Transparent iFrame
We strongly recommend using the MW Payframe for additional flexibility and functionality.
The following sub-sections will outline the various API methods present in the Merchant Warrior Transparent iFrame service
Endpoints

Sandbox
POST https://api.merchantwarrior.com/iframe/ Copy

Production
POST https://base.merchantwarrior.com/iframe/ Copy

Introduction

The MW Transparent iFrame service allows merchants to embed an MW iFrame in their website and/or application. The MW iFrame can process transactions and/or store credit card information in the MW Vault.

Merchants who do not wish to store, process or transmit credit card (PAN) in order to reduce their PCI DSS scope will be able to achieve this with this service.

In order for an iFrame to be generated successfully, a request must be sent from a website or application that has its form target set as the target of the iFrame.

A simple implementation of the Transparent iFrame is made possible by creating a standard HTML form and submitting the form via javascript, AJAX or any other technology in use by the website and/or application(s).

Custom iFrames

The Transparent iFrame can be fully customized to maintain the look and feel of the website and/or application(s) that it is embedded in. In order to do this the relevant (addCard, processCard or processAuth) HTML skeleton form will need to be downloaded (from here) and themed accordingly.

The HTML skeleton form can be customized to handle frontend validation and styling. After the HTML skeleton form has been customized appropriately, all assets (css, images and javascript) should be compressed and emailed to our technical team infoservices@merchantwarrior.com) for review.

If the customized Transparent iFrame is approved by our technical team it will be made accessible on the Merchant Warrior platform and will be available by submitting the ‘style’ and ‘custom’ parameters in the appropriate transaction request (addCard, processCard or processAuth).

getAccessToken

The getAccessToken method generates a one time access token to be used with transactions

Required Parameters

Parameter Description
method

This field is case sensitive.
Example: getAccessToken

merchantUUID

The value of this parameter is provided to you by Merchant Warrior.
Example: 123456789abcd

apiKey

The value of this parameter is provided to you by Merchant Warrior.
Example: 1a3b5c

hash

The verification hash is a combination of the MD5 of your API Passphrase, and specific parameters sent in the transaction. See Transaction Type Hash for information on how to construct the hash correctly. This parameter is not required if you are generating an Access Token for use with the Transparent Redirect addCard method.
Example: e9ddc296b76b3398934bfc06239073df
Valid Length: 32 characters

urlHash

The urlHash field is a combination of the MD5 of your API Passphrase, and specific parameters sent in the transaction. See Web URL Hash for information on how to construct the hash correctly.
Example: Queensland
Valid Length: Up to 32 characters

Copy
curl -X POST \
  -d method="getAccessToken" \
  -d merchantUUID="5265f8eed6a19" \
  -d apiKey="ksmnwxab" \
  -d hash="f518187f47bc52fe5a76a18593df72c9" \
  -d urlHash="49713da3df889c861c5643107af9dcde" https://api.merchantwarrior.com/iframe/
curl -X POST -d method="getAccessToken" -d merchantUUID="5265f8eed6a19" -d apiKey="ksmnwxab" -d hash="f518187f47bc52fe5a76a18593df72c9" -d urlHash="49713da3df889c861c5643107af9dcde" https://api.merchantwarrior.com/iframe/
require 'net/http'
require 'uri'

uri = URI.parse("https://api.merchantwarrior.com/iframe/")
request = Net::HTTP::Post.new(uri)
request.set_form_data(
  'method' => 'getAccessToken',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'hash' => 'f518187f47bc52fe5a76a18593df72c9',
  'urlHash' => '49713da3df889c861c5643107af9dcde'
)

response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == "https") do |http|
  http.request(request)
end

puts response.body
require 'net/http' require 'uri' uri = URI.parse("https://api.merchantwarrior.com/iframe/") request = Net::HTTP::Post.new(uri) request.set_form_data( 'method' => 'getAccessToken', 'merchantUUID' => '5265f8eed6a19', 'apiKey' => 'ksmnwxab', 'hash' => 'f518187f47bc52fe5a76a18593df72c9', 'urlHash' => '49713da3df889c861c5643107af9dcde' ) response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == "https") do |http| http.request(request) end puts response.body
import requests

