API Reference
/
Transaction API
/
Get transaction status

NoFraud Transaction API (1)

This documentation explains the endpoints available for building a Custom NoFraud integration into your eCommerce site. NoFraud supports a conventional API integration, outlined in here, as well as Apps and Plugins for platforms such as Shopify, BigCommerce, Magento, and Volusion.

All Custom API integrations require a NoFraud API Key. You can generate an API key within the NoFraud Portal under 'Integrations'. Refer to the Quickstart Guide for a step-by-step guide for generating your first API key.

A Custom API integration requires incorporating logic into your platform to make requests to NoFraud's API for order validation. These requests are typically inserted into your order processing flow using one of the following workflows:

  1. Pre-Gateway: Fraud check sent to NoFraud's API before any information is sent to your payment processor to charge the customer's credit card.
  2. Pre-Acceptance Fraud check sent to NoFraud's API immediately after your payment processor authorizes the payment, but before you have served a response, or "Thank You" page back to the customer.
  3. Post-Acceptance: Fraud check sent to NoFraud's API after you have accepted the order and served your customer a response, or "Thank You" page, but before you have fulfilled and shipped the order.

NoFraud's response will contain a fraud decision to be used, in conjunction with custom logic on your end, to either process or cancel the order.

Transactions sent to NoFraud's API both pre-, and post-acceptance must contain the credit card's last four digits as well as the AVS and CVV response codes provided by your gateway.

Refer to Workflows for more information about these options including implementation details.

Download OpenAPI description
transaction-api.json
transaction-api.yaml
Languages
Servers
Mock server
https://developers.nofraud.com/_mock/transaction-api/
Production
https://api.nofraud.com/
Test
https://apitest.nofraud.com/

Create a transaction

Request

Request made with transaction information to be screened by NoFraud. The nf-token property is the NoFraud API Key for the integration. You can find it on NoFraud Portal integrations page.

The body of the request must contain all required fields, as listed below. The addition of any and all optional fields will help improve the accuracy of NoFraud's decisions. We encourage new integrations to include as much data as possible, or available, given your platform and/or payment gateway.

See Test Credits Cards for cards you can use while testing.

The response contains the id field which is the id of the transaction on NoFraud and the decision field which can be:

  • pass: Transaction was approved on NoFraud screening.
  • fail: Transaction failed.
  • review: Transaction needs manual review.

For orders that receive a fail status the message field will contain your Custom Error Message, as set in your NoFraud Portal account. You can find this option under your Settings tab.

Pre-Gateway Requests

Pre-gateway requests must include full credit card information, including the card number, expiration date, and card code.

In this case, NoFraud will obtain the AVS and CVV response codes manually during our screening process.

With a pre-gateway integration, you can keep the user on-site in the checkout process, and if NoFraud responds with a fail status, the user can be given an error message requesting that they try again to submit the order.

If an order is unsuccessful in passing NoFraud's screening process, then it can be prevented from being sent to your payment gateway, saving you money in credit card processing fees.

If an order passes NoFraud's screening, and is then sent to your payment gateway, you will need to make a secondary API call to NoFraud to update our system with the gateway response.

Pre- and Post-Acceptance Requests

Both pre-, and post-acceptance requests must include the AVS and CVV response codes as provided by your payment gateway, as well as the last four digits of the credit card used.

With both pre-, and post-acceptance integration methods, orders that receive a fail decision from NoFraud should be canceled and the credit cards refunded.

Bodyapplication/json
nf-tokenstringrequired

NoFraud API key for authentication.

Example: "NF_prod_eda02a1aa67099c0f30b3ab937bce2a6"
amountstring<= 24 characters^\d*\.?\d*$required

Total amount paid for order (including shipping, taxes, and any additional fees). Must be a valid, non-negative number. Cannot exceed 24 characters.

Example: "30.23"
currency_codestring<= 3 characters
Example: "USD"
discountAmountstring^\d*\.?\d*$

Discount or coupon amount. Used to denote a discount or coupon code was used for the specified dollar amount.

Example: "30.23"
discountPricestring^\d*\.?\d*$

Discount or coupon amount. Used to denote a discount or coupon code was used for the specified dollar amount.

Example: "30.23"
discountPercentagestring^\d*\.?\d*$

Discount or coupon percentage. Used to denote a discount or coupon code was used for the specified percentage off.

