm-dd

$mpgResponse->getNextRecurDate();

Indicates next recur billing date.
Recur end date

String

yyyy-mm-dd

$mpgResponse->getRecurEndDate();

Indicates final recur billing date.
Status Check response fields (see )
Status code

String
l
l

3-character alphanumeric

$mpgResponse->getStatusCode();

< 50: Transaction found and successful
≥ 50: Transaction not found and not successful

NOTE: the status code is only populated if the connection object's Status Check property is set
to true.

Status message

String
l
l

found/not found

$mpgResponse->getStatusMessage();

Found: 0 ≤ Status Code ≤ 49
Not Found or null: 50 ≤ Status Code ≤ 999.

NOTE: The status message is only populated if the connection object's Status Check property
is set to true.

AVS response fields (see 9.1, page 282)
AVS result code

String

1-character alphanumeric

$mpgResponse->getAvsResultCode();

Indicates the address verification result. For a full list of possible response codes
refer to Section Appendix B.
CVD response fields (see )
CVD result code

String

2-character alphanumeric

$mpgResponse->getCvdResultCode();

Indicates the CVD validation result. The first byte is the numeric CVD indicator
sent in the request; the second byte is the response code. Possible response
codes are shown in Appendix B
MPI response fields (see "MPI" on page 1)

July 2018

Page 442 of 477

Moneris Gateway API - Integration Guide
Table 110: Receipt object response values (continued)
Value

Type

Limits

Get Method
Description

Type

String

99-character alphanumeric

VERes, PARes or error defines what type of response you are receiving .
Success

Boolean

true/false

$mpgResponse->getMpiSuccess();

True if attempt was successful, false if attempt was unsuccessful.
Message

String

100-character alpha- $mpgResponse->getMpiMessage();
betic

MPI TXN transactions can produce the following values:
l
l
l

Y: Create VBV verification form popup window.
N: Send purchase or preauth with crypt type 6
U: Send purchase or preauth with crypt type 7.

MPI ACS transactions can produce the following values:
l

l

l

Term URL

String

Y or A: (Also receipt.getMpiSuccess()=true) Proceed with cavv purchase or cavv preauth.
N: Authentication failed or high-risk transaction. It is recommended that
you do not to proceed with the transaction.
Depending on a merchant’s risk tolerance and results from other methods
of fraud detection, transaction may proceed with crypt type 7.
U or time out: Send purchase or preauth as crypt type 7.
255-character alphanumeric

URL to which the PARes is returned
MD

String

1024-character alphanumeric

Merchant-defined data that was echoed back
ACS URL

String

255-character alphanumeric

URL that will be for the generated pop-up

Page 443 of 477

July 2018

Appendix B Definitions of Response Fields
Table 110: Receipt object response values (continued)
Value

Type

Limits

Get Method
Description

MPI CAVV

String

28-character alphanumeric

VbV/MCSC/American Express SafeKey authentication data
MPI E-Commerce
Indicator

String

1-character alphanumeric

CAVV result code

String

1-character alphanumeric

$mpgResponse->getCavvResultCode();

Indicates the Visa CAVV result. For more information, see 8.6.7 Cavv Result Codes
for Verified by Visa.
l
l
l
l
l
l
l
l

0 = CAVV authentication results invalid
1 = CAVV failed validation; authentication
2 = CAVV passed validation; authentication
3 = CAVV passed validation; attempt
4 = CAVV failed validation; attempt
7 = CAVV failed validation; attempt (US issued cards only)
8 = CAVV passed validation; attempt (US issued cards only)
The CAVV result code indicates the result of the CAVV validation.
$mpgResponse->getMpiInLineForm();

MPI inline form

Vault response fields (see 4.1, page 50)
Data key

String

28-character alphanumeric

$mpgResponse->getDataKey();

The data key response field is populated when you send a Vault Add Credit Card –
ResAddCC (page 52), Vault Encrypted Add Credit Card - EncResAddCC (page 56),
Vault Tokenize Credit Card – ResTokenizeCC (page 81), Vault Temporary Token
Add – ResTempAdd (page 59) or Vault Add Token – ResAddToken (page 77) transaction. It is the profile identifier that all future financial Vault transactions will use
to associate with the saved information.
Vault payment type String

cc

$mpgResponse->getPaymentType();

Indicates the payment type associated with a Vault profile
$mpgResponse->getExpPaymentType();
Expiring card's Pay- String
cc
ment type
Indicates the payment type associated with a Vault profile. Applicable to Vault
Get Expiring transaction type.

