POST /transactions

Creates a transaction of type sale, authorize or setup.

Use this operation for the following transactions.

Real-time decision and response

In this transaction, you send a request and inspect the result of the response for approved or declined.

User approval/interaction required

In this transaction, user approval is required to complete the transaction. User approval generally requires the user to interact with a third party, and is common in many transactions for alternative methods. For example, PayPal requires user permission to complete a payment or to accept a billing agreement. Payment cards may also require user approval for 3D secure authentication.

If approval is required, you receive a response with a result value of unknown and a status value of waiting-approval. The _links property of the response has a link for the approvalUrl. Open the approvalUrl in an iframe or in a pop. A pop is a better workflow for mobile devices.

Servers

https://api-sandbox.rebilly.com/organizations/{organizationId}
https://api.rebilly.com/organizations/{organizationId}

Request headers

Name	Type	Required	Description
`Content-Type`	String	Yes	The media type of the request body. Default value: "application/json"

Query parameters

Name Type Required Description

Name	Type	Required	Description
`expand`	String	No	Expands a request to include embedded objects within the `_embedded` property of the response. This field accepts a comma-separated list of objects. For more information, see Embedded resources.

expand

String

Expands a request to include embedded objects within the _embedded property of the response. This field accepts a comma-separated list of objects.

For more information, see Embedded resources.

