CyberSource Corporation HQ | P.O.

Box 8999 | San Francisco, CA 94128-8999 | Phone: 800-530-9095

Getting Started
with CyberSource Advanced
for the Simple Order API
April 2013
2
CyberSource Contact Information
For general information about our company, products, and services, go to
http://www.cybersource.com.
For sales questions about any CyberSource Service, email [email protected] or
call 650-432-7350 or 888-330-2300 (toll free in the United States).
For support information about any CyberSource Service, visit the Support Center at
http://www.cybersource.com/support.
Copyright
2013 CyberSource Corporation. All rights reserved. CyberSource Corporation ("CyberSource") furnishes this
document and the software described in this document under the applicable agreement between the reader of
this document ("You") and CyberSource ("Agreement"). You may use this document and/or software only in
accordance with the terms of the Agreement. Except as expressly set forth in the Agreement, the information
contained in this document is subject to change without notice and therefore should not be interpreted in any way
as a guarantee or warranty by CyberSource. CyberSource assumes no responsibility or liability for any errors
that may appear in this document. The copyrighted software that accompanies this document is licensed to You
for use only in strict accordance with the Agreement. You should read the Agreement carefully before using the
software. Except as permitted by the Agreement, You may not reproduce any part of this document, store this
document in a retrieval system, or transmit this document, in any form or by any means, electronic, mechanical,
recording, or otherwise, without the prior written consent of CyberSource.
Restricted Rights Legends
For Government or defense agencies. Use, duplication, or disclosure by the Government or defense agencies
is subject to restrictions as set forth the Rights in Technical Data and Computer Software clause at DFARS
252.227-7013 and in similar clauses in the FAR and NASA FAR Supplement.
For civilian agencies. Use, reproduction, or disclosure is subject to restrictions set forth in subparagraphs (a)
through (d) of the Commercial Computer Software Restricted Rights clause at 52.227-19 and the limitations set
forth in CyberSource Corporation's standard commercial agreement for this software. Unpublished rights
reserved under the copyright laws of the United States.
Trademarks
CyberSource, The Power of Payment, CyberSource Payment Manager, CyberSource Risk Manager,
CyberSource Decision Manager, CyberSource Connect, Authorize.Net, and eCheck.Net are trademarks and/or
service marks of CyberSource Corporation. All other brands and product names are trademarks or registered
trademarks of their respective owners.
Getting Started with CyberSource Advanced for the Simple Order API | April 2013 3
C
O
N
T
E
N
T
S
Contents
Recent Revisions to This Document 5
Chapter 1 Payment Processing with CyberSource 6
Understanding the Payment Industry 7
Chapter 2 Steps for Getting Started 8
Registering and Logging In 8
Becoming Familiar with the Business Center 8
Installing and Testing the Simple Order API 9
Going Live 10
Managing Your Orders 10
Accessing Reports 12
Support Center 12
Submitting an eTicket 12
Chapter 3 Simple Order API Basics 14
Choosing a Client 14
Choosing an API Version 14
Name-Value Pairs or XML 15
Name-Value Pairs 15
XML 15
Correlating XML Elements and Name-Value Pair Field Names 15
Constructing and Sending Requests 17
MultiByte Characters and Special Characters 17
Data Types 18
Using Items or a Grand Total in a Request 18
Items 18
Grand Total 19
Coupons 20
How Coupons are Processed 20
Coupon Constraints 20
Including a Coupon in the Request 21
Requesting a Follow-On Service for PayPal Express Checkout, China Processing,
Getting Started with CyberSource Advanced for the Simple Order API | April 2013 4
Contents
or Atos 21
Requesting a Follow-on Service for All Other Payment Methods and
Processors 22
Working with Request Tokens 22
Existing Merchants Who Have Not Implemented Request Tokens 23
Existing Merchants Who Have Implemented Request Tokens 23
Sending Requests 24
Handling Replies 24
Decisions 25
Reason Codes 26
Reviews 26
Missing or Invalid Fields 27
Request IDs and Request Tokens 28
Request IDs and Request Tokens for PayPal Express Checkout, China Process-
ing, and Atos 28
Request IDs for All Other Payment Methods and Processors 28
Getting Started with CyberSource Advanced for the Simple Order API | April 2013 5
R
E
V
I
S
I
O
N
S
Recent Revisions to This
Document
Release Changes
April 2013 This revision contains only editorial changes and no technical updates.
February 2013 Added section about going live. See "Going Live," page 10.
Added note about security key separation in the Business Center. See "Installing and Testing
the Simple Order API," page 9.
J anuary 2013 Added information about ampersands (&) in request fields for Moneris. See "MultiByte
Characters and Special Characters," page 17.
November 2012 Corrected the information about request tokens for PayPal Express Checkout. See:
"Requesting a Follow-On Service for PayPal Express Checkout, China Processing, or
Atos," page 21
"Request IDs and Request Tokens for PayPal Express Checkout, China Processing, and
Atos," page 28
October 2012 Separated Getting Started with CyberSource Advanced into two documents:
Getting Started with CyberSource Advanced for the Simple Order API
Getting Started with CyberSource Advanced for the SCMP API
August 2012 Removed notes stating that PayPal Express Checkout does not support item-level fields.
