CardFlight API Introduction
The CardFlight Gateway API is designed to facilitate simple card present payment processing for you as a client, on behalf of your merchants.
Our RESTful API is centered around an asynchronous /transactions endpoint.
All endpoints described below are available at:
https://api.cardflight.com/
Onboarding A Merchant Account
A merchant account must be created on the CardFlight gateway to process credit transactions.
- To create a Merchant Account make a POST request to /merchantAccounts with VAR sheet information that is specific to the merchant service provider.[1]
A VAR Sheet (tear sheet, parameter sheet) contains merchant account information, bank account information, processor information, etc. These details allow CardFlight to communicate with the merchant processor.
[1]While CardFlight supports all major Merchant Service Providers, the API currently supports First Data Omaha (merchant type: Restaurant).
Creating A Transaction
Once a merchant account is boarded on the CardFlight gateway, making a POST request to /transactions will create a new transaction.
The state parameter informs the gateway of the requested transaction type and the platform will proceed accordingly.
The amount parameter is how much money will be transacted.
The card parameter will provide the account information for a customer (cardholder) providing payment.
Transaction Type: SALE
A sale request will check the available funds of a Cardholder and if approved allocate the amount to the Merchant.
- To create a sale make a POST request with the state
PENDING_APPROVED.
Transaction Type: AUTHORIZATION (Restaurant Only)
An authorization request will place a hold on the Cardholder’s available balance for the amount provided. A capture update must be performed to allocate the funds to the merchant.
- To create an authorization make a POST request with the state
PENDING_PRE_APPROVED.
Transaction Type: REFUND
A refund is a transfer of funds from a merchant to a Cardholder.
- To create a refund make a POST request with the state
PENDING_APPROVED, a negative amount, and an associated transaction.[1]
A PARTIAL REFUND transaction can be created for a negative amount less than the associated (original sale) transaction.
Multiple partial refund transactions may occur until the total amount of the original transaction has been refunded.
[1]Unattached refunds are not supported, all refunds require an associated transaction.
Fetching A Transaction
A transaction is sent to the CardFlight gateway in state PENDING_APPROVED (Sale, Refund) or PENDING_PRE_APPROVED (Authorization.)
The CardFlight gateway will update the state to PRE_APPROVED, APPROVED, or DECLINED if the request was a successful authorization, successful sale, or declined sale or authorization.
When creating a transaction, due to variation in the processing time, polling may be needed to see the state update made by the gateway.
Fetch the transaction to return the current state, transaction details, attached metadata, and more.
- To fetch a transaction make a GET request to /transactions/{transactionId}.
Updating A Transaction
CAPTURE
A capture updates an approved AUTHORIZATION (in state PRE_APPROVED) by scheduling settlement of the PENDING funds on a Cardholder’s account. A successful capture results in the Transaction state APPROVED.
- To CAPTURE a Transaction in state
PRE_APPROVED, make a PUT request updating the state parameter toPENDING_APPROVED.
VOID
A void removes the scheduled settlement of a Transaction with state APPROVED. (CAPTURE, SALE, REFUND)
A void on a Transaction with state PRE_APPROVED (AUTHORIZATION) removes the hold on Cardholder funds.
- To VOID a Transaction make a PUT request updating the state parameter to
PENDING_VOID.
If a VOID is unsuccessful the Transaction will state will be set to its previous APPROVED or PRE_APPROVED state.
Transaction State Machine
The Transaction State Machine diagram exposes client requested states and states managed by the CardFlight Gateway.
