PayFacto API - v1.0 - POST /v1/purchaseWithToken

PayFacto API - v1.0 - POST /v1/purchaseWithToken

PayFacto API - v1.0 - POST /v1/purchaseWithToken

Obtains a credit card authorization for a financial transaction using a previously stored card token instead of raw card data. Supports E-Commerce (Internet), MOTO (Mail Order / Telephone Order).

1

Prerequisites

πŸ”‘

API Key

Generate your API key from the Payments Manager: Administrator Client β†’ API Key β†’ Add New Key. Pass it as auth-api-key in every request.

πŸͺ

Company & Merchant Numbers

Your CompanyNumber (5-digit) and MerchantNumber (8-digit) are issued by PayFacto during onboarding. Both are required on every Purchase with Token request.

🌐

Environment Base URL

Test: https://test.api.payfacto.cloud/v1   |   Production: Provided by the PayFacto Integration team upon certification.

πŸ“¦

Request Format β€” Base64-Encoded Payload

Requests use HTTP POST with an application/x-www-form-urlencoded body. Assemble all parameters as a cleartext query string, Base64-encode it, then send: auth-api-key={key}&payload={base64}.

πŸͺ™

Card Token

A Token is a security token linked to a client's credit card. Tokens are returned by the PayFacto platform when tokenization is enabled on a prior transaction. The token must be active, have a valid card on file, and not be expired.

2

Request

POST https://test.api.payfacto.cloud/v1/purchaseWithToken
ℹ️

All parameters are passed inside the Base64-encoded payload form field. Raw body format: auth-api-key=<key>&payload=<base64>. For terminal transactions (InputType=N), send MerchantTerminalNumber as the assigned terminal number; for E-Commerce, send 5 blank spaces.

Required fields

FieldTypeDescription
CompanyNumberNumeric(5)Identifies the merchant on PayFacto's network. Provided by PayFacto during onboarding. Example: 12345
MerchantNumberNumeric(8)Identifies the merchant to PayFacto's network. Provided by the integration team. Example: 53400000
CustomerNumberAlphanumeric(8)Merchant-assigned customer identifier. Associates a client record with the transaction. Example: CLIENT12
AmountNumeric(11)Transaction amount including the decimal portion, left (0) padded. Example: 00000010000 = $100.00
InvoiceNumberAlphanumeric(12)Merchant-generated invoice number associated with the transaction. May be unique or reused per merchant needs. Example: 123456789123
InputTypeAlphanumeric(1)How the transaction is initiated. N = terminal/pinpad (Semi-Integrated), I = Internet/E-Commerce, M = MOTO, U = Unattended.
TokenAlphanumeric(35)Security token linked to the client's credit card, used in place of raw card data. Returned by PayFacto when tokenization is enabled on a prior transaction. Example: 2079wo00wbwp916d3l2mutd8t7965o99mp9
MerchantTerminalNumberNumeric(5)Identifies the terminal on PayFacto's network. For E-Commerce transactions, send 5 blank spaces. Example: 12345
LanguageCodeAlphanumeric(1)Language for PayFacto responses and hosted pages. F = French, E = English.
CurrencyCodeAlphanumeric(3)Currency of the transaction (indicative only). CAD = Canadian dollars, USD = US dollars (requires a US merchant number).
OperatorIDAlphanumeric(8)Identifies the cashier, agent, or system that initiated the transaction. Example: USER0001

Optional fields

FieldTypeDescription
CardHolderAddressAlphanumeric(20)Cardholder's billing address. Used for Address Verification Service (AVS) validation.
CardHolderPostalCodeAlphanumeric(9)Cardholder's billing postal code for AVS. Right-padded with spaces to 9 characters. Example: J6A2T8   
CardHolderAVVAlphaHex(40)Verified by Visa (VbV) authentication token. Required for 3-D Secure Visa transactions.
xIDAlphaHex(40)Transaction identifier returned by a successful Verified by Visa login. Required for 3-D Secure flows.
uCAFAlphanumeric(64)Mastercard SecureCode authentication data. Required for 3-D Secure Mastercard transactions.
taxAmountNumeric(11)Total tax amount included in Amount, left (0) padded. Required to enable pre-tax tip prompts on the terminal. Without it, tip is calculated on the full amount including tax. Example: 00000000374 = $3.74
TrxOptionAlpha(50)Adds transaction-level options. For Credential-on-File initial transactions, pass twice: TrxOption=isCredentialOnFile&TrxOption=isFirst. Accepted values: isCredentialOnFile, isRecurring, isInstallment (mutually exclusive).
UserEchoDataAlphanumeric(256)Custom data printed on the terminal receipt (Semi-Integrated only). Pipe-delimited line segments. Contact PayFacto integration before use.
3

Request β€” Code Example

⚠️

The example below uses the test endpoint and a sandbox API key. Replace credentials and base URL before going live.

cURL
# Purchase with Token β€” POST /v1/purchaseWithToken
# Step 1: Build the cleartext payload