Getting Started with CyberSource Advanced for the Simple Order API | April 2013 6
C
H
A
P
T
E
R
1
Payment Processing with
CyberSource
CyberSource Advanced is a payment solution that enables you to manage your payment
transactions. The following tables list the payment methods and connection methods that
CyberSource supports.
Table 1 Payment Methods Supported by CyberSource
Payment Method Documentation for the Payment Method
Bank transfers Global Payment Services Developer Guide
Global Payment Services Planning and User Guide
Bill Me Later Bill Me Later Supplement
Boletos Global Payment Services Developer Guide
Global Payment Services Planning and User Guide
China processing China Processing Implementation Guide
Credit cards Credit Card Services Using the Simple Order API
Direct debits Global Payment Services Developer Guide
Global Payment Services Planning and User Guide
Direct Debit API for Chase Paymentech Solutions
Direct Debit Services for Deutsche Bank
Electronic checks Electronic Check Services Using the Simple Order API
PayPal PayPal Express Checkout Services Using the Simple Order API
PayPal Services Implementation Guide
PINless debits PINless Debit Card Services Implementation Guide
Real-time bank transfers Global Payment Services Developer Guide
Global Payment Services Planning and User Guide
Table 2 Connection Methods Supported by CyberSource
Connection Method Description
Virtual Terminal (VT) Area in the Business Center that you can use to process
transactions. See the Business Center Overview.
Secure Acceptance Smart
Checkout
Payment order form hosted by CyberSource. See the Secure
Acceptance Smart Checkout Configuration Guide.
Getting Started with CyberSource Advanced for the Simple Order API | April 2013 7
Chapter 1 Payment Processing with CyberSource
For an overview of these connection methods, see the Technical Resources page on the
Support Center.
Understanding the Payment Industry
In the e-commerce industry, multiple organizations work together to make online
transactions possible. The following table describes some of the most important types of
organizations in this industry.
Secure Acceptance API Secure order form hosted on your web site. Your customer sees
your order form and you send the order data to CyberSource. See
the Secure Acceptance API Development Guide.
Simple Order API API that provides three ways to access the CyberSource services:
name-value pairs, XML, and SOAP. See the Simple Order API
Clients page on the Developer Center.
SOAP Toolkit Clientless method for using the CyberSource APIs. See the SOAP
Toolkits for Web Services Developer Guide.
Batch File containing multiple transactions that are executed offline. See
the Offline Transaction File Submission Implementation Guide.
Table 3 Types of Organizations in the Payment Industry
Type of Organization Description
Merchant A person or company that sells goods and/or services.
Merchant (acquiring) bank A bank that provides businesses with accounts to accept credit
card or check payments.
Card association Organizations, such as Visa, MasterCard, and Discover, that
have business relationships with the banks that issue your
customers cards.
Payment processor An organization that processes payment requests, such as credit
card authorizations and settlements, and routes them to the
appropriate card associations according to their guidelines. Your
merchant banks processor relationship determines which
payment processor you use.
Payment gateway An organization, such as CyberSource, that enables merchants
to securely send order information to and receive it from payment
processors in the appropriate format.
Table 2 Connection Methods Supported by CyberSource (Continued)
Connection Method Description
Getting Started with CyberSource Advanced for the Simple Order API | April 2013 8
C
H
A
P
T
E
R
2
Steps for Getting Started
Registering and Logging In
To start using CyberSource services, register for a CyberSource account. After
registering, you receive a confirmation email with your CyberSource username. Your
password to the CyberSource Business Center is the one you associate with your
username during registration.
A CyberSource partner can also provide you with a CyberSource account. If you register
through one of these partners, you receive two confirmation emails: one containing your
unique CyberSource username and the other containing your temporary password to the
CyberSource Business Center. The first time you log in to the Business Center, the
system prompts you to create a permanent password.
If you dont receive these emails, contact Customer Support for further assistance. If you
have a CyberSource merchant account, the Customer Support phone number is included
in your approval email.
Becoming Familiar with the Business
Center
The CyberSource Business Center is a powerful and secure web portal designed to help
you manage your customers orders. It also includes the Virtual Terminal for the times
when you want to manually enter customers orders. So, becoming familiar with the
Business Center is crucial to managing your business payments efficiently.
The Business Center offers several options to process order information and reduce fraud.
In the Business Center, click on the Virtual Terminal, Tools & Settings, and Account
Management tabs to access the settings pages.
Note
Initially, your Business Center account is in test mode, which enables you to
become familiar with the Business Center by running test transactions. After
you have completed testing, you can request to Go Live to begin processing
real transactions. See Going Live on page 10.
