Inquiry

Updated on 07 Jan 2026
12 Minutes to read
Contributors

Print
Share
Dark
Light
PDF

Article summary

Did you find this summary helpful?

Thank you for your feedback!

This message is used by the merchant to inquire about the status of a specific transaction. The Inquiry message is based on the API communication model described in the Communication Model section.

Request Parameters

Parameter	Description
MessageID required	An alphanumeric value that represents the action for defined unique numbers as mentioned below: 2 for Inquiry Status Transaction Field Type: Alphanumeric Length: 2 Sample Data: 2
MerchantID required	An alphanumeric value that represents the unique Merchant ID at SmartRoute. The Payment Gateway operation team provides this value based on the merchant enrollment. Field Type: Alphanumeric Length: 40 Sample Data: MID0001
OriginalTransactionID required	The transaction ID belongs to the original transaction, which should be inquired. Field Type: Alphanumeric Length: 40 Sample Data: 1440594083737
SecureHash required	An alphanumeric value that represents the generated hex-encoded hash using hashing algorithm SHA-2 (256) by concatenating parameters as a single string starting with the merchant’s Merchant Authentication Token. Then all parameters (required parameters and optional parameters - if available) are ordered alphabetically. By parameter’s name should be part of the secure hash, with no separators and no terminating character. Appendix B: Secure Hash – Transaction Inquiry; for more information, see secure hash generation. Field Type: Alphanumeric Length: 64 Sample Data: e9fbb3c46ec9c7dec2a318edc283bbbea27bc5d7bf7da30f4f2e62b89df74a2e
Version required	A numeric value with (.) separator represents the command's version to be used. If this value is not provided, SmartRoute will consider its default value which is 1.0 Field Type: Numeric Length: 5 Sample Data: 1.0
IncludeRefundIds Optional	The IncludeRefundIds is an optional parameter in the request It accepts the values “Yes” and “No”. If the parameter is being provided with a "Yes" value then the merchant will receive within the inquiry response refund status along with refund transaction ids if any. Field Type: Alphabetic Length: 3 Sample Data: Yes

Sample Request Code (Java)

StringBuffer requestQuery = new StringBuffer(); 
 
requestQuery        
.append("OriginalTransactionID").append("=").append(1440954863817).append("&") 
.append("MerchantID").append("=").append("ANBRedirectM").append("&") 
.append("MessageID").append("=").append("2").append("&") 
.append("Version").append("=").append("1.0").append("&") 
.append("SecureHash").append("=").append(secureHash).append("&"); 
 
//Send the request 
URL url = new URL("https://SR_URL"); 
URLConnection conn = url.openConnection(); 
conn.setDoOutput(true); 
OutputStreamWriter writer = new OutputStreamWriter(conn.getOutputStream(), "UTF-8"); 
 
//write parameters 
writer.write(requestQuery.toString()); 
writer.flush();

