Retrieve Order
GET/v1/orders/:id
Retrieve a single order by its UUID. The response includes the full list of transactions (authorize, capture, void, refund, extension) recorded against the order.
Orders that belong to another acquirer return HTTP 404.
Required permission: orders_read.
Request
Path Parameters
Order UUID.
Responses
- 200
- 401
- 403
- 404
The order.
- application/json
- Schema
- Example (from schema)
Schema
1.00 SARis sent as1001.00 KWDis sent as10001 JPYis sent as1- Card
- DevicePayToken
Array [
initiated: in-flight; no response received yet.approved: scheme / issuer approved.failed: declined by scheme or issuer.timeout: gateway did not receive a response in time.system_error: internal processing error.internet: customer-facing e-commerce transaction (card not present, authenticated by 3DS).merchant: merchant-initiated transaction on a stored agreement (unscheduled, recurring, installment, etc.).moto: mail-order / telephone-order transaction where card details are collected by the merchant out of band.1.00 SARis sent as1001.00 KWDis sent as10001 JPYis sent as1]
A 36-character UUIDv7 identifier.
merchant
object
required
Brief representation of the merchant that owns the resource.
A 36-character UUIDv7 identifier.
Merchant display name (English).
Stable, human-readable merchant identifier assigned by the acquirer. Often used as the merchant's principal reference in scheme reports.
Merchant display name in Arabic, when configured.
Possible values: Value must match regular expression ^[A-Z]{3}$
ISO 4217 three-letter currency code in uppercase.
Possible values: <= 100000000
A non-negative integer representing a monetary value in the smallest
currency unit for the associated currency (minor units).
Examples:
ISO 8601 UTC timestamp with time zone designator.
ISO 8601 UTC timestamp with time zone designator.
source
object
required
Polymorphic payment source. The type discriminator resolves to
either a Card or a DevicePayToken (Apple / Google / Samsung
Pay).
oneOf
Card payment source. Sensitive fields (full PAN, CVV) are never
returned; responses expose only BIN (first_digits) and PAN
last-four, plus network metadata resolved from the BIN tables.
Possible values: [card]
Human-readable issuing bank name, resolved from the BIN.
Card product type — CREDIT, DEBIT, CHARGE, etc.
Issuer product tier (e.g. PLATINUM, SIGNATURE,
INFINITE). Free-text, sourced from the BIN table.
Possible values: Value must match regular expression ^[A-Z]{2}$
Country where the card was issued (from BIN).
Possible values: [visa, mastercard, mada, amex]
The card scheme (network) associated with the card. mada is detected from the issuing BIN and takes precedence over Visa / Mastercard co-branding for Saudi-issued cards.
Scheme that performed 3DS authentication for this card. May
differ from scheme for co-branded cards (e.g. mada card
authenticated via Visa as the parent scheme).
First six digits of the PAN (the BIN).
Last four digits of the PAN.
Possible values: >= 1 and <= 12
Possible values: >= 2000
Apple Pay, Google Pay or Samsung Pay tokenised payment source. The
shape is identical to Card; the type discriminator indicates
which wallet produced the token and first_digits / last_digits
represent the DPAN (device PAN), not the underlying funding PAN.
Possible values: [apple_pay, google_pay, samsung_pay]
Possible values: Value must match regular expression ^[A-Z]{2}$
ISO 3166-1 alpha-2 country code in uppercase.
Possible values: [visa, mastercard, mada, amex]
The card scheme (network) associated with the card. mada is detected from the issuing BIN and takes precedence over Visa / Mastercard co-branding for Saudi-issued cards.
Possible values: >= 1 and <= 12
If this order was created via reauthorization, the original order ID.
agreement
object
A stored cardholder agreement referenced on merchant-initiated transactions.
Merchant-chosen agreement identifier supplied when the agreement was established.
Possible values: [unscheduled, recurring, registered, installment]
ID of the order that established this agreement.
Possible values: [fixed, variable]
false once the agreement has been disabled via
PUT /v1/agreements/:id/disable. Disabled agreements reject
new transactions.