| State Name | Description | Valid Exit States |
|---|---|---|
PENDING_PRE_APPROVED(Client Request) |
AUTHORIZATION requested, awaiting result. | PRE_APPROVEDDECLINED |
PRE_APPROVED(Gateway) |
AUTHORIZATION approved, cardholder statement shows funds as ‘PENDING’. | PENDING_APPROVEDPENDING_VOID |
PENDING_APPROVED(Client Request) |
SALE, CAPTURE, or REFUND requested, awaiting result. | APPROVEDDECLINED |
APPROVED(Gateway) |
SALE, CAPTURE, REFUND approved, funds to be moved between merchant and cardholder. | PENDING_VOIDSETTLED |
PENDING_VOID(Client Request) |
VOID requested, awaiting result. | VOIDEDPRE_APPROVEDAPPROVED |
VOIDED(Gateway) |
Transaction voided, funds are released to cardholder and no money will move between cardholder and merchant. | FINAL STATE |
DECLINED(Gateway) |
AUTHORIZATION, SALE, REFUND request declined. | FINAL STATE |
SETTLED(Gateway) |
CAPTURE, SALE, REFUND settled.[1] | FINAL STATE |
UNKNOWN(Gateway) |
An error has occurred, please contact CardFlight support. | FINAL STATE |
[1] The transfer of funds is managed by the Payment Processor. Once a transaction is ‘settled’ the CardFlight platform is no longer or in control of, or exposed to, the funding. A ‘settled’ transaction is complete and can not be voided.
The Merchant Account Object
| Attribute | Type | Description |
|---|---|---|
| id | string | The unique (CardFlight) ID used to identify your merchant account when making other requests |
| createdAt | string | The date and time that the MerchantAccount was created |
| name | string | The name of the merchant account |
| processor | enum | The payment processor that your merchant uses to take payments (See Below) |
| address | object | A group of address fields (See Below) |
| industry | enum | The industry this merchant account serves (See Below) |
First Data Omaha Attributes
| Attribute | Type | Description |
|---|---|---|
| merchantId | string | The Merchant ID provided by First Data |
| terminalId | string | The Terminal ID provided by First Data |
| deviceId | string | The Device ID provided by First Data |
| localBatchTime | string | The batch close time Must be provided on the hour or half hour in the following format: 1:00 AM or 12:30 PM |
| batchTimeZone | enum | The time zone for the localBatchTime parameter |
Vantiv Attributes
| Attribute | Type | Description |
|---|---|---|
| merchantId | string | The Merchant ID given to you by Vantiv |
| terminalId | string | The Terminal ID given to you by Vantiv |
| bankId | string | The Bank ID given to you by Vantiv |
Address Object
| Attribute | Type | Description |
|---|---|---|
| streetAddress | string | yes |
| city | string | yes |
| state | string | yes |
| zip | string | yes |
Enumerations
MerchantAccount: industry
| Enum | Description |
|---|---|
| RESTAURANT | The merchant is a restaurant |
| RETAIL | The merchant is a retail establishment |
MerchantAccount: processor
| Enum | Description |
|---|---|
| FIRST_DATA_OMAHA | First Data Omaha |
| VANTIV | Vantiv |
CardFlight is certified to accept payments on many processors. The API gateway will expose support for more processors in the future.
MerchantAccount: batchTimeZone
| Enum | Description |
|---|---|
| EASTERN | U.S. Eastern time, adheres to day light savings. |
| CENTRAL | U.S. Central time, adheres to day light savings. |
| MOUNTAIN | U.S. Mountain time, adheres to day light savings. |
| PACIFIC | U.S. Pacific time, adheres to day light savings. |
| ALASKA | Time in Juneau, Alaska, adheres to day light savings. |
| HAWAII | Time in Honolulu, Hawaii, adheres to day light savings. |
| UTC | Standard time, does not alter with day light savings. |
The Card Object
Card: KEY_ENTERED (Un-Encrypted)
| Attribute | Type | Description |
|---|---|---|
| entryMethod | enum | See below |
| number | string | The card number |
| expirationMonth | string | A 2 digit expiration month |
| expirationYear | string | A 2 or 4 digit expiration year |
| cvv | string | the CVV on the back of the card |
Card: KEY_ENTERED (Encrypted)
| Attribute | Type | Description |
|---|---|---|
| entryMethod | enum | See below |
| data | encrypted string | A JSON object containing ‘number’, ‘expirationMonth’, ‘expirationYear’ and ‘cvv’. This object MUST be encrypted using AES, and then Base64-encoded. |
| aesKey | encrypted string | The AES key generated as part of the encryption process. This key MUST be encrypted using the RSA public key for your account, and then Base64-encoded. |
| aesIv | encrypted string | The AES initialization vector generated as part of the encryption process. This iv MUST be encrypted using the RSA public key for your account, and then Base64-encoded. |
Card: MAGNETIC_STRIPE_READ
Note: While raw track data can be sent directly to the API, we strongly recommend taking advantage of the CardFlight SDK and accompanying hardware for higher security.
