Prior to commencing development, verify that the integration prerequisites are met between the merchant and both Forter and the merchant's PSP.

Full PAN

Verify that you can pass the full card number in the 3DS Initialization API. This information is required in order to successfully execute 3DS authentication process.

If you have vaulted cards and the full card number is not exposed on the checkout page, please check with your Tokenization vendor regarding the availability of a Detokenization Proxy service. This service enables you to make a request to a 3rd party (such as Forter Order API) with a Token included in the request. The request is then routed through the proxy, where the token is replaced with the corresponding card data.

Gateway , Processor and Acquirer Data

Verify that you can pass in the Order API all the details about the expected Authorization process:

Gateway Data
Name (e.g Braintree)

Processor Data
Name (e.g Chase Paymentech)

Acquirer Data
Acquirer Name (e.g Barclays)
Acquirer BIN
Acquirer Merchant Id
Acquirer Merchant Name
Merchant Category Code
Merchant Country Code

Note that it in some cases the GW, Acquirer and Processor services are provided by the same company.

PSP supports external 3DS MPI

  • Ensure that your PSP is configured to receive and process the results of the 3DS authentication when using an external MPI like Forter.
  • Get the relevant API reference from your PSP, for calling Authorization with 3DS results, and clarify which additional fields about 3DS results should be populated (e.g CAVV, ECI, 3DS version, XID, TransID).

PSP supports PSD2 exemption requests

Relevant only for PSD2 solution

  • Verify with your PSP that you can request in the Authorization call an exemption from executing 3DS for Low Value and Low Risk transactions.
  • Get the relevant reference from your PSP, for calling the Authorization API with the Exemption request.

Enroll to 3DS on Mastercard

Request from your acquirer to enroll to 3DS2 on Mastercard, as it is not done automatically like with Visa.

Get your API Keys

Forter uses Basic authentication. Provide your API key as the basic auth username value

All Forter APIs require a unique site-id in the https request header in order to validate the request source. This mechanism must be used in all backend API requests that are sent from the merchant's server to Forter.

In Forter Portal, toggle between Live and Sandbox (TEST) environments to find your secret key on the Settings page.

curl -X POST "{service}"
      -u "${secretKey}:"
      -H "api-version: 2.0"
      -H "x-forter-siteid:${siteId}"
      -H "Content-Type: application/json"