Getting Started with CyberSource Advanced for the Simple Order API | April 2013 9
Chapter 2 Steps for Getting Started
Installing and Testing the Simple Order
API
Step 1 Generate security keys.
To ensure that you transmit information to CyberSource securely and to authenticate your
transactions as belonging to your account, you need to generate security keys before you
process transactions.
Step 2 Install a Simple Order API client.
a Choose a Simple Order API client based on your platform and level of
programming experience.
b Learn how to use the API and client for running credit card orders by reading
Credit Card Services Using the Simple Order API. For information about
processing electronic checks, see Electronic Check Services Using the Simple
Order API.
c Download the client and its related documentation, which tells you how to install,
test, and use the client.
d Install the client by following the instructions in the documentation you
downloaded with the client.
e Run the samples included with the client to ensure that the connection with
CyberSource is established. After you are comfortable with the samples, add code
to integrate the client with your own application.
Step 3 Test your account.
To ensure that CyberSource successfully receives your order information,
CyberSource strongly recommends that you run test transactions after implementing
your chosen connection method. The test environment gives you the opportunity to
troubleshoot and correct any connection issues that you may have. To verify that your
implementation is correct, request test transactions, including authorizations,
captures, and credits. You can test using your own credit card or, if you prefer to use
test credit card numbers, use those provided in the following table with any future
expiration date.
Important
You must generate two transaction security keysone for the CyberSource
production environment and one for the test environment. For information
about generating and using security keys, see Creating and Using Security
Keys (PDF | HTML).
Table 4 Test Credit Card Numbers
Credit Card Type
Test Account Number
(remove spaces when sending to
CyberSource)
Visa 4111 1111 1111 1111
Getting Started with CyberSource Advanced for the Simple Order API | April 2013 10
Chapter 2 Steps for Getting Started
Additional Testing Information is also available.
Going Live
After you have successfully tested your account and are ready to process real
transactions, you can take your account live. Because go-live requests must be in writing,
you must submit a go-live request in an eTicket. For more information on submitting an
eTicket, see "Submitting an eTicket," page 12.
Request that Customer Support enable your merchant ID in production. Please clarify
what CyberSource services you would like to have enabled (for example, credit card
processing, Decision Manager, or Payer Authentication). Be sure to include identifiers for
your payment processor. If you are not sure who your payment processor is, contact your
merchant acquirer.
Managing Your Orders
After you begin processing orders, you might need to review your transactions for various
reasons. For example, you might need to view all the orders processed on a specific day,
check order details, or verify whether orders were approved or declined. With the
Transaction Search feature of the Business Center, you can:
Capture authorizations
Review, credit, or void sales
Create subscriptions from your customers orders
MasterCard 5555 5555 5555 4444
American Express 3782 8224 6310 005
J CB 3566 1111 1111 1113
Diners Club 3800 000000 0006
Table 4 Test Credit Card Numbers (Continued)
Credit Card Type
Test Account Number
(remove spaces when sending to
CyberSource)
Getting Started with CyberSource Advanced for the Simple Order API | April 2013 11
Chapter 2 Steps for Getting Started
Tracking and Reconciling Your Orders
The following table describes the values you can use to track and reconcile your orders.
Table 5 Values for Tracking and Reconciling Orders
Value Description
Request ID The request ID is a unique identifier that CyberSource assigns to
each request and returns in each reply message. You can use the
request ID to do the following:
Identify a transaction in a CyberSource report
Search for a transaction in the Business Center
Discuss a specific request with Customer Support
Link a follow-on request to a primary request
For specific field names, see the implementation guide or developer
guide for the payment method you are using.
Merchant Reference Code The merchant reference code is an order tracking number that you
generate and send in your requests so that you can track orders as
they move through the different phases of processing with
CyberSource.
CyberSource recommends that you use a unique merchant
reference code for each order and use the same merchant
reference code for all the requests associated with the order. This
enables you to efficiently track the order in the CyberSource reports
and on the Transaction Search pages on the Business Center.
For specific field names, see the implementation guide or developer
guide for the payment method you are using.
Reconciliation ID For most CyberSource services, the reply message includes a
unique reconciliation ID that is assigned by CyberSource. For most
payment processors, you can use this value to reconcile the
transactions in your CyberSource reports with the transactions in
your processor reports.
For details, such as specific field names and information about
processors that do not support reconciliation, see the
implementation guide or developer guide for the payment method
you are using.
Additional Tracking Values A few services provide additional tracking values. See the order
tracking information in the implementation guide or developer guide
for the payment method you are using.
Getting Started with CyberSource Advanced for the Simple Order API | April 2013 12
Chapter 2 Steps for Getting Started
Accessing Reports
In addition to the Transaction Search feature in the Business Center, CyberSource
generates predefined and on-demand reports to help you manage your orders. If at any
time in the future you feel that these reports are not necessary, you can disable the
generation of these reports.
You can access your report settings by logging in to the Business Center with your
administrative login credentials. The following table describes the information to enter for
your administrative login credentials.