data = {
  'method': 'getAccessToken',
  'merchantUUID': '5265f8eed6a19',
  'apiKey': 'ksmnwxab',
  'hash': 'f518187f47bc52fe5a76a18593df72c9',
  'urlHash': '49713da3df889c861c5643107af9dcde'
}

r = requests.post('https://api.merchantwarrior.com/iframe/', data = data)

print(r.text)

import requests data = { 'method': 'getAccessToken', 'merchantUUID': '5265f8eed6a19', 'apiKey': 'ksmnwxab', 'hash': 'f518187f47bc52fe5a76a18593df72c9', 'urlHash': '49713da3df889c861c5643107af9dcde' } r = requests.post('https://api.merchantwarrior.com/iframe/', data = data) print(r.text)
<?php
// Setup the POST url
define('MW_API_ENDPOINT', 'https://api.merchantwarrior.com/iframe/');

// Setup POST data
$postData = array (
  'method' => 'getAccessToken',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'hash' => 'f518187f47bc52fe5a76a18593df72c9',
  'urlHash' => '49713da3df889c861c5643107af9dcde'
);

// Setup CURL defaults
$curl = curl_init();

// Setup CURL params for this request
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_URL, MW_API_ENDPOINT);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($postData, '', '&'));

// Run CURL
$response = curl_exec($curl);
$error = curl_error($curl);

// Check for CURL errors
if (isset($error) && strlen($error)) {
	throw new Exception("CURL Error: {$error}");
}

// Parse the XML
$xml = simplexml_load_string($response);

// Convert the result from a SimpleXMLObject into an array
$xml = (array)$xml;

// Validate the response - the only successful code is 0
$status = ((int)$xml['responseCode'] === 0) ? true : false;

// Make the response a little more useable
$result = array (
	'status' => $status, 
	'transactionID' => (isset($xml['transactionID']) ? $xml['transactionID'] : null),
	'responseData' => $xml
);

exit(var_dump($result));
?>

'getAccessToken', 'merchantUUID' => '5265f8eed6a19', 'apiKey' => 'ksmnwxab', 'hash' => 'f518187f47bc52fe5a76a18593df72c9', 'urlHash' => '49713da3df889c861c5643107af9dcde' ); // Setup CURL defaults $curl = curl_init(); // Setup CURL params for this request curl_setopt($curl, CURLOPT_HEADER, false); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_URL, MW_API_ENDPOINT); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($postData, '', '&')); // Run CURL $response = curl_exec($curl); $error = curl_error($curl); // Check for CURL errors if (isset($error) && strlen($error)) { throw new Exception("CURL Error: {$error}"); } // Parse the XML $xml = simplexml_load_string($response); // Convert the result from a SimpleXMLObject into an array $xml = (array)$xml; // Validate the response - the only successful code is 0 $status = ((int)$xml['responseCode'] === 0) ? true : false; // Make the response a little more useable $result = array ( 'status' => $status, 'transactionID' => (isset($xml['transactionID']) ? $xml['transactionID'] : null), 'responseData' => $xml ); exit(var_dump($result)); ?>
using System;
using System.Collections.Generic;
using System.Linq;

public class Program {
    public static void Main(string[] args) {
        using(var client = new System.Net.WebClient()) {
            byte[] response = client.UploadValues("https://api.merchantwarrior.com/iframe/", 
                    new System.Collections.Specialized.NameValueCollection() {
                        { "method", "getAccessToken" },
                        { "merchantUUID", "578dd399d2373" },
                        { "apiKey", "dyqxkzse" },
                        { "hash", "f518187f47bc52fe5a76a18593df72c9" },
                        { "urlHash", "49713da3df889c861c5643107af9dcde" },
                    });
            String result = System.Text.Encoding.Default.GetString(response);
            Console.WriteLine(result);
		    }
    }
}

using System; using System.Collections.Generic; using System.Linq; public class Program { public static void Main(string[] args) { using(var client = new System.Net.WebClient()) { byte[] response = client.UploadValues("https://api.merchantwarrior.com/iframe/", new System.Collections.Specialized.NameValueCollection() { { "method", "getAccessToken" }, { "merchantUUID", "578dd399d2373" }, { "apiKey", "dyqxkzse" }, { "hash", "f518187f47bc52fe5a76a18593df72c9" }, { "urlHash", "49713da3df889c861c5643107af9dcde" }, }); String result = System.Text.Encoding.Default.GetString(response); Console.WriteLine(result); } } }
Imports System
Imports System.Collections.Generic
Imports System.Linq

