Relayed authorization requested
Adyen sends this webhook to allow you to provide relayed authorization for a transaction.
To complete a relayed authorization, respond to this webhook with an HTTP 200 response. Include the authorisationDecision in the response body.
If we do not receive the response within two seconds, we apply your fallback logic.
The reference of the account holder.
The description of the resource.
The unique identifier of the resource.
The reference for the resource.
The amount of the transaction.
The amount of the transaction, in minor units.
The amount adjustments in the transaction.
The adjustment amount.
The amount of the transaction, in minor units.
The type of markup that is applied to an authorised payment.
Possible values: exchange, forexMarkup, authHoldReserve, atmMarkup.
The basepoints associated with the applied markup.
The specific amount of the adjustment.
The amount of the transaction, in minor units.
The minimum amount of the adjustment.
The amount of the transaction, in minor units.
The maximum amount of the adjustment.
The amount of the transaction, in minor units.
The authorization code for the payment.
The decision of the authorization.
The reason of the authorization decision.
The status of the authorization decision. Possible values: Authorised or Refused.
The code of the authorization decision.
The authorization type.
Possible values:
- finalAuthorisation
- preAuthorisation
- defaultAuthorisation
The reference of the balance account.
The description of the resource.
The unique identifier of the resource.
The reference for the resource.
The list of balance mutations per event.
The balance amount after the mutation.
The amount of the transaction, in minor units.
The balance amount before the mutation.
The amount of the transaction, in minor units.
The three-character ISO currency code.
The amount of the mutation.
The amount of the transaction, in minor units.
The type of the mutation.
The unique identifier of the balance platform.
The entry mode of the information of the payment instrument. For example: contactless, chip, magstripe.
The unique identifier of the transfer.
The information about the merchant.
The unique identifier of the merchant's acquirer.
The merchant category code.
The unique identifier of the merchant.
Contains the name and location of the merchant.
The city where the merchant is located.
The country where the merchant is located in three-letter country code format.
The home country in three-digit country code format, used for government-controlled merchants such as embassies.
The name of the merchant's shop or service.
The raw data.
The state where the merchant is located.
The postal code of the merchant.
The amount in the original currency.
The amount of the transaction, in minor units.
Contains information about the payment instrument.
Please use bankAccount object instead
Contains optional, additional business account details. Returned when you create a payment instrument with type bankAccount.
The unique identifier of the balance account associated with the payment instrument.
Contains the business account details. Returned when you create a payment instrument with type bankAccount.
The bank account number, without separators or whitespace.
The bank account type.
Possible values: checking or savings. Defaults to checking.
The bank account branch number, without separators or whitespace
Business accounts with a formFactor value of physical are business accounts issued under the central bank of that country. The default value is physical for NL, US, and UK business accounts.
Adyen creates a local IBAN for business accounts when the formFactor value is set to virtual. The local IBANs that are supported are for DE and FR, which reference a physical NL account, with funds being routed through the central bank of NL.
The international bank account number as defined in the ISO-13616 standard.
The routing number, without separators or whitespace.
The sort code, without separators or whitespace.
iban or usLocal or ukLocal
Contains information about the card payment instrument. Returned when you create a payment instrument with type card.
Contains the card user's password and mobile phone number. This is required when you issue cards that can be used to make online payments within the EEA and the UK, or can be added to digital wallets. Refer to 3D Secure and digital wallets for more information.
The email address where the one-time password (OTP) is sent.
The password used for 3D Secure password-based authentication. The value must be between 1 to 30 characters and must only contain the following supported characters.
-
Characters between a-z, A-Z, and 0-9
-
Special characters: äöüßÄÖÜ+-*/ç%()=?!~#'",;:$&à ùòâôûáúó
The phone number where the one-time password (OTP) is sent.
This object must have:
-
A
typeset to mobile. -
A
numberwith a valid country code. -
A
numberwith more than 4 digits, excluding the country code.
Make sure to verify that the card user owns the phone number.
The full phone number provided as a single string. For example, "0031 6 11 22 33 44", "+316/1122-3344",
or "(0031) 611223344".
Type of phone number. Possible values: Landline, Mobile.
The bank identification number (BIN) of the card number.
The brand of the physical or the virtual card. Possible values: visa, mc.
