Merchant Warrior API documentation

Login to Sandbox | Download PDF Version

Introduction

Merchant Warrior (MW) is an Australian based payment provider that offers a range of online payment solutions to Merchants worldwide.

MW is a Tier 1 PCI DSS certified provider. This qualification is obtained annually, after an independent audit carried out by a certified QSA and QPSAC.

This information has been provided to assist with the integration and implementation of services to the MW platform.

Production API Endpoint

https://api.merchantwarrior.com/post/

Sandbox API Endpoint

https://base.merchantwarrior.com/post/

Replace snippets below with your merchantUUID, apiKey and correct hash.

Direct API

The following sub-sections will outline the various API methods present in the Merchant Warrior Direct API.

Introduction

The Direct API provides you with a single integration point for processing to your Acquirer(s).

You will need to obtain a Merchant UUID, API Key and API passphrase in order to connect to the Direct API. These details will be issued to you when you create your MW account.

Request Format

API requests are submitted to the Direct API service using POST, and must be performed over HTTPS.

Available Methods

The Direct API service consists of the following methods:
processCard: Performs a purchase transaction on a customer’s credit card
processAuth: Performs a pre-authorization on a customer’s credit card
processCapture: Performs a capture request
processBatch: Submits a batch file for processing
retrieveBatch: Retrieves the batch status or processed batch file result
refundCard: Performs a refund request
queryCard: Queries previous credit card transactions
processDDebit: Performs a direct debit transaction on a customer’s bank account
queryDD: Queries previous direct debit transactions

Sample Request
curl -X POST https://api.merchantwarrior.com/post/ \ 
    -d method="processCard" \
    -d merchantUUID="5265f8eed6a19" \
    -d apiKey="ksmnwxab" \
    -d transactionAmount="1.00" \
    -d transactionCurrency="AUD" \
    -d transactionProduct="Test Product" \
    -d customerName="Test Customer" \
    -d customerCountry="AU" \
    -d customerState="QLD" \
    -d customerCity="Brisbane" \
    -d customerAddress="123 Test Street" \
    -d customerPostCode="4000" \
    -d customerPhone="61731665489" \
    -d customerEmail="[email protected]" \
    -d customerIP="1.1.1.1" \
    -d paymentCardName="Test Customer" \
    -d paymentCardNumber="5123456789012346" \
    -d paymentCardExpiry="0517" \
    -d paymentCardCSC="123" \
    -d hash="b55552ff426d7e3d4885465d27ea0062"
require 'net/http'
require 'uri'

uri = URI.parse("https://api.merchantwarrior.com/post/")
request = Net::HTTP::Post.new(uri)
request.set_form_data(
  'method' => 'processCard',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'transactionAmount' => '1.00',
  'transactionCurrency' => 'AUD',
  'transactionProduct' => 'Test Product',
  'customerName' => 'Test Customer',
  'customerCountry' => 'AU',
  'customerState' => 'QLD',
  'customerCity' => 'Brisbane',
  'customerAddress' => '123 Test Street',
  'customerPostCode' => '4000',
  'customerPhone' => '61731665489',
  'customerEmail' => [email protected]',
  'customerIP' => '1.1.1.1',
  'paymentCardName' => 'Test Customer',
  'paymentCardNumber' => '5123456789012346',
  'paymentCardExpiry' => '0517',
  'paymentCardCSC' => '123',
  'hash' => 'b55552ff426d7e3d4885465d27ea0062'
)

response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == "https") do |http|
  http.request(request)
end

puts response.body
import requests

data = {
  'method': 'processCard',
  'merchantUUID': '5265f8eed6a19',
  'apiKey': 'ksmnwxab',
  'transactionAmount': '1.00',
  'transactionCurrency': 'AUD',
  'transactionProduct': 'Test Product',
  'customerName': 'Test Customer',
  'customerCountry': 'AU',
  'customerState': 'QLD',
  'customerCity': 'Brisbane',
  'customerAddress': '123 Test Street',
  'customerPostCode': '4000',
  'customerPhone': '61731665489',
  'customerEmail': [email protected]',
  'customerIP': '1.1.1.1',
  'paymentCardName': 'Test Customer',
  'paymentCardNumber': '5123456789012346',
  'paymentCardExpiry': '0517',
  'paymentCardCSC': '123',
  'hash': 'b55552ff426d7e3d4885465d27ea0062'
}

r = requests.post('https://api.merchantwarrior.com/post/', data = data)

print(r.text)
<?php
// Setup the POST url
define('MW_API_ENDPOINT', 'https://api.merchantwarrior.com/post/');

// Setup POST data
$postData = array (
  'method' => 'processCard',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'transactionAmount' => '1.00',
  'transactionCurrency' => 'AUD',
  'transactionProduct' => 'Test Product',
  'customerName' => 'Test Customer',
  'customerCountry' => 'AU',
  'customerState' => 'QLD',
  'customerCity' => 'Brisbane',
  'customerAddress' => '123 Test Street',
  'customerPostCode' => '4000',
  'customerPhone' => '61731665489',
  'customerEmail' => [email protected]',
  'customerIP' => '1.1.1.1',
  'paymentCardName' => 'Test Customer',
  'paymentCardNumber' => '5123456789012346',
  'paymentCardExpiry' => '0517',
  'paymentCardCSC' => '123',
  'hash' => 'b55552ff426d7e3d4885465d27ea0062'
);

// Setup CURL defaults
$curl = curl_init();

// Setup CURL params for this request
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_URL, MW_API_ENDPOINT);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($postData, '', '&'));

// Run CURL
$response = curl_exec($curl);
$error = curl_error($curl);

// Check for CURL errors
if (isset($error) && strlen($error)) {
    throw new Exception("CURL Error: {$error}");
}

// Parse the XML
$xml = simplexml_load_string($response);

// Convert the result from a SimpleXMLObject into an array
$xml = (array)$xml;

// Validate the response - the only successful code is 0
$status = ((int)$xml['responseCode'] === 0) ? true : false;

// Make the response a little more useable
$result = array (
  'status' => $status, 
  'transactionID' => (isset($xml['transactionID']) ? $xml['transactionID'] : null),
  'responseData' => $xml
);

exit(var_dump($result));
?>
using System;
using System.Collections.Generic;
using System.Linq;

public class Program {
    public static void Main(string[] args) {
        using(var client = new System.Net.WebClient()) {
            byte[] response = client.UploadValues("https://api.merchantwarrior.com/post/", 
                    new System.Collections.Specialized.NameValueCollection() {
                        { "method", "processCard" },
                        { "merchantUUID", "578dd399d2373" },
                        { "apiKey", "dyqxkzse" },
                        { "transactionAmount", "1.00" },
                        { "transactionCurrency", "AUD" },
                        { "transactionProduct", "Test Product" },
                        { "customerName", "Test Customer" },
                        { "customerCountry", "AU" },
                        { "customerState", "QLD" },
                        { "customerCity", "Brisbane" },
                        { "customerAddress", "123 Test Street" },
                        { "customerPostCode", "4000" },
                        { "customerPhone", "61731665489" },
                        { "customerEmail", "[email protected]" },
                        { "customerIP", "1.1.1.1" },
                        { "paymentCardName", "Test Customer" },
                        { "paymentCardNumber", "5123456789012346" },
                        { "paymentCardExpiry", "0517" },
                        { "paymentCardCSC", "123" },
                        { "hash", "d0fb5716a2b85c743ed802bd5bd7284b" },
                    });
            String result = System.Text.Encoding.Default.GetString(response);
            Console.WriteLine(result);
        }
    }
}
Imports System
Imports System.Collections.Generic
Imports System.Linq

Public Module Program
    Public Sub Main(args As String())
        Using client = New System.Net.WebClient()
            Dim response As Byte() = client.UploadValues(
            "https://api.merchantwarrior.com/post/", 
            New System.Collections.Specialized.NameValueCollection() From { _
                {"method", "processCard"}, _
                {"merchantUUID", "578dd399d2373"}, _
                {"apiKey", "dyqxkzse"}, _
                {"transactionAmount", "1.00"}, _
                {"transactionCurrency", "AUD"}, _
                {"transactionProduct", "Test Product"}, _
                {"customerName", "Test Customer"}, _
                {"customerCountry", "AU"}, _
                {"customerState", "QLD"}, _
                {"customerCity", "Brisbane"}, _
                {"customerAddress", "123 Test Street"}, _
                {"customerPostCode", "4000"}, _
                {"customerPhone", "61731665489"}, _
                {"customerEmail", "[email protected]"}, _
                {"customerIP", "1.1.1.1"}, _
                {"paymentCardName", "Test Customer"}, _
                {"paymentCardNumber", "5123456789012346"}, _
                {"paymentCardExpiry", "0517"}, _
                {"paymentCardCSC", "123"}, _
                {"hash", "d0fb5716a2b85c743ed802bd5bd7284b"} _
            })
            Dim result As [String] = System.Text.Encoding.[Default].GetString(response)
            Console.WriteLine(result)
        End Using
    End Sub
End Module
import java.io.*;
import java.net.*;
import java.util.*;

public class Program{

    public static void main(String[] args) {
        try{
            URL url = new URL("https://api.merchantwarrior.com/post/");
            Map<String, String> params = new LinkedHashMap<>();
            params.put("method", "processCard");
            params.put("merchantUUID", "5265f8eed6a19");
            params.put("apiKey", "ksmnwxab");
            params.put("transactionAmount", "1.00");
            params.put("transactionCurrency", "AUD");
            params.put("transactionProduct", "TestProduct");
            params.put("customerName", "TestCustomer");
            params.put("customerCountry", "AU");
            params.put("customerState", "QLD");
            params.put("customerCity", "Brisbane");
            params.put("customerAddress", "TestStreet");
            params.put("customerPostCode", "4000");
            params.put("customerPhone", "61731665489");
            params.put("customerEmail", "[email protected]");
            params.put("customerIP", "1.1.1.1");
            params.put("paymentCardName", "TestCard");
            params.put("paymentCardNumber", "5123456789012346");
            params.put("paymentCardExpiry", "0517");
            params.put("paymentCardCSC", "123");
            params.put("hash", "b55552ff426d7e3d4885465d27ea0062");

            StringBuilder postData = new StringBuilder();
            for (Map.Entry<String, String> param : params.entrySet()) {
              if (postData.length() != 0) 
                postData.append('&');
              postData.append(param.getKey());
              postData.append('=');
              postData.append(param.getValue());
            }
            HttpURLConnection conn = (HttpURLConnection)url.openConnection();
            conn.setRequestMethod("POST");
            conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
            conn.setDoOutput(true);

            OutputStreamWriter writer = new OutputStreamWriter(conn.getOutputStream());
            writer.write(postData.toString());
            writer.flush();

            BufferedReader reader = new BufferedReader(
                new InputStreamReader(conn.getInputStream()));
            String line;
            StringBuilder sb = new StringBuilder();
            while((line = reader.readLine()) != null){
                sb.append(line);
            }
            System.out.println(sb.toString());
            writer.close();
            reader.close();
        }
        catch(Exception ex){
            ex.printStackTrace();
        }
    }

}

Sample Response
<?xml version="1.0" encoding="UTF-8"?>
<mwResponse>
    <responseCode>0</responseCode>
    <responseMessage>Transaction approved</responseMessage>
    <transactionID>1336-20be3569-b600-11e6-b9c3-005056b209e0</transactionID>
    <authCode>731357421</authCode>
    <receiptNo>731357421</receiptNo>
    <authMessage>Honour with identification</authMessage>
    <authResponseCode>08</authResponseCode>
    <authSettledDate>2016-11-29</authSettledDate>
    <custom1/>
    <custom2/>
    <custom3/>
    <customHash>65b172551b7d3a0706c0ce5330c98470</customHash>
</mwResponse>

processCard


The processCard method is the method used to perform a purchase request.

Request-Parameters

API Method

Parameter Required Description
method Required This field is case sensitive.
Example: processCard

Authentication Parameters

Parameter Required Description
merchantUUID Required The value of this parameter is provided to you by Merchant Warrior.
Example: 123456789abcd
apiKey Required The value of this parameter is provided to you by Merchant Warrior.
Example: 1a3b5c

General Transaction Parameters

Parameter Required Description
transactionAmount Required The amount must be formatted to have two decimal places. Any amounts without two decimal places or amounts less than one cent will be rejected.
Example: 10.00
transactionCurrency Required One of the following: AUD, CAD, EUR, GBP, JPY, NZD, SGD, USD. This is provider dependant. Please check with MW before attempting to process transactions in any currency other than AUD. This field is case insensitive.
Example: AUD
transactionProduct Required A product (or sale) id or description. We recommend using an order/product id. This field’s primary purpose is to help the transaction be identifiable for reporting and accounting purposes.
Example: ABC4321
Valid length: Up to 255 characters. Some Acquirers limit this field to 40 characters.
transactionReferenceID Not Required This is a merchant’s unique reference ID for a transaction sent to Merchant Warrior. The main purpose of this ID is to verify the transaction via the queryCard method in the event a valid response is not received.
Example: A257240023321
Valid length: Up to 40 characters

Customer Parameters

Parameter Required Description
customerName Required This field can only contain alphanumeric characters, as well as the full stop, comma, apostrophe, ampersand, space and hyphen characters.
Example: Mr. Example Person
Valid length: Between 2 and 255 characters
customerCountry Required Two letter ISO 3166-1 alpha-2 country code.
Example: AU
Valid length: 2 characters
customerState Required Freeform field, keep consistent for your records and reporting.
Example: Queensland
Valid length: Up to 75 characters
customerCity Required Freeform field, keep consistent for your records and reporting.
Example: Brisbane
Valid length: Up to 75 characters
customerAddress Required Freeform field.
Example: 123 Test Street
Valid length: Up to 255 characters
customerPostCode Required This can also accomodate ZIP/Post codes for international transactions.
Example: 4000
Valid length: Between 4 and 10 characters
customerPhone Not Required Anything other than +,-, space and 0-9 will be stripped.
Example: 0401234567 or 61731234567
Valid length: Up to 25 characters
customerEmail Not Required Must be valid if present. Sending this optional parameter is highly recommended.
Example: [email protected]
Valid length: Up to 255 characters
customerIP Not Required Any valid IPv4 or IPv6 address is accepted. Sending this optional parameter is highly recommended.
Example: 123.456.789.012 or 2001:0db8:85a3:0000:0000:8a2e:0370:7334
Valid length: Up to 39 characters
storeID Not Required The value of this field is the merchant’s store name. Please note that you need to contact Merchant Warrior to enable the storeID feature before you can use this parameter.
Example: Test store name

Payment Parameters

Parameter Required Description
paymentCardNumber Required Only certain card numbers are deemed valid in the test environment. See Test Data for more information. Do not send separators with the card number (e.g. 1234-5678… or 1234 5678).
Example: 5123456789012346 or 4557012345678902
Valid length: Between 13 and 16 digits
paymentCardExpiry Required This must be MMYY format. The month must be zero padded if it is less than 10.
Example: 0513
Valid length: 4 digits
paymentCardName Required This must contain at the very least a space and no less than two characters. Only alphanumeric characters, hyphens, spaces and full stops are allowed.
Example: Mr. Example Person or MR E PERSON or Example Person
Valid length: Between 3 and 255 characters
paymentCardCSC Not Required This is also known as the CVN or CVV/2. This is required by some Acquirers if the transaction is initiated by the customer. Please contact Merchant Warrior for more information.
Example: 123
Valid length: Between 3 and 4 characters

Custom Parameters

Parameter Required Description
custom1 Not Required Freeform field. Returned as <custom1> in the XML response.
Valid length: Up to 500 characters
custom2 Not Required Freeform field. Returned as <custom2> in the XML response.
Valid length: Up to 500 characters
custom3 Not Required Freeform field. Returned as <custom3> in the XML response.
Valid length: Up to 500 characters

Verification Hash

Parameter Required Description
hash Required The verification hash is a combination of the MD5 of your API Passphrase, and specific parameters sent in the transaction. See Transaction Type Hash for information on how to construct the hash correctly.
Example: e9ddc296b76b3398934bfc06239073df
Valid length: 32 characters
Sample Request
curl -X POST https://api.merchantwarrior.com/post/ \
    -d method="processAuth" \
    -d merchantUUID="5265f8eed6a19" \
    -d apiKey="ksmnwxab" \
    -d transactionAmount="1.00" \
    -d transactionCurrency="AUD" \
    -d transactionProduct="Test Product" \
    -d customerName="Test Customer" \
    -d customerCountry="AU" \
    -d customerState="QLD" \
    -d customerCity="Brisbane" \
    -d customerAddress="123 Test Street" \
    -d customerPostCode="4000" \
    -d customerPhone="61731665489" \
    -d customerEmail="[email protected]" \
    -d customerIP="1.1.1.1" \
    -d paymentCardName="Test Customer" \
    -d paymentCardNumber="5123456789012346" \
    -d paymentCardExpiry="0517" \
    -d paymentCardCSC="123" \
    -d hash="b55552ff426d7e3d4885465d27ea0062"
require 'net/http'
require 'uri'

uri = URI.parse("https://api.merchantwarrior.com/post/")
request = Net::HTTP::Post.new(uri)
request.set_form_data(
  'method' => 'processAuth',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'transactionAmount' => '1.00',
  'transactionCurrency' => 'AUD',
  'transactionProduct' => 'Test Product',
  'customerName' => 'Test Customer',
  'customerCountry' => 'AU',
  'customerState' => 'QLD',
  'customerCity' => 'Brisbane',
  'customerAddress' => '123 Test Street',
  'customerPostCode' => '4000',
  'customerPhone' => '61731665489',
  'customerEmail' => [email protected]',
  'customerIP' => '1.1.1.1',
  'paymentCardName' => 'Test Customer',
  'paymentCardNumber' => '5123456789012346',
  'paymentCardExpiry' => '0517',
  'paymentCardCSC' => '123',
  'hash' => 'b55552ff426d7e3d4885465d27ea0062'
)

response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == "https") do |http|
  http.request(request)
end

puts response.body
import requests

data = {
  'method' : 'processAuth',
  'merchantUUID' : '5265f8eed6a19',
  'apiKey' : 'ksmnwxab',
  'transactionAmount' : '1.00',
  'transactionCurrency' : 'AUD',
  'transactionProduct' : 'Test Product',
  'customerName' : 'Test Customer',
  'customerCountry' : 'AU',
  'customerState' : 'QLD',
  'customerCity' : 'Brisbane',
  'customerAddress' : '123 Test Street',
  'customerPostCode' : '4000',
  'customerPhone' : '61731665489',
  'customerEmail' : [email protected]',
  'customerIP' : '1.1.1.1',
  'paymentCardName' : 'Test Customer',
  'paymentCardNumber' : '5123456789012346',
  'paymentCardExpiry' : '0517',
  'paymentCardCSC' : '123',
  'hash' : 'b55552ff426d7e3d4885465d27ea0062'
}

r = requests.post('https://api.merchantwarrior.com/post/', data = data)

print(r.text)
<?php
// Setup the POST url
define('MW_API_ENDPOINT', 'https://api.merchantwarrior.com/post/');

// Setup POST data
$postData = array (
  'method' => 'processAuth',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'transactionAmount' => '1.00',
  'transactionCurrency' => 'AUD',
  'transactionProduct' => 'Test Product',
  'customerName' => 'Test Customer',
  'customerCountry' => 'AU',
  'customerState' => 'QLD',
  'customerCity' => 'Brisbane',
  'customerAddress' => '123 Test Street',
  'customerPostCode' => '4000',
  'customerPhone' => '61731665489',
  'customerEmail' => [email protected]',
  'customerIP' => '1.1.1.1',
  'paymentCardName' => 'Test Customer',
  'paymentCardNumber' => '5123456789012346',
  'paymentCardExpiry' => '0517',
  'paymentCardCSC' => '123',
  'hash' => 'b55552ff426d7e3d4885465d27ea0062'
);

// Setup CURL defaults
$curl = curl_init();

// Setup CURL params for this request
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_URL, MW_API_ENDPOINT);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($postData, '', '&'));

// Run CURL
$response = curl_exec($curl);
$error = curl_error($curl);

// Check for CURL errors
if (isset($error) && strlen($error)) {
    throw new Exception("CURL Error: {$error}");
}

// Parse the XML
$xml = simplexml_load_string($response);

// Convert the result from a SimpleXMLObject into an array
$xml = (array)$xml;

// Validate the response - the only successful code is 0
$status = ((int)$xml['responseCode'] === 0) ? true : false;

// Make the response a little more useable
$result = array (
  'status' => $status, 
  'transactionID' => (isset($xml['transactionID']) ? $xml['transactionID'] : null),
  'responseData' => $xml
);

exit(var_dump($result));
?>
using System;
using System.Collections.Generic;
using System.Linq;

public class Program {
    public static void Main(string[] args) {
        using(var client = new System.Net.WebClient()) {
            byte[] response = client.UploadValues("https://api.merchantwarrior.com/post/", 
                    new System.Collections.Specialized.NameValueCollection() {
                        { "method", "processAuth" },
                        { "merchantUUID", "578dd399d2373" },
                        { "apiKey", "dyqxkzse" },
                        { "transactionAmount", "1.00" },
                        { "transactionCurrency", "AUD" },
                        { "transactionProduct", "Test Product" },
                        { "customerName", "Test Customer" },
                        { "customerCountry", "AU" },
                        { "customerState", "QLD" },
                        { "customerCity", "Brisbane" },
                        { "customerAddress", "123 Test Street" },
                        { "customerPostCode", "4000" },
                        { "customerPhone", "61731665489" },
                        { "customerEmail", "[email protected]" },
                        { "customerIP", "1.1.1.1" },
                        { "paymentCardName", "Test Customer" },
                        { "paymentCardNumber", "5123456789012346" },
                        { "paymentCardExpiry", "0517" },
                        { "paymentCardCSC", "123" },
                        { "hash", "d0fb5716a2b85c743ed802bd5bd7284b" },
                    });
            String result = System.Text.Encoding.Default.GetString(response);
            Console.WriteLine(result);
            }
    }
}
Imports System
Imports System.Collections.Generic
Imports System.Linq

Public Module Program
    Public Sub Main(args As String())
        Using client = New System.Net.WebClient()
            Dim response As Byte() = client.UploadValues(
            "https://api.merchantwarrior.com/post/",
            New System.Collections.Specialized.NameValueCollection() From { _
                {"method", "processAuth"}, _
                {"merchantUUID", "578dd399d2373"}, _
                {"apiKey", "dyqxkzse"}, _
                {"transactionAmount", "1.00"}, _
                {"transactionCurrency", "AUD"}, _
                {"transactionProduct", "Test Product"}, _
                {"customerName", "Test Customer"}, _
                {"customerCountry", "AU"}, _
                {"customerState", "QLD"}, _
                {"customerCity", "Brisbane"}, _
                {"customerAddress", "123 Test Street"}, _
                {"customerPostCode", "4000"}, _
                {"customerPhone", "61731665489"}, _
                {"customerEmail", "[email protected]"}, _
                {"customerIP", "1.1.1.1"}, _
                {"paymentCardName", "Test Customer"}, _
                {"paymentCardNumber", "5123456789012346"}, _
                {"paymentCardExpiry", "0517"}, _
                {"paymentCardCSC", "123"}, _
                {"hash", "d0fb5716a2b85c743ed802bd5bd7284b"} _
            })
            Dim result As [String] = System.Text.Encoding.[Default].GetString(response)
            Console.WriteLine(result)
        End Using
    End Sub
End Module
import java.io.*;
import java.net.*;
import java.util.*;

public class Program{

    public static void main(String[] args) {
        try{
            URL url = new URL("https://api.merchantwarrior.com/post/");
            Map<String, String> params = new LinkedHashMap<>();
            params.put("method", "processAuth");
            params.put("merchantUUID", "5265f8eed6a19");
            params.put("apiKey", "ksmnwxab");
            params.put("transactionAmount", "1.00");
            params.put("transactionCurrency", "AUD");
            params.put("transactionProduct", "TestProduct");
            params.put("customerName", "TestCustomer");
            params.put("customerCountry", "AU");
            params.put("customerState", "QLD");
            params.put("customerCity", "Brisbane");
            params.put("customerAddress", "TestStreet");
            params.put("customerPostCode", "4000");
            params.put("customerPhone", "61731665489");
            params.put("customerEmail", "[email protected]");
            params.put("customerIP", "1.1.1.1");
            params.put("paymentCardName", "TestCard");
            params.put("paymentCardNumber", "5123456789012346");
            params.put("paymentCardExpiry", "0517");
            params.put("paymentCardCSC", "123");
            params.put("hash", "b55552ff426d7e3d4885465d27ea0062");

            StringBuilder postData = new StringBuilder();
            for (Map.Entry<String, String> param : params.entrySet()) {
              if (postData.length() != 0) 
                postData.append('&');
              postData.append(param.getKey());
              postData.append('=');
              postData.append(param.getValue());
            }
            HttpURLConnection conn = (HttpURLConnection)url.openConnection();
            conn.setRequestMethod("POST");
            conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
            conn.setDoOutput(true);

            OutputStreamWriter writer = new OutputStreamWriter(conn.getOutputStream());
            writer.write(postData.toString());
            writer.flush();

            BufferedReader reader = new BufferedReader(
                new InputStreamReader(conn.getInputStream()));
            String line;
            StringBuilder sb = new StringBuilder();
            while((line = reader.readLine()) != null){
                sb.append(line);
            }
            System.out.println(sb.toString());
            writer.close();
            reader.close();
        }
        catch(Exception ex){
            ex.printStackTrace();
        }
    }

}

Sample Response
<?xml version="1.0" encoding="UTF-8"?>
<mwResponse>
    <responseCode>0</responseCode>
    <responseMessage>Transaction approved</responseMessage>
    <transactionID>1336-37edc560-b601-11e6-b9c3-005056b209e0</transactionID>
    <authCode>731357433</authCode>
    <receiptNo>731357433</receiptNo>
    <authMessage>Honour with identification</authMessage>
    <authResponseCode>08</authResponseCode>
    <authSettledDate>2016-11-29</authSettledDate>
    <custom1/>
    <custom2/>
    <custom3/>
    <customHash>65b172551b7d3a0706c0ce5330c98470</customHash>
</mwResponse>

processAuth


The processAuth method is used to perform a pre-authorization request.

Request-Parameters

API Method

Parameter Required Description
method Required This field is case sensitive.
Example: processAuth

Authentication Parameters

Parameter Required Description
merchantUUID Required The value of this parameter is provided to you by Merchant Warrior.
Example: 123456789abcd
apiKey Required The value of this parameter is provided to you by Merchant Warrior.
Example: 1a3b5c

General Transaction Parameters

Parameter Required Description
transactionAmount Required The amount must be formatted to have two decimal places. Any amounts without two decimal places or amounts less than one cent will be rejected.
Example: 10.00
transactionCurrency Required One of the following: AUD, CAD, EUR, GBP, JPY, NZD, SGD, USD. This is provider dependant. Please check with MW before attempting to process transactions in any currency other than AUD. This field is case insensitive.
Example: AUD
transactionProduct Required A product (or sale) id or description. We recommend using an order/product id. This field’s primary purpose is to help the transaction be identifiable for reporting and accounting purposes.
Example: ABC4321
Valid length: Up to 255 characters. Some Acquirers limit this field to 40 characters.
transactionReferenceID Not Required This is a merchant’s unique reference ID for a transaction sent to Merchant Warrior. The main purpose of this ID is to verify the transaction via the queryCard method in the event a valid response is not received.
Example: A257240023321
Valid length: Up to 40 characters

Customer Parameters

Parameter Required Description
customerName Required This field can only contain alphanumeric characters, as well as the full stop, comma, apostrophe, ampersand, space and hyphen characters.
Example: Mr. Example Person
Valid length: Between 2 and 255 characters
customerCountry Required Two letter ISO 3166-1 alpha-2 country code.
Example: AU
Valid length: 2 characters
customerState Required Freeform field, keep consistent for your records and reporting.
Example: Queensland
Valid length: Up to 75 characters
customerCity Required Freeform field, keep consistent for your records and reporting.
Example: Brisbane
Valid length: Up to 75 characters
customerAddress Required Freeform field.
Example: 123 Test Street
Valid length: Up to 255 characters
customerPostCode Required This can also accomodate ZIP/Post codes for international transactions.
Example: 4000
Valid length: Between 4 and 10 characters
customerPhone Not Required Anything other than +,-, space and 0-9 will be stripped.
Example: 0401234567 or 61731234567
Valid length: Up to 25 characters
customerEmail Not Required Sending this optional parameter is highly recommended.
Example: [email protected]
Valid length: Up to 255 characters
customerIP Not Required Any valid IPv4 or IPv6 address is accepted. Sending this optional parameter is highly recommended.
Example: 123.456.789.012 or 2001:0db8:85a3:0000:0000:8a2e:0370:7334
Valid length: Up to 39 characters
storeID Not Required The value of this field is the merchant’s store name. Please note that you need to contact Merchant Warrior to enable the storeID feature before you can use this parameter.
Example: Test store name

Payment Parameters

Parameter Required Description
paymentCardNumber Required Only certain card numbers are deemed valid in the test environment. See Test Data for more information. Do not send separators with the card number (e.g. 1234-5678… or 1234 5678).
Example: 5123456789012346 or 4557012345678902
Valid length: Between 13 and 16 digits
paymentCardExpiry Required This must be MMYY format. The month must be zero padded if it is less than 10.
Example: 0513
Valid length: 4 digits
paymentCardName Required This must contain at the very least a space and no less than two characters. Only alphanumeric characters, hyphens, spaces and full stops are allowed.
Example: Mr. Example Person or MR E PERSON or Example Person
Valid length: Between 3 and 255 characters
paymentCardCSC Not Required This is also known as the CVN or CVV/2. This is required by some Acquirers if the transaction is initiated by the customer. Please contact Merchant Warrior for more information.
Example: 123
Valid length: Between 3 and 4 characters

Custom Parameters

Parameter Required Description
custom1 Not Required Freeform field. Returned as <custom1> in the XML response.
Valid length: Up to 500 characters
custom2 Not Required Freeform field. Returned as <custom2> in the XML response.
Valid length: Up to 500 characters
custom3 Not Required Freeform field. Returned as <custom3> in the XML response.
Valid length: Up to 500 characters

Verification Hash

Parameter Required Description
hash Required The verification hash is a combination of the MD5 of your API Passphrase, and specific parameters sent in the transaction. See Transaction Type Hash for information on how to construct the hash correctly.
Example: e9ddc296b76b3398934bfc06239073df
Valid length: 32 characters
Sample Request
curl -X POST https://api.merchantwarrior.com/post/ \
  -d method="processCapture" \
  -d merchantUUID="5265f8eed6a19" \
  -d apiKey="ksmnwxab" \
  -d transactionAmount="1.00" \
  -d transactionCurrency="AUD" \
  -d transactionID="1336-37edc560-b601-11e6-b9c3-005056b209e0"
  -d captureAmount="1.00"
  -d hash="b55552ff426d7e3d4885465d27ea0062"
require 'net/http'
require 'uri'

uri = URI.parse("https://api.merchantwarrior.com/post/")
request = Net::HTTP::Post.new(uri)
request.set_form_data(
  'method' => 'processCapture',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'transactionAmount' => '1.00',
  'transactionCurrency' => 'AUD',
  'transactionID' => '1336-37edc560-b601-11e6-b9c3-005056b209e0',
  'captureAmount' => '1.00',
  'hash' => 'b55552ff426d7e3d4885465d27ea0062'
)

response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == "https") do |http|
  http.request(request)
end

puts response.body
import requests

data = {
  'method' : 'processCapture',
  'merchantUUID' : '5265f8eed6a19',
  'apiKey' : 'ksmnwxab',
  'transactionAmount' : '1.00',
  'transactionCurrency' : 'AUD',
  'transactionID' : '1336-37edc560-b601-11e6-b9c3-005056b209e0',
  'captureAmount' : '1.00',
  'hash' : 'b55552ff426d7e3d4885465d27ea0062'
}

r = requests.post('https://api.merchantwarrior.com/post/', data = data)

print(r.text)
<?php
// Setup the POST url
define('MW_API_ENDPOINT', 'https://api.merchantwarrior.com/post/');

// Setup POST data
$postData = array (
  'method' => 'processCapture',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'transactionAmount' => '1.00',
  'transactionCurrency' => 'AUD',
  'transactionID' => '1336-37edc560-b601-11e6-b9c3-005056b209e0',
  'captureAmount' => '1.00',
  'hash' => 'b55552ff426d7e3d4885465d27ea0062'
);

// Setup CURL defaults
$curl = curl_init();

// Setup CURL params for this request
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_URL, MW_API_ENDPOINT);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($postData, '', '&'));

// Run CURL
$response = curl_exec($curl);
$error = curl_error($curl);

// Check for CURL errors
if (isset($error) && strlen($error)) {
  throw new Exception("CURL Error: {$error}");
}

// Parse the XML
$xml = simplexml_load_string($response);

// Convert the result from a SimpleXMLObject into an array
$xml = (array)$xml;

// Validate the response - the only successful code is 0
$status = ((int)$xml['responseCode'] === 0) ? true : false;

// Make the response a little more useable
$result = array (
  'status' => $status, 
  'transactionID' => (isset($xml['transactionID']) ? $xml['transactionID'] : null),
  'responseData' => $xml
);

exit(var_dump($result));
?>
using System;
using System.Collections.Generic;
using System.Linq;

public class Program {
    public static void Main(string[] args) {
        using(var client = new System.Net.WebClient()) {
            byte[] response = client.UploadValues("https://api.merchantwarrior.com/post/", 
                    new System.Collections.Specialized.NameValueCollection() {
                        { "method", "processCapture" },
                        { "merchantUUID", "578dd399d2373" },
                        { "apiKey", "dyqxkzse" },
                        { "transactionAmount", "1.00" },
                        { "transactionCurrency", "AUD" },
                        { "transactionID", "1336-37edc560-b601-11e6-b9c3-005056b209e0" },
                        { "captureAmount", "1.00" },                        
                        { "hash", "d0fb5716a2b85c743ed802bd5bd7284b" },
                    });
            String result = System.Text.Encoding.Default.GetString(response);
            Console.WriteLine(result);
            }
    }
}
Imports System
Imports System.Collections.Generic
Imports System.Linq

Public Module Program
    Public Sub Main(args As String())
        Using client = New System.Net.WebClient()
            Dim response As Byte() = client.UploadValues(
            "https://api.merchantwarrior.com/post/",
            New System.Collections.Specialized.NameValueCollection() From { _
                {"method", "processCapture"}, _
                {"merchantUUID", "578dd399d2373"}, _
                {"apiKey", "dyqxkzse"}, _
                {"transactionAmount", "1.00"}, _
                {"transactionCurrency", "AUD"}, _
                {"transactionID", "1336-37edc560-b601-11e6-b9c3-005056b209e0"}, _
                {"captureAmount", "1.00"}, _
                {"hash", "d0fb5716a2b85c743ed802bd5bd7284b"} _
            })
            Dim result As [String] = System.Text.Encoding.[Default].GetString(response)
            Console.WriteLine(result)
        End Using
    End Sub
End Module
import java.io.*;
import java.net.*;
import java.util.*;

public class Program{

    public static void main(String[] args) {
        try{
            URL url = new URL("https://api.merchantwarrior.com/post/");
            Map<String, String> params = new LinkedHashMap<>();
            params.put("method", "processCapture");
            params.put("merchantUUID", "5265f8eed6a19");
            params.put("apiKey", "ksmnwxab");
            params.put("transactionAmount", "1.00");
            params.put("transactionCurrency", "AUD");
            params.put("transactionID", "1336-37edc560-b601-11e6-b9c3-005056b209e0");
            params.put("captureAmount", "1.00");
            params.put("hash", "b55552ff426d7e3d4885465d27ea0062");

            StringBuilder postData = new StringBuilder();
            for (Map.Entry<String, String> param : params.entrySet()) {
              if (postData.length() != 0) 
                postData.append('&');
              postData.append(param.getKey());
              postData.append('=');
              postData.append(param.getValue());
            }
            HttpURLConnection conn = (HttpURLConnection)url.openConnection();
            conn.setRequestMethod("POST");
            conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
            conn.setDoOutput(true);

            OutputStreamWriter writer = new OutputStreamWriter(conn.getOutputStream());
            writer.write(postData.toString());
            writer.flush();

            BufferedReader reader = new BufferedReader(
                new InputStreamReader(conn.getInputStream()));
            String line;
            StringBuilder sb = new StringBuilder();
            while((line = reader.readLine()) != null){
                sb.append(line);
            }
            System.out.println(sb.toString());
            writer.close();
            reader.close();
        }
        catch(Exception ex){
            ex.printStackTrace();
        }
    }

}

Sample Response
<?xml version="1.0" encoding="UTF-8"?>
<mwResponse>
  <responseCode>0</responseCode>
  <responseMessage>Transaction approved</responseMessage>
  <transactionID>1336-fe4d3be6-b604-11e6-b9c3-005056b209e0</transactionID>
  <authCode>731357526</authCode>
  <receiptNo>731357526</receiptNo>
  <authMessage>Approved or completed successfully</authMessage>
  <authResponseCode>00</authResponseCode>
  <authSettledDate>2016-11-30</authSettledDate>
  <custom1/>
  <custom2/>
  <custom3/>
  <customHash>65b172551b7d3a0706c0ce5330c98470</customHash>
</mwResponse>

processCapture


The processCapture method is used to perform a capture request.

