Shift4 Payments Integration: Reference Guide Publication Date: June 15, 2018

Shift4® Payments Integration

Reference Guide

Shift4 Payments 1491 Center Crossing Road Las Vegas, NV 89144 702.597.2480 www.shift4.com  [email protected] Document Title: Shift4 Payments Integration: Reference Guide Publication Date: June 15, 2018

*Universal Transaction Gateway® (UTG®), DOLLARS ON THE NET®, 4Go®, i4Go®, and 4Word® are covered by one or more of the following U.S. Pat. Nos.: 7770789; 7841523; 7891563; 8328095; 8688589; 8690056; 9082120; 9256874; 9495680.

All trademarks, service marks, product names, and logos are the property of their respective owners. Shift4 Payments may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. The furnishing of this document does not give any license to these patents, trademarks, copyrights, or other intellectual property except as expressly provided in any written license agreement from Shift4 Payments. All graphics are property of Shift4 Payments.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means without prior written permission of Shift4 Payments. The contents of this publication are the property of Shift4 Payments. Shift4 Payments reserves the right to revise this document and to periodically make changes to the content thereof without any obligation or notification to any organization of such revisions or changes unless required to do so by prior written agreement.

Notice of Confidentiality

By using this document, the recipient is hereby informed that this document may contain information that is proprietary to and/or a trade secret of Shift4 Payments. It carries the Shift4 Payments classification “External Use NDA.” As such it may be used by anyone with the stipulation that it is provided for the sole purpose of specifying instructions for the Shift4 Payments products contemplated herein. The recipient agrees to maintain this information in confidence, not reproduce or otherwise disclose this information, and only use this document for none other than its intended purpose.

Notice to Governmental End Users

If any Shift4 Payments product is acquired under the terms of a Department of Defense contract: use, duplication, or disclosure by the US Government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of 252.227.7013. Civilian agency contract: use, reproduction, or disclosure is subject to 52.227-19 (a) through (d) and restrictions set forth in the accompanying end user agreement. Unpublished rights reserved under the copyright laws of the United States.

Shift4 Payments Integration: Reference Guide The Shift4 Payments Integration: Reference Guide is a resource to support your integration with Shift4 Payments. This document provides detailed information about the following subjects: • Shift4 Payments’ field descriptions • Shift4 Payments’ function request codes (FRCs) • API Options • Test card numbers and test server logic • Tables for your reference, including common error codes, approval identifiers, and more For a step-by-step walkthrough of writing a integration to Shift4 Payments’ DOLLARS ON THE NET®, please refer to the Shift4 Payments Integration: API Integration Guide available in MyPortal API Corner. You should also refer to the complete functions guides in MyPortal API Corner to ensure that you apply the correct format to all Shift4 Payments API messages. As always, if you have any questions or need assistance, you can email your assigned Shift4 Payments API Analyst at [email protected].

Tip: A list of initializations and acronyms that are commonly used within this document and throughout the payments industry can be found in Appendix A – Initializations and Acronyms.

Field Descriptions For your reference, this section provides informative descriptions about every field in Shift4 Payments’ DOLLARS ON THE NET API.

AccessToken A security credential used to authenticate API requests and all i4Go® authorizeClient/preauthorizeClient requests. An Access Token is the alias for the merchant account and interface version being used. The Access Token is required in all requests except a Token Exchange request (FRC CE), which generates an Access Token using an AuthToken and ClientGUID. (Max 51 bytes; data block 094.)

APIFormat Identifies which API format will be used. Always ‘0’ unless another value is specified by Shift4 Payments. This field is included in every request. (1 byte; Transaction Header data block.)

APIOptions Specifies the API Option(s) used to modify a request being made. Refer to the API Options section of this document for more information. (Max 255 bytes; data block 023.)

APISignature Always set to ‘$’ unless another value is specified by Shift4 Payments. This field is included in every request. (1 byte; Transaction Header data block.)

ArrivalDate Arrival date of a guest’s hotel stay in MMDDYY format. For hotel transactions that are a straight sale (such as advanced deposit, no-show charge, and late charges), the arrival date needs to be one day before the sale date. (6 bytes; data block 003.)

Authorization The authorization code provided by the consumer’s issuing bank. It is provided in a response if an online authorization or sale request is approved. Following a referral response, it is also specified in Offline Auth (FRC 05) and Sale with Offline Sale (FRC 06) requests. (6 bytes; data block 001.)

AuthSource In a response, a code returned by the processor to indicate which host issued the response. (1 byte; data block 016.)

AuthToken A unique encrypted identifier that refers to a specific merchant account. It is required when making a Token Exchange request (FRC CE). For detailed information about the AuthToken, please see the Understanding the Access Token Process section of the Shift4 Payments Integration: API Integration Guide available in MyPortal API Corner. (51 bytes; data block 095.)

AutoAdditionalCharges The codes used to provide a reason for additional charges in an auto rental sale. Up to six codes can be specified to indicate different types of charges. (6 bytes; data block 004.)

Code Description 0 N/A 1 Fuel 2 Mileage 3 Late Return 4 One-Way Fee 5 Parking or Moving Violation

AutoEstimatedDays Estimated contract length of car rental. (2 bytes; data block 014.)

AVSResult Identifies the response code returned from an Address Verification System (AVS) check with a processor. (1 byte; data block 001.)

Primary AVS Responses The table below contains the most common AVS response codes:

Street ZIP/Postal Code Address Code Description Match Match A Yes No Street address matched, but ZIP/postal code did not match. E Error (AVS data is invalid or not allowed). G Card issuer does not participate in AVS. N No No No street address and no ZIP/postal code match. R Card issuer system is unavailable. S AVS service not supported. U Street address information unavailable. W No Yes Street address did not match, but ZIP/postal code matched. X Yes Yes Street address and 9-digit ZIP/postal code matched. Y Yes Yes Street address and 5-digit ZIP code matched. Z Yes Only the ZIP/postal code matched.

Secondary AVS Responses The table below contains response codes that are only seen from specific card types and processors.

Street ZIP/Postal Code Name Code Address Description Match Match Match Returned only on Visa cards issued outside the United B Yes No States. Street address matched, but the ZIP/postal code did not match. Returned only on Visa cards issued outside the United C No No States. Street address and ZIP/postal code did not match. Returned only on Visa cards issued outside the United D Yes Yes States. Street address and ZIP/postal code matched. Returned only for American Express. Card member's name F Yes No did not match, but ZIP/postal code matched. Returned only for American Express. Card member's name H Yes Yes No did not match, but street address and ZIP/postal code matched. Returned only on Visa cards issued outside the United I No States. Street address did not match. Returned only for American Express. Card member's name, J Yes Yes Yes street address, and ZIP/postal code matched. Returned only for American Express. Card member's name K No No Yes matched, but street address and ZIP/postal code did not match. Returned only for American Express. Card member's name L No Yes Yes and ZIP/postal code matched, but street address did not match. Returned only on Visa cards issued outside the United M Yes Yes States. Street address and ZIP/postal code matched.

AVSStreetVerified Identifies whether the street number was verified (‘Y’) or not (‘N’) in an AVS check with a processor. (1 byte; data block 001.)

AVSZipVerified Identifies whether the ZIP/postal code was verified (‘Y’) or not (‘N’) in an AVS check with a processor. (1 byte; data block 001.)

Balance Returns the balance on a prepaid payment card (e.g., Visa Prepaid Debit Card, American Express Gift Card, or MasterCard Prepaid Credit Card). (14 bytes; data block 075.)

BalanceReturnIndicator Indicates if the balance for a prepaid payment card is being returned in the Balance field (‘Y’) or not (‘N’). (1 byte; data block 075.)

Birthdate In a Check Approval request (FRC 1F), specifies the customer’s date of birth in MMDDYY format. (6 bytes; data block 011.)

BusinessDayEndingTime The time the merchant’s business day ends as configured with Shift4 Payments. (6 bytes; data block 012.) C

CardAbbreviations A list of abbreviations for the card types that a merchant is configured to accept. The response is returned in alphabetical order. If more than 10 card types are accepted, additional values will be dropped in the response. (20 bytes; data block 012.)

Abbreviation Card Type AX American Express CK Check DB Debit DC Diners Club GC Gift Card JC Japan Credit Bureau (JCB) MC Mastercard NS Discover/JCB/Novus (previously Diners Club/Carte Blanche) PL Private Label SC Sears Canada VS Visa YC IT’S YOUR CARD®

CardEntryMode The method used to capture a payment card in an authorization/sale request. The CardEntryMode should be sent in an initial request and left blank in subsequent requests. When using a Universal Transaction Gateway® (UTG®)-controlled PIN pad, this field is left blank in a request; the UTG will capture the card entry mode and return it in the response. (1 byte; data block 001.)

CardEntryMode Requests The table below contains the values that can be submitted in requests:

Value Description M Manual Entry Track 1 Only or Dual Track 1 (Track 1 & 2) 2 Track 2 Only Blank Not Specified

CardEntryMode Responses The table below contains the values that may be returned in a response:

Value Description M Manual Entry Track 1 Only or Dual Track 1 (Track 1 & 2) 2 Track 2 Only EMV Chip Was Detected E and Successfully Captured RFID Transaction Was Sent R Using Tap-and-Pay Functionality

CardLevelResults Classifies the type of card used in an authorization/sale request. This field is returned in a response if the data is provided by the processor. See Appendix B – Detailed Card Types for a complete list of values. (2 bytes; data block 074.)

