Pre Auth Order API for 3DS

The /v3/orders API enables you to submit transaction for real-time fraud decision and payment optimization, before calling the payment gateway to authorize funds (Pre-Auth).

Order API Request

To call the Forter Order API in this endpoint, please provide all relevant data points that will aid Forter in determining whether the transaction or engagement is legitimate or fraudulent. This may include details such as account information, cart items, billing, delivery, and more. Additionally, some data points are necessary for 3DS execution, such as full card data, gateway, processor, acquirer, and so on.

Please note that some fields are only required for specific use cases. For instance, fields related to a specific payment method are only necessary if the customer has utilized that particular method, fields pertaining to hotel reservations are only mandatory for the hospitality vertical etc. Please reach out to your account manager for a list of applicable fields.

Order API Response

Optional Outcome #1: Continue the flow in the client side

The response will include managedOrderToken.

You should pass the managedOrderToken back to the client side. On the client side, follow the instructions here.

After the process is completed on the client side you should call the Results API from your server.

Optional Outcome #2: Process completed, results are available

The response will include a forterDecision. In case PSD2 solution is applicable, the response may include a recommendation to request an exemption from PSD2 SCA during the authorization call.

Note you got the final results from Forter, therefore there is no need to continue the process on the client side.

OutcomeCall to ActionOrder Response Fields
Forter Approved

Transaction APPROVED by Forter, 3DS was not executed
Standard Authorization"forterDecision": "APPROVE"
"verificationMethod": {}
In order to simulate such Order Response, use the email address [email protected] in the accountOwner object within the API request.
Forter Declined

Hard DECLINE by Forter, 3DS was not executed
Do not Authorize"forterDecision": "DECLINE" "verificationMethod": {}

In order to simulate such Order Response, use the email address [email protected] in the accountOwner object within the API request.
Forter didn't Review

Transaction wasn't reviewed for providing fraud decision. Usually in Listening Mode during onboarding.
Act according to the policies in place prior to the integration with Forter"forterDecision": "NOT REVIEWED"
"recommendation": ""
"verificationMethod": {}
In order to simulate such Order Response, use the email address [email protected] in the accountOwner object when calling the Order API
Additional Outcomes Applicable Only to PSD2 Solution
OutcomeCall to ActionOrder Response Fields
Forter Approved & Recommended to ask PSD2 Exemption

PSD2 transaction which was APPROVED by Forter, 3DS was not executed, and Forter recommended to ask an exemption from 3DS (TRA or Low Value) in the Authorization request
Authorize with Exemption Request

Please note that not all processors support all types of exemptions. Check with your PSP to determine which exemptions are supported. Forter will recommend specific exemptions only if they are supported by the processor specified in the Order Request.
"forterDecision": "APPROVE"
"recommendation": "REQUEST_SCA_EXEMPTION_TRA"

In order to simulate such Order Response, use the card number 5222220000000006 and email [email protected] when calling the Order API

OR

"forterDecision": "APPROVE"
"recommendation": "REQUEST_SCA_EXEMPTION_LOW_VALUE"

In order to simulate such Order Response, use the card number 5222220000000006 the email [email protected] when calling the Order API

"forterDecision": "APPROVE"
"recommendation": "REQUEST_SCA_EXEMPTION_CORP"

In order to simulate such Order Response, use the card number 5222220000000006 and the email [email protected] when calling the Order API
Forter Approved, transaction is excluded from PSD2

Exclusions do not require any call to action like exemptions, and the merchant is not required to include any specific value in the authorization request. They serve as informative indicators explaining the reason why the transaction is not considered for PSD2 solution, even if it involves an EU merchant and an EU consumer.
Standard Authorization

The exclusion messages are informative only, no need to adjust your integration with the PSP
"forterDecision": "APPROVE"
"recommendation": "REQUEST_SCA_EXCLUSION_ANONYMOUS"

To simulate an Order Response with the "recommendation": "REQUEST_SCA_EXCLUSION_ANONYMOUS", use the card number 5222220000000006 and the email [email protected] when calling the Order API

"forterDecision": "APPROVE"
"recommendation": "REQUEST_SCA_EXCLUSION_MOTO"

To simulate an Order Response with the "recommendation": "REQUEST_SCA_EXCLUSION_MOTO", use the card number 5222220000000006 and the email [email protected] when calling the Order API

"forterDecision": "APPROVE"
"recommendation": "REQUEST_SCA_EXCLUSION_ONE_LEG_OUT"

To simulate an Order Response with the "recommendation": "REQUEST_SCA_EXCLUSION_ONE_LEG_OUT", use the card number 5222220000000006 and the email [email protected] when calling the Order API

Client Side Handling of managedOrderToken

Incorporate Forter's client components into your website and application as explained here.

The managedOrderToken from the Order API response should be passed back to the client side for additional processing. The merchant client-side response handler should trigger Forter's checkoutTools.managedOrders.manageOrder(managedOrderToken, {challengeContainer: optionalChallengeContainer }, callback) JS function with the following inputs:

  • managedOrderToken which was received from the server response
  • callback merchant's JS function which will be called upon completion, and should be used to trigger Forter Results API for getting the final fraud decision and 3ds results.
  • {challengeContainer: optionalChallengeContainer }, where 3DS challenge will be rendered in case required.

IMPORTANT NOTE: In case 3DS execution is not possible, you will not receive managedOrderToken in the Order API response. In that case, you can skip this step.

Examples

Callback Style

window.checkoutTools.managedOrders.manageOrder(  
  managedOrderToken,  
  {  
    challengeContainer: () => {  
      // render custom container for challenge modal if needed  
      return htmlElement; // can be null to render Forter's default modal  
    }  
  },  
  (error) => {  
    if (!error) {  
      // process is complete, call server to get results  
    }  
  },  
);

A promise based interface is also available:

await window.checkoutTools.managedOrders.manageOrder(  
  managedOrderToken,  
  {  
    challengeContainer: () => {  
      // render custom container for challenge modal if needed  
      return htmlElement; // can be null to render Forter's default modal  
    }  
  },  
);  
// process is complete, call server to get results