Response Parameters

Parameter	Description
Response.MessageStatus required	An alphanumeric value that represents the response code that covers the errors generated by SmartRoute. Appendix A: Transaction Inquiry Response Codes for more information; see Response Codes. Field Type: Alphanumeric Length: 5 Sample Data: 00000
Response.StatusCode required	An alphanumeric value that represents the original transaction status that needs to be inquired. Field Type: Alphanumeric Length: 5 Sample Data: 00000
Response.Amount required	A numeric value that contains the purchase amount of the item. The value is in ISO format with no decimal point. Also. For example, 100 for 1.00 USD. Field Type: Numeric Length: 9 Sample Data: 100
Response.CurrencyISOCode required	The numeric value is in ISO format for the currency. The value should be neither character value nor decimal point. For example, 840 for US Dollar, 400 for JOD. Field Type: Numeric Length: 3 Sample Data: 840
Response.MerchantID required	An alphanumeric value that represents the unique ID of the merchant at SmartRoute. The SmartRoute operation team provides this value upon merchant enrollment. Field Type: Alphanumeric Length: 40 Sample Data: MID0001
Response.TransactionID required	The merchant generates the Transaction ID. It represents a unique identifier of the original transaction. The transaction to be inquired about it. Field Type: Alphanumeric Length: 40 Sample Data: 201508180000001 Note: Transection id must not include special characters or spaces.
Response.MessageID required	An alphanumeric value that represents the action for defined unique numbers as mentioned below: 2 for Status Transaction Field Type: Alphanumeric Length: 2 Sample Data: 2
Response.ReversalStatus required	The Reversal Status of the transaction has the below mentioned possible values which are needed to be inquired about: 0 for reversal required 1 for reversal not required 2 for reversal successful 3 for reversal failed Field Type: Numeric Length: 1 Sample Data: 1
Response.SecureHash required	An alphanumeric value that represents the generated hex-encoded hash using hashing algorithm SHA-2 (256) by concatenating parameters as a single string starting with the merchant’s Merchant Authentication Token. Then all response parameters appended in alphabetical order based on the parameter’s name, with no separators and no terminating character. Appendix B: Secure Hash – Transaction Inquiry; for more information, see secure hash generation. Field Type: Alphanumeric Length: 64 Sample Data: e9fbb3c46ec9c7dec2a318edc283bbbea27bc5d7bf7da30f4f2e62b89df74a2e
Response.PaymentMethod required	An Alphanumeric value indicates the payment method. Supported values depend on the requested version as follows: If Version is 1.0 : 1 ➔ It will be a Card payment. Example: Visa 3 ➔ It will be ApplePay payment. Example: ApplePAy Visa Field Type: Alphanumeric Length: 42 Sample Data: 1 Note: SmartRoute operation team, upon merchant enrollment, provides possible Card Names.
Response.AuthorizedAmount Conditional	A numeric value that contains the ISO Formatted total transaction authorized amount with no decimal point. For example, 100 for 1.00 USD. Field Type: Numeric Length: 9 Sample Data: 100 Condition: This parameter will be provided back to the merchant if the MCP is enabled for this merchant.
Response.AuthorizedCurrencyISOCode conditional	Authorized Currency uses the numeric ISO Code for the payment and not the character value. For example, 840 for the US Dollar. Field Type: Numeric Length: 3 Sample Data: 840 Condition: This parameter will be provided back to the merchant if the MCP is enabled for this merchant.
Response.GatewayStatusCode optional	An alphanumeric value that represents the gateway status of the original transection .This code covers errors generated by the chosen gateway. the transaction to be inquired about it. Field Type: Alphanumeric Length: 15 Sample Data: 0000
Response.GatewayStatusDescription optional	An alphanumeric value that represents a message describing the response status received from the chosen gateway using the language specified in the request. This value is for the original transaction which needed to be inquired. After completing the execution process, this parameter is filled in. This value should be UTF-8 encoded when it is entered into the secure hash generation process. Field Type: Alphanumeric Length: 100 Sample Data: Sample Gateway Description
Response.GatewayName optional	This value represents the gateway name that processed the transaction. It can be alphanumeric with special characters like space, ‘@’ and ‘_’. Field Type: Alphanumeric and Some Special Length: 40 Sample Data: TestGateway
Response.RRN optional	An alphanumeric value that represents a Receipt Reference Number for the current payment transaction. This value is returned if the value is provided from the gateway. Field Type: Alphanumeric Length: 60 Sample Data: 201508201600462840000000000
Response.ApprovalCode optional	Approval Code received from Payment Processor such as Visa. The values are returned in the following cases: Only after a successful transaction Value is provided from the gateway Field Type: Alphanumeric Length: 10 Sample Data: 12345678
Response.CardExpiryDate optional	The customer’s card expiry date (year) digits are used in the payment. The format of this parameter should be in the form (YY). Field Type: Alphanumeric Length: 4 Sample Data: 1508
Response.CardHolderName optional	The customer’s card number is used in the payment. Field Type: Alphanumeric Length: 32 Sample Data: FName LName
Response.CardNumber optional	The customer’s card number is used in the payment. Field Type: Alphanumeric Length: 19 Sample Data: 4747******123
