API
Nautilus system behavior is controlled using API calls. This way you can register new cards, new card products, control handling of different currencies and manually request transaction data.
How to use the API – Big Picture
Before you begin, make sure you have done the following:
- Obtain API access URL, username, password and secret key for accessing API
- Depending on the language you plan to use you might want to generate communication classes and methods (ATS API is exposed as WSDL web service, so there are tools for many languages which can be used to automatically generate code for consuming it – to get WSDL simply append "?wsdl" to API access URL)
Before using any API calls you need to generate some security-related parameters which are used by Nautilus to verify that request is indeed coming from you (and not, for example, from a proxy server between you and Nautilus). More details about this can be found in the chapter about Security.
As a very first step you should register a card product, which will define settling and billing behavior for all cards associated with it – use AddCardProduct call for this.
After registering a card product you usually want to register cards associated with it – use AddCard call for this. Make sure to include the Reference parameter, because Nautilus will later always send the same reference to you together with other card data, making it easier to pair cards from transaction data with cards in your system. Technically speaking, it is not mandatory to register card with Nautilus using AddCard, but if you don’t do that, Nautilus will not know of any special billing and settling rules your card uses and it will in turn blindly trust payment processor data (and, of course, it will not be able to pass you the card reference, so you will have to do manual lookup using payment processor’s token).
If you ever need some data field that Nautilus transaction feed does not include, but the raw payment processor data does, you can use GetRawTransaction to request the raw processor data for a given transaction. Also, in case your system ever fails to process a transaction, or for whatever reason you want to receive data about the same transaction again, you can force Nautilus to resend the data using PushTransaction.
API Security
In order to ensure security and to be certain that each API call indeed originated from you, even if 3rd party proxy services are used, ATS uses two parameters for authenticating each API request:
- ApiToken
- SecurityToken
ApiToken is generated by ATS on your behalf. To obtain the ApiToken, you need to authenticate yourself by providing the assigned username and password to GenerateApiToken method. Each time, a unique ApiToken is returned by ATS, and each ApiToken can be used only once – ie. for each API call you first need to generate an ApiToken.
SecurityToken is generated by you as SHA256 hash of a string which is the concatenation of the ApiToken and the secret key (which you should receive from AraxaTech). This way, the secret key is never transmitted in clear text from you to ATS, and one SecurityToken cannot be used twice, since the ApiToken is constantly changing. This way 3rd party proxy services (or somebody else spying on the traffic between ATS and you) cannot impersonate you.
Example
- let the Username be "user", Password "password" and the SecretKey "secret"
- Call GenerateApiToken with "user" and "password" as parameters; let's assume it returns string "638046298344343750@0344321b1d2a28b02e74fc3172e05ee4a781ac62049cc18e2017919b0c42816f" as ApiToken
- Calculate SHA256 of "638046298344343750@0344321b1d2a28b02e74fc3172e05ee4a781ac62049cc18e2017919b0c42816fsecret" (note "secret" appended to ApiToken returned), resulting SecurityToken should be "c74f01d8c0e927281e4122934c52f7aa1422bbb36b6f6c11dc56a485687b1fb8" (result is a string where each byte of the resulting hash value is represented by two hexadecimal digits)
- The pair of ApiToken = "638046298344343750@0344321b1d2a28b02e74fc3172e05ee4a781ac62049cc18e2017919b0c42816f", and SecurityToken = "c74f01d8c0e927281e4122934c52f7aa1422bbb36b6f6c11dc56a485687b1fb8" can be used for authenticating next API call
Card Products
Card products are convenient objects that are used to group together all cards of the same behavior. This means that all cards that bill and settle in the same way should be associated with the same card product. Creating card product also gives you the way to quickly and easily modify behavior of all cards associated with it.
About Billing and Settling Currencies
When it comes to cards (and card products) it is important to understand how all different currencies play together. In general, for each transaction there are 3 currencies at play: original (transaction) currency, (cardholder) billing currency, settling (or reconciliation) currency.
Original (or transaction) currency is the currency merchant wanted for the product or service delivered to cardholder, that currency data is transmitted to you from a merchant place.
Billing (or cardholder billing) currency is the currency the cardholder will pay in for an item purchased. This currency is configured during BIN setup with the card scheme that is supporting the card (for example VISA or MasterCard). Card scheme adds data about this currency to a transaction.
Settling currency is the currency that the issuer will use to pay to card scheme in order to clear a transaction that cardholder made. This currency is also configured during BIN setup. Often this currency is identical to billing currency, but in general case it does not have to be. The card scheme adds data about this currency to the transaction.