CardNumber The payment card number entered in an initial authorization/sale request. This field is not specified when using True P2PE® (point-to-point encryption) or a UTG-controlled PIN pad. This field will always be masked when returned in a response. (Max 32 bytes; Transaction Header data block.)

WARNING! Sending both the payment card number and a TrueToken® in a request will result in an error.

CardPresent Indicates whether a card was present (‘Y’) or not (‘N’) at the time a transaction took place. This should be set appropriately in the initial authorization/sale request and left blank in subsequent requests. (1 byte; data block 001.)

CardType An abbreviation used to specify the type of card used when processing a transaction. When using a UTG- controlled device, this field is left blank in a request and returned in the response. (2 bytes; data block 001.)

CardType Requests The table below contains the values that can be submitted in requests:

Value Card Type CC Credit Card DB Debit Card HF Flex/HSA/FSA Card GC Gift Card YC IT’S YOUR CARD

CardType Responses The table below contains the values that may be returned in a response:

Value Card Type AX American Express JC JCB MC Mastercard NS Discover/JCB/Novus PL Private Label VS Visa SC Sears Canada DB Debit GC Gift Card YC IT’S YOUR CARD

CashBack Specifies the cashback amount in a transaction. When using a UTG-controlled PIN pad with the ALLOWCASHBACK API Option, this field will return the cashback amount requested by the consumer. The interface can also send the desired cashback amount in a request by adding it to the PrimaryAmount and including it in the CashBack amount field. This will bypass prompting the consumer for a cashback amount. For example, a purchase of $100 with a $20 cashback would be “120.00” in the PrimaryAmount field and “20.00” in the Cashback field. (14 bytes; data block 056.)

CheckAmount Full dollar amount of a check. (14 bytes; data block 011.)

CheckingAccountNumber The appropriate account number for a check. (Max 24 bytes; data block 011.)

CheckType Identifies the type of check being processed. (1 byte; data block 011.)

Value Description 0 Personal 1 Company 2 Payroll

Clerk Number used to identify the point-of-sale (POS) or property management system (PMS) clerk or user. This field is required to be dynamic for all interfaces except e-commerce because the end user is not a clerk. (5 bytes; data block 001.)

ClientGUID The Client GUID is a unique identifier that is used to track the software version of an interface across all of the merchant accounts that use it. When a new interface version is certified or recertified, you will receive a new Client GUID, which must be hard coded into the application and must not be a configurable field. The Client GUID is required when making a Token Exchange request (FRC CE). For detailed information about the Client GUID, please see the Understanding the Access Token Process section of the Shift4 Payments Integration: API Integration Guide available in MyPortal API Corner. (Max 51 bytes; data block 095.)

Requirement: The Client GUID supplied by your API Analyst must be hard coded into your application because it will permanently identify that version of your interface across all merchant accounts.

ContentType Used by HTTP interfaces to specify the return message format. Send “XML” to receive XML data. Send “TEXT” to receive key-value pairs.

CustomerName Specifies a consumer’s name. When a transaction is manually entered, this field is sent in the initial sale/authorization request for AVS validation. If the interface sends a consumer’s name in the CustomerName field, the value specified by the interface will be returned in the response unless the API Option USECARDNAME is included in the request and a UTG-controlled PIN pad is in use. If left blank, the consumer’s name will be returned in the CustomerName field if it’s present in the card’s track data. (35 bytes; data block 002.)

CustomerReceiptText When the API Option ENHANCEDRECEIPTS is included in a transaction request that requires a receipt (e.g., sale, authorization, decline, referral, error, refund, or void), this field returns the text that is required to be printed on a consumer’s receipt. For detailed receipt printing guidelines, please see the Receipt Printing Requirements section of the Shift4 Payments Integration: API Integration Guide available in MyPortal API Corner. (Max 4,096 bytes; data block 091.)

CustomerReference A unique value used to identify the consumer or transaction. If a merchant has a significant amount of revenue from purchasing card customers, the interface would use this field to collect the consumer’s purchase order or employee identification number. (25 bytes; data block 008.)

CVV2Code The 3- or 4-digit Card Security Code (CSC) found on a payment card. This value should only be sent in an initial sale/authorization request. It should not be stored by the interface. When sending the CVV2Code, the CVV2Indicator must also be sent. (4 bytes; data block 022.)

CVV2Indicator In a manually entered transaction, indicates the presence of a CSC. (1 byte; data block 022.)

Value Description 0 CSC not provided by user. 1 CSC provided. 2 CSC illegible. 9 CSC not on card, or card did not have a CSC.

CVV2Prompt When using a UTG-controlled PIN pad, this field is specified as ‘Y’ or ‘N’. ‘Y’ will force the PIN pad to prompt the consumer for a CSC. This field is specified as ‘N’ when other AVS/CVV fields are being requested, but this field is not. (1 byte; data block 112.)

CVV2Result The result of a CSC check. This field will be used by Shift4 Payments to determine the value sent in the CVV2Valid field (based on the merchant’s list of accepted verification results as configured with Shift4 Payments). (1 byte; data block 022.)

Value Description M CVV2 matched. N CVV2 did not match. P CVV2 not processed. S CVV2 should have been present. U Issuer unable to process.

CVV2Valid A simplified CSC check result based on the value in the CVV2Result field and the merchant’s accepted verification results as configured with Shift4 Payments. The value sent will be ‘Y’ if CSC verification passed or ‘N’ if CSC verification did not pass. (1 byte; data block 022.)

Date The transaction date in MMDDYY format. Sending the Date field is required in every request and will be echoed back in the response. The value specified cannot be a future date. (6 bytes; data block 001.)

DBA The merchant’s business name as configured with Shift4 Payments. (22 bytes; data block 012.)

DBAAddressLine1 First line in the merchant’s business address as configured with Shift4 Payments. (38 bytes; data block 012.)

DBAAddressLine2 Second line in the merchant’s business address as configured with Shift4 Payments. (38 bytes; data block 012.)

DBACity City in the merchant’s business address as configured with Shift4 Payments. (13 bytes; data block 012.)

DBAPhone The merchant’s business telephone number as configured with Shift4 Payments. (15 bytes; data block 012.)

DBAState The state in the merchant’s business address as configured with Shift4 Payments. (3 bytes; data block 012.)

DBAZipCode ZIP/postal code in the merchant’s business address as configured with Shift4 Payments. (9 bytes; data block 012.)

DepartureDate The departure date of a guest’s hotel stay in MMDDYY format. For hotel transactions that are a straight sale (such as advanced deposit, no-show charges, and late charges), the departure date needs to be the day of the sale. (6 bytes; data block 003.)

DestinationZipCode When items are shipped, the ZIP/postal code to which merchandise will be shipped; otherwise, the ZIP/postal code where the goods or services are rendered. (9 bytes; data block 008.)

DeviceExtensions In UTG4Cloud® interfaces, this value is received in the response to a request for device credentials; interfaces should be programmed to pass this field unaltered. “Device credentials” refers to the DeviceService, DeviceGuid, and DeviceExtensions fields, which identify the local UTG to DOLLARS ON THE NET in UTG4Cloud setups. (Max 1,024 bytes; data block 098.)

DeviceInputIndex In an Input Prompt request (FRC DB), specifies a value to be collected from a consumer using a UTG- controlled PIN pad. (3 bytes; data block 113.) The DeviceInputIndex values are described in the table below:

Value Description Return Format 001 CVV2 Numeric 002 Street Number Numeric 003 ZIP Code Numeric 004 Social Security Number (SSN) Numeric, no formatting 005 Last 4 of SSN Numeric 006 Date of Birth MM/DD/YYYY 007 Annual Income Numeric, no commas or decimals 008 Home Phone Number Numeric, no formatting 009 Business Phone Number Numeric, no formatting 010 Email Address (Requires Touchscreen) Alphanumeric 011 Driver’s ID (Requires Touchscreen) Alphanumeric 012 Tip Numeric

DeviceInputResponse The variable text returned in the response to an Input Prompt request (FRC DB), which contains the consumer’s input. (Max 4,096 bytes; data block 113.)

DeviceGuid In UTG4Cloud interfaces, this is a unique value that the UTG uses to find the device controlled by the local UTG. It is received in the response to a device credentials request; interfaces should be programmed to pass this field unaltered. “Device credentials” refers to the DeviceService, DeviceGuid, and DeviceExtensions fields, which identify the local UTG to DOLLARS ON THE NET in UTG4Cloud setups. (Max 200 bytes; data block 097.)

DeviceLanguage Specifies the text language to be displayed on a UTG-controlled PIN pad: “eng” = English, “spa” = Spanish, and “fra” = French. (3 bytes; data block 116.)

DeviceService In UTG4Cloud interfaces, this is the name of the internal service the UTG uses to find the device controlled by the local UTG. It is received in the response to a device credentials request; interfaces should be programmed to pass this field unaltered. “Device credentials” refers to the DeviceService, DeviceGuid, and DeviceExtensions fields, which identify the local UTG to DOLLARS ON THE NET in UTG4Cloud setups. (10 bytes; data block 097.)