Public Module Program
    Public Sub Main(args As String())
        Using client = New System.Net.WebClient()
            Dim response As Byte() = client.UploadValues(
            "https://api.merchantwarrior.com/iframe/", 
            New System.Collections.Specialized.NameValueCollection() From { _
                {"method", "getAccessToken"}, _
                {"merchantUUID", "578dd399d2373"}, _
                {"apiKey", "dyqxkzse"}, _
                {"hash", "f518187f47bc52fe5a76a18593df72c9"}, _
                {"urlHash", "49713da3df889c861c5643107af9dcde"} _
            })
            Dim result As [String] = System.Text.Encoding.[Default].GetString(response)
            Console.WriteLine(result)
        End Using
    End Sub
End Module

Imports System Imports System.Collections.Generic Imports System.Linq Public Module Program Public Sub Main(args As String()) Using client = New System.Net.WebClient() Dim response As Byte() = client.UploadValues( "https://api.merchantwarrior.com/iframe/", New System.Collections.Specialized.NameValueCollection() From { _ {"method", "getAccessToken"}, _ {"merchantUUID", "578dd399d2373"}, _ {"apiKey", "dyqxkzse"}, _ {"hash", "f518187f47bc52fe5a76a18593df72c9"}, _ {"urlHash", "49713da3df889c861c5643107af9dcde"} _ }) Dim result As [String] = System.Text.Encoding.[Default].GetString(response) Console.WriteLine(result) End Using End Sub End Module
import java.io.*;
import java.net.*;
import java.util.*;

public class Program{

    public static void main(String[] args) {
        try{
            URL url = new URL("https://api.merchantwarrior.com/iframe/");
            Map<String, String> params = new LinkedHashMap<>();
            params.put("method", "getAccessToken");
            params.put("merchantUUID", "5265f8eed6a19");
            params.put("apiKey", "ksmnwxab");         
            params.put("hash", "b55552ff426d7e3d4885465d27ea0062");
			params.put("urlHash", "49713da3df889c861c5643107af9dcde");
            
            StringBuilder postData = new StringBuilder();
            for (Map.Entry<String, String> param : params.entrySet()) {
              if (postData.length() != 0) 
                postData.append('&');
                postData.append(param.getKey());
                postData.append('=');
                postData.append(param.getValue());
            }
            HttpURLConnection conn = (HttpURLConnection)url.openConnection();
            conn.setRequestMethod("POST");
            conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
            conn.setDoOutput(true);
            
            OutputStreamWriter writer = new OutputStreamWriter(conn.getOutputStream());
            writer.write(postData.toString());
            writer.flush();
            
            BufferedReader reader = new BufferedReader(
            	new InputStreamReader(conn.getInputStream()));
            String line;
            StringBuilder sb = new StringBuilder();
            while((line = reader.readLine()) != null){
            	sb.append(line);
            }
            System.out.println(sb.toString());
            writer.close();
            reader.close();
        }
        catch(Exception ex){
            ex.printStackTrace();
        }
    }
    