AddCard
Use this method to add a card to ATS, so ATS can properly associate it with correct billing and settling setup, and it can properly map it with payment processor’s token.
| Input Field | Type | Description |
|---|---|---|
| ApiToken | string | ApiToken as returned by GenerateApiToken |
| SecurityToken | string | SecurityToken generated by client as described in Security section |
| ProductId | integer | ID of card product as returned by AddCardProduct. NOTE: it is not mandatory to associate cards with card products. |
| Token | string | Card reference as used by payment processor. Note that you cannot associate more than one card with the same token. |
| Reference | string | Card reference as used by your system (it can be for example ID within your system). Note that you cannot use the same reference for multiple cards (but you can choose not to pass the reference at all). |
| Output Field | Type | Description |
| Status | integer | Status code, see table Status Codes for list of possible values. |
| Message | string | Programmer-friendly message. |
| CardId | long | ID of the newly created card if the call is successful, null otherwise. You should store this value somewhere to be able to modify the same card later. |
AddCardProduct
This API call is used to create a new card product. It is convenient to pass ID of card product on your side as Reference parameter (ATS will later return the same reference, so you don’t need to do mapping with ATS IDs). The important thing to note is that the card product name needs to be unique.
| Input Field | Type | Description |
|---|---|---|
| ApiToken | string | ApiToken as returned by GenerateApiToken |
| SecurityToken | string | SecurityToken generated by client as described in Security section |
| Name | string | Product name. Be careful that names of products need to be unique. |
| Reference | string | Card product reference as used in your system (for example product ID). |
| BillingCurrencies | string[] | List of 3-letter ISO currency codes that this product will use as its billing currencies. See discussion about billing currencies above. |
| DefaultBillingCurrency | string | The currency to use as default billing currency when transaction currency doesn’t match any other billing currency from the list. NOTE: default billing currency needs to be included within BillingCurrencies list as well. |
| SettlingCurrencies | string[] | List of 3-letter ISO currency codes that this product will use as its settling currencies. See discussion about settling currencies above. |
| DefaultSettlingCurrency | string | The currency to use as default settling currency when transaction currency doesn’t match any other settling currency from the list. NOTE: default settling currency needs to be included within SettlingCurrencies list as well. |
| Output Field | Type | Description |
| Status | integer | Status code, see table Status Codes for list of possible values. |
| Message | string | Programmer-friendly message. |
| ProductId | integer | ID of the newly created card product if the call is successful, null otherwise. You should store this value somewhere to be able to modify the same product later. |
AddTokenToCard
Use this API call to associate additional tokens with the existing card. Additional tokens can belong to a different payment processor from the one on which the card was initially created.
| Input Field | Type | Description |
|---|---|---|
| ApiToken | string | ApiToken as returned by GenerateApiToken |
| SecurityToken | string | SecurityToken generated by client as described in Security section |
| CardId | long | ID of card as returned by AddCard. |
| Token | string | Token associated with card on payment processor. |
| PaymentProcessorId | integer | ID of payment processor. Contact our support team for the list of values applicable to you. |
| Output Field | Type | Description |
| Status | integer | Status code, see table Status Codes for list of possible values. |
| Message | string | Programmer-friendly message. |
GenerateApiToken
This API call is used to generate an ApiToken. A unique value is returned after each call to GenerateApiToken. This value should be used only for one API call. You use ApiToken to generate SecurityToken as explained above.
| Input Field | Type | Description |
|---|---|---|
| Username | string | Username for accessing API |
| Password | string | Password for accessing API |
| Output Field | Type | Description |
| Status | integer | Status code, see table Status Codes for list of possible values. |
| Message | string | Programmer-friendly message. |
| ApiToken | string | Generated ApiToken if call was successful, null otherwise. |
GetCard
Use this method to get data about the specific card.
| Input Field | Type | Description |
|---|---|---|
| ApiToken | string | ApiToken as returned by GenerateApiToken |
| SecurityToken | string | SecurityToken generated by client as described in Security section |
| CardId | long | ID of card as returned by AddCard. |
| Output Field | Type | Description |
| Status | integer | Status code, see table Status Codes for list of possible values. |
| Message | string | Programmer-friendly message. |
| Reference | string | Card reference within your system as associated with card. |
GetCardProduct
Use this method to get data about the specific card product.
| Input Field | Type | Description |
|---|---|---|
| ApiToken | string | ApiToken as returned by GenerateApiToken |
| SecurityToken | string | SecurityToken generated by client as described in Security section |
| ProductId | integer | ID of card product as returned by AddCardProduct. |
| Output Field | Type | Description |
| Status | integer | Status code, see table Status Codes for list of possible values. |
| Message | string | Programmer-friendly message. |
| Name | string | Product name. |
| Reference | string | Card product reference as used in your system (for example product ID). |
| BillingCurrencies | string[] | List of 3-letter ISO currency codes that this product will use as its billing currencies. See discussion about billing currencies above. |
| DefaultBillingCurrency | string | The currency to use as default billing currency when transaction currency doesn’t match any other billing currency from the list. |
| SettlingCurrencies | string[] | List of 3-letter ISO currency codes that this product will use as its settling currencies. See discussion about settling currencies above. |
| DefaultSettlingCurrency | string | The currency to use as default settling currency when transaction currency doesn’t match any other settling currency from the list. |
GetRawTransaction
Use this method to pull raw transaction data, as it was passed to Nautilus by the payment processor.