| Attribute | Type | Description |
|---|---|---|
| entryMethod | enum | See below |
| readerType | enum | See below |
| data | string | The track data from the card |
Enumerations
Card: entryMethod
| Enum | Description |
|---|---|
| KEY_ENTERED | Card was manually keyed in |
| MAGNETIC_STRIPE_READ | Card was entered by swiping the magnetic stripe |
Card: readerType
| Enum | Description |
|---|---|
| UNENCRYPTED | The raw unencrypted track data is provided |
The Transaction Object
| Attribute | Type | Description |
|---|---|---|
| amount | integer | The amount in cents |
| id | string | A unique identifier of the transaction |
| state | enum | See State Machine |
| metadata | object | Custom data stored with a transaction Returned on GET /transactions/{transactionId} |
| paymentType | enum | See below |
| message | string | Reserved for future use |
| callbackUrl | string | When provided a post request will be made to the URL upon transaction state change Includes a full representation of the transaction in the body |
| merchantAccount | object | The Merchant Account used to process the transaction |
| card | object | The Card used to process the transaction |
| adjustments | array | A list of adjustments made to the transaction |
| associatedTransactionId | string | [REFUND ONLY] The ID of the original (sale) transaction Only present on a transaction with a negative amount |
| associatedTransactions | array | Any subsequent refunds[1] |
[1]Sale only
Enumerations
Transaction: paymentType
| Enum | Description |
|---|---|
| CARD | Transaction made using card details |
| TOKEN | Transaction made using a card id[1] |
[1]Card detail are stored in CardFlight’s PCI compliant data storage facility.
The External Token Object
| Attribute | Type | Description |
|---|---|---|
| id | string | A unique identifier of the external token |
| value | string | The string used externally by the merchant’s payment processor to identify this token |
| state | enum | See the state diagram (right) |
| merchantAccount | object | The Merchant Account used to create the external token |
| card | object | The Card used to create the external token |
Merchant Accounts
The MerchantAccount resource facilitates the processing of Transactions with a Merchant Processor.
The Merchant Account object will store CardFlight Gateway details about the Merchant Account as well as VAR sheet details that vary by payment processor.
Methods
- POST /merchantAccounts
- Create a Merchant Account
- GET /merchantAccounts
- List all Merchant Account’s associated with a specified API Key
- GET /merchantAccounts/{merchantAccountId}
- Fetch single Merchant Account
POST /merchantAccounts
Make a POST request to create a MerchantAccount on the CardFlight gateway.
Processor-specific parameters should be passed as top level attributes.
Headers
| Parameter | Type | Description |
|---|---|---|
| X-Api-Key REQUIRED |
string | Client’s API Key |
Body
| Parameter | Type | Description |
|---|---|---|
| name REQUIRED |
string | The name of the merchant account |
| processor REQUIRED |
enum | The payment processor that your merchant uses to take payments (See Below) |
| address REQUIRED |
object | A group of address fields |
| industry REQUIRED |
string | The industry this merchant account serves |
First Data Omaha Parameters
| Parameter | Type | Description |
|---|---|---|
| merchantId REQUIRED |
string | The Merchant ID provided by First Data |
| terminalId REQUIRED |
string | The Terminal ID provided by First Data |
| deviceId REQUIRED |
string | The Device ID provided by First Data |
| localBatchTime REQUIRED |
string | The batch close time Must be provided on the hour or half hour in the following format: 1:00 AM or 12:30 PM |
| batchTimeZone REQUIRED |
enum | The time zone for the localBatchTime parameter |
Vantiv Parameters
| Parameter | Type | Description |
