Back-end's Payment Flow
There are two options for integrating your payment flow’s back-end with Legiti: with or without credit card pre-auth. The option you choose should be the one that most accurately represent your own payment flow. If you have any questions regarding the payment flow please contact the Legiti Customer Solutions Team at [email protected]
Please note that, whichever flow you choose, it’s crucial that you:
  • Send the order and payment information to the collection API (through POST /order);
  • Notify or confirm to Legiti of any status changes in the order (through PUT /order), as soon as they happen.

Pre-auth

Payment flow - Pre-auth
When using pre-authorization, you must first authorize the purchase with your acquirer and then send the order to Legiti (by calling POST /order). It is important to note that if you want Legiti to evaluate an order, you must set the evaluate flag to true when you send the order to Legiti. Finally, do not forget to send the transaction's ID returned by the acquirer in the payment's update: it’s necessary for matching possible chargebacks to the original order.
Once Legiti (or your manual review team, if that’s the case) has approved the order you can then capture the payment and confirm that the order was fully approved (calling PUT /order).
In case the payment’s been declined and there won’t be additional attempts or the order’s been rejected either by Legiti’s evaluation or your manual review team, decline the order in your system and notify Legiti of the order’s declinal (calling PUT /order).
If the order was declined because of fraud suspicion, be sure to notify Legiti (through POST /order/mark_fraudulent) - this feedback is essential for us to continually improve the accuracy of our evaluations. Be aware that you should not notify Legiti of the fraud suspicion if the order was declined by Legiti itself.

Without pre-auth

Payment flow - Without pre-auth
If you’re operating without credit card pre-authorization, you should send the order to Legiti for evaluation (via POST /order with the evaluate flag marked as true) before any call to your payments provider.
You’ll only attempt to authorize and capture the payment if the order’s been approved by Legiti (or your manual review team). Once the order been approved and captured you should notify Legiti of the approval (through PUT /order).
In case the payment’s been declined and there won’t be additional attempts or the order’s been rejected either by Legiti’s evaluation or your manual review team, cancel the order in your system and notify Legiti of the order’s declinal (calling PUT /order with the status declined for fraud suspicion or unauthorized when the payment is rejected).
If the order was declined because of fraud suspicion, be sure to notify Legiti (through POST /order/mark_fraudulent) - this feedback is essential for us to continually improve the accuracy of our evaluations. Be aware that you should not notify Legiti of the fraud suspicion if the order was declined by Legiti itself.
Copy link
On this page
Pre-auth
Without pre-auth