Verify Card API
Copy page
Copy page as Markdown for LLMs
Open in Claude
Ask questions about this page
The verify card service allows PCI-compliant merchants to validate payment card details without processing an actual payment. This service pre-validates cards issued by Visa, Mastercard, and American Express (AMEX) as part of your risk management and fraud prevention workflow.
Read more about the verify service in our verify card guide.
API Endpoints
https://sbpaymentservices.payfort.com/FortAPI/paymentApi
Request Format
- Method:
POST - Content-Type:
application/json - Submission: Server-to-server HTTPS POST
This service can be used across custom integration only.
Request Parameters
| Parameter |
|---|
service_command Alpha Max: 20 Required Service command for card verification. Special characters: _Value: VERIFY_CARDExample. VERIFY_CARD |
access_code Alphanumeric Max: 20 Required Merchant access code obtained from Amazon Payment Services dashboard under Integration Settings. Example. zx0IPmPy5jp1vAz8Kpg7 |
merchant_identifier Alphanumeric Max: 20 Required Unique merchant identifier assigned by Amazon Payment Services during account setup. Example. CycHZxVj |
merchant_reference Alphanumeric Max: 40 Required Unique verification reference that must be unique per merchant. Alphanumeric characters, hyphens, underscores, and periods allowed. Special characters: _ - .Example. XYZ9239-yu898 |
currency Alpha Max: 3 Required Three-letter ISO 4217 currency code for the verification amount. Example. AED |
language Alpha Max: 2 Required Response language. Supported values: en (English) or ar (Arabic). Example. en |
expiry_date Numeric Max: 4 Required Card expiry date in YYMM format. Must be a future date. Example. 2105 |
card_number Numeric Max: 16 Required Complete credit card number for verification. MEEZA cards: 19 digits, AMEX: 15 digits, Others: 16 digits. Example. 4005550000000001 |
signature Alphanumeric Max: 200 Required SHA-256 hash signature for request authentication and integrity validation. Example. 7cad05f0212ed933c9a5d5dffa31661acf2c827a |
settlement_reference Alphanumeric Max: 22 Optional Unique reference passed to acquiring bank for settlement file identification. Example. XYZ9239-yu898 |
The merchant_reference must be unique per verification request.
Check signature calculation section to learn how to calculate the signature.
Response Parameters
| Parameter |
|---|
service_command Alpha Max: 20 Service command from the request. Special characters: _Value: VERIFY_CARDExample. VERIFY_CARD |
access_code Alphanumeric Max: 20 Merchant access code used in the request. Example. zx0IPmPy5jp1vAz8Kpg7 |
merchant_identifier Alphanumeric Max: 20 Merchant identifier used in the request. Example. CycHZxVj |
merchant_reference Alphanumeric Max: 40 Unique verification reference from the request. Special characters: _ - .Example. XYZ9239-yu898 |
currency Alpha Max: 3 Currency code used for the verification. Example. AED |
language Alpha Max: 2 Language used for the response. Example. en |
expiry_date Numeric Max: 4 Card expiry date from the request. Example. 2105 |
card_number Numeric Max: 16 Masked card number with only first 6 and last 4 digits visible. Example. 400555*****0001* |
signature Alphanumeric Max: 200 Response signature for verification. Example. 7cad05f0212ed933c9a5d5dffa31661acf2c827a |
response_message Alphanumeric Max: 150 Human-readable response description in requested language. Example. Success |
response_code Numeric Max: 5 Numeric response code indicating verification result. Example. 80000 |
status Numeric Max: 2 Two-digit status code indicating verification state. Example. 80 |
settlement_reference Alphanumeric Max: 22 Settlement reference from the request. Example. XYZ9239-yu898 |
Response Codes
For a complete list of response codes and their descriptions, please refer to our Error Codes Documentation.