July 2018

Page 444 of 477

Moneris Gateway API - Integration Guide
Table 110: Receipt object response values (continued)
Value

Type

Limits

Get Method
Description

Vault masked PAN

String

20-character
numeric

$mpgResponse->getResDataMaskedPan
();

Returns the first 4 and/or last 4 of the card number saved in the profile.
Expiring card's
Masked PAN

String

20-character
numeric

$mpgResponse->getResDataMaskedPan
();

Returns the first 4 and/or last 4 of the card number saved in the profile. Applicable to Vault Get Expiring transaction type.

Vault success

String

true/false

$mpgResponse->getResSuccess();

Indicates whether Vault transaction was successful.
Vault customer ID

String

30-character alphanumeric

$mpgResponse->getResDataCustId();

Returns the customer ID saved in the profile.
Expiring card's customer ID

String

30-character alphanumeric

$mpgResponse->getResDataCustId();

Returns the customer ID saved in the profile. Applicable to Vault Get Expiring
transaction type.

Vault phone number

String

30-character alphanumeric

$mpgResponse->getResDataPhone();

Returns the phone number saved in the profile.
Expiring card's
phone number

String

30-character alphanumeric

$mpgResponse->getResDataPhone();

Returns the phone number saved in the profile. Applicable to Vault Get Expiring
transaction type.

Vault email address String

30-character alphanumeric

$mpgResponse->getResDataEmail();

Returns the email address saved in the profile.

Page 445 of 477

July 2018

Appendix B Definitions of Response Fields
Table 110: Receipt object response values (continued)
Value

Type

Limits

Get Method
Description

Expiring card's email String
address

30-character alphanumeric

$mpgResponse->getResDataEmail();

Returns the email address saved in the profile. Applicable to Vault Get Expiring
transaction type.
Vault note

String

30-character alphanumeric

$mpgResponse->getResDataNote();

Returns the note saved in the profile.
Expiring card's note String

30-character alphanumeric

$mpgResponse->getResDataNote();

Returns the note saved in the profile. Applicable to Vault Get Expiring transaction
type.
Vault expiry date

String

4-character numeric $mpgResponse->getResDataExpDate();

Returns the expiry date of the card number saved in the profile. YYMM format.
Expiring card's
expiry date

String

Vault E-commerce
indicator

String

4-character numeric $mpgResponse->getResDataExpDate();

Returns the expiry date of the card number saved in the profile. YYMM format.
Applicable to Vault Get Expiring transaction type.
1-character numeric $mpgResponse->getResDataCryptType
();

Returns the e-commerce indicator saved in the profile.
Expiring card's EString
1-character numeric $mpgResponse->getResDataCryptType
();
commerce indicator
Returns the e-commerce indicator saved in the profile. Applicable to Vault Get
Expiring transaction type.
Vault AVS street
number

String

19-character alphanumeric

$mpgResponse>getResDataAvsStreetNumber();

Returns the AVS street number saved in the profile. If no other AVS street number is passed in the transaction request, this value will be submitted along with
the financial transaction to the issuer.

July 2018

Page 446 of 477

Moneris Gateway API - Integration Guide
Table 110: Receipt object response values (continued)
Value

Type

Limits

Get Method
Description

Expiring card's AVS
street number

String

19-character alphanumeric

$mpgResponse>getResDataAvsStreetNumber();

Returns the AVS street number saved in the profile. If no other AVS street number is passed in the transaction request, this value will be submitted along with
the financial transaction to the issuer. Applicable to Vault Get Expiring transaction
type.
Vault AVS street
name

String

19-character alphanumeric

$mpgResponse>getResDataAvsStreetName();

Returns the AVS street name saved in the profile. If no other AVS street number is
passed in the transaction request, this value will be submitted along with the financial transaction to the issuer.
Expiring card's AVS
street name

String

19-character alphanumeric

$mpgResponse>getResDataAvsStreetName();

Returns the AVS street name saved in the profile. If no other AVS street number is
passed in the transaction request, this value will be submitted along with the financial transaction to the issuer. Applicable to Vault Get Expiring transaction type.
Vault AVS ZIP code

String

9-character alphanumeric

$mpgResponse->getResDataAvsZipcode
();

Returns the AVS zip/postal code saved in the profile. If no other AVS street number is passed in the transaction request, this value will be submitted along with
the financial transaction to the issuer.
Expiring card's
AVS ZIP code