Example: "25.00"
shippingAmountstring<= 24 characters^\d*\.?\d*$

Amount paid for shipping. Very helpful for optimal results. Must be a valid, non-negative number. Cannot exceed 24 characters.

Example: "30.23"
shippingMethodstring

Shipping method used for transaction. Can be used to describe the method used for shipping (i.e. "UPS Ground", "Fed-Ex Overnight", etc.).

Example: "FedEx 3-day"
fulfillmentDatestring<= 128 characters

Future date product or service will be fulfilled. 'MM/DD/YYYY' format. Cannot exceed 128 characters.

Example: "02/23/2030"
customerobject(Customer)required
customer.​idstring<= 64 characters

Merchant's ID for this customer. Cannot exceed 64 characters.

Example: "123"
customer.​emailstring(email)<= 128 charactersrequired

Customer's email address. Must be a valid email. Cannot exceed 128 characters.

Example: "pass@nofraud.com"
customer.​joined_onstring<= 128 characters

Date customer created account. 'MM/DD/YYYY' format. Cannot exceed 128 characters.

customer.​last_sign_instring<= 128 characters

Date of most-recent sign-in to customer's account. 'MM/DD/YYYY' format. Cannot exceed 128 characters.

customer.​last_purchase_datestring<= 128 characters

Date of most recent purchase made by customer. 'MM/DD/YYYY' format. Cannot exceed 128 characters.

customer.​total_previous_purchasesstring

Total number of previous purchases made by customer. Must be a valid, nonegative number.

Example: "12"
customer.​total_purchase_valuestring

Total value of all previous purchases made by customer. Must be a valid, nonengative number.

Example: "1230.21"
customer.​saved_cc_added_onstring<= 128 characters

Date customer saved credit card used for purchase. 'MM/DD/YYYY' format. Cannot exceed 128 characters.

merchantobject(Merchant)
orderobject(OrderInfo)
paymentobject(Payment)required
payment.​methodstring

Method used for payment. Can be used to denote the specific method used for payment (i.e. 'PayPal', 'Amazon Pay', 'Gift Card', etc.). System will assume a credit card was used if the payment.creditCard object is present.

Example: "creditCard"
payment.​creditCardobject(CreditCard)required
payment.​creditCard.​binstring
Example: "4111111"
payment.​creditCard.​last4string= 4 characters^\d+$

Required if following Pre- or Post-Acceptance workflow. Last 4 digits of credit card number used for purchase. Must be exactly four characters and contain only valid numerical digits.

payment.​creditCard.​cardTypestring

Credit card type (ex. Visa, Mastercard, etc.).

Example: "visa"
payment.​creditCard.​cardNumberstring

Required if AVS and CVV result codes are missing. Must be a full, valid credit card number. Test credit cards cannot be used if account is live and real credit cards cannot be used if your account is in test mode.

payment.​creditCard.​expirationDatestring

Required if AVS and CVV result codes are missing. Must be in one of the following formats: 'MMYY', 'MM-YY', 'MM-YYYY', 'MM/YYYY', 'MM/YY'. Must be a valid date that is not expired.

Example: "02/2050"
payment.​creditCard.​cardCodestring= 3 characters^[0-9]+$

Required if AVS and CVV result codes are missing. Must be either 3 or 4 characters and contain only valid, numerical digits.

billToobjectrequired

Required field but can be an empty object

billTo.​firstNamestring<= 128 charactersrequired

Billing first name. Cannot exceed 128 characters.

Example: "John"
billTo.​lastNamestring<= 128 charactersrequired

Billing last name. Cannot exceed 128 characters.

Example: "Doe"
billTo.​companystring<= 128 characters

Billing company name. Cannot exceed 128 characters.

Example: "NoFraud"
billTo.​addressstring<= 128 charactersrequired

Billing street address. Should include the building number, street name, and unit or apartment number (if present). Cannot exceed 128 characters.

Example: "2615 Ln. Autumn Abbot"
billTo.​citystring<= 128 charactersrequired

Billing city. Cannot exceed 128 characters.

Example: "San Antonio"
billTo.​statestring<= 128 charactersrequired

Billing state. Cannot exceed 128 characters.

Example: "TX"
billTo.​zipstring<= 128 charactersrequired

Billing zip or postal code. Cannot exceed 128 characters.