After you log in, click the Account Management tab, click Report Subscriptions, and
click the Edit links on the basic and detail report headings to change your settings for
reports. CyberSource recommends that you periodically download and save your reports
for future reference. Your reports remain available for approximately one year in the
Business Center.
The reports that are the most useful for reconciliation are:
Payment Batch Detail Report
Payment Submission Detail Report
Payment Events Report
For information about the formats of these reports and instructions for downloading them,
see the Reporting Developer Guide.
Support Center
For more information about CyberSource services, go to the CyberSource Support
Center. To access the Support Center, log in to the Business Center and click the Support
Center link at the top left side of the page. At the Support Center, you can search the
knowledge base, submit an eTicket, and browse for documentation.
Submitting an eTicket
To request assistance from Customer Support, you can submit an eTicket.
Table 6 Information for Administrative Login Credentials
Value Description
Merchant ID Type in your regular merchant ID followed by _acct.
User Name Type in your regular merchant ID followed by _admin.
Password The password for this account should be the same as the original password
chosen for your merchant ID.
Getting Started with CyberSource Advanced for the Simple Order API | April 2013 13
Chapter 2 Steps for Getting Started
To submit an eTicket:
Step 1 Log in to the CyberSource Business Center.
Step 2 Click the Support Center link near the top-left side of the screen.
The Support Center appears.
Step 3 Click the Create eTicket link, shown below:
Step 4 Enter the information on the Create eTicket screen:
First Name: The first name of the person submitting the eTicket.
Last Name: The last name of the person submitting the eTicket.
Phone Number: The daytime phone number of the person submitting the eTicket.
Email Address: The email address of the person submitting the eTicket.
Sensitive: If you check this box, only the user submitting this eTicket and the
Administrator on this account will be able to view this information.
Issue Type: Select from the drop-down list the issue type that most closely fits your
issue.
Summary: Enter a summary of the problem or request.
Description: Enter a detailed description of the problem or request.
Step 5 Click Next.
The eTicket is created.
Important
Do not include personally identifiable information in your eTicket such as
credit card numbers, card verification codes (CVV/CVC/CID), Social
Security Numbers, or passwords.
Getting Started with CyberSource Advanced for the Simple Order API | April 2013 14
C
H
A
P
T
E
R
3
Simple Order API Basics
The CyberSource Simple Order API enables you to access CyberSource services using
name-value pairs, XML, or SOAP. This document describes the name-value pairs and
XML interfaces. For information about the SOAP interface, see the SOAP Toolkits for Web
Services Developer Guide.
Choosing a Client
The Simple Order API clients include the following components:
Client libraries for communicating with the CyberSource services
Security libraries that digitally sign the messages
Sample code that shows how to digitally sign the messages and use the client
libraries
SOAP proxy classes
The Simple Order API clients are available in various combinations of programming
languages (ASP/COM, C/C++, J ava, .NET, PHP, Perl), platforms (Windows, Solaris,
Linux), and interfaces (name-value pairs, XML, SOAP). Choose a client SDK from the
Simple Order API Clients page on the Developer Center. After downloading an SDK,
CyberSource recommends that you read the accompanying documentation, install the
client, and test the client.
Choosing an API Version
CyberSource updates the Simple Order API regularly to introduce new API fields and new
functionality. With each update, the API version number increases. For the latest version
of the API, see the XML schema at:
https://ics2ws.ic3.com/commerce/1.x/transactionProcessor/
CyberSource recommends that you use the latest version of the Simple Order API to take
advantage of the full functionality of the CyberSource services. See the Simple Order API
Release Notes for information about updates to the API.
Getting Started with CyberSource Advanced for the Simple Order API | April 2013 15
Chapter 3 Simple Order API Basics
When you configure your Simple Order API client, you need to indicate which version of
the API to use. The documentation for your client explains how to do it.
Name-Value Pairs or XML
The name-value pair interface is based on the XML schema. Most of the CyberSource
documentation uses name-value pairs when discussing the Simple Order API. If you are
using XML, you can easily translate the name-value pairs to the corresponding XML
elements as described in "Correlating XML Elements and Name-Value Pair Field Names,"
page 15.
Name-Value Pairs
When you use name-value pairs, a request includes the required name-value pairs for the
services you are requesting. Your Simple Order API client digitally signs and sends your
request. Then you parse the reply message, which consists of name-value pairs.
XML
When you use XML, a request includes the required XML elements and attributes for the
services you are requesting. Your Simple Order API client digitally signs and sends your
request. Then you parse the XML reply message.
Correlating XML Elements and Name-Value
Pair Field Names
XML element names and the name-value pair field names are related in the following
ways:
Each name-value pair field name matches the corresponding XML element name.
The XML schema shows hierarchy with an underscore ( _ ) separating the name of
the parent element from the name of the child element.
Note
In addition to separating the names of the parent elements from the names of
the child elements, underscores can be included in the names of parent
elements and child elements.