String

9-character alphanumeric

$mpgResponse->getResDataAvsZipcode
();

Returns the AVS zip/postal code saved in the profile. If no other AVS street number is passed in the transaction request, this value will be submitted along with
the financial transaction to the issuer. Applicable to Vault Get Expiring transaction
type.
Vault credit card
number

String

20-character
numeric

$mpgResponse->getResDataPan();

Returns the full credit card number saved in the Vault profile. Applicable to Vault
Lookup Full transaction only.
Corporate card

String

true/false

$mpgResponse->getCorporateCard();

Indicates whether the card associated with the Vault profile is a corporate card.
Encrypted Mag Swipe response fields (see 6, page 118)

Page 447 of 477

July 2018

Appendix B Definitions of Response Fields
Table 110: Receipt object response values (continued)
Value

Type

Limits

Get Method
Description

Masked credit card
number

String

20-character alphanumeric

$mpgResponse->getMaskedPan();

Convenience Fee response fields (see Appendix A, page 1)
Convenience fee
success

String

Convenience fee
status

String

true/false

$mpgResponse->getCfSuccess();

Indicates whether the Convenience Fee transaction processed successfully.
2-character alphanumeric

$mpgResponse->getCfStatus();

Indicates the status of the merchant and convenience fee transactions. The
CfStatus field provides details about the transaction behavior and should be referenced when contacting Moneris Customer Support.
Possible values are:
l
l
l
l
l
l
l
l
l

Convenience fee
amount

String

Convenience fee
rate

String

1 or 1F – Completed 1st purchase transaction
2 or 2F – Completed 2nd purchase transaction
3 – Completed void transaction
4A or 4D – Completed refund transaction
7 or 7F – Completed merchant independent refund transaction
8 or 8F – Completed merchant refund transaction
9 or 9F – Completed 1st void transaction
10 or 10F – Completed 2nd void transaction
11A or 11D – Completed refund transaction
9-character decimal

$mpgResponse->getFeeAmount();

The expected Convenience Fee amount. This field will return the amount submitted by the merchant for a successful transaction. For an unsuccessful transaction, it will return the expected convenience fee amount
9-character decimal

$mpgResponse->getFeeRate();

The convenience fee rate that has been defined on the merchant’s profile. For
example:
1.00 – a fixed amount or
10.0 - a percentage amount

July 2018

Page 448 of 477

Moneris Gateway API - Integration Guide
Table 110: Receipt object response values (continued)
Type

Value

Limits

Get Method
Description

Convenience fee
type

String

$mpgResponse->getFeeType();

AMT/PCT

The type of convenience fee that has been defined on the merchant’s profile.
Available options are:
AMT – fixed amount
PCT – percentage

Code

Table 111: Financial transaction response codes
Description

< 50

Transaction approved

≥ 50

Transaction declined

NULL

Transaction was not sent for authorization

For more details on the response codes that are returned, see the Response Codes document available
at https://developer.moneris.com
Table 112: Vault Admin Responses
Code
001

Description
Successfully registered CC details.
Successfully updated CC details.
Successfully deleted CC details.
Successfully located CC details.
Successfully located # expiring cards.
(NOTE: # = the number of cards located)

983

Cannot find previous

986

Incomplete: timed out

987

Invalid transaction

988

Cannot find expiring cards

Null

Error: Malformed XML

Page 449 of 477

July 2018

Appendix B Definitions of Response Fields

July 2018

Page 450 of 477

Appendix C Error Messages
Error messages that are returned if the gateway is unreachable
Global Error Receipt
You are not connecting to our servers. This can be caused by a firewall or your internet connection.
Response Code = NULL
The response code can be returned as null for a variety of reasons. The majority of the time,
the explanation is contained within the Message field.
When a ‘NULL’ response is returned, it can indicate that the issuer, the credit card host, or the
gateway is unavailable. This may be because they are offline or because you are unable to connect to the internet.
A ‘NULL’ can also be returned when a transaction message is improperly formatted.

Error messages that are returned in the Message field of the response
XML Parse Error in Request: 
An improper XML document was sent from the API to the servlet.
XML Parse Error in Response: 
An improper XML document was sent back from the servlet.
Transaction Not Completed Timed Out
Transaction timed out before the host responds to the gateway.
Request was not allowed at this time
The host is disconnected.
Could not establish connection with the gateway: 
Gateway is not accepting transactions or server does not have proper access to internet.
Input/Output Error: 
Servlet is not running.
The transaction was not sent to the host because of a duplicate order id
Tried to use an order id which was already in use.
The transaction was not sent to the host because of a duplicate order id
Expiry Date was sent in the wrong format.