DriverName In a sale/authorization request for an auto rental, the customer’s name exactly as it appears on their driver’s license. (35 bytes; data block 004.) E

EnhancedDataID Classification used to determine the context of the EnhancedDataValues field. (2 bytes; data block 068.) Values are specified in the table below:

Value Description

DR Default response

PL Private label

OL Reserved for future use by Petroleum

GA Reserved for future use by General Customer Account

EnhancedDataValues A series of pipe delimited key-value pairs specifying enhanced data values for private-label cards. (Max 1,024 bytes; data block 068.)

ErrorIndicator An error flag returned in a response. If Shift4 Payments was unable to process a request, the value ‘Y’ is returned. The value ‘N’ indicates no error condition. This field is not populated in requests. (1 byte; Transaction Header data block.)

ExpirationDate Card expiration date in MMYY format. This value should only be populated in the initial sale/authorization request when the card is manually entered. (4 bytes; data block 001.)

FormName Specifies a 12-character, alphanumeric string containing the form name to display on a UTG-controlled PIN pad in a Process Forms request (FRC 86). The file extension should not be included in the request. (12 bytes; data block 100.)

FormResponse Returns a 5-character, alphanumeric string containing the ID of the button pressed by the consumer on a UTG-controlled PIN pad in a Process Forms response (FRC 86). This field is not specified in a request. (5 bytes; data block 100.)

FourWords Four space-separated words that reference cardholder data (CHD). The four words can be entered into Shift4 Payments’ 4Word® web app to temporarily reveal CHD. In addition, the four words can be entered during an Online Entry or Offline Entry transaction in DOLLARS ON THE NET to securely charge the corresponding card number. (Max 28 bytes; data block 073.)

FunctionRequestCode A 2-character alphanumeric code indicating what function is being requested. For example, “1B” indicates an Online Auth. Refer to the Function Request Codes section of this document for more detail about the available functions. (2 bytes; Transaction Header data block.)

GiftCardExtendedDataValues A series of key-value pairs, pipe delimited, specifying values related to gift cards. (Max 1,024 bytes; data block 089)

HostResponse The response text for a check approval. The value (e.g., Approved, App., Okay, Dec., Declined, Refused, etc.) varies depending on the merchant’s settings with Shift4 Payments and display preferences. (24 bytes; data block 011.)

HotelAdditionalCharges Reason codes for additional charges in a lodging sale request at the time a consumer checks out. (6 bytes; data block 003.)

Code Description 0 N/A 2 Restaurant 3 Gift shop 4 Mini-bar 5 Telephone 6 Other 7 Laundry

HotelEstimatedDays Used to communicate the estimated number of days of a guest’s stay. This value is included in authorization requests for a consumer’s hotel stay. (2 bytes; data block 013.)

IDNumber Identification number used to process a check transaction. Do not embed spaces or symbols. (24 bytes; data block 011.)

IDTypeCode Code representing the type of identification used to process a check transaction. Refer to Appendix D – Required IDs for Check Verification for more details. (2 bytes; data block 011.) IIASAmountN The total amount of healthcare costs for an HSA/FSA transaction. N can be 1-4 and must correlate with the transaction classification indicated in the IIASTypeN field. (14 bytes; data block 070.)

IIASTypeN

This code classifies eligible healthcare expenses. N can be 1-4. IIASType1 is always 4S. Types 2-4 are subcategories and amounts 2-4 are correlated to the types. (2 bytes; data block 070.)

The following table provides detailed information about the eligible healthcare expenses and codes used in the IIASTypeN field:

Code Description 4S Healthcare (Visa/MC Only) – Qualified Medical Expenses or Over-the-Counter Transit (Visa Only) – Transit Fare Media (e.g., Commuter and Parking Passes, Mass 4T Transit Vouchers, and Tickets) 4O Cash Disbursement (Discover Only) – Amount of Cash Back Being Requested 4U RX (Visa/MC Only) 4V Vision (Visa Only) 4W Clinical (Visa Only) 4X Dental (Visa Only)

Invoice 10-digit invoice number assigned by the interface to identify a transaction. The combination of a card number and an invoice number creates a unique key that identifies a transaction within a batch in DOLLARS ON THE NET. Each invoice number must be unique per batch and for each transaction flow. (10 bytes; Transaction Header data block.)

IYCAvailableBalance The adjusted balance of a gift card received in a response. The amount reflects the IYCBalance adjusted by pending credits or authorizations. (14 bytes; data block 025.)

IYCBalance In a request, specifies the balance to load on the gift card. In a response, specifies the current balance remaining on the gift card (not adjusted for pending credits or authorizations). (14 bytes; data block 025.)

Important: As the IYCBalance field is not adjusted for pending credits or authorizations, be sure to check the IYCAvailableBalance field to confirm the card’s adjusted balance.

IYCCardFormatted Formatted IYC number with hyphens (e.g., “XXXX-XXXX-XXXX-XXXX”). (Max 24 bytes; data block 025.)

IYCCardType Type of card to be processed by the IYC processor. Always ‘G’ unless a different value is specified by Shift4 Payments. (1 byte; data block 025.)

IYCDiscount Discount percentage to be applied to a transaction. (5 bytes; data block 025.)

IYCExpiration IYC expiration date in MMDDYY format. If an expiration date was set on the IYC card, this field is received in an IYC transaction response. (6 bytes; data block 025.)

IYCReasonText In a Deactivate request (FRC 25), specifies the reason for deactivation. In an IYC redemption or inquiry response, specifies the reason for denial sent by the processor. This field will be echoed back in responses other than FRC 25, which may cause errors detecting deactivated cards and therefore should only be included in FRC 25 requests. (Max 32 bytes; data block 026.) The default reason text in a request is as follows: • Administrative Hold • Cancelled • Closed • ID Verification Requested • Lost or Stolen • Merchant Restriction on Card • Stolen • User Defined Reason Code

KeyValueN In a Process Forms request (FRC 86), a 200-character, alphanumeric string containing a maximum of ten custom text fields to display on a UTG-controlled PIN pad for consumer input. N can be 1-10. (Max 200 bytes; data block 100.)

LateAdjustment A dollar amount for late adjustment fees for an auto rental, including refueling charges, a surcharge, or charges for damage incurred during use. (14 bytes; data block 004.)

LineItem In a Display Line Item request (FRC 92), a single line item to be displayed on a UTG-controlled PIN pad. (30 bytes; data block 055.)

LineItemCount In a Display Line Items request (FRC 95), specifies the number of line items being sent in the request. (2 bytes; data block 054.)

LineItemN In a Display Line Items request (FRC 95), the line items to be displayed on a UTG-controlled PIN pad (N can be 1-10). (30 bytes for each LineItemN; data block 054.)

LongError Extended error message that is returned if an error condition exists. (Max 255 bytes; data block 999.)

ManualCheckNumber Check number as seen on the upper right corner of a consumer’s check. This field is specified if the check is manually keyed. (10 bytes; data block 011.)

MerchantReceiptText When the API Option ENHANCEDRECEIPTS was included in a transaction request that requires a receipt (e.g., sale, authorization, decline, referral, error, refund, or void), this field returns the text that is required to be printed on the merchant’s receipt. For detailed receipt printing guidelines, please see the Receipt Printing Requirements section of the Shift4 Payments Integration: API Integration Guide available in MyPortal API Corner. (Max 4,096 bytes; data block 090.)

MerchantType Classifies the merchant type for a merchant’s account with Shift4 Payments. (1 byte; data block 012.)

Value Description

R Retail

H Hotel

F Food & Beverage (F&B)

A Auto Rental

M Mail Order/Telephone Order (MO/TO) or E-Commerce

MetaTokenData A 16-digit, numeric value used to track payment card usage across multiple revenue centers within an organization. This value is only sent in responses. (16 bytes; data block 086.)

MetaTokenType Requests the type of MetaToken™ to be returned. The two MetaToken types are “IL” and “F6”. For the last four digits of the MetaToken to be the last four digits of the payment card, send “IL” in the request. For the last six digits of the MetaToken to be the first six digits of the payment card, send “F6” in the request.

NoShowIndicator Indicates whether a customer picked up a reserved rental car (‘Y’) or not (‘N’). (1 byte; data block 004.)

Notes A free-form notes field that supports the use of HTML tags. Shift4 Payments strongly suggests including the transaction information in HTML format. This will be used for reference in DOLLARS ON THE NET and is not sent to the authorization host. (Max 4,096 bytes; data block 017.)

OverrideBusDate Desired business date of a transaction in MMDDYY format. Include when overriding the existing business date of a transaction. The overriding date may be earlier or later than the existing date. (6 bytes; data block 031.)

P2PEBlock The full output of a P2PE keypad/magnetic swipe reader (MSR). (2,048 bytes; data block 076.)

P2PEBlockLength The length of the P2PEBlock being sent by a P2PE keypad/MSR. This field is only sent in TCP/IP interfaces. (4 bytes; data block 076.)

