Introduction
Welcome to QI Tech’s Card Transaction Fraud Prevention API! You can use our API to access the endpoints in order to receive the response of a transaction, and send transactions to QI Tech so that it can generate alerts for fraudulent users or fraudulent sellers, as well as use it to update the status of a transaction.
Attention, this API is intended for merchants that receive card-not-present transactions, which are subject to fraud chargebacks, meaning companies that sell through applications or websites and receive payments via credit or debit card
Below, you can see the API implementation using cURL. This provides examples that you can properly adapt to the programming language of your choice.
Issues?
We’re not a company that hides behind an API! Reach out to our suport team and we’ll get back to you as soon as possible. Feel free to give us a call if you want a quicker answer!
We love feedbacks
Even if you’ve already solved your issue or it is something simple (like a typo or a small organizational detail), feel free to send us an email. That way, we can keep improving our documentation and help the next person avoid the same difficulties you faced!
Environments
We provide two environments for our clients. The base URLs for the APIs are:
- Production -
https://api.caas.qitech.app/card_order/ - Sandbox -
https://api.sandbox.caas.qitech.app/card_order/
In the Sandbox environment, analyses are not charged and return predefined responses.
For transaction analysis in the Sandbox environment, the decision is based on the transaction amount:
| Minimum | Maximum | Decision |
|---|---|---|
| 0 | 1000 | Automatically Approved |
| 1001 | 2000 | Referred for Manual Review - Later Approved |
| 2001 | 3000 | Referred for Manual Review - Later Rejected |
| 3001 | 4000 | Automatically Rejected |
| 4001 | 5000 | Not Analyzed |
| 5001 | - | Pending |
Only HTTPS
For security reasons, all communication with QI Tech's APIs must be conducted over HTTPS. To ensure that no HTTP calls are made, whether by oversight or any other reason, this server only makes port 443 available with TLS 1.2 communication. Requests using other protocols will be automatically rejected.
Authentication
To authenticate a request, use the following code:
# In the shell, you only need to add the appropriate header to each request
curl "api_endpoint_here"
-H "Authorization: EXAMPLE_API_KEY"
Replace the API key 'EXAMPLE-OF-API-KEY' with your key acquired from our support team.
We use an API Key to allow access to our API. It has probably already been sent to you by email. If you have not yet received your key, please send an email to suporte.caas@qitech.com.br.
Our API expects to receive the API Key in all requests to our server in a header like the one below:
Authorization: EXAMPLE_API_KEY
You must replace EXAMPLE_API_KEY with the API Key received from support.