Getting Started with CyberSource Advanced for the Simple Order API | April 2013 16
Chapter 3 Simple Order API Basics
For example, the XML schema has a <bi l l To>element with several child elements. The
following table shows some of the <bi l l To>child element names in the XML schema
and the corresponding name-value pair field names.
The XML schema also includes several numbered types and elements. These are
complex types or elements that you can include more than once in a request. For
example, if a customer order includes more than one item, you need to include multiple
<i t em>elements in your request. Each item is numbered, starting with 0. The XML
schema uses an i d attribute in the items opening tag to indicate the number. For
example:
<i t emi d=" 0" >
For the name-value field names, this tag is represented as item_0. In this situation, the
underscore before the number does not indicate hierarchy in the XML schema. The item
fields are generically referred to as item_#_<element name> in the documentation.
Below is an example of the numbered <i t em>element and the corresponding name-
value pair field names. If you are using SOAP, the client contains a corresponding I t em
class.
Example XML Schema Names and Name-Value Pair Field Names
XML Schema Names
Corresponding Name-Value
Pair Field Names
<bi l l To>
<ci t y>
<count r y>
<post al Code>
</ bi l l To>
billTo_city
billTo_country
billTo_postalCode
Note
If you are using SOAP, the complex types in the XML schema translate to
classes of the same name. For example, the <bi l l To>complex type in the
schema translates to a Bi l l To class in the SOAP client.
Example Numbered XML Schema Names and Name-Value Pair Field Names
XML Schema Names
Corresponding Name-Value
Pair Field Names
<i t emi d=" 0">
<uni t Pr i ce>
<quant i t y>
</ i t em>
item_0_unitPrice
item_0_quantity
<i t emi d=" 1">
<uni t Pr i ce>
<quant i t y>
</ i t em>
item_1_unitPrice
item_1_quantity
Getting Started with CyberSource Advanced for the Simple Order API | April 2013 17
Chapter 3 Simple Order API Basics
Constructing and Sending Requests
A request for a CyberSource service includes general information and information specific
to the service that you are requesting. General information includes information about:
You, the merchant
The customer and the form of payment
The items the customer is buying
To indicate which service you are requesting, set the r un attribute for the service to t r ue.
For example, to request the credit card authorization service, set the r un attribute for the
service as shown in the following table.
MultiByte Characters and Special Characters
CyberSource supports multibyte characters for all services except Delivery Address
Verification, Payment Tokenization, and Recurring Billing. Before implementing any of
these services, contact Customer Support to discuss multibyte character support. All of
the Simple Order API clients support UTF-8.
Unless otherwise noted, all field names are case sensitive, and all fields accept special
characters such as @, #, and %.
Example Setting the run Attribute for the Credit Card Authorization Service
Name-Value Pair: ccAut hSer vi ce_r un=t r ue
XML: <ccAut hSer vi ce r un="t r ue">
.
.
.
</ ccAut hSer vi ce>
The values of the item_#_ fields must not contain carets (^) or colons (:)
because these characters are reserved for use by CyberSource services.
The values of all request fields must not contain new lines or carriage returns.
However, they can contain embedded spaces and any other printable
characters. All leading and trailing spaces are removed.
Atos
The billTo_ fields must not contain colons (:).
Moneris
Request-level and offer-level field names and values must not contain
ampersands (&).
Getting Started with CyberSource Advanced for the Simple Order API | April 2013 18
Chapter 3 Simple Order API Basics
Data Types
For more information about these data types, see the World Wide Web Consortium (W3C)
XML Schema Part 2: Datatypes specification.
Using Items or a Grand Total in a Request
For some services, you must specify the amount of the transaction. You can specify the
amount either in a grand total for the entire transaction or in a separate amount for each
product the customer is purchasing.
Items
Items are the products that your customers purchase from you. When you send a request
for a service that requires an amount, you can send item-specific information, such as the
quantity of each item ordered and the unit price for each item. The items are referred to as
item_0, item_1, item_2, and so on. CyberSource uses the information you provide for
each item to calculate the grand total for the order.
Required Item-Level Fields
The value that you use for the item_#_productCode field determines which fields are
required. If you omit the item_#_productCode field, its value defaults to def aul t . If the
value of the item_#_productCode field is one of the values in the bulleted list below, then
the only required field is item_#_unitPrice:
def aul t
a value related to shipping and handling
If you do not set the item_#_quantity field, it defaults to 1.
Data Type Description
Integer Whole number {..., -3, -2, -1, 0, 1, 2, 3, ...}
String Sequence of letters, numbers, spaces, and special characters
Note
If you are using Decision Manager, CyberSource recommends that you provide
individual item information instead of a grand total for the order. Decision
Manager can be configured to use the individual item information to assess the
risk of the order and determine if the purchaser is following your business rules.
For more information about Decision Manager, see the Decision Manager
Developer Guide.
Important
The values for the item_#_ fields must not contain carets (^) or colons (: )
because these characters are reserved for use by CyberSource services.
