Here are the two common flows and how our customers model them. Note that the interaction is the same whether you have a website, a native mobile app (iOS, Android, etc), or both.
You want to get a Sift Score before contacting the payment gateway
- Your user clicks "submit order" on your app or website, which sends a message to your server (backend) to process a user's order.
- Send Sift a $create_order from your backend, and get a risk assessment in the response. This order should include all payment methods that will be used for the order.
- If you cancel the order for suspicion of fraud, end here.
- If you don't cancel the order for suspicion of fraud, contact your payment gateway from your backend to run a sale on the CC.
- Send Sift a $transaction from your backend with the result of the payment gateway interaction with the $order_id.
- If the order had multiple payment methods, send a $transaction from your backend to Sift for each of the methods. For example, if a gift card was used in addition to a CC, send a $transaction to capture the application of the gift card.
You want to contact the payment gateway before getting a Sift Score
- Your user clicks "submit order" on your app or website, which sends a message to your server (backend) to process the order.
- You contact your payment gateway from your backend to run an authorization or sale.
- If failed, send Sift a $transaction from your backend without an $order_id. There is no need to continue unless the user tries again with a new payment method (in which case, start back at step 1).
- If successful, send Sift a $transaction from your backend with the $order_id from the newly generated order.
- Once you get an HTTP 200 on the $transaction request, send Sift a $create_order from your backend, and get a risk assessment in the response. This order should include all payment methods that will be used for the order.
- If you cancel the order for suspicion of fraud, contact the payment gateway from your backend to refund the sale or void the authorization. Send Sift a $transaction with $transaction_status : "$void" if there was a pending authorization, or with $transaction_status "$refund" if you already captured payment and so are doing a refund here.
- If you don't cancel the order for suspicion of fraud and you still need to do a capture - if you only did an auth in step 2 - send Sift a $transaction from your backend with the result of the capture.
- If the order had multiple payment methods, send a $transaction from your backend to Sift for each of the methods. For example, if a gift card was used in addition to a CC, send a $transaction to capture the application of the gift card.
Notes:
- If a user pays for an order with multiple payment methods, send one $transaction per payment method.
- If a user makes a change to their order after the fact, such as updating the shipping address for the order, send an $update_order event.
- If you don't think you fit into one of these flows, fill out a support ticket and we'll be happy to talk through how best to fit your case.