Request body fields

Name	Type	Required	Description
`paymentInstruction`	Object	No	Payment instruction for the purchase. If this value is not supplied, the customer's default payment instrument is used.
`isProcessedOutside`	Boolean	No	Specifies when the transaction is processed outside Rebilly. Default value: false
`requestId`	String	No	Use this field to prevent duplicate transaction requests that may occur within a short period of time. If a duplicate request is sent with the same `requestId`, it is ignored to prevent double-billing. This value must be unique within a 24-hour period. Important: This field is recommended.
`description`	String	No	Payment description.
`processedTime`	String	No	Time the transaction is processed. This field is only specified if the transaction is processed outside Rebilly.
`upsertCustomer`	Boolean	No	Specifies whether to create or update (upsert) a customer. If this value is `true`, the operation creates or updates (upserts) a customer. If this value is `false`, the `customerId` already exists, and the related customer is not updated. Default value: false
`limits`	Object	No	Transaction amount limit information.
`limits.resetTime`	String	No	Date and time in which the limit amount resets. This value may be used for user interfaces.
`limits.amount`	Number	No	Limit amount.
`limits.currency`	String	No	Merchant's reporting currency.
`billingAddress`	Object	No	Billing address. If this value is not supplied, the billing address associated with the payment instrument is used. If no billing address is associated with the payment instrument, the customer's billing address is used.
`currency`	String	Yes	Currency code in ISO 4217 format.
`websiteId`	String	Yes	ID of the website. A website is where an organization obtains a customer. For more information, see Obtain an organization ID and website ID.
`customerId`	String	Yes	ID of the customer resource.
`customFields`	Object	No	Use custom fields to extend a resource scheme to include custom data that is not provided as a common field. For more information, see Custom fields.
`invoiceIds[]`	Array	No	Array of invoice IDs.
`isMerchantInitiated`	Boolean	No	Specifies when the transaction is initiated by the merchant. Default value: false
`amount`	Number	Yes	Amount of the transaction.
`redirectUrl`	String	No	URL to redirect the end-user when an offsite transaction is completed. Defaults to the configured URL of the website. You may use `{id}` or `{result}` as placeholders in the URL, these are replaced the with the transaction ID and result accordingly.
`type`	String	Yes	Type of transaction. This field supports a limited subset of transaction types. To refund or void, see Refund a transaction. To `capture`, use the `sale` type. If any existing `authorize` transactions are eligible, they are captured and the `sale` converts to a `capture` type. The `setup` type sets up the payment instrument by following the `setupInstruction` in the selected gateway account. If the instruction is to `do-nothing`, a transaction with result `approved` of type `setup` returns. Valid values: `"setup"` `"authorize"` `"sale"`
`riskMetadata`	Object	No	Risk metadata used for 3D Secure and risk scoring.
`riskMetadata.hasMismatchedHolderName`	Boolean	No	Specifies if the customer's billing address name and primary address name are not the same.
`riskMetadata.score`	Integer	No	Computed risk score based on IP risk data, such as: `isVpn`, `isTor`, and `isProxy`.
`riskMetadata.emailVelocity`	Integer	No	Number of transactions for this email address in the last 24 hours.
`riskMetadata.httpHeaders`	Object	No
`riskMetadata.hasMismatchedBillingAddressCountry`	Boolean	No	Specifies if the customer's billing address country and geo-IP address are not the same.
`riskMetadata.declinedPaymentInstrumentVelocity`	Integer	No	Number of declined transactions for this payment instrument fingerprint in the last 24 hours.
`riskMetadata.accuracyRadius`	Integer	No	Accuracy radius of the specified IP address, in kilometers.
`riskMetadata.latitude`	Number	No	Latitude of the specified IP address.
`riskMetadata.isHosting`	Boolean	No	Specifies if the customer's IP address is related to hosting.
`riskMetadata.city`	String	No	City of the specified IP address.
`riskMetadata.extraData`	Object	No	Third-party data used for risk scoring.
`riskMetadata.extraData.payPalMerchantSessionId`	String	No	PayPal `MerchantSessionID` as generated by the PayPal Fraudnet SDK.
`riskMetadata.extraData.threatMetrixSessionId`	String	No	Temporary identifier that is unique to the visitor session and passed to ThreatMetrix.
`riskMetadata.extraData.kountFraudSessionId`	String	No	Alpha-numeric `fraudSessionId` as provided by the Kount SDK.
`riskMetadata.isProxy`	Boolean	No	Specifies if the customer's IP address is related to a proxy.
`riskMetadata.postalCode`	String	No	Postal code of the specified IP address.
`riskMetadata.paymentInstrumentApprovedTransactionCount`	Integer	No	Number of approved transactions for this payment instrument.
`riskMetadata.longitude`	Number	No	Longitude of the specified IP address.
`riskMetadata.hasMismatchedTimeZone`	Boolean	No	Specifies if the customer's browser time zone and the IP address associated time zone are not the same.
`riskMetadata.distance`	Integer	No	Distance between the customer's IP address and the billing address geolocation, in kilometers.
`riskMetadata.country`	String	No	Country ISO Alpha-2 code of the specified IP address.
`riskMetadata.paymentInstrumentVelocity`	Integer	No	Number of transactions for this payment instrument, based on fingerprint, in the last 24 hours.
`riskMetadata.hostingName`	String	No	Name of the data center or hosting provider, if available.
`riskMetadata.region`	String	No	Region of the specified IP address.
`riskMetadata.hasMismatchedBankCountry`	Boolean	No	Specifies if the customer's bank country and geo-IP address are not the same.
`riskMetadata.browserData`	Object	No	Browser data used for 3D Secure and risk scoring.
`riskMetadata.browserData.isJavaEnabled`	Boolean	Yes	Specifies if Java is enabled in a browser. This value is obtained from the `navigator.javaEnabled` property.
`riskMetadata.browserData.isAdBlockEnabled`	Boolean	No	Specifies if the usage of ad block has been detected in the browser.
`riskMetadata.browserData.screenWidth`	Integer	Yes	Width of the browser screen. This value is obtained from the `screen.width` property.
`riskMetadata.browserData.timeZoneOffset`	Integer	Yes	Browser time zone offset in minutes from UTC. A positive offset indicates that the local time is behind UTC. A negative offset indicates that the local time is ahead of UTC. You can find this value using the `(new Date()).getTimezoneOffset()` property.
`riskMetadata.browserData.screenHeight`	Integer	Yes	Height of the browser screen. This value is obtained from the `screen.height` property.
`riskMetadata.browserData.colorDepth`	Integer	Yes	Browser color depth in bits per pixel. This value is obtained using the `screen.colorDepth` property.
`riskMetadata.browserData.language`	String	Yes	Browser language settings. This value is obtained from the `navigator.language` property.
`riskMetadata.isVpn`	Boolean	No	Specifies if the customer's IP address is related to a VPN.
`riskMetadata.fingerprint`	String	No	Customer's device fingerprint. A device fingerprint is a unique token that is used to identify the customer. The device fingerprint is generated based on device attributes, such as: hardware, software, IP address, language, browser, and more.
`riskMetadata.ipAddress`	String	No	Customer's IP address.
`riskMetadata.billingAddressVelocity`	Integer	No	Number of transactions for this billing address in the last 24 hours.
`riskMetadata.deviceVelocity`	Integer	No	Number of transactions for this device, based on fingerprint, in the last 24 hours.
`riskMetadata.ipVelocity`	Integer	No	Number of transactions for this IP address in the last 24 hours.
`riskMetadata.isp`	String	No	Internet Service Provider (ISP) name, if available.
`riskMetadata.hasFakeName`	Boolean	No	Specifies if the holder name seems fake.
`riskMetadata.timeZone`	String	No	Time zone of the specified IP address.
`riskMetadata.isTor`	Boolean	No	Specifies if the customer's IP address is related to TOR.
`riskMetadata.isHighRiskCountry`	Boolean	No	Specifies if the geo-IP country, or the customer's billing country, is considered a high risk country.
`gatewayAccountId`	String	No	ID of the gateway account. Rebilly selects the payment gateway account for the transaction based on transaction properties and the rules configuration of the `gateway-account-requested` event. To prevent Rebilly from making the gateway account selection, supply a gateway account ID in this field. Only use this field if you intend to override the settings.
`notificationUrl`	String	No	URL where a server-to-server `POST` notification is sent. This notification is sent when the transaction result is finalized after a timeout or an offsite interaction. Do not interpret this notification as a confirmation, complete a `GET` request to confirm the result of the transaction. To ensure the request is not reattempted, when the result is confirmed, respond with a `2xx` HTTP status code. The following placeholders are available to use in this URI: `{id}` and `{result}`. These placeholders are replaced the with the transaction ID and result accordingly.

How to start integrating

Add HTTP Task to your workflow definition.
Search for the API you want to integrate with and click on the name.
- This loads the API reference documentation and prepares the Http request settings.
Click Test request to test run your request to the API and see the API's response.