Getting Started with CyberSource Advanced for the Simple Order API | April 2013 19
Chapter 3 Simple Order API Basics
If you do not set the item_#_productCode field to one of the values in the previous list,
the following fields are required:
item_#_unitPrice
item_#_quantity
item_#_productName
item_#_productSKU
The item_#_taxAmount field is always optional.
Specifying Tax
To include tax for an item, use the item_#_taxAmount field. This value is the total tax for
the entire quantity of that item. In other words, its value is not multiplied by the value of
item_#_quantity.
The grand total for this transaction is (10.00 * 5) +4.00 =54.00.
Specifying Freight Charges
To include a shipping and handling charge for the order, you must include an additional
item with the item_#_productCode field set to one of the following values:
shi ppi ng_onl y
handl i ng_onl y
shi ppi ng_and_handl i ng
The grand total for this transaction is (10.00 * 5) +4.00 +(4.95 * 1) =58.95.
Grand Total
Instead of using an itemized total, you can send a grand total for the order in the
purchaseTotals_grandTotalAmount field. If you provide item-level information in
addition to the grand total, CyberSource uses the grand total amount for the order total;
Example Specifying Tax
i t em_0_uni t Pr i ce=10. 00
i t em_0_quant i t y=5
i t em_0_t axAmount =4. 00
Example Specifying Freight Charges
i t em_0_uni t Pr i ce=10. 00
i t em_0_quant i t y=5
i t em_0_t axAmount =4. 00
i t em_1_uni t Pr i ce=4. 95
i t em_1_quant i t y=1
i t em_1_pr oduct Code=shi ppi ng_onl y
Getting Started with CyberSource Advanced for the Simple Order API | April 2013 20
Chapter 3 Simple Order API Basics
CyberSource does not use the item-level information to calculate the order total. The item-
level information is displayed on the Transaction Details page on the Business Center.
Coupons
You can offer your customers virtual coupons at your web store. CyberSource defines a
coupon as a non-taxable, fixed amount deducted from an order total. Some examples of
coupons you might offer are:
Register now and get $100 off your purchase!
Spring clearance! Get $10 off any order!
Thank you for ordering again within 30 days! Were taking $5 off your order!
How Coupons are Processed
This sequence summarizes how CyberSource processes a request that includes a
coupon:
1 All the items are totaled and then the coupon amounts are deducted, resulting in an
order subtotal.
2 If the request includes the tax calculation service, tax is calculated for all taxable items
to get an order tax total. The tax calculation service ignores coupon items because
they are not taxable.
3 The order subtotal and order tax total are added to get an order grand total.
4 The order grand total is used by the services in your request.
For example, if you requested an electronic check debit in the request with the coupon,
the electronic check debit service uses the order grand total as the amount to charge.
Coupon Constraints
You cannot use coupons to do the following:
Apply a discount to a specific item in a multi-item order
Apply a discount to a specific item before tax is calculated
Apply a percentage discount
The total coupon amount cannot be greater than the order grand total. Calculate your
order totals before you send your requests to CyberSource so that you do not send orders
with negative subtotals. CyberSource returns an error for orders with negative subtotals.
Important
If you include purchaseTotals_grandTotalAmount in your request, you
cannot include the tax calculation service in the request. See Tax Calculation
Service for the Simple Order API.
Getting Started with CyberSource Advanced for the Simple Order API | April 2013 21
Chapter 3 Simple Order API Basics
Including a Coupon in the Request
To request a coupon with an order, include in the request an item with the product code set
to coupon. For example, if your request contains two items, item_0 and item_1, request
a coupon by adding item_2. The following example shows how to specify a 10 USD
coupon. The quantity, productName, and productSKU fields are required.
Requesting a Follow-On Service for PayPal Express
Checkout, China Processing, or Atos
For China Processing and the Atos processor, a request for a follow-on service must
include a request ID and a request token. These values are identifiers that CyberSource
returns in the reply messages for all services. You need to store these values because you
will need them when you send a request for a follow-on service:
Step 1 Save the request ID and request token from the reply for the primary service. Here is an
example of the fields you will receive in the reply message:
r equest I D=0305782650000167905080
r equest Token=AA4J Ur WguaMUGwxSWVdPS5I M
Step 2 Send these values in the follow-on request. For the request token, use the following field:
or der Request Token=AA4J Ur WguaMUGwxSWVdPS5I M
For the request ID, the field name depends on the names of the primary service and
follow-on service.
i t em_2_uni t Pr i ce=10. 00
i t em_2_quant i t y=1
i t em_2_pr oduct Code=coupon
i t em_2_pr oduct Name=Spr i ng Cl ear ance
i t em_2_pr oduct SKU=349209
Important
Request tokens are required in follow-on request messages only for China
Processing and the Atos processor. If you are using other payment methods
and processors, you are not required to include request tokens in your request
messages.
Important
Although the name of the request token field that you receive is the same in
each reply, the value for the field is different. Therefore, you must save each
request token that you receive.