Sample Request
{
"service_command": "VERIFY_CARD",
"access_code": "zx0IPmPy5jp1vAz8Kpg7",
"merchant_identifier": "CycHZxVj",
"merchant_reference": "VERIFY-2024-1725887587",
"currency": "AED",
"language": "en",
"expiry_date": "2105",
"card_number": "4005550000000001",
"settlement_reference": "VERIFY-REF-001",
"signature": "eef26521d64ffd436b056ab9da0267334aa886acfe392f803e6705d0a5b0fc7a"
}
Sample Response
{
"service_command": "VERIFY_CARD",
"access_code": "zx0IPmPy5jp1vAz8Kpg7",
"merchant_identifier": "CycHZxVj",
"merchant_reference": "VERIFY-2024-1725887587",
"currency": "AED",
"language": "en",
"expiry_date": "2105",
"card_number": "400555******0001",
"settlement_reference": "VERIFY-REF-001",
"response_code": "80000",
"response_message": "Success",
"status": "80",
"signature": "c63a266e5929c6c8b82c2d9f2c8ae5c2b1b6f8a9d7e4f3c2a1b0c9d8e7f6a5b4"
}
Every parameter the Merchant sends in the Request should be received by the Merchant in the Response - even the optional ones.
Check Status for Verify Service Command
You can retrieve the results of a verify command by making use of the check status API command. This allows you to query the status of a previously submitted card verification request.
Request Parameters
| Parameter |
|---|
query_command Alpha Max: 50 Required Query operations command for checking verification status. Special characters: _Value: CHECK_VERIFY_CARD_STATUSExample. CHECK_VERIFY_CARD_STATUS |
access_code Alphanumeric Max: 20 Required Merchant access code obtained from Amazon Payment Services dashboard under Integration Settings. Example. zx0IPmPy5jp1vAz8Kpg7 |
merchant_identifier Alphanumeric Max: 20 Required Unique merchant identifier assigned by Amazon Payment Services during account setup. Example. CycHZxVj |
merchant_reference Alphanumeric Max: 40 Required The same merchant reference used in the original verify card request. Example. XYZ9239-yu898 |
language Alpha Max: 2 Required Response language. Supported values: en (English) or ar (Arabic). Example. en |
signature Alphanumeric Max: 200 Required SHA-256 hash signature for request authentication and integrity validation. Example. 7cad05f0212ed933c9a5d5dffa31661acf2c827a |
Response Parameters
| Parameter |
|---|
query_command Alpha Max: 50 Query operations command from the request. Value: CHECK_VERIFY_CARD_STATUSExample. CHECK_VERIFY_CARD_STATUS |
access_code Alphanumeric Max: 20 Merchant access code used in the request. Example. zx0IPmPy5jp1vAz8Kpg7 |
merchant_identifier Alphanumeric Max: 20 Merchant identifier used in the request. Example. CycHZxVj |
merchant_reference Alphanumeric Max: 40 Unique verification reference from the request. Example. XYZ9239-yu898 |
language Alpha Max: 2 Language used for the response. Example. en |
signature Alphanumeric Max: 200 Response signature for verification. Example. 7cad05f0212ed933c9a5d5dffa31661acf2c827a |
response_message Alphanumeric Max: 150 Human-readable response description in requested language. Example. Success |
response_code Numeric Max: 5 Numeric response code indicating query result. Example. 56000 |
status Numeric Max: 2 Two-digit status code indicating query state. Example. 56 |
transaction_status Numeric Max: 2 Status of the last verify operation performed on the specific card. Example. 80 |
transaction_message Alphanumeric Max: 150 Message returned for the last verify operation performed on the specific card. Example. success |
Sample Request
{
"query_command": "CHECK_VERIFY_CARD_STATUS",
"access_code": "zx0IPmPy5jp1vAz8Kpg7",
"merchant_identifier": "CycHZxVj",
"merchant_reference": "VERIFY-2024-1725887587",
"language": "en",
"signature": "f93c586997906bac21e8d046407c3fbed6b6820affcb7345353487287cc7c03a"
}
Sample Response
{
"query_command": "CHECK_VERIFY_CARD_STATUS",
"access_code": "zx0IPmPy5jp1vAz8Kpg7",
"merchant_identifier": "CycHZxVj",
"merchant_reference": "VERIFY-2024-1725887587",
"language": "en",
"signature": "7cad05f0212ed933c9a5d5dffa31661acf2c827a",
"response_message": "Success",
"response_code": "56000",
"status": "56",
"transaction_status": "80",
"transaction_message": "success"
}
Response Codes
For a complete list of response codes and their descriptions, please refer to our Error Codes Documentation.
Testing The Integration
Use the sandbox environment for development and testing:
- Sandbox URL:
https://sbpaymentservices.payfort.com/FortAPI/paymentApi - Test Cards: Use our comprehensive Testing Cards
Go-Live Process
When ready to move to production, follow our Go-Live checklist