Request-Parameters

API Method

Parameter Required Description
method Required This field is case sensitive.
Example: processCapture

Authentication Parameters

Parameter Required Description
merchantUUID Required The value of this parameter is provided to you by Merchant Warrior.
Example: 123456789abcd
apiKey Required The value of this parameter is provided to you by Merchant Warrior.
Example: 1a3b5c

General Transaction Parameters

Parameter Required Description
transactionAmount Required This amount must be the exact amount submitted with the initial transaction. This is used in the verification hash, and is not the amount that will be refunded.
Example: 10.00
transactionCurrency Required One of the following: AUD, CAD, EUR, GBP, JPY, NZD, SGD, USD. This is provider dependant. Please check with MW before attempting to process transactions in any currency other than AUD. This field is case insensitive.
Example: AUD

Capture Parameters

Parameter Required Description
transactionID Required The <transactionID> is provided to you by Merchant Warrior after an initial pre-authorization (processAuth) transaction.
Example: 1-a1c340c8-7c30-11de-8888-000c29753ad4
transactionReferenceID Not Required This is a merchant’s unique reference ID for a transaction sent to Merchant Warrior. The main purpose of this ID is to verify the transaction via the queryCard method in the event a valid response is not received.
Example: A257240023321
Valid length: Up to 40 characters
captureAmount Required The amount is in the same format as transactionAmount. It cannot be less than 0.01 or more than the initial transaction amount.
Example: 10.00

Verification Hash

Parameter Required Description
hash Required The verification hash is a combination of the MD5 of your API Passphrase, and specific parameters sent in the transaction. See Transaction Type Hash for information on how to construct the hash correctly.
Example: e9ddc296b76b3398934bfc06239073df
Valid length: 32 characters
Sample Request
  curl -X POST https://api.merchantwarrior.com/post/ \
  -F "method=processBatch" \
  -F "merchantUUID=5265f8eed6a19" \
  -F "apiKey=ksmnwxab" \
  -F "batchNotifyURL=https://www.mydomain.com/notify" \
  -F "[email protected]" \
  -F "fileHash=eaf937db33027ba345d0d8a788460b81" \
  -F "urlHash=f06d19d9d7311cdcdfc37534a7fd0ea4"
require 'net/http'
require 'uri'

uri = URI.parse("https://api.merchantwarrior.com/post/")
request = Net::HTTP::Post.new(uri)
request.set_form_data(
  'method' => 'processBatch',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'batchNotifyURL' => 'https://www.mydomain.com/notify',
  'batchFile' => [email protected]',
  'fileHash' => 'eaf937db33027ba345d0d8a788460b81',
  'urlHash' => 'f06d19d9d7311cdcdfc37534a7fd0ea4'
)

response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == "https") do |http|
  http.request(request)
end

puts response.body
import requests

data = {
  'method' : 'processBatch',
  'merchantUUID' : '5265f8eed6a19',
  'apiKey' : 'ksmnwxab',
  'batchNotifyURL' : 'https://www.mydomain.com/notify',
  'batchFile' : [email protected]',
  'fileHash' : 'eaf937db33027ba345d0d8a788460b81',
  'urlHash' : 'f06d19d9d7311cdcdfc37534a7fd0ea4'
}

r = requests.post('https://api.merchantwarrior.com/post/', data = data)

print(r.text)
<?php
// Setup the POST url
define('MW_API_ENDPOINT', 'https://api.merchantwarrior.com/post/');

// Setup POST data
$postData = array (
  'method' => 'processBatch',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'batchNotifyURL' => 'https://www.mydomain.com/notify',
  'batchFile' => [email protected]',
  'fileHash' => 'eaf937db33027ba345d0d8a788460b81',
  'urlHash' => 'f06d19d9d7311cdcdfc37534a7fd0ea4'
);

// Setup CURL defaults
$curl = curl_init();

// Setup CURL params for this request
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_URL, MW_API_ENDPOINT);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($postData, '', '&'));

// Run CURL
$response = curl_exec($curl);
$error = curl_error($curl);

// Check for CURL errors
if (isset($error) && strlen($error)) {
  throw new Exception("CURL Error: {$error}");
}

// Parse the XML
$xml = simplexml_load_string($response);

// Convert the result from a SimpleXMLObject into an array
$xml = (array)$xml;

// Validate the response - the only successful code is 0
$status = ((int)$xml['responseCode'] === 0) ? true : false;

// Make the response a little more useable
$result = array (
  'status' => $status, 
  'transactionID' => (isset($xml['transactionID']) ? $xml['transactionID'] : null),
  'responseData' => $xml
);

exit(var_dump($result));
?>
using System;
using System.Collections.Generic;
using System.Linq;

public class Program {
    public static void Main(string[] args) {
        using(var client = new System.Net.WebClient()) {
            byte[] response = client.UploadValues("https://api.merchantwarrior.com/post/", 
                    new System.Collections.Specialized.NameValueCollection() {
                        { "method", "processBatch" },
                        { "merchantUUID", "578dd399d2373" },
                        { "apiKey", "dyqxkzse" },
                        { "batchNotifyURL", "https://www.mydomain.com/notify" },
                        { "batchFile", "@Batch.zip" },
                        { "fileHash", "eaf937db33027ba345d0d8a788460b81" },
                        { "urlHash", "f06d19d9d7311cdcdfc37534a7fd0ea4" },                       
                    });
            String result = System.Text.Encoding.Default.GetString(response);
            Console.WriteLine(result);
            }
    }
}
Imports System
Imports System.Collections.Generic
Imports System.Linq

Public Module Program
    Public Sub Main(args As String())
        Using client = New System.Net.WebClient()
            Dim response As Byte() = client.UploadValues(
            "https://api.merchantwarrior.com/post/",
            New System.Collections.Specialized.NameValueCollection() From { _
                {"method", "processBatch"}, _
                {"merchantUUID", "578dd399d2373"}, _
                {"apiKey", "dyqxkzse"}, _
                {"batchNotifyURL", "https://www.mydomain.com/notify"}, _
                {"batchFile", "@Batch.zip"}, _
                {"fileHash", "eaf937db33027ba345d0d8a788460b81"}, _
                {"urlHash", "f06d19d9d7311cdcdfc37534a7fd0ea4"} _
            })
            Dim result As [String] = System.Text.Encoding.[Default].GetString(response)
            Console.WriteLine(result)
        End Using
    End Sub
End Module
import java.io.*;
import java.net.*;
import java.util.*;

public class Program{

    public static void main(String[] args) {
        try{
            URL url = new URL("https://api.merchantwarrior.com/post/");
            Map<String, String> params = new LinkedHashMap<>();
            params.put("method", "processBatch");
            params.put("merchantUUID", "5265f8eed6a19");
            params.put("apiKey", "ksmnwxab");
            params.put("batchNotifyURL", "https://www.mydomain.com/notify");
            params.put("batchFile", "@Batch.zip");
            params.put("fileHash", "eaf937db33027ba345d0d8a788460b81");
            params.put("urlHash", "f06d19d9d7311cdcdfc37534a7fd0ea4");          

            StringBuilder postData = new StringBuilder();
            for (Map.Entry<String, String> param : params.entrySet()) {
              if (postData.length() != 0) 
                postData.append('&');
              postData.append(param.getKey());
              postData.append('=');
              postData.append(param.getValue());
            }
            HttpURLConnection conn = (HttpURLConnection)url.openConnection();
            conn.setRequestMethod("POST");
            conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
            conn.setDoOutput(true);

            OutputStreamWriter writer = new OutputStreamWriter(conn.getOutputStream());
            writer.write(postData.toString());
            writer.flush();

            BufferedReader reader = new BufferedReader(
                new InputStreamReader(conn.getInputStream()));
            String line;
            StringBuilder sb = new StringBuilder();
            while((line = reader.readLine()) != null){
                sb.append(line);
            }
            System.out.println(sb.toString());
            writer.close();
            reader.close();
        }
        catch(Exception ex){
            ex.printStackTrace();
        }
    }

}

Sample Response
<?xml version="1.0" encoding="UTF-8"?>
<mwResponse>
  <responseCode>0</responseCode>
  <responseMessage>Batch has been successfully submitted.</responseMessage>
  <batchUUID>1336583d3a953ce2d</batchUUID>
</mwResponse>

processBatch


The processBatch method enables merchants to securely automate the processing of batch files containing credit card, token transaction data or bank accounts. This method accepts and processes compressed .csv files directly via the Direct API and should be implemented when automating a large number of transactions is a requirement.

The processBatch method will process a batch file and automatically issue a notification via POST to the merchant’s application when the batch file has completed processing. The batch response file (containing the results to all transactions processed via the original batch file) can be sent (and compressed) with the POST notification if requested by the merchant.

Sample process and response batch files can be found at the Sample Files section.

Request-Parameters

API Method

Parameter Required Description
method Required This field is case sensitive.
Example: processBatch

Authentication Parameters

Parameter Required Description
merchantUUID Required The value of this parameter is provided to you by Merchant Warrior.
Example: 123456789abcd
apiKey Required The value of this parameter is provided to you by Merchant Warrior.
Example: 1a3b5c

General Batch Parameters

Parameter Required Description
batchNotifyURL Required Asynchronous POST notifications will be sent to this URL.
Example: https://www.example.com/notify.php
batchResponseFileAttach Not Required The value is a boolean to denote whether a response file should be attached with the asynchronous POST notifications.
Example: 1
batchResponseFileCompress Not Required The value is a boolean to denote whether the response file should be compressed (.zip).
Example: 1

Batch File Parameters

Parameter Required Description
batchFile Required The batch file must be in CSV format (.csv) and compressed (.zip).
Example: Batch.zip
fileHash Required The hash of the batch file. See Batch File Hash for information on how to construct the hash correctly.
Example: e9ddc296b76b3398934bfc06239073df
Valid length: 32 characters

Verification Hash

Parameter Required Description
urlHash Required The hash of the batchNotifyURL. See Batch URL Hash for information on how to construct the hash correctly.
Example: 511999e54b9ad51ce4c28d7f0550ac81
Valid length: 32 characters
Sample Request
curl -X POST https://api.merchantwarrior.com/post/ \
  -d method="retrieveBatch" \
  -d merchantUUID="5265f8eed6a19" \
  -d apiKey="ksmnwxab" \
  -d batchUUID="1336583d3a953df2d" \
  -d hash="fb0e9b2a729d0fda759ui658cb8c2b20"
require 'net/http'
require 'uri'

uri = URI.parse("https://api.merchantwarrior.com/post/")
request = Net::HTTP::Post.new(uri)
request.set_form_data(
  'method' => 'retrieveBatch',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'batchUUID' => '1336583d3a953df2d',
  'hash' => 'fb0e9b2a729d0fda759ui658cb8c2b20'
)

response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == "https") do |http|
  http.request(request)
end

puts response.body
import requests

data = {
  'method' : 'retrieveBatch',
  'merchantUUID' : '5265f8eed6a19',
  'apiKey' : 'ksmnwxab',
  'batchUUID' : '1336583d3a953df2d',
  'hash' : 'fb0e9b2a729d0fda759ui658cb8c2b20'
}

r = requests.post('https://api.merchantwarrior.com/post/', data = data)

print(r.text)
<?php
// Setup the POST url
define('MW_API_ENDPOINT', 'https://api.merchantwarrior.com/post/');

// Setup POST data
$postData = array (
  'method' => 'retrieveBatch',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'batchUUID' => '1336583d3a953df2d',
  'hash' => 'fb0e9b2a729d0fda759ui658cb8c2b20'
);

// Setup CURL defaults
$curl = curl_init();

// Setup CURL params for this request
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_URL, MW_API_ENDPOINT);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($postData, '', '&'));

// Run CURL
$response = curl_exec($curl);
$error = curl_error($curl);

// Check for CURL errors
if (isset($error) && strlen($error)) {
    throw new Exception("CURL Error: {$error}");
}

// Parse the XML
$xml = simplexml_load_string($response);

// Convert the result from a SimpleXMLObject into an array
$xml = (array)$xml;

// Validate the response - the only successful code is 0
$status = ((int)$xml['responseCode'] === 0) ? true : false;

// Make the response a little more useable
$result = array (
  'status' => $status, 
  'transactionID' => (isset($xml['transactionID']) ? $xml['transactionID'] : null),
  'responseData' => $xml
);

exit(var_dump($result));
?>
using System;
using System.Collections.Generic;
using System.Linq;

public class Program {
    public static void Main(string[] args) {
        using(var client = new System.Net.WebClient()) {
            byte[] response = client.UploadValues("https://api.merchantwarrior.com/post/", 
                    new System.Collections.Specialized.NameValueCollection() {
                        { "method", "retrieveBatch" },
                        { "merchantUUID", "578dd399d2373" },
                        { "apiKey", "dyqxkzse" },
                        { "batchUUID", "1336583d3a953df2d" },                       
                        { "hash", "d0fb5716a2b85c743ed802bd5bd7284b" },
                    });
            String result = System.Text.Encoding.Default.GetString(response);
            Console.WriteLine(result);
            }
    }
}
Imports System
Imports System.Collections.Generic
Imports System.Linq

Public Module Program
    Public Sub Main(args As String())
        Using client = New System.Net.WebClient()
            Dim response As Byte() = client.UploadValues(
            "https://api.merchantwarrior.com/post/", 
            New System.Collections.Specialized.NameValueCollection() From { _
                {"method", "retrieveBatch"}, _
                {"merchantUUID", "578dd399d2373"}, _
                {"apiKey", "dyqxkzse"}, _
                {"batchUUID", "1336583d3a953df2d"}, _
                {"hash", "d0fb5716a2b85c743ed802bd5bd7284b"} _
            })
            Dim result As [String] = System.Text.Encoding.[Default].GetString(response)
            Console.WriteLine(result)
        End Using
    End Sub
End Module
import java.io.*;
import java.net.*;
import java.util.*;

public class Program{

    public static void main(String[] args) {
        try{
            URL url = new URL("https://api.merchantwarrior.com/post/");
            Map<String, String> params = new LinkedHashMap<>();
            params.put("method", "retrieveBatch");
            params.put("merchantUUID", "5265f8eed6a19");
            params.put("apiKey", "ksmnwxab");
            params.put("batchUUID", "1336583d3a953df2d");
            params.put("hash", "fb0e9b2a729d0fda759ui658cb8c2b20");

            StringBuilder postData = new StringBuilder();
            for (Map.Entry<String, String> param : params.entrySet()) {
              if (postData.length() != 0) 
                postData.append('&');
                postData.append(param.getKey());
                postData.append('=');
                postData.append(param.getValue());
            }
            HttpURLConnection conn = (HttpURLConnection)url.openConnection();
            conn.setRequestMethod("POST");
            conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
            conn.setDoOutput(true);

            OutputStreamWriter writer = new OutputStreamWriter(conn.getOutputStream());
            writer.write(postData.toString());
            writer.flush();

            BufferedReader reader = new BufferedReader(
                new InputStreamReader(conn.getInputStream()));
            String line;
            StringBuilder sb = new StringBuilder();
            while((line = reader.readLine()) != null){
                sb.append(line);
            }
            System.out.println(sb.toString());
            writer.close();
            reader.close();
        }
        catch(Exception ex){
            ex.printStackTrace();
        }
    }

}

Sample Response
"Transaction ID","Result","Amount","Currency","Created Date","Created Time","Processed Date","Processed Time","Card Name/Card ID","Card Number/Card Key","Custom 1","Custom 2","Custom 3","Store ID","Type","MW Response","Provider Response"
"1336-45a61a65-b60e-11e6-b9c3-005056b209e0","Fail","23.00","AUD","29/11/2016","18:31:49","29/11/2016","18:31:49","Test Customer","5123xxxxxxxx2346","JaYfKnIbVlAx","NyYiVwKwFcUk","VyJvNpVgWgUu","","purchase","Transaction declined","42 - No universal account"
"1336-45e0d356-b60e-11e6-b9c3-005056b209e0","Fail","58.00","AUD","29/11/2016","18:31:49","29/11/2016","18:31:50","Test Customer","5123xxxxxxxx2346","YvMcYhKwPtNo","ReMkHxIsKaFe","WuYiJhWoOuUq","","purchase","Transaction declined","42 - No universal account"
"1336-460cc7af-b60e-11e6-b9c3-005056b209e0","Fail","95.00","AUD","29/11/2016","18:31:50","29/11/2016","18:31:50","Test Customer","5123xxxxxxxx2346","WmVaZgVcNmIi","BlVkOnKoMsHo","PtEwVqShSnWp","","purchase","Transaction declined","42 - No universal account"
"1336-463779d5-b60e-11e6-b9c3-005056b209e0","Fail","84.00","AUD","29/11/2016","18:31:50","29/11/2016","18:31:50","Test Customer","5123xxxxxxxx2346","WhSkJgUxDaDr","JxMmMrAjUeJp","SpMtMtReQwHo","","purchase","Transaction declined","42 - No universal account"
"1336-465d56ec-b60e-11e6-b9c3-005056b209e0","Fail","36.00","AUD","29/11/2016","18:31:50","29/11/2016","18:31:50","Test Customer","5123xxxxxxxx2346","NpAvSjMjShOo","MsIdHfBdBeVx","TkIlCoQjDvCd","","purchase","Transaction declined","42 - No universal account"
"1336-468b285d-b60e-11e6-b9c3-005056b209e0","Fail","76.00","AUD","29/11/2016","18:31:50","29/11/2016","18:31:51","Test Customer","5123xxxxxxxx2346","ZsVfXdAtWxGd","ZeChZtSlZxLp","QtKhXnSoTjDv","","purchase","Transaction declined","42 - No universal account"
"1336-46b4bf03-b60e-11e6-b9c3-005056b209e0","Fail","41.00","AUD","29/11/2016","18:31:51","29/11/2016","18:31:51","Test Customer","5123xxxxxxxx2346","DbCpNjWsBaSe","XdErQtJkVoUh","AmYdWjSwEmEs","","purchase","Transaction declined","42 - No universal account"
"1336-46e0e0d5-b60e-11e6-b9c3-005056b209e0","Fail","62.00","AUD","29/11/2016","18:31:51","29/11/2016","18:31:51","Test Customer","5123xxxxxxxx2346","IsGhDeYnNyJn","BjQsDcBkCpXo","JgMnRxSgMwIe","","purchase","Transaction declined","42 - No universal account"
"1336-470c772d-b60e-11e6-b9c3-005056b209e0","Fail","27.00","AUD","29/11/2016","18:31:51","29/11/2016","18:31:52","Test Customer","5123xxxxxxxx2346","NaWuNoUmYmCj","OdCoTdJbLkZp","SfEbKqAxNrRx","","purchase","Transaction declined","42 - No universal account"
"1336-4732f831-b60e-11e6-b9c3-005056b209e0","Fail","6.00","AUD","29/11/2016","18:31:52","29/11/2016","18:31:52","Test Customer","5123xxxxxxxx2346","BmAuNyDtSkYt","PyBvKnTyYpZe","JlAdLmXaBnFc","","purchase","Transaction declined","42 - No universal account"

retreiveBatch


The retrieveBatch method is the method used to retrieve the results of a batch file that has been processed via the processBatch method (see above). This method returns a .csv or .zip (depending on whether the merchant requested a compressed response file) file containing the results of all transactions submitted in the original batch file.

Sample process and response batch files can be found at the Sample Files section

Request-Parameters

API Method

Parameter Required Description
method Required This field is case sensitive.
Example: retrieveBatch

Authentication Parameters

Parameter Required Description
merchantUUID Required The value of this parameter is provided to you by Merchant Warrior.
Example: 123456789abcd
apiKey Required The value of this parameter is provided to you by Merchant Warrior.
Example: 1a3b5c

General Batch Parameters

Parameter Required Description
batchUUID Required The value of this parameter is assigned to you by Merchant Warrior for every processBatch request.
Example: 14dc3311444adc

Verification Hash

Parameter Required Description
hash Required The hash of the batchUUID. See Batch Response Hash for information on how to construct the hash correctly.
Example: e9ddc296b76b3398934bfc06239073df
Valid length: 32 characters
Sample Request
  curl -X POST https://api.merchantwarrior.com/post/ \
  -d method="refundCard" \
  -d merchantUUID="5265f8eed6a19" \
  -d apiKey="ksmnwxab" \
  -d transactionAmount="1.00" \
  -d transactionCurrency="AUD" \
  -d transactionID="1336-20be3569-b600-11e6-b9c3-005056b209f0" \
  -d refundAmount="1.00" \
  -d hash="b55552ff426d7e3d4635334th7ea0067"
require 'net/http'
require 'uri'

uri = URI.parse("https://api.merchantwarrior.com/post/")
request = Net::HTTP::Post.new(uri)
request.set_form_data(
  'method' => 'refundCard',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'transactionAmount' => '1.00',
  'transactionCurrency' => 'AUD',
  'transactionID' => '1336-20be3569-b600-11e6-b9c3-005056b209f0',
  'refundAmount' => '1.00',
  'hash' => 'b55552ff426d7e3d4885465d27ea0062'
)

response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == "https") do |http|
  http.request(request)
end

puts response.body
import requests

data = {
  'method' : 'refundCard',
  'merchantUUID' : '5265f8eed6a19',
  'apiKey' : 'ksmnwxab',
  'transactionAmount' : '1.00',
  'transactionCurrency' : 'AUD',
  'transactionID' : '1336-20be3569-b600-11e6-b9c3-005056b209f0',
  'refundAmount' : '1.00',
  'hash' : 'b55552ff426d7e3d4885465d27ea0062'
}

r = requests.post('https://api.merchantwarrior.com/post/', data = data)

print(r.text)
<?php
// Setup the POST url
define('MW_API_ENDPOINT', 'https://api.merchantwarrior.com/post/');

// Setup POST data
$postData = array (
  'method' => 'refundCard',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'transactionAmount' => '1.00',
  'transactionCurrency' => 'AUD',
  'transactionID' => '1336-20be3569-b600-11e6-b9c3-005056b209f0',
  'refundAmount' => '1.00',
  'hash' => 'b55552ff426d7e3d4885465d27ea0062'
);

// Setup CURL defaults
$curl = curl_init();

// Setup CURL params for this request
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_URL, MW_API_ENDPOINT);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($postData, '', '&'));

// Run CURL
$response = curl_exec($curl);
$error = curl_error($curl);

// Check for CURL errors
if (isset($error) && strlen($error)) {
  throw new Exception("CURL Error: {$error}");
}

// Parse the XML
$xml = simplexml_load_string($response);

// Convert the result from a SimpleXMLObject into an array
$xml = (array)$xml;

// Validate the response - the only successful code is 0
$status = ((int)$xml['responseCode'] === 0) ? true : false;

// Make the response a little more useable
$result = array (
  'status' => $status, 
  'transactionID' => (isset($xml['transactionID']) ? $xml['transactionID'] : null),
  'responseData' => $xml
);

exit(var_dump($result));
?>
using System;
using System.Collections.Generic;
using System.Linq;

public class Program {
    public static void Main(string[] args) {
        using(var client = new System.Net.WebClient()) {
            byte[] response = client.UploadValues("https://api.merchantwarrior.com/post/", 
                    new System.Collections.Specialized.NameValueCollection() {
                        { "method", "refundCard" },
                        { "merchantUUID", "578dd399d2373" },
                        { "apiKey", "dyqxkzse" },
                        { "transactionAmount", "1.00" },
                        { "transactionCurrency", "AUD" },
                        { "transactionID", "1336-20be3569-b600-11e6-b9c3-005056b209f0" },
                        { "refundAmount", "1.00" },                       
                        { "hash", "d0fb5716a2b85c743ed802bd5bd7284b" },
                    });
            String result = System.Text.Encoding.Default.GetString(response);
            Console.WriteLine(result);
            }
    }
}
Imports System
Imports System.Collections.Generic
Imports System.Linq

Public Module Program
    Public Sub Main(args As String())
        Using client = New System.Net.WebClient()
            Dim response As Byte() = client.UploadValues(
            "https://api.merchantwarrior.com/post/", 
            New System.Collections.Specialized.NameValueCollection() From { _
                {"method", "refundCard"}, _
                {"merchantUUID", "578dd399d2373"}, _
                {"apiKey", "dyqxkzse"}, _
                {"transactionAmount", "1.00"}, _
                {"transactionCurrency", "AUD"}, _
                {"transactionID", "1336-20be3569-b600-11e6-b9c3-005056b209f0"}, _
                {"refundAmount", "1.00"}, _
                {"hash", "d0fb5716a2b85c743ed802bd5bd7284b"} _
            })
            Dim result As [String] = System.Text.Encoding.[Default].GetString(response)
            Console.WriteLine(result)
        End Using
    End Sub
End Module
import java.io.*;
import java.net.*;
import java.util.*;

public class Program{

    public static void main(String[] args) {
        try{
            URL url = new URL("https://api.merchantwarrior.com/post/");
            Map<String, String> params = new LinkedHashMap<>();
            params.put("method", "refundCard");
            params.put("merchantUUID", "5265f8eed6a19");
            params.put("apiKey", "ksmnwxab");
            params.put("transactionAmount", "1.00");
            params.put("transactionCurrency", "AUD");
            params.put("transactionID", "1336-20be3569-b600-11e6-b9c3-005056b209f0");
            params.put("refundAmount", "1.00");           
            params.put("hash", "b55552ff426d7e3d4885465d27ea0062");

            StringBuilder postData = new StringBuilder();
            for (Map.Entry<String, String> param : params.entrySet()) {
              if (postData.length() != 0) 
                postData.append('&');
                postData.append(param.getKey());
                postData.append('=');
                postData.append(param.getValue());
            }
            HttpURLConnection conn = (HttpURLConnection)url.openConnection();
            conn.setRequestMethod("POST");
            conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
            conn.setDoOutput(true);

            OutputStreamWriter writer = new OutputStreamWriter(conn.getOutputStream());
            writer.write(postData.toString());
            writer.flush();

            BufferedReader reader = new BufferedReader(
                new InputStreamReader(conn.getInputStream()));
            String line;
            StringBuilder sb = new StringBuilder();
            while((line = reader.readLine()) != null){
                sb.append(line);
            }
            System.out.println(sb.toString());
            writer.close();
            reader.close();
        }
        catch(Exception ex){
            ex.printStackTrace();
        }
    }

}

Sample Response
<?xml version="1.0" encoding="UTF-8"?>
<mwResponse>
  <responseCode>0</responseCode>
  <responseMessage>Transaction approved</responseMessage>
  <transactionID>1336-1b7762bc-b610-11e6-b9c3-005056b209e0</transactionID>
  <authCode>731357634</authCode>
  <receiptNo>731357634</receiptNo>
  <authMessage>Honour with identification</authMessage>
  <authResponseCode>08</authResponseCode>
  <authSettledDate>2016-11-30</authSettledDate>
  <custom1/>
  <custom2/>
  <custom3/>
  <customHash>65b172551b7d3a0706c0ce5330c98470</customHash>
</mwResponse>

refundCard


The refundCard method is used to perform a refund of an existing purchase or capture transaction.