PAYLOAD="CompanyNumber=12345&MerchantNumber=53400000&CustomerNumber=CLIENT12&Amount=00000010000&InvoiceNumber=INV000000001&InputType=I&Token=2079wo00wbwp916d3l2mutd8t7965o99mp9&MerchantTerminalNumber= &LanguageCode=E&CurrencyCode=CAD&OperatorID=USER0001"

# Step 2: Base64-encode the payload
ENCODED=$(echo -n "$PAYLOAD" | base64)

# Step 3: Submit the request
curl -X POST "https://test.api.payfacto.cloud/v1/purchaseWithToken" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "auth-api-key=YOUR_TEST_API_KEY&payload=$ENCODED"
4

Response

Always returned

FieldTypeDescription
returnCodeAlphanumeric(4)Identifies the exact status of the transaction result. 00 = approved. All other values indicate a failure. Refer to Section 6 for endpoint-specific codes.
authorizationNumberAlphanumeric(8)Authorization code obtained following the successful completion of the transaction. Mandatory to display on all customer receipts. Example: APPROV99
transactionNumberNumeric(12)Unique PayFacto gateway transaction identifier. Store this β€” required for Void and Refund operations. Example: 000111222333
amountNumeric(11)Echo of the requested transaction amount.
accountTypeAlphanumeric(1)Account type used for the transaction. C = Chequing, S = Savings.
bankTerminalNumberAlphanumeric(8)Terminal identifier at the banking acquirer that processed the transaction.
batchNumberNumeric(4)Batch number used by the terminal when the transaction was processed. Can be used when generating client receipts. Example: 0001
cardNumberAlphanumeric(40)Masked card number resolved from the token.
cardTypeAlphanumeric(1)Card brand determined by the network. A = Amex, D = Debit, F = Datacandy, I = Diners, J = JCB, M = Mastercard, O = Discover, V = Visa.
companyNumberNumeric(5)Echo of the request CompanyNumber.
expirationDateNumeric(4)Expiration date of the card resolved from the token, in MMYY format.
invoiceNumberAlphanumeric(12)Echo of the request InvoiceNumber.
languageCodeAlphanumeric(1)Echo of the request LanguageCode.
merchantNumberNumeric(8)Echo of the request MerchantNumber.
operatorIdAlphanumeric(8)Echo of the request OperatorID.
receiptDispAlphanumeric(32)PayFacto-generated receipt message. Can be used to produce a receipt. Example: APPROVED-THANK-YOU
referenceNumberAlphanumeric(10)Reference number obtained following the successful completion of the transaction.
sequenceNumberAlphanumeric(12)Sequence number generated by the banking acquirer.
serverNumberAlphanumeric(4)Identifies the PayFacto Network server that processed the transaction.
terminalDispAlphanumeric(24)Transaction message displayed on the terminal or payment page. Example: APPROVED
terminalNumberNumeric(5)Identifies the terminal in the PayFacto Network used to process the transaction.
timeStampAlphanumeric(17)Date and time the transaction was processed on the payment server. Format: YYYYMMDD-HHMMSSCC. Example: 20240515-14300100
trxCodeAlphanumeric(2)Transaction type code. For a Purchase with Token this is always 52.
trxDateNumeric(8)Transaction date at the banking acquirer. Format: MMDDYYYY. May differ from timeStamp.
trxMethodAlphanumeric(3)Summarizes how the transaction was processed. First character: D = swiped, T = manual entry. Third character: 1 = authorized. Example: T@1
trxTimeNumeric(6)Transaction time at the banking acquirer. Format: HHMMSS. May differ from timeStamp.
trxTypeAlphanumeric(1)Type of card used. C = Credit, D = Debit, F = Fidelity/Gift.

Conditionally returned

FieldTypeDescription
customerNumberAlphanumeric(8)Only returned when provided in the request. Echo of the request CustomerNumber.
avsStatusAlphanumeric(1)Only returned when CardHolderAddress or CardHolderPostalCode were sent. M = Both match, N = Neither match, Z = Postal only, A = Address only, U = Unavailable.
cashbackAmountNumeric(11)Only returned when a cash-back amount was applied. Left (0) padded.
cvmResultsAlphanumeric(6)Only returned for chip (EMV) transactions. Cardholder Verification Method result. Print a signature line on the receipt if the first 2 digits are 03, 05, 43, 45, 1E, or 5E.
demoModeAlphanumeric(4)Only returned when the terminal is in demo mode. Value will be true.
emvAIDAlphanumeric(32)Only returned for chip (EMV) transactions. EMV Application Identifier. Example: AID: A000000277
emvLabelAlphanumeric(16)Only returned for chip (EMV) transactions. Human-readable application label. Example: Visa, Interac
emvTCAlphanumeric(40)Only returned for chip (EMV) transactions. EMV Transaction Cryptogram. Example: TC: A2E51243D4C7E551
emvTSIAlphanumeric(4)Only returned for chip (EMV) transactions. EMV Transaction Status Information.
emvTVRAlphanumeric(10)Only returned for chip (EMV) transactions. EMV Terminal Verification Result.
errorDescriptionAlphanumeric(50)Only returned when the transaction is not approved. Human-readable description of the failure reason.
surchargeAmountNumeric(11)Only returned when a surcharge was applied. Left (0) padded.
taxAmountNumeric(11)Only returned when taxAmount was included in the request. Echo of the submitted tax amount.
terminalInvoiceNumberNumeric(12)Only returned for terminal transactions. Terminal-assigned invoice number.
threeDSStatusAlphanumeric(1)Only returned when 3-D Secure data was sent. P = Passed, F = Failed, N = Not validated.
tipAmountNumeric(11)Only returned when a tip was added at the terminal. Left (0) padded.
tokenAlphanumeric(35)Only returned when tokenization is enabled. Echo or updated token linked to the cardholder for future token-based transactions.
5