Response.RefundStatus Conditional	Transaction Refund status. This applies only to refund-eligible transaction types. Field Type: Alphanumeric Length: 40 Sample Data: Partially Refunded Condition: This parameter will be provided back to the merchant if the IncludeRefundIds parameter is "Yes". For example, Pre-Authorization cannot be refunded.
Response.RefundIds Conditional	Related refunded transactions Ids. This applies only to refund-eligible transaction types. Field Type: Alphanumeric Length: 256 Sample Data: 161738239,1621728129,272372814 Condition: This parameter will be provided back to the merchant if the IncludeRefundIds parameter is "Yes". For example, Pre-Authorization cannot be refunded.
Response.IssuerName Conditional	An Alphanumeric value indicates the Issuer Name. Field Type: Alphanumeric Length: Sample Data: Test Condition: This parameter will be provided back to the merchant if the provided version in the request is 3.1
Response.3DS_DS_TRXN_ID Conditional	The field contains the unique identifier assigned by the 3DS Server for this authentication. This is referred to in the EMVCo specification for 3-D Secure as threeDSServerTransID. This field is returned in case of 3DS v.2 only and the Original Transaction Message ID = 27. Field Type: Alphanumeric Length: 50 Sample Data: c77c4059-e413-4d6f-84ff-f2d016c44e58
Response.ACSTrxnID Conditional	A unique transaction identifier assigned by the Access Control Server to identify the 3DS transaction. This field is returned in case of 3DS v.2 only and the Original Transaction Message ID = 27. Field Type: Alphanumeric Length: 36 Sample Data: 926cbe4b-ee08-49e9-ab92-294f65013bd9
Response.DirectoryServerTrxnID Conditional	The field contains unique transaction identifier assigned by the scheme Directory Server to identify the 3DS transaction This field is returned in case of 3DS v.2 only and the Original Transaction Message ID = 27. Field Type: Alphanumeric Length: 50 Sample Data: c77c4059-e413-4d6f-84ff-f2d016c44e58
Response.UIType Conditional	A comma separated list of the payer authentication methods that 3DS SDK will accept for this payment. Indicates the UI types which the SDK supports for displaying authentication challenges within the app. This field corresponds to EMVCo data element sdkUiType in the field deviceRenderOptions. This field is returned in case of 3DS v.2 only and the Original Transaction Message ID = 27. Note: Value must be one or more comma separated members of the following list. SINGLE_SELECT MULTI_SELECT OUT_OF_BAND OTHER_HTML
Response.ChallengeCompletionUrl Conditional	This value is only returned when you authenticate the payer in-app using 3-D Secure authentication version 2 and a challenge is required. This URL must be called after the challenge has been completed; for example, when the ACS has confirmed the challenge completion. This allows the gateway to retrieve the authentication result after the challenge has been completed. This field is returned in case of the Original Transaction Message ID = 27. Field Type: Alphanumeric with Special characters. Length: 1024 Sample Data: https://payone.io/verifications/3ds/verification
Response.SDKInterface Conditional	The User Interface (UI) formats that the payer's device supports. These are the formats that can be used to render the screens presented to the payer during an authentication challenge. It is retuned only for 3DS v2 when a challenge is required. This field corresponds to EMVCo data element sdkInterface in the field deviceRenderOptions. This field is returned in case of the Original Transaction Message ID = 27. Possible Values: HTML - The device supports HTML format. NATIVE - The device supports the UI format native to the payer's device.
Response.ACSRefNumber Conditional	Unique identifier assigned to the issuer's Access Control Server (ACS) by the EMVCo. It is retuned only for 3DS v2. This field corresponds to EMVCo field acsRefNumber. This field is returned in case of the Original Transaction Message ID = 27. Field Type: Alphanumeric with Special characters. Length: 32 Sample Data: MPGS_ACS_SANDBOX
Response.ACSRefNumber Conditional	An identifier which informs the merchant if this transaction requires a challenge (for 3DS v1 and 3DS v2). This field is returned in case of the Original Transaction Message ID = 27. Possible Values: Y N
Response.ThreeDSVersion Conditional	3DS Version as received from the Authentication process. This field is returned in case of the Original Transaction Message ID = 27. Field Type: Alphanumeric Length: 5 Sample Data: 2.2.0
Response.3DSECI Conditional	The field contains the Electronic Commerce Indicator (ECI) value provided by the issuer's Access Control Server (ACS) to indicate the results of the attempt to authenticate the payer. This field is returned in case of the Original Transaction Message ID = 27. Field Type: Alphanumeric Length: 2 Sample Data: 02
Response.3DSXID Conditional	A unique identifier for the 3-D Secure authentication transaction. This field is returned in case of the Original Transaction Message ID = 27. Field Type: Alphanumeric Length: 50 Sample Data: c77c4059-e413-4d6f-84ff-f2d016c44e58
Response.3DSCAVV Conditional	The Cardholder Authentication Verification Value (CAVV) is a base64 encoded value generated by the issuer Included in subsequent transaction request messages and used by the card scheme to verify that the authentication occurred and the values provided are valid. This field is returned in case of the Original Transaction Message ID = 27. Field Type: Base64 encoded Length: 28 or 32 Sample Data: jJJLtQa+Iws8AREAEbjsA1MAAAA