Request-Parameters

API Method

Parameter Required Description
method Required This field is case sensitive.
Example: refundCard

Authentication Parameters

Parameter Required Description
merchantUUID Required The value of this parameter is provided to you by Merchant Warrior.
Example: 123456789abcd
apiKey Required The value of this parameter is provided to you by Merchant Warrior.
Example: 1a3b5c

General Transaction Parameters

Parameter Required Description
transactionAmount Required This amount must be the exact amount submitted with the initial transaction. This is used in the verification hash, and is not the amount that will be refunded.
Example: 10.00
transactionCurrency Required The currency must match the one submitted with the initial transaction. This is used in the verification hash.
Example: AUD
storeID Not Required The value of this field is the merchant’s store name. Please note that you need to contact Merchant Warrior to enable the storeID feature before you can use this parameter.
Example: Test store name

Refund Parameters

Parameter Required Description
transactionID Required The <transactionID> returned for the initial transaction.
Example: 1-a1c340c8-7c30-11de-8888-000c29753ad4
transactionReferenceID Not Required This is a merchant’s unique reference ID for a transaction sent to Merchant Warrior. The main purpose of this ID is to verify the transaction via the queryCard method in the event a valid response is not received.
Example: A257240023321
Valid length: Up to 40 characters
refundAmount Required The amount is in the same format as transactionAmount. It cannot be less than 0.01 or more than the initial transaction amount.
Example: 10.00

Verification Hash

Parameter Required Description
hash Required The verification hash is a combination of the MD5 of your API Passphrase, and specific parameters sent in the transaction. See Transaction Type Hash for information on how to construct the hash correctly.
Example: e9ddc296b76b3398934bfc06239073df
Valid length: 32 characters
Sample Request
  curl -X POST https://api.merchantwarrior.com/post/ \
  -d method="queryCard" \
  -d merchantUUID="5265f8eed6a19" \
  -d apiKey="ksmnwxab" \
  -d transactionID="1336-20be3569-b600-11e6-b9c3-005056e109e0" \
  -d hash="11b6a860e5bdf0bd91a503b42346ee1d"
using System;
using System.Collections.Generic;
using System.Linq;

public class Program {
    public static void Main(string[] args) {
        using(var client = new System.Net.WebClient()) {
            byte[] response = client.UploadValues("https://api.merchantwarrior.com/post/", 
                    new System.Collections.Specialized.NameValueCollection() {
                        { "method", "queryCard" },
                        { "merchantUUID", "578dd399d2373" },
                        { "apiKey", "dyqxkzse" },
                        { "transactionID", "1336-20be3569-b600-11e6-b9c3-005056e109e0" },                      
                        { "hash", "d0fb5716a2b85c743ed802bd5bd7284b" },
                    });
            String result = System.Text.Encoding.Default.GetString(response);
            Console.WriteLine(result);
        }
    }
}
Imports System
Imports System.Collections.Generic
Imports System.Linq

Public Module Program
    Public Sub Main(args As String())
        Using client = New System.Net.WebClient()
            Dim response As Byte() = client.UploadValues(
            "https://api.merchantwarrior.com/post/", 
            New System.Collections.Specialized.NameValueCollection() From { _
                {"method", "queryCard"}, _
                {"merchantUUID", "578dd399d2373"}, _
                {"apiKey", "dyqxkzse"}, _
                {"transactionID", "1336-20be3569-b600-11e6-b9c3-005056e109e0"}, _
                {"hash", "d0fb5716a2b85c743ed802bd5bd7284b"} _
            })
            Dim result As [String] = System.Text.Encoding.[Default].GetString(response)
            Console.WriteLine(result)
        End Using
    End Sub
End Module
import java.io.*;
import java.net.*;
import java.util.*;

public class Program{

    public static void main(String[] args) {
        try{
            URL url = new URL("https://api.merchantwarrior.com/post/");
            Map<String, String> params = new LinkedHashMap<>();
            params.put("method", "queryCard");
            params.put("merchantUUID", "5265f8eed6a19");
            params.put("apiKey", "ksmnwxab");
            params.put("transactionID", 
              "1336-20be3569-b600-11e6-b9c3-005056e109e0");           
            params.put("hash", "b55552ff426d7e3d4885465d27ea0062");

            StringBuilder postData = new StringBuilder();
            for (Map.Entry<String, String> param : params.entrySet()) {
              if (postData.length() != 0) 
                postData.append('&');
                postData.append(param.getKey());
                postData.append('=');
                postData.append(param.getValue());
            }
            HttpURLConnection conn = (HttpURLConnection)url.openConnection();
            conn.setRequestMethod("POST");
            conn.setRequestProperty("Content-Type", 
              "application/x-www-form-urlencoded");
            conn.setDoOutput(true);

            OutputStreamWriter writer = new OutputStreamWriter(conn.getOutputStream());
            writer.write(postData.toString());
            writer.flush();

            BufferedReader reader = new BufferedReader(
              new InputStreamReader(conn.getInputStream()));
            String line;
            StringBuilder sb = new StringBuilder();
            while((line = reader.readLine()) != null){
              sb.append(line);
            }
            System.out.println(sb.toString());
            writer.close();
            reader.close();
        }
        catch(Exception ex){
            ex.printStackTrace();
        }
    }

}
require 'net/http'
require 'uri'

uri = URI.parse("https://api.merchantwarrior.com/post/")
request = Net::HTTP::Post.new(uri)
request.set_form_data(
  'method' => 'queryCard',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'transactionID' => '1336-20be3569-b600-11e6-b9c3-005056e109e0',
  'hash' => '11b6a860e5bdf0bd91a503b42346ee1d'
)

response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == "https") do |http|
  http.request(request)
end

puts response.body
import requests

data = {
  'method' : 'queryCard',
  'merchantUUID' : '5265f8eed6a19',
  'apiKey' : 'ksmnwxab',
  'transactionID' : '1336-20be3569-b600-11e6-b9c3-005056e109e0',
  'hash' : '11b6a860e5bdf0bd91a503b42346ee1d'
}

r = requests.post('https://api.merchantwarrior.com/post/', data = data)

print(r.text)
<?php
// Setup the POST url
define('MW_API_ENDPOINT', 'https://api.merchantwarrior.com/post/');

// Setup POST data
$postData = array (
  'method' => 'queryCard',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'transactionID' => '1336-20be3569-b600-11e6-b9c3-005056e109e0',
  'hash' => '11b6a860e5bdf0bd91a503b42346ee1d'
);

// Setup CURL defaults
$curl = curl_init();

// Setup CURL params for this request
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_URL, MW_API_ENDPOINT);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($postData, '', '&'));

// Run CURL
$response = curl_exec($curl);
$error = curl_error($curl);

// Check for CURL errors
if (isset($error) && strlen($error)) {
  throw new Exception("CURL Error: {$error}");
}

// Parse the XML
$xml = simplexml_load_string($response);

// Convert the result from a SimpleXMLObject into an array
$xml = (array)$xml;

// Validate the response - the only successful code is 0
$status = ((int)$xml['responseCode'] === 0) ? true : false;

// Make the response a little more useable
$result = array (
  'status' => $status, 
  'transactionID' => (isset($xml['transactionID']) ? $xml['transactionID'] : null),
  'responseData' => $xml
);

exit(var_dump($result));
?>
Sample Response
<?xml version="1.0" encoding="UTF-8"?>
<mwResponse>
  <responseCode>0</responseCode>
  <responseMessage>Transaction approved</responseMessage>
  <transactionID>1336-20be3569-b600-11e6-b9c3-005056e109e0</transactionID>
  <authCode>731357421</authCode>
  <receiptNo>731357421</receiptNo>
  <authMessage>Honour with identification</authMessage>
  <authResponseCode>08</authResponseCode>
  <authSettledDate>2016-11-29</authSettledDate>
  <refundTotal>1.00</refundTotal>
  <custom1/>
  <custom2/>
  <custom3/>
  <customHash>65b172551b7d3a0706c0ce5330c98470</customHash>
</mwResponse>
Sample 'extended' Request
  curl -X POST https://api.merchantwarrior.com/post/ \
  -d method="queryCard" \
  -d merchantUUID="5265f8eed6a19" \
  -d apiKey="ksmnwxab" \
  -d transactionID="1336-20be3569-b600-11e6-b9c3-005056b209e0" \
  -d extended="1" \
  -d hash="11b6a860e5bdf0bd91a503b42346ee1d"
<?php
// Setup the POST url
define('MW_API_ENDPOINT', 'https://api.merchantwarrior.com/post/');

// Setup POST data
$postData = array (
  'method' => 'queryCard',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'transactionID' => '1336-20be3569-b600-11e6-b9c3-005056e109e0',
  'extended' => '1',
  'hash' => '11b6a860e5bdf0bd91a503b42346ee1d'
);

// Setup CURL defaults
$curl = curl_init();

// Setup CURL params for this request
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_URL, MW_API_ENDPOINT);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($postData, '', '&'));

// Run CURL
$response = curl_exec($curl);
$error = curl_error($curl);

// Check for CURL errors
if (isset($error) && strlen($error)) {
  throw new Exception("CURL Error: {$error}");
}

// Parse the XML
$xml = simplexml_load_string($response);

// Convert the result from a SimpleXMLObject into an array
$xml = (array)$xml;

// Validate the response - the only successful code is 0
$status = ((int)$xml['responseCode'] === 0) ? true : false;

// Make the response a little more useable
$result = array (
  'status' => $status, 
  'transactionID' => (isset($xml['transactionID']) ? $xml['transactionID'] : null),
  'responseData' => $xml
);

exit(var_dump($result));
?>
using System;
using System.Collections.Generic;
using System.Linq;

public class Program {
    public static void Main(string[] args) {
        using(var client = new System.Net.WebClient()) {
            byte[] response = client.UploadValues("https://api.merchantwarrior.com/post/", 
                    new System.Collections.Specialized.NameValueCollection() {
                        { "method", "queryCard" },
                        { "merchantUUID", "578dd399d2373" },
                        { "apiKey", "dyqxkzse" },
                        { "transactionID", "1336-20be3569-b600-11e6-b9c3-005056e109e0" },
                        { "extended", "1" },                    
                        { "hash", "d0fb5716a2b85c743ed802bd5bd7284b" },
                    });
            String result = System.Text.Encoding.Default.GetString(response);
            Console.WriteLine(result);
            }
    }
}
Imports System
Imports System.Collections.Generic
Imports System.Linq

Public Module Program
    Public Sub Main(args As String())
        Using client = New System.Net.WebClient()
            Dim response As Byte() = client.UploadValues(
            "https://api.merchantwarrior.com/post/", 
            New System.Collections.Specialized.NameValueCollection() From { _
                {"method", "queryCard"}, _
                {"merchantUUID", "578dd399d2373"}, _
                {"apiKey", "dyqxkzse"}, _
                {"transactionID", "1336-20be3569-b600-11e6-b9c3-005056e109e0"}, _
                {"extended", "1"} _
                {"hash", "d0fb5716a2b85c743ed802bd5bd7284b"} _
            })
            Dim result As [String] = System.Text.Encoding.[Default].GetString(response)
            Console.WriteLine(result)
        End Using
    End Sub
End Module
import java.io.*;
import java.net.*;
import java.util.*;

public class Program{

    public static void main(String[] args) {
        try{
            URL url = new URL("https://api.merchantwarrior.com/post/");
            Map<String, String> params = new LinkedHashMap<>();
            params.put("method", "queryCard");
            params.put("merchantUUID", "5265f8eed6a19");
            params.put("apiKey", "ksmnwxab");
            params.put("transactionID", 
                "1336-20be3569-b600-11e6-b9c3-005056e109e0");
            params.put("extended", "1");
            params.put("hash", "b55552ff426d7e3d4885465d27ea0062");

            StringBuilder postData = new StringBuilder();
            for (Map.Entry<String, String> param : params.entrySet()) {
              if (postData.length() != 0) 
                postData.append('&');
                postData.append(param.getKey());
                postData.append('=');
                postData.append(param.getValue());
            }
            HttpURLConnection conn = (HttpURLConnection)url.openConnection();
            conn.setRequestMethod("POST");
            conn.setRequestProperty("Content-Type", 
                "application/x-www-form-urlencoded");
            conn.setDoOutput(true);

            OutputStreamWriter writer = new OutputStreamWriter(conn.getOutputStream());
            writer.write(postData.toString());
            writer.flush();

            BufferedReader reader = new BufferedReader(
                new InputStreamReader(conn.getInputStream()));
            String line;
            StringBuilder sb = new StringBuilder();
            while((line = reader.readLine()) != null){
                sb.append(line);
            }
            System.out.println(sb.toString());
            writer.close();
            reader.close();
        }
        catch(Exception ex){
            ex.printStackTrace();
        }
    }

}
require 'net/http'
require 'uri'

uri = URI.parse("https://api.merchantwarrior.com/post/")
request = Net::HTTP::Post.new(uri)
request.set_form_data(
  'method' => 'queryCard',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'transactionID' => '1336-20be3569-b600-11e6-b9c3-005056e109e0',
  'extended' => '1',
  'hash' => '11b6a860e5bdf0bd91a503b42346ee1d'
)

response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == "https") do |http|
  http.request(request)
end

puts response.body
import requests

data = {
  'method' : 'queryCard',
  'merchantUUID' : '5265f8eed6a19',
  'apiKey' : 'ksmnwxab',
  'transactionID' : '1336-20be3569-b600-11e6-b9c3-005056e109e0',
  'extended' : '1',
  'hash' : '11b6a860e5bdf0bd91a503b42346ee1d'
}

r = requests.post('https://api.merchantwarrior.com/post/', data = data)

print(r.text)
Sample 'extended' Response
<?xml version="1.0" encoding="UTF-8"?>
<mwResponse>
  <responseCode>0</responseCode>
  <responseMessage>Transaction approved</responseMessage>
  <transactionID>1336-20be3569-b600-11e6-b9c3-005056b209e0</transactionID>
  <authCode>731357421</authCode>
  <receiptNo>731357421</receiptNo>
  <authMessage>Honour with identification</authMessage>
  <authResponseCode>08</authResponseCode>
  <authSettledDate>2016-11-29</authSettledDate>
  <refundTotal>1.00</refundTotal>
  <custom1/>
  <custom2/>
  <custom3/>
  <customHash>65b172551b7d3a0706c0ce5330c98470</customHash>
  <transactionProduct>Test Product</transactionProduct>
  <customerName>Test Customer</customerName>
  <customerCountry>AU</customerCountry>
  <customerState>QLD</customerState>
  <customerCity>Brisbane</customerCity>
  <customerAddress>123 Test Street</customerAddress>
  <customerPostcode>4000</customerPostcode>
  <customerPhone>61731665489</customerPhone>
  <customerEmail>[email protected]</customerEmail>
  <transactionAmount>1.00</transactionAmount>
  <transactionCurrency>AUD</transactionCurrency>
  <cardName>Test Customer</cardName>
  <cardNumberFirst>4564</cardNumberFirst>
  <cardNumberLast>0004</cardNumberLast>
</mwResponse>

queryCard


The queryCard method is used to perform a query of an existing transaction. If you lose the original response, never receive a response, or if you wish to verify a response, you can use this method.

Request-Parameters

API Method

Parameter Required Description
method Required This field is case sensitive.
Example: queryCard

Authentication Parameters

Parameter Required Description
merchantUUID Required The value of this parameter is provided to you by Merchant Warrior.
Example: 123456789abcd
apiKey Required The value of this parameter is provided to you by Merchant Warrior.
Example: 1a3b5c

Query Parameters

Parameter Required Description
transactionID Required/ Not Required The <transactionID> returned for the initial transaction.
Example: 1-a1c340c8-7c30-11de-8888-000c29753ad4
transactionReferenceID Required/ Not Required The <transactionReferenceID> sent for the initial transaction. This is a merchant’s reference ID for a transaction request sent to Merchant Warrior.
Example: A257240023321
extended Not Required Returns additional information stored with the transaction. This must be in boolean format.
Example: 1

Verification Hash

Parameter Required Description
hash Required The verification hash is a combination of the MD5 of your API Passphrase, and specific parameters sent in the transaction. See Query Type Hash for information on how to construct the hash correctly.
Example: e9ddc296b76b3398934bfc06239073df
Valid length: 32 characters


Sample Request
  curl -X POST https://api.merchantwarrior.com/post/ \
  -d method="processDDebit" \
  -d merchantUUID="5265f8eed6a19" \
  -d apiKey="ksmnwxab" \
  -d transactionAmount="1.00" \
  -d transactionCurrency="AUD" \
  -d transactionProduct="A1234" \
  -d customerName="Test Customer" \
  -d customerCountry="AU" \
  -d customerState="QLD" \
  -d customerCity="Brisbane" \
  -d customerAddress="123 Test Street" \
  -d customerPostCode="4000" \
  -d customerPhone="61731665489" \
  -d customerEmail="[email protected]" \
  -d customerIP="1.1.1.1" \
  -d paymentAccountBSB="014667" \
  -d paymentAccountNumber="12345678" \
  -d paymentAccountName="Test Customer" \
  -d hash="f518187f47bc52fe5a76a18593df72c9"
require 'net/http'
require 'uri'

uri = URI.parse("https://api.merchantwarrior.com/post/")
request = Net::HTTP::Post.new(uri)
request.set_form_data(
  'method' => 'processDDebit',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'transactionAmount' => '1.00',
  'transactionCurrency' => 'AUD',
  'transactionProduct' => 'A1234',
  'customerName' => 'Test Customer',
  'customerCountry' => 'AU',
  'customerState' => 'QLD',
  'customerCity' => 'Brisbane',
  'customerAddress' => '123 Test Street',
  'customerPostCode' => '4000',
  'customerPhone' => '61731665489',
  'customerEmail' => [email protected]',
  'customerIP' => '1.1.1.1',
  'paymentAccountBSB' => '014667',
  'paymentAccountNumber' => '12345678',
  'paymentAccountName' => 'Test Customer',
  'hash' => 'f518187f47bc52fe5a76a18593df72c9'
)

response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == "https") do |http|
  http.request(request)
end

puts response.body
import requests

data = {
  'method' : 'processDDebit',
  'merchantUUID' : '5265f8eed6a19',
  'apiKey' : 'ksmnwxab',
  'transactionAmount' : '1.00',
  'transactionCurrency' : 'AUD',
  'transactionProduct' : 'A1234',
  'customerName' : 'Test Customer',
  'customerCountry' : 'AU',
  'customerState' : 'QLD',
  'customerCity' : 'Brisbane',
  'customerAddress' : '123 Test Street',
  'customerPostCode' : '4000',
  'customerPhone' : '61731665489',
  'customerEmail' : [email protected]',
  'customerIP' : '1.1.1.1',
  'paymentAccountBSB' : '014667',
  'paymentAccountNumber' : '12345678',
  'paymentAccountName' : 'Test Customer',
  'hash' : 'f518187f47bc52fe5a76a18593df72c9'
}

r = requests.post('https://api.merchantwarrior.com/post/', data = data)

print(r.text)
<?php
// Setup the POST url
define('MW_API_ENDPOINT', 'https://api.merchantwarrior.com/post/');

// Setup POST data
$postData = array (
  'method' => 'processDDebit',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'transactionAmount' => '1.00',
  'transactionCurrency' => 'AUD',
  'transactionProduct' => 'A1234',
  'customerName' => 'Test Customer',
  'customerCountry' => 'AU',
  'customerState' => 'QLD',
  'customerCity' => 'Brisbane',
  'customerAddress' => '123 Test Street',
  'customerPostCode' => '4000',
  'customerPhone' => '61731665489',
  'customerEmail' => [email protected]',
  'customerIP' => '1.1.1.1',
  'paymentAccountBSB' => '014667',
  'paymentAccountNumber' => '12345678',
  'paymentAccountName' => 'Test Customer',
  'hash' => 'f518187f47bc52fe5a76a18593df72c9'
);

// Setup CURL defaults
$curl = curl_init();

// Setup CURL params for this request
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_URL, MW_API_ENDPOINT);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($postData, '', '&'));

// Run CURL
$response = curl_exec($curl);
$error = curl_error($curl);

// Check for CURL errors
if (isset($error) && strlen($error)) {
  throw new Exception("CURL Error: {$error}");
}

// Parse the XML
$xml = simplexml_load_string($response);

// Convert the result from a SimpleXMLObject into an array
$xml = (array)$xml;

// Validate the response - the only successful code is 0
$status = ((int)$xml['responseCode'] === 0) ? true : false;

// Make the response a little more useable
$result = array (
  'status' => $status, 
  'transactionID' => (isset($xml['transactionID']) ? $xml['transactionID'] : null),
  'responseData' => $xml
);

exit(var_dump($result));
?>
using System;
using System.Collections.Generic;
using System.Linq;

public class Program {
    public static void Main(string[] args) {
        using(var client = new System.Net.WebClient()) {
            byte[] response = client.UploadValues("https://api.merchantwarrior.com/post/", 
                    new System.Collections.Specialized.NameValueCollection() {
                        { "method", "processDDebit" },
                        { "merchantUUID", "578dd399d2373" },
                        { "apiKey", "dyqxkzse" },
                        { "transactionAmount", "1.00" },
                        { "transactionCurrency", "AUD" },
                        { "transactionProduct", "Test Product" },
                        { "customerName", "Test Customer" },
                        { "customerCountry", "AU" },
                        { "customerState", "QLD" },
                        { "customerCity", "Brisbane" },
                        { "customerAddress", "123 Test Street" },
                        { "customerPostCode", "4000" },
                        { "customerPhone", "61731665489" },
                        { "customerEmail", "[email protected]" },
                        { "customerIP", "1.1.1.1" },
                        { "paymentAccountBSB", "014667" },
                        { "paymentAccountNumber", "12345678" },
                        { "paymentAccountName", "Test Customer" },
                        { "hash", "d0fb5716a2b85c743ed802bd5bd7284b" },
                    });
            String result = System.Text.Encoding.Default.GetString(response);
            Console.WriteLine(result);
            }
    }
}
Imports System
Imports System.Collections.Generic
Imports System.Linq

Public Module Program
    Public Sub Main(args As String())
        Using client = New System.Net.WebClient()
            Dim response As Byte() = client.UploadValues(
            "https://api.merchantwarrior.com/post/", 
            New System.Collections.Specialized.NameValueCollection() From { _
                {"method", "processDDebit"}, _
                {"merchantUUID", "578dd399d2373"}, _
                {"apiKey", "dyqxkzse"}, _
                {"transactionAmount", "1.00"}, _
                {"transactionCurrency", "AUD"}, _
                {"transactionProduct", "Test Product"}, _
                {"customerName", "Test Customer"}, _
                {"customerCountry", "AU"}, _
                {"customerState", "QLD"}, _
                {"customerCity", "Brisbane"}, _
                {"customerAddress", "123 Test Street"}, _
                {"customerPostCode", "4000"}, _
                {"customerPhone", "61731665489"}, _
                {"customerEmail", "[email protected]"}, _
                {"customerIP", "1.1.1.1"}, _
                {"paymentAccountBSB", "014667"}, _
                {"paymentAccountNumber", "12345678"}, _
                {"paymentAccountName", "Test Customer"}, _
                {"hash", "d0fb5716a2b85c743ed802bd5bd7284b"} _
            })
            Dim result As [String] = System.Text.Encoding.[Default].GetString(response)
            Console.WriteLine(result)
        End Using
    End Sub
End Module
import java.io.*;
import java.net.*;
import java.util.*;

public class Program{

    public static void main(String[] args) {
        try{
            URL url = new URL("https://api.merchantwarrior.com/post/");
            Map<String, String> params = new LinkedHashMap<>();
            params.put("method", "processDDebit");
            params.put("merchantUUID", "5265f8eed6a19");
            params.put("apiKey", "ksmnwxab");
            params.put("transactionAmount", "1.00");
            params.put("transactionCurrency", "AUD");
            params.put("transactionProduct", "TestProduct");
            params.put("customerName", "TestCustomer");
            params.put("customerCountry", "AU");
            params.put("customerState", "QLD");
            params.put("customerCity", "Brisbane");
            params.put("customerAddress", "TestStreet");
            params.put("customerPostCode", "4000");
            params.put("customerPhone", "61731665489");
            params.put("customerEmail", "[email protected]");
            params.put("customerIP", "1.1.1.1");
            params.put("paymentAccountBSB", "014667");
            params.put("paymentAccountNumber", "12345678");
            params.put("paymentAccountName", "TestCustomer");
            params.put("hash", "b55552ff426d7e3d4885465d27ea0062");

            StringBuilder postData = new StringBuilder();
            for (Map.Entry<String, String> param : params.entrySet()) {
              if (postData.length() != 0) 
                postData.append('&');
              postData.append(param.getKey());
              postData.append('=');
              postData.append(param.getValue());
            }
            HttpURLConnection conn = (HttpURLConnection)url.openConnection();
            conn.setRequestMethod("POST");
            conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
            conn.setDoOutput(true);

            OutputStreamWriter writer = new OutputStreamWriter(conn.getOutputStream());
            writer.write(postData.toString());
            writer.flush();

            BufferedReader reader = new BufferedReader(
                new InputStreamReader(conn.getInputStream()));
            String line;
            StringBuilder sb = new StringBuilder();
            while((line = reader.readLine()) != null){
                sb.append(line);
            }
            System.out.println(sb.toString());
            writer.close();
            reader.close();
        }
        catch(Exception ex){
            ex.printStackTrace();
        }
    }

}

Sample Response
<?xml version="1.0" encoding="UTF-8"?>
<mwResponse>
  <responseCode>10</responseCode>
  <responseMessage>Transaction pending</responseMessage>
  <transactionID>1336-d2b4ccfc-b612-11e6-b9c3-005056b209e0</transactionID>
  <settlementDate>2016-12-05</settlementDate>
</mwResponse>

processDDebit


The processDDebit method is used to perform a direct debit request to debit funds from an Australian or New Zealand bank account.

Request-Parameters

API Method

Parameter Required Description
method Required This field is case sensitive.
Example: processDDebit

Authentication Parameters

Parameter Required Description
merchantUUID Required The value of this parameter is provided to you by Merchant Warrior.
Example: 123456789abcd
apiKey Required The value of this parameter is provided to you by Merchant Warrior.
Example: 1a3b5c

General Transaction Parameters

Parameter Required Description
transactionAmount Required The amount must be formatted to have two decimal places. Any amounts without two decimal places or amounts less than one cent will be rejected.
Example: 10.00
transactionCurrency Required One of the following: AUD, CAD, EUR, GBP, JPY, NZD, SGD, USD. This is provider dependant. Please check with MW before attempting to process transactions in any currency other than AUD. This field is case insensitive.
Example: AUD
transactionProduct Required A product (or sale) id or description. We recommend using an order/product id. This field’s primary purpose is to help the transaction be identifiable for reporting and accounting purposes.
Example: ABC4321
Valid length: Up to 255 characters
transactionReferenceID Not Required This is a merchant’s unique reference ID for a transaction sent to Merchant Warrior. The main purpose of this ID is to verify the transaction via the queryCard method in the event a valid response is not received.
Example: A257240023321
Valid length: Up to 40 characters

Customer Parameters

Parameter Required Description
customerName Required This field can only contain alphanumeric characters, as well as the full stop, comma, aposprophe, ampersand, space and hyphen characters.
Example: Mr. Example Person
Valid length: Between 2 and 255 characters
customerCountry Required Two letter ISO 3166-1 alpha-2 country code.
Example: AU
Valid length: 2 characters
customerState Required Freeform field, keep consistent for your records and reporting.
Example: Queensland
Valid length: Up to 75 characters
customerCity Required Freeform field, keep consistent for your records and reporting.
Example: Brisbane
Valid length: Up to 75 characters
customerAddress Required Freeform field.
Example: 123 Test Street
Valid length: Up to 255 characters
customerPostCode Required This can also accomodate ZIP/Post codes for international transactions.
Example: 4000
Valid length: Between 4 and 10 characters
customerPhone Not Required Anything other than +,-, space and 0-9 will be stripped.
Example: 0401234567 or 61731234567
Valid length: Up to 25 characters
customerEmail Not Required Sending this optional parameter is highly recommended.
Example: [email protected]
Valid length: Up to 255 characters
customerIP Not Required Any valid IPv4 or IPv6 address is accepted. Sending this optional parameter is highly recommended.
Example: 123.456.789.012 or 2001:0db8:85a3:0000:0000:8a2e:0370:7334
Valid length: Up to 39 characters
storeID Not Required The value of this field is the merchant’s store name. Please note that you need to contact Merchant Warrior to enable the storeID feature before you can use this parameter.
Example: Test store name

Payment Parameters

Parameter Required Description
paymentAccountBSB Required This field must contain 6 digits.
Example: 011123
Valid length: 6 digits
paymentAccountNumber Required This must be a valid account number.
Example: 123456789
Valid length: 4-9 digits
paymentAccountName Required This must contain at the very least a space and no less than two characters. Only alphanumeric characters, hyphens, spaces and full stops are allowed.
Example: Mr. Example Person or MR E PERSON or Example Person
Valid length: Between 3 and 32 characters

Custom Parameters

Parameter Required Description
custom1 Not Required Freeform field. Returned as <custom1> in the XML response.
Valid length: Up to 500 characters
custom2 Not Required Freeform field. Returned as <custom2> in the XML response.
Valid length: Up to 500 characters
custom3 Not Required Freeform field. Returned as <custom3> in the XML response.
Valid length: Up to 500 characters

Verification Hash

Parameter Required Description
hash Required The verification hash is a combination of the MD5 of your API Passphrase, and specific parameters sent in the transaction. See Transaction Type Hash for information on how to construct the hash correctly.
Example: e9ddc296b76b3398934bfc06239073df
Valid length: 32 characters
Sample Request
  curl -X POST https://api.merchantwarrior.com/post/ \
  -d method="queryDD" \
  -d merchantUUID="5265f8eed6a19" \
  -d apiKey="ksmnwxab" \
  -d transactionID="1336-d2b4ccfc-b612-11e6-b9c3-005056b209e0" \
  -d hash="6e3c0ac9fef871a7c43ef5f0e63d6a6b"
require 'net/http'
require 'uri'

uri = URI.parse("https://api.merchantwarrior.com/post/")
request = Net::HTTP::Post.new(uri)
request.set_form_data(
  'method' => 'queryDD',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'transactionID' => '1336-d2b4ccfc-b612-11e6-b9c3-005056b209e0',
  'hash' => '6e3c0ac9fef871a7c43ef5f0e63d6a6b'
)

response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == "https") do |http|
  http.request(request)
end

puts response.body
import requests

data = {
  'method' : 'queryDD',
  'merchantUUID' : '5265f8eed6a19',
  'apiKey' : 'ksmnwxab',
  'transactionID' : '1336-d2b4ccfc-b612-11e6-b9c3-005056b209e0',
  'hash' : '6e3c0ac9fef871a7c43ef5f0e63d6a6b'
}

r = requests.post('https://api.merchantwarrior.com/post/', data = data)

print(r.text)
<?php
// Setup the POST url
define('MW_API_ENDPOINT', 'https://api.merchantwarrior.com/post/');

// Setup POST data
$postData = array (
  'method' => 'queryDD',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'transactionID' => '1336-d2b4ccfc-b612-11e6-b9c3-005056b209e0',
  'hash' => '6e3c0ac9fef871a7c43ef5f0e63d6a6b'
);

// Setup CURL defaults
$curl = curl_init();

// Setup CURL params for this request
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_URL, MW_API_ENDPOINT);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($postData, '', '&'));

// Run CURL
$response = curl_exec($curl);
$error = curl_error($curl);

// Check for CURL errors
if (isset($error) && strlen($error)) {
  throw new Exception("CURL Error: {$error}");
}

// Parse the XML
$xml = simplexml_load_string($response);

// Convert the result from a SimpleXMLObject into an array
$xml = (array)$xml;

// Validate the response - the only successful code is 0
$status = ((int)$xml['responseCode'] === 0) ? true : false;

// Make the response a little more useable
$result = array (
  'status' => $status, 
  'transactionID' => (isset($xml['transactionID']) ? $xml['transactionID'] : null),
  'responseData' => $xml
);

exit(var_dump($result));
?>
using System;
using System.Collections.Generic;
using System.Linq;

public class Program {
    public static void Main(string[] args) {
        using(var client = new System.Net.WebClient()) {
            byte[] response = client.UploadValues("https://api.merchantwarrior.com/post/", 
                    new System.Collections.Specialized.NameValueCollection() {
                        { "method", "queryDD" },
                        { "merchantUUID", "578dd399d2373" },
                        { "apiKey", "dyqxkzse" },
                        { "transactionID", "1336-d2b4ccfc-b612-11e6-b9c3-005056b209e0" },                        
                        { "hash", "d0fb5716a2b85c743ed802bd5bd7284b" },
                    });
            String result = System.Text.Encoding.Default.GetString(response);
            Console.WriteLine(result);
            }
    }
}
Imports System
Imports System.Collections.Generic
Imports System.Linq

Public Module Program
    Public Sub Main(args As String())
        Using client = New System.Net.WebClient()
            Dim response As Byte() = client.UploadValues(
            "https://api.merchantwarrior.com/post/", 
            New System.Collections.Specialized.NameValueCollection() From { _
                {"method", "queryDD"}, _
                {"merchantUUID", "578dd399d2373"}, _
                {"apiKey", "dyqxkzse"}, _
                {"transactionID", "1336-d2b4ccfc-b612-11e6-b9c3-005056b209e0"}, _
                {"hash", "d0fb5716a2b85c743ed802bd5bd7284b"} _
            })
            Dim result As [String] = System.Text.Encoding.[Default].GetString(response)
            Console.WriteLine(result)
        End Using
    End Sub
End Module
import java.io.*;
import java.net.*;
import java.util.*;

public class Program{

    public static void main(String[] args) {
        try{
            URL url = new URL("https://api.merchantwarrior.com/post/");
            Map<String, String> params = new LinkedHashMap<>();
            params.put("method", "queryDD");
            params.put("merchantUUID", "5265f8eed6a19");
            params.put("apiKey", "ksmnwxab");
            params.put("transactionID", "1336-d2b4ccfc-b612-11e6-b9c3-005056b209e0");
            params.put("hash", "b55552ff426d7e3d4885465d27ea0062");

            StringBuilder postData = new StringBuilder();
            for (Map.Entry<String, String> param : params.entrySet()) {
              if (postData.length() != 0) 
                  postData.append('&');
                  postData.append(param.getKey());
                  postData.append('=');
                  postData.append(param.getValue());
            }
            HttpURLConnection conn = (HttpURLConnection)url.openConnection();
            conn.setRequestMethod("POST");
            conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
            conn.setDoOutput(true);

            OutputStreamWriter writer = new OutputStreamWriter(conn.getOutputStream());
            writer.write(postData.toString());
            writer.flush();

            BufferedReader reader = new BufferedReader(
                new InputStreamReader(conn.getInputStream()));
            String line;
            StringBuilder sb = new StringBuilder();
            while((line = reader.readLine()) != null){
                sb.append(line);
            }
            System.out.println(sb.toString());
            writer.close();
            reader.close();
        }
        catch(Exception ex){
            ex.printStackTrace();
        }
    }

}

Sample Response
<?xml version="1.0" encoding="UTF-8"?>
<mwResponse>
  <responseCode>10</responseCode>
  <responseMessage>Transaction pending</responseMessage>
  <transactionID>1336-d2b4ccfc-b612-11e6-b9c3-005056b209e0</transactionID>
  <settlementDate/>
  <custom1/>
  <custom2/>
  <custom3/>
  <customHash>9e71fc2a99a71b722ead746b776b25ac</customHash>
</mwResponse>

queryDD


The queryDD method is the method used to perform a query of an existing direct debit transaction. If you wish to verify the status of a transaction or lost the original response or never receive a response, you can use this method. This method will query the internal MW records and return the available stored data for the transaction.

Request-Parameters

API Method

Parameter Required Description
method Required This field is case sensitive.
Example: queryDD

Authentication Parameters

Parameter Required Description
merchantUUID Required The value of this parameter is provided to you by Merchant Warrior.
Example: 123456789abcd
apiKey Required The value of this parameter is provided to you by Merchant Warrior.
Example: 1a3b5c

Query Parameters

Parameter Required Description
transactionID Required/ Not Required The <transactionID> returned for the initial transaction.
Example: 1-a1c340c8-7c30-11de-8888-000c29753ad4
transactionReferenceID Required/ Not Required The <transactionReferenceID> sent for the initial transaction. This is a merchant’s reference ID for a transaction request sent to Merchant Warrior.
Example: A257240023321
extended Not Required Returns additional information stored with the transaction. This must be in boolean format.
Example: 1

Verification Hash

Parameter Required Description
hash Required The verification hash is a combination of the MD5 of your API Passphrase, and specific parameters sent in the transaction. See Query Type Hash for information on how to construct the hash correctly.
Example: e9ddc296b76b3398934bfc06239073df
Valid length: 32 characters


Production API Endpoint

https://api.merchantwarrior.com/token/

Sandbox API Endpoint

https://base.merchantwarrior.com/token/

Token Payments

The following sub-sections will outline the various API methods present in the Merchant Warrior Token Payments service.

Introduction

Token Payments allows merchants to perform subsequent transactions for a customer without the customer sending their cardholder data to the MW platform more than once. Implementing this feature can reduce PCI DSS scope significanly as merchants are not required to store customer cardholder (PAN) data.

Global Vault

The Merchant Warrior Global Vault stores tokens in a globally accessible Vault. This feature enables merchants to gain access to customer tokens without requiring the customer (if they have registered cards in the Global Vault) to enter their credit card details into the merchant’s website. The Merchant Warrior Global Vault links a customer’s email address and cell number to their credit card(s).

A merchant can request access to a customer’s token(s) by providing their email address to the Merchant Warrior Global Vault service. The customer’s token(s) are only provided to the merchant after the customer grants access to the merchant by completing a 2FA step via email or SMS technologies.