Vault error messages
Can not find previous
Data key provided was not found in our records or profile is no longer active.
Invalid Transaction
Transaction cannot be performed because improper data was sent.
or
Mandatory field is missing or an invalid SEC code was sent.
Malformed XML
Parse error.
Incomplete
Timed out.
or
Cannot find expiring cards.

July 2018

Page 452 of 477

Appendix D Process Flow for Basic Pre-Auth, Re-Auth
and Completion Transactions

July 2018

Page 454 of 477

Appendix E Merchant Checklists for INTERAC® Online
Payment Certification Testing
Merchant Information
Name and URL

Merchant Name (English)
Homepage URL (English)
Merchant Name (French)
Homepage URL (French)

Number

Merchant Number

Transaction fee category

Government

(Circle one)

Education
General

Checklist for Front-End Tests
Case # Date Completed

Remarks

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

July 2018

Canada Only

Page 455 of 477

Moneris Gateway API - Integration Guide

Case # Date Completed

Remarks

16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39

Merchant Requirements
Table 113: Checklist for web display requirements
Done

Requirement
Checkout page

Page 456 of 477

Canada Only

July 2018

Appendix E Merchant Checklists for INTERAC® Online Payment Certification Testing
Table 113: Checklist for web display requirements (continued)
Done

Requirement
Displays the INTERAC Online design (logo), wordmark (text "INTERAC Online) or
both
Design and Wordmark Requirements (any page)
Other payment option logos:
l

l

Displays the INTERAC Online design (logo) if the merchant displays the
trademarks or logos of other payment options.
Design is equal in size and no less prominent than other payment
option trademarks.

INTERAC wordmark:
l

l

l

INTERAC is always either in capital letters or italics (as in "the INTERAC
Online service")
In the first use of the INTERAC Online wordmark, INTERAC is followed by
the ® notation in superscript. For example, "Interac®" (English) or
<> (French).
On the same page as the first occurence of the wordmark, the following
language-appropriate footnote appears:
l ® Trademark of Interac Inc. Used under licence"
MD
l
Marque de commerce d'Interac Inc. Utilisée sous licence
Version of design

Uses the two-colour design on the web:
l

l

Horizontal version—height no shorter than 25 pixels (width-to-height
ratio of 2:37:1)
Vertical version—width no narrower than 30 pixels (widteh-to-height
ratio of 1:1:37)
"Learn more" information

Provides consumers with a link to www.interaconline.com/learn (preferably on
the checkout page)
Confirmation page
States that the transaction is successful
Displays the financial institution's name and confirmation number
Provides ability to print

July 2018

Canada Only

Page 457 of 477

Moneris Gateway API - Integration Guide
Table 113: Checklist for web display requirements (continued)
Done

Requirement
Error page
Indicates that payment was unsuccsessful
States that the order is cancelled or displays other payment options
Timeout message
Is displayed if consumer has less than 30 minutes to complete payment
Payment
Displays the total in Canadian dollars

Table 114: Checklist for security/privacy requirements
Done

Requirement
Merchant
Uses no less than 128-bit SSL encryption when collecting personal information
Protects consumer information in accordance with applicable federal and provincial privacy
legislation
Adheres to the Canadian Code of Practice for Consumer Protection in Electronic Commerce
Provided screenshots
Checkout page (where customer selects INTERAC Online option)
Confirmation page (one of the test case 1, 2, or 3)
Error page (test case 4)

Page 458 of 477

Canada Only

July 2018

Appendix F Third-Party Service Provider Checklists for
INTERAC® Online Payment Certification Testing
Third-Party Service Provider Information
Name

English
French

Merchant Web
Application

Solution Name
Version

Acquirer

Interaconline.com/Interacenlgne.com Web Site Listing Information
See http://www.interaconline.com/merchants_thirdparty.php for examples.
English contact information

5 lines maximum. 35 characters/line maximum. For example, contact name
and title, department, telephone, web site, email.

English logo

File type: PNG. Maximum size: 120x120 pixels.

French contact information

5 lines maximum. 35 characters/line maximum. For example, contact name
and title, department, telephone, web site, email.

French logo

File type: PNG. Maximum size: 120x120 pixels.