}

import java.io.*; import java.net.*; import java.util.*; public class Program{ public static void main(String[] args) { try{ URL url = new URL("https://api.merchantwarrior.com/iframe/"); Map params = new LinkedHashMap<>(); params.put("method", "getAccessToken"); params.put("merchantUUID", "5265f8eed6a19"); params.put("apiKey", "ksmnwxab"); params.put("hash", "b55552ff426d7e3d4885465d27ea0062"); params.put("urlHash", "49713da3df889c861c5643107af9dcde"); StringBuilder postData = new StringBuilder(); for (Map.Entry param : params.entrySet()) { if (postData.length() != 0) postData.append('&'); postData.append(param.getKey()); postData.append('='); postData.append(param.getValue()); } HttpURLConnection conn = (HttpURLConnection)url.openConnection(); conn.setRequestMethod("POST"); conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded"); conn.setDoOutput(true); OutputStreamWriter writer = new OutputStreamWriter(conn.getOutputStream()); writer.write(postData.toString()); writer.flush(); BufferedReader reader = new BufferedReader( new InputStreamReader(conn.getInputStream())); String line; StringBuilder sb = new StringBuilder(); while((line = reader.readLine()) != null){ sb.append(line); } System.out.println(sb.toString()); writer.close(); reader.close(); } catch(Exception ex){ ex.printStackTrace(); } } }
Copy
<?xml version="1.0"?>
<mwResponse>
  <responseCode>0</responseCode>
  <responseMessage>Operation successful</responseMessage>
  <token>907de50c2a</token>
</mwResponse>
0 Operation successful 907de50c2a
{
    "responseCode": "0",
    "responseMessage": "Operation successful",
    "token": "907de50c2a"
}
{ "responseCode": "0", "responseMessage": "Operation successful", "token": "907de50c2a" }
processCard

The processCard method is the method used to perform a purchase request

Required Parameters

Parameter Description
method

This field is case sensitive.
Example: processCard

merchantUUID

The value of this parameter is provided to you by Merchant Warrior.
Example: 123456789abcd

apiKey

The value of this parameter is provided to you by Merchant Warrior.
Example: 1a3b5c

accessToken

The value returned by the getAccessToken method.
Example: 578de10d9a

transactionAmount

The amount must be formatted to have two decimal places. Any amounts without two decimal places or amounts less than one cent will be rejected.
Example: 10.00

transactionCurrency

One of the following: AUD, CAD, EUR, GBP, JPY, NZD, SGD, USD. This is provider dependant. Please check with MW before attempting to process transactions in any currency other than AUD. This field is case insensitive.
Example: AUD

transactionProduct

A product (or sale) id or description. We recommend using an order/product id. This field’s primary purpose is to help the transaction be identifiable for reporting and accounting purposes.
Example: ABC4321
Valid length: Up to 255 characters. Some Acquirers limit this field to 40 characters.

returnURL

The customer will be redirected to this URL upon completion of the transaction.
Example: https://www.example.com/return.php

notifyURL

The asynchronous POST notifications will be sent to this URL. It is important that this URL does not contain any white space characters.
Example: https://www.example.com/notify.php

urlHash

The urlHash field is a combination of your API Passphrase, and specific parameters sent in the transaction. See Web URL Hash for information on how to construct the hash correctly.
Example: Queensland
Valid Length: Up to 32 characters

hashSalt

Used to salt the return hash used in the 302 Redirect to redirectURL upon the completion of a transaction.
Example: 3x4mpl3s4lt!

customerName

This field can only contain alphanumeric characters, as well as the full stop, comma, apostrophe, ampersand, space and hyphen characters.
Example: Mr. Example Person
Valid length: Between 2 and 255 characters

customerCountry

Two letter ISO 3166-1 alpha-2 country code.
Example: AU
Valid length: 2 characters

customerState

Freeform field, keep consistent for your records and reporting.
Example: Queensland
Valid length: Up to 75 characters

customerCity

Freeform field, keep consistent for your records and reporting.
Example: Brisbane
Valid length: Up to 75 characters

customerAddress

Freeform field.
Example: 123 Test Street
Valid length: Up to 255 characters

customerPostCode

This can also accomodate ZIP/Post codes for international transactions.
Example: 4000
Valid length: Between 4 and 10 characters

hash

The verification hash is a combination of the MD5 of your API Passphrase, and specific parameters sent in the transaction. See Transaction Type Hash for information on how to construct the hash correctly.
Example: e9ddc296b76b3398934bfc06239073df
Valid length: 32 characters