Key Management

As the Token Payments solution enables merchants to store encryption keys the following key management principles must be taken into consideration:
• Strong encryption keys should be generated (pseudo-random data of high entropy)
• Encryption keys must only be transmitted via a Secure Socket Layer (SSL) encrypted tunnel
• Encryption keys must be stored securely, only accessible by necessary staff and applications
• Staff with access to encryption keys should acknowledge (in writing or electronically) that they understand and accept their key-custodian responsibilities

Further information regarding key management procedures is made available by NIST -
http://csrc.nist.gov/groups/ST/key_mgmt/

Request Format

API requests are submitted to the Token Payments service using POST, and must be performed over HTTPS.

Available Methods

The Token Payments service consists of the following methods:
addCard: Adds a card to the Local or Global Vault
removeCard: Removes a card from the Local or Global Vault
cardInfo: Returns information on the stored card (name, expiry, etc)
changeExpiry: Changes the expiry date on an existing card stored in the Local or Global Vault
checkCardChange: Checks the Global Vault for any changes that may have occurred for a registered email in the Global Vault (eg. addition of a new card or removal of an old card)
checkEmail: Checks the email registered in the Global Vault and requests a verification code to be sent to the customer either to retrieve or remove card(s)
checkContact: Checks the mobile contact registered for an email in the Global Vault and requests a verification code to be sent to the customer for updateContact method
retrieveCard: Retrieves card(s) registered to an email from the Global Vault
updateContact: Updates customer’s mobile contact in the Global Vault
processCard: Performs a purchase request using a token added via the addCard method
processAuth: Performs a pre-authorization request using a token added via the addCard method

Sample Request
curl -X POST https://api.merchantwarrior.com/token/ \
  -d method="addCard" \
  -d merchantUUID="5265f8eed6a19" \
  -d apiKey="ksmnwxab" \
  -d cardName="Test Customer" \
  -d cardNumber="5123456789012346" \
  -d cardExpiryMonth="05" \
  -d cardExpiryYear="17"
require 'net/http'
require 'uri'

uri = URI.parse("https://api.merchantwarrior.com/token/")
request = Net::HTTP::Post.new(uri)
request.set_form_data(
  'method' => 'addCard',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'cardName' => 'Test Customer',
  'cardNumber' => '5123456789012346',
  'cardExpiryMonth' => '05',
  'cardExpiryYear' => '17'
)

response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == "https") do |http|
  http.request(request)
end

puts response.body
import requests

data = {
  'method' : 'addCard',
  'merchantUUID' : '5265f8eed6a19',
  'apiKey' : 'ksmnwxab',
  'cardName' : 'Test Customer',
  'cardNumber' : '5123456789012346',
  'cardExpiryMonth' : '05',
  'cardExpiryYear' : '17'
}

r = requests.post('https://api.merchantwarrior.com/token/', data = data)

print(r.text)
<?php
// Setup the POST url
define('MW_API_ENDPOINT', 'https://api.merchantwarrior.com/token/');

// Setup POST data
$postData = array (
  'method' => 'addCard',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'cardName' => 'Test Customer',
  'cardNumber' => '5123456789012346',
  'cardExpiryMonth' => '05',
  'cardExpiryYear' => '17'
);

// Setup CURL defaults
$curl = curl_init();

// Setup CURL params for this request
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_URL, MW_API_ENDPOINT);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($postData, '', '&'));

// Run CURL
$response = curl_exec($curl);
$error = curl_error($curl);

// Check for CURL errors
if (isset($error) && strlen($error)) {
  throw new Exception("CURL Error: {$error}");
}

// Parse the XML
$xml = simplexml_load_string($response);

// Convert the result from a SimpleXMLObject into an array
$xml = (array)$xml;

// Validate the response - the only successful code is 0
$status = ((int)$xml['responseCode'] === 0) ? true : false;

// Make the response a little more useable
$result = array (
  'status' => $status, 
  'transactionID' => (isset($xml['transactionID']) ? $xml['transactionID'] : null),
  'responseData' => $xml
);

exit(var_dump($result));
?>
using System;
using System.Collections.Generic;
using System.Linq;

public class Program {
    public static void Main(string[] args) {
        using(var client = new System.Net.WebClient()) {
            byte[] response = client.UploadValues("https://api.merchantwarrior.com/token/", 
                    new System.Collections.Specialized.NameValueCollection() {
                        { "method", "addCard" },
                        { "merchantUUID", "578dd399d2373" },
                        { "apiKey", "dyqxkzse" },
                        { "cardName", "Test Customer" },
                        { "cardNumber", "5123456789012346" },
                        { "cardExpiryMonth", "05" },
                        { "cardExpiryYear", "17" },
                    });
            String result = System.Text.Encoding.Default.GetString(response);
            Console.WriteLine(result);
        }
    }
}
Imports System
Imports System.Collections.Generic
Imports System.Linq

Public Module Program
    Public Sub Main(args As String())
        Using client = New System.Net.WebClient()
            Dim response As Byte() = client.UploadValues(
            "https://api.merchantwarrior.com/token/",
            New System.Collections.Specialized.NameValueCollection() From { _
                {"method", "addCard"}, _
                {"merchantUUID", "578dd399d2373"}, _
                {"apiKey", "dyqxkzse"}, _
                {"cardName", "Test Customer"}, _
                {"cardNumber", "5123456789012346"}, _
                {"cardExpiryMonth", "05"}, _
                {"cardExpiryYear", "17"} _
            })
            Dim result As [String] = System.Text.Encoding.[Default].GetString(response)
            Console.WriteLine(result)
        End Using
    End Sub
End Module
import java.io.*;
import java.net.*;
import java.util.*;

public class Program{

    public static void main(String[] args) {
        try{
            URL url = new URL("https://api.merchantwarrior.com/token/");
            Map<String, String> params = new LinkedHashMap<>();
            params.put("method", "addCard");
            params.put("merchantUUID", "5265f8eed6a19");
            params.put("apiKey", "ksmnwxab");
            params.put("cardName", "TestCustomer");
            params.put("cardNumber", "5123456789012346");
            params.put("cardExpiryMonth", "05");
            params.put("cardExpiryYear", "17");            

            StringBuilder postData = new StringBuilder();
            for (Map.Entry<String, String> param : params.entrySet()) {
              if (postData.length() != 0) 
                postData.append('&');
              postData.append(param.getKey());
              postData.append('=');
              postData.append(param.getValue());
            }
            HttpURLConnection conn = (HttpURLConnection)url.openConnection();
            conn.setRequestMethod("POST");
            conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
            conn.setDoOutput(true);

            OutputStreamWriter writer = new OutputStreamWriter(conn.getOutputStream());
            writer.write(postData.toString());
            writer.flush();

            BufferedReader reader = new BufferedReader(
                new InputStreamReader(conn.getInputStream()));
            String line;
            StringBuilder sb = new StringBuilder();
            while((line = reader.readLine()) != null){
                sb.append(line);
            }
            System.out.println(sb.toString());
            writer.close();
            reader.close();
        }
        catch(Exception ex){
            ex.printStackTrace();
        }
    }

}
Sample Response
<?xml version="1.0" encoding="UTF-8"?>
<mwResponse>
    <responseCode>0</responseCode>
    <responseMessage>Operation successful</responseMessage>
    <cardID>MJKT20850598</cardID>
    <cardKey>qUKDIbq8idy5qsSf</cardKey>
    <ivrCardID>10230271</ivrCardID>
</mwResponse>
cardKey should only be used if you do NOT want MW handling your key storage

addCard


The addCard method is used to add a new card to the MW Vault.

Request-Parameters

API Method

Parameter Required Description
method Required This field is case sensitive.
Example: addCard

Authentication Parameters

Parameter Required Description
merchantUUID Required The value of this parameter is provided to you by Merchant Warrior.
Example: 123456789abcd
apiKey Required The value of this parameter is provided to you by Merchant Warrior.
Example: 1a3b5c

Cardholder Data

Parameter Required Description
cardName Required This must contain at the very least a space and no less than two characters. Only alphanumeric characters, hyphens, spaces and full stops are allowed.
Example: Mr. Example Person or MR E PERSON or Example Person
Valid length: Between 3 and 255 characters
cardNumber Required Example: 5123456789012346 or 4557012345678902
Valid length: Between 13 and 16 digits
cardExpiryMonth Required This must be MM format. The month must be zero padded if it is less than 10.
Example: 05
Valid length: 2 digits
cardExpiryYear Required This must be YY format.
Example: 13
Valid length: 2 digits

Global Vault Parameters

Parameter Required Description
cardGlobal Required/ Not Required This must be in a boolean format.
Example: 1
cardEmail Required/ Not Required This must be in a valid email format.
Example: [email protected]
cardContact Required/ Not Required This must be in a valid Australian or International mobile number format.
Example: 0486292992 or +614920202820


Sample Request
  curl -X POST https://api.merchantwarrior.com/token/ \
  -d method="removeCard" \
  -d merchantUUID="5265f8eed6a19" \
  -d apiKey="ksmnwxab" \
  -d cardID="MJKT20850598"
require 'net/http'
require 'uri'

uri = URI.parse("https://api.merchantwarrior.com/token/")
request = Net::HTTP::Post.new(uri)
request.set_form_data(
  'method' => 'removeCard',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'cardID' => 'MJKT20850598'
)

response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == "https") do |http|
  http.request(request)
end

puts response.body
import requests

data = {
  'method' : 'removeCard',
  'merchantUUID' : '5265f8eed6a19',
  'apiKey' : 'ksmnwxab',
  'cardID' : 'MJKT20850598'
}

r = requests.post('https://api.merchantwarrior.com/token/', data = data)

print(r.text)
<?php
// Setup the POST url
define('MW_API_ENDPOINT', 'https://api.merchantwarrior.com/token/');

// Setup POST data
$postData = array (
  'method' => 'removeCard',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'cardID' => 'MJKT20850598'
);

// Setup CURL defaults
$curl = curl_init();

// Setup CURL params for this request
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_URL, MW_API_ENDPOINT);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($postData, '', '&'));

// Run CURL
$response = curl_exec($curl);
$error = curl_error($curl);

// Check for CURL errors
if (isset($error) && strlen($error)) {
    throw new Exception("CURL Error: {$error}");
}

// Parse the XML
$xml = simplexml_load_string($response);

// Convert the result from a SimpleXMLObject into an array
$xml = (array)$xml;

// Validate the response - the only successful code is 0
$status = ((int)$xml['responseCode'] === 0) ? true : false;

// Make the response a little more useable
$result = array (
    'status' => $status, 
    'transactionID' => (isset($xml['transactionID']) ? $xml['transactionID'] : null),
    'responseData' => $xml
);

exit(var_dump($result));
?>
using System;
using System.Collections.Generic;
using System.Linq;

public class Program {
    public static void Main(string[] args) {
        using(var client = new System.Net.WebClient()) {
            byte[] response = client.UploadValues("https://api.merchantwarrior.com/token/", 
                    new System.Collections.Specialized.NameValueCollection() {
                        { "method", "removeCard" },
                        { "merchantUUID", "578dd399d2373" },
                        { "apiKey", "dyqxkzse" },
                        { "cardID", "MJKT20850598" },
                    });
            String result = System.Text.Encoding.Default.GetString(response);
            Console.WriteLine(result);
            }
    }
}
Imports System
Imports System.Collections.Generic
Imports System.Linq

Public Module Program
    Public Sub Main(args As String())
        Using client = New System.Net.WebClient()
            Dim response As Byte() = client.UploadValues(
            "https://api.merchantwarrior.com/token/", 
            New System.Collections.Specialized.NameValueCollection() From { _
                {"method", "removeCard"}, _
                {"merchantUUID", "578dd399d2373"}, _
                {"apiKey", "dyqxkzse"}, _
                {"cardID", "MJKT20850598"} _
            })
            Dim result As [String] = System.Text.Encoding.[Default].GetString(response)
            Console.WriteLine(result)
        End Using
    End Sub
End Module
import java.io.*;
import java.net.*;
import java.util.*;

public class Program{

    public static void main(String[] args) {
        try{
            URL url = new URL("https://api.merchantwarrior.com/token/");
            Map<String, String> params = new LinkedHashMap<>();
            params.put("method", "removeCard");
            params.put("merchantUUID", "5265f8eed6a19");
            params.put("apiKey", "ksmnwxab");
            params.put("cardID", "MJKT20850598");            

            StringBuilder postData = new StringBuilder();
            for (Map.Entry<String, String> param : params.entrySet()) {
              if (postData.length() != 0) 
                postData.append('&');
                postData.append(param.getKey());
                postData.append('=');
                postData.append(param.getValue());
            }
            HttpURLConnection conn = (HttpURLConnection)url.openConnection();
            conn.setRequestMethod("POST");
            conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
            conn.setDoOutput(true);

            OutputStreamWriter writer = new OutputStreamWriter(conn.getOutputStream());
            writer.write(postData.toString());
            writer.flush();

            BufferedReader reader = new BufferedReader(
                new InputStreamReader(conn.getInputStream()));
            String line;
            StringBuilder sb = new StringBuilder();
            while((line = reader.readLine()) != null){
                sb.append(line);
            }
            System.out.println(sb.toString());
            writer.close();
            reader.close();
        }
        catch(Exception ex){
            ex.printStackTrace();
        }
    }

}

Sample Response
<?xml version="1.0" encoding="UTF-8"?>
<mwResponse>
    <responseCode>0</responseCode>
    <responseMessage>Operation successful</responseMessage>
    <cardID>MJKT20850598</cardID>
</mwResponse>

removeCard


The removeCard method is the method used to remove a card from the MWV once it has been added.

Request-Parameters

API Method

Parameter Required Description
method Required This field is case sensitive.
Example: removeCard

Authentication Parameters

Parameter Required Description
merchantUUID Required The value of this parameter is provided to you by Merchant Warrior.
Example: 123456789abcd
apiKey Required The value of this parameter is provided to you by Merchant Warrior.
Example: 1a3b5c

Cardholder Data

Parameter Required Description
cardID Required A unique alphanumeric string returned by addCard, used to identify a specific card.
Example: NUFM56937091
cardKey Not Required A string used as an encryption/decryption key. This should only be used if you do NOT want Merchant Warrior handling your key storage. This should be unique on a per-card basis. It’s used to encrypt the card when we store it. Every time we receive a process card request, the correct cardkey must also be provided – which is known only to you.
Example: a84JI2cA12ziZ3Fx
Valid length: 16 characters

Global Vault Parameters

Parameter Required Description
cardGlobal Required/ Not Required This must be in a boolean format.
Example: 1
cardEmail Required/ Not Required This must be in a valid email format.
Example: [email protected]
code Required/ Not Required The value of this parameter is sent by Merchant Warrior directly to the customer either via Email or SMS.
Example: 1a3b5c
Valid Length: 6 characters


Sample Request
curl -X POST https://api.merchantwarrior.com/token/ \
  -d method="cardInfo" \
  -d merchantUUID="5265f8eed6a19" \
  -d apiKey="ksmnwxab" \
  -d cardID="ZBOW20853528"
require 'net/http'
require 'uri'

uri = URI.parse("https://api.merchantwarrior.com/token/")
request = Net::HTTP::Post.new(uri)
request.set_form_data(
  'method' => 'cardInfo',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'cardID' => 'ZBOW20853528'
)

response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == "https") do |http|
  http.request(request)
end

puts response.body
import requests

data = {
  'method' : 'cardInfo',
  'merchantUUID' : '5265f8eed6a19',
  'apiKey' : 'ksmnwxab',
  'cardID' : 'ZBOW20853528'
}

r = requests.post('https://api.merchantwarrior.com/token/', data = data)

print(r.text)
<?php
// Setup the POST url
define('MW_API_ENDPOINT', 'https://api.merchantwarrior.com/token/');

// Setup POST data
$postData = array (
  'method' => 'cardInfo',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'cardID' => 'ZBOW20853528'
);

// Setup CURL defaults
$curl = curl_init();

// Setup CURL params for this request
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_URL, MW_API_ENDPOINT);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($postData, '', '&'));

// Run CURL
$response = curl_exec($curl);
$error = curl_error($curl);

// Check for CURL errors
if (isset($error) && strlen($error)) {
    throw new Exception("CURL Error: {$error}");
}

// Parse the XML
$xml = simplexml_load_string($response);

// Convert the result from a SimpleXMLObject into an array
$xml = (array)$xml;

// Validate the response - the only successful code is 0
$status = ((int)$xml['responseCode'] === 0) ? true : false;

// Make the response a little more useable
$result = array (
    'status' => $status, 
    'transactionID' => (isset($xml['transactionID']) ? $xml['transactionID'] : null),
    'responseData' => $xml
);

exit(var_dump($result));
?>
using System;
using System.Collections.Generic;
using System.Linq;

public class Program {
    public static void Main(string[] args) {
        using(var client = new System.Net.WebClient()) {
            byte[] response = client.UploadValues("https://api.merchantwarrior.com/token/", 
                    new System.Collections.Specialized.NameValueCollection() {
                        { "method", "cardInfo" },
                        { "merchantUUID", "578dd399d2373" },
                        { "apiKey", "dyqxkzse" },
                        { "cardID", "MJKT20850598" },
                    });
            String result = System.Text.Encoding.Default.GetString(response);
            Console.WriteLine(result);
        }
    }
}
Imports System
Imports System.Collections.Generic
Imports System.Linq

Public Module Program
    Public Sub Main(args As String())
        Using client = New System.Net.WebClient()
            Dim response As Byte() = client.UploadValues(
            "https://api.merchantwarrior.com/token/",
            New System.Collections.Specialized.NameValueCollection() From { _
                {"method", "cardInfo"}, _
                {"merchantUUID", "578dd399d2373"}, _
                {"apiKey", "dyqxkzse"}, _
                {"cardID", "MJKT20850598"} _
            })
            Dim result As [String] = System.Text.Encoding.[Default].GetString(response)
            Console.WriteLine(result)
        End Using
    End Sub
End Module
import java.io.*;
import java.net.*;
import java.util.*;

public class Program{

    public static void main(String[] args) {
        try{
            URL url = new URL("https://api.merchantwarrior.com/token/");
            Map<String, String> params = new LinkedHashMap<>();
            params.put("method", "cardInfo");
            params.put("merchantUUID", "5265f8eed6a19");
            params.put("apiKey", "ksmnwxab");
            params.put("cardID", "ZBOW20853528");

            StringBuilder postData = new StringBuilder();
            for (Map.Entry<String, String> param : params.entrySet()) {
              if (postData.length() != 0) 
                postData.append('&');
              postData.append(param.getKey());
              postData.append('=');
              postData.append(param.getValue());
            }
            HttpURLConnection conn = (HttpURLConnection)url.openConnection();
            conn.setRequestMethod("POST");
            conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
            conn.setDoOutput(true);

            OutputStreamWriter writer = new OutputStreamWriter(conn.getOutputStream());
            writer.write(postData.toString());
            writer.flush();

            BufferedReader reader = new BufferedReader(
                new InputStreamReader(conn.getInputStream()));
            String line;
            StringBuilder sb = new StringBuilder();
            while((line = reader.readLine()) != null){
                sb.append(line);
            }
            System.out.println(sb.toString());
            writer.close();
            reader.close();
        }
        catch(Exception ex){
            ex.printStackTrace();
        }
    }

}

Sample Response
<?xml version="1.0" encoding="UTF-8"?>
<mwResponse>
    <responseCode>0</responseCode>
    <responseMessage>Operation successful</responseMessage>
    <cardID>ZBOW20853528</cardID>
    <cardName>Test Customer</cardName>
    <cardExpiryMonth>05</cardExpiryMonth>
    <cardExpiryYear>17</cardExpiryYear>
    <cardNumberFirst>5123</cardNumberFirst>
    <cardNumberLast>2346</cardNumberLast>
    <cardAdded>2016-11-30 12:16:23</cardAdded>
</mwResponse>
The cardAdded value is a GMT+10 timestamp

cardInfo


The cardInfo method is used to perform a query of an existing card. This method will return the information added via addCard with the credit card number (PAN) truncated.

Request-Parameters

API Method

Parameter Required Description
method Required This field is case sensitive.
Example: cardInfo

Authentication Parameters

Parameter Required Description
merchantUUID Required The value of this parameter is provided to you by Merchant Warrior.
Example: 123456789abcd
apiKey Required The value of this parameter is provided to you by Merchant Warrior.
Example: 1a3b5c

Cardholder Data

Parameter Required Description
cardID Required A unique alphanumeric string returned by addCard, used to identify a specific card.
Example: NUFM56937091
cardKey Not Required A string used as an encryption/decryption key. This should only be used if you do NOT want Merchant Warrior handling your key storage. This should be unique on a per-card basis. It’s used to encrypt the card when we store it. Every time we receive a process card request, the correct cardkey must also be provided – which is known only by you.
Example: a84JI2cA12ziZ3Fx
Valid length: 16 characters
Sample Request
curl -X POST https://api.merchantwarrior.com/token/ \
  -d method="changeExpiry" \
  -d merchantUUID="5265f8eed6a19" \
  -d apiKey="ksmnwxab" \
  -d cardID="ZBOW20853528" \
  -d cardExpiryMonth="05" \
  -d cardExpiryYear="19"
require 'net/http'
require 'uri'

uri = URI.parse("https://api.merchantwarrior.com/token/")
request = Net::HTTP::Post.new(uri)
request.set_form_data(
  'method' => 'changeExpiry',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'cardID' => 'ZBOW20853528',
  'cardExpiryMonth' => '05',
  'cardExpiryYear' => '19'
)

response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == "https") do |http|
  http.request(request)
end

puts response.body
import requests

data = {
  'method' : 'changeExpiry',
  'merchantUUID' : '5265f8eed6a19',
  'apiKey' : 'ksmnwxab',
  'cardID' : 'ZBOW20853528',
  'cardExpiryMonth' : '05',
  'cardExpiryYear' : '19'
}

r = requests.post('https://api.merchantwarrior.com/token/', data = data)

print(r.text)
<?php
// Setup the POST url
define('MW_API_ENDPOINT', 'https://api.merchantwarrior.com/token/');

// Setup POST data
$postData = array (
  'method' => 'changeExpiry',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'cardID' => 'ZBOW20853528',
  'cardExpiryMonth' => '05',
  'cardExpiryYear' => '19'
);

// Setup CURL defaults
$curl = curl_init();

// Setup CURL params for this request
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_URL, MW_API_ENDPOINT);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($postData, '', '&'));

// Run CURL
$response = curl_exec($curl);
$error = curl_error($curl);

// Check for CURL errors
if (isset($error) && strlen($error)) {
    throw new Exception("CURL Error: {$error}");
}

// Parse the XML
$xml = simplexml_load_string($response);

// Convert the result from a SimpleXMLObject into an array
$xml = (array)$xml;

// Validate the response - the only successful code is 0
$status = ((int)$xml['responseCode'] === 0) ? true : false;

// Make the response a little more useable
$result = array (
  'status' => $status, 
  'transactionID' => (isset($xml['transactionID']) ? $xml['transactionID'] : null),
  'responseData' => $xml
);

exit(var_dump($result));
?>
using System;
using System.Collections.Generic;
using System.Linq;

public class Program {
    public static void Main(string[] args) {
        using(var client = new System.Net.WebClient()) {
            byte[] response = client.UploadValues("https://api.merchantwarrior.com/token/", 
                    new System.Collections.Specialized.NameValueCollection() {
                        { "method", "changeExpiry" },
                        { "merchantUUID", "578dd399d2373" },
                        { "apiKey", "dyqxkzse" },
                        { "cardID", "ZBOW20853528" },
                        { "cardExpiryMonth", "05" },
                        { "cardExpiryYear", "19" },
                    });
            String result = System.Text.Encoding.Default.GetString(response);
            Console.WriteLine(result);
        }
    }
}
Imports System
Imports System.Collections.Generic
Imports System.Linq

Public Module Program
    Public Sub Main(args As String())
        Using client = New System.Net.WebClient()
            Dim response As Byte() = client.UploadValues(
            "https://api.merchantwarrior.com/token/",
            New System.Collections.Specialized.NameValueCollection() From { _
                {"method", "changeExpiry"}, _
                {"merchantUUID", "578dd399d2373"}, _
                {"apiKey", "dyqxkzse"}, _
                {"cardID", "ZBOW20853528"}, _
                {"cardExpiryMonth", "05"}, _
                {"cardExpiryYear", "19"} _
            })
            Dim result As [String] = System.Text.Encoding.[Default].GetString(response)
            Console.WriteLine(result)
        End Using
    End Sub
End Module
import java.io.*;
import java.net.*;
import java.util.*;

public class Program{

    public static void main(String[] args) {
        try{
            URL url = new URL("https://api.merchantwarrior.com/token/");
            Map<String, String> params = new LinkedHashMap<>();
            params.put("method", "changeExpiry");
            params.put("merchantUUID", "5265f8eed6a19");
            params.put("apiKey", "ksmnwxab");
            params.put("cardID", "ZBOW20853528");
            params.put("cardExpiryMonth", "05");
            params.put("cardExpiryYear", "17");

            StringBuilder postData = new StringBuilder();
            for (Map.Entry<String, String> param : params.entrySet()) {
              if (postData.length() != 0) 
                postData.append('&');
              postData.append(param.getKey());
              postData.append('=');
              postData.append(param.getValue());
            }
            HttpURLConnection conn = (HttpURLConnection)url.openConnection();
            conn.setRequestMethod("POST");
            conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
            conn.setDoOutput(true);

            OutputStreamWriter writer = new OutputStreamWriter(conn.getOutputStream());
            writer.write(postData.toString());
            writer.flush();

            BufferedReader reader = new BufferedReader(
                new InputStreamReader(conn.getInputStream()));
            String line;
            StringBuilder sb = new StringBuilder();
            while((line = reader.readLine()) != null){
                sb.append(line);
            }
            System.out.println(sb.toString());
            writer.close();
            reader.close();
        }
        catch(Exception ex){
            ex.printStackTrace();
        }
    }

}

Sample Response
<?xml version="1.0" encoding="UTF-8"?>
<mwResponse>
    <responseCode>0</responseCode>
    <responseMessage>Operation successful</responseMessage>
    <cardID>ZBOW20853528</cardID>
</mwResponse>

changeExpiry


The changeExpiry method is used to modify a card’s expiry after it has been added to the MW Vault.

Request-Parameters

API Method

Parameter Required Description
method Required This field is case sensitive.
Example: changeExpiry

Authentication Parameters

Parameter Required Description
merchantUUID Required The value of this parameter is provided to you by Merchant Warrior.
Example: 123456789abcd
apiKey Required The value of this parameter is provided to you by Merchant Warrior.
Example: 1a3b5c

Cardholder Data

Parameter Required Description
cardID Required A unique alphanumeric string returned by addCard, used to identify a specific card.
Example: NUFM56937091
cardKey Not Required A string used as an encryption/decryption key. This should only be used if you do NOT want Merchant Warrior handling your key storage. This should be unique on a per-card basis. It’s used to encrypt the card when we store it. Every time we receive a process card request, the correct cardkey must also be provided – which is known only by you.
Example: a84JI2cA12ziZ3Fx
Valid length: 16 characters
cardExpiryMonth Required This must be MM format. The month must be zero padded if it is less than 10.
Example: 05
Valid length: 2 digits
cardExpiryYear Required This must be YY format.
Example: 13
Valid length: 2 digits
Sample Request
curl -X POST https://api.merchantwarrior.com/token/ \
  -d method="checkCardChange" \
  -d merchantUUID="5265f8eed6a19" \
  -d apiKey="ksmnwxab" \
  -d cardEmail="[email protected]" \
  -d cardID="MJKT20850598,PAST20250528,OLNF31240568"
require 'net/http'
require 'uri'

uri = URI.parse("https://api.merchantwarrior.com/token/")
request = Net::HTTP::Post.new(uri)
request.set_form_data(
  'method' => 'checkCardChange',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'cardEmail' => [email protected]',
  'cardID' => 'MJKT20850598,PAST20250528,OLNF31240568'
)

response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == "https") do |http|
  http.request(request)
end

puts response.body
import requests

data = {
  'method' : 'checkCardChange',
  'merchantUUID' : '5265f8eed6a19',
  'apiKey' : 'ksmnwxab',
  'cardEmail' : [email protected]',
  'cardID' : 'MJKT20850598,PAST20250528,OLNF31240568'
}

r = requests.post('https://api.merchantwarrior.com/token/', data = data)

print(r.text)
<?php
// Setup the POST url
define('MW_API_ENDPOINT', 'https://api.merchantwarrior.com/token/');

// Setup POST data
$postData = array (
  'method' => 'checkCardChange',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'cardEmail' => [email protected]',
  'cardID' => 'MJKT20850598,PAST20250528,OLNF31240568'
);

// Setup CURL defaults
$curl = curl_init();

// Setup CURL params for this request
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_URL, MW_API_ENDPOINT);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($postData, '', '&'));

// Run CURL
$response = curl_exec($curl);
$error = curl_error($curl);

// Check for CURL errors
if (isset($error) && strlen($error)) {
    throw new Exception("CURL Error: {$error}");
}

// Parse the XML
$xml = simplexml_load_string($response);

// Convert the result from a SimpleXMLObject into an array
$xml = (array)$xml;

// Validate the response - the only successful code is 0
$status = ((int)$xml['responseCode'] === 0) ? true : false;

// Make the response a little more useable
$result = array (
  'status' => $status, 
  'transactionID' => (isset($xml['transactionID']) ? $xml['transactionID'] : null),
  'responseData' => $xml
);

exit(var_dump($result));
?>
using System;
using System.Collections.Generic;
using System.Linq;

public class Program {
    public static void Main(string[] args) {
        using(var client = new System.Net.WebClient()) {
            byte[] response = client.UploadValues("https://api.merchantwarrior.com/token/", 
                    new System.Collections.Specialized.NameValueCollection() {
                        { "method", "checkCardChange" },
                        { "merchantUUID", "578dd399d2373" },
                        { "apiKey", "dyqxkzse" },
                        { "cardEmail", "[email protected]" },
                        { "cardID", "MJKT20850598,PAST20250528,OLNF31240568" },
                    });
            String result = System.Text.Encoding.Default.GetString(response);
            Console.WriteLine(result);
            }
    }
}
Imports System
Imports System.Collections.Generic
Imports System.Linq

Public Module Program
    Public Sub Main(args As String())
        Using client = New System.Net.WebClient()
            Dim response As Byte() = client.UploadValues(
            "https://api.merchantwarrior.com/token/",
            New System.Collections.Specialized.NameValueCollection() From { _
                {"method", "checkCardChange"}, _
                {"merchantUUID", "578dd399d2373"}, _
                {"apiKey", "dyqxkzse"}, _
                {"cardEmail", "[email protected]"}, _
                {"cardID", "MJKT20850598,PAST20250528,OLNF31240568"} _
            })
            Dim result As [String] = System.Text.Encoding.[Default].GetString(response)
            Console.WriteLine(result)
        End Using
    End Sub
End Module
import java.io.*;
import java.net.*;
import java.util.*;

public class Program{

    public static void main(String[] args) {
        try{
            URL url = new URL("https://api.merchantwarrior.com/token/");
            Map<String, String> params = new LinkedHashMap<>();
            params.put("method", "checkCardChange");
            params.put("merchantUUID", "5265f8eed6a19");
            params.put("apiKey", "ksmnwxab");
            params.put("cardEmail", "[email protected]");
            params.put("cardID", "MJKT20850598,PAST20250528,OLNF31240568");            

            StringBuilder postData = new StringBuilder();
            for (Map.Entry<String, String> param : params.entrySet()) {
              if (postData.length() != 0) 
                postData.append('&');
              postData.append(param.getKey());
              postData.append('=');
              postData.append(param.getValue());
            }
            HttpURLConnection conn = (HttpURLConnection)url.openConnection();
            conn.setRequestMethod("POST");
            conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
            conn.setDoOutput(true);

            OutputStreamWriter writer = new OutputStreamWriter(conn.getOutputStream());
            writer.write(postData.toString());
            writer.flush();

            BufferedReader reader = new BufferedReader(
                new InputStreamReader(conn.getInputStream()));
            String line;
            StringBuilder sb = new StringBuilder();
            while((line = reader.readLine()) != null){
                sb.append(line);
            }
            System.out.println(sb.toString());
            writer.close();
            reader.close();
        }
        catch(Exception ex){
            ex.printStackTrace();
        }
    }

}

Sample Response
<?xml version="1.0" encoding="UTF-8"?>
<mwResponse>
    <responseCode>0</responseCode>
    <responseMessage>Operation successful</responseMessage>
    <updateStatus>0</updateStatus>
</mwResponse>
updateStatus = 0 indicates information submitted matches information in the
Global Vault.
updateStatus = 1 indicates information submitted does NOT match information
in the Global Vault.
Please see the checkEmail method to update your information to match what is
stored in the Global Vault.

checkCardChange


The checkCardChange method is used to detect if there have been any changes to a customer’s details in the Global Vault and can act as an indicator as to whether the checkEmail method should be called.