|---|---|---|
| merchantId REQUIRED |
string | The Merchant ID given to you by Vantiv |
| terminalId REQUIRED |
string | The Terminal ID given to you by Vantiv |
| bankId REQUIRED |
string | The Bank ID given to you by Vantiv |
Responses
| Code | Description |
|---|---|
| 201 | Merchant Account created successfully |
| 400 | The syntax of the request is invalid |
| 404 | Associated resource was not found Occurs if you post a merchant account for an API key which cannot be found |
| 500 | ERROR - Please contact CardFlight support |
Request
POST /merchantAccounts HTTP/1.1
Host: api.cardflight.com
X-Api-Key: myApiKey
{
"name": "Mikes JellyFish Warehouse",
"processor": "FIRST_DATA_OMAHA",
"address":
{
"streetAddress": "123 JellyBelly Lane",
"city": "New York",
"state": "NY",
"zip": "00000"
},
"merchantId": "1234567890",
"terminalId": "1234",
"deviceId": "JELL",
"industry": "RESTAURANT",
"localBatchTime": "1:00 AM",
"batchTimeZone": "EASTERN"
}
Response
Connection: Keep-Alive
Content-Length: 313
Content-Type: application/json
Date: Wed, 08 Mar 2017 19:12:14 GMT
{
"id": "acc_c0dd014dcd06fb56",
"name": "Mikes JellyFish Warehouse",
"createdAt": "2017-03-08T19:12:14Z",
"processor": "FIRST_DATA_OMAHA",
"address": {
"streetAddress": "123 JellyBelly Lane",
"city": "New York",
"state": "NY",
"zip": "00000"
},
"merchantId": "1234567890",
"terminalId": "1234",
"deviceId": "JELL",
"industry": "RESTAURANT",
"localBatchTime": "1:00 AM",
"batchTimeZone": "EASTERN"
}
GET /merchantAccounts
Fetch Merchant Accounts for a specified API Key.
Headers
| Parameter | Type | Description |
|---|---|---|
| X-Api-Key REQUIRED |
string | Client’s API Key |
Query Parameters
| Parameter | Type | Description |
|---|---|---|
| page | integer | The page to fetch |
| per_page | integer | The number of transactions to fetch per page |
Responses
| Code | Description |
|---|---|
| 200 | Merchant Accounts fetched successfully |
| 404 | Associated resource was not found |
| 500 | ERROR - Please contact CardFlight support |
Request
GET /merchantAccounts HTTP/1.1
Host: api.cardflight.com
X-Api-Key: myApiKey
Response
Connection: Keep-Alive
Content-Length: 282
Content-Type: application/json
Date: Wed, 08 Mar 2017 19:19:41 GMT
{
"data": [
{
"id": "acc_c0dd014dcd06fb56",
"name": "Mikes JellyFish Warehouse",
"createdAt": "2017-03-08T19:12:14Z",
"processor": "FIRST_DATA_OMAHA",
"address": {
"streetAddress": "123 JellyBelly Lane",
"city": "New York",
"state": "NY",
"zip": "00000"
},
"merchantId": "1234567890",
"terminalId": "1234",
"deviceId": "JELL",
"industry": "RESTAURANT",
"localBatchTime": "1:00 AM",
"batchTimeZone": "EASTERN"
}
]
}
GET /merchantAccounts/{merchantAccountId}
Fetch a specified merchant account.
Headers
| Parameter | Type | Description |
|---|---|---|
| X-Api-Key REQUIRED |
string | Client API Key |
Path Parameters
| Parameter | Type | Description |
|---|---|---|
| merchantAccountId REQUIRED |
string | The (CardFlight) ID of the MerchantAccount you wish to fetch |
Responses
| Code | Description |
|---|---|
| 200 | Merchant Account fetched successfully |
| 404 | Associated resource was not found |
| 500 | ERROR - Please contact CardFlight support |
Request
GET /merchantAccounts/acc_vweb32r1vw6d0 HTTP/1.1
Host: api.cardflight.com
X-Api-Key: myApiKey
Response
Connection: Keep-Alive
Content-Length: 282
Content-Type: application/json
Date: Wed, 08 Mar 2017 19:19:41 GMT
{
"id": "acc_vweb32r1vw6d0",
"name": "Test FDOD",
"createdAt": "2016-08-29T19:04:11Z",
"processor": "FIRST_DATA_OMAHA",
"address": {
"streetAddress": "123 Tester Lane",
"city": "New York",
"state": "NY",
"zip": "10000"
},
"merchantId": "123456123456",
"terminalId": "1234",
"deviceId": "4321",
"industry": "RETAIL",
"localBatchTime": "1:00 AM",
"batchTimeZone": "EASTERN"
}
POST /transactions
Create a transaction for a specified merchant account.
