Overview

api reference forter's apis can be leveraged for a variety of use cases throughout the user journey the api reference documentation includes synchronous api endpoints for real time decisions as well as supplementary apis used to provide forter with subsequent status updates after forter has provided a binary decision and/or recommendation if you have worked with your forter implementation engineer to create a custom api schema, log into your forter portal account to view that customized documentation core api path please send all api requests to a dedicated path for your account, by appending your site id to the beginning of the url https //{site id} api forter secure com/{endpoint} note that there is a different path for forter's tokenization api authentication all requests to forter’s apis must be made over https in order to authenticate, include both the site id and api key, which can be found in credentials, in the request headers forter uses basic authentication credentials in the form of a username and password, where the api key is the username and the password is empty note that your site id and api key are different for your forter test site and production site curl x post "https //{site id} api forter secure com/{endpoint}" u "{api key} " h "api version 10 1" h "content type application/json" h "x forter siteid {site id}" d @filepost data headers code status authorization string required basic authentication in the form of a username and password use the api key as the username and leave the password empty for example basic \<base64 encoded api key > api version string required specify the version of the api to target for example 10 1 content type string required value should be application/json x forter siteid string required forter assigned id for your account note that your site id for your test site is different from your production site x forter sub merchant siteid string for element customers, include the forter assigned id for your sub merchants when sending an api request on their behalf when you register a http codes forter uses conventional http response codes to indicate the success or failure of an api request in general, codes in the 2xx range indicate success, codes in the 4xx range indicate an error that resulted from the provided information, while codes in the 5xx range indicate an error with forter's servers code status 200 , 201 , 204 ok everything worked as expected 400 bad request not accepted, usually due to missing a required parameter 401 , 403 unauthorized the api key does not have permissions for this request 404 not found the requested item doesn't exist 429 too many requests recent requests have exceeded rate limits 500 , 503 internal server error something went wrong on forter's side timeouts in order to prevent connection failovers due to internet network failures on the way, please limit the http requests timeout to 2 seconds retries in the event of exceptions from our api we advise merchants to retry once and afterward to capture the money and resend the transaction to forter at a later stage load testing your test site is limited to 10 rps requests beyond this limit will result in a 429 error code you can exceed this rate limit by including the header x forter disable persistence = true in your load test requests requests made with this header will not be visible in forter’s decision dashboard, so you should not include this header in real production requests tls session reuse for low latency applications, every millisecond counts one common source of unnecessary latency is the repeated tls handshake process when making api requests if your application does not reuse tls sessions, it incurs extra latency and computational overhead for every new connection to mitigate this, we strongly recommend implementing tls session reuse and connection pooling https //docs forter com/reference/tls session reuse conditional fields note that some fields in the api reference will be marked as conditional instead of required this is intended to denote that the field is dependentrequired or oneof excluding conditional fields will not result in an error response, but may be checked during by forter during the testing phase test response handling api requests made with your test site id will return a randomized decision in order to test your response handling, you can trigger a specific decision or recommendation by using a specific email address as the customer’s email, a specific credit card number as the payment method, and/or a specific ip address fraud management customer email order v3 response approve\@forter com "forterdecision" "approve" decline\@forter com "forterdecision" "decline" notreviewed\@forter com "forterdecision" "not reviewed" abuse prevention customer email order v3 response test limited item solution\@forter com "recommendation" "monitor potential limited item abuse" test coupon solution\@forter com "recommendation" "monitor potential coupon abuse" test item not received solution\@forter com "recommendation" "monitor potential inr abuse" test return solution\@forter com "recommendation" "monitor potential return abuse" 3ds recommendation customer email order v3 response force 3ds risk recommendation\@forter com "forterdecision" "decline", "recommendation" "verification required 3ds challenge" force 3ds psd2 recommendation\@forter com "forterdecision" "decline", "recommendation" "verification required 3ds challenge" force exemption tra\@forter com "forterdecision" "approve", "recommendation" "request sca exemption tra" force exemption low value\@forter com "forterdecision" "approve", "recommendation" "request sca exemption low value" force exemption corp\@forter com "forterdecision" "approve", "recommendation" "request sca exemption corp" force exemption trusted beneficiary\@forter com "forterdecision" "approve", "recommendation" "request sca exemption trusted beneficiary" force exclusion one leg out\@forter com "forterdecision" "approve", "recommendation" "request sca exclusion one leg out" forter exclusion moto\@forter com "forterdecision" "approve", "recommendation" "request sca exclusion moto" force exclusion anonymous\@forter com "forterdecision" "approve", "recommendation" "request sca exclusion anonymous" 3ds execution no challenge required credit card 3ds result response 5222220000000005 "forterdecision" "approve", "verificationmethod" { "status" "frictionless" } 4111110000001142 "forterdecision" "approve", "verificationmethod" { "status" "attempted" } 4000000000001992 "forterdecision" "decline", "verificationmethod" { "status" "frictionless not authenticated" } 5200000000000031 "forterdecision" "decline", "verificationmethod" { "status" "frictionless bank reject" } 5200000000001336 "forterdecision" "decline", "verificationmethod" { "status" "frictionless technical issue" } challenge executed credit card 3ds result response 5111220000000009 use code 1234 in the challenge window "forterdecision" "approve", "verificationmethod" { "status" "authenticated" } 5200000000004447 use code 1234 in the challenge window "forterdecision" "approve", "verificationmethod" { "status" "not authenticated" } 5111220000000009 use code 4567 in the challenge window "forterdecision" "decline", "verificationmethod" { "status" "not authenticated" } 5200000000002227 use code 1234 in the challenge window "forterdecision" "decline", "verificationmethod" { "status" "not authenticated bank reject" } 5200000000003332 use code 1234 in the challenge window "forterdecision" "decline", "verificationmethod" { "status" "not authenticated technical issue" } account protection customer email signup, login, profile access response approve\@forter com "forterdecision" "approve" decline\@forter com "forterdecision" "decline" notreviewed\@forter com "forterdecision" "not reviewed" email verification\@forter com "forterdecision" "verification required", "recommendation" "email verification" sms verification\@forter com "forterdecision" "verification required", "recommendation" "sms verification" ip address signup, login, profile access response 0 0 0 1 "forterdecision" "approve" 0 0 0 2 "forterdecision" "decline" 0 0 0 3 "forterdecision" "not reviewed" 0 0 0 4 "forterdecision" "verification required", "recommendation" "email verification" 0 0 0 5 "forterdecision" "verification required", "recommendation" "sms verification"