Request-Parameters

API Method

Parameter Required Description
method Required This field is case sensitive.
Example: checkCardChange

Authentication Parameters

Parameter Required Description
merchantUUID Required The value of this parameter is provided to you by Merchant Warrior.
Example: 123456789abcd
apiKey Required The value of this parameter is provided to you by Merchant Warrior.
Example: 1a3b5c

Global Vault Parameters

Parameter Required Description
cardEmail Required This must be in a valid email format.
Example: [email protected]
cardID Required This must be in alphanumeric format and should list all the cardID(s) that you have on file for the customer’s email address. If multiple cardIDs are present they must be comma separated. All spaces should be removed from this field prior to submission.
Example: NUFM56937091, ABCD65321983
Sample Request
curl -X POST https://api.merchantwarrior.com/token/ \
  -d method="checkEmail" \
  -d merchantUUID="5265f8eed6a19" \
  -d apiKey="ksmnwxab" \
  -d cardEmail="[email protected]" \
  -d authMode="1" \
  -d checkMode="1"
require 'net/http'
require 'uri'

uri = URI.parse("https://api.merchantwarrior.com/token/")
request = Net::HTTP::Post.new(uri)
request.set_form_data(
  'method' => 'checkEmail',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'cardEmail' => [email protected]',
  'authMode' => '1',
  'checkMode' => '1'
)

response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == "https") do |http|
  http.request(request)
end

puts response.body
import requests

data = {
  'method': 'checkEmail',
  'merchantUUID': '5265f8eed6a19',
  'apiKey': 'ksmnwxab',
  'cardEmail': [email protected]',
  'authMode': '1',
  'checkMode': '1'
}

r = requests.post('https://api.merchantwarrior.com/token/', data = data)

print(r.text)
<?php
// Setup the POST url
define('MW_API_ENDPOINT', 'https://api.merchantwarrior.com/token/');

// Setup POST data
$postData = array (
  'method' => 'checkEmail',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'cardEmail' => [email protected]',
  'authMode' => '1',
  'checkMode' => '1'
);

// Setup CURL defaults
$curl = curl_init();

// Setup CURL params for this request
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_URL, MW_API_ENDPOINT);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($postData, '', '&'));

// Run CURL
$response = curl_exec($curl);
$error = curl_error($curl);

// Check for CURL errors
if (isset($error) && strlen($error)) {
    throw new Exception("CURL Error: {$error}");
}

// Parse the XML
$xml = simplexml_load_string($response);

// Convert the result from a SimpleXMLObject into an array
$xml = (array)$xml;

// Validate the response - the only successful code is 0
$status = ((int)$xml['responseCode'] === 0) ? true : false;

// Make the response a little more useable
$result = array (
  'status' => $status, 
  'transactionID' => (isset($xml['transactionID']) ? $xml['transactionID'] : null),
  'responseData' => $xml
);

exit(var_dump($result));
?>
using System;
using System.Collections.Generic;
using System.Linq;

public class Program {
    public static void Main(string[] args) {
        using(var client = new System.Net.WebClient()) {
            byte[] response = client.UploadValues("https://api.merchantwarrior.com/token/", 
                    new System.Collections.Specialized.NameValueCollection() {
                        { "method", "checkEmail" },
                        { "merchantUUID", "578dd399d2373" },
                        { "apiKey", "dyqxkzse" },
                        { "cardEmail", "[email protected]" },
                        { "cardNumber", "5123456789012346" },
                        { "authMode", "1" },
                        { "checkMode", "1" },
                    });
            String result = System.Text.Encoding.Default.GetString(response);
            Console.WriteLine(result);
            }
    }
}
Imports System
Imports System.Collections.Generic
Imports System.Linq

Public Module Program
    Public Sub Main(args As String())
        Using client = New System.Net.WebClient()
            Dim response As Byte() = client.UploadValues(
            "https://api.merchantwarrior.com/token/",
            New System.Collections.Specialized.NameValueCollection() From { _
                {"method", "checkEmail"}, _
                {"merchantUUID", "578dd399d2373"}, _
                {"apiKey", "dyqxkzse"}, _
                {"cardEmail", "[email protected]"}, _
                {"cardNumber", "5123456789012346"}, _
                {"authMode", "1"}, _
                {"checkMode", "1"} _
            })
            Dim result As [String] = System.Text.Encoding.[Default].GetString(response)
            Console.WriteLine(result)
        End Using
    End Sub
End Module
import java.io.*;
import java.net.*;
import java.util.*;

public class Program{

    public static void main(String[] args) {
        try{
            URL url = new URL("https://api.merchantwarrior.com/token/");
            Map<String, String> params = new LinkedHashMap<>();
            params.put("method", "checkEmail");
            params.put("merchantUUID", "5265f8eed6a19");
            params.put("apiKey", "ksmnwxab");
            params.put("cardEmail", "[email protected]");
            params.put("authMode", "1");
            params.put("checkMode", "1");

            StringBuilder postData = new StringBuilder();
            for (Map.Entry<String, String> param : params.entrySet()) {
              if (postData.length() != 0) 
                postData.append('&');
              postData.append(param.getKey());
              postData.append('=');
              postData.append(param.getValue());
            }
            HttpURLConnection conn = (HttpURLConnection)url.openConnection();
            conn.setRequestMethod("POST");
            conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
            conn.setDoOutput(true);

            OutputStreamWriter writer = new OutputStreamWriter(conn.getOutputStream());
            writer.write(postData.toString());
            writer.flush();

            BufferedReader reader = new BufferedReader(
                new InputStreamReader(conn.getInputStream()));
            String line;
            StringBuilder sb = new StringBuilder();
            while((line = reader.readLine()) != null){
                sb.append(line);
            }
            System.out.println(sb.toString());
            writer.close();
            reader.close();
        }
        catch(Exception ex){
            ex.printStackTrace();
        }
    }

}

Sample Response
<?xml version="1.0" encoding="UTF-8"?>
<mwResponse>
    <responseCode>0</responseCode>
    <responseMessage>Verification code sent to [email protected]</responseMessage>
</mwResponse>

checkEmail


The checkEmail method is used for requesting a one-time verification code for the retrieval or removal of card(s) in the MW Global Vault.

Request-Parameters

API Method

Parameter Required Description
method Required This field is case sensitive.
Example: checkEmail

Authentication Parameters

Parameter Required Description
merchantUUID Required The value of this parameter is provided to you by Merchant Warrior.
Example: 123456789abcd
apiKey Required The value of this parameter is provided to you by Merchant Warrior.
Example: 1a3b5c

Global Vault Parameters

Parameter Required Description
cardEmail Required This must be in a valid email format.
Example: [email protected]
authMode Required This must be in integer format. Use 1 – Email Verification and 2 – SMS Verification.
Example: 1
checkMode Required This must be in integer format. Use 1 – retrieveCard method and 2 – removeCardmethod.
Example: 1
cardID Required/ Not Required This must be in alphanumeric format. This field is only supplied when checkMode is set to 2 – removeCard.
Example: NUFM56937091
Sample Request
curl -X POST https://api.merchantwarrior.com/token/ \
  -d method="checkContact" \
  -d merchantUUID="5265f8eed6a19" \
  -d apiKey="ksmnwxab" \
  -d cardEmail="[email protected]" \
  -d cardContact="61412355515"
require 'net/http'
require 'uri'

uri = URI.parse("https://api.merchantwarrior.com/token/")
request = Net::HTTP::Post.new(uri)
request.set_form_data(
  'method' => 'checkContact',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'cardEmail' => [email protected]',
  'cardContact' => '61412355515'
)

response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == "https") do |http|
  http.request(request)
end

puts response.body
import requests

data = {
  'method' : 'checkContact',
  'merchantUUID' : '5265f8eed6a19',
  'apiKey' : 'ksmnwxab',
  'cardEmail' : [email protected]',
  'cardContact' : '61412355515'
}

r = requests.post('https://api.merchantwarrior.com/token/', data = data)

print(r.text)
<?php
// Setup the POST url
define('MW_API_ENDPOINT', 'https://api.merchantwarrior.com/token/');

// Setup POST data
$postData = array (
  'method' => 'checkContact',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'cardEmail' => [email protected]',
  'cardContact' => '61412355515'
);

// Setup CURL defaults
$curl = curl_init();

// Setup CURL params for this request
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_URL, MW_API_ENDPOINT);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($postData, '', '&'));

// Run CURL
$response = curl_exec($curl);
$error = curl_error($curl);

// Check for CURL errors
if (isset($error) && strlen($error)) {
    throw new Exception("CURL Error: {$error}");
}

// Parse the XML
$xml = simplexml_load_string($response);

// Convert the result from a SimpleXMLObject into an array
$xml = (array)$xml;

// Validate the response - the only successful code is 0
$status = ((int)$xml['responseCode'] === 0) ? true : false;

// Make the response a little more useable
$result = array (
  'status' => $status, 
  'transactionID' => (isset($xml['transactionID']) ? $xml['transactionID'] : null),
  'responseData' => $xml
);

exit(var_dump($result));
?>
using System;
using System.Collections.Generic;
using System.Linq;

public class Program {
    public static void Main(string[] args) {
        using(var client = new System.Net.WebClient()) {
            byte[] response = client.UploadValues("https://api.merchantwarrior.com/token/", 
                    new System.Collections.Specialized.NameValueCollection() {
                        { "method", "checkContact" },
                        { "merchantUUID", "5265f8eed6a19" },
                        { "apiKey", "ksmnwxab" },
                        { "cardEmail", "[email protected]" },
                        { "cardContact", "61412355515" },
                    });
            String result = System.Text.Encoding.Default.GetString(response);
            Console.WriteLine(result);
            }
    }
}
Imports System
Imports System.Collections.Generic
Imports System.Linq

Public Module Program
    Public Sub Main(args As String())
        Using client = New System.Net.WebClient()
            Dim response As Byte() = client.UploadValues(
            "https://api.merchantwarrior.com/token/",
            New System.Collections.Specialized.NameValueCollection() From { _
                {"method", "checkContact"}, _
                {"merchantUUID", "5265f8eed6a19"}, _
                {"apiKey", "ksmnwxab"}, _
                {"cardEmail", "[email protected]"}, _
                {"cardContact", "61412355515"} _
            })
            Dim result As [String] = System.Text.Encoding.[Default].GetString(response)
            Console.WriteLine(result)
        End Using
    End Sub
End Module
import java.io.*;
import java.net.*;
import java.util.*;

public class Program{

    public static void main(String[] args) {
        try{
            URL url = new URL("https://api.merchantwarrior.com/token/");
            Map<String, String> params = new LinkedHashMap<>();
            params.put("method", "checkContact");
            params.put("merchantUUID", "5265f8eed6a19");
            params.put("apiKey", "ksmnwxab");
            params.put("cardEmail", "[email protected]");
            params.put("cardContact", "61412355515");           

            StringBuilder postData = new StringBuilder();
            for (Map.Entry<String, String> param : params.entrySet()) {
              if (postData.length() != 0) 
                postData.append('&');
              postData.append(param.getKey());
              postData.append('=');
              postData.append(param.getValue());
            }
            HttpURLConnection conn = (HttpURLConnection)url.openConnection();
            conn.setRequestMethod("POST");
            conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
            conn.setDoOutput(true);

            OutputStreamWriter writer = new OutputStreamWriter(conn.getOutputStream());
            writer.write(postData.toString());
            writer.flush();

            BufferedReader reader = new BufferedReader(
                new InputStreamReader(conn.getInputStream()));
            String line;
            StringBuilder sb = new StringBuilder();
            while((line = reader.readLine()) != null){
                sb.append(line);
            }
            System.out.println(sb.toString());
            writer.close();
            reader.close();
        }
        catch(Exception ex){
            ex.printStackTrace();
        }
    }