P2PEDeviceType Classifies the type of payment device being used for P2PE. (2 bytes; data block 076.) Two examples of track data output from the same card are below: When the P2PEDeviceType is specified as “01” in a request, the masked track data output from the terminal consists of ASCII characters:

028301801F331E00139B%*432100******1119^VS/SHIFT4 TEST CARD^1612******?*;432100******1119=1612******?*C0D70C303BF7DFAB26 DFEB59B33A407163D236798BE68580A7355B43D4F5F21DC40C46C366290C116F1 C34601C5BB56C1D13EE0A7FDCF1C1FD6D1D53796647C131F1F2CBD3752720B7E2 2AC92BB1D17168AE7D081AFC204A47D8277280C6A7AFC433D7A8EA0CA1D202ACD 0AC9354F424DA0ACD9B50EAF605873994F7A7A724224B7DF49F00BC68C6629949 50010000000C4F5E9203 When the P2PEDeviceType is specified as “02” in a request, the masked track data output from the terminal is a hexadecimal string representation of ASCII characters:

029800801D3300000189252A3534333230302A2A2A2A2A2A333333325E4D432F5 34849465434205445535420434152445E2A2A2A2A2A2A2A2A2A2A3F2AB2818A27 89D83EE9481BFA5CDCA19CBEB30F53F2F286CEC554413F52E369ECBBE4547354B ED4438884DEC31060F223FA935AA4302184F2C3823628E128376CA272EDE9AF39 C237E73DEF3FB8459A6E911228B9266299490032001FE00169BBEB03

Requirement: The P2PEDeviceType field will be returned with the P2PE block in the response if an On-Demand Card Read request (FRC DA) is sent using a UTG-controlled PIN pad. “03” specifies an Ingenico RBA PIN pad and “04” specifies a Verifone MX PIN pad. If you plan to store the P2PE block for future use, you will need to store the correlated P2PEDeviceType parameter as well. This P2PEDeviceType must be specified when using the P2PE block in future API requests that refer to the same data.

PhotoData The base64-encoded data sent when a signature is captured as a Portable Network Graphics (PNG) file. (Max 4,194,304 bytes; data block 088.)

PhotoType When sending a signature as a PNG file, this value must be ‘P’. (1 byte; data block 088.)

PinBlock Encrypted PIN data received from a POS-controlled PIN pad (not controlled by the UTG). (16 bytes; data block 005.)

PinPadBlockFormat Identifies the format of the PinBlock field for a POS-controlled PIN pad (not controlled by the UTG). Always “71” unless a different value is specified by Shift4 Payments. (2 bytes; data block 005.)

PinPadKey Key serial number (KSN) received from a POS-controlled PIN pad (not controlled by the UTG). The PINPadKey field is a hexadecimal field that should be padded with leading ‘F’s. (20 bytes; data block 005.)

PinPadType Identifies the PIN pad type for a POS-controlled PIN pad (not controlled by the UTG). Set to “03” unless a different value is specified by Shift4 Payments. (2 bytes; data block 005.)

PostalCodePrompt When using a UTG-controlled PIN pad, this field is specified as ‘Y’ to force a PIN pad to prompt the consumer for a ZIP/postal code. This field is specified as ‘N’ when other AVS/CVV fields are being requested, but this field is not. (1 byte: data block 112.)

PreauthorizedAmount In an Online Auth response (FRC 1B), indicates the total transaction amount currently authorized. This field is not specified in a request. (14 bytes; data block 016.)

PreauthorizedTolerance In an Online Auth response (FRC 1B), this field indicates the maximum amount that can be incrementally authorized (when allowed) based on the merchant’s acceptable tolerance level as configured with Shift4 Payments. A merchant’s tolerance level is the allowable authorization level above the primary and secondary amounts at which a merchant may process a payment without requesting additional approval from the processor. This field is not specified in a request. (14 bytes; data block 016.)

PrimaryAmount The amount being charged for a particular transaction. (14 bytes; data block 001.)

PrimaryChargeType Guest’s transaction type at a hotel. (1 byte; data block 003.)

Value Description 1 Lodging 2 Restaurant 3 Gift Shop

PrimaryErrorCode Code indicating the type of error that occurred. This is a response-only field. Refer to the Shift4 Payments Common Error Codes section of this document for more details. (6 bytes; Transaction Header data block.)

ProductDescriptorN A text description of the items purchased or services sold. This can be a generic text description of what the merchant sells (such as “Groceries”) or specific transaction data (such as the name of the item sold). At least one product descriptor field is required in a sale/authorization request. N can be 1-4. (Max 40 bytes; data block 009.)

PromptConfirmQuestion In a Prompt Confirmation request (FRC 82), this field displays an inquiry prompting a consumer’s confirmation. (64 bytes; data block 087.)

PromptConfirmResult In the response to a Prompt Confirmation request (FRC 82), this field specifies whether the consumer has opted to confirm (‘Y’) or deny (‘N’) the requested value. (1 byte; data block 087.)

PromptConfirmValue In a Prompt Confirmation request (FRC 82), this field displays an email address, legal text, or other text for a consumer’s confirmation. (Max 4,096 bytes; data block 087.)

RawMagneticData Data from the front of a check containing the routing number, checking account number, and check number as read by a Magnetic Ink Character Recognition (MICR) reader. (80 bytes; data block 011.)

ReaderIndicator Identifies how the checking account and transit routing number were obtained. (The transit routing number is also known as the ABA number.) ‘0’ if it was manually obtained; ‘1’ if it was read through a check reader. (1 byte; data block 011.)

ReceiptText The raw text message to print on the receipt if not using the API Option ENHANCEDRECEIPTS. (Max 4,000 bytes; data block 033.)

ReceiptTextColumns Indicates the column width per line for a printed receipt. This allows the receipt text to wrap to fit the printed receipt. The receipt lines are separated by a CR/LF pair (ASCII 13, 10). To meet the needs of standard receipt formatting, Shift4 Payments has set the maximum number of characters to “048”. (3 bytes; data block 033.)

RentalAgreement Contract number for an auto rental agreement. (9 bytes; data block 004.)

RentalCity City where rental car was picked up. (18 bytes; data block 004.)

RentalDate Date when rental car was picked up in MMDDYY format. (6 bytes; data block 004.)

RentalState State where rental car was picked up in U.S. postal abbreviation format. (2 bytes; data block 004.)

RentalTime Time when rental car was picked up in HHMMSS format. (6 bytes; data block 004.). Note: Time must be formatted in military format (e.g., 4:14:49 p.m. would be formatted “161449”) for the local time zone where the merchant makes the sale.

RentalZipCode ZIP/postal code where rental car was picked up. (9 bytes; data block 004.)

ReportCardType Used to request a Totals Report (FRC 5F) for a specific card type. To return the totals for all card types, fill this field with spaces (TCP/IP) or send a blank value (HTTP). (2 bytes; data block 032.)

ReportClerk The clerk ID number used when submitting a Totals Report request (FRC 5F), if applicable. If no Clerk ID has been defined, this field should be filled with zeroes (TCP/IP) or left blank (HTTP). (5 bytes; data block 032.)

ReportEndDate The end date for a Totals Report request (FRC 5F) in MMDDYY format. (6 bytes; data block 032.)

ReportEndTime The end time for a Totals Report request (FRC 5F) in HHMMSS format. (6 bytes; data block 032.) Note: Time must be formatted in military format (e.g., 4:14:49 p.m. would be formatted “161449”) for the local time zone where the merchant makes the sale.

ReportStartDate The start date for a Totals Report request (FRC 5F) in MMDDYY format. (6 bytes; data block 032.)

ReportStartTime The start time for a Totals Report request (FRC 5F) in HHMMSS format. (6 bytes; data block 032.) Note: Time must be formatted in military format (e.g., 4:14:49 p.m. would be formatted “161449”) for the local time zone where the merchant makes the sale.

ReportTerminalID The API Terminal ID used when requesting a Totals Report (FRC 5F) for a specific terminal. If not requesting a Totals Report for a specific terminal, this field should be filled in with zeroes (TCP/IP) or left blank (HTTP). (Max 32 bytes; data block 032.)

RequestorReference A unique, alphanumeric value that must be sent in every request. This value must be different from the invoice number and new for each request, including subsequent requests. Shift4 Payments will return the corresponding value in the correlated response, which should be used by your interface to match up requests with responses. This value will also facilitate troubleshooting in production, as it is recorded in the UTG trace files. However, it will not be recorded in DOLLARS ON THE NET. (12 bytes; Transaction Header data block.)

Response Code indicating the Shift4 Payments host response. (1 byte; data block 001.)

Code Description A The transaction is approved. The transaction is approved without requiring additional authorization because it is less than or equal to a ceiling amount. (The ceiling amount is C the original authorization amount multiplied by the tolerance per the merchant’s settings with Shift4 Payments.) D The transaction is declined. R The transaction requires a voice referral. f An AVS or CVV2 failure has occurred (credit card only). e There is an error condition. [Blank] The approval status is unknown.

RetrievalReference Reference retrieval number assigned by the authorizing agency. This value is printed on some receipts. (12 bytes; data block 016.)

ReturnCity City where rental car was returned. (18 bytes; data block 004.)

ReturnDate Date when rental car was returned in MMDDYY format. (6 bytes; data block 004.)

ReturnState State where rental car was returned in U.S. postal abbreviation format. (2 bytes; data block 004.)

ReturnTime Time when rental car was returned in HHMMSS format. (6 bytes; data block 004.) Note: Time must be formatted in military format (e.g., 4:14:49 p.m. would be formatted “161449”) for the local time zone where the merchant makes the sale.

ReturnZipCode ZIP/postal code where rental car was returned. (9 bytes; data block 004.)

Revision Shift4 Payments software revision number. (8 bytes; data block 012.)