The brand variant of the physical or the virtual card. For example, visadebit or mcprepaid.
Reach out to your Adyen contact to get the values relevant for your integration.
The name of the cardholder. Maximum length: 26 characters.
Settings required when creating a physical or a virtual card.
Reach out to your Adyen contact to get the values that you can send in this object.
Overrides the activation label design ID defined in the configurationProfileId. The activation label is attached to the card and contains the activation instructions.
Your app's URL, if you want to activate cards through your app. For example, my-app://ref1236a7d. A QR code is created based on this URL, and is included in the carrier. Before you use this field, reach out to your Adyen contact to set up the QR code process.
Maximum length: 255 characters.
Overrides the shipment bulk address defined in the configurationProfileId.
The name of the city.
The name of the company.
The two-character ISO-3166-1 alpha-2 country code. For example, US.
The email address.
The house number or name.
The full telephone number.
The postal code.
Maximum length:
-
5 digits for addresses in the US.
-
10 characters for all other countries.
The two-letter ISO 3166-2 state or province code.
Maximum length: 2 characters for addresses in the US.
The streetname of the house.
The ID of the card image. This is the image that will be printed on the full front of the card.
Overrides the carrier design ID defined in the configurationProfileId. The carrier is the letter or packaging to which the card is attached.
The ID of the carrier image. This is the image that will printed on the letter to which the card is attached.
The ID of the card configuration profile that contains the settings of the card. For example, the envelope and PIN mailer designs or the logistics company handling the shipment. All the settings in the profile are applied to the card, unless you provide other fields to override them.
For example, send the shipmentMethod to override the logistics company defined in the card configuration profile.
The three-letter ISO-4217 currency code of the card. For example, EUR.
Overrides the envelope design ID defined in the configurationProfileId.
Overrides the insert design ID defined in the configurationProfileId. An insert is any additional material, such as marketing materials, that are shipped together with the card.
List of two-letter ISO-639-1 language codes of the card. For example, [en,es].
The ID of the logo image. This is the image that will be printed on the partial front of the card, such as a logo on the upper right corner.
Overrides the PIN mailer design ID defined in the configurationProfileId. The PIN mailer is the letter on which the PIN is printed.
Overrides the logistics company defined in the configurationProfileId.
The CVC2 value of the card.
The CVC2 is not sent by default. This is only returned in the
POSTresponse for single-use virtual cards.
The delivery contact (name and address) for physical card delivery.
The address of the contact.
The name of the city.
The two-character ISO-3166-1 alpha-2 country code. For example, US.
If you don't know the country or are not collecting the country from the shopper, provide
countryasZZ.
The name of the street and the number of the building.
For example: Simon Carmiggeltstraat 6-50.
Additional information about the delivery address. For example, an apartment number.
Additional information about the delivery address.
The postal code. Maximum length:
- 5 digits for an address in the US.
- 10 characters for an address in all other countries.
The two-letter ISO 3166-2 state or province code. For example, CA in the US or ON in Canada.
Required for the US and Canada.
The company name of the contact.
The email address of the contact.
The name of the contact.
The first name.
The last name.
The phone of the contact.
The full phone number provided as a single string. For example, "0031 6 11 22 33 44", "+316/1122-3344",
or "(0031) 611223344".
Type of phone number. Possible values: Landline, Mobile.
The URL of the contact's website.
The expiration date of the card.
The month in which the card will expire.
The year in which the card will expire.
The form factor of the card. Possible values: virtual, physical.
Last last four digits of the card number.
The primary account number (PAN) of the card.
The PAN is masked by default and returned only for single-use virtual cards.
Allocates a specific product range for either a physical or a virtual card. Possible values: fullySupported, secureCorporate.
Reach out to your Adyen contact to get the values relevant for your integration.
Your description for the payment instrument, maximum 300 characters.
The unique identifier of the payment instrument.
The two-character ISO 3166-1 alpha-2 country code where the payment instrument is issued. For example, NL or US.
The unique identifier of the payment instrument group to which the payment instrument belongs.
Your reference for the payment instrument, maximum 150 characters.