}

``

<pre class="codeTitle">Sample Response</pre>
```xml
<?xml version="1.0" encoding="UTF-8"?>
<mwResponse>
    <responseCode>0</responseCode>
    <responseMessage>Verification code sent to test@testemail.com</responseMessage>
</mwResponse>

checkContact


The checkContact method is used for requesting a one-time verification code to update a customer’s mobile contact in the MW Global Vault via the updateContact method.

Request-Parameters

API Method

Parameter Required Description
method Required This field is case sensitive.
Example: checkContact

Authentication Parameters

Parameter Required Description
merchantUUID Required The value of this parameter is provided to you by Merchant Warrior.
Example: 123456789abcd
apiKey Required The value of this parameter is provided to you by Merchant Warrior.
Example: 1a3b5c

Global Vault Parameters

Parameter Required Description
cardEmail Required This must be in a valid email format.
Example: [email protected]
cardContact Required This must be in a valid Australian or International mobile number format. The contact supplied must match the contact in the Global Vault.
Example: 0486292992 or +614920202820
Sample Request
curl -X POST https://api.merchantwarrior.com/token/ \
  -d method="retrieveCard" \
  -d merchantUUID="5265f8eed6a19" \
  -d apiKey="ksmnwxab" \
  -d cardEmail="[email protected]" \
  -d code="abc093"
require 'net/http'
require 'uri'

uri = URI.parse("https://api.merchantwarrior.com/token/")
request = Net::HTTP::Post.new(uri)
request.set_form_data(
  'method' => 'retrieveCard',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'cardEmail' => [email protected]',
  'code' => 'abc093'
)

response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == "https") do |http|
  http.request(request)
end

puts response.body
import requests

data = {
  'method': 'retrieveCard',
  'merchantUUID': '5265f8eed6a19',
  'apiKey': 'ksmnwxab',
  'cardEmail': [email protected]',
  'code': 'abc093'
}

r = requests.post('https://api.merchantwarrior.com/token/', data = data)

print(r.text)
<?php
// Setup the POST url
define('MW_API_ENDPOINT', 'https://api.merchantwarrior.com/token/');

// Setup POST data
$postData = array (
  'method' => 'retrieveCard',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'cardEmail' => [email protected]',
  'code' => 'abc093'
);

// Setup CURL defaults
$curl = curl_init();

// Setup CURL params for this request
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_URL, MW_API_ENDPOINT);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($postData, '', '&'));

// Run CURL
$response = curl_exec($curl);
$error = curl_error($curl);

// Check for CURL errors
if (isset($error) && strlen($error)) {
    throw new Exception("CURL Error: {$error}");
}

// Parse the XML
$xml = simplexml_load_string($response);

// Convert the result from a SimpleXMLObject into an array
$xml = (array)$xml;

// Validate the response - the only successful code is 0
$status = ((int)$xml['responseCode'] === 0) ? true : false;

// Make the response a little more useable
$result = array (
  'status' => $status, 
  'transactionID' => (isset($xml['transactionID']) ? $xml['transactionID'] : null),
  'responseData' => $xml
);

exit(var_dump($result));
?>
using System;
using System.Collections.Generic;
using System.Linq;

public class Program {
    public static void Main(string[] args) {
        using(var client = new System.Net.WebClient()) {
            byte[] response = client.UploadValues("https://api.merchantwarrior.com/token/", 
                    new System.Collections.Specialized.NameValueCollection() {
                        { "method", "retrieveCard" },
                        { "merchantUUID", "578dd399d2373" },
                        { "apiKey", "dyqxkzse" },
                        { "cardEmail", "[email protected]" },
                        { "code", "abc093" },
                    });
            String result = System.Text.Encoding.Default.GetString(response);
            Console.WriteLine(result);
            }
    }
}
Imports System
Imports System.Collections.Generic
Imports System.Linq

Public Module Program
    Public Sub Main(args As String())
        Using client = New System.Net.WebClient()
            Dim response As Byte() = client.UploadValues(
            "https://api.merchantwarrior.com/token/", 
            New System.Collections.Specialized.NameValueCollection() From { _
                {"method", "retrieveCard"}, _
                {"merchantUUID", "578dd399d2373"}, _
                {"apiKey", "dyqxkzse"}, _
                {"cardEmail", "[email protected]"}, _
                {"code", "abc093"} _
            })
            Dim result As [String] = System.Text.Encoding.[Default].GetString(response)
            Console.WriteLine(result)
        End Using
    End Sub
End Module
import java.io.*;
import java.net.*;
import java.util.*;

public class Program{

    public static void main(String[] args) {
        try{
            URL url = new URL("https://api.merchantwarrior.com/token/");
            Map<String, String> params = new LinkedHashMap<>();
            params.put("method", "retrieveCard");
            params.put("merchantUUID", "5265f8eed6a19");
            params.put("apiKey", "ksmnwxab");
            params.put("cardEmail", "[email protected]");
            params.put("code", "abc093");

            StringBuilder postData = new StringBuilder();
            for (Map.Entry<String, String> param : params.entrySet()) {
              if (postData.length() != 0) 
                postData.append('&');
                postData.append(param.getKey());
                postData.append('=');
                postData.append(param.getValue());
            }
            HttpURLConnection conn = (HttpURLConnection)url.openConnection();
            conn.setRequestMethod("POST");
            conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
            conn.setDoOutput(true);

            OutputStreamWriter writer = new OutputStreamWriter(conn.getOutputStream());
            writer.write(postData.toString());
            writer.flush();

            BufferedReader reader = new BufferedReader(
                new InputStreamReader(conn.getInputStream()));
            String line;
            StringBuilder sb = new StringBuilder();
            while((line = reader.readLine()) != null){
                sb.append(line);
            }
            System.out.println(sb.toString());
            writer.close();
            reader.close();
        }
        catch(Exception ex){
            ex.printStackTrace();
        }
    }

}

Sample Response
The below is a sample response containing multiple cardID's
<?xml version="1.0" encoding="UTF-8"?>
<mwResponse>
    <responseCode>0</responseCode>
    <responseMessage>Operation successful</responseMessage>
    <card1>
    <cardID>5666</cardID>
    <cardNumberLast>0004</cardNumberLast>
    <cardType>visa</cardType>
    <cardExpiryMonth>02</cardExpiryMonth>
    <cardExpiryYear>19</cardExpiryYear>
    </card1>
    <card2>
    <cardID>PAST20250528</cardID>
    <cardNumberLast>2346</cardNumberLast>
    <cardType>mc</cardType>
    <cardExpiryMonth>05</cardExpiryMonth>
    <cardExpiryYear>17</cardExpiryYear>
    </card2>
</mwResponse>
Sample Response
The below is a sample response containing one cardID
<?xml version="1.0" encoding="UTF-8"?>
<mwResponse>
    <responseCode>0</responseCode>
    <responseMessage>Operation successful</responseMessage>
    <cardID>5666</cardID>
    <cardNumberLast>0004</cardNumberLast>
    <cardType>visa</cardType>
    <cardExpiryMonth>02</cardExpiryMonth>
    <cardExpiryYear>19</cardExpiryYear>
</mwResponse>

retrieveCard


The retrieveCard method is used to retrieve card(s) registered to an email address in the MW Global Vault.

Request-Parameters

API Method

Parameter Required Description
method Required This field is case sensitive.
Example: retrieveCard

Authentication Parameters

Parameter Required Description
merchantUUID Required The value of this parameter is provided to you by Merchant Warrior.
Example: 123456789abcd
apiKey Required The value of this parameter is provided to you by Merchant Warrior.
Example: 1a3b5c

Global Vault Parameters

Parameter Required Description
cardEmail Required This must be in a valid email format.
Example: [email protected]
code Required The value of this parameter is sent by Merchant Warrior directly to the customer either via email or SMS.
Example: 1a3b5c
Valid Length: 6 characters
Sample Request
curl -X POST https://api.merchantwarrior.com/token/ \
  -d method="updateContact" \
  -d merchantUUID="5265f8eed6a19" \
  -d apiKey="ksmnwxab" \
  -d cardEmail="[email protected]" \
  -d cardContact="+61412343211" \
  -d code="jkh453"
require 'net/http'
require 'uri'

uri = URI.parse("https://api.merchantwarrior.com/token/")
request = Net::HTTP::Post.new(uri)
request.set_form_data(
  'method' => 'updateContact',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'cardEmail' => [email protected]',
  'cardContact' => ' 61412343211',
  'code' => 'jkh453'
)

response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == "https") do |http|
  http.request(request)
end

puts response.body
import requests

data = {
  'method' : 'updateContact',
  'merchantUUID' : '5265f8eed6a19',
  'apiKey' : 'ksmnwxab',
  'cardEmail' : [email protected]',
  'cardContact' : ' 61412343211',
  'code' : 'jkh453'
}

r = requests.post('https://api.merchantwarrior.com/token/', data = data)

print(r.text)
<?php
// Setup the POST url
define('MW_API_ENDPOINT', 'https://api.merchantwarrior.com/token/');

// Setup POST data
$postData = array (
  'method' => 'updateContact',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'cardEmail' => [email protected]',
  'cardContact' => ' 61412343211',
  'code' => 'jkh453'
);

// Setup CURL defaults
$curl = curl_init();

// Setup CURL params for this request
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_URL, MW_API_ENDPOINT);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($postData, '', '&'));

// Run CURL
$response = curl_exec($curl);
$error = curl_error($curl);

// Check for CURL errors
if (isset($error) && strlen($error)) {
    throw new Exception("CURL Error: {$error}");
}

// Parse the XML
$xml = simplexml_load_string($response);

// Convert the result from a SimpleXMLObject into an array
$xml = (array)$xml;

// Validate the response - the only successful code is 0
$status = ((int)$xml['responseCode'] === 0) ? true : false;

// Make the response a little more useable
$result = array (
  'status' => $status, 
  'transactionID' => (isset($xml['transactionID']) ? $xml['transactionID'] : null),
  'responseData' => $xml
);

exit(var_dump($result));
?>
using System;
using System.Collections.Generic;
using System.Linq;

public class Program {
    public static void Main(string[] args) {
        using(var client = new System.Net.WebClient()) {
            byte[] response = client.UploadValues("https://api.merchantwarrior.com/token/", 
                    new System.Collections.Specialized.NameValueCollection() {
                        { "method", "updateContact" },
                        { "merchantUUID", "578dd399d2373" },
                        { "apiKey", "dyqxkzse" },
                        { "cardEmail", "[email protected]" },
                        { "cardContact", "+61412343211" },
                        { "code", "jkh453" },
                    });
            String result = System.Text.Encoding.Default.GetString(response);
            Console.WriteLine(result);
            }
    }
}
Imports System
Imports System.Collections.Generic
Imports System.Linq

Public Module Program
    Public Sub Main(args As String())
        Using client = New System.Net.WebClient()
            Dim response As Byte() = client.UploadValues(
            "https://api.merchantwarrior.com/token/", 
            New System.Collections.Specialized.NameValueCollection() From { _
                {"method", "updateContact"}, _
                {"merchantUUID", "578dd399d2373"}, _
                {"apiKey", "dyqxkzse"}, _
                {"cardEmail", "[email protected]"}, _
                {"cardContact", "+61412343211"}, _
                {"code", "jkh453"} _
            })
            Dim result As [String] = System.Text.Encoding.[Default].GetString(response)
            Console.WriteLine(result)
        End Using
    End Sub
End Module
import java.io.*;
import java.net.*;
import java.util.*;

public class Program{

    public static void main(String[] args) {
        try{
            URL url = new URL("https://api.merchantwarrior.com/token/");
            Map<String, String> params = new LinkedHashMap<>();
            params.put("method", "updateContact");
            params.put("merchantUUID", "5265f8eed6a19");
            params.put("apiKey", "ksmnwxab");
            params.put("cardEmail", "[email protected]");
            params.put("cardContact", "+61412343211");
            params.put("code", "jkh453");           

            StringBuilder postData = new StringBuilder();
            for (Map.Entry<String, String> param : params.entrySet()) {
              if (postData.length() != 0) 
                postData.append('&');
                postData.append(param.getKey());
                postData.append('=');
                postData.append(param.getValue());
            }
            HttpURLConnection conn = (HttpURLConnection)url.openConnection();
            conn.setRequestMethod("POST");
            conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
            conn.setDoOutput(true);

            OutputStreamWriter writer = new OutputStreamWriter(conn.getOutputStream());
            writer.write(postData.toString());
            writer.flush();

            BufferedReader reader = new BufferedReader(
                new InputStreamReader(conn.getInputStream()));
            String line;
            StringBuilder sb = new StringBuilder();
            while((line = reader.readLine()) != null){
                sb.append(line);
            }
            System.out.println(sb.toString());
            writer.close();
            reader.close();
        }
        catch(Exception ex){
            ex.printStackTrace();
        }
    }   
}

Sample Response
<mwResponse> 
  <responseCode>0</responseCode>
  <responseMessage>Operation Successful.</responseMessage>
</mwResponse>

updateContact


The updateContact method is used to update customer’s mobile contact in the MW Global Vault.

Request-Parameters

API Method

Parameter Required Description
method Required This field is case sensitive.
Example: updateContact

Authentication Parameters

Parameter Required Description
merchantUUID Required The value of this parameter is provided to you by Merchant Warrior.
Example: 123456789abcd
apiKey Required The value of this parameter is provided to you by Merchant Warrior.
Example: 1a3b5c

Global Vault Parameters

Parameter Required Description
cardEmail Required This must be in a valid email format.
Example: [email protected]
cardContact Required This must be in a valid Australian or International mobile number format. The contact supplied must match the contact in the Global Vault.
Example: 0486292992 or +614920202820
code Required The value of this parameter is sent by Merchant Warrior directly to the customer either via email or SMS.
Example: 1a3b5c
Valid Length: 6 characters
curl -X POST https://api.merchantwarrior.com/token/ \
    -d method="processCard" \
    -d merchantUUID="5265f8eed6a19" \
    -d apiKey="ksmnwxab" \
    -d transactionAmount="1.00" \
    -d transactionCurrency="AUD" \
    -d transactionProduct="Test Product" \
    -d customerName="Test Customer" \
    -d customerCountry="AU" \
    -d customerState="QLD" \
    -d customerCity="Brisbane" \
    -d customerAddress="123 Test Street" \
    -d customerPostCode="4000" \
    -d customerPhone="61731665489" \
    -d customerEmail="[email protected]" \
    -d customerIP="1.1.1.1" \
    -d cardID="NUFM56937091" \
    -d hash="b55552ff426d7e3d4885465d27ea0062"
require 'net/http'
require 'uri'

uri = URI.parse("https://api.merchantwarrior.com/token/")
request = Net::HTTP::Post.new(uri)
request.set_form_data(
  'method' => 'processCard',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'transactionAmount' => '1.00',
  'transactionCurrency' => 'AUD',
  'transactionProduct' => 'Test Product',
  'customerName' => 'Test Customer',
  'customerCountry' => 'AU',
  'customerState' => 'QLD',
  'customerCity' => 'Brisbane',
  'customerAddress' => '123 Test Street',
  'customerPostCode' => '4000',
  'customerPhone' => '61731665489',
  'customerEmail' => [email protected]',
  'customerIP' => '1.1.1.1',
  'cardID' => 'NUFM56937091',
  'hash' => 'b55552ff426d7e3d4885465d27ea0062'
)

response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == "https") do |http|
  http.request(request)
end

puts response.body
import requests

data = {
  'method' : 'processCard',
  'merchantUUID' : '5265f8eed6a19',
  'apiKey' : 'ksmnwxab',
  'transactionAmount' : '1.00',
  'transactionCurrency' : 'AUD',
  'transactionProduct' : 'Test Product',
  'customerName' : 'Test Customer',
  'customerCountry' : 'AU',
  'customerState' : 'QLD',
  'customerCity' : 'Brisbane',
  'customerAddress' : '123 Test Street',
  'customerPostCode' : '4000',
  'customerPhone' : '61731665489',
  'customerEmail' : [email protected]',
  'customerIP' : '1.1.1.1',
  'cardID' : 'NUFM56937091',
  'hash' : 'b55552ff426d7e3d4885465d27ea0062'
}

r = requests.post('https://api.merchantwarrior.com/token/', data = data)

print(r.text)
<?php
// Setup the POST url
define('MW_API_ENDPOINT', 'https://api.merchantwarrior.com/token/');

// Setup POST data
$postData = array (
  'method' => 'processCard',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'transactionAmount' => '1.00',
  'transactionCurrency' => 'AUD',
  'transactionProduct' => 'Test Product',
  'customerName' => 'Test Customer',
  'customerCountry' => 'AU',
  'customerState' => 'QLD',
  'customerCity' => 'Brisbane',
  'customerAddress' => '123 Test Street',
  'customerPostCode' => '4000',
  'customerPhone' => '61731665489',
  'customerEmail' => [email protected]',
  'customerIP' => '1.1.1.1',
  'cardID' => 'NUFM56937091',
  'hash' => 'b55552ff426d7e3d4885465d27ea0062'
);

// Setup CURL defaults
$curl = curl_init();

// Setup CURL params for this request
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_URL, MW_API_ENDPOINT);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($postData, '', '&'));

// Run CURL
$response = curl_exec($curl);
$error = curl_error($curl);

// Check for CURL errors
if (isset($error) && strlen($error)) {
    throw new Exception("CURL Error: {$error}");
}

// Parse the XML
$xml = simplexml_load_string($response);

// Convert the result from a SimpleXMLObject into an array
$xml = (array)$xml;

// Validate the response - the only successful code is 0
$status = ((int)$xml['responseCode'] === 0) ? true : false;

// Make the response a little more useable
$result = array (
  'status' => $status, 
  'transactionID' => (isset($xml['transactionID']) ? $xml['transactionID'] : null),
  'responseData' => $xml
);

exit(var_dump($result));
?>
using System;
using System.Collections.Generic;
using System.Linq;

public class Program {
    public static void Main(string[] args) {
        using(var client = new System.Net.WebClient()) {
            byte[] response = client.UploadValues("https://api.merchantwarrior.com/token/", 
                    new System.Collections.Specialized.NameValueCollection() {
                        { "method", "processCard" },
                        { "merchantUUID", "578dd399d2373" },
                        { "apiKey", "dyqxkzse" },
                        { "transactionAmount", "1.00" },
                        { "transactionCurrency", "AUD" },
                        { "transactionProduct", "Test Product" },
                        { "customerName", "Test Customer" },
                        { "customerCountry", "AU" },
                        { "customerState", "QLD" },
                        { "customerCity", "Brisbane" },
                        { "customerAddress", "123 Test Street" },
                        { "customerPostCode", "4000" },
                        { "customerPhone", "61731665489" },
                        { "customerEmail", "[email protected]" },
                        { "customerIP", "1.1.1.1" },
                        { "cardID", "NUFM56937091" },
                        { "hash", "d0fb5716a2b85c743ed802bd5bd7284b" },
                    });
            String result = System.Text.Encoding.Default.GetString(response);
            Console.WriteLine(result);
            }
    }
}
Imports System
Imports System.Collections.Generic
Imports System.Linq

Public Module Program
    Public Sub Main(args As String())
        Using client = New System.Net.WebClient()
            Dim response As Byte() = client.UploadValues(
            "https://api.merchantwarrior.com/token/", 
            New System.Collections.Specialized.NameValueCollection() From { _
                {"method", "processCard"}, _
                {"merchantUUID", "578dd399d2373"}, _
                {"apiKey", "dyqxkzse"}, _
                {"transactionAmount", "1.00"}, _
                {"transactionCurrency", "AUD"}, _
                {"transactionProduct", "Test Product"}, _
                {"customerName", "Test Customer"}, _
                {"customerCountry", "AU"}, _
                {"customerState", "QLD"}, _
                {"customerCity", "Brisbane"}, _
                {"customerAddress", "123 Test Street"}, _
                {"customerPostCode", "4000"}, _
                {"customerPhone", "61731665489"}, _
                {"customerEmail", "[email protected]"}, _
                {"customerIP", "1.1.1.1"}, _
                {"cardID", "NUFM56937091"}, _
                {"hash", "d0fb5716a2b85c743ed802bd5bd7284b"} _
            })
            Dim result As [String] = System.Text.Encoding.[Default].GetString(response)
            Console.WriteLine(result)
        End Using
    End Sub
End Module
import java.io.*;
import java.net.*;
import java.util.*;

public class Program{

    public static void main(String[] args) {
        try{
            URL url = new URL("https://api.merchantwarrior.com/token/");
            Map<String, String> params = new LinkedHashMap<>();
            params.put("method", "processCard");
            params.put("merchantUUID", "5265f8eed6a19");
            params.put("apiKey", "ksmnwxab");
            params.put("transactionAmount", "1.00");
            params.put("transactionCurrency", "AUD");
            params.put("transactionProduct", "TestProduct");
            params.put("customerName", "TestCustomer");
            params.put("customerCountry", "AU");
            params.put("customerState", "QLD");
            params.put("customerCity", "Brisbane");
            params.put("customerAddress", "TestStreet");
            params.put("customerPostCode", "4000");
            params.put("customerPhone", "61731665489");
            params.put("customerEmail", "[email protected]");
            params.put("customerIP", "1.1.1.1");
            params.put("cardID", "NUFM56937091");            
            params.put("hash", "b55552ff426d7e3d4885465d27ea0062");

            StringBuilder postData = new StringBuilder();
            for (Map.Entry<String, String> param : params.entrySet()) {
              if (postData.length() != 0) 
                postData.append('&');
                postData.append(param.getKey());
                postData.append('=');
                postData.append(param.getValue());
            }
            HttpURLConnection conn = (HttpURLConnection)url.openConnection();
            conn.setRequestMethod("POST");
            conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
            conn.setDoOutput(true);

            OutputStreamWriter writer = new OutputStreamWriter(conn.getOutputStream());
            writer.write(postData.toString());
            writer.flush();

            BufferedReader reader = new BufferedReader(
                new InputStreamReader(conn.getInputStream()));
            String line;
            StringBuilder sb = new StringBuilder();
            while((line = reader.readLine()) != null){
                sb.append(line);
            }
            System.out.println(sb.toString());
            writer.close();
            reader.close();
        }
        catch(Exception ex){
            ex.printStackTrace();
        }
    }

}

Sample Response
<?xml version="1.0" encoding="UTF-8"?>
<mwResponse>
    <responseCode>0</responseCode>
    <responseMessage>Transaction approved</responseMessage>
    <transactionID>1336-20be3569-b600-11e6-b9c3-005056b209e0</transactionID>
    <authCode>731357421</authCode>
    <receiptNo>731357421</receiptNo>
    <authMessage>Honour with identification</authMessage>
    <authResponseCode>08</authResponseCode>
    <authSettledDate>2016-11-29</authSettledDate>
    <custom1/>
    <custom2/>
    <custom3/>
    <customHash>65b172551b7d3a0706c0ce5330c98470</customHash>
</mwResponse>

processCard


The processCard method is used to perform a purchase transaction using a Token ID that exists in the MW Vault.

Request-Parameters

These paramaters are practically identical to the Direct API processCard method. The major point of difference is that the card data fields are removed, and in their place the cardID, cardKey & cardKeyReplace parameters have been added.

When this method is run, the value of cardKeyReplace will overwrite cardKey – unless a validation error occurs. In short, if the responseCode >= 0, overwrite cardKey in your database with the value you send for cardKeyReplace. Transactions that do not pass pre-validation (responseCode < 0) will not have their cardKey updated.

API Method

Parameter Required Description
method Required This field is case sensitive.
Example: processCard

Authentication Parameters

Parameter Required Description
merchantUUID Required The value of this parameter is provided to you by Merchant Warrior.
Example: 123456789abcd
apiKey Required The value of this parameter is provided to you by Merchant Warrior.
Example: 1a3b5c

General Transaction Parameters

Parameter Required Description
transactionAmount Required The amount must be formatted to have two decimal places. Any amounts without two decimal places or amounts less than one cent will be rejected.
Example: 10.00
transactionCurrency Required One of the following: AUD, CAD, EUR, GBP, JPY, NZD, SGD, USD. This is provider dependant. Please check with MW before attempting to process transactions in any currency other than AUD. This field is case insensitive.
Example: AUD
transactionProduct Required A product (or sale) id or description. We recommend using an order/product id. This field’s primary purpose is to help the transaction be identifiable for reporting and accounting purposes.
Example: ABC4321
Valid length: Up to 255 characters. Some Acquirers limit this field to 40 characters.
transactionReferenceID Not Required This is a merchant’s unique reference ID for a transaction sent to Merchant Warrior. The main purpose of this ID is to verify the transaction via the queryCard method in the event a valid response is not received.
Example: A257240023321
Valid length: Up to 40 characters

Customer Parameters

Parameter Required Description
customerName Required This field can only contain alphanumeric characters, as well as the full stop, comma, aposprophe, ampersand, space and hyphen characters.
Example: Mr. Example Person
Valid length: Between 2 and 255 characters
customerCountry Required Two letter ISO 3166-1 alpha-2 country code.
Example: AU
Valid length: 2 characters
customerState Required Freeform field, keep consistent for your records and reporting.
Example: Queensland
Valid length: Up to 75 characters
customerCity Required Freeform field, keep consistent for your records and reporting.
Example: Brisbane
Valid length: Up to 75 characters
customerAddress Required Freeform field.
Example: 123 Test Street
Valid length: Up to 255 characters
customerPostCode Required This can also accomodate ZIP/Post codes for international transactions.
Example: 4000
Valid length: Between 4 and 10 characters
customerPhone Not Required Anything other than +,-, space and 0-9 will be stripped.
Example: 0401234567 or 61731234567
Valid length: Up to 25 characters
customerEmail Not Required Sending this optional parameter is highly recommended.
Example: [email protected]
Valid length: Up to 255 characters
customerIP Not Required Any valid IPv4 or IPv6 address is accepted. Sending this optional parameter is highly recommended.
Example: 123.456.789.012 or 2001:0db8:85a3:0000:0000:8a2e:0370:7334
Valid length: Up to 39 characters
storeID Not Required The value of this field is the merchant’s store name. Please note that you need to contact Merchant Warrior to enable the storeID feature before you can use this parameter.
Example: Test store name

Payment Parameters

Parameter Required Description
cardID Required A unique alphanumeric string returned by addCard, used to identify a specific card.
Example: NUFM56937091
cardKey Not Required A string used as an encryption/decryption key. This should only be used if you do NOT want Merchant Warrior handling your key storage. This should be unique on a per-card basis. It’s used to encrypt the card when we store it. Every time we receive a process card request, the correct cardkey must also be provided – which is known only by you.
Example: a84JI2cA12ziZ3Fx
Valid Length: 16 characters
cardKeyReplace Not Required This will replace cardKey for subsequent requests for the cardID if the transaction is run successfully (meaning accepted by Merchant Warrior, not necessarily approved by the bank). This cannot be the same as the last 10 cardKey’s used for the cardID, and it has to follow the same guidelines as cardkey (16 character alphanumeric string, etc). See the explanation under “Request Parameter” for more information.
Example: mbnGHOq86sXTjQgd
Valid Length: 16 characters
paymentCardCSC Not Required This is also known as the CVN or CVV/2. This is required by some Acquirers if the transaction is initiated by the customer. Please contact Merchant Warrior for more information.
Example: 123
Valid length: Between 3 and 4 characters

Custom Parameters

Parameter Required Description
custom1 Not Required Freeform field. Returned as <custom1> in the XML response.
Valid length: Up to 500 characters
custom2 Not Required Freeform field. Returned as <custom2> in the XML response.
Valid length: Up to 500 characters
custom3 Not Required Freeform field. Returned as <custom3> in the XML response.
Valid length: Up to 500 characters

Verification Hash

Parameter Required Description
hash Required The verification hash is a combination of the MD5 of your API Passphrase, and specific parameters sent in the transaction. See Transaction Type Hash for information on how to construct the hash correctly.
Example: e9ddc296b76b3398934bfc06239073df
Valid length: 32 characters
curl -X POST https://api.merchantwarrior.com/token/ \
    -d method="processAuth" \
    -d merchantUUID="5265f8eed6a19" \
    -d apiKey="ksmnwxab" \
    -d transactionAmount="1.00" \
    -d transactionCurrency="AUD" \
    -d transactionProduct="Test Product" \
    -d customerName="Test Customer" \
    -d customerCountry="AU" \
    -d customerState="QLD" \
    -d customerCity="Brisbane" \
    -d customerAddress="123 Test Street" \
    -d customerPostCode="4000" \
    -d customerPhone="61731665489" \
    -d customerEmail="[email protected]" \
    -d customerIP="1.1.1.1" \
    -d cardID="NUFM56937091" \
    -d hash="b55552ff426d7e3d4885465d27ea0062"
require 'net/http'
require 'uri'

uri = URI.parse("https://api.merchantwarrior.com/token/")
request = Net::HTTP::Post.new(uri)
request.set_form_data(
  'method' => 'processAuth',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'transactionAmount' => '1.00',
  'transactionCurrency' => 'AUD',
  'transactionProduct' => 'Test Product',
  'customerName' => 'Test Customer',
  'customerCountry' => 'AU',
  'customerState' => 'QLD',
  'customerCity' => 'Brisbane',
  'customerAddress' => '123 Test Street',
  'customerPostCode' => '4000',
  'customerPhone' => '61731665489',
  'customerEmail' => [email protected]',
  'customerIP' => '1.1.1.1',
  'cardID' => 'NUFM56937091',
  'hash' => 'b55552ff426d7e3d4885465d27ea0062'
)

response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == "https") do |http|
  http.request(request)
end

puts response.body
import requests

data = {
  'method' : 'processAuth',
  'merchantUUID' : '5265f8eed6a19',
  'apiKey' : 'ksmnwxab',
  'transactionAmount' : '1.00',
  'transactionCurrency' : 'AUD',
  'transactionProduct' : 'Test Product',
  'customerName' : 'Test Customer',
  'customerCountry' : 'AU',
  'customerState' : 'QLD',
  'customerCity' : 'Brisbane',
  'customerAddress' : '123 Test Street',
  'customerPostCode' : '4000',
  'customerPhone' : '61731665489',
  'customerEmail' : [email protected]',
  'customerIP' : '1.1.1.1',
  'cardID' : 'NUFM56937091',
  'hash' : 'b55552ff426d7e3d4885465d27ea0062'
}

r = requests.post('https://api.merchantwarrior.com/token/', data = data)

print(r.text)
<?php
// Setup the POST url
define('MW_API_ENDPOINT', 'https://api.merchantwarrior.com/token/');

// Setup POST data
$postData = array (
  'method' => 'processAuth',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'transactionAmount' => '1.00',
  'transactionCurrency' => 'AUD',
  'transactionProduct' => 'Test Product',
  'customerName' => 'Test Customer',
  'customerCountry' => 'AU',
  'customerState' => 'QLD',
  'customerCity' => 'Brisbane',
  'customerAddress' => '123 Test Street',
  'customerPostCode' => '4000',
  'customerPhone' => '61731665489',
  'customerEmail' => [email protected]',
  'customerIP' => '1.1.1.1',
  'cardID' => 'NUFM56937091',
  'hash' => 'b55552ff426d7e3d4885465d27ea0062'
);

// Setup CURL defaults
$curl = curl_init();

// Setup CURL params for this request
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_URL, MW_API_ENDPOINT);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($postData, '', '&'));

// Run CURL
$response = curl_exec($curl);
$error = curl_error($curl);

// Check for CURL errors
if (isset($error) && strlen($error)) {
    throw new Exception("CURL Error: {$error}");
}

// Parse the XML
$xml = simplexml_load_string($response);

// Convert the result from a SimpleXMLObject into an array
$xml = (array)$xml;

// Validate the response - the only successful code is 0
$status = ((int)$xml['responseCode'] === 0) ? true : false;

// Make the response a little more useable
$result = array (
  'status' => $status, 
  'transactionID' => (isset($xml['transactionID']) ? $xml['transactionID'] : null),
  'responseData' => $xml
);

exit(var_dump($result));
?>
using System;
using System.Collections.Generic;
using System.Linq;

public class Program {
    public static void Main(string[] args) {
        using(var client = new System.Net.WebClient()) {
            byte[] response = client.UploadValues("https://api.merchantwarrior.com/token/", 
                    new System.Collections.Specialized.NameValueCollection() {
                        { "method", "processAuth" },
                        { "merchantUUID", "578dd399d2373" },
                        { "apiKey", "dyqxkzse" },
                        { "transactionAmount", "1.00" },
                        { "transactionCurrency", "AUD" },
                        { "transactionProduct", "Test Product" },
                        { "customerName", "Test Customer" },
                        { "customerCountry", "AU" },
                        { "customerState", "QLD" },
                        { "customerCity", "Brisbane" },
                        { "customerAddress", "123 Test Street" },
                        { "customerPostCode", "4000" },
                        { "customerPhone", "61731665489" },
                        { "customerEmail", "[email protected]" },
                        { "customerIP", "1.1.1.1" },
                        { "cardID", "NUFM56937091" },
                        { "hash", "d0fb5716a2b85c743ed802bd5bd7284b" },
                    });
            String result = System.Text.Encoding.Default.GetString(response);
            Console.WriteLine(result);
            }
    }
}
Imports System
Imports System.Collections.Generic
Imports System.Linq

Public Module Program
    Public Sub Main(args As String())
        Using client = New System.Net.WebClient()
            Dim response As Byte() = client.UploadValues(
            "https://api.merchantwarrior.com/token/", 
            New System.Collections.Specialized.NameValueCollection() From { _
                {"method", "processAuth"}, _
                {"merchantUUID", "578dd399d2373"}, _
                {"apiKey", "dyqxkzse"}, _
                {"transactionAmount", "1.00"}, _
                {"transactionCurrency", "AUD"}, _
                {"transactionProduct", "Test Product"}, _
                {"customerName", "Test Customer"}, _
                {"customerCountry", "AU"}, _
                {"customerState", "QLD"}, _
                {"customerCity", "Brisbane"}, _
                {"customerAddress", "123 Test Street"}, _
                {"customerPostCode", "4000"}, _
                {"customerPhone", "61731665489"}, _
                {"customerEmail", "[email protected]"}, _
                {"customerIP", "1.1.1.1"}, _
                {"cardID", "NUFM56937091"}, _
                {"hash", "d0fb5716a2b85c743ed802bd5bd7284b"} _
            })
            Dim result As [String] = System.Text.Encoding.[Default].GetString(response)
            Console.WriteLine(result)
        End Using
    End Sub
End Module
import java.io.*;
import java.net.*;
import java.util.*;

public class Program{

    public static void main(String[] args) {
        try{
            URL url = new URL("https://api.merchantwarrior.com/token/");
            Map<String, String> params = new LinkedHashMap<>();
            params.put("method", "processAuth");
            params.put("merchantUUID", "5265f8eed6a19");
            params.put("apiKey", "ksmnwxab");
            params.put("transactionAmount", "1.00");
            params.put("transactionCurrency", "AUD");
            params.put("transactionProduct", "TestProduct");
            params.put("customerName", "TestCustomer");
            params.put("customerCountry", "AU");
            params.put("customerState", "QLD");
            params.put("customerCity", "Brisbane");
            params.put("customerAddress", "TestStreet");
            params.put("customerPostCode", "4000");
            params.put("customerPhone", "61731665489");
            params.put("customerEmail", "[email protected]");
            params.put("customerIP", "1.1.1.1");
            params.put("cardID", "NUFM56937091");            
            params.put("hash", "b55552ff426d7e3d4885465d27ea0062");

            StringBuilder postData = new StringBuilder();
            for (Map.Entry<String, String> param : params.entrySet()) {
              if (postData.length() != 0) 
                postData.append('&');
                postData.append(param.getKey());
                postData.append('=');
                postData.append(param.getValue());
            }
            HttpURLConnection conn = (HttpURLConnection)url.openConnection();
            conn.setRequestMethod("POST");
            conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
            conn.setDoOutput(true);

            OutputStreamWriter writer = new OutputStreamWriter(conn.getOutputStream());
            writer.write(postData.toString());
            writer.flush();

            BufferedReader reader = new BufferedReader(
                new InputStreamReader(conn.getInputStream()));
            String line;
            StringBuilder sb = new StringBuilder();
            while((line = reader.readLine()) != null){
                sb.append(line);
            }
            System.out.println(sb.toString());
            writer.close();
            reader.close();
        }
        catch(Exception ex){
            ex.printStackTrace();
        }
    }

}

Sample Response
<?xml version="1.0" encoding="UTF-8"?>
<mwResponse>
    <responseCode>0</responseCode>
    <responseMessage>Transaction approved</responseMessage>
    <transactionID>1336-20be3569-b600-11e6-b9c3-005056b209e0</transactionID>
    <authCode>731357421</authCode>
    <receiptNo>731357421</receiptNo>
    <authMessage>Honour with identification</authMessage>
    <authResponseCode>08</authResponseCode>
    <authSettledDate>2016-11-29</authSettledDate>
    <custom1/>
    <custom2/>
    <custom3/>
    <customHash>65b172551b7d3a0706c0ce5330c98470</customHash>
</mwResponse>

processAuth


The processAuth method is the method used to perform a pre-authorization transaction using an existing card (for capture request, refer to the standard processCapture API method). This method proxies the request through to the standard MWE API, and returns the response directly – including any validation or provider errors. That means that all the validation logic is the same with both functions, although this of course also validates cardID, cardKey & cardKeyReplace.

Method Endpoint

This method’s endpoint is: https://<environment>.merchantwarrior.com/token/processAuth

Request-Parameters

These paramaters are practically identical to the Direct API processAuth method. The major point of difference is that the card data fields are removed, and in their place the cardID, cardKey & cardKeyReplace parameters have been added.

When this method is run, the value of cardKeyReplace will overwrite cardKey – unless a validation error occurs. In short, if the responseCode >= 0, overwrite cardKey in your database with the value you send for cardKeyReplace. Transactions that do not pass pre-validation (responseCode < 0) will not have their cardKey updated.

API Method

Parameter Required Description
method Required This field is case sensitive.
Example: processAuth

Authentication Parameters

Parameter Required Description
merchantUUID Required The value of this parameter is provided to you by Merchant Warrior.
Example: 123456789abcd
apiKey Required The value of this parameter is provided to you by Merchant Warrior.
Example: 1a3b5c

General Transaction Parameters

Parameter Required Description
transactionAmount Required The amount must be formatted to have two decimal places. Any amounts without two decimal places or amounts less than one cent will be rejected.
Example: 10.00
transactionCurrency Required One of the following: AUD, CAD, EUR, GBP, JPY, NZD, SGD, USD. This is provider dependant. Please check with MW before attempting to process transactions in any currency other than AUD. This field is case insensitive.
Example: AUD
transactionProduct Required A product (or sale) id or description. We recommend using an order/product id. This field’s primary purpose is to help the transaction be identifiable for reporting and accounting purposes.
Example: ABC4321
Valid length: Up to 255 characters. Some Acquirers limit this field to 40 characters.
transactionReferenceID Not Required This is a merchant’s unique reference ID for a transaction sent to Merchant Warrior. The main purpose of this ID is to verify the transaction via the queryCard method in the event a valid response is not received.
Example: A257240023321
Valid length: Up to 40 characters

Customer Parameters

Parameter Required Description
customerName Required This field can only contain alphanumeric characters, as well as the full stop, comma, aposprophe, ampersand, space and hyphen characters.
Example: Mr. Example Person
Valid length: Between 2 and 255 characters
customerCountry Required Two letter ISO 3166-1 alpha-2 country code.
Example: AU
Valid length: 2 characters
customerState Required Freeform field, keep consistent for your records and reporting.
Example: Queensland
Valid length: Up to 75 characters
customerCity Required Freeform field, keep consistent for your records and reporting.
Example: Brisbane
Valid length: Up to 75 characters
customerAddress Required Freeform field.
Example: 123 Test Street
Valid length: Up to 255 characters
customerPostCode Required This can also accomodate ZIP/Post codes for international transactions.
Example: 4000
Valid length: Between 4 and 10 characters
customerPhone Not Required Anything other than +,-, space and 0-9 will be stripped.
Example: 0401234567 or 61731234567
Valid length: Up to 25 characters
customerEmail Not Required Sending this optional parameter is highly recommended.
Example: [email protected]
Valid length: Up to 255 characters
customerIP Not Required Any valid IPv4 or IPv6 address is accepted. Sending this optional parameter is highly recommended.
Example: 123.456.789.012 or 2001:0db8:85a3:0000:0000:8a2e:0370:7334
Valid length: Up to 39 characters
storeID Not Required The value of this field is the merchant’s store name. Please note that you need to contact Merchant Warrior to enable the storeID feature before you can use this parameter.
Example: Test store name

Payment Parameters

Parameter Required Description
cardID Required A unique alphanumeric string returned by addCard, used to identify a specific card.
Example: NUFM56937091
cardKey Not Required A string used as an encryption/decryption key. This should only be used if you do NOT want Merchant Warrior handling your key storage. This should be unique on a per-card basis. It’s used to encrypt the card when we store it. Every time we receive a process card request, the correct cardkey must also be provided – which is known only by you.
Example: a84JI2cA12ziZ3Fx
Valid Length: 16 characters