SaleFlag Specifies a transaction is a sale (‘S’) or credit (‘C’). (1 byte; data block 001.)

SecondaryAmount Additional charge added to the PrimaryAmount. Typically used for food and beverage tip. (14 bytes; data block 001.)

SecondaryErrorCode This code supplements the code specified in the PrimaryErrorCode field to provide additional information about the error that occurred, if applicable. This is a response-only field. Refer to the Shift4 Payments Common Error Codes section of this document for more details. (3 bytes; Transaction Header data block.)

SerialNumber The merchant’s serial number (i.e., account number) with Shift4 Payments. When utilizing TokenStore®, this value is used in the TokenSerialNumber field to identify a serial number where a TrueToken is stored. (10 bytes; data block 012.)

ShortError Abbreviated error message that is always returned if an error condition exists (for example, “TRAN TIMEOUT”). See the Shift4 Payments Common Error Codes section of this document for more details. (16 bytes; data block 999.)

SignatureBlock In a request, the raw signature data from the signature capture device. In a response, the data is formatted in Shift4 Payments 8-byte format. If the RETURNSIGNATURE API Option is included in a payment request, this field will be returned. (Max 16,384 bytes; data block 006.)

SignatureBlockNumber Identifies the block number of the SignatureBlock field. Always ‘1’ unless a different value is specified by Shift4 Payments. If the RETURNSIGNATURE API Option is included in a payment request, this field will be returned. (1 byte; data block 006.)

SignatureDeviceType Identifies the format of the SignatureBlock field in a request. In a response, the value is always “04” because Shift4 Payments converts all signature data into the Shift4 Payments 8-byte format. If the RETURNSIGNATURE API Option is included in a payment request, this field will be returned. (2 bytes; data block 006.)

Value Device Type 01 Checkmate 2020 02 NCR 03 IVI ENTouch 1000 04 Shift4 Payments Format, Mobinetix, @POS, or Symbol Tech Palm Device 05 Scribex/Topaz SIG Format

SignatureSuppressed Indicates whether a transaction would have required a signature (‘Y’) or not (‘N’). Returned only when the NOSIGNATURE API Option is sent in a request using a UTG-controlled PIN pad. (1 byte; data block 111.)

SignatureTotalBlocks Identifies the total number of signature blocks. Always ‘1’ unless a different value is specified by Shift4 Payments. If the RETURNSIGNATURE API Option was included in a payment request, this field will be returned. (1 byte; data block 006.)

SpecialCode The SpecialCode field is used to provide additional detail for lodging transactions. If a lodging charge does not match one of the listed descriptions, the default value of ‘1’ should be sent in the request. When a value of ‘4’ is sent, the HotelAdditionalCharges field needs to be sent as well. (1 byte; data block 003.)

Code Description 1 No Special Code 2 Assured Reservation/No Show 3 Advance Deposit 4 Delayed Charge 5 Express Check-Out Service 6 Assured Reservation/Normal

SpinAbb Specifies the card type for Bank Identification Number (BIN) management. (2 bytes; data block 064.)

Value Description AX American Express GC Gift Card JC JCB MC Mastercard NS Discover/JCB/Novus PL Private Label VS Visa SC Sears Canada YC IT’S YOUR CARD SpinIsDCC

In BIN management, specifies whether or not the card is dynamic currency conversion (DCC) capable. (1 byte; data block 064.)

SpinIsDebit In BIN management, specifies whether a card can be processed as debit (‘Y’) or not (‘N’). (1 byte; data block 064.)

SpinPrefix In BIN management, specifies the first 10 digits of the card. (10 bytes; data block 064.)

SpinResult In BIN management, specifies the detailed card type. For a complete list of potential values, see Appendix B – Detailed Card Types in this document. (2 bytes; data block 064.)

StreetAddress Consumer’s street address exactly as it appears on their billing statement. This field is used for AVS verification. (30 bytes; data block 002.)

StreetNumberPrompt When using a UTG-controlled PIN pad, this field is specified as ‘Y’ or ‘N’. ‘Y’ will force the PIN pad to prompt the consumer for the street number in their billing address. This field is specified as ‘N’ when other AVS/CVV fields are being requested, but this field is not. (1 byte; data block 112.)

Surcharge In a sale or authorization transaction, the Surcharge field specifies a fee amount that a consumer is charged in addition to the PrimaryAmount. Using the Surcharge field is required by the processors to identify any fee amount being charged when a consumer pays for a transaction with a credit or debit card. (14 bytes; data block 056.)

TaxAmount The amount of sales tax charged for a transaction. The tax amount is used by businesses to track tax expenses for accounting purposes. Identifying the tax amount also helps consumers understand the total amount that they were billed. Your interface must be able to send an amount of ‘0’ as well as other, variable amounts. (14 bytes; data block 008.) Note: The TAXEXEMPT API Option can be used if the transaction is tax exempt.

TaxIndicator Indicates whether tax was applied or not. If the TaxAmount is greater than ‘0’ and has been applied, the indicator should be set to ‘Y’. If the transaction is tax exempt, not taxed, or TaxAmount is ‘0’, the indicator should be set to ‘N’. (1 byte; data block 008.) Note: The TAXEXEMPT API Option can be used if the transaction is tax exempt.

TermsAndConditionsResult Returns the result of the Terms and Conditions screen on the PIN pad (based on the consumer’s input). ‘A’ indicates the consumer has accepted the terms and conditions and ‘D’ indicates the consumer has declined accepting the terms and conditions. (1 byte; data block 108.)

TermsAndConditions Contains the Terms and Conditions text for the UTG-controlled PIN pad to display to a consumer. (Max 4,096 bytes; data block 108.)

TerminalID To prompt a specific UTG-controlled PIN pad in a request, the API Terminal ID configured in UTG TuneUp must be specified in the TerminalID field. (Max 32 bytes; data block 018.)

Time The time of a transaction in HHMMSS format. In a request, the Time field is required, indicates the time of the request, and will be echoed back in the response. (6 bytes; data block 001.) Note: Time must be formatted in military format (e.g., 4:14:49 p.m. would be formatted “161449”) for the local time zone where the merchant makes the sale.

TokenSerialNumber In requests that require the use of a shared TrueToken that is held by another merchant account, such as in TokenStore or TokenShare®, the TokenSerialNumber field is used to specify the serial number for the account where the TrueToken is stored. (10 bytes; data block 039.)

TrackInformation Card swipe data exactly as read by an MSR. (Max 128 bytes; data block 001.)

TranID A 10-digit ID that Shift4 Payments assigns to every transaction. This field is specified in a Void request (FRC 08) to void an incremental authorization. (10 bytes; Transaction Header data block.)

TransitRoutingNumber The ABA number located in the lower left corner on the front of the check. (10 bytes; data block 011.)

TrueToken A TrueToken is a unique, 16-character value created by DOLLARS ON THE NET to reference CHD. This value is used in the UniqueID field in place of actual CHD, providing the merchant advanced security and improved PCI compliance.

UniqueID This field is used to specify a TrueToken. Whenever CHD is sent in a request, a TrueToken will be returned in the corresponding response’s UniqueID field. Your interface should be designed to store this TrueToken for future use. The latest TrueToken received should be used in any subsequent request that references the same card data. (16 bytes; data block 039.) V

ValidAVS A simplified AVS result based on the merchant’s list of accepted responses as configured with Shift4 Payments: (‘Y’) if accepted or (‘N’) if not accepted. (1 byte; data block 001.)

ValidIDTypes Codes that define the identification required for the proper verification of a check. Up to 100 codes may be returned in a response. Refer to Appendix D – Required IDs for Check Verification for more information. (Max 100 bytes; data block 010.)

Vendor This field identifies who wrote the interface the merchant is using, which software application is being used, and the version number. It is specified in every API call. (Max 64 bytes; data block 000.) The configuration of this field should follow the guidelines below: 1. The following components make up the Vendor field, separated by colons:

CompanyName (max 26 characters):InterfaceName (max 25 characters):Version (max 11 characters) Where: CompanyName refers to the vendor or partner that designed and certified the interface, and the information you use in the Vendor field should match what we have on file or what was agreed upon in your Integration Plan. InterfaceName is the name of the program or application that is sending requests to Shift4 Payments. This should be the name of the program that you purchased or created, not the UTG or protocol (HTTP, TCP/IP). Version refers to the version of the program or application that is sending requests to Shift4 Payments. In practice, it should look something like this: PAWS:POS:2.1 (In this example, the vendor’s company name is PAWS, the interface name is POS, and the version number is 2.1.) or HotelsToGo:HotelManager:13579 (In this example, the vendor’s company name is Hotels to Go, the interface name is Hotel Manager, and the version number is 13579.)

2. Pay attention to the characters that are and aren’t allowed. These special characters are allowed in the Vendor field: _ | @ # & * ; ( ) . /

The following special characters are not allowed: : $ % ^ - ~ ` < > , ? “ ” ‘ ’ { } [ ] \ + = 3. Like the Client GUID, this information should be hard-coded into your application. In the Shift4 Payments Integration: API Integration Guide available in MyPortal API Corner, we outline the importance of the Client GUID, which is permanently tied to your software version. The Vendor field is similar. The company name, interface name, and version noted in this field should be identical for all merchants using the same software and version number. It should be hard-coded into your application by version, and should not change unless a new Shift4 Payments certification is obtained for a new version number.

