API Overview

API Reference

Forter's APIs can be leveraged for a variety of use cases throughout the user journey. The API reference documentation includes synchronous API endpoints for real-time decisions as well as supplementary APIs used to provide Forter with subsequent status updates after Forter has provided a binary decision and/or recommendation.

The Forter API differs for every merchant account as we release new versions and tailor functionality and each merchants available data. To view your specific API schema and data requirements, log into your Forter portal account.

Path

Please send all API requests to a dedicated path for your account, by appending your Site ID to the beginning of the URL.

https://{site-id}.api.forter-secure.com/{endpoint}

Authentication

All requests to Forter’s APIs must be made over HTTPS. In order to authenticate, include both the Site ID and API Key, which can be found in Credentials, in the request headers. Forter uses Basic Authentication credentials in the form of a username and password, where the API key is the username and the password is empty.

Note that your Site ID and API Key are different for your Forter test site and production site.

curl -X POST "https://{site-id}.api.forter-secure.com/{endpoint}"
      -u "{api-key}:"
      -H "api-version: 10.1"
      -H "content-type: application/json"
      -H "x-forter-siteid: {site-id}"

      -d @filepost.data

Headers

HTTP Codes

Forter uses conventional HTTP response codes to indicate the success or failure of an API request. In general, codes in the 2xx range indicate success, codes in the 4xx range indicate an error that resulted from the provided information, while codes in the 5xx range indicate an error with Forter's servers.

Timeouts

In order to prevent connection failovers due to internet network failures on the way, please limit the HTTP requests timeout to 2 seconds.

Retries

In the event of exceptions from our API we advise merchants to retry once and afterward to capture the money and resend the transaction to Forter at a later stage.

Load Testing

Your test site is limited to 10 RPS. Requests beyond this limit will result in a 429 error code. You can exceed this rate limit by including the header x-forter-disable-persistence = true in your load test requests. Requests made with this header will not be visible in Forter’s decision dashboard, so you should not include this header in real production requests.

TLS Session Reuse

For low-latency applications, every millisecond counts. One common source of unnecessary latency is the repeated TLS handshake process when making API requests. If your application does not reuse TLS sessions, it incurs extra latency and computational overhead for every new connection. To mitigate this, we strongly recommend implementing TLS session reuse and connection pooling.

Response Handling

API requests made with your test Site ID will return a randomized decision. In order to test your response handling, you can trigger a specific decision or recommendation by using a specific email address as the customer’s email, a specific credit card number as the payment method, and/or a specific IP address.

Fraud Management

3DS Recommendation

3DS Execution

No challenge required

Challenge executed

"forterDecision": "APPROVE",  
"verificationMethod": {  
  "status": "AUTHENTICATED"  
}

"forterDecision": "APPROVE",  
"verificationMethod": {  
  "status": "NOT_AUTHENTICATED"  
}

"forterDecision": "DECLINE",  
"verificationMethod": {  
  "status": "NOT_AUTHENTICATED"  
}

"forterDecision": "DECLINE",  
"verificationMethod": {  
  "status": "NOT_AUTHENTICATED_BANK_REJECT"  
}

"forterDecision": "DECLINE",  
"verificationMethod": {  
  "status": "NOT_AUTHENTICATED_TECHNICAL_ISSUE"  
}

Identities