Getting Started with CyberSource Advanced for the Simple Order API | April 2013 22
Chapter 3 Simple Order API Basics
Requesting a Follow-on Service for All Other Payment
Methods and Processors
To request a follow-on service:
A request for a follow-on service must include a request ID. This value is an identifier that
CyberSource returns in the reply messages for all services. You need to store this value
because you will need it when you send a request for a follow-on service:
Step 1 Save the request ID from the reply for the primary service. Here is an example of the field
you will receive in the reply message:
r equest I D=0305782650000167905080
Step 2 Send this value in the follow-on request. The request field name depends on the names of
the primary service and follow-on service.
Working with Request Tokens
The request token is a unique identifier that CyberSource assigns to each request and
returns to you in each reply. This field is an encoded string that does not contain any
confidential information, such as account numbers or card verification numbers. For China
Processing and Atos, you need to store this value, which is a string that can contain up to
256 characters. Depending on how you process follow-on requests, you might need to
retrieve the request token value and include it in your follow-on service requests:
If you process primary requests with an API, but process follow-on requests through
the Business Center, you do not need to provide the request token data.
If you process primary and follow-on requests with an API, you need to retrieve the
request token from the primary reply message and include it in the follow-on request
message:
Primary reply: r equest Token=AA4J Ur WguaMUGwxSWVdPS5I M
Follow-on request: or der Request Token=AA4J Ur WguaMUGwxSWVdPS5I M
Important
Request tokens are required in request messages only for China Processing
and the Atos processor. If you are using other payment methods and
processors, you are not required to include request tokens in your request
messages.
Getting Started with CyberSource Advanced for the Simple Order API | April 2013 23
Chapter 3 Simple Order API Basics
Existing Merchants Who Have Not Implemented
Request Tokens
If you were a CyberSource merchant before J uly 2008 and never implemented request
tokens, you have these choices:
You can implement the request token as described in this document.
You can let CyberSource store the request token data for you and retrieve it for you as
necessary when you send follow-on requests.
Existing Merchants Who Have Implemented Request
Tokens
If you were a CyberSource merchant before J uly 2008 and implemented request tokens,
your implementation uses a different field name for the request token that is sent to each
different follow-on service. With the new implementation, you would use the
orderRequestToken field for all follow-on services. This approach makes it easier to
manage the request token values. It also reduces the likelihood of submitting a duplicate
request by accidentally sending in the wrong request token value. You have these
choices:
You can continue to use your current implementation at this time. It is still supported,
but CyberSource recommends that you update your implementation to use the
orderRequestToken field.
You can update your implementation to store the latest request token for a transaction
in one database field to return with all follow-on services for the transaction:
You can update your implementation without changing your database. Store the latest
request token for a transaction in all of your existing request token database fields so
that any follow-on request for the transaction will return the latest request token value:
Note
The following figure uses the request field names for the Credit Card services.
If you are using a different set of services, substitute the request field names for
the services you are using.
Getting Started with CyberSource Advanced for the Simple Order API | April 2013 24
Chapter 3 Simple Order API Basics
Sending Requests
For live transactions, send requests to the location of the XML schema:
https://ics2ws.ic3.com/commerce/1.x/transactionProcessor
For test transactions, send requests to:
https://ics2wstest.ic3.com/commerce/1.x/transactionProcessor
Handling Replies
After receiving a request from you, CyberSource responds with a reply message that
provides the results of the request. To use the reply information, you must integrate it into
your system and any other system that uses that data. This integration process includes
storing the data and passing it to any other systems that need the information.
If you are using XML, you need to use an XML parser that supports namespaces because
XML replies from CyberSource contain the namespace prefix c:.
Getting Started with CyberSource Advanced for the Simple Order API | April 2013 25
Chapter 3 Simple Order API Basics
Write an error handler to interpret the information in the reply message. Do not show the
reply information directly to your customers. Instead, present an appropriate response that
provides customers with the results of their transactions.
Decisions
Every reply message includes the decision field, which summarizes the overall result of
your request. Look at this field first to decide your course of action. The following table
describes the possible values for the decision field. You are charged for all accepted,
rejected, and reviewed requests. You are not charged for requests that result in errors.
Important
Because CyberSource can add reply fields and reason codes at any time, do
the following:
Parse the reply data according to the names of the fields instead of their
order in the reply. For more information about parsing reply fields, see the
documentation for your client.
Program your error handler to use the decision field to determine the
result if it receives a reason code that it does not recognize.
Table 7 Possible Values for the Decision Field
Value of decision Description
ACCEPT The request succeeded.
ERROR There was a system error. Errors that are caused by system problems
are usually unrelated to the content of the request itself. You must
design your transaction management system to correctly handle
CyberSource system errors.
Depending on which payment processor is handling the transaction,
the error could indicate a valid CyberSource system error or it could
indicate a processor rejection because of invalid data. CyberSource
recommends that you do not design your system to endlessly retry
sending a transaction in the case of a system error.