Optional Parameters

Parameter Description
transactionReferenceID

This is a merchant’s unique reference ID for a transaction sent to Merchant Warrior. The main purpose of this ID is to verify the transaction via the queryCard method in the event a valid response is not received.
Example: A257240023321
Valid length: Up to 40 characters

returnTarget

One of the following: _self, _top, _parent. This defines the target of the returnURL. Defaults to _top if not set. If it is set to _none, no redirect will occur (although this is not advised)
Example: _top

postmessageURL

The domain of the parent for the purpose of sending a postMessage from the iFrame to the parent after completing the transaction. To respond or interpret this message you will need to add a listener to the parent.
Example: https://www.example.com/

customerPhone

Anything other than +,-, space and 0-9 will be stripped.
Example: 0401234567 or 61731234567
Valid length: Up to 25 characters

customerEmail

Sending this optional parameter is highly recommended.
Example: [email protected]
Valid length: Up to 255 characters

customerIP

Any valid IPv4 or IPv6 address is accepted. Sending this optional parameter is highly recommended.
Example: 123.456.789.012 or 2001:0db8:85a3:0000:0000:8a2e:0370:7334
Valid length: Up to 39 characters

addCard

This value is a boolean to denote whether the paymentCardNumber should automatically be added to the Merchant Warrior Vault after processing the transaction.
Example: 1
Valid Length: 1 digit

cardTypes

This field is a comma delimited list of card types that will be accepted. If not set all card types will be accepted (visa,mastercard,amex,diners,discover,jcb).
Example: Visa, Mastercard

custom1

Freeform field. Returned as <custom1> in the XML response.
Valid length: Up to 500 characters

custom2

Freeform field. Returned as <custom2> in the XML response.
Valid length: Up to 500 characters

custom3

Freeform field. Returned as <custom3> in the XML response.
Valid length: Up to 500 characters

style

Possible values are default or custom. If not set the default styling is used.
Example: custom

iframeID

This field is only applicable for customers with multiple custom iFrames. This field will not function correctly without the style parameter being set to custom.
Example: 1

processAuth

The processAuth method is used to perform a pre-authorization request

Required Parameters

Parameter Description
method

This field is case sensitive.
Example: processAuth

merchantUUID

The value of this parameter is provided to you by Merchant Warrior.
Example: 123456789abcd

apiKey

The value of this parameter is provided to you by Merchant Warrior.
Example: 1a3b5c

accessToken

The value returned by the getAccessToken method.
Example: 578de10d9a

transactionAmount

The amount must be formatted to have two decimal places. Any amounts without two decimal places or amounts less than one cent will be rejected.
Example: 10.00

transactionCurrency

One of the following: AUD, CAD, EUR, GBP, JPY, NZD, SGD, USD. This is provider dependant. Please check with MW before attempting to process transactions in any currency other than AUD. This field is case insensitive.
Example: AUD

transactionProduct

A product (or sale) id or description. We recommend using an order/product id. This field’s primary purpose is to help the transaction be identifiable for reporting and accounting purposes.
Example: ABC4321
Valid length: Up to 255 characters. Some Acquirers limit this field to 40 characters.

returnURL

The customer will be redirected to this URL upon completion of the transaction.
Example: https://www.example.com/return.php

notifyURL

The asynchronous POST notifications will be sent to this URL. It is important that this URL does not contain any white space characters.
Example: https://www.example.com/notify.php

urlHash

The urlHash field is a combination of your API Passphrase, and specific parameters sent in the transaction. See Web URL Hash for information on how to construct the hash correctly.
Example: Queensland
Valid Length: Up to 32 characters

hashSalt

Used to salt the return hash used in the 302 Redirect to redirectURL upon the completion of a transaction.
Example: 3x4mpl3s4lt!

customerName

This field can only contain alphanumeric characters, as well as the full stop, comma, apostrophe, ampersand, space and hyphen characters.
Example: Mr. Example Person
Valid length: Between 2 and 255 characters

customerCountry

Two letter ISO 3166-1 alpha-2 country code.
Example: AU
Valid length: 2 characters

customerState

Freeform field, keep consistent for your records and reporting.
Example: Queensland
Valid length: Up to 75 characters

customerCity

Freeform field, keep consistent for your records and reporting.
Example: Brisbane
Valid length: Up to 75 characters

customerAddress

Freeform field.
Example: 123 Test Street
Valid length: Up to 255 characters

customerPostCode

This can also accomodate ZIP/Post codes for international transactions.
Example: 4000
Valid length: Between 4 and 10 characters

hash

The verification hash is a combination of the MD5 of your API Passphrase, and specific parameters sent in the transaction. See Transaction Type Hash for information on how to construct the hash correctly.
Example: e9ddc296b76b3398934bfc06239073df
Valid length: 32 characters