Example: "78257"
billTo.​countrystringrequired

Billing country. Must be a valid ISO 2-character Country Code.

Example: "US"
billTo.​phoneNumberstringrequired

Billing phone number. Should be a valid phone number.

Example: "78981031212"
shipToobject

Optional unless merchant object is present and productType is "Goods".

lineItemsArray of objects(LineItem)
Example: [{"sku":"123","manufacturer":"M1","name":"Test Product 1","category":"Test Products","price":50,"quantity":2},{"sku":"456","manufacturer":"M2","name":"Test Product 2","category":"Test 2 Products","price":"52.00","quantity":"1"}]
gatewayNamestring
Example: "Gateway Name"
gatewayStatusstring
customerIPstringrequired
Example: "123.456.7.8"
avsResultCodestring<= 3 characters

Required for pre-, and post-acceptance integrations if payment object is missing. Cannot exceed 3 characters.

Example: "U"
cvvResultCodestring<= 1 characters

Required for pre-, and post-acceptance integrations if payment object is missing. Must be a valid, single uppercase alphanumeric character.

Example: "M"
cavvResultCodestring<= 1 characters

Uppercase letters or numbers

Enum"""A""B""C""D""I""U""0""1""2"
Example: "A"
3d_secureobject
card_attemptsstring

Integer value representing attempts with same card

Example: "0"
referial_codestring<= 64 characters^[0-9A-Fa-f]+$
appstring
Example: "my_app"
versionstring
appNamestring
appVersionstring
userFieldsobject

User field information object. Can include any and all additional information that would be helpful for manual review.

performanceobject
digitalGoodsAmountstring
digitalGoodsPercentagestring
gatewayTypestring
Enum"post-gateway""pre-gateway"
isBopisstring

Indicates if it's a "buy online, pickup in store" type of order

enrichboolean

Flag added to call to request an expanded response payload with additional information such as insights, sub-status, and other relevant details. Enabling this option provides a more detailed and comprehensive response.

subscriptionDetailsobject(SubscriptionDetails)
curl -i -X POST \
  https://developers.nofraud.com/_mock/transaction-api/transaction \
  -H 'Content-Type: application/json' \
  -d '{
    "nf-token": "NF_prod_4edbb1f06c68dbcbfd38ce91256de3d8",
    "amount": "149.95",
    "shippingAmount": "4.95",
    "shippingMethod": "UPS Ground",
    "gatewayName": "Authorize.net",
    "gatewayStatus": "pass",
    "cardAttempts": "2",
    "customerIP": "127.0.0.1",
    "referialCode": "840cc18f8",
    "avsResultCode": "U",
    "cvvResultCode": "1",
    "cavvResultCode": "A",
    "currencyCode": "USD",
    "discountPrice": "5.00",
    "discountPercentage": "5",
    "customer": {
      "id": "1000315",
      "email": "example@email.com",
      "joinedOn": "12/01/2025",
      "lastSignIn": "12/25/2025",
      "lastPurchaseDate": "12/25/2025",
      "totalPreviousPurchases": 5,
      "totalPurchaseValue": 2951.15,
      "savedCcAddedOn": "12/25/2025"
    },
    "merchant": {
      "name": "Test Company",
      "website": "https://www.test-company.com",
      "email": "email@testcompany.com",
      "productType": "Goods"
    },
    "order": {
      "invoiceNumber": "1123581321",
      "orderType": "one-time",
      "referringSite": "Google",
      "referringUrl": "https://www.google.com/search?q=test+company&oq=test+company&sourceid=chrome&ie=UTF-8",
      "landingPage": "https://www.test-company.com",
      "landingPageType": "home"
    },
    "payment": {
      "method": "Credit Card",
      "creditCard": {
        "last4": "1111",
        "cardType": "Visa",
        "cardNumber": "4111111111111111",
        "expirationDate": "0923",
        "cardCode": "999",
        "bin": "411111"
      }
    },
    "travel": {
      "travelDate": "12/31/2025",
      "destination": "Denver, CO",
      "pointOfOrigin": "Seattle, WA"
    },
    "billTo": {
      "firstName": "John",
      "lastName": "Smith",
      "company": "Some Company",
      "address": "123 Broadway Apt #1",
      "city": "New York",
      "state": "NY",
      "zip": "11001",
      "country": "US",
      "phoneNumber": "1112223333"
    },
    "shipTo": {
      "firstName": "Fred",
      "lastName": "Smith",
      "company": "Another Company",
      "address": "4321 Ave A",
      "city": "Denver",
      "state": "CO",
      "zip": "80210",
      "country": "US"
    },
    "lineItems": [
      {
        "sku": "12345",
        "name": "Example Product 1",
        "price": 37.36,
        "quantity": 3,
        "category": "Example Category 1",
        "manufacturer": "Example Manufacturer 1",
        "notes": "Example Notes 1"
      },
      {
        "sku": "23456",
        "name": "Example Product 2",
        "price": 37.87,
        "quantity": 1,
        "category": "Example Category 2",
        "manufacturer": "Example Manufacturer 2",
        "notes": "Example Notes 2"
      }
    ],
    "userFields": {
      "field1": "value1",
      "field2": "value2"
    }
  }'

