# Table of Contents - [3D Secure 2.0 | Cardknox](#3d-secure-2-0-cardknox) - [Account Boarding Swagger UI | Cardknox](#account-boarding-swagger-ui-cardknox) - [Client-Side Integration | Cardknox](#client-side-integration-cardknox) - [Transaction API | Cardknox](#transaction-api-cardknox) - [Fraud | Cardknox](#fraud-cardknox) - [Account Boarding Merchant Agreement | Cardknox](#account-boarding-merchant-agreement-cardknox) - [iOS SDK - Technical Guide | Cardknox](#ios-sdk-technical-guide-cardknox) - [Account Updater | Cardknox](#account-updater-cardknox) - [.NET SDK | Cardknox](#-net-sdk-cardknox) - [Introduction | Cardknox](#introduction-cardknox) - [Account Boarding API | Cardknox](#account-boarding-api-cardknox) --- # 3D Secure 2.0 | Cardknox Last updated 10 months ago ### [](#overview) **Overview** 3-D (Three-Domain) Secure is an e-commerce security protocol that adds a layer of protection to the checkout process by authenticating the cardholder's identity in real-time — resulting in a reduced rate of fraud and fraud-related chargebacks. Authenticated transactions are very unlikely to be fraudulent, and they cannot be disputed by the cardholder as fraudulent. While the original 3DS technology effectively reduced rates of fraud, it also introduced friction to the checkout experience because customers were often redirected to their issuing bank’s website to verify their identity. Additionally, the original 3DS is not compatible with mobile payments since it was developed before mobile payment usage became mainstream. To address the drawbacks of 3DS, EMVco developed 3-D Secure 2.0 in 2016. The updated technology improves upon the original 3DS in several key ways: * **Utilizes a Greater Number of Data Points to Authenticate Transactions** 3DS2 relies upon a much greater number of transaction-specific data points than the original 3DS, which improves the reliability of authentication and limits customer involvement. * **Embedded, Frictionless Authentication** In the event that the customer does have to verify their identity, they will no longer be redirected to a third-party page — instead, they can verify their identity with a passcode or biometric scan right from the checkout page. * **Compatible With Mobile Commerce** The new 3-D Secure offers support for iOS and Android SDKs so that merchants can provide a seamless and secure mobile checkout experience. ### [](#contents) Contents * [Overview](#overview) * [Contents](#contents) [Client Side Integration](/cardknox-products/3d-secure/client-side-integration/public-client-side-integration) [Server Side Integration](/cardknox-products/3d-secure/public-server-side-integration) --- # Account Boarding Swagger UI | Cardknox Last updated 1 year ago For general information about using Swagger UI, refer to . #### [](#swagger-url) Swagger URL #### [](#using-swagger-ui) Using Swagger UI * Only sandbox keys may be used when submitting accounts * The Signature.Token field is not required [this documentation](https://swagger.io/docs/specification/2-0/what-is-swagger/) [Swagger UI](https://psapi.cardknox.com/boarding/v1/swagger)  --- # Client-Side Integration | Cardknox [](#recommended-ifields) Recommended - iFields --------------------------------------------------- For the iFields client-side 3DS 2.0 integration, refer to [iFields | Cardknox](https://docs.cardknox.com/cardknox-products/ifields#ifields-with-3d-secure-authentication) [](#non-ifields-implementation) Non-iFields Implementation --------------------------------------------------------------- For the Non-iFields client-side 3DS 2.0 integration, refer to the child page [here](/cardknox-products/3d-secure/client-side-integration/public-client-side-integration) . Last updated 3 months ago 🧰 * [Recommended - iFields](#recommended-ifields) * [Non-iFields Implementation](#non-ifields-implementation) --- # Transaction API | Cardknox Last updated 6 days ago [](#overview) Overview --------------------------- The Cardknox API enables developers to process payments using the Cardknox gateway. Systems integrating with the Cardknox API can submit API calls using various commands. The API supports many payment methods, including credit cards, ACH, EBT, and gift cards. To begin building your API integration, for a Cardknox sandbox — our secure testing environment that mimics the production environment. After signing up, you’ll be able to create user credentials for the Cardknox Merchant Portal. Once you log in to the Portal, you’ll be able to generate an API key from the Settings menu. or follow the instructions below to obtain a key. ### [](#how-to-generate-cardknox-keys) How to Generate Cardknox Keys 1. Sign in to the Cardknox Merchant Portal. 