- SALE
state:PENDING_APPROVED
- PRE-AUTHORIZATION
state:PENDING_PRE_APPROVED
- REFUND
state:PENDING_APPROVEDamount: negative, cannot be greater than the remaining balance of the original TransactionassociatedTransactionId- required
Headers
| Parameter | Type | Description |
|---|---|---|
| X-Api-Key REQUIRED |
string | Client’s API Key |
| X-Merchant-Account-Id REQUIRED |
string | The (CardFlight) ID of the merchant account for which you wish to create a transaction |
Body
| Parameter | Type | Description |
|---|---|---|
| amount (in cents) REQUIRED |
integer | The amount in cents |
| state REQUIRED |
enum | The current state of the transaction (See State Machine) |
| metadata | object | Custom data stored with a transaction Returned on GET /transactions/{transactionId} |
| associatedTransactionId | string | [REFUND ONLY] The ID of the original (sale) transaction |
| callbackUrl | string | When provided a post request will be made to the URL upon transaction state change Includes a full representation of the transaction in the body |
| card REQUIRED |
object | A Card object (The format of this object is dependent on the entryMethod provided) |
Card: KEY_ENTERED
| Parameter | Type | Description |
|---|---|---|
| entryMethod REQUIRED |
enum | A input method for obtaining the Card object. The provided entryMethod will determine the format of the card object provided. (‘KEY_ENTERED’) |
| number REQUIRED |
string | The card number |
| expirationMonth REQUIRED |
string | A 2 digit expiration month |
| expirationYear REQUIRED |
string | A 2 or 4 digit expiration year |
| cvv | string | the CVV on the back of the card |
Card: MAGNETIC_STRIPE_READ
| Parameter | Type | Description |
|---|---|---|
| entryMethod REQUIRED |
enum | A input method for obtaining the Card object. The provided entryMethod will determine the format of the card object provided. (‘MAGNETIC_STRIPE_READ’) |
| readerType REQUIRED |
enum | The type of reader used to capture the card information |
| data REQUIRED |
string | The track data from the card |
Responses
| Code | Description |
|---|---|
| 201 | Transaction created successfully |
| 400 | The syntax of the request is invalid |
| 401 | The request is not authorized Occurs if the authentication parameters in the header are not valid |
| 404 | Associated resource was not found |
| 500 | ERROR - Please contact CardFlight support |
Request
POST /transactions HTTP/1.1
Host: api.cardflight.com
Content-Type: application/json
X-Api-Key: myApiKey
X-Merchant-Account-Id: myMerchant
{
"amount": 100,
"state": "PENDING_APPROVED",
"paymentType": "CARD",
"metadata": {
"key": "value"
},
"callbackUrl": "www.testcompany.com/transaction_callback",
"card": {
"entryMethod": "MAGNETIC_STRIPE_READ",
"readerType": "UNENCRYPTED",
"data": "%B424242424242^TEST CARD^251010012345678;"
}
}
Response
Connection: Keep-Alive
Content-Length: 312
Content-Type: application/json
Date: Wed, 08 Mar 2017 00:28:37 GMT
{
"id": "ch_zxfHnjyhtNhOePQf18AtFA",
"amount": 100,
"state": "PENDING_APPROVED",
"paymentType": "CARD",
"metadata": {
"key": "value"
},
"message": null,
"callbackUrl": null,
"merchantAccount": {
"id": "myMerchant"
},
"card": {
"id": "cf_lNKCY8EU1aNpw2iJf8_BFg"
},
"associatedTransactionId": null,
"associatedTransactions": [],
"adjustments": []
}
GET /transactions
Fetch transactions for a specified merchant account.