Use the value of the reasonCode field to determine the reason for the
ERROR decision. For more information about handling system errors
and retries, see the documentation for your client.
Getting Started with CyberSource Advanced for the Simple Order API | April 2013 26
Chapter 3 Simple Order API Basics
Reason Codes
After looking at the value of the decision field, use the value of the reasonCode field to
determine the reason for the decision and decide if you want to take further action:
If the decision was ERROR, the reason code indicates the type of error that occurred.
If the decision was REJ ECT, the reason code indicates the reason for the rejection and
whether you can take action that might result in a successful order.
The <service>_reasonCode fields indicate the result of each specific service that you
requested. For example, if you request a credit card authorization, the reply message
includes the ccAuthReply_reasonCode field.
Reviews
If you use Decision Manager, you can receive the REVI EWvalue in the decision field. A
REVI EWmeans that Decision Manager has flagged the order for review based on how you
configured the Decision Manager rules.
If you set up your system to use the CyberSource services and then later decide to use
Decision Manager, you must determine how to handle the new REVI EWvalue. Ideally, you
will update your order management system to recognize the REVI EWresponse and
handle it according to your business rules.
REJ ECT One or more of the service requests was declined. Requests can be
rejected by CyberSource, the payment processor, or the issuing bank.
For example:
CyberSource rejects a request if required data is missing or invalid.
The issuing bank rejects a request if the card limit is reached and
funds are not available.
This value can also be returned when an authorization transaction for
a debit card or prepaid card is partially approved. See the information
about debit cards and prepaid cards in Credit Card Services Using the
Simple Order API.
Use the value of the reasonCode field value to determine the reason
for the REJ ECT decision.
REVI EW Decision Manager flagged the order for review.
Note
CyberSource reserves the right to add new reason codes at any time. If your
error handler receives a reason code that it does not recognize, it should use
the decision field to determine the result.
Table 7 Possible Values for the Decision Field (Continued)
Value of decision Description
Getting Started with CyberSource Advanced for the Simple Order API | April 2013 27
Chapter 3 Simple Order API Basics
If you are unable to update your system to handle the REVI EWresponse, CyberSource
recommends that you choose one of these options:
Treat the REVI EWresponse like a REJ ECT response and reject any orders that are
flagged for review. This might be appropriate if the product you sell is a software
download or access to a Web site.
If you approve he order after reviewing it, convert the order status to ACCEPT in your
order management system.
If you approve the order after reviewing it but cannot convert the order status to
ACCEPT in your system, submit a new request for the order. You must disable
Decision Manager when processing this new request or the order will be flagged for
review again. For details about the API field that disables Decision Manager, see the
Decision Manager Developer Guide.
Alternately, you can specify a custom business rule in Decision Manager so that requests
originating from a particular internal IP address at your company are automatically
accepted.
Missing or Invalid Fields
You are responsible for ensuring that the data you send to CyberSource is complete (no
missing fields) and correct (no invalid data). Verify the data entered on your web sites and
point-of-sale applications before sending the information to CyberSource.
If you send a request with missing or invalid information, the reply message includes the
appropriate reason codes and one or more reply fields, invalidField_0...N or
missingField_0N, which list the fields you need to correct. The nature of the missing or
invalid information determines the number and the content of the reply fields. For
example, if three required fields are missing from your request, the reply includes at least
one and up to three fields named missingField_0, missingField_1, and missingField_
2. You need to correct these fields and resubmit the request.
Because the API behavior pertaining to these reply fields is always subject to change, do
not use these fields to communicate with customers.
Note
For XML, the <mi ssi ngFi el d>and <i nval i dFi el d>elements are not
numbered. Instead, the reply includes multiple <mi ssi ngFi el d>or
<i nval i dFi el d>elements.
If you are using SOAP, the reply includes an array of the missing fields and an
array of the invalid fields.
Getting Started with CyberSource Advanced for the Simple Order API | April 2013 28
Chapter 3 Simple Order API Basics
Request IDs and Request Tokens
Request IDs and Request Tokens for PayPal Express
Checkout, China Processing, and Atos
CyberSource returns a request ID and a request token in the reply for every service. You
must store these values because you will need them when you send a request for a
follow-on service as described in "Requesting a Follow-On Service for PayPal Express
Checkout, China Processing, or Atos," page 21.
Request IDs for All Other Payment Methods and
Processors
CyberSource returns a request ID in the reply for every service. You must store this value
because you will need it when you send a request for a follow-on service as described in
"Requesting a Follow-on Service for All Other Payment Methods and Processors,"
page 22.
Important
Request tokens are required in request messages only for PayPal Express
Checkout, China Processing, and the Atos processor. If you are using other
payment methods and processors, you are not required to include request
tokens in your request messages.
Important
Although the names of the request token and request ID fields are the same in
each reply, the values for the fields are different in each reply. Therefore, you
must save each request ID and request token that you receive.
Important
Although the name of the request ID field is the same in each reply, the value
for the field is different in each reply. Therefore, you must save each request ID
that you receive.