2. Select "Account Settings" from the navigation bar. 3. Select "Keys" from the sub-menu. 4. Click "Create a Key" in the top-right corner. 5. Choose the desired key type (API or iFields), description (software, etc.), and permissions. 6. Click "Create and View" and copy your key. It is critical to copy your key and save it in a secure location, as you won’t be able to obtain the key again. ### [](#ifields-and-transaction-api) iFields and Transaction API We recommend using iFields in conjunction with the Transaction API for added security. Cardknox iFields is an iFrames solution that keeps sensitive card data away from merchant servers while granting you complete control over form layout and design. to learn more about iFields. The Cardknox iFields solution utilizes iFrames in which the user enters their credit card and/or ACH information and then uses JavaScript to generate SUTs (single-use tokens) for processing. These features allow the website to remain secure and out-of-scope for PCI compliance while allowing the developer to customize the page layout and design fully. ### [](#cross-origin-resource-sharing-cors-restrictions) Cross-Origin Resource Sharing (CORS) Restrictions This API has Cross-Origin Resource Sharing (CORS) restrictions in place to enhance security. Requests made directly from a web browser client (e.g., JavaScript running in the browser) will be blocked. **Allowed Origins** This API only accepts requests from server-side origins. Ensure that your requests originate from a server to successfully interact with the API. ### [](#endpoints) Endpoints The endpoint section defines the details for accessing and interacting with the Cardknox transaction API. #### [](#health-check) Health Check **Method:** Always use `GET` for health checks. **Protocol**: Secure communication is enforced using `https://` **Environment**: Specifies the targeted environment for the check, such as `x1`, `x2`, or `b1` **Domain**: The base URL is always `cardknox.com` **Paths:** The endpoint path for health checks is `/status` #### [](#transactions) Transactions **Method:** Always use `POST` for transaction requests. **Protocol**: Secure communication is enforced using `https://` **Environment**: The primary environment is `x1`, with `x2` and `b1` available as backups. **Domain**: The base URL is always `cardknox.com` **Paths/Formats**: Various paths are supported based on data format requirements: * `/gatewayform` for form data * `/gatewayjson` for JSON data * `/gatewayxml` for XML data [](#request-method) Transaction Types ------------------------------------------ The endpoints can be found in the following child pages by navigating to the appropriate page: **Transactions** [](#credit-card) Questions ------------------------------- Transaction Type Transaction (Link) xCommand Can't find what you're looking for? Please contact . **Method** **Protocol** **Environment** **Domain** **Path** **Example URL** GET https x1 x2 b1 cardknox.com status https://x1.cardknox.com/status **Method** **Protocol** **Environment** **Domain** **Path** **Example URL** POST https x1 x2 b1 cardknox.com gatewayform gatewayjson gatewayxml https://x1.cardknox.com/gatewayjson [Credit Card](/api/transaction/credit-card) [Sale](/api/transaction/credit-card#sale) cc:sale [AuthOnly](/api/transaction/credit-card#authonly) cc:authonly [Capture](/api/transaction/credit-card#capture) cc:capture [Adjust](/api/transaction/credit-card#adjust) cc:adjust [Save](/api/transaction/credit-card#save) cc:save [AVS Only](/api/transaction/credit-card#avsonly) cc:avsonly [PostAuth](/api/transaction/credit-card#postauth) cc:postauth [Credit](/api/transaction/credit-card#credit) cc:credit [Refund](/api/transaction/credit-card#refund) cc:refund [VoidRefund](/api/transaction/credit-card#voidrefund) cc:voidrefund [VoidRelease](/api/transaction/credit-card#voidrelease) cc:voidrelease [Void](/api/transaction/credit-card#void) cc:void [Check (ACH)](/api/transaction/check-ach) [Sale](/api/transaction/check-ach#sale) check:sale [Credit](/api/transaction/check-ach#credit) check:credit [Save](/api/transaction/check-ach#save) check:save [Void](/api/transaction/check-ach#void) check:void [Refund](/api/transaction/check-ach#refund) check:refund [Check (ACH-Q)](/api/transaction/check-ach#achq) [VoidRefund](/api/transaction/check-ach#voidrefund) check:voidrefund [EBT Food Stamp](/api/transaction/ebt#ebt-food-stamp) [Sale](/api/transaction/ebt#sale) ebtfs:sale [Credit](/api/transaction/ebt#credit) ebtfs:credit [Balance](/api/transaction/ebt#balance) ebtfs:balance [Voucher](/api/transaction/ebt#voucher) ebtfs:voucher [EBT Cash Benefits](/api/transaction/ebt#ebt-cash-benefits) [Sale](/api/transaction/ebt#sale-1) ebtcb:sale [Cash](/api/transaction/ebt#cash) ebtcb:cash [Balance](/api/transaction/ebt#balance-1) ebtcb:balance [EBT Wic (eWic)](/api/transaction/ebt#ebt-wic-ewic) [Sale](/api/transaction/ebt#sale-2) ebtw:sale [Balance](/api/transaction/ebt#balance-2) ebtw:balance [Void](/api/transaction/ebt#void) ebtw:void [Gift Card](/api/transaction/gift-card#issue) [Issue](/api/transaction/gift-card#issue) gift:issue [Redeem](/api/transaction/gift-card#redeem) gift:redeem [Balance](/api/transaction/gift-card#balance) gift:balance [Activate](/api/transaction/gift-card#activate) gift:activate [Deactivate](/api/transaction/gift-card#deactivate) gift:deactivate [Fraud](/api/transaction/fraud) [Fraud Submit](/api/transaction/fraud#fraud-submit) fraud:submit [create an account](https://www.cardknox.com/sandbox/) [Watch our Key Management video](https://www.youtube.com/watch?v=2t0p7LYgtkA&list=PLJOVea6Z4X_AQIcDmeAXOcQGZalOWkLxi&index=12) [Click here](https://docs.cardknox.com/cardknox-products/ifields) [support@cardknox.com](mailto:support@cardknox.com) * [Overview](#overview) * [How to Generate Cardknox Keys](#how-to-generate-cardknox-keys) * [iFields and Transaction API](#ifields-and-transaction-api) * [Cross-Origin Resource Sharing (CORS) Restrictions](#cross-origin-resource-sharing-cors-restrictions) * [Endpoints](#endpoints) * [Transaction Types](#request-method) * [Questions](#credit-card) [Credit Card](/api/transaction/credit-card) [Check (ACH)](/api/transaction/check-ach) [EBT](/api/transaction/ebt) [Gift Card](/api/transaction/gift-card) [Fraud](/api/transaction/fraud) --- # Fraud | Cardknox Last updated 6 days ago [](#overview) Overview --------------------------- This page contains all API documentation for Gift Card transactions. For more information regarding account access, navigate to the parent page. [](#transactions) Transactions ----------------------------------- ### [](#fraud-submit) Fraud Submit `POST` `fraud:submit` `xCommand` = `fraud:submit` The Submit command is used in conjunction with a valid FraudWatch account to submit e-commerce transactions for a fraud verification check. #### [](#request-body) Request Body Name Type Description * [Overview](#overview) * [Transactions](#transactions) * [Fraud Submit](#fraud-submit) xCardNum\* String Masked Card number with BIN and last 4 digits exposed xKey\* String Your Cardknox API key. xVersion\* String Gateway API version. The current version is 5.0.0. xSoftwareName\* String Name of your software xSoftwareVersion\* String Version number of your software xCommand\* String Cardknox transaction type xAmount\* String The total amount of the transaction, inclusive of tax and tip if applicable. This the total amount of the transaction xCustom01 String 20 custom fields are available for custom data such as customer comments, etc. Use xCustom01 through xCustom20 xInvoice\* String The merchant’s invoice number for the transaction. xInvoice is recommended when available for improved duplicate handling xIP\* String The customer’s IP address. Typically used for fraud detection xEmail\* String The customer’s email address xBillFirstName\* String The customer’s first name for their billing profile xBillLastName\* String The customer’s last name for their billing profile xBillStreet\* String The customer’s street address for their billing profile xBillCity\* String The customer’s city for their billing profile xBillState\* String The customer’s state for their billing profile xBillZip\* String The customer’s zip code for their billing profile xBillPhone\* String The customer’s phone number for their billing profile xShipFirstName\* String The customer’s first name for their shipping profile xShipLastName\* String The customer’s last/family name for their shipping profile xShipStreet\* String The customer’s street address for their shipping profile xShipCity\* String The customer’s city for their shipping profile xShipState\* String The customer’s state for their shipping profile xShipZip\* String The customer’s zip code for their shipping profile xShipPhone\* String The customer’s phone number for their shipping profile xOrderID String Unique order number for FraudWatch verification xExistingCustomer String Yes/No value indicating if customer is a repeat customer xAllowDuplicate String By default, Cardknox rejects duplicate transactions within 10 minutes of the original transaction. This command overrides that safeguard. True/False allowed. xGatewayRefNum\* String Transaction RefNum received from gateway for FraudWatch verification xGatewayResult\* String Transaction status received from gateway for FraudWatch verification (Approved/Declined/Error) xGatewayCVV\* String CVV for FraudWatch verification xGatewayAVS\* String Street address for FraudWatch verification