July 2018

Canada Only

Page 459 of 477

Moneris Gateway API - Integration Guide
Table 115: Checklist for front-end tests
Case # Date Completed

Remarks

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

Page 460 of 477

Canada Only

July 2018

Appendix F Third-Party Service Provider Checklists for INTERAC® Online Payment Certification Testing
Table 115: Checklist for front-end tests
Case # Date Completed

Remarks

30
31
32
33
34
35
36
37
38
39

Merchant Requirements
Table 116: Checklist for web display requirements
Done

Requirement
Checkout page
Displays the INTERAC Online design (logo), wordmark (text "INTERAC Online) or
both
Design and Wordmark Requirements (any page)
Other payment option logos:
l

l

July 2018

Displays the INTERAC Online design (logo) if the merchant displays the
trademarks or logos of other payment options.
Design is equal in size and no less prominent than other payment
option trademarks.

Canada Only

Page 461 of 477

Moneris Gateway API - Integration Guide
Table 116: Checklist for web display requirements (continued)
Done

Requirement
INTERAC wordmark:
l

l

l

INTERAC is always either in capital letters or italics (as in "the INTERAC
Online service")
In the first use of the INTERAC Online wordmark, INTERAC is followed by
the ® notation in superscript. For example, "Interac®" (English) or
<> (French).
On the same page as the first occurence of the wordmark, the following
language-appropriate footnote appears:
l ® Trademark of Interac Inc. Used under licence"
MD
l
Marque de commerce d'Interac Inc. Utilisée sous licence
Version of design

Uses the two-colour design on the web:
l

l

Horizontal version—height no shorter than 25 pixels (width-to-height
ratio of 2:37:1)
Vertical version—width no narrower than 30 pixels (widteh-to-height
ratio of 1:1:37)
"Learn more" information

Provides consumers with a link to www.interaconline.com/learn (preferably on
the checkout page)
Confirmation page
States that the transaction is successful
Displays the financial institution's name and confirmation number
Provides the ability to print
Error page
Indicates that payment was unsuccsessful
States that the order is cancelled or displays other payment options
Timeout message
Is displayed if consumer has less than 30 minutes to complete payment
Payment
Displays the total in Canadian dollars

Page 462 of 477

Canada Only

July 2018

Appendix F Third-Party Service Provider Checklists for INTERAC® Online Payment Certification Testing
Table 117: Checklist for security/privacy requirements
Done

Requirement
Merchant
Uses no less than 128-bit SSL encryption when collecting personal information
Protects consumer information in accordance with applicable federal and provincial privacy
legislation
Adheres to the Canadian Code of Practice for Consumer Protection in Electronic Commerce

Table 118: Checklist for required screenshots
Done

Requirement
Provided screenshots
Checkout page (where customer selects INTERAC Online option)
Confirmation page (one of the test case 1, 2, or 3)
Error page (test case 4)

July 2018

Canada Only

Page 463 of 477

Appendix G Merchant Checklists for INTERAC® Online
Payment Certification
Merchant Information
Name and URL

Merchant Name (English)
Homepage URL (English)
Merchant Name (French)
Homepage URL (French)

Number

Merchant Number

Transaction fee category

Government

(Circle one)

Education
General

Third-party service
provider

Company name

Service provider's
merchant web
application

Solution name
Version

Merchant Requirements
Table 119: Checklist for web display requirements
Done

Requirement

Checkout page
Displays the INTERAC Online design (logo), wordmark (text "INTERAC Online) or
both
Design and Wordmark Requirements (any page)
Other payment option logos:
l

l

July 2018

Displays the INTERAC Online design (logo) if the merchant displays the
trademarks or logos of other payment options.
Design is equal in size and no less prominent than other payment
option trademarks.

Canada Only

Page 464 of 477

Moneris Gateway API - Integration Guide
Table 119: Checklist for web display requirements (continued)
Done

Requirement
INTERAC wordmark:
l

l

l

INTERAC is always either in capital letters or italics (as in "the INTERAC
Online service")
In the first use of the INTERAC Online wordmark, INTERAC is followed by
the ® notation in superscript. For example, "Interac®" (English) or
<> (French).
On the same page as the first occurence of the wordmark, the following
language-appropriate footnote appears:
l ® Trademark of Interac Inc. Used under licence"
MD
l
Marque de commerce d'Interac Inc. Utilisée sous licence