cardKeyReplace Not Required This will replace cardKey for subsequent requests for the cardID if the transaction is run successfully (meaning accepted by Merchant Warrior, not necessarily approved by the bank). This cannot be the same as the last 10 cardKey’s used for the cardID, and it has to follow the same guidelines as cardkey (16 character alphanumeric string, etc). See the explanation under “Request Parameter” for more information.
Example: mbnGHOq86sXTjQgd
Valid Length: 16 characters
paymentCardCSC Not Required This is also known as the CVN or CVV/2. This is required by some Acquirers if the transaction is initiated by the customer. Please contact Merchant Warrior for more information.
Example: 123
Valid length: Between 3 and 4 characters

Custom Parameters

Parameter Required Description
custom1 Not Required Freeform field. Returned as <custom1> in the XML response.
Valid length: Up to 500 characters
custom2 Not Required Freeform field. Returned as <custom2> in the XML response.
Valid length: Up to 500 characters
custom3 Not Required Freeform field. Returned as <custom3> in the XML response.
Valid length: Up to 500 characters

Verification Hash

Parameter Required Description
hash Required The verification hash is a combination of the MD5 of your API Passphrase, and specific parameters sent in the transaction. See Transaction Type Hash for information on how to construct the hash correctly.
Example: e9ddc296b76b3398934bfc06239073df
Valid length: 32 characters
Production API Endpoint

https://secure.merchantwarrior.com/

Sandbox API Endpoint

https://securetest.merchantwarrior.com/

Hosted Payments

The following sub-sections will outline the various API methods present in the Merchant Warrior Hosted Payments service.

Introduction

The MW Hosted Payments solution allows merchants to process credit card transactions online via a secure hosted payment page.

Merchants who do not wish to store, process or transmit credit card (PAN) in order to reduce their PCI DSS scope will be able to achieve this with this service.

Request Format

API requests are submitted to the Hosted Payments service using POST, and must be performed over HTTPS.

Respone Format

The Hosted Payments service will return responses in XML format to a specified notifyURL via an Asynchronous HTTP POST. Response paramaters are also returned in the GET string of the specified returnURL via a 302 redirect.

Available Methods

The Hosted Payments service consists of the following methods:
processCard: Performs a purchase transaction on a customer’s credit card
processDDebitAuth: Initiates an electronic (paperless) direct debit authorization

Sample Request
Requests are generated via a form presented to the customer's browser.
Please see Hosted Payments Sample Files for examples.
Sample 'notifyURL' Response
<?xml version="1.0" encoding="UTF-8"?>
<mwResponse>
  <responseCode>0</responseCode>
  <responseMessage>Transaction approved</responseMessage>
  <transactionID>1336-20be3569-b600-11e6-b9c3-005056b209e0</transactionID>
  <authCode>731357421</authCode>
  <receiptNo>731357421</receiptNo>
  <authMessage>Honour with identification</authMessage>
  <authResponseCode>08</authResponseCode>
  <authSettledDate>2016-11-29</authSettledDate>
  <custom1/>
  <custom2/>
  <custom3/>
  <customHash>65b172551b7d3a0706c0ce5330c98470</customHash>
</mwResponse>
Sample 'returnURL' Response
https://www.mydomain.com/sample.return.php?status=return&status=approved&reference=1-373eb735-bd24-11e6-992a-005056b209e0&hash=c4c5db49d97b21c7898f3e8ed8057b24&custom1=Custom+Field+1&custom2=Custom+Field+2&custom3=Custom+Field+3&customHash=9c8bffd18b890aebf84b27744a205385&message=Transaction+approved
Please see 302 redirect (Transactions) for the returnURL response field
definitions

processCard

The processCard method is the method used to perform a purchase request.

Request-Parameters

API Method

Parameter Required Description
method Required This field is case sensitive. Currently, the only valid value for this parameter is ‘processCard’.
Example: processCard

Authentication Parameters

Parameter Required Description
merchantUUID Required The value of this parameter is provided to you by Merchant Warrior.
Example: 123456789abcd
apiKey Required The value of this parameter is provided to you by Merchant Warrior.
Example: 1a3b5c

General Transaction Parameters

Parameter Required Description
transactionAmount Required The amount must be formatted to have two decimal places. Any amounts without two decimal places or amounts less than one cent will be rejected.
Example: 10.00
transactionCurrency Required One of the following: AUD, CAD, EUR, GBP, JPY, NZD, SGD, USD. This is provider dependant. Please check with MW before attempting to process transactions in any currency other than AUD. This field is case insensitive.
Example: AUD
transactionProduct Required A product (or sale) id or description. We recommend using an order/product id. This field’s primary purpose is to help the transaction be identifiable for reporting and accounting purposes.
Example: ABC4321
Valid length: Up to 255 characters. Some Acquirers limit this field to 40 characters.

Customer Parameters

Parameter Required Description
customerName Not Required This field can only contain alphanumeric characters, as well as the full stop and hyphen character.
Example: Mr. Example Person
Valid length: Between 2 and 255 characters
customerCountry Not Required Two letter ISO 3166-1 alpha-2 country code.
Example: AU
Valid length: 2 characters
customerState Not Required Freeform field, keep consistent for your records and reporting.
Example: Queensland
Valid length: Up to 75 characters
customerCity Not Required Freeform field, keep consistent for your records and reporting.
Example: Brisbane
Valid length: Up to 75 characters
customerAddress Not Required Freeform field.
Example: 123 Test Street
Valid length: Up to 255 characters
customerPostCode Required This can also accomodate ZIP/Post codes for international transactions.
Example: 4000
Valid length: Between 4 and 10 characters
customerPhone Not Required Anything other than +,-, space and 0-9 will be stripped.
Example: 0401234567 or 61731234567
Valid length: Up to 25 characters
customerEmail Not Required Must be valid if present. Sending this optional parameter is highly recommended.
Example: [email protected]
Valid length: Up to 255 characters

Redirect and Notification Parameters

Parameter Required Description
returnURL Required The customer will be redirected to this URL upon completion of the transaction.
Example: https://www.example.com/return.php
notifyURL Required Asynchronous POST notifications will be sent to this URL.
Example: https://www.example.com/notify.php
urlHash Requried The urlHash field is a combination of your API Passphrase, and specific parameters sent in the transaction. See Web URL Hash for information on how to construct the hash correctly.
Example: 511999e54b9ad51ce4c28d7f0550ac81
Valid Length: 32 characters
hashSalt Required Used to salt the return hash used in the 302 Redirect to redirectURL upon the completion of a transaction.
Example: 3x4mpl3s4lt!
logoURL Not Required The URL to an image that will appear in the header of the hosted payment page. Image must be of PNG format and max dimensions of 90x90 pixels and a file size limit of 1500 kilobytes. If no logoURL is supplied a default basket image is used.
Example: https://www.example.com/logo.png
hostedID Not Required The ID of the customized hosted payment page. This can be implemented if multiple hosted payment pages with different logos and banners is a requirement.
Example: 1

Custom Parameters

Parameter Required Description
custom1 Not Required Freeform field. Returned as <custom1> in the XML response.
Valid length: Up to 500 characters
custom2 Not Required Freeform field. Returned as <custom2> in the XML response.
Valid length: Up to 500 characters
custom3 Not Required Freeform field. Returned as <custom3> in the XML response.
Valid length: Up to 500 characters

Verification Hash

Parameter Required Description
hash Required The verification hash is a combination of the MD5 of your API Passphrase, and specific parameters sent in the transaction. See Transaction Type Hash for information on how to construct the hash correctly.
Example: e9ddc296b76b3398934bfc06239073df
Valid length: 32 characters
Sample Request
Requests are generated via a form presented to the customer's browser.
Please see Hosted Payments Sample Files for examples.
Sample 'notifyURL' Response
<?xml version="1.0" encoding="UTF-8"?>
<mwResponse>
  <responseCode>0</responseCode>
  <responseMessage>DDA approved</responseMessage>
   <customerEmail>[email protected]</customerEmail> 
 <paymentAccountName>John Doe</paymentAccountName>
 <paymentAccountBSB>123456</paymentAccountBSB>
 <paymentAccountNumber>987456123</paymentAccountNumber>
 <custom1>Test Field</custom1>
 <custom2/> 
 <custom3/> 
 <customHash>9f61558611bd58b97ea9f505536f5101</customHash>
<hash>da407c1d6ebc1ed405109497d1e0caa5</hash>
 <fingerprint>f0ab06f8d69d3dafa06a5abd45460ace</fingerprint>
</mwResponse>
Sample 'returnURL' Response
https://www.mydomain.com/sample.return.php?status=return&status=approved&reference=1-373eb735-bd24-11e6-992a-005056b209e0&hash=c4c5db49d97b21c7898f3e8ed8057b24&custom1=Custom+Field+1&custom2=Custom+Field+2&custom3=Custom+Field+3&customHash=9c8bffd18b890aebf84b27744a205385&message=Transaction+approved
Please see 302 redirect (Direct Debit Authorizations) for the returnURL
response field definitions

processDDebitAuth

The processDDebitAuth method is used to initiate an electronic (paperless) direct debit authorization form

Request-Parameters

API Method

Parameter Required Description
method Required This field is case sensitive.
Example: processDDebitAuth

Authentication Parameters

Parameter Required Description
merchantUUID Required The value of this parameter is provided to you by Merchant Warrior.
Example: 123456789abcd

Customer Parameters

Parameter Required Description
customerName Required This field can only contain alphanumeric characters, as well as the full stop, comma, apostrophe, ampersand, space and hyphen characters.
Example: Mr. Example Person
Valid length: Between 2 and 255 characters
customerCountry Required Two letter ISO 3166-1 alpha-2 country code.
Example: AU
Valid length: 2 characters
customerState Required Freeform field, keep consistent for your records and reporting.
Example: Queensland
Valid length: Up to 75 characters
customerCity Required Freeform field, keep consistent for your records and reporting.
Example: Brisbane
Valid length: Up to 75 characters
customerAddress Required Freeform field.
Example: 123 Test Street
Valid length: Up to 255 characters
customerPostCode Required This can also accomodate ZIP/Post codes for international transactions.
Example: 4000
Valid length: Between 4 and 10 characters
customerPhone Required Anything other than +,-, space and 0-9 will be stripped.
Example: 0401234567 or 61731234567
Valid length: Up to 25 characters
customerEmail Required Sending this optional parameter is highly recommended.
Example: [email protected]
Valid length: Up to 255 characters

Payment Account Details

Parameter Required Description
paymentAccountBSB Required BSB of the account to be debited.
Example: 123123
paymentAccountName Required The name on the account to be debited.
Example: Bob Jones
paymentAccountNumber Required Account number of the account to be debited.
Example: 234523451
transactionAmount Not Required The amount must be formatted to have two decimal places. Any amounts without two decimal places or amounts less than one cent will be rejected. This field is not required if you are submitting a direct debit authorization that has a variable amount.
Example: 10.00
transactionCurrency Required One of the following: AUD or NZD.
Example: AUD

Verification Hash

Parameter Required Description
hash Required The verification hash is a combination of the MD5 of your API Passphrase, and specific parameters sent in the transaction. See Transaction Type Hash for information on how to construct the hash correctly. (Field is only required if transactionAmount and transactionCurrency have been set for a DDA)
Example: e9ddc296b76b3398934bfc06239073df
Valid length: 32 characters

Redirect and Notification Parameters

Parameter Required Description
returnURL Required The customer will be redirected to this URL upon completion of the transaction.
Example: https://www.example.com/return.php
notifyURL Required Asynchronous POST notifications will be sent to this URL.
Example: https://www.example.com/notify.php
urlHash Requried The urlHash field is a combination of your API Passphrase, and specific parameters sent in the transaction. See Web URL Hash for information on how to construct the hash correctly.
Example: Queensland
Valid Length: Up to 32 characters
hashSalt Required Used to salt the return hash used in the 302 Redirect to redirectURL upon the completion of a transaction.
Example: 3x4mpl3s4lt!

Customization Parameters

Parameter Required Description
logoURL Not Required The URL to an image that will appear in the header of the hosted payment page. Image must be of PNG format and max dimensions of 90x90 pixels and a file size limit of 1500 kilobytes. If no logoURL is supplied a default Direct Debit icon is displayed.
Example: https://www.example.com/logo.png
hostedID Not Required Digits only. The ID of the customized hosted payment page. This can be implemented if multiple hosted DDA pages with different logos and banners are a requirement.
Example: 1
custom1 Not Required Freeform field. Returned as <custom1> in the XML response.
Valid length: Up to 500 characters
custom2 Not Required Freeform field. Returned as <custom2> in the XML response.
Valid length: Up to 500 characters
custom3 Not Required Freeform field. Returned as <custom3> in the XML response.
Valid length: Up to 500 characters
Production API Endpoint

https://api.merchantwarrior.com/transfer/

Sandbox API Endpoint

https://base.merchantwarrior.com/transfer/

Transparent Redirect

The following sub-sections will outline the various API methods present in the Merchant Warrior Transparent Redirect.

Introduction

The Transparent Redirect (also referred to as a Direct POST) service allows merchants to host and customize a secure hosted payment page themselves, whilst assisting in reducing the scope of PCI DSS compliance.

Merchants who do not wish to store, process or transmit credit card (PAN) will be able to achieve this with this service.

Request Format

API requests are submitted to the Transparent Redirect service using POST, and must be performed over HTTPS.

Respone Format

The Transparent Redirect service will return responses in XML format to a specified notifyURL via an Asynchronous HTTP POST. Response paramaters are also returned in the GET string of the specified returnURL via a 302 redirect.

Available Methods

The Transparent Redirect service consists of the following methods:
getAccessToken: Generates a one time access token for submission with transactions
processCard: Performs a purchase transaction on a customer’s credit card
processAuth: Performs a pre-authorization on a customer’s credit card
addCard: Adds a card to the Local or Global Vault

Sample Request
curl -X POST https://api.merchantwarrior.com/transfer/ \
  -d method="getAccessToken" \
  -d merchantUUID="5265f8eed6a19" \
  -d apiKey="ksmnwxab" \
  -d hash="f518187f47bc52fe5a76a18593df72c9" \
  -d urlHash="49713da3df889c861c5643107af9dcde"
require 'net/http'
require 'uri'

uri = URI.parse("https://api.merchantwarrior.com/transfer/")
request = Net::HTTP::Post.new(uri)
request.set_form_data(
  'method' => 'getAccessToken',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'hash' => 'f518187f47bc52fe5a76a18593df72c9',
  'urlHash' => '49713da3df889c861c5643107af9dcde'
)

response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == "https") do |http|
  http.request(request)
end

puts response.body
import requests

data = {
  'method' : 'getAccessToken',
  'merchantUUID' : '5265f8eed6a19',
  'apiKey' : 'ksmnwxab',
  'hash' : 'f518187f47bc52fe5a76a18593df72c9',
  'urlHash' : '49713da3df889c861c5643107af9dcde'
}

r = requests.post('https://api.merchantwarrior.com/transfer/', data = data)

print(r.text)
<?php
// Setup the POST url
define('MW_API_ENDPOINT', 'https://api.merchantwarrior.com/transfer/');

// Setup POST data
$postData = array (
  'method' => 'getAccessToken',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'hash' => 'f518187f47bc52fe5a76a18593df72c9',
  'urlHash' => '49713da3df889c861c5643107af9dcde'
);

// Setup CURL defaults
$curl = curl_init();

// Setup CURL params for this request
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_URL, MW_API_ENDPOINT);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($postData, '', '&'));

// Run CURL
$response = curl_exec($curl);
$error = curl_error($curl);

// Check for CURL errors
if (isset($error) && strlen($error)) {
    throw new Exception("CURL Error: {$error}");
}

// Parse the XML
$xml = simplexml_load_string($response);

// Convert the result from a SimpleXMLObject into an array
$xml = (array)$xml;

// Validate the response - the only successful code is 0
$status = ((int)$xml['responseCode'] === 0) ? true : false;

// Make the response a little more useable
$result = array (
    'status' => $status, 
    'transactionID' => (isset($xml['transactionID']) ? $xml['transactionID'] : null),
    'responseData' => $xml
);

exit(var_dump($result));
?>
using System;
using System.Collections.Generic;
using System.Linq;

public class Program {
    public static void Main(string[] args) {
        using(var client = new System.Net.WebClient()) {
            byte[] response = client.UploadValues("https://api.merchantwarrior.com/transfer/", 
                    new System.Collections.Specialized.NameValueCollection() {
                        { "method", "getAccessToken" },
                        { "merchantUUID", "578dd399d2373" },
                        { "apiKey", "dyqxkzse" },
                        { "hash", "f518187f47bc52fe5a76a18593df72c9" },
                        { "urlHash", "49713da3df889c861c5643107af9dcde" },
                    });
            String result = System.Text.Encoding.Default.GetString(response);
            Console.WriteLine(result);
            }
    }
}
Imports System
Imports System.Collections.Generic
Imports System.Linq

Public Module Program
    Public Sub Main(args As String())
        Using client = New System.Net.WebClient()
            Dim response As Byte() = client.UploadValues(
            "https://api.merchantwarrior.com/transfer/", 
            New System.Collections.Specialized.NameValueCollection() From { _
                {"method", "getAccessToken"}, _
                {"merchantUUID", "578dd399d2373"}, _
                {"apiKey", "dyqxkzse"}, _
                {"hash", "f518187f47bc52fe5a76a18593df72c9"}, _
                {"urlHash", "49713da3df889c861c5643107af9dcde"} _
            })
            Dim result As [String] = System.Text.Encoding.[Default].GetString(response)
            Console.WriteLine(result)
        End Using
    End Sub
End Module
import java.io.*;
import java.net.*;
import java.util.*;

public class Program{

    public static void main(String[] args) {
        try{
            URL url = new URL("https://api.merchantwarrior.com/transfer/");
            Map<String, String> params = new LinkedHashMap<>();
            params.put("method", "getAccessToken");
            params.put("merchantUUID", "5265f8eed6a19");
            params.put("apiKey", "ksmnwxab");         
            params.put("hash", "b55552ff426d7e3d4885465d27ea0062");
            params.put("urlHash", "49713da3df889c861c5643107af9dcde");

            StringBuilder postData = new StringBuilder();
            for (Map.Entry<String, String> param : params.entrySet()) {
              if (postData.length() != 0) 
                postData.append('&');
                postData.append(param.getKey());
                postData.append('=');
                postData.append(param.getValue());
            }
            HttpURLConnection conn = (HttpURLConnection)url.openConnection();
            conn.setRequestMethod("POST");
            conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
            conn.setDoOutput(true);

            OutputStreamWriter writer = new OutputStreamWriter(conn.getOutputStream());
            writer.write(postData.toString());
            writer.flush();

            BufferedReader reader = new BufferedReader(
                new InputStreamReader(conn.getInputStream()));
            String line;
            StringBuilder sb = new StringBuilder();
            while((line = reader.readLine()) != null){
                sb.append(line);
            }
            System.out.println(sb.toString());
            writer.close();
            reader.close();
        }
        catch(Exception ex){
            ex.printStackTrace();
        }
    }

}

Sample Response
<?xml version="1.0" encoding="UTF-8"?>
<mwResponse>
 <responseCode>0</responseCode> 
 <responseMessage>Operation successful</responseMessage> 
 <token>578de10d9a</token>
</mwResponse>

getAccessToken


The getAccessToken method generates a one time access token that acts as an additional security measure to identify that the request originates from a valid merchant and that the request has not been tampered with during transmission.

Request-Parameters

API Method

Parameter Required Description
method Required This field is case sensitive.
Example: getAccessToken

Authentication Parameters

Parameter Required Description
merchantUUID Required The value of this parameter is provided to you by Merchant Warrior.
Example: 123456789abcd
apiKey Required The value of this parameter is provided to you by Merchant Warrior.
Example: 1a3b5c

Verification Hash Parameters

Parameter Required Description
hash Required/ Not Required The verification hash is a combination of the MD5 of your API Passphrase, and specific parameters sent in the transaction. See Transaction Type Hash for information on how to construct the hash correctly. This parameter is not required if you are generating an Access Token for use with the Transparent Redirect addCard method.
Example: e9ddc296b76b3398934bfc06239073df
Valid Length: 32 characters
urlHash Required The urlHash field is a combination of the MD5 of your API Passphrase, and specific parameters sent in the transaction. See Web URL Hash for information on how to construct the hash correctly.
Example: Queensland
Valid Length: Up to 32 characters
Sample Request
Requests are generated via a form presented to the customer's browser.
Please see Transparent Redirect Sample Files for examples.
Sample 'notifyURL' Response
<?xml version="1.0" encoding="UTF-8"?>
<mwResponse>
  <responseCode>0</responseCode>
  <responseMessage>Transaction approved</responseMessage>
  <transactionID>1336-20be3569-b600-11e6-b9c3-005056b209e0</transactionID>
  <authCode>731357421</authCode>
  <receiptNo>731357421</receiptNo>
  <authMessage>Honour with identification</authMessage>
  <authResponseCode>08</authResponseCode>
  <authSettledDate>2016-11-29</authSettledDate>
  <custom1/>
  <custom2/>
  <custom3/>
  <customHash>65b172551b7d3a0706c0ce5330c98470</customHash>
</mwResponse>
Sample 'returnURL' Response
https://www.mydomain.com/sample.return.php?status=return&status=approved&reference=1336-20be3569-b600-11e6-b9c3-005056b209e0&hash=a4f5cb49d97c21c7898f3e8ed8957b24&custom1=Custom+Field+1&custom2=Custom+Field+2&custom3=Custom+Field+3&customHash=5c8baad1db890aebf83b29744a205385&message=Transaction+approved
The responses below are for a request where the addCard parameter has been
set to 1 (credit card details will be stored in the MW Vault)
Sample 'notifyURL' Response
<?xml version="1.0" encoding="UTF-8"?>
<mwResponse>
  <responseCode>0</responseCode>
  <responseMessage>Transaction approved</responseMessage>
  <transactionID>1-546cbd0c-bd2b-11e6-992a-005056b209e0</transactionID>
  <authCode>731367169</authCode>
  <receiptNo>731367169</receiptNo>
  <authMessage>Honour with identification</authMessage>
  <authResponseCode>08</authResponseCode>
  <authSettledDate>2016-12-09</authSettledDate>
  <custom1>Custom Field 1</custom1>
  <custom2>Custom Field 2</custom2>
  <custom3>Custom Field 3</custom3>
  <customHash>9c8bffd18b890aebf84b27744a205385</customHash>
  <cardID>OWMB27978537</cardID>
  <cardKey>cD4PeecJ0PsMcZAh</cardKey>
  <ivrCardID>27978537</ivrCardID>
  <hash>1cf2b6ae1293e02d607f358cc9bcfaeb</hash>
</mwResponse>
Sample 'returnURL' Response
https://www.mydomain.com/sample.return.php?status=return&status=approved&reference=1-546cbd0c-bd2b-11e6-992a-005056b209e0&hash=1cf2b6ae1293e02d607f358cc9bcfaeb&custom1=Custom+Field+1&custom2=Custom+Field+2&custom3=Custom+Field+3&customHash=9c8bffd18b890aebf84b27744a205385&message=Transaction+approved&cardID=OWMB27978537&cardKey=cD4PeecJ0PsMcZAh&ivrCardID=27978537
Please see 302 redirect (Transactions) for the returnURL response field
definitions.

processCard


The processCard method is the method used to perform a purchase request.

Request-Parameters

API Method

Parameter Required Description
method Required This field is case sensitive.
Example: processCard

Authentication Parameters

Parameter Required Description
merchantUUID Required The value of this parameter is provided to you by Merchant Warrior.
Example: 123456789abcd
apiKey Required The value of this parameter is provided to you by Merchant Warrior.
Example: 1a3b5c
accessToken Required The value returned by the getAccessToken method.
Example: 578de10d9a

General Transaction Parameters

Parameter Required Description
transactionAmount Required The amount must be formatted to have two decimal places. Any amounts without two decimal places or amounts less than one cent will be rejected.
Example: 10.00
transactionCurrency Required One of the following: AUD, CAD, EUR, GBP, JPY, NZD, SGD, USD. This is provider dependant. Please check with MW before attempting to process transactions in any currency other than AUD. This field is case insensitive.
Example: AUD
transactionProduct Required A product (or sale) id or description. We recommend using an order/product id. This field’s primary purpose is to help the transaction be identifiable for reporting and accounting purposes.
Example: ABC4321
Valid length: Up to 255 characters. Some Acquirers limit this field to 40 characters.
transactionReferenceID Not Required This is a merchant’s unique reference ID for a transaction sent to Merchant Warrior. The main purpose of this ID is to verify the transaction via the queryCard method in the event a valid response is not received.
Example: A257240023321
Valid length: Up to 40 characters

Redirect and Notification Parameters

Parameter Required Description
returnURL Required The customer will be redirected to this URL upon completion of the transaction.
Example: https://www.example.com/return.php
notifyURL Required Asynchronous POST notifications will be sent to this URL. It is important that this URL does not contain any white space characters.
Example: https://www.example.com/notify.php
urlHash Requried The urlHash field is a combination of your API Passphrase, and specific parameters sent in the transaction. See Web URL Hash for information on how to construct the hash correctly.
Example: Queensland
Valid Length: Up to 32 characters
hashSalt Required Used to salt the return hash used in the 302 Redirect to redirectURL upon the completion of a transaction.
Example: 3x4mpl3s4lt!

Customer Parameters

Parameter Required Description
customerName Required This field can only contain alphanumeric characters, as well as the full stop and hyphen characters.
Example: Mr. Example Person
Valid length: Between 2 and 255 characters
customerCountry Required Two letter ISO 3166-1 alpha-2 country code.
Example: AU
Valid length: 2 characters
customerState Required Freeform field, keep consistent for your records and reporting.
Example: Queensland
Valid length: Up to 75 characters
customerCity Required Freeform field, keep consistent for your records and reporting.
Example: Brisbane
Valid length: Up to 75 characters
customerAddress Required Freeform field.
Example: 123 Test Street
Valid length: Up to 255 characters
customerPostCode Required This can also accomodate ZIP/Post codes for international transactions.
Example: 4000
Valid length: Between 4 and 10 characters
customerPhone Not Required Anything other than +,-, space and 0-9 will be stripped.
Example: 0401234567 or 61731234567
Valid length: Up to 25 characters
customerEmail Not Required Sending this optional parameter is highly recommended.
Example: [email protected]
Valid length: Up to 255 characters
customerIP Not Required Any valid IPv4 or IPv6 address is accepted. Sending this optional parameter is highly recommended.
Example: 123.456.789.012 or 2001:0db8:85a3:0000:0000:8a2e:0370:7334
Valid length: Up to 39 characters
storeID Not Required The value of this field is the merchant’s store name. Please note that you need to contact Merchant Warrior to enable the storeID feature before you can use this parameter.
Example: Test store name

Payment Parameters

Parameter Required Description
paymentCardNumber Required Only certain card numbers are deemed valid in the test environment. See Test Data for more information. Do not send separators with the card number (e.g. 1234-5678… or 1234 5678).
Example: 5123456789012346 or 4557012345678902
Valid length: Between 13 and 16 digits
paymentCardExpiry Required This must be MMYY format. The month must be zero padded if it is less than 10.
Example: 0513
Valid length: 4 digits
paymentCardName Required This must contain at the very least a space and no less than two characters. Only alphanumeric characters, hyphens, spaces and full stops are allowed.
Example: Mr. Example Person or MR E PERSON or Example Person
Valid length: Between 3 and 255 characters
paymentCardCSC Not Required This is also known as the CVN or CVV/2. This is required by some Acquirers if the transaction is initiated by the customer. Please contact Merchant Warrior for more information.
Example: 123
Valid length: Between 3 and 4 characters
addCard Not Required This value is a boolean to denote whether the paymentCardNumber should automatically be added to the Merchant Warrior Vault after processing the transaction.
Example: 1
Valid Length: 1 digit

Global Vault Parameters

Parameter Required Description
cardGlobal Not Required This must be in a boolean format.
Example: 1
cardEmail Not Required This must be in a valid email format.
Example: [email protected]
cardContact Not Required This must be in a valid Australian or International mobile number format.
Example: 0486292992 or +614920202820

Custom Parameters

Parameter Required Description
custom1 Not Required Freeform field. Returned as <custom1> in the XML response.
Valid length: Up to 500 characters
custom2 Not Required Freeform field. Returned as <custom2> in the XML response.
Valid length: Up to 500 characters
custom3 Not Required Freeform field. Returned as <custom3> in the XML response.
Valid length: Up to 500 characters

Verification Hash

Parameter Required Description
hash Required The verification hash is a combination of the MD5 of your API Passphrase, and specific parameters sent in the transaction. See Transaction Type Hash for information on how to construct the hash correctly.
Example: e9ddc296b76b3398934bfc06239073df
Valid length: 32 characters
Sample Request
Requests are generated via a form presented to the customer's browser.
Please see Transparent Redirect Sample Files for examples.
Sample 'notifyURL' Response
<?xml version="1.0" encoding="UTF-8"?>
<mwResponse>
  <responseCode>0</responseCode>
  <responseMessage>Transaction approved</responseMessage>
  <transactionID>1336-20be3569-b600-11e6-b9c3-005056b209e0</transactionID>
  <authCode>731357421</authCode>
  <receiptNo>731357421</receiptNo>
  <authMessage>Honour with identification</authMessage>
  <authResponseCode>08</authResponseCode>
  <authSettledDate>2016-11-29</authSettledDate>
  <custom1/>
  <custom2/>
  <custom3/>
  <customHash>65b172551b7d3a0706c0ce5330c98470</customHash>
</mwResponse>
Sample 'returnURL' Response
https://www.mydomain.com/sample.return.php?status=return&status=approved&reference=1336-20be3569-b600-11e6-b9c3-005056b209e0&hash=a4f5cb49d97c21c7898f3e8ed8957b24&custom1=Custom+Field+1&custom2=Custom+Field+2&custom3=Custom+Field+3&customHash=5c8baad1db890aebf83b29744a205385&message=Transaction+approved
The responses below are for a request where the addCard parameter has been
set to 1 (credit card details will be stored in the MW Vault)
Sample 'notifyURL' Response
<?xml version="1.0" encoding="UTF-8"?>
<mwResponse>
  <responseCode>0</responseCode>
  <responseMessage>Transaction approved</responseMessage>
  <transactionID>1-546cbd0c-bd2b-11e6-992a-005056b209e0</transactionID>
  <authCode>731367169</authCode>
  <receiptNo>731367169</receiptNo>
  <authMessage>Honour with identification</authMessage>
  <authResponseCode>08</authResponseCode>
  <authSettledDate>2016-12-09</authSettledDate>
  <custom1>Custom Field 1</custom1>
  <custom2>Custom Field 2</custom2>
  <custom3>Custom Field 3</custom3>
  <customHash>9c8bffd18b890aebf84b27744a205385</customHash>
  <cardID>OWMB27978537</cardID>
  <cardKey>cD4PeecJ0PsMcZAh</cardKey>
  <ivrCardID>27978537</ivrCardID>
  <hash>1cf2b6ae1293e02d607f358cc9bcfaeb</hash>
</mwResponse>
Sample 'returnURL' Response
https://www.mydomain.com/sample.return.php?status=return&status=approved&reference=1-546cbd0c-bd2b-11e6-992a-005056b209e0&hash=1cf2b6ae1293e02d607f358cc9bcfaeb&custom1=Custom+Field+1&custom2=Custom+Field+2&custom3=Custom+Field+3&customHash=9c8bffd18b890aebf84b27744a205385&message=Transaction+approved&cardID=OWMB27978537&cardKey=cD4PeecJ0PsMcZAh&ivrCardID=27978537
Please see 302 redirect (Transactions) for the returnURL response field
definitions.

processAuth


The processAuth method is used to perform a pre-authorization request.

Request-Parameters

API Method

Parameter Required Description
method Required This field is case sensitive.
Example: processAuth

Authentication Parameters

Parameter Required Description
merchantUUID Required The value of this parameter is provided to you by Merchant Warrior.
Example: 123456789abcd
apiKey Required The value of this parameter is provided to you by Merchant Warrior.
Example: 1a3b5c
accessToken Required The value returned by the getAccessToken method.
Example: 578de10d9a

General Transaction Parameters

Parameter Required Description
transactionAmount Required The amount must be formatted to have two decimal places. Any amounts without two decimal places or amounts less than one cent will be rejected.
Example: 10.00
transactionCurrency Required One of the following: AUD, CAD, EUR, GBP, JPY, NZD, SGD, USD. This is provider dependant. Please check with MW before attempting to process transactions in any currency other than AUD. This field is case insensitive.
Example: AUD
transactionProduct Required A product (or sale) id or description. We recommend using an order/product id. This field’s primary purpose is to help the transaction be identifiable for reporting and accounting purposes.
Example: ABC4321
Valid length: Up to 255 characters. Some Acquirers limit this field to 40 characters.
transactionReferenceID Not Required This is a merchant’s unique reference ID for a transaction sent to Merchant Warrior. The main purpose of this ID is to verify the transaction via the queryCard method in the event a valid response is not received.
Example: A257240023321
Valid length: Up to 40 characters

Redirect and Notification Parameters

Parameter Required Description
returnURL Required The customer will be redirected to this URL upon completion of the transaction.
Example: https://www.example.com/return.php
notifyURL Required Asynchronous POST notifications will be sent to this URL. It is important that this URL does not contain any white space characters.
Example: https://www.example.com/notify.php
urlHash Requried The urlHash field is a combination of your API Passphrase, and specific parameters sent in the transaction. See Web URL Hash for information on how to construct the hash correctly.
Example: Queensland
Valid Length: Up to 32 characters
hashSalt Required Used to salt the return hash used in the 302 Redirect to redirectURL upon the completion of a transaction.
Example: 3x4mpl3s4lt!

Customer Parameters

Parameter Required Description
customerName Required This field can only contain alphanumeric characters, as well as the full stop and hyphen characters.
Example: Mr. Example Person
Valid length: Between 2 and 255 characters
customerCountry Required Two letter ISO 3166-1 alpha-2 country code.
Example: AU
Valid length: 2 characters
customerState Required Freeform field, keep consistent for your records and reporting.
Example: Queensland
Valid length: Up to 75 characters
customerCity Required Freeform field, keep consistent for your records and reporting.
Example: Brisbane
Valid length: Up to 75 characters
customerAddress Required Freeform field.
Example: 123 Test Street
Valid length: Up to 255 characters
customerPostCode Required This can also accomodate ZIP/Post codes for international transactions.
Example: 4000
Valid length: Between 4 and 10 characters
customerPhone Not Required Anything other than +,-, space and 0-9 will be stripped.
Example: 0401234567 or 61731234567
Valid length: Up to 25 characters
customerEmail Not Required Sending this optional parameter is highly recommended.
Example: [email protected]
Valid length: Up to 255 characters
customerIP Not Required Any valid IPv4 or IPv6 address is accepted. Sending this optional parameter is highly recommended.
Example: 123.456.789.012 or 2001:0db8:85a3:0000:0000:8a2e:0370:7334
Valid length: Up to 39 characters
storeID Not Required The value of this field is the merchant’s store name. Please note that you need to contact Merchant Warrior to enable the storeID feature before you can use this parameter.
Example: Test store name

Payment Parameters

Parameter Required Description
paymentCardNumber Required Only certain card numbers are deemed valid in the test environment. See Test Data for more information. Do not send separators with the card number (e.g. 1234-5678… or 1234 5678).
Example: 5123456789012346 or 4557012345678902
Valid length: Between 13 and 16 digits
paymentCardExpiry Required This must be MMYY format. The month must be zero padded if it is less than 10.
Example: 0513
Valid length: 4 digits
paymentCardName Required This must contain at the very least a space and no less than two characters. Only alphanumeric characters, hyphens, spaces and full stops are allowed.
Example: Mr. Example Person or MR E PERSON or Example Person
Valid length: Between 3 and 255 characters
paymentCardCSC Not Required This is also known as the CVN or CVV/2. This is required by some Acquirers if the transaction is initiated by the customer. Please contact Merchant Warrior for more information.
Example: 123
Valid length: Between 3 and 4 characters
addCard Not Required This value is a boolean to denote whether the paymentCardNumber should automatically be added to the Merchant Warrior Vault after processing the transaction.
Example: 1
Valid Length: 1 digit

Global Vault Parameters

Parameter Required Description
cardGlobal Not Required This must be in a boolean format.
Example: 1
cardEmail Not Required This must be in a valid email format.
Example: [email protected]
cardContact Not Required This must be in a valid Australian or International mobile number format.
Example: 0486292992 or +614920202820

Custom Parameters

Parameter Required Description
custom1 Not Required Freeform field. Returned as <custom1> in the XML response.
Valid length: Up to 500 characters
custom2 Not Required Freeform field. Returned as <custom2> in the XML response.
Valid length: Up to 500 characters
custom3 Not Required Freeform field. Returned as <custom3> in the XML response.
Valid length: Up to 500 characters

Verification Hash

Parameter Required Description
hash Required The verification hash is a combination of the MD5 of your API Passphrase, and specific parameters sent in the transaction. See Transaction Type Hash for information on how to construct the hash correctly.
Example: e9ddc296b76b3398934bfc06239073df
Valid length: 32 characters
Sample Request
Requests are generated via a form presented to the customer's browser.
Please see Transparent Redirect Sample Files for examples.
Sample 'notifyURL' Response
<?xml version="1.0" encoding="UTF-8"?>
<mwResponse>
  <responseCode>0</responseCode>
  <responseMessage>Operation successful</responseMessage>
  <cardID>FSLI56586207</cardID>
  <cardKey>qg4ecwqS0wEWqEAg</cardKey>
  <ivrCardID>56586207</ivrCardID>
  <custom1>Custom Field 1</custom1>
  <custom2>Custom Field 2</custom2>
  <custom3>Custom Field 3</custom3>
  <customHash>9c8bffd18b890aebf84b27744a205385</customHash>
  <hash>de4e91d57da02223749abdab42345970</hash>
</mwResponse>
Sample 'returnURL' Response
https://www.mydomain.com/sample.return.php?status=return&status=success&responseMessage=Operation%20successful&hash=de4e91d57da02223749abdab42345970&cardID=FSLI56586207&cardKey=qg4ecwqS0wEWqEAg&ivrCardID=56586207&custom1=Custom+Field+1&custom2=Custom+Field+2&custom3=Custom+Field+3&customHash=9c8bffd18b890aebf84b27744a205385
Please see 302 redirect (Tokenization) for the returnURL response field
definitions.

addCard


The addCard method is used to add a new card to the MW Vault.

Request-Parameters

Authentication Parameters

Parameter Required Description
merchantUUID Required The value of this parameter is provided to you by Merchant Warrior.
Example: 123456789abcd
apiKey Required The value of this parameter is provided to you by Merchant Warrior.
Example: 1a3b5c
accessToken Required The value returned by the getAccessToken method.
Example: 578de10d9a

Cardholder Data

Parameter Required Description
cardName Required This must contain at the very least a space and no less than two characters. Only alphanumeric characters, hyphens, spaces and full stops are allowed.
Example: Mr. Example Person or MR E PERSON or Example Person
Valid length: Between 3 and 255 characters
cardNumber Required Example: 5123456789012346 or 4557012345678902
Valid length: Between 13 and 16 digits
cardExpiryMonth Required This must be MM format. The month must be zero padded if it is less than 10.
Example: 05
Valid length: 2 digits
cardExpiryYear Required This must be YY format.
Example: 13
Valid length: 2 digits

Global Vault Parameters

Parameter Required Description
cardGlobal Not Required This must be in a boolean format.
Example: 1
cardEmail Not Required This must be in a valid email format.
Example: [email protected]
cardContact Not Required This must be in a valid Australian or International mobile number format.
Example: 0486292992 or +614920202820

Redirect and Notification Parameters

Parameter Required Description
returnURL Required The customer will be redirected to this URL upon completion of the transaction.
Example: https://www.example.com/return.php
notifyURL Required Asynchronous POST notifications will be sent to this URL. It is important that this URL does not contain any white space characters.
Example: https://www.example.com/notify.php

Custom Parameters

Parameter Required Description
custom1 Not Required Freeform field. Returned as <custom1> in the XML response.
Valid length: Up to 500 characters
custom2 Not Required Freeform field. Returned as <custom2> in the XML response.
Valid length: Up to 500 characters
custom3 Not Required Freeform field. Returned as <custom3> in the XML response.
Valid length: Up to 500 characters

Verification Hash

Parameter Required Description
urlHash Requried The urlHash field is a combination of your API Passphrase, and specific parameters sent in the transaction. See Web URL Hash for information on how to construct the hash correctly.
Example: Queensland
Valid Length: Up to 32 characters
hashSalt Required Used to salt the return hash used in the 302 Redirect to redirectURL upon the completion of a transaction.
Example: 3x4mpl3s4lt!
getAccessToken requests must be sent to the following API endpoints:

Production API Endpoint

https://api.merchantwarrior.com/iframe/

Sandbox API Endpoint

https://base.merchantwarrior.com/iframe/

iFrame generation requests must be sent to the following API endpoints:

Production API Endpoint

https://secure.merchantwarrior.com/iframe/

Sandbox API Endpoint

https://securetest.merchantwarrior.com/iframe/

Transparent iFrame

The following sub-sections will outline the various API methods present in the Merchant Warrior Transparent iFrame service.

Introduction

The MW Transparent iFrame service allows merchants to embed an MW iFrame in their website and/or application. The MW iFrame can process transactions and/or store credit card information in the MW Vault.

Merchants who do not wish to store, process or transmit credit card (PAN) in order to reduce their PCI DSS scope will be able to achieve this with this service.

Custom iFrame(s)

The Transparent iFrame can be fully customized to maintain the look and feel of the website and/or application(s) that it is embedded in. In order to do this the relevant (addCard, processCard or processAuth) HTML skeleton form will need to be downloaded (from here) and themed accordingly.

The HTML skeleton form can be customized to handle frontend validation and styling. After the HTML skeleton form has been customized appropriately, all assets (css, images and javascript) should be compressed and emailed to our technical team ([email protected]) for review.

If the customized Transparent iFrame is approved by our technical team it will be made accessible on the Merchant Warrior platform and will be available by submitting the ‘style’ and ‘custom’ parameters in the appropriate transaction request (addCard, processCard or processAuth).

Request Format

API requests are submitted to the Transparent iFrame service using POST, and must be performed over HTTPS.

