Guides

Authentication

Suggest Edits

Retail Consumption Service Authentication

The API requires Username and Password to be sent along with a PartnerCode [a unique identifier for the Partner]. These credentials will be used to authenticate a partner along with IP restrictions. If the Partner does not have the ability to check for the Username and Password, then request will be authenticated via IP Address.

Exposed Methods

The following are the methods exposed by the API:

  • Ping
    Verify communication connectivity between Partner and Green Dot systems.
  • Auth (2-Phase)
    Perform necessary validation and place a hold on the transaction(Step 1 of 2-Phase). Return with appropriate response for the Auth result.On successful response,Green Dot will hold the funds and it cannot be used for another Auth or Transact request[Please see Response Codes for response code details]
  • AuthCommit (2-Phase)
    Completes the transaction authorized in the Auth request. Return with appropriate response for the commit result. On successful response,Green Dot will mark the funds used and Partner is expected to credit the customer’s account upon a successful response[Please see Appendix A for response code details.]. If Green Dot Does not receive a successful or an unsuccessful response within the slated time period, Green Dot will retry AuthCommit every three minutes for the next 10 hours or until we get a response,whichever is earlier.
  • AuthVoid (2-Phase)
    Cancels the transaction authorized in the Auth request(in case of 2-Phase). Return with appropriate response for the void result. On successful response,Green Dot will release the funds and the Partner is expected to release the Auth against the customer’s account. [Please see Appendix A for response code details.]If Green Dot Does not receive a successful or an unsuccessful response within the slated time period, Green Dot will retry AuthVoidevery three minutes for the next 10 hours or until we get a response, whichever is earlier.

Integration Options

TransactionTypeAPI Hosted byAPI
GreenDot Initiated (PUSH) POSPartner•Ping
•Auth, AuthCommit, AuthVoid (2-Phase)

Duplicate Request

If a request has the same RequestID as another request, from the same Partner, API will respond with the ‘DuplicateRequest’ response code. The ResponseText will have the ResponseCode of the original Request.

Fund Movement

Green Dot will debit the source account and partner will credit the target account.

Partner hosted or Green Dot Initiated API(PUSH):

•2-Phase: Green Dot will movefunds with the Auth request. The Partner will move funds with the corresponding AuthCommitrequest. Due to this requirement, Green Dot expects the Partner to provide AuthResponse of success only if they will honor the AuthCommitrequest.If they cannot honor the AuthCommitrequest sent later, manual intervention will be required to settle such a transaction.

Retry Handling

Partner hosted or Green Dot Initiated API(PUSH):

  • This scenario will only be applicable for the following request types:
    • AuthCommit: If the call to the Partner times out, Green Dot will retry the AuthCommit request with a unique RequestID and the OriginalConfirmationID from the Auth response. Green Dot will retry AuthCommit every three minutes, up to 10 hours and until we get a response, whichever is earlier.
    • AuthVoid: If the call to the Partner times out, Green Dot will retry the AuthVoid request with a unique RequestID and the OriginalRequestID of the Auth request. Green Dot will retry AutVoid every three minutes, up to 10 hours and until we get a response, whichever is earlier.

Updated about 1 month ago