Headers
| Parameter | Type | Description |
|---|---|---|
| X-Api-Key REQUIRED |
string | Client’s API Key |
| X-Merchant-Account-Id REQUIRED |
string | The (CardFlight) ID of the merchant account for which you wish to return the transactions |
Query Parameters
| Parameter | Type | Description |
|---|---|---|
| page | integer | The page to fetch |
| per_page | integer | The number of transactions to fetch per page |
Responses
| Code | Description |
|---|---|
| 200 | Transactions returned successfully |
| 400 | The syntax of the request is invalid |
| 401 | The request is not authorized Occurs when the authentication parameters in the header are not valid |
| 404 | An associated resource was not found |
| 500 | ERROR - Please contact CardFlight support |
Request
GET /transactions?perPage=3&page=6 HTTP/1.1
Host: api.cardflight.com
Content-Type: application/json
X-Api-Key: myApiKey
X-Merchant-Account-Id: myMerchant
Response
Connection: Keep-Alive
Content-Length: 1009
Content-Type: application/json
Date: Tue, 07 Mar 2017 21:00:59 GMT
{
"data": [
{
"id": "ch_ABC123",
"amount": 100,
"state": "APPROVED",
"paymentType": "CARD",
"metadata": {
"key": "value",
"anotherKey": "differentValue"
},
"message": "Approved.",
"callbackUrl": null,
"merchantAccount": {
"id": "myMerchant"
},
"associatedTransactionId": null,
"associatedTransactions": [],
"adjustments": [],
"card": {
"id": "cf_XYZ123"
}
}
]
}
GET /transactions/{transactionId}
Fetch a single transaction.
Headers
| Parameter | Type | Description |
|---|---|---|
| X-Api-Key REQUIRED |
string | Client’s API Key |
| X-Merchant-Account-Id REQUIRED |
string | The (CardFlight) ID of the merchant account for which you wish to fetch a transaction |
Path Parameters
| Parameter | Type | Description |
|---|---|---|
| transactionId REQUIRED |
string | The ID of the transaction you wish to fetch |
Responses
| Code | Description |
|---|---|
| 200 | Transaction fetched successfully |
| 401 | The request is not authorized Occurs if the authentication parameters in the header are not valid |
| 404 | The transaction or an associated resource was not found |
| 500 | ERROR - Please contact CardFlight support |
Request
GET /transactions/ch_ABC123 HTTP/1.1
Host: api.cardflight.com
Content-Type: application/json
X-Api-Key: myApiKey
X-Merchant-Account-Id: myMerchant
Response
Connection: Keep-Alive
Content-Length: 296
Content-Type: application/json
Date: Wed, 08 Mar 2017 00:37:51 GMT
{
"id": "ch_ABC123",
"amount": 100,
"state": "PENDING_VOID",
"paymentType": "CARD",
"metadata": {
"key": "value"
},
"message": null,
"callbackUrl": null,
"merchantAccount": {
"id": "myMerchant"
},
"card": {
"id": "cf_XYZ123"
},
"associatedTransactionId": null,
"associatedTransactions": [],
"adjustments": []
}
PUT /transactions/{transactionId}
Modify a specified transaction.
- CAPTURE
state-PENDING_APPROVED- Transaction must be in the state
PRE_APPROVED
- Transaction must be in the state
- VOID
state-PENDING_VOID- Transaction must be in the state
APPROVEDorPRE_APPROVED
- Transaction must be in the state
Update requests require only the attributes being changed.
We strongly recommend submitting a full representation of the Transaction. Server-side validation will confirm your current understanding of the Transaction attributes.
Headers
| Parameter | Type | Description |
|---|---|---|
| X-Api-Key REQUIRED |
string | Client’s API Key |
| X-Merchant-Account-Id REQUIRED |
string | The (CardFlight) ID of the merchant account for which you wish to update a transaction |
Path Parameters
| Parameter | Type | Description |
|---|---|---|
| transactionId REQUIRED |
string | The ID of the transaction you wish to update. |
Body
| Parameter | Type | Description |
|---|---|---|
| id | string | The ID of the transaction |
| amount | integer | The amount in cents |
| state REQUIRED |
enum | The state of the transaction (See State Machine) |
| metadata | object | Custom data stored with a transaction Returned on GET /transactions/{transactionId} |
| associatedTransactionId | string | [REFUND ONLY] The ID of the original (sale) transaction |
| callbackUrl | string | When provided a post request will be made to the URL upon transaction state change Includes a full representation of the transaction in the body |
| card | object | A Card object (see below) |
Cards
For an update request, a card must be passed in the following format:
| Parameter | Type | Description |
|---|---|---|
| id REQUIRED |
string | The ID of the card used to create this transaction |
Responses
| Code | Description |
|---|---|
| 200 | Transaction updated successfully |
| 400 | The syntax of the request is invalid |
| 401 | The request is not authorized Occurs if the authentication parameters in the header are not valid |
| 404 | The Transaction or an associated resource was not found |
| 500 | ERROR - Please contact CardFlight support |
Request
PUT /transactions/ch_ABC123 HTTP/1.1
Host: api.cardflight.com
Content-Type: application/json
X-Api-Key: myApiKey
X-Merchant-Account-Id: myMerchant
{
"id": "ch_ABC123",
"amount": 100,
"state": "PENDING_VOID",
"paymentType": "CARD",
"metadata": {
"key": "value"
},
"card": {
"id": "cf_XYZ123"
}
}
Response
Connection: Keep-Alive
Content-Length: 296
Content-Type: application/json
Date: Wed, 08 Mar 2017 00:37:51 GMT
{
"id": "ch_ABC123",
"amount": 100,
"state": "PENDING_VOID",
"paymentType": "CARD",
"metadata": {
"key": "value"
},
"message": null,
"callbackUrl": null,
"merchantAccount": {
"id": "myMerchant"
},
"card": {
"id": "cf_XYZ123"
},
"associatedTransactionId": null,
"associatedTransactions": [],
"adjustments": []
}
POST /externalTokens
Make a POST request to create an External Token on the CardFlight gateway.