Response β€” Code Example

JSON β€” 200 Approved
{
"returnCode": "00",
"authorizationNumber": "APPROV99",
"transactionNumber": "000111222333",
"referenceNumber": "0000000001",
"amount": "00000010000",
"accountType": "C",
"cardNumber": "411111XXXXXX1111 ",
"cardType": "V",
"trxType": "C",
"trxCode": "52",
"trxDate": "05152024",
"trxTime": "143001",
"trxMethod": "T@1",
"timeStamp": "20240515-14300100",
"batchNumber": "0001",
"sequenceNumber": "000011112222",
"serverNumber": "0001",
"terminalNumber": "00001",
"bankTerminalNumber": "00000001",
"companyNumber": "12345",
"merchantNumber": "53400000",
"invoiceNumber": "INV000000001",
"expirationDate": "1226",
"languageCode": "E",
"operatorId": "USER0001",
"receiptDisp": "APPROVED-THANK-YOU ",
"terminalDisp": "APPROVED "
}
JSON β€” Declined / Error
{
"returnCode": "9126",
"errorDescription": "INVALID TOKEN",
"terminalDisp": "DECLINED ",
"receiptDisp": "DECLINED ",
"transactionNumber": "000111222334",
"timeStamp": "20240515-14300200"
}
6

Error / Return Codes

The following codes are most relevant to this endpoint. For the complete catalogue see the Return Code Index.

Return CodeMeaningWhen it occursRecommended Action
00Transaction approvedThe transaction was authorized successfully by the card issuer.Display the authorizationNumber on the customer receipt. Store the transactionNumber for potential Void or Refund operations.
05Transaction declinedThe transaction was declined by the issuing bank.Retry the transaction. If the problem persists, contact PayFacto customer service.
51Insufficient fundsThe client does not have sufficient funds in the account linked to the token's card.Ask the customer to use a different payment method.
54Expired cardThe card associated with the token has expired at the issuing bank.Update the customer's card information in their profile and obtain a new token.
9004"Null" value: company numberCompanyNumber is null or blank in the payload.Check your application. The field must correspond to the specification in the documentation.
9005 / 9006Invalid / rejected: company numberCompanyNumber does not match the required 5-digit length or is not configured in the payment solution.Make sure the application uses the correct company number provided by PayFacto. If it does, contact PayFacto customer service.
9007"Null" value: merchant numberMerchantNumber is null or blank in the payload.Check your application. The field must correspond to the specification in the documentation.
9008 / 9009Invalid / rejected: merchant numberMerchantNumber does not match the required 8-digit length or is not configured in the payment solution.Make sure the application uses the merchant number provided by PayFacto. If it does, contact PayFacto customer service.
9013 / 9014 / 9015Null / invalid / rejected: amountAmount is null, does not match the required 11-digit length, or does not follow the specification.Confirm the amount is left (0) padded to 11 digits and includes the decimal portion. If the problem persists, contact PayFacto customer service.
9016 / 9017 / 9018Null / invalid / rejected: invoice numberInvoiceNumber is null, exceeds 12 characters, or does not follow the specification.Check your application. The field must correspond to the specification in the documentation.
9019 / 9020 / 9021Null / invalid / rejected: input typeInputType is null, not a single character, or not in the list of accepted values (N, I, M, U) or not associated with the merchant.Check your application. The field must correspond to the specification in the documentation.
9126Invalid tokenThe received token does not follow the length described in the documentation or is valid but not associated with the merchant or client.Verify your data. The field must match the specification. If it does, contact PayFacto customer service.
9127Inactive clientThe received token matches a client who has been removed from the recurrence system.Verify your data. Reactivate the client or use a different token.
9133Token with expired credit cardThe received token matches a customer whose credit card on file is expired.Obtain the customer's new credit card information, update their profile, and re-tokenize before processing the transaction.
9134Token with no credit cardThe received token corresponds to a customer who has no credit card in their profile.Obtain the customer's credit card information, update their profile, and obtain a new token before processing the transaction.
9051Time outTransaction processing timed out. Often caused by an inactive Dispatcher module.Retry the transaction. If the problem persists, contact PayFacto customer service.
9049 / 9050Fatal errorA critical error occurred while processing the transaction.Retry the transaction. If the problem persists, contact PayFacto customer service.