Verbose In an HTTPS POST API request, this parameter must be specified as “YES” to cause all applicable data to be returned in the response.

VoiceMerchantAccount The merchant’s account number as configured with Shift4 Payments. This field is returned in response to a Get Voice Center Information request (FRC 22) because the clerk is required to provide it when attempting to obtain a voice authorization code. This information must be displayed to the clerk. (Max 20 bytes; data block 015.)

VoicePhoneNumber The phone number a clerk must call to obtain a voice authorization code. This field is returned in response to Get Voice Center Information request (FRC 22). This information must be displayed to the clerk. (20 bytes; data block 015.)

ZipCode Customer’s ZIP/postal code from their billing statement. Used for AVS verification. Do not include special characters. (9 bytes; data block 002.)

Deprecated Fields The fields in this section have been deprecated for use in new certifications but are included for reference.

A – M

APIPassword This field is deprecated and has been replaced by the AccessToken field. This unique password was previously required in all transaction requests. During the certification process, it was assigned by Shift4 Payments’ API Support team. After an interface had been certified and moved to production, a different API password was assigned by Shift4 Payments’ Customer Support team; therefore, this field was required to be configurable. (32 bytes; data block 019.)

APISerialNumber This field is deprecated and has been replaced by the AccessToken field. This unique serial number was previously required in all transaction requests. During the certification process, it was assigned by Shift4 Payments’ API Support team. After an interface had been certified and moved to production, a different API serial number was assigned by Shift4 Payments’ Customer Support team; therefore, this field was required to be configurable. (10 bytes; data block 019.)

EMVOfflineDecision This field is deprecated. It was used to indicate whether offline approval was obtained for a transaction and why. (1 byte; data block 072.)

EMVOnlineDecision This field is deprecated. It was used to indicate whether online approval was obtained for a transaction and why. (1 byte; data block 072.)

EMVRequireSignature This field is deprecated. It was used to indicate whether the customer’s signature was required (‘Y’) or not (‘N’) on an EMV receipt. (1 byte; data block 072.)

MerchantID This field is deprecated and has been replaced by the Access Token. This 10-digit ID was previously assigned by Shift4 Payments to identify the merchant. In TCP/IP interfaces, this field should be filled with zeros. (10 bytes; Transaction Header data block.)

N – Z

ResponseCode This field is deprecated and has been replaced by the Response field. It was the field in which the response code was returned. (1 byte; data block 001.)

VerifyID This field is deprecated. If supported by the POS/PMS, VerifyID was returned with an approval in an Auth or Sale transaction, prompting the clerk to verify a consumer’s identification. If the consumer ID did not match, a Void was sent. If Verify ID was not supported by the POS/PMS, an error was returned by the UTG. (1 byte; data block 085.)

Function Request Codes Below is a list of Shift4 Payments FRCs:

Transaction Functions FRC Name Description This function is used to request processor approval for an authorization only. If the invoice number already exists, the amount requested will be compared 1B Online Auth to the approved amount on file, and Shift4 Payments will request approval for the additional amount only. If approved, the authorization will remain in DOLLARS ON THE NET until it’s converted to a sale. This function is used to request processor approval for an authorization and a sale. If the invoice number already exists, the amount requested will be 1D Online Sale compared to the approved amount on file, and Shift4 Payments will request approval for the additional amount only. If approved, a new sale transaction will be displayed in DOLLARS ON THE NET and ready to be batched. This function is used to request authorization in an offline scenario, which 05 Offline Auth means that Shift4 Payments will not seek processor approval. An authorization code should be included in this request. This function is used to request authorization and a sale in an offline scenario, which means that Shift4 Payments will not seek processor approval. An 06 Offline Sale authorization code should be included in this request if the amount being submitted in the request is greater than the authorization amount currently on file. 08 Void This function is used to request that an existing invoice be cancelled.

Non-Transaction Functions FRC Name Description This function is used to request the status (e.g., approved, declined, error, referral, etc.) for a specific invoice; it is primarily used after a timeout or error Get Invoice has occurred. Voided or batched and settled invoices will return an “Invoice 07 Information Not Found” error. For more information, see the Timeouts and Communication Failures section of the Shift4 Payments Integration: API Integration Guide available in MyPortal API Corner. This function is used to request Doing Business As (DBA) information for a 0B Get DBA Information specific merchant ID. This function is used to upload the captured signature to an existing invoice in 20 Signature Upload DOLLARS ON THE NET.

FRC Name Description This function is used to request the voice center phone number and merchant account number that should be displayed to the clerk so they can obtain a Get Voice Center 22 voice authorization code for a transaction. (The merchant must provide this Information information to Shift4 Payments.) The function should be sent after receiving a Referral response to an Online Auth (FRC 1B) or Online Sale (FRC 1D) request. 23 Identify Card Type This function is used to request and return the card type. This function is used to request card validation; it also validates Address 2F Verify Card Verification (AVS) and Card Security Code (CSC) data (if sent in the request) without consuming short-term data. This function is used to request a prompt for signature on a UTG-controlled 47 Request Signature PIN pad and returns the signature. Get Four Words from This function is used to generate a unique combination of four words that can 64 TrueToken be used to reference CHD. CA Status Request This function is used to verify data center connectivity and thread count. This function is used to request that a receipt be printed using a device’s built- F1 Print Receipt in printer. The receipt may include a scannable bar code. This function is used to request information regarding the status of a specific device. Depending on the type of device in use, this request may return a F2 Get Device Info variety of device information in the response, including the types of encryption keys injected on the device and more.

Consumer-Prompt Functions FRC Name Description This function is used to display text for a consumer’s confirmation on a UTG- 82 Prompt Confirmation controlled PIN pad. This function is used to display a custom form and text for a consumer’s input 86 Process Forms on a UTG-controlled PIN pad. This function is used to display terms and conditions for a consumer to accept CF Terms and Conditions or decline on a UTG-controlled PIN pad. This function is used to prompt a P2PE-enabled UTG-controlled PIN pad to request a pass-through card swipe, causing the output of the swipe to be DA On-Demand Card Read returned directly to the interface without any action or validation by Shift4 Payments or the processor.

FRC Name Description This function is used to prompt a UTG-controlled PIN pad to collect a specified value from a consumer. The interface will specify the value based on the DeviceInputIndex field. (For a complete list of DeviceInputIndex values, see the DB Input Prompt Sending the Input Prompt Function section of the Shift4 Payments Integration: API Integration Guide available in MyPortal API Corner.) Each request will collect one specified value; when multiple values need to be collected, separate requests must be sent.

Check Functions FRC Name Description This function is used to request that an identification (ID) type be returned in a response. The value returned will indicate the type of ID that may be used to 17 Get Valid Check IDs verify a consumer paying with a check. For information about the values returned, please see Appendix D – Required IDs for Check Verification in this document. Check Approval 1F This function is used to request an online check approval. Request

Report Functions FRC Name Description This function is used to request a simple URL-encoded totals report for 5F Totals Report automated analysis. It does not supersede the standard auditing and reporting tools that are included with Shift4 Payments’ products.

Enhanced Itemization Functions FRC Name Description This function is used to display a line item on a UTG-controlled PIN pad. In 92 Display Line Item additional FRC 92 requests, if the API Option APPENDLINEITEM is sent, the UTG will append a line item to the existing line item(s) displayed. This function is used to clear the line items displayed on a UTG-controlled PIN 94 Clear Line Items pad. This function is used to display up to 10 line items on a UTG-controlled PIN 95 Display Line Items pad. In additional FRC 95 requests, if the API Option APPENDLINEITEM is sent, the UTG will append a line item to the existing line item(s) displayed. This function is used to request a card swipe, insert, or tap (if applicable) on a 96 Swipe Ahead UTG-controlled PIN pad before an Online Auth (FRC 1B) or Online Sale (FRC 1D) request is sent.

FRC Name Description This function is used to reset a UTG-controlled PIN pad to idle. When there is pending consumer input (e.g., waiting for the consumer to confirm the 97 PIN Pad Reset amount, swipe their card, select credit or debit, etc.), sending FRC 97 will cancel the request.

Gift Card Functions FRC Name Description This function requests that a new gift card be activated for use, that a new gift card be 24 Activate/Reload loaded with funds, or that an active gift card be loaded with additional funds. This function requests that an active gift card be deactivated so that it can’t be used to process transactions. The API Option GCCASHOUT must be sent in the request to 25 Deactivate return any remaining funds to the consumer. If GCCASHOUT is not sent, a balance will remain on the gift card (if doing so is supported by the processor). This function requests that a previously deactivated gift card be reactivated. If there was a balance remaining on the gift card at the time of deactivation, the balance will 26 Reactivate again become available for use. Funds cannot be added to a gift card during a Reactivate request. This function requests that a gift card’s balance, masked card number, expiration date, 61 Inquiry and discount percentage be returned. Merchants may be required to pay a fee for an inquiry request depending on their processor agreement.

TokenStore Functions FRC Name Description This function requests that CHD be added to a local or Global TokenStore and that a TrueToken be returned for use in a subsequent transaction. The card’s short- E0 TokenStore Add term data will not be consumed during the tokenization process when using this function. This function cannot be used for EMV processing. This function requests that a new TrueToken be generated using an existing TrueToken. This request can be used to deposit a TrueToken into a Global E2 TokenStore Duplicate TokenStore or as a means to continue using a token that is about to expire. The card’s short-term data (if sent by the interface) will be stored until it is used or for the period configured in the merchant’s DOLLARS ON THE NET account.

