API Overview

Core API

Forter's Core API includes all of the endpoints to utilize Forter's solutions for Fraud Management, Chargeback Recovery, Abuse Prevention, Payment Optimization, Identity Protection, and PSPs.

The endpoints are grouped by related objects/flows: orders, 3D secure protocol (3DS), disputes, accounts, merchants, compensation, and data privacy.


Orders


Order (Validation) /v2/orders/:id

May also be referred to as Validation API or Decision API. Used for Fraud Management, Chargeback Recovery, Abuse Prevention, and 3DS recommendations.

Order (Adaptive Auth) /v3/adaptive-auth/orders/:id

May also be referred to as Adaptive Auth Transaction API or Adaptive Authentication API. Used for Fraud Management, Chargeback Recovery, Abuse Prevention, and advanced 3DS execution.

Order (Managed) /v3/managed/orders/:id

May also be referred to as Managed Orders API. Used for Fraud Management, Chargeback Recovery, Abuse Prevention, and standard 3DS execution.

There are three options for the Order endpoint, which may also be referred to as the Orders API.

Send order information at checkout to receive a fraud or abuse decision. The response may also include recommendations based on your payment optimization features or abuse prevention policies.


Order status /v2/status/:id

May also be referred to as Status API or Order Status API. Used for Fraud Management, Chargeback Recovery, Abuse Prevention, and Payment Optimization.

Inform of updates to the status of an order, including payment authorization, fulfillment, shipping details, and compensation granted. For pre-authorization flows, use this endpoint to supply Forter with authorization results from your payment processor. While no decision is provided on this request, it is a required input that improves the decision model.

Order update /v2/order-update/:id

May also be referred to as Order Update API. Used for Fraud Management and Abuse Prevention.

For orders placed over the phone, add the customer's connection information to receive a fraud or abuse decision.


3DS


3DS initialization /v3/adaptive-auth/3ds/init

May also be referred to as 3DS Init API. Used for advanced 3DS execution.

Initiate 3DS protocol once credit card details are available. For security reasons, calls to this endpoint should only be sent from the merchant's server and not from the client-side browser.

3DS verification /v3/adaptive-auth/3ds/verify/:id

May also be referred to as 3DS Challenge Verify API. Used for advanced 3DS execution.

Send the challenge result token returned by Forter's Javascript after a customer completes a 3DS step up authentication challenge.

3DS result /v3/managed/orders/:id/results

May also be referred to as Managed Orders Results API. Used for standard 3DS execution.

Check the 3DS results using the managed order token returned in Forter's response to the order request.


Disputes


Dispute /v2/claims

May also be referred to as Claims API. Used for Fraud Management, Chargeback Recovery, Abuse Prevention, and Payment Optimization.

Inform of a dispute initiated by a customer. This endpoint should be used to report any disputes not already reported via webhook from the payment processor. While no decision is provided on this request, it is a required input that both improves the decision model and enables chargeback recovery.

Evidence /v2/dispute-evidence

May also be referred to as Evidence API. Used for Chargeback Recovery.

Send post-order evidence for chargeback representments.


Accounts


Signup /v2/accounts/signup/:id

May also be referred to as Account Signup API. Used for Identity Protection and Abuse Prevention.

Send account registration information at signup to receive a fraud or abuse decision.

Login /v2/accounts/login/:id

May also be referred to as Account Login API. Used for Identity Protection.

Send login attempt information to receive an account takeover decision. May also be used to determine whether to extend a user's idle session without prompting user for credentials. The response may also include recommendations for additional authentication (MFA) and a correlation ID to include with the authentication result.

Profile access /v2/accounts/profile-access/:id

May also be referred to as Account Profile Access API. Used for Identity Protection.

Send information on an attempt to access or edit a customer profile to receive a fraud decision. Used for account takeover at profile touchpoint, card testing, and digital key use cases. The response may also include recommendations for additional authentication (MFA) and a correlation ID to include with the authentication result.