Responses

Successful request. Response body will contain a standard or enriched transaction payload depending on whether the request set enrich as true.

Bodyapplication/json
One of:

OK

idstring(uuid)required

Identifier of the transaction with our API. Transaction can be found at portal.nofraud.com/transaction/{id} the id being this field.

Example: "3317d310-1b4f-4d98-bd7d-44121ded2158"
decisionstringrequired

What NoFraud decided for this transaction.

Enum"pass""fail""review""fraudulent""error"
Example: "pass"
messagestring

Custom error message. Only included in responses with a "fail" decision based off of the Custom Error Message field set for your NoFraud Portal account

Response
application/json
{
  "id": "3317d310-1b4f-4d98-bd7d-44121ded2158",
  "decision": "pass",
  "message": "string"
}

Update gateway response

Request

Request made by custom integrations after the creation of the initial transaction to send the result from the payment gateway. The nf-token property is the NoFraud API Key, you can find it on NoFraud Portal integrations page.

The nf-id value is the id returned from the POST /transaction request.

This step is only required if the initial API call to NoFraud was completed before the corresponding transaction was sent to your payment gateway. In such cases, this API call should be sent to NoFraud after you receive a response from the gateway. The purpose of this API call is to provide NoFraud with the appropriate gateway information our system did not have access to during the initial API call.

Different payment gateways provide different result responses. You may need to format this field to match NoFraud's accepted values (e.g. "approved" should be converted to pass, "declined" should be converted to fail, etc.)

Bodyapplication/json
nf-tokenstringrequired

API key for authentication.

Example: "NF_prod_eda02a1aa67099c0f30b3ab937bce2a6"
nf-idstring(uuid)required

Transaction ID of the decision we returned to you.

Example: "16f235a0-e4a3-529c-9b83-bd15fe722110"
gateway-responseobject(GatewayResponse)
curl -i -X POST \
  https://developers.nofraud.com/_mock/transaction-api/gateway_response \
  -H 'Content-Type: application/json' \
  -d '{
    "nf-token": "NF_prod_eda02a1aa67099c0f30b3ab937bce2a6",
    "nf-id": "16f235a0-e4a3-529c-9b83-bd15fe722110",
    "gateway-response": {
      "result": "pass",
      "authcode": "000000",
      "transaction-id": "10010234578"
    }
  }'

Responses

OK

Bodyapplication/json
Response
application/json
{
  "Status": "OK"
}

Get transaction status

Request

Get transaction status by transaction ID (URL) or invoice/order number.

Utilizing this endpoint can be helpful in automating the process by which your system handles NoFraud's review orders. Your system can be configured to collect and hold all review orders upon receiving them. Then, an automated cron, or other similar system, can be configured to send requests to this endpoint at set intervals, in order to determine if the review order has had a status update to pass, fail, or fraudulent. When your system identifies a status update for a particular transacation, that transaction can either be processed and shipped, in the event of a pass, or canceled and refunded, in the event of either a "fail" or "fraudulent" status update.

If invoice/order numbers for your transactions appear in the NoFraud Portal with a preceeding number sign "#", the ID should be included in the HTTP GET request without this character. For example, if the order number in NoFraud appears as "#10205793", the order number should be included in the request as simply "10205793".

If more than one transaction appears in NoFraud's system with the included invoice/order number, this process will only check the first such transaction in our system with this invoice/order number.