In order for an iFrame to be generated successfully, a request must be sent from a website or application that has its form target set as the target of the iFrame.

A simple implementation of the Transparent iFrame is made possible by creating a standard HTML form and submitting the form via javascript, AJAX or any other technology in use by the website and/or application(s).

Respone Format

The Transparent iFrame service will return responses in XML format to a specified notifyURL via an Asynchronous HTTP POST. Response paramaters are also returned in the GET string of the specified returnURL via a 302 redirect.

Available Methods

The Transparent iFrame service consists of the following methods:
getAccessToken: Generates a one time access token for submission with transactions
processCard: Performs a purchase transaction on a customer’s credit card
processAuth: Performs a pre-authorization on a customer’s credit card
addCard: Adds a card to the Local or Global Vault

Sample Request
curl -X POST https://api.merchantwarrior.com/iframe/ \
  -d method="getAccessToken" \
  -d merchantUUID="5265f8eed6a19" \
  -d apiKey="ksmnwxab" \
  -d hash="f518187f47bc52fe5a76a18593df72c9" \
  -d urlHash="49713da3df889c861c5643107af9dcde"
require 'net/http'
require 'uri'

uri = URI.parse("https://api.merchantwarrior.com/iframe/")
request = Net::HTTP::Post.new(uri)
request.set_form_data(
  'method' => 'getAccessToken',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'hash' => 'f518187f47bc52fe5a76a18593df72c9',
  'urlHash' => '49713da3df889c861c5643107af9dcde'
)

response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == "https") do |http|
  http.request(request)
end

puts response.body
import requests

data = {
  'method': 'getAccessToken',
  'merchantUUID': '5265f8eed6a19',
  'apiKey': 'ksmnwxab',
  'hash': 'f518187f47bc52fe5a76a18593df72c9',
  'urlHash': '49713da3df889c861c5643107af9dcde'
}

r = requests.post('https://api.merchantwarrior.com/iframe/', data = data)

print(r.text)
<?php
// Setup the POST url
define('MW_API_ENDPOINT', 'https://api.merchantwarrior.com/iframe/');

// Setup POST data
$postData = array (
  'method' => 'getAccessToken',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'hash' => 'f518187f47bc52fe5a76a18593df72c9',
  'urlHash' => '49713da3df889c861c5643107af9dcde'
);

// Setup CURL defaults
$curl = curl_init();

// Setup CURL params for this request
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_URL, MW_API_ENDPOINT);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($postData, '', '&'));

// Run CURL
$response = curl_exec($curl);
$error = curl_error($curl);

// Check for CURL errors
if (isset($error) && strlen($error)) {
    throw new Exception("CURL Error: {$error}");
}

// Parse the XML
$xml = simplexml_load_string($response);

// Convert the result from a SimpleXMLObject into an array
$xml = (array)$xml;

// Validate the response - the only successful code is 0
$status = ((int)$xml['responseCode'] === 0) ? true : false;

// Make the response a little more useable
$result = array (
    'status' => $status, 
    'transactionID' => (isset($xml['transactionID']) ? $xml['transactionID'] : null),
    'responseData' => $xml
);

exit(var_dump($result));
?>
using System;
using System.Collections.Generic;
using System.Linq;

public class Program {
    public static void Main(string[] args) {
        using(var client = new System.Net.WebClient()) {
            byte[] response = client.UploadValues("https://api.merchantwarrior.com/iframe/", 
                    new System.Collections.Specialized.NameValueCollection() {
                        { "method", "getAccessToken" },
                        { "merchantUUID", "578dd399d2373" },
                        { "apiKey", "dyqxkzse" },
                        { "hash", "f518187f47bc52fe5a76a18593df72c9" },
                        { "urlHash", "49713da3df889c861c5643107af9dcde" },
                    });
            String result = System.Text.Encoding.Default.GetString(response);
            Console.WriteLine(result);
            }
    }
}
Imports System
Imports System.Collections.Generic
Imports System.Linq

Public Module Program
    Public Sub Main(args As String())
        Using client = New System.Net.WebClient()
            Dim response As Byte() = client.UploadValues(
            "https://api.merchantwarrior.com/iframe/", 
            New System.Collections.Specialized.NameValueCollection() From { _
                {"method", "getAccessToken"}, _
                {"merchantUUID", "578dd399d2373"}, _
                {"apiKey", "dyqxkzse"}, _
                {"hash", "f518187f47bc52fe5a76a18593df72c9"}, _
                {"urlHash", "49713da3df889c861c5643107af9dcde"} _
            })
            Dim result As [String] = System.Text.Encoding.[Default].GetString(response)
            Console.WriteLine(result)
        End Using
    End Sub
End Module
import java.io.*;
import java.net.*;
import java.util.*;

public class Program{

    public static void main(String[] args) {
        try{
            URL url = new URL("https://api.merchantwarrior.com/iframe/");
            Map<String, String> params = new LinkedHashMap<>();
            params.put("method", "getAccessToken");
            params.put("merchantUUID", "5265f8eed6a19");
            params.put("apiKey", "ksmnwxab");         
            params.put("hash", "b55552ff426d7e3d4885465d27ea0062");
            params.put("urlHash", "49713da3df889c861c5643107af9dcde");

            StringBuilder postData = new StringBuilder();
            for (Map.Entry<String, String> param : params.entrySet()) {
              if (postData.length() != 0) 
                postData.append('&');
                postData.append(param.getKey());
                postData.append('=');
                postData.append(param.getValue());
            }
            HttpURLConnection conn = (HttpURLConnection)url.openConnection();
            conn.setRequestMethod("POST");
            conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
            conn.setDoOutput(true);

            OutputStreamWriter writer = new OutputStreamWriter(conn.getOutputStream());
            writer.write(postData.toString());
            writer.flush();

            BufferedReader reader = new BufferedReader(
                new InputStreamReader(conn.getInputStream()));
            String line;
            StringBuilder sb = new StringBuilder();
            while((line = reader.readLine()) != null){
                sb.append(line);
            }
            System.out.println(sb.toString());
            writer.close();
            reader.close();
        }
        catch(Exception ex){
            ex.printStackTrace();
        }
    }

}

Sample Response
<?xml version="1.0" encoding="UTF-8"?>
<mwResponse>
 <responseCode>0</responseCode>
 <responseMessage>Operation successful</responseMessage>
 <token>907de50c2a</token>
</mwResponse>

getAccessToken


The getAccessToken method generates a one time access token that acts as an additional security measure to identify that the request originates from a valid merchant and that the request has not been tampered with during transmission.

Request-Parameters

API Method

Parameter Required Description
method Required This field is case sensitive.
Example: getAccessToken

Authentication Parameters

Parameter Required Description
merchantUUID Required The value of this parameter is provided to you by Merchant Warrior.
Example: 123456789abcd
apiKey Required The value of this parameter is provided to you by Merchant Warrior.
Example: 1a3b5c

Verification Hash Parameters

Parameter Required Description
hash Required/ Not Required The verification hash is a combination of the MD5 of your API Passphrase, and specific parameters sent in the transaction. See Transaction Type Hash for information on how to construct the hash correctly. This parameter is not required if you are generating an Access Token for use with the Transparent Redirect addCard method.
Example: e9ddc296b76b3398934bfc06239073df
Valid Length: 32 characters
urlHash Required The urlHash field is a combination of the MD5 of your API Passphrase, and specific parameters sent in the transaction. See Web URL Hash for information on how to construct the hash correctly.
Example: Queensland
Valid Length: Up to 32 characters
Sample Request
Requests are generated via a form presented to the customer's browser.
Please see Transparent iFrame Sample Files for examples.
Sample 'notifyURL' Response
<?xml version="1.0" encoding="UTF-8"?>
<mwResponse>
  <responseCode>0</responseCode>
  <responseMessage>Transaction approved</responseMessage>
  <transactionID>1336-20be3569-b600-11e6-b9c3-005056b209e0</transactionID>
  <authCode>731357421</authCode>
  <receiptNo>731357421</receiptNo>
  <authMessage>Honour with identification</authMessage>
  <authResponseCode>08</authResponseCode>
  <authSettledDate>2016-11-29</authSettledDate>
  <custom1/>
  <custom2/>
  <custom3/>
  <customHash>65b172551b7d3a0706c0ce5330c98470</customHash>
</mwResponse>
Sample 'returnURL' Response
https://www.mydomain.com/sample.return.php?status=return&status=approved&reference=1336-20be3569-b600-11e6-b9c3-005056b209e0&hash=a4f5cb49d97c21c7898f3e8ed8957b24&custom1=Custom+Field+1&custom2=Custom+Field+2&custom3=Custom+Field+3&customHash=5c8baad1db890aebf83b29744a205385&message=Transaction+approved
The responses below are for a request where the addCard parameter has been
set to 1 (credit card details will be stored in the MW Vault)
Sample 'notifyURL' Response
<?xml version="1.0" encoding="UTF-8"?>
<mwResponse>
  <responseCode>0</responseCode>
  <responseMessage>Transaction approved</responseMessage>
  <transactionID>1-546cbd0c-bd2b-11e6-992a-005056b209e0</transactionID>
  <authCode>731367169</authCode>
  <receiptNo>731367169</receiptNo>
  <authMessage>Honour with identification</authMessage>
  <authResponseCode>08</authResponseCode>
  <authSettledDate>2016-12-09</authSettledDate>
  <custom1>Custom Field 1</custom1>
  <custom2>Custom Field 2</custom2>
  <custom3>Custom Field 3</custom3>
  <customHash>9c8bffd18b890aebf84b27744a205385</customHash>
  <cardID>OWMB27978537</cardID>
  <cardKey>cD4PeecJ0PsMcZAh</cardKey>
  <ivrCardID>27978537</ivrCardID>
  <hash>1cf2b6ae1293e02d607f358cc9bcfaeb</hash>
</mwResponse>
Sample 'returnURL' Response
https://www.mydomain.com/sample.return.php?status=return&status=approved&reference=1-546cbd0c-bd2b-11e6-992a-005056b209e0&hash=1cf2b6ae1293e02d607f358cc9bcfaeb&custom1=Custom+Field+1&custom2=Custom+Field+2&custom3=Custom+Field+3&customHash=9c8bffd18b890aebf84b27744a205385&message=Transaction+approved&cardID=OWMB27978537&cardKey=cD4PeecJ0PsMcZAh&ivrCardID=27978537
Please see 302 redirect (Transactions) for the returnURL response field
definitions.

processCard


The processCard method is the method used to perform a purchase request.

Request-Parameters

API Method

Parameter Required Description
method Required This field is case sensitive.
Example: processCard

Authentication Parameters

Parameter Required Description
merchantUUID Required The value of this parameter is provided to you by Merchant Warrior.
Example: 123456789abcd
apiKey Required The value of this parameter is provided to you by Merchant Warrior.
Example: 1a3b5c
accessToken Required The value returned by the getAccessToken method.
Example: 578de10d9a

General Transaction Parameters

Parameter Required Description
transactionAmount Required The amount must be formatted to have two decimal places. Any amounts without two decimal places or amounts less than one cent will be rejected.
Example: 10.00
transactionCurrency Required One of the following: AUD, CAD, EUR, GBP, JPY, NZD, SGD, USD. This is provider dependant. Please check with MW before attempting to process transactions in any currency other than AUD. This field is case insensitive.
Example: AUD
transactionProduct Required A product (or sale) id or description. We recommend using an order/product id. This field’s primary purpose is to help the transaction be identifiable for reporting and accounting purposes.
Example: ABC4321
Valid length: Up to 255 characters. Some Acquirers limit this field to 40 characters.
transactionReferenceID Not Required This is a merchant’s unique reference ID for a transaction sent to Merchant Warrior. The main purpose of this ID is to verify the transaction via the queryCard method in the event a valid response is not received.
Example: A257240023321
Valid length: Up to 40 characters

Redirect and Notification Parameters

Parameter Required Description
returnURL Required The customer will be redirected to this URL upon completion of the transaction.
Example: https://www.example.com/return.php
returnTarget Not Required One of the following: _self, _top, _parent. This defines the target of the returnURL. Defaults to _top if not set. If it is set to _none, no redirect will occur (although this is not advised)
Example: _top
notifyURL Required The asynchronous POST notifications will be sent to this URL. It is important that this URL does not contain any white space characters.
Example: https://www.example.com/notify.php
postmessageURL Not Required The domain of the parent for the purpose of sending a postmessage from the iFrame to the parent after completing the transaction. To respond or interpret this message you will need to add a listener to the parent, as shown in Handling a postmessage.
Example: https://www.example.com/
urlHash Requried The urlHash field is a combination of your API Passphrase, and specific parameters sent in the transaction. See Web URL Hash for information on how to construct the hash correctly.
Example: Queensland
Valid Length: Up to 32 characters
hashSalt Required Used to salt the return hash used in the 302 Redirect to redirectURL upon the completion of a transaction.
Example: 3x4mpl3s4lt!

Customer Parameters

Parameter Required Description
customerName Required This field can only contain alphanumeric characters, as well as the full stop, comma, apostrophe, ampersand, space and hyphen characters.
Example: Mr. Example Person
Valid length: Between 2 and 255 characters
customerCountry Required Two letter ISO 3166-1 alpha-2 country code.
Example: AU
Valid length: 2 characters
customerState Required Freeform field, keep consistent for your records and reporting.
Example: Queensland
Valid length: Up to 75 characters
customerCity Required Freeform field, keep consistent for your records and reporting.
Example: Brisbane
Valid length: Up to 75 characters
customerAddress Required Freeform field.
Example: 123 Test Street
Valid length: Up to 255 characters
customerPostCode Required This can also accomodate ZIP/Post codes for international transactions.
Example: 4000
Valid length: Between 4 and 10 characters
customerPhone Not Required Anything other than +,-, space and 0-9 will be stripped.
Example: 0401234567 or 61731234567
Valid length: Up to 25 characters
customerEmail Not Required Sending this optional parameter is highly recommended.
Example: [email protected]
Valid length: Up to 255 characters
customerIP Not Required Any valid IPv4 or IPv6 address is accepted. Sending this optional parameter is highly recommended.
Example: 123.456.789.012 or 2001:0db8:85a3:0000:0000:8a2e:0370:7334
Valid length: Up to 39 characters

Payment Parameters

Parameter Required Description
addCard Not Required This value is a boolean to denote whether the paymentCardNumber should automatically be added to the Merchant Warrior Vault after processing the transaction.
Example: 1
Valid Length: 1 digit
cardTypes Not required This field is a comma delimited list of card types that will be accepted. If not set all card types will be accepted (visa,mastercard,amex,diners,discover,jcb).
Example: Visa, Mastercard

Custom Parameters

Parameter Required Description
custom1 Not Required Freeform field. Returned as <custom1> in the XML response.
Valid length: Up to 500 characters
custom2 Not Required Freeform field. Returned as <custom2> in the XML response.
Valid length: Up to 500 characters
custom3 Not Required Freeform field. Returned as <custom3> in the XML response.
Valid length: Up to 500 characters

Verification Hash

Parameter Required Description
hash Required The verification hash is a combination of the MD5 of your API Passphrase, and specific parameters sent in the transaction. See Transaction Type Hash for information on how to construct the hash correctly.
Example: e9ddc296b76b3398934bfc06239073df
Valid length: 32 characters

Customization Parameters

Parameter Required Description
style Not Required Possible values are default or custom. If not set the default styling is used.
Example: custom
iframeID Not Required This field is only applicable for customers with multiple custom iFrames. This field will not function correctly without the style parameter being set to custom.
Example: 1
Sample Request
Requests are generated via a form presented to the customer's browser.
Please see Transparent iFrame Sample Files for examples.
Sample 'notifyURL' Response
<?xml version="1.0" encoding="UTF-8"?>
<mwResponse>
  <responseCode>0</responseCode>
  <responseMessage>Transaction approved</responseMessage>
  <transactionID>1336-20be3569-b600-11e6-b9c3-005056b209e0</transactionID>
  <authCode>731357421</authCode>
  <receiptNo>731357421</receiptNo>
  <authMessage>Honour with identification</authMessage>
  <authResponseCode>08</authResponseCode>
  <authSettledDate>2016-11-29</authSettledDate>
  <custom1/>
  <custom2/>
  <custom3/>
  <customHash>65b172551b7d3a0706c0ce5330c98470</customHash>
</mwResponse>
Sample 'returnURL' Response
https://www.mydomain.com/sample.return.php?status=return&status=approved&reference=1336-20be3569-b600-11e6-b9c3-005056b209e0&hash=a4f5cb49d97c21c7898f3e8ed8957b24&custom1=Custom+Field+1&custom2=Custom+Field+2&custom3=Custom+Field+3&customHash=5c8baad1db890aebf83b29744a205385&message=Transaction+approved
The responses below are for a request where the addCard parameter has been
set to 1 (credit card details will be stored in the MW Vault)
Sample 'notifyURL' Response
<?xml version="1.0" encoding="UTF-8"?>
<mwResponse>
  <responseCode>0</responseCode>
  <responseMessage>Transaction approved</responseMessage>
  <transactionID>1-546cbd0c-bd2b-11e6-992a-005056b209e0</transactionID>
  <authCode>731367169</authCode>
  <receiptNo>731367169</receiptNo>
  <authMessage>Honour with identification</authMessage>
  <authResponseCode>08</authResponseCode>
  <authSettledDate>2016-12-09</authSettledDate>
  <custom1>Custom Field 1</custom1>
  <custom2>Custom Field 2</custom2>
  <custom3>Custom Field 3</custom3>
  <customHash>9c8bffd18b890aebf84b27744a205385</customHash>
  <cardID>OWMB27978537</cardID>
  <cardKey>cD4PeecJ0PsMcZAh</cardKey>
  <ivrCardID>27978537</ivrCardID>
  <hash>1cf2b6ae1293e02d607f358cc9bcfaeb</hash>
</mwResponse>
Sample 'returnURL' Response
https://www.mydomain.com/sample.return.php?status=return&status=approved&reference=1-546cbd0c-bd2b-11e6-992a-005056b209e0&hash=1cf2b6ae1293e02d607f358cc9bcfaeb&custom1=Custom+Field+1&custom2=Custom+Field+2&custom3=Custom+Field+3&customHash=9c8bffd18b890aebf84b27744a205385&message=Transaction+approved&cardID=OWMB27978537&cardKey=cD4PeecJ0PsMcZAh&ivrCardID=27978537
Please see 302 redirect (Transactions) for the returnURL response field
definitions.

processAuth


The processAuth method is used to perform a pre-authorization request.

Request-Parameters

API Method

Parameter Required Description
method Required This field is case sensitive.
Example: processAuth

Authentication Parameters

Parameter Required Description
merchantUUID Required The value of this parameter is provided to you by Merchant Warrior.
Example: 123456789abcd
apiKey Required The value of this parameter is provided to you by Merchant Warrior.
Example: 1a3b5c
accessToken Required The value returned by the getAccessToken method.
Example: 578de10d9a

General Transaction Parameters

Parameter Required Description
transactionAmount Required The amount must be formatted to have two decimal places. Any amounts without two decimal places or amounts less than one cent will be rejected.
Example: 10.00
transactionCurrency Required One of the following: AUD, CAD, EUR, GBP, JPY, NZD, SGD, USD. This is provider dependant. Please check with MW before attempting to process transactions in any currency other than AUD. This field is case insensitive.
Example: AUD
transactionProduct Required A product (or sale) id or description. We recommend using an order/product id. This field’s primary purpose is to help the transaction be identifiable for reporting and accounting purposes.
Example: ABC4321
Valid length: Up to 255 characters. Some Acquirers limit this field to 40 characters.
transactionReferenceID Not Required This is a merchant’s unique reference ID for a transaction sent to Merchant Warrior. The main purpose of this ID is to verify the transaction via the queryCard method in the event a valid response is not received.
Example: A257240023321
Valid length: Up to 40 characters

Redirect and Notification Parameters

Parameter Required Description
returnURL Required The customer will be redirected to this URL upon completion of the transaction.
Example: https://www.example.com/return.php
returnTarget Not Required One of the following: _self, _top, _parent. This defines the target of the returnURL. Defaults to _top if not set. If it is set to _none, no redirect will occur (although this is not advised)
Example: _top
notifyURL Required The asynchronous POST notifications will be sent to this URL. It is important that this URL does not contain any white space characters.
Example: https://www.example.com/notify.php
postmessageURL Not Required The domain of the parent for the purpose of sending a postmessage from the iFrame to the parent after completing the transaction. To respond or interpret this message you will need to add a listener to the parent, as shown in Handling a postmessage.
Example: https://www.example.com/
urlHash Requried The urlHash field is a combination of your API Passphrase, and specific parameters sent in the transaction. See Web URL Hash for information on how to construct the hash correctly.
Example: Queensland
Valid Length: Up to 32 characters
hashSalt Required Used to salt the return hash used in the 302 Redirect to redirectURL upon the completion of a transaction.
Example: 3x4mpl3s4lt!

Customer Parameters

Parameter Required Description
customerName Required This field can only contain alphanumeric characters, as well as the full stop, comma, apostrophe, ampersand, space and hyphen characters.
Example: Mr. Example Person
Valid length: Between 2 and 255 characters
customerCountry Required Two letter ISO 3166-1 alpha-2 country code.
Example: AU
Valid length: 2 characters
customerState Required Freeform field, keep consistent for your records and reporting.
Example: Queensland
Valid length: Up to 75 characters
customerCity Required Freeform field, keep consistent for your records and reporting.
Example: Brisbane
Valid length: Up to 75 characters
customerAddress Required Freeform field.
Example: 123 Test Street
Valid length: Up to 255 characters
customerPostCode Required This can also accomodate ZIP/Post codes for international transactions.
Example: 4000
Valid length: Between 4 and 10 characters
customerPhone Not Required Anything other than +,-, space and 0-9 will be stripped.
Example: 0401234567 or 61731234567
Valid length: Up to 25 characters
customerEmail Not Required Sending this optional parameter is highly recommended.
Example: [email protected]
Valid length: Up to 255 characters
customerIP Not Required Any valid IPv4 or IPv6 address is accepted. Sending this optional parameter is highly recommended.
Example: 123.456.789.012 or 2001:0db8:85a3:0000:0000:8a2e:0370:7334
Valid length: Up to 39 characters

Payment Parameters

Parameter Required Description
addCard Not Required This value is a boolean to denote whether the paymentCardNumber should automatically be added to the Merchant Warrior Vault after processing the transaction.
Example: 1
Valid Length: 1 digit
cardTypes Not required This field is a comma delimited list of card types that will be accepted. If not set all card types will be accepted (visa,mastercard,amex,diners,discover,jcb).
Example: Visa, Mastercard

Custom Parameters

Parameter Required Description
custom1 Not Required Freeform field. Returned as <custom1> in the XML response.
Valid length: Up to 500 characters
custom2 Not Required Freeform field. Returned as <custom2> in the XML response.
Valid length: Up to 500 characters
custom3 Not Required Freeform field. Returned as <custom3> in the XML response.
Valid length: Up to 500 characters

Verification Hash

Parameter Required Description
hash Required The verification hash is a combination of the MD5 of your API Passphrase, and specific parameters sent in the transaction. See Transaction Type Hash for information on how to construct the hash correctly.
Example: e9ddc296b76b3398934bfc06239073df
Valid length: 32 characters

Customization Parameters

Parameter Required Description
style Not Required Possible values are default or custom. If not set the default styling is used.
Example: custom
iframeID Not Required This field is only applicable for customers with multiple custom iFrames. This field will not function correctly without the style parameter being set to custom.
Example: 1
Sample Request
Requests are generated via a form presented to the customer's browser.
Please see Transparent iFrame Sample Files for examples.
Sample 'notifyURL' Response
<?xml version="1.0" encoding="UTF-8"?>
<mwResponse>
  <responseCode>0</responseCode>
  <responseMessage>Operation successful</responseMessage>
  <cardID>FSLI56586207</cardID>
  <cardKey>qg4ecwqS0wEWqEAg</cardKey>
  <ivrCardID>56586207</ivrCardID>
  <custom1>Custom Field 1</custom1>
  <custom2>Custom Field 2</custom2>
  <custom3>Custom Field 3</custom3>
  <customHash>9c8bffd18b890aebf84b27744a205385</customHash>
  <hash>de4e91d57da02223749abdab42345970</hash>
</mwResponse>
Sample 'returnURL' Response
https://www.mydomain.com/sample.return.php?status=return&status=success&responseMessage=Operation%20successful&hash=de4e91d57da02223749abdab42345970&cardID=FSLI56586207&cardKey=qg4ecwqS0wEWqEAg&ivrCardID=56586207&custom1=Custom+Field+1&custom2=Custom+Field+2&custom3=Custom+Field+3&customHash=9c8bffd18b890aebf84b27744a205385
Please see 302 redirect (Tokenization) for the returnURL response field
definitions.

addCard


The addCard method is used to add a new card to the MW Vault.

Request-Parameters

Authentication Parameters

Parameter Required Description
merchantUUID Required The value of this parameter is provided to you by Merchant Warrior.
Example: 123456789abcd
apiKey Required The value of this parameter is provided to you by Merchant Warrior.
Example: 1a3b5c
accessToken Required The value returned by the getAccessToken method.
Example: 578de10d9a

Global Vault Parameters

Parameter Required Description
cardGlobal Not Required This must be in a boolean format.
Example: 1
cardEmail Not Required This must be in a valid email format.
Example: [email protected]
cardContact Not Required This must be in a valid Australian or International mobile number format.
Example: 0486292992 or +614920202820

Payment Parameters

Parameter Required Description
cardTypes Required This field is a comma delimited list of card types that will be accepted. If not set all card types will be accepted (visa,mastercard,amex,diners,discover,jcb).
Example: visa, mastercard

Redirect and Notification Parameters

Parameter Required Description
returnURL Required The customer will be redirected to this URL upon completion of the transaction.
Example: https://www.example.com/return.php
returnTarget Not Required One of the following: _self, _top, _parent. This defines the target of the returnURL. Defaults to _top if not set. If it is set to _none, no redirect will occur (although this isn’t advised)
Example: _top
notifyURL Required Asynchronous POST notifications will be sent to this URL.
Example: https://www.example.com/notify.php
postmessageURL Not Required The domain of the parent for the purpose of sending a postmessage from the iFrame to the parent after completing the transaction. To respond or interpret this message you will need to add a listener to the parent, as shown in Handling a postmessage.
Example: https://www.example.com/

Custom Parameters

Parameter Required Description
custom1 Not Required Freeform field. Returned as <custom1> in the XML response.
Valid length: Up to 500 characters
custom2 Not Required Freeform field. Returned as <custom2> in the XML response.
Valid length: Up to 500 characters
custom3 Not Required Freeform field. Returned as <custom3> in the XML response.
Valid length: Up to 500 characters

Customization Parameters

Parameter Required Description
style Not Required Possible values are default or custom. If not set the default styling is used.
Example: custom
iframeID Not Required This field is only applicable for customers with multiple custom iFrames. This field will not function correctly without the style parameter being set to custom.
Example: 1

Verification Hash

Parameter Required Description
urlHash Requried The urlHash field is a combination of your API Passphrase, and specific parameters sent in the transaction. See Web URL Hash for information on how to construct the hash correctly.
Example: Queensland
Valid Length: Up to 32 characters
hashSalt Required Used to salt the return hash used in the 302 Redirect to redirectURL upon the completion of a transaction.
Example: 3x4mpl3s4lt!

Handling a Postmessage

If you prefer your application to not redirect after the Transparent iFrame completes a transaction, you have the option of making use of postMessage functionality. This functionality will enable the iframe to send the response it receives to its parent.

// Create IE + others compatible event handler
var eventMethod = window.addEventListener ? "addEventListener" : "attachEvent";
var eventer = window[eventMethod];
var messageEvent = eventMethod == "attachEvent" ? "onmessage" : "message";

// Listen to message from child window
eventer(messageEvent,function(e) {
    console.log('parent received message!:  ',e.data);
},false);
In the above example, replace console.log with code that is appropriate for
your solution, and optionally make use of the get string which is returned
as e.data.

Hash Generation

Overview

Verification hashes are used to prove to MW that the request(s) being sent have been generated by you, and not a malicious third party who may have discovered your merchantUUID and apiKey. Even if a malicious third party was to discover the request data you have sent, they would not be able to create requests without knowing your API Passphrase. Your API Passphrase can be modified in the MW administration interface.

Sample code for generating transaction type hash

$apiPassphrase = "a1B2c3D4";
$merchantUUID = "123456789abcd";
$transactionAmount = "1.00";
$transactionCurrency = "AUD";

$hash = md5($apiPassphrase) . $merchantUUID . $transactionAmount . $transactionCurrency;
$hash = md5(strtolower($hash));
Sample code for generating query type hash

$apiPassphrase = "a1B2c3D4";
$merchantUUID = "123456789abcd";
$transactionID = "1-918490ae-9a1c-11de-8649-000c29753ad4";
$transactionReferenceID = "A257240023321";

$hash = md5($apiPassphrase) . $merchantUUID . $transactionID;

OR

$hash = md5($apiPassphrase) . $merchantUUID . $transactionReferenceID;
$hash = md5(strtolower($hash));
Sample code for generating custom fields verification hash

$apiPassphrase = "a1B2c3D4";
$custom1 = "Remember customer details.";
$custom2 = "Recurring payment.";
$custom3 = "123456789abcd";

$hash = md5($apiPassphrase) . $custom1 . $custom2 . $custom3;
$hash = md5(strtolower($hash));
Sample code for generating batch URL hash

$apiPassphrase = "a1B2c3D4";
$merchantUUID = "123456789abcd";
$batchNotifyURL = https://www.example.com/notify.php

$hash = md5($apiPassphrase) . $merchantUUID . $batchNotifyURL;
$hash = md5(strtolower($hash));
Sample code for generating batch response hash

$apiPassphrase = "a1B2c3D4";
$merchantUUID = "123456789abcd";
$batchUUID = "14dc3311444adc";

$hash = md5($apiPassphrase) . $merchantUUID . $batchUUID;
$hash = md5(strtolower($hash));
Sample code for generating web URL hash

$apiPassphrase = "a1B2c3D4";
$merchantUUID = "123456789abcd";
$returnURL = https://www.example.com/return.php
$notifyURL = https://www.example.com/notify.php

$hash = md5($apiPassphrase) . $merchantUUID . $returnURL . $notifyURL;
$hash = md5(strtolower($hash));
Sample code for generating redirect and post notification hash

$apiPassphrase = "a1B2c3D4";
$hashSalt = "3x4mpl3s4lt!";
$merchantUUID = "123456789abcd";
$status = "Approved";
$transactionID = "1-918490ae-9a1c-11de-8649-000c29753ad4";
$cardID = 243;

$hash = md5($apiPassphrase) . $hashSalt . $merchantUUID . $status . $transactionID;

OR

$hash = md5($apiPassphrase) . $hashSalt . $merchantUUID . $status . $cardID;
$hash = md5(strtolower($hash));

Hash Generator

Transaction Type Hash

To generate a transaction type hash, concatenate the following fields:

md5(apiPassphrase) + merchantUUID + transactionAmount + transactionCurrency

Once concatenated, convert everything to lowercase, and then md5 the string:

Step 1 (concatenate):
md5(passphrase)123456789abcd10.00 AUD

Step 2 (convert to lower):
md5(passphrase)123456789abcd10.00 aud

Step 3 (md5):
d941117d8774b12e218650542af6af56

Query Type Hash

To generate a query type hash, concatenate the following fields:

md5(apiPassphrase) + merchantUUID + transactionID OR transactionReferenceID

Once concatenated, convert everything to lowercase, and then md5 the string, as above.

Custom Fields Verification Hash

To generate the custom fields hash, concatenate, convert to lowercase & md5 the following fields:

md5(apiPassphrase) + custom1 + custom2 + custom3

Be sure to decode the custom* fields first – e.g. “Custom+Field+1” becomes “Custom Field 1”.

Batch File Hash

To generate a batch file hash, simply generate the md5 checksum of the batch file:

md5 + batchFile

As an example the md5 checksum of Batch.zip (containing your .csv) may be d41d8cd98f00b204e9800998ecf8427e

Batch URL Hash

To generate a batch URL hash, concatenate the following fields:

md5(apiPassphrase) + merchantUUID + batchNotifyURL

Once concatenated, convert everything to lowercase, and then md5 the string, as above.

Batch Response Hash

To generate a batch Response hash, concatenate the following fields:

md5(apiPassphrase) + merchantUUID + batchUUID

Once concatenated, convert everything to lowercase, and then md5 the string, as above.

Web URL Hash

To generate a Web URL hash, concatenate the following fields:

md5(apiPassphrase) + merchantUUID + returnURL + notifyURL

Once concatenated, convert everything to lowercase, and then md5 the string, as above.

302 Redirect and Post Notification Verification Hash

Transactions

To generate a verification hash used for the 302 Redirect and POST notification, concatenate the following fields:

md5(apiPassphrase) + hashSalt + merchantUUID + status + transactionID OR cardID

The status and transactionID (or cardID) fields are both contained in the Redirect URL. Once concatenated, convert everything to lowercase, and then md5 the string, as above.

Direct Debit Authorizatoins

To generate a verification hash used for the 302 Redirect and POST notification, concatenate the following fields:

md5(apiPassphrase) + merchantUUID + hashSalt + fingerprint

Test Credit Cards

The test cards below are the only valid card numbers that can be used for testing with CBA, ANZ, NAB, Bendigo & BankWest

Card Number Expiry Date CVN Card Type
5123456789012346 05/17 123 MasterCard
4987654321098769 05/17 123 Visa
345678901234564 05/17 123 Amex
30123456789019 05/17 123 Diners Club

Using the following amounts will return the appropriate response. This particular test provider will change the response you receive based on the cent value supplied with the request.

Amount Description
XXX.00 Transaction approved
XXX.01 Transaction declined - contact issuing bank
XXX.05 Transaction declined – contact issuing bank
XXX.10 Transaction could not be processed
XXX.51 Insufficient credit
XXX.54 Card has expired
XXX.68 No reply from Processing Host
Anything Else Transaction could not be procssed

To test the new Mastercard 2 BIN series numbers, the following test card details can be used.

Card Type PAN (Card Number)
MasterCard 2223000000000007

Use the following expiry dates will return the appropriate responses.

Response Code Name Expiry Date
0 Transaction approved 05/17
4 Transaction could not be processed 04/23
3 Time Out - contact issuing bank 08/24
2 Transaction declined - contact issuing bank 05/18

The test cards below are only valid card numbers that can be used for testing with Westpac, St. George & Bank of Melbourne .

Card Number Expiry Date CVN Description
4564710000000004 02/19 847 Visa Approved
5163200000000008 08/20 070 MC Approved
4564710000000012 02/05 963 Visa Expired
4564710000000020 05/20 234 Visa Low Funds ($10 credit limit)
5163200000000016 12/19 728 MC Stolen
4564720000000037 09/19 030 Visa Invalid CVV2
376000000000006 06/20 2349 Amex
343400000000016 01/19 9023 Amex Restricted
36430000000007 06/22 348 Diners
36430000000015 08/21 988 Diners Stolen
All Others N/A N/A All unknown cards are rejected

302 Redirect

As an Asynchronous HTTP POST is not always reliable, an immediate response is also sent via a 302 redirect of the customer’s browser to the specified returnURL.

Transactions

The table below details the possible fields returned to the returnURL and their descriptions in regards to a transaction.

Field Description
status A textual representation of the transaction result
reference If status is ‘error’, this will not be present. Otherwise, this contains a transactionID that can be used to query the transaction via an API call with the queryCard method
hash A hash used to verify the status & transactionID, using hashSalt
code If status is ‘error’, this will contain an MW error code
message If status is ‘error’, this will contain a textual representation of the error code
custom1 The value of the parameter, URL Encoded. Will be blank if not provided.
custom2 The value of the parameter, URL Encoded. Will be blank if not provided.
custom3 The value of the parameter, URL Encoded. Will be blank if not provided.

Tokenization

The table below details the possible fields returned to the returnURL and their description in regards to a tokenized transaction (addCard).

Field Description
status A textual representation of the transaction result
responseMessage If status is ‘error’, this will not be present. Otherwise, this contains a transactionID that can be used to query the transaction via an API call with the queryCard method
hash A hash used to verify the status & transactionID (or cardID), using hashSalt.
cardID A unique alphanumeric string returned by addCard, used to identify a specific card
cardKey A string used as an encryption/decryption key. This should only be used if you do NOT want Merchant Warrior handling your key storage. This should be unique on a per-card basis. It’s used to encrypt the card when we store it. Every time we receive a process card request, the correct cardkey must also be provided – which is known only by you.
ivrCardID A unique alphanumeric string returned by addCard, used to identify a specific card used for IVR integration
custom1 The value of the parameter. Will be blank if not provided.
custom2 The value of the parameter. Will be blank if not provided.
custom3 The value of the parameter. Will be blank if not provided.
customHash A hash used to verify the custom parameters

Direct Debit Authorizations

Upon the completion of a successful DDA submission the client is redirected to the merchant’s website after 5 seconds or by clicking a link to return to the merchant’s website. The client’s browser is redirected to the returnURL specified by the merchant and the response data is sent via POST to the merchant’s returnURL.

The table below details the possible fields returned to the returnURL and their descriptions in regards to a DDA submission.

Field Description
responseCode The response code associated with the DDA submission
responseMessage A textual representation of the DDA submission
hash A hash used to verify the status & transactionID (or cardID), using hashSalt. Refer to 302 Redirect and POST Notification Verification Hash
customerEmail Email address associated with DDA submission
paymentAccountBSB Account BSB associated with DDA submission
paymentAccountNumber Account Number associated with DDA submission
custom1 The value of the parameter. Will be blank if not provided.
custom2 The value of the parameter. Will be blank if not provided.
custom3 The value of the parameter. Will be blank if not provided.
customHash A hash used to verify the custom parameters
fingerprint Unique fingerprint generated for each DDA submission

Response Codes

There are three possible types of responseCode:

<responsecode> Meaning
< 0 MW validation error
= 0 Transaction/Operation was successful
> 0 Transaction was declined by the provider

If the responseCode is >= 0, the responseMessage field will either contain a preset error or, if applicable, the direct error response given by the provider or MW Vault.

Transaction responseCode

In the table below, the “Status” column shows that the only time money will have left the customer’s account is when a responseCode of 0 is returned. The “Fees” column shows which transaction types have fees applied to them. No fees are ever applied to declines that are caused by provider timeouts, provider errors (except valid declines), or MW declines (due to invalid data, etc).

Status Code Description Fees
Failed -4 Internal MW error (contact MW support) No
Failed -3 One of the required fields was not submitted No
Failed -2 One of the submitted fields was invalid No
Failed -1 Invalid authentication credentials supplied No
Success 0 Transaction Approved Yes
Failed 1 Transaction could not be processed (server error) No
Failed 2 Transaction declined – contact issuing bank Yes
Failed 3 No reply from processing host (timeout) No
Failed 4 Card has expired Yes
Failed 5 Insufficient Funds Yes
Failed 6 Error communicating with bank No
Failed 7 Bank rejected request Yes
Failed 8 Bank declined transaction – type not supported Yes
Failed 9 Bank declined transaction – do not contact bank Yes
- 10 Transaction pending No

Token responseCode

In the table below, the “Status” column shows that the only time that an operation can complete on a customer’s token id is when a responseCode of 0 is returned.

Status Code Description
Failed -4 Internal MW error (contact MW support)
Failed -3 One of the required fields was not submitted
Failed -2 One of the submitted fields was invalid
Success 0 Operation Successful
Failed 1 Requested card has been removed
Failed 2 Requested card has expired

Transaction responseMessage

All MW validation errors will contain a three-digit code prefix at the beginning of the responseMessage. This code will allow you to determine what specifically caused the MWE validation error to be returned, and allow you to deal with it accordingly.

responseCode Code Prefix Description
-3 001 Required field missing
-2 002 Invalid amount
-2 003 Invalid currency
-2 004 Invalid email
-2 005 Invalid name
-2 006 Invalid expiry
-2 007 Invalid card number
-1 008 Invalid auth details
-1 009 Invalid merchantUUID
-1 010 Invalid passphrase
-2 011 Invalid transactionID
-2 012 Invalid transaction
-2 013 Currency mismatch
-2 014 Invalid refund amount
-2 015 Refund exceeds transaction amount
-2 016 Transaction already reversed
-2 017 Invalid verification hash

Sample Files

This section contains the sample files for integration of various services provided by Merchant Warrior.

Transparent iFrame Sample Files

Transparent iFrame Sample Files

Batch Payment Sample Files

Batch Payment Sample Files

Transparent Redirect Sample Files

Transparent Redirect Sample Files

XML Schema

XML Schema

Integration Modules

Below are a list of third party modules for developers and integrators. Additional modules are available via vendor websites.

Virtuemart
Virtuemart (2.x) | Virtuemart (3.x)
Magento
Magento (1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, 1.8.x) | Magento (1.9.x)
uberCart
Ubercart (Drupal 6)
prestraShop
PrestraShop
osCommerce
osCommerce
Drupal Commerce
Drupal Commerce
xCart
X-Cart
CRELoaded
CRELoaded
Zen Cart
Zen Cart
Wix
Wix
Cart 66
Cart 66
WP e-Commerce
WP e-Commerce

Logos

Below are a list of logos for use on merchant payment pages, billing platforms and/or applications. These logos should not be modified in any way.

Merchant Warrior Secure Payments - Visa & MasterCard Accepted
View Image | Download Image
Merchant Warrior Secure Payments - Visa & MasterCard Accepted
View Image | Download Image
Merchant Warrior Secure Payments - Visa & MasterCard Accepted
View Image | Download Image
Merchant Warrior Secure Payments - Visa & MasterCard Accepted
View Image | Download Image
Merchant Warrior Secure Payments - Visa, MastercCard & American Express Accepted
View Image | Download Image
Merchant Warrior Secure Payments - Visa, MasterCard & American Express Accepted
View Image | Download Image
Merchant Warrior Secure Payments - Visa & MasterCard Accepted
View Image | Download Image
Merchant Warrior Secure Payments - Visa & MasterCard Accepted
View Image | Download Image
Merchant Warrior Secure Payments - Visa & MasterCard Accepted
View Image | Download Image
Merchant Warrior Secure Payments - Visa & MasterCard Accepted
View Image | Download Image
Merchant Warrior Secure Payments - Visa & MasterCard Accepted
View Image | Download Image
Merchant Warrior Secure Payments - Visa & MasterCard Accepted
View Image | Download Image