Optional Parameters

Parameter Description
transactionReferenceID

This is a merchant’s unique reference ID for a transaction sent to Merchant Warrior. The main purpose of this ID is to verify the transaction via the queryCard method in the event a valid response is not received.
Example: A257240023321
Valid length: Up to 40 characters

returnTarget

One of the following: _self, _top, _parent. This defines the target of the returnURL. Defaults to _top if not set. If it is set to _none, no redirect will occur (although this is not advised)
Example: _top

postmessageURL

The domain of the parent for the purpose of sending a postMessage from the iFrame to the parent after completing the transaction. To respond or interpret this message you will need to add a listener to the parent.
Example: https://www.example.com/

customerPhone

Anything other than +,-, space and 0-9 will be stripped.
Example: 0401234567 or 61731234567
Valid length: Up to 25 characters

customerEmail

Sending this optional parameter is highly recommended.
Example: [email protected]
Valid length: Up to 255 characters

customerIP

Any valid IPv4 or IPv6 address is accepted. Sending this optional parameter is highly recommended.
Example: 123.456.789.012 or 2001:0db8:85a3:0000:0000:8a2e:0370:7334
Valid length: Up to 39 characters

addCard

This value is a boolean to denote whether the paymentCardNumber should automatically be added to the Merchant Warrior Vault after processing the transaction.
Example: 1
Valid Length: 1 digit

cardTypes

This field is a comma delimited list of card types that will be accepted. If not set all card types will be accepted (visa,mastercard,amex,diners,discover,jcb).
Example: Visa, Mastercard

custom1

Freeform field. Returned as <custom1> in the XML response.
Valid length: Up to 500 characters

custom2

Freeform field. Returned as <custom2> in the XML response.
Valid length: Up to 500 characters

custom3

Freeform field. Returned as <custom3> in the XML response.
Valid length: Up to 500 characters

style

Possible values are default or custom. If not set the default styling is used.
Example: custom

iframeID

This field is only applicable for customers with multiple custom iFrames. This field will not function correctly without the style parameter being set to custom.
Example: 1

addCard


The addCard method is used to add a new card to the MW Vault.

Required Parameters

Parameter Description
merchantUUID

The value of this parameter is provided to you by Merchant Warrior.
Example: 123456789abcd

apiKey
accessToken

The value returned by the getAccessToken method.
Example: 578de10d9a

cardTypes

This field is a comma delimited list of card types that will be accepted. If not set all card types will be accepted (visa,mastercard,amex,diners,discover,jcb).
Example: visa, mastercard

returnURL

The customer will be redirected to this URL upon completion of the transaction.
Example: https://www.example.com/return.php

notifyURL

Asynchronous POST notifications will be sent to this URL.
Example: https://www.example.com/notify.php

urlHash

The urlHash field is a combination of your API Passphrase, and specific parameters sent in the transaction. See Web URL Hash for information on how to construct the hash correctly.
Example: Queensland
Valid Length: Up to 32 characters

hashSalt

Used to salt the return hash used in the 302 Redirect to redirectURL upon the completion of a transaction.
Example: 3x4mpl3s4lt!

Optional Parameters

Parameter Description
returnTarget

One of the following: _self, _top, _parent. This defines the target of the returnURL. Defaults to _top if not set. If it is set to _none, no redirect will occur (although this isn’t advised)
Example: _top

postmessageURL

The domain of the parent for the purpose of sending a postMessage from the iFrame to the parent after completing the transaction. To respond or interpret this message you will need to add a listener to the parent.
Example: https://www.example.com/

custom1

Freeform field. Returned as <custom1> in the XML response.
Valid length: Up to 500 characters

custom2

Freeform field. Returned as <custom2> in the XML response.
Valid length: Up to 500 characters

custom3

Freeform field. Returned as <custom3> in the XML response.
Valid length: Up to 500 characters

style

Possible values are default or custom. If not set the default styling is used.
Example: custom

iframeID

This field is only applicable for customers with multiple custom iFrames. This field will not function correctly without the style parameter being set to custom.
Example: 1