Authentication result /v2/accounts/authentication-result/:id

May also be referred to as Account Authentication Attempt API. Used for Identity Protection.

Inform of authentication results after an attempted login or profile access request, using the provided correlation ID. While no decision is provided on this request, it improves the decision model for login and access.

Seller item listing /v2/accounts/item-listing/:id

May also be referred to as Seller Item Listing API. Used for Identity Protection.

Send information about a seller's new inventory in order to receive a fraud or abuse decision.

Account status /v2/accounts/status/:id

May also be referred to as Account Status Update API. Used for Identity Protection.

Inform of updates to the status of an account. While no decision is provided on this request, it improves the decision model.


Merchants


Merchant /merchants

May also be referred to as Merchant Creation API. Used for PSPs.

Create a new merchant within your Forter account. The response will include a Forter-assigned merchant subsite ID to be included in the API header on future requests.

3DS recommendation enrollment /merchants/:id/3ds-recommendation

May also be referred to as Smart Payments Onboarding or 3DS Recommendation Onboarding API. Used for PSPs.

Enroll a merchant in Forter's 3DS recommendation services on their future orders. The response will include a request ID that can be used to check on the status.

3DS execution enrollment /merchants/:id/3ds-execution

May also be referred to as Smart Payments Onboarding or 3DS Execution Onboarding API. Used for PSPs.

Enroll a merchant in Forter's 3DS execution services on their future orders. The response will include a request ID that can be used to check on the status.


Compensation


Compensation request /v2/unified-compensation-request/:id

May also be referred to as Unified Compensation Request API. Used for post-purchase Abuse Prevention.

Send information about a customer-initiated request for compensation, such as a refund or a reship, in order to receive a fraud or abuse decision. The request can be made on an order level or at the item level. The response may also include recommendations based on your abuse prevention policies.


Data Privacy


Privacy request /privacy/requests

May also be referred to as Privacy Submit API.

In compliance with privacy laws, request access or deletion of customer data on behalf of the customer. This endpoint should only be used if a data subject has specifically asked that their personal data be accessed or deleted, and their identity has been verified. The response will include a unique ID assigned to this request.

Privacy request status /privacy/requests/:id/status

May also be referred to as Privacy Status API.

Check the status of a previously submitted privacy request.

Download requested data /privacy/requests/:id/data

May also be referred to as Privacy Download API.

Retrieve the customer data from a previously submitted privacy request for data access.


Forter is committed to protecting the privacy of individuals who visit our customers' websites and whose personal information we receive through the use of the Forter Enterprise platform, and to processing data in compliance with GDPR/CCPA and other applicable privacy laws. The objective of Forter's security and privacy policies is to ensure the highest level of protection to support this commitment.

The Data Privacy endpoints support two request types: DELETE and ACCESS.

The ACCESS request type enables merchants to make data subject access requests on behalf of their end customers. Prior to submitting a data access request, merchants must validate the identity of the requesting party to guarantee private data is exposed only to matching verified data subjects. Data access requests should only be made if a data subject has specifically asked that their personal data be accessed, and for no other purpose, and only the data of the requesting individual should be provided.

Please note that certain information may have been withheld because it falls under one or more exceptions to the right of access under the GDPR or other applicable privacy laws (for example, to protect the rights of third parties).

The DELETE request type enables merchants to make data subject deletion requests on behalf of their end customers. Prior to submitting a data deletion request, merchants must validate the identity of the requesting party to guarantee subject data is deleted only for matching data subjects. Data deletion requests should only be made if a data subject has specifically asked that their personal data be deleted, and for no other purpose, and only the data of the requesting individual should be deleted.

Please note that certain data we hold about an individual may not have been deleted, as applicable privacy laws may, in certain circumstances, allow us to retain data, for example, where we need to retain such data for fraud prevention purposes.

If you have any questions, please contact [email protected].