ISO 8601 UTC timestamp with time zone designator.
ISO 8601 UTC timestamp with time zone designator.
transactions
object[]
required
All transactions against this order.
A 36-character UUIDv7 identifier.
Possible values: [initiated, approved, failed, timeout, system_error]
Possible values: [verify, purchase, authorize, capture, void, refund, extension, reversal]
Possible values: [internet, merchant, moto]
How the transaction was initiated:
Possible values: [request_timeout, gateway_timeout, response_error, delivery_error, null]
Populated on reversal transactions only.
Possible values: [reauthorization, delayed_charges, resubmission, no_show, null]
If type = reversal, the transaction this reversal nullified.
Human-readable gateway response message.
Two-digit ISO 8583 response code returned by the issuer. 00
indicates approval; non-00 codes are declines.
On a reversal, the message from the transaction being reversed.
Twelve-digit Retrieval Reference Number (RRN) assigned by the acquirer and forwarded to the issuer. Useful for reconciling an entry on the cardholder's statement. Not unique across schemes.
System Trace Audit Number (STAN). A six-digit acquirer-local counter that is unique per terminal per business day.
Six-character authorization code returned by the issuer on approval.
Possible values: <= 100000000
A non-negative integer representing a monetary value in the smallest
currency unit for the associated currency (minor units).
Examples:
Cumulative refunds allocated against this specific transaction.
ISO 8601 UTC timestamp with time zone designator.
{
"id": "0191f5a7-3d99-7f81-b7ec-962a5f5fdd7c",
"merchant": {
"id": "0191f5a7-3d99-7f81-b7ec-962a5f5fdd7c",
"name": "Example Store",
"merchant_id": "4738211",
"arabic_name": "متجر الأمثلة"
},
"currency": "SAR",
"amount": 10000,
"captured_amount": 0,
"refunded_amount": 0,
"voided_amount": 0,
"description": "string",
"created_at": "2025-01-15T14:30:00Z",
"updated_at": "2025-01-15T14:30:00Z",
"source": {
"type": "card",
"issuer": "RIYAD BANK",
"card_type": "CREDIT",
"category": "SIGNATURE",
"country_alpha2": "SA",
"scheme": "visa",
"card_auth_scheme": "string",
"first_digits": "411111",
"last_digits": "1111",
"month": 12,
"year": 2030
},
"reauthorized_order_id": "0191f5a7-3d99-7f81-b7ec-962a5f5fdd7c",
"agreement": {
"id": "SUB-USER-42",
"type": "unscheduled",
"first_order_id": "0191f5a7-3d99-7f81-b7ec-962a5f5fdd7c",
"max_use": 0,
"variability": "fixed",
"expiry": "2024-07-29",
"active": true,
"created_at": "2025-01-15T14:30:00Z",
"updated_at": "2025-01-15T14:30:00Z"
},
"transactions": [
{
"id": "0191f5a7-3d99-7f81-b7ec-962a5f5fdd7c",
"status": "initiated",
"type": "verify",
"source_type": "internet",
"reverse_reason": "request_timeout",
"justification": "reauthorization",
"reversed_transaction_id": "0191f5a7-3d99-7f81-b7ec-962a5f5fdd7c",
"message": "string",
"response_code": "00",
"original_message": "string",
"original_response_code": "string",
"retrieval_reference": "433115207925",
"stan": "123456",
"auth_code": "262345",
"issuer_response_code": "string",
"amount": 10000,
"refunded_amount": 0,
"scheme_trace_id": "string",
"terminal_id": "string",
"created_at": "2025-01-15T14:30:00Z"
}
]
}
Authentication failed.
- application/json
- Schema
- Example (from schema)
Schema
{
"message": "Missing authentication information"
}
The API key lacks the required permission.
- application/json
- Schema
- Example (from schema)
Schema
{
"message": "Unauthorized"
}
The referenced resource does not exist or belongs to another acquirer.
- application/json
- Schema
- Example (from schema)
Schema
{
"message": "The Order you are looking for was not found."
}