Blocked Card Functions FRC Name Description This function requests that a card be placed on a list that prevents it from D7 Block Card being used across an account. This function requests that a card be unblocked,, allowing it to be used across D8 Unblock Card an account again. This function requests that the status of a card (“Blocked” or “Unblocked”) be D9 Card Block Status returned.

MetaToken Functions FRC Name Description This function requests that a 16-digit MetaToken be returned for tracking card CD Get MetaToken usage across multiple revenue centers.

Token Exchange Functions FRC Name Description This function is used to request exchanging a Client GUID and Auth Token for CE Token Exchange an Access Token.

Citcon Functions FRC Name Description This function returns a link to a QR Code image or a string that can be 6C Get QR Code converted to a QR code image. 6D Get QR Pay Status This function requests a QR Pay transaction status.

Deprecated Function Request Codes The following Shift4 Payments FRCs have been deprecated:

FRC Name Description This function is deprecated and has been replaced by FRC 94. It was used to 91 Display Clear request to clear a line item or a list of line items from a PIN pad display. This function is deprecated and should no longer be used by a point of sale 93 Poll Swipe Data (POS) or property management system (PMS). It was used to poll the PIN pad device for the card-swipe data.

API Options API Options are sent to pass values that modify the request being made. API Options will be sent using the APIOptions field/API Options data block.

Requirement: When sending multiple options in a request, API Options must be separated by a comma.

Transaction Auth Request Options API Option Description This option is used to return all available fields in a response. ALLDATA is required to be sent in every request. Interfaces must be designed to ignore any fields in a response that are not applicable to a given request. Using ALLDATA enables support of Shift4 Payments’ TrueTokenization® technology, which ALLDATA facilitates payment security, as well as for IYC information to be returned in response to a sale/authorization request. As enhancements are made to Shift4 Payments’ products and offerings, new fields may be returned in a response and interfaces must be able to handle these responses accordingly. This option is used to enable the processor to issue a partial approval (if they support it). When ALLOWPARTIALAUTH is included in a request, the interface must interrogate the ALLOWPARTIALAUTH amount returned in the PrimaryAmount field in the response and compare it to the amount requested to determine if a transaction is partially approved because the approved amount may be less than the requested amount. RETURNEXPDATE* This option is used to return a card’s expiration date unmasked. This option indicates that a transaction is tax exempt. TAXEXEMPT TAXEXEMPT should only be used when a transaction is explicitly tax exempt. When using a UTG-controlled PIN pad, this option is used to USECARDNAME overwrite the value in the CustomerName field with the information from the track data.

*The expiration date returned should only be used to determine the life of a TrueToken. It should never be used to evaluate whether or not a transaction should be approved.

Sales Transaction Options API Option Description

INVMUSTEXIST This option returns an error if the invoice specified in an Online Sale (FRC 1D) does not already exist.

EBT Auth Request Options API Option Description This option is used to indicate the transaction is an EBT cash EBTCASH benefit. This option is used to indicate the transaction is an EBT food EBTFOOD stamps benefit. This option is used to indicate the transaction is an EBT cash EBTWITHDRAW withdrawal.

Get DBA Options API Option Description This option is used to return the merchant’s full DBA Name in FULLDBANAME the Notes field on DBA requests. This option is used to return the merchant’s configured RETURNCURRENCYCODE currency code in the CurrencyCode field.

Gift Card Options API Option Description This option is used to clear any remaining balance from a gift card and return it to the consumer as cash. The card’s balance GCCASHOUT must be recorded before using the GCCASHOUT API Option. GCCASHOUT can be used with a Deactivate request (FRC 25) or an Online Sale request (FRC 1D). This option is used to add the amount sent in the IYCBalance field to a gift card’s existing balance in an Activate/Reload request (FRC 24). For example, a card has a balance of $25 and IYCRECHARGE an FRC 24 request is sent with an IYCBalance of $50 and the API Option IYCRECHARGE. The result will be the card having a balance of $75. If the IYCRECHARGE API Option is left out of the request, the card will be left with an incorrect balance of $50.

API Option Description This option is used to limit the processing capability to active cards when using Activate/Reload (FRC 24) and Deactivate (FRC IYCACTIVEONLY 25) requests. This API Option is required in flows with active IYC cards to prevent unexpected results. This option is used to limit the processing capability to inactive cards when using Activate/Reload (FRC 24) and Deactivate (FRC IYCDEACTIVEONLY 25) requests. This API Option is required in flows with inactive IYC cards to prevent unexpected results.

Line Item Options API Option Description When using a UTG-controlled PIN pad, this option is used to append a line item to the existing line item(s) displayed on the APPENDLINEITEM screen. This API Option works with both Display Line Item (FRC 92) and Display Line Items (FRC 95) requests.

MetaToken Options API Option Description This option is used to return a MetaToken in a response (if RETURNMETATOKEN enabled).

UTG-Controlled PIN Pad Options API Option Description This option is used to allow the interface to process cash back ALLOWCASHBACK requests from a consumer. This option is used to bypass the Amount OK screen and go straight to the insert/swipe screen. If Tip is enabled on the BYPASSAMOUNTOK device, it will cause the UTG to prompt for Tip prior to going to the insert/swipe screen.† This option is used to suppress requesting an electronic BYPASSSIGCAP signature from a consumer for a given transaction. Instead, a signature line will be included in the receipt text (if applicable). This option is used to bypass the PIN pad (even if a TerminalID BYPASSUTG is included in a request). This option is used to prevent the PIN pad from prompting for BYPASSTIP tip for the current transaction (if Tip is enabled for the PIN pad device in UTG TuneUp).

API Option Description This option is used to process a transaction using a specialized DISABLEEMV payment card via an alternate merchant ID (MID). This option is used to override the UTG TuneUp setting allowing manual card entry (MCE). The UTG will display a DISABLEMCE Please Swipe/Insert (or Tap, if applicable) form with the Manual Entry button disabled or hidden. This option is used to disable the PIN pad’s contactless DISABLECONTACTLESS functionality for the current transaction. This option is used to make a swiped card appear manually DISCARDTRACKINFO entered by discarding the swipe data other than the card number and expiration date. This option is used with a PIN Pad Reset (FRC 97) request to put a terminal into a Lane Closed state. The Lane Closed screen will LANECLOSED be displayed on the device instead of the standard idle screens. A second FRC 97 request without the LANECLOSED API Option will cancel the display of the lane closed screen. This option is used to suppress requesting a signature from a consumer for a given transaction. Additionally, sending this NOSIGNATURE option will ensure that a signature line will not be included in the receipt text (if applicable). This option is used with a Request Signature (FRC 47) request. If PLCCSIGNATURE is included, the screen on the PIN pad will PLCCSIGNATURE display “I have received and agree with the Terms and Conditions” instead of “Please sign and tap ok with pen”. PRINTTIPLINE This option is used to include a tip line in the receipt text. This option is used to return the signature captured on a PIN RETURNSIGNATURE pad to the interface. The returned signature can then be used by the interface to display to the clerk or print on a receipt. This option is used to bypass the Please Swipe Card screen and display the Enter Card Number screen instead. This allows the USEMCE interface to force MCE (even if it is disabled by default in UTG TuneUp).

†The Amount OK screen can be bypassed for all transactions on Ingenico PIN pad devices by selecting the “Bypass Amount OK” setting in UTG TuneUp.

WARNING! Using the NOSIGNATURE API Option to skip collecting signatures on low-dollar-amount transactions can increase the merchant’s chargeback risk.

Receipt Text Options API Option Description This option is used to return two receipt text blocks: one for the merchant copy receipt and one for the customer copy ENHANCEDRECEIPTS receipt. This API Option must be sent with every FRC 1B, 1D, 05, 06, 07, and 08 request.

TokenStore Options API Option Description This option is used to trigger the system to perform a $0 or $1 authorization to validate the card. If the card is valid, the card number will be stored and a TrueToken will be returned. All other responses will return error 9858. This API Option will be TOKENAUTH ignored if the CVV2 information or track data is included in the request because CVV2 and track data cannot be stored after authorization and would be consumed by the TOKENAUTH API Option.

Totals Report Option API Option Description This option is used to return only non-problem transactions in NONPROBLEMSONLY the response to a Totals Report request (FRC 5F).

Citcon Option API Option Description This option only applies to the GetQRCode (FRC 6C) function. If QRLINK included, the response will return a link to a QR code image or a string that can be converted to a QR code image.

Deprecated API Options The following Shift4 Payments API Options have been deprecated:

API Option Description

ALLOWVERIFYID This function is deprecated and should no longer be used by a POS/PMS. This option was used to enable the processor to issue an approval and request cardholder ID verification.

Shift4 Payments Test Card Numbers The test card numbers listed in the tables below are the only acceptable numbers that may be used in the Shift4 Payments test environment. The use of any card number that is not listed in this section will result in an error.