Version of design
Uses the two-colour design on the web:
l

l

Horizontal version—height no shorter than 25 pixels (width-to-height
ratio of 2:37:1)
Vertical version—width no narrower than 30 pixels (widteh-to-height
ratio of 1:1:37)

"Learn more" information
Provides consumers with a link to www.interaconline.com/learn (preferably on
the checkout page)
Confirmation page
States that the transaction is successful
Displays the financial institution's name and confirmation number
Provides ability to print
Error page
Indicates that payment was unsuccsessful
States that the order is cancelled or displays other payment options
Timeout message
Is displayed if consumer has less than 30 minutes to complete payment
Payment
Displays the total in Canadian dollars

Page 465 of 477

Canada Only

July 2018

Appendix G Merchant Checklists for INTERAC® Online Payment Certification
Table 120: Checklist for security/privacy requirements
Done

Requirement
Merchant
Uses no less than 128-bit SSL encryption when collecting personal information
Protects consumer information in accordance with applicable federal and provincial privacy
legislation
Adheres to the Canadian Code of Practice for Consumer Protection in Electronic Commerce
Provided screenshots
Checkout page (where customer selects INTERAC Online option)
Confirmation page (one of the test case 1, 2, or 3)
Error page (test case 4)

July 2018

Canada Only

Page 466 of 477

Appendix H INTERAC® Online Payment Certification
Test Case Detail
l
l
l

H.1 Common Validations
H.2 Test Cases
H.3 Merchant front-end test case values

H.1 Common Validations
The Merchant sends a request to the INTERAC Online Merchant Test Tool, which validates the fields as follows:
l
l

l
l

l

l

All mandatory fields are present.
All fields are valid according to their definition in the INTERAC Online Functional Specifications
(including field lengths, valid characters and so on).
Merchant number is that of a valid registered merchant.
Funded URL matches one of the merchant's registered funded URLs that were provided during
merchant registration.
The not funded URL matches one of the merchant's registered Not Funded URLs that were
provided during merchant registration.
No additional fields are present.

H.2 Test Cases
Table 121: Cases 1-3
Objective

To test that the merchant can do all of the following:
l
l

l
l

Send a valid request to the Gateway page
Receive a valid confirmation of funding from the Issuer Online Banking application
Issue a request for purchase completion to the acquirer
Receive an approved response from the acquirer.

Pre-requisites None
Configuration Merchant sends form posts to the Merchant Test Tool, which in turn responds to
either the Funded or Not Funded URL.
The Merchant is connected to an acquirer emulator, which can be set to confirm any
request for payment confirmation. (That is, the back-end process of sending a 0200
Message to the issuer is emulated to always accept the purchase request).
Special tools
required

July 2018

None

Canada Only

Page 467 of 477

Moneris Gateway API - Integration Guide
Table 121: Cases 1-3 (continued)
Input data
Acquirer must have registered the merchant using the administration system, and
requirements have supplied the following:
l
l
l

IDEBIT_FUNDEDURL(S)
IDEBIT_NOTFUNDEDURL(S)
HTTP REFERERURL(S)

Data will be provided by the Merchant Test Tool.
Execution
strategy

Initiate a payment at the merchant. The two least significant digits of the dollar amount
must be equal to the test case number. For example, if you are executing test case 3,
the format of the amount must be ### ### #03.##.

Expected out- The merchant indicates to the customer that the purchase was completed and
come
presents a confirmation screen that includes (depending on the test case) the correct
amount, the issuer name and the issuer confirmation number.
Test case 1
l
l

Issuer name: 123Bank
Issuer confirmation number: CONF#123

Test case 2
l
l

Issuer name: Bank Éàêëï#$.,-/=?@'
Issuer confirmation number: #$.,-/=?@'UPdn9

Test case 3
l
l

Applicable
logs

l
l

Issuer name: B
Issuer confirmation number: C
Merchant Test Tool logs
Screen capture of the merchant's confirmation page.

Table 122: Case 4
Objective

To test that the merchant handles a rejection in response to the acquirer

Pre-requisites None
Configuration Same as test cases 1-3 except that the acquirer emulator must be set to decline the
request for mayment confirmation. (That is, to emulate the scenario in which an issuer
sends a delcine in the 0210 response to the acquirer's 0200 message.)