xOrderType\* String Specifies if the order origin is internet OR phone for FraudWatch verification xExistingCustomer\* String Yes/No value indicating if the customer is a repeat customer xShipEmail\* String The ShipTo email address xName String The cardholder’s name xTax String The tax portion that is included in the total transaction amount (xAmount) xTip String The tip portion that is included in the total transaction amount (xAmount) xPONum String The merchant’s purchase order number for the transaction xDescription String Additional data that is optionally passed along for reporting xShipMiddleName String The customer’s middle name for their shipping profile xBillMiddleName String The customer’s middle name for their billing profile xBillStreet2 String The customer’s second line street address for their billing profile xShipStreet2 String The customer’s second line street address for their shipping profile xShipCountry String The customer's country code for their shipping profile xBillCountry String The custom's country code for their billing profile xBillMobile String The customer’s mobile phone number for their billing profile xGatewayError String Transaction RefNum received from gateway for FraudWatch verification xComments String Additional data that is optionally passed along to the receipt xFax String The customer’s fax number. xOrderItems String Summary of products ordered xCustomerComments String Comments submitted by customer along with order xShipMethod String The shipping carrier/service used xShipAmount String The total cost of shipping charges xSupports64BitRefnum String True/False value indicating that the user’s system can handle a 64bit refnum getting returned on request to the transaction. [Transaction API](/api/transaction) Fraud Submit - Request Payload Example Copy { "xCardNum": "4444333322221111", "xKey": "[xkeycredentials]", "xVersion": "4.5.9", "xSoftwareName": "YourSoftwareName", "xSoftwareVersion": "1.0.0", "xCommand": "fraud:submit", "xToken": "61h72mmh68phn9q233634ph3g54p1499m69qhp4816pn528h84", "xCustom01": "Register01", "xExp": "12/25", "xCVV": "945", "xStreet": "123 Any Street Apt 4b Anytown, NY", "xZip": "12345", "xMagstripe": "%B4444333322221111^TEST CARD/VISA^4912101123456789?;4444333322221111=4912101123456789?", "xName": "John Doe", "xAuthCode": "T4321A", "xDUKPT": "%B4444333322221111^TEST CARD/VISA^4912101123456789?;444433", "xTax": "2.00", "xTip": "2.00", "xRefNum": "81234568", "xInvoice": "123456A", "xPONum": "123456B", "xComments": "This is a comment", "xDescription": "This is a description", "xIP": "1.2.3.4", "xEmail": "text@example.com", "xFax": "1234567890", "xBillFirstName": "John", "xBillMiddleName": "Max", "xBillLastName": "Doe", "xBillCompany": "Acme", "xBillStreet": "123 Any Street", "xBillStreet2": "Apt 4b", "xBillCity": "Anytown", "xBillState": "NY", "xBillZip": "12345", "xBillCountry": "USA", "xBillPhone": "8005551212", "xBillMobile": "8005551111", "xShipFirstName": "John", "xShipMiddleName": "Max", "xShipLastName": "Doe", "xShipCompany": "Acme", "xShipStreet": "123 Any Street", "xShipStreet2": "Apt 4b", "xShipCity": "Anytown", "xShipState": "NY", "xShipZip": "12345", "xShipCountry": "USA", "xShipPhone": "8005551212", "xShipMobile": "8005551111", "xMICR": "t021000021t 123456789o _2542", "xRouting": "021202337", "xGatewayRefNum": "852585258", "xGatewayResult": "Approved", "xGatewayError": "845455484", "xGatewayCVV": "M", "xGatewayAVS": "YYY", "xOrderType": "Internet", "xOrderID": "12356", "xExistingCustomer": "TRUE", "xOrderItems": "Sony Digital Camera", "xCustomerComments": "Please ship as soon as possible", "xShipMethod": "UPS Ground", "xShipAmount": "29.99", "xShipEmail": "text@example.com", "xAllowDuplicate": "TRUE" } --- # Account Boarding Merchant Agreement | Cardknox Last updated 10 months ago [](#overview) Overview --------------------------- * * * In order to be boarded every Merchant needs to agree to Go Plus Terms and Conditions. To help Developers integrate Agreement API into their website we are supporting Agreement API through Cardknox iFields. ### [](#integrate-agreement-api-using-ifields) **Integrate Agreement API using ifields** Obtain your _**iFields xKey**_ from your account settings. #### [](#adding-reference-to-ifields) Adding Reference to iFields * * * **Step 1:** Check the latest stable iFields version here: **Step 2:** Add the ifields.js file after the
tag on your website: `` #### [](#adding-iframe-and-javascript-objects-for-merchant-agreement) Adding iFrame and JavaScript Objects for Merchant Agreement * * * **Step 1:** Add the following iFrame JS snippet inside the __ where Merchant Agreement is desired. * Make sure you have an attribute `data-ifields-id="agreement"` as part of _