Path
nf-tokenstringrequired

NoFraud API Key - Integration Token

Example: NF_prod_eda02a1aa67099c0f30b3ab937bce2a6
transaction-id-or-invoice-numberstringrequired

Transaction uuid received on order creation or the invoice number

Example: 16eb5701-d411-525d-abd4-4985fa05f187
curl -i -X GET \
  'https://developers.nofraud.com/_mock/transaction-api/status/{nf-token}/{transaction-id-or-invoice-number}'

Responses

OK

Bodyapplication/json
idstring(uuid)required

Identifier of the transaction with our API. Transaction can be found at portal.nofraud.com/transaction/{id} the id being this field.

decisionstringrequired

What NoFraud decided for this transaction.

Enum"pass""fail""review""fraudulent""error"
Example: "pass"
messagestring

Custom error message. Only included in responses with a "fail" decision based off of the Custom Error Message field set for your NoFraud Portal account

Response
application/json
{
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "decision": "pass",
  "message": "string"
}

Get transaction status by ID

Request

Get transaction status by transaction ID (URL)

Utilizing this endpoint can be helpful in automating the process by which your system handles NoFraud's review orders. Your system can be configured to collect and hold all review orders upon receiving them. Then, an automated cron, or other similar system, can be configured to send requests to this endpoint at set intervals, in order to determine if the review order has had a status update to pass, fail, or fraudulent. When your system identifies a status update for a particular transacation, that transaction can either be processed and shipped, in the event of a pass, or canceled and refunded, in the event of either a "fail" or "fraudulent" status update.

Path
nf-tokenstringrequired

NoFraud API Key - Integration Token

Example: NF_prod_eda02a1aa67099c0f30b3ab937bce2a6
transaction-idstringrequired

Transaction id received on transaction creation payload

Example: 16eb5701-d411-525d-abd4-4985fa05f187
curl -i -X GET \
  'https://developers.nofraud.com/_mock/transaction-api/status_by_url/{nf-token}/{transaction-id}'

Responses

OK

Bodyapplication/json
idstring(uuid)required

Identifier of the transaction with our API. Transaction can be found at portal.nofraud.com/transaction/{id} the id being this field.

decisionstringrequired

What NoFraud decided for this transaction.

Enum"pass""fail""review""fraudulent""error"
Example: "pass"
messagestring

Custom error message. Only included in responses with a "fail" decision based off of the Custom Error Message field set for your NoFraud Portal account

Response
application/json
{
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "decision": "pass",
  "message": "string"
}

Get transaction status by invoice/order

Request

Get transaction status by invoice/order ID.

Utilizing this endpoint can be helpful in automating the process by which your system handles NoFraud's review orders. Your system can be configured to collect and hold all review orders upon receiving them. Then, an automated cron, or other similar system, can be configured to send requests to this endpoint at set intervals, in order to determine if the review order has had a status update to pass, fail, or fraudulent. When your system identifies a status update for a particular transacation, that transaction can either be processed and shipped, in the event of a pass, or canceled and refunded, in the event of either a "fail" or "fraudulent" status update.

If invoice/order numbers for your transactions appear in the NoFraud Portal with a preceeding number sign "#", the ID should be included in the HTTP GET request without this character. For example, if the order number in NoFraud appears as "#10205793", the order number should be included in the request as simply "10205793".

If more than one transaction appears in NoFraud's system with the included invoice/order number, this process will only check the first such transaction in our system with this invoice/order number.

Path
nf-tokenstringrequired

NoFraud API Key - Integration Token

Example: NF_prod_eda02a1aa67099c0f30b3ab937bce2a6
invoice-idstringrequired

Invoice/order ID included in transaction creation payload.

Example: 10205793
curl -i -X GET \
  'https://developers.nofraud.com/_mock/transaction-api/status_by_invoice/{nf-token}/{invoice-id}'

Responses

OK

Bodyapplication/json
idstring(uuid)required

Identifier of the transaction with our API. Transaction can be found at portal.nofraud.com/transaction/{id} the id being this field.

decisionstringrequired

What NoFraud decided for this transaction.

Enum"pass""fail""review""fraudulent""error"
Example: "pass"
messagestring

Custom error message. Only included in responses with a "fail" decision based off of the Custom Error Message field set for your NoFraud Portal account

Response
application/json
{
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "decision": "pass",
  "message": "string"
}