# Payment

This endpoint is used to process a payment transaction. It requires a JSON payload containing transaction details, order information, and point-of-sale (POS) data.

The URL for this endpoint is <https://api.firstoken.co/v1/payments>

{% hint style="warning" %}
In case of sandbox environment you should use this URL: <https://api.firstoken-staging.co/v1/payments>
{% endhint %}

### Request Headers

* **Content-Type**: `application/json`
* **x-api-key**: `<Your API Key>`

{% tabs %}
{% tab title="Attributes of the request" %}

* **transaction\_info** *{object}*
  * **type**\
    Type of transaction. Possible values: `payment`.
  * **reference\_code**\
    Unique reference code for the transaction.
* **order\_info** *{object}*
  * **amount\_details**
    * **total\_amount**\
      Total amount to be processed.
    * **currency**\
      Currency code (e.g., `MXN` for Mexican Peso).
* **pos** *{object}*
  * **entry\_mode**\
    Method of entering payment card information into the POS terminal. Possible values:

    * `contact`: Read directly from the chip card via contact.
    * `contactless`: Read from a contactless interface using chip data.
    * `keyed`: Manually entered into the POS terminal.
    * `msd`: Read from a contactless interface using magnetic stripe data (MSD).
    * `swiped`: Read from the magnetic stripe of the credit card.

    **Note:** The values `contact`, `contactless`, and `msd` are compatible only for EMV transactions.
  * **term\_capability**\
    POS terminal capability. Possible values:

    * `1`: The terminal has only a magnetic stripe reader.
    * `2`: The terminal has a magnetic stripe reader and manual input capability.
    * `3`: The terminal has only manual input capability.
    * `4`: The terminal can read chip cards.
    * `5`: The terminal can read chip cards contactlessly; cannot use contact to read chip cards.

    **Note:** For an EMV transaction, the value of this field must be `4` or `5`.
  * **cat\_level**\
    Card acceptance terminal (CAT) level.

    Possible values:

    * `1`: Automated dispensing machine
    * `2`: Self-service terminal
    * `3`: Limited amount terminal
    * `4`: In-flight commerce (IFC) terminal
    * `5`: Radio frequency device
    * `6`: Mobile acceptance terminal
    * `7`: Electronic cash register
    * `8`: E-commerce device at your location
    * `9`: Terminal or cash register that uses a dialup connection to connect to the transaction processing network
  * **emv** *{object}*
    * **tags**\
      EMV tags.
    * **verification\_method**\
      EMV verification method.
    * **sequence\_number**\
      Sequence number for the transaction.
  * **track\_data**\
    Track data from the card.
  * **verification\_method**\
    Complete list of cardholder verification methods (CVM) supported by the terminal.

    **Possible Values:**

    * `PIN`: For terminals with a PIN keypad.
    * `Signature`: For terminals capable of receiving a signature.
    * `pinOnGlass`: For terminals where the PIN is entered on a glass-based capture mechanism.

    **Example:**

    * `["PIN", "Signature"]`
  * **term\_input\_capability**\
    List of terminal input capabilities supported by the terminal.

    * **Possible Values:**
      * `Keyed`: The terminal can accept card data entered manually.
      * `Swiped`: The terminal can accept card data from a magnetic stripe reader.
      * `Contact`: The terminal can accept card data in contact mode EMV (card insertion).
      * `Contactless`: The terminal can accept card data in contactless mode EMV (card tap).
      * `BarCode`: The terminal can read barcodes.
      * `QRcode`: The terminal can read or scan QR codes.
      * `OCR`: The terminal can perform optical character recognition (OCR) on the card.

    **Example:**

    * `["Keyed", "Swiped", "Contact", "Contactless"]`
  * **term\_card\_capture\_capability**\
    Indicates whether the terminal can capture the card.
    * **Possible Values:**
      * `1`: The terminal can capture the card.
      * `0`: The terminal cannot capture the card.
  * **device\_id**\
    Unique value created by the client software to identify the POS device.
  * **encrypted\_key\_serial\_number**\
    Combination of the unique device identifier and a transaction counter used in the process of decrypting the encrypted PIN. The entity that injected the PIN encryption keys into the terminal decrypts the encrypted PIN and creates this value
    {% endtab %}

{% tab title="Attributes of the response" %}

* **status**\
  Status of the response. Possible values: `success`, `error` or  `fail`.
* **message**\
  Message describing the result of the payment.
* **data** *{object}*
  * **transaction\_info**  *{object}*
    * **type**\
      Type of transaction response. Possible values: `payment_response`.
    * **reference\_code**\
      Unique reference code for the transaction.
    * **transaction\_id**\
      Unique transaction ID.
    * **request\_id**\
      Unique request ID.
    * **status**\
      Status of the transaction. Possible values: `Authorized`, `Declined`, `Pending`.
    * **response\_code**\
      Response code from the processor.
    * **reconciliation\_id**\
      Reconciliation ID for the transaction.
    * **created\_at**\
      Timestamp of when the transaction was created.
  * **order\_info** *{object}*
    * **amount\_details** *{object}*
      * **authorized\_amount**\
        Authorized amount.
      * **currency**\
        Currency code.
  * **processor\_info** *{object}*
    * **approval\_code**\
      Approval code from the processor.
    * **avs**  *{object}*
      * **code**\
        Address verification system code.
        {% endtab %}
        {% endtabs %}

### Request Body

The request body should be a JSON object with the following structure:

<details>

<summary>Example of the request</summary>

```json
{
  "transaction_info": {
    "type": "payment",
    "reference_code": "123456789"
  },
  "order_info": {
    "amount_details": {
      "total_amount": 1000,
      "currency": "MXN"
    }
  },
  "pos": {
    "entry_mode": "contactless",
    "term_capability": "2",
    "cat_level": "1",
    "emv": {
      "tags": "9F3303204000950500000000009F3704518823719F10070601",
      "verification_method": 0,
      "sequence_number": "999"
    },
    "track_data": "%B38000000000006^TEST/CYBS         ^2512121019761100      00868000000?;3800000000006=25121210197611868000?",
    "verification_method": ["PIN", "Signature"],
    "term_input_capability": ["Contact", "Contactless", "Keyed", "Swiped"],
    "term_card_capture_capability": 1,
    "device_id": "123lkjdIOBK34981slviLI39bj",
    "encrypted_key_serial_number": "1043191"
  }
}
```

</details>

### Response

The response will be a JSON object with the following structure:

<details>

<summary>Example of the response</summary>

```json
{
  "status": "success",
  "message": "Payment successful",
  "data": {
    "transaction_info": {
      "type": "payment_response",
      "reference_code": "123456789",
      "transaction_id": "0001733750160520541642",
      "request_id": "7337501624936410504953",
      "status": "Authorized",
      "response_code": "00",
      "reconciliation_id": "1uYiSsyaPwTd",
      "created_at": "2024-12-09T13:16:02Z"
    },
    "order_info": {
      "amount_details": {
        "authorized_amount": 1000,
        "currency": "MXN"
      }
    },
    "processor_info": {
      "approval_code": "123456",
      "avs": {
        "code": "G"
      }
    }
  }
}
```

</details>

### Error Handling

In case of an error, the response will have a `status` of `fail` and a descriptive `message`. The `data` object provides more details about the specific issues encountered.