Acceptable Test Card Numbers The following table contains acceptable test card numbers:

Card Type Card Number Expiration Date

VS – Visa 4321000000001119 Any Future Date

VS – Visa 4616222222222257 Any Future Date

VS – Visa 4761739001010010 Any Future Date

MC – Mastercard 5432000000003332 Any Future Date

MC – Mastercard 5290111111111111 Any Future Date

MC – Mastercard 2221000000000009 Any Future Date

MC – Mastercard 5413330089604111 Any Future Date

AX – American Express 373400000002221 Any Future Date

AX – American Express 342877777777705 Any Future Date

AX – American Express 374245455400001 Any Future Date

JC – JCB 3337000000005551 Any Future Date

JC – JCB 3112030205926211 Any Future Date

VS – FSA Visa Debit, PIN Capable 4843609999999981 Any Future Date

VS – FSA Visa Debit, No PIN 4960049898989899 Any Future Date

MC – FSA Mastercard Debit, PIN Capable 5329809999999995 Any Future Date

MC – FSA Mastercard Debit, No PIN 5543249898989898 Any Future Date

VS – Interac Visa 4506364400038106 Any Future Date

NS – Novus/Discover 30103869233631 Any Future Date

NS – Novus/Discover 6011013928534509 Any Future Date

NS – Novus/Discover 6011000000004444 Any Future Date

NS – Discover 3059910000007215 Any Future Date

NS – Discover 6011040000000000 Any Future Date

NS – Discover 6011025500136883 Any Future Date

NS – Discover 6011202300122435 Any Future Date

NS – Discover 6011485500160269 Any Future Date

NS – Discover 6011740000186192 Any Future Date

Card Type Card Number Expiration Date

NS – Discover 6011780000146150 Any Future Date

NS – Discover 6011869900135411 Any Future Date

NS – Discover 6440009900070414 Any Future Date

NS – Discover 6506000000000006 Any Future Date

NS – Discover 6555900000084001 Any Future Date

NS – Discover 6011050000000017 Any Future Date

NS – Discover 6011000990055240 Any Future Date

NS – Discover 6011000991223805 Any Future Date

NS – Discover 6510000000000034 Any Future Date

NS – Diners Club International 36998900076186 Any Future Date

NS – Diners Club International 3899910000005874 Any Future Date

NS – Diners Club International 3095000000009894 Any Future Date

NS – Discover - JCB Test Card 3528000000123429 Any Future Date

NS – Discover - China Union Pay Test Card 6221261111112650 Any Future Date

NS – Discover - China Union Pay Test Card 6282000123842342 Any Future Date

Acceptable Private-Label Test Card Numbers The following table contains acceptable private-label test card numbers:

Card Type Card Number Expiration Date

PL – Private Label 980000159 Any Future Date

PL – Private Label 980000033 Any Future Date

PL – Private Label 980000119 Any Future Date

PL – Private Label 980000039 Any Future Date

PL – Private Label 980000152 Any Future Date

PL – Private Label 980000038 Any Future Date

PL – Private Label 980000157 Any Future Date

PL – Private Label 980000116 Any Future Date

PL – Private Label 980000111 Any Future Date

PL – Private Label 6019191200450867 Any Future Date

PL – Private Label 6034591400025529 Any Future Date

Card Type Card Number Expiration Date

PL – Private Label 6034610000000011 Any Future Date

PL – Private Label 6019190000900022 Any Future Date

PL – Private Label 6034591400075565 Any Future Date

Private-Label Promotional Code Test Values The following table contains a list of acceptable private-label promotional code test values:

Promo Type 01 Promo Type 02 Promo Type 03

F1: 000000 F1: 000002 F1: 000000

F2: 000010 F2: 000025 F2: 000000

F3: 12 MONTHS F3: 9 MONTHS F3: 6 MONTHS

F4: NO INTEREST F4: BILLED INTEREST F4: EQUAL PAYMENT

Acceptable Test Card Trigger Numbers The following table contains acceptable test card trigger numbers; however, it is preferable to use the dollar amount trigger values for most testing. Refer to the Shift4 Payments Test Server Logic section of this document for dollar amount values.

Card Type Card Number Description

VS – Visa 4417010617574247 Used to trigger a demo host error.

MC – Mastercard 5301933782570466 Used to trigger a demo host error.

VS – Visa 4184324142934805 Used to trigger a timeout response.

VS – Visa 4184026860115661 Used to trigger a timeout response.

MC – Mastercard 5410648714659090 Used to trigger a timeout response.

MC – Mastercard 5410191817369234 Used to trigger a timeout response.

Used to trigger an invalid card response when sending a Verify VS – Visa 4024007135532710 Card request (FRC 2F).

Used to trigger an invalid card response when sending a Verify MC – Mastercard 5135299256640694 Card request (FRC 2F).

Used to trigger an invalid card response when sending a Verify NS – Novus/Discover 30249963622904 Card request (FRC 2F).

Used to trigger an invalid card response when sending a Verify AX – American Express 371449635398431 Card request (FRC 2F).

Used to trigger an invalid card response when sending a Verify JC – JCB 3088518677707770 Card request (FRC 2F).

Used to trigger an invalid card response when sending a Verify NS – Novus/Discover 6011186767363105 Card request (FRC 2F).

VS – Visa 4321000000001118 This card number will fail the Luhn mod 10 check.

Shift4 Payments Test Server Logic Shift4 Payments’ test server simulates connectivity to a credit card processing network and provides processor-like responses to credit card transactions. The test host can be triggered for specific responses, allowing you to properly code for errors, declines, referrals, and other failures.

Desired Response Trigger(s)

PrimaryAmount ≤ $500 or Response=A (Authorized) PrimaryAmount and Secondary Amount ≤ $500 or SecondaryAmount ≤ $500

$500 < PrimaryAmount ≤ $1000 or Response=R (Referral) $500 < PrimaryAmount and Secondary Amount ≤ $1000 or $500 < SecondaryAmount ≤ $1000

$1,000 < PrimaryAmount < $10,000 or Response=D (Declined) $1,000 < PrimaryAmount and Secondary Amount or $1,000 < SecondaryAmount

Demo Host Error $10,000 <= PrimaryAmount < $1,000,000

PrimaryAmount=111.XX, where XX is the number of seconds that the Application Timeout Response=‘A’ transaction response will be delayed.

PrimaryAmount=$112.XX, where XX is the number of seconds that the Application Timeout Response=‘e’ transaction response will be delayed.

PrimaryAmount=$511.XX, where XX is the number of seconds that the Application Timeout Response=‘R’ transaction response will be delayed.

PrimaryAmount=$1,111.XX, where XX is the number of seconds that Application Timeout Response=‘D’ the transaction response will be delayed.

Desired Response Trigger(s)

For each value in the AVSResult field, include the corresponding 2-digit trigger sequence in either the StreetAddress or ZipCode field. AVSResult Trigger Sequence A 65 E 69 N 78 R 82 S 83 AVSResult U 85 X 88 Y 89 Z 90 If more than one trigger sequence is present, values are read from left to right with the values in the StreetAddress field taking precedence over the values in the ZipCode field. For example, if StreetAddress=6545 Elm and ZipCode=49081, the AVSResult would return ‘A’ because ‘65’ occurred before ‘90’.

CardLevelResults returned in the CardLevelResult field: CardLevelResult Card Type PrimaryAmount=$6.66 2V VS 2C MC 1A AX 1B NS

CVV2Result=M (Match) CVV2Code=333 or 3333

CVV2Result=N (No match) CVV2Code=444 or 4444

CVV2Result=P (Not processed) CVV2Code=555 or 5555

CVV2Result=S (Should have been present) CVV2Code=666 or 6666

CVV2Result=U (Issuer unavailable to process) CVV2Code=777 or 7777

Approval is returned with a random partial auth $219.00=Partial Auth amount

ResponseCode=A (Authorized) with a balance of PrimaryAmount=$6.66 $43.44 (pre-paid Visa/Mastercard/AMEX card)

ResponseCode=R (Referral) with a balance of PrimaryAmount=$516.66 $83.44 (pre-paid Visa/Mastercard/AMEX card)

ResponseCode=D (Decline) with a balance of PrimaryAmount=$1116.66 $133.44 (pre-paid Visa/Mastercard/AMEX card)

PrimaryAmount ≤ $100 and send appropriate AVS/CVV2 triggers (see above) 1-Pass Validation or PrimaryAmount and Secondary Amount ≤ $100 and send appropriate AVS/CVV2 triggers (see above)

Desired Response Trigger(s)

PrimaryAmount > $100 and send appropriate AVS/CVV2 triggers (see above) 2-Pass Validation or PrimaryAmount and Secondary Amount > $100 and send appropriate AVS/CVV2 triggers (see above)

Trigger by sending a PrimaryAmount and SecondaryAmount value that totals $219 in the initial Authorization (FRC 1B) or Sale (FRC 1D), or by Partial Authorization increasing the amount by $219 on Incremental Authorizations (FRC 1B) or Settlements (FRC 1D).

Note: Triggers for existing invoices may be honored by using the trigger value and the current authorization on file.

Shift4 Payments Common Error Codes Shift4 Payments has created error codes to identify error conditions as they occur when processing a transaction. An error condition is any condition where a card was not successfully processed with an approval, referral, or decline response. When appropriate, the interface notifies the user when an error occurs by displaying an error code, a short error message, and a long error message. AVS and CVV failures are not considered error codes; instead, they are considered non-authorized responses from the issuer. During testing, please contact your assigned API Analyst for assistance if you encounter a critical error or if any error persists after you attempt a solution described below.