Page 468 of 477

Canada Only

July 2018

Appendix H INTERAC® Online Payment Certification Test Case Detail
Table 122: Case 4 (continued)
Special tools
required

None

Input data
Acquirer must have registered the merchant using the administration system, and
requirements have supplied the following:
l
l
l

IDEBIT_FUNDEDURL(S)
IDEBIT_NOTFUNDEDURL(S)
HTTP REFERERURL(S)

Data will be provided by the Merchant Test Tool.
Execution
strategy

Initiate a payment at the merchant for any amount where the two least significant dollar digits are 04. (That is, of the form ### ### #04.##.)

Expected out- The merchant indicates to the customer that the purchase was declined. Neither the
come
issuer name nor the issuer confirmation number are displayed.
Applicable
logs

Merchant Test Tool logs

Table 123: Cases 5-22
Objective

To test that a merchant safely handles redirections to the Funded URL with invalid
data, and treats the transaction as funded.

Pre-requisites None
Configuration None.
The acquirer emulator is not needed because the merchant does not submit any
requests for payment confirmation.
Special tools
required

None

Input data
Acquirer must have registered the merchant using the administration system, and
requirements have supplied the following:
l
l
l

IDEBIT_FUNDEDURL(S)
IDEBIT_NOTFUNDEDURL(S)
HTTP REFERERURL(S)

Data will be provided by the Merchant Test Tool.
Execution
strategy

July 2018

Initiate a payment at the merchant. The two least significant digits of the dollar amount
must be equal to the test case number. For example, if you are executing test case 13,
the format of the amount must be ### ### #13.##.

Canada Only

Page 469 of 477

Moneris Gateway API - Integration Guide
Table 123: Cases 5-22 (continued)
Expected out- The merchant indicates to the customer that the purchase was declined. Neither the
come
issuer name nor the issuer confirmation number are displayed.
Applicable
logs

Merchant Test Tool logs

Table 124: Case 23
Objective

To test that a merchant can receive a valid redirection from the issuer that indicates the
payment was not funded.

Pre-requisites None
Configuration None.
The acquirer emulator is not needed because the merchant does not submit any
requests for payment confirmation.
Special tools
required

None

Input data
Acquirer must have registered the merchant using the administration system, and
requirements have supplied the following:
l
l
l

IDEBIT_FUNDEDURL(S)
IDEBIT_NOTFUNDEDURL(S)
HTTP REFERERURL(S)

Data is provided by the Merchant Test Tool.
Execution
strategy

Initiate a payment at the merchant for any amount where the two least significant dollar digits are 23. (That is, of the form ### ### #23.##.)

Expected out- The merchant indicates to the customer that the purchase was declined. Neither the
come
issuer name nor the issuer confirmation number are displayed.
Applicable
logs

Merchant Test Tool logs

Table 125: Cases 24-39
Objective

To test that a merchant safely handles redirections to the Not Funded URL with invalid
data, and treats the transaction as not funded.

Pre-requisites None
Configuration None.
The acquirer emulator is not needed because the merchant does not submit any
requests for payment confirmation.

Page 470 of 477

Canada Only

July 2018

Appendix H INTERAC® Online Payment Certification Test Case Detail
Table 125: Cases 24-39 (continued)
Special tools
required

None

Input data
Acquirer must have registered the merchant using the administration system, and
requirements have supplied the following:
l
l
l

IDEBIT_FUNDEDURL(S)
IDEBIT_NOTFUNDEDURL(S)
HTTP REFERERURL(S)

Data is provided by the Merchant Test Tool.
Execution
strategy

Initiate a payment at the merchant. The two least significant digits of the dollar amount
must be equal to the test case number. For example, if you are executing test case 27,
the format of the amount must be ### ### #27.##.

Expected out- The merchant indicates to the customer that the purchase was declined. Neither the
come
issuer name nor the issuer confirmation number are displayed.
Applicable
logs

Merchant Test Tool logs

H.3 Merchant front-end test case values
These values are automatically sent by the INTERAC Online Merchant Test Tool. They are provided here
for reference only.
Table 126: Test cases 1 and 4—Funded URL
Redirection URL

Funded

ISSLANG

en

TRACK2

3728024906540591206=12010123456789XYZ

ISSCONF

CONF#123

ISSNAME

123Bank

INVOICE

(Same as supplied by merchant)

MERCHDATA

(Same as supplied by merchant)