| Input Field | Type | Description |
|---|---|---|
| ApiToken | string | ApiToken as returned by GenerateApiToken |
| SecurityToken | string | SecurityToken generated by client as described in Security section |
| TransactionId | long | ID of transaction you need raw data for. |
| Output Field | Type | Description |
| Status | integer | Status code, see table Status Codes for list of possible values. |
| Message | string | Programmer-friendly message. |
| TransactionData | string | Transaction data as received from payment processor. |
ModifyCard
This method is used to modify a card reference or association with a card product. Note that this method cannot disassociate a card from one payment processor token and associate it with the other.
| Input Field | Type | Description |
|---|---|---|
| ApiToken | string | ApiToken as returned by GenerateApiToken |
| SecurityToken | string | SecurityToken generated by client as described in Security section |
| CardId | long | ID of card as returned by AddCard. |
| ProductId | integer | ID of card product as returned by AddCardProduct. NOTE: it is not mandatory (but it is a good idea) to associate cards with card products. |
| Reference | string | Card reference as used by your system (it can be for example ID within your system). Note that you cannot use the same reference for multiple cards (but you can choose not to pass the reference at all). |
| Output Field | Type | Description |
| Status | integer | Status code, see table Status Codes for list of possible values. |
| Message | string | Programmer-friendly message. |
ModifyCardProduct
Use this API call to modify settings for an existing card product. Note that you need ProductId as returned by AddCardProduct.
You can pass nulls for values that you don’t want to change (but be careful that if you change BillingCurrencies settings then you also must specify new DefaultBillingCurrency, and analogous for Settling currencies and DefaultSettlingCurrency).
| Input Field | Type | Description |
|---|---|---|
| ApiToken | string | ApiToken as returned by GenerateApiToken |
| SecurityToken | string | SecurityToken generated by client as described in Security section |
| Id | integer | ID of card product as returned by AddCardProduct. |
| Name | string | Product name. Be careful that names of products need to be unique. |
| Reference | string | Card product reference as used in your system (for example product ID). |
| BillingCurrencies | string[] | List of 3-letter ISO currency codes that this product will use as its billing currencies. See discussion about billing currencies above. |
| DefaultBillingCurrency | string | The currency to use as default billing currency when transaction currency doesn’t match any other billing currency from the list. NOTE: default billing currency needs to be included within BillingCurrencies list as well. |
| SettlingCurrencies | string[] | List of 3-letter ISO currency codes that this product will use as its settling currencies. See discussion about settling currencies above. |
| DefaultSettlingCurrency | string | The currency to use as default settling currency when transaction currency doesn’t match any other settling currency from the list. NOTE: default settling currency needs to be included within SettlingCurrencies list as well. |
| Output Field | Type | Description |
| Status | integer | Status code, see table Status Codes for list of possible values. |
| Message | string | Programmer-friendly message. |
PushTransaction
Use this method to force ATS to push some transaction data to you again.
| Input Field | Type | Description |
|---|---|---|
| ApiToken | string | ApiToken as returned by GenerateApiToken |
| SecurityToken | string | SecurityToken generated by client as described in Security section |
| TransactionId | long | ID of transaction that should be sent to client again. |
| Output Field | Type | Description |
| Status | integer | Status code, see table Status Codes for list of possible values. |
| Message | string | Programmer-friendly message. |
Status Codes
These are possible values for Status as returned by various API calls.
| Value | Corresponding message | Description |
|---|---|---|
| -1 | Internal Error | Internal error occurred within the system. Contact technical support. |
| 0 | Success | |
| 1 | Invalid ProductId | |
| 2 | Invalid Token | Token passed is either completely invalid (for example all whitespace) or it is used for some other card. |
| 3 | Missing Token | Token is completely missing. |
| 4 | Invalid Reference | Reference passed is either completely invalid or it is used for some other object of the same kind. |
| 5 | Invalid TransactionId | |
| 6 | Invalid Name | Name passed for card product is either invalid or it is used for some other card product. |
| 7 | Missing Name | The name of the card product is completely missing. |
| 8 | Invalid Billing Currency | The currency must be 3 letter ISO-code (for example "EUR" or "USD"). |
| 9 | Invalid DefaultBillingCurrency | Default billing currency either has completely invalid value, or it is not present within BillingCurrencies array. |
| 10 | Invalid Settlement Currency | The currency must be 3 letter ISO-code (for example "EUR" or "USD"). |
| 11 | Invalid DefaultSettlementCurrency | Default settling currency either has completely invalid value, or it is not present within SettlingCurrencies array. |
| 12 | Invalid CardId | |
| 13 | Retry | Retry same call. |
| 100 | Invalid ApiToken | |
| 101 | Invalid SecurityToken | |
| 102 | Invalid Credentials | Invalid username and/or password, or access from non-whitelisted IP detected. |
| 103 | Access denied |