The unique identifier of the new payment instrument
The unique identifier of the old payment instrument
The status of the payment instrument. If a status is not specified when creating a payment instrument, it is set to active by default. However, there can be exceptions for cards based on the card.formFactor and the issuingCountryCode. For example, when issuing physical cards in the US, the default status is inactive.
Possible values:
-
active: The payment instrument is active and can be used to make payments.
-
inactive: The payment instrument is inactive and cannot be used to make payments.
-
suspended: The payment instrument is suspended, either because it was stolen or lost.
-
closed: The payment instrument is permanently closed. This action cannot be undone.
The status comment provides additional information for the statusReason of the payment instrument.
The reason for the status of the payment instrument.
Possible values: accountClosure, damaged, endOfLife, expired, lost, stolen, suspectedFraud, transactionRule, other.
If the reason is other, you must also send the statusComment parameter describing the status change.
The type of payment instrument.
Possible values: card, bankAccount.
The processing type used for this payment. For example: ecommerce, pos, moto.
The reference of the payment.
The risk score provided by the card schemes.
The identifier of the original payment. This ID is provided by the scheme and can be alphanumeric or numeric, depending on the scheme.
The unique identifier created by the scheme. This ID can be alphanumeric or numeric depending on the scheme.
The list of transaction scores.
The type of score.
The value of the score.
The data of the result from the 3DS authentication.
The result from the performed authentication
The type of the performed authentication
Contains the results of the evaluation of the transaction rules.
The advice given by the Risk analysis.
Indicates whether the transaction passed the evaluation for all hardblock rules
The score of the Risk analysis.
Array containing all the transaction rules that the transaction triggered.
An explanation about why the transaction rule failed.
Contains information about the transaction rule.
The description of the resource.
The unique identifier of the resource.
The outcome type of the rule.
The reference for the resource.
The score of the rule in case it's a scoreBased rule.
Contains the type and ID of the resource to which the transaction rule is linked.
ID of the resource, when applicable.
Indicates the type of resource for which the transaction rule is defined.
Possible values:
-
PaymentInstrumentGroup
-
PaymentInstrument
-
BalancePlatform
-
EntityUsageConfiguration
-
PlatformRule: The transaction rule is a platform-wide rule imposed by Adyen.
Contains the checks that Adyen performed to validate the payment and the result of each.
The result of the check.
Possible values:
-
valid: The validation was successful.
-
invalid: The validation failed.
-
notValidated: The validation was not performed because some services were unreachable or Adyen does not have the information needed to perform the check.
-
notApplicable: The validation is not applicable.
Type of check.
When you receive a webhook, you must respond with an HTTP status code.
HTTP Responses
200 - OK
The request has succeeded.
authorisationDecisionobjectObject representing the authorization decision.
refusalReasonstringThe reason for refusing the authorization.
statusstringThe status of the authorization.
Possible values:
-
Authorised
-
Refused
For more information, refer to Use relayed authorization.
metadataobjectObject that contains key-value pairs that you can use in your reporting or other business process.
referencestringReference of the payment.
-
400 - Bad Request
A problem reading or understanding the request.
errorCodestringThe error code mapped to the error message.
errorTypestringThe category of the error.
messagestringA short explanation of the issue.
pspReferencestringThe PSP reference of the payment.
statusintegerThe HTTP response status.
401 - Unauthorized
Authentication required.
errorCodestringThe error code mapped to the error message.
errorTypestringThe category of the error.
messagestringA short explanation of the issue.
pspReferencestringThe PSP reference of the payment.
statusintegerThe HTTP response status.
403 - Forbidden
Insufficient permissions to process the request.
errorCodestringThe error code mapped to the error message.
errorTypestringThe category of the error.
messagestringA short explanation of the issue.
pspReferencestringThe PSP reference of the payment.
statusintegerThe HTTP response status.
422 - Unprocessable Entity
A request validation error.
errorCodestringThe error code mapped to the error message.
errorTypestringThe category of the error.
messagestringA short explanation of the issue.
pspReferencestringThe PSP reference of the payment.
statusintegerThe HTTP response status.
500 - Internal Server Error
The server could not process the request.
errorCodestringThe error code mapped to the error message.
errorTypestringThe category of the error.
messagestringA short explanation of the issue.
pspReferencestringThe PSP reference of the payment.
statusintegerThe HTTP response status.