VERSION

1
Table 127: Test case 2—Funded URL

Redirection URL

Funded

ISSLANG

en

July 2018

Canada Only

Page 471 of 477

Moneris Gateway API - Integration Guide
Table 127: Test case 2—Funded URL
TRACK2

5268051119993326=29129999999999999000

ISSCONF

#$.,-/=?@'UPdn9

ISSNAME

987Bank Éàêëï#$.,-/=?@'Àôùûüÿç

INVOICE

(Same as supplied by merchant)

MERCHDATA

(Same as supplied by merchant)

VERSION

1
Table 128: Test case 3—Funded URL

Redirection URL

Funded

ISSLANG

fr

TRACK2

453781122255=1001ABC11223344550000000

ISSCONF

C

ISSNAME

B

INVOICE

(Same as supplied by merchant)

MERCHDATA

(Same as supplied by merchant)

VERSION

123
Table 129: Test cases 5-22—invalid fields, Funded URL

Test
case

Purpose

Field

Value

5

missing field

IDEBIT_INVOICE

(missing)

6

missing field

IDEBIT_MERCHDATA

(missing)

7

missing field

IDEBIT_ISSLANG

(missing)

8

missing field

IDEBIT_TRACK2

(missing)

9

missing field

IDEBIT_ISSCONF

(missing)

10

missing field

IDEBIT_ISSNAME

(missing)

11

missing field

IDEBIT_VERSION

(missing)

12

missing field

IDEBIT_TRACK2, IDEBIT_
ISSCONF, IDEBIT_ISSNAME

(missing)

13

wrong value

IDEBIT_INVOICE

XXX

14

wrong value

IDEBIT_MERCHDATA

XXX

Page 472 of 477

Canada Only

July 2018

Appendix H INTERAC® Online Payment Certification Test Case Detail
Table 129: Test cases 5-22—invalid fields, Funded URL (continued)
Test

Purpose

case

Field

Value

15

invalid value

IDEBIT_ISSLANG

de

16

value too long

IDEBIT_TRACK2

3728024906540591206=12010123456789XYZA

17

invalid check
digit

IDEBIT_TRACK2

3728024906540591207=12010123456789XYZ

18

field too long

IDEBIT_ISSCONF

Too long confirm

19

invalid character IDEBIT_ISSCONF

CONF<123

20

field too long

Very, very, very long issuer name

21

invalid character IDEBIT_ISSNAME

123 tricky data

33

wrong value

IDEBIT_MERCHDATA

XXX

34

invalid value

IDEBIT_MERCHDATA

<2000 characters in the range hex 20-7E

35

invalid value

IDEBIT_ISSLANG

de

36

invalid IDEBIT_
TRACK2 is present

IDEBIT_TRACK2

INVALIDTRACK2, incorrect format and too
long

37

invalid IDEBIT_
ISSCONF is present

IDEBIT_ISSCONF

Too long confirm

38

invalid IDEBIT_
ISSNAME is present

IDEBIT_ISSNAME

Very, very, very long issuer name

39

invalid value

IDEBIT_VERSION

2

Page 474 of 477

Canada Only

July 2018

Copyright Notice
Copyright © July 2018 Moneris Solutions, 3300 Bloor Street West, Toronto, Ontario, M8X 2X2
All Rights Reserved. This manual shall not wholly or in part, in any form or by any means, electronic,
mechanical, including photocopying, be reproduced or transmitted without the authorized, written consent of Moneris Solutions.
This document has been produced as a reference guide to assist Moneris client’s hereafter referred to as
merchants. Every effort has been made to the make the information in this reference guide as accurate
as possible. The authors of Moneris Solutions shall have neither liability nor responsibility to any person
or entity with respect to any loss or damage in connection with or arising from the information contained
in this reference guide.

Trademarks
Moneris and the Moneris Solutions logo are registered trademarks of Moneris Solutions Corporation.
Any software, hardware and or technology products named in this document are claimed as trademarks
or registered trademarks of their respective companies.
Printed in Canada.
10 9 8 7 6 5 4 3 2 1

July 2018

Page 476 of 477
Source Exif Data: 
File Type                       : PDF
File Type Extension             : pdf
MIME Type                       : application/pdf
PDF Version                     : 1.4
Linearized                      : No
Page Count                      : 477
Page Mode                       : UseOutlines
Page Layout                     : SinglePage
Language                        : en-us
Producer                        : madbuild
Create Date                     : 2018:07:06 14:01:24-04:00
Modify Date                     : 2018:07:06 14:01:24-04:00
Title                           : My Document
Author                          : michael.pukin
Subject                         :
EXIF Metadata provided by EXIF.tools

Navigation menu