CardFlight only supports External Token creation for Stripe and Braintree merchants.
Headers
| Parameter | Type | Description |
|---|---|---|
| X-Api-Key REQUIRED |
string | Client’s API Key |
Body
| Parameter | Type | Description |
|---|---|---|
| state REQUIRED |
string | The current state of the external token |
| card REQUIRED |
object | A Card object (The format of this object is dependent on the entryMethod provided) |
Responses
| Code | Description |
|---|---|
| 201 | External Token created successfully |
| 400 | The syntax of the request is invalid |
| 404 | Associated resource was not found Occurs if you post an External Token for a MerchantAccount which cannot be found |
| 500 | ERROR - Please contact CardFlight support |
Request
POST /externalTokens HTTP/1.1
Host: api.cardflight.com
X-Api-Key: myApiKey
X-Merchant-Account-Id: myMerchant
{
"state": "PENDING_CREATED",
"card": {
"entryMethod": "KEY_ENTERED",
"number": "4242424242424242",
"expirationMonth": "06",
"expirationYear": "25",
"cvv": "123"
}
}
Response
Connection: Keep-Alive
Content-Length: 313
Content-Type: application/json
Date: Wed, 08 Mar 2017 19:12:14 GMT
{
"id": "et_748b4a34856c44b88c4cd42dc04bc1c0",
"value": null,
"card": {
"id": "cf_Ytrp5Le8xRq9Yf8ildKBCg"
},
"merchantAccount": {
"id": "myMerchant"
},
"state": "PENDING_CREATED"
}
GET /externalTokens/{externalTokenId}
Fetch a single External Token.
Headers
| Parameter | Type | Description |
|---|---|---|
| X-Api-Key REQUIRED |
string | Client’s API Key |
| X-Merchant-Account-Id REQUIRED |
string | The (CardFlight) ID of the merchant account for which you wish to fetch an External Token |
Path Parameters
| Parameter | Type | Description |
|---|---|---|
| externalTokenId REQUIRED |
string | The ID of the External Token you wish to fetch |
Responses
| Code | Description |
|---|---|
| 200 | External Token fetched successfully |
| 401 | The request is not authorized Occurs if the authentication parameters in the header are not valid |
| 404 | The External Token or an associated resource was not found |
| 500 | ERROR - Please contact CardFlight support |
Request
GET /externalTokens/et_ABC123 HTTP/1.1
Host: api.cardflight.com
Content-Type: application/json
X-Api-Key: myApiKey
X-Merchant-Account-Id: myMerchant
Response
Connection: Keep-Alive
Content-Length: 296
Content-Type: application/json
Date: Wed, 08 Mar 2017 00:37:51 GMT
{
"id": "et_748b4a34856c44b88c4cd42dc04bc1c0",
"value": "aeb3456klx",
"card": {
"id": "cf_Ytrp5Le8xRq9Yf8ildKBCg"
},
"merchantAccount": {
"id": "myMerchant"
},
"state": "CREATED"
}