Sample Response Code (Java)

// Get the response 
StringBuffer output = new StringBuffer(); 
BufferedReader reader = new BufferedReader(new InputStreamReader(conn.getInputStream(), "UTF-8")); 
String line; 
while ((line = reader.readLine()) != null) { 
    output.append(line); 
} 
writer.close(); 
reader.close(); 
 
//Output the response 
System.out.println(output.toString()); 
 
// this string is formatted as a "Query String" - name=value&name2=value2....... 
String outputString=output.toString(); 
 
 
// To read the output string you might want to split it  
// on '&' to get pairs then on '=' to get name and value 
// and for a better and ease on verifying secure hash you should put them in a TreeMap 
String [] pairs=outputString.split("&"); 
 
Map<String,String> result=new TreeMap<String,String>(); 
 
// now we have separated the pairs from each other {"name1=value1","name2=value2",....} 
for(String pair:pairs){ 
 
    // now we have separated the pair to {"name","value"}    
    String[] nameValue=pair.split("="); 
 
    String name=nameValue[0];//first element is the name 
    String value=nameValue[1];//second element is the value 
 
    // put the pair in the result map 
    result.put(name,value); 
} 
// Now that we have the map, order it to generate secure hash and compare it with the received one 
StringBuilder responseOrderdString = new StringBuilder(); 
responseOrderdString.append(AUTHENTICATION_TOKEN); 
for (String treeMapKey : result.keySet()) { 
    responseOrderdString.append(result.get(treeMapKey)); 
} 
 
System.out.println("Response Orderd String is  " + responseOrderdString.toString()); 
 
// Generate SecureHash with SHA256 
// Using DigestUtils from appache.commons.codes.jar Library 
String generatedsecureHash = new String(DigestUtils.sha256Hex(responseOrderdString.toString()).getBytes()); 
 
// get the received secure hash from result map 
String receivedSecurehash=result.get("Response.SecureHash"); 
 
 
if(!receivedSecurehash.equals(generatedsecureHash)){ 
 
    //IF they are not equal then the response shall not be accepted   
    System.out.println("Received Secure Hash does not Equal generated Secure hash"); 
} 
else{ 
    // Complete the Action get other parameters from result map and do your processes  
    // Please refer to The Integration Manual to See The List of The Received Parameters 
    String status=result.get("Response.Status"); 
    System.out.println("Status is :"+ status); 
}

Other Sample Request Code (.Net /PHP)

Sample Request Code (.Net)

1.          StringBuilder requestQuery = new StringBuilder(); 
2.          requestQuery 
3.          .Append("OriginalTransactionID").Append("=").Append(1440954863817).Append("&
") 
4.          .Append("MerchantID").Append("=").Append("ANBRedirectM").Append("&") 
5.          .Append("MessageID").Append("=").Append("2").Append("&") 
6.          .Append("Version").Append("=").Append("1.0").Append("&") 
7.          .Append("SecureHash").Append("=").Append(secureHash).Append("&"); 
8.    
9.          //Send the request 
10.          string data = requestQuery.ToString().ToString();  
11.          byte[] dataStream = Encoding.UTF8.GetBytes(data); 
12.          string urlPath = "https://SR_URL"; 
13.          string request = urlPath; 
14.          WebRequest webRequest = WebRequest.Create(request); 
15.          webRequest.Method = "POST"; 
16.          webRequest.ContentType = "application/x-www-form-urlencoded"; 
17.          webRequest.ContentLength = dataStream.Length; 
18.          Stream newStream = webRequest.GetRequestStream(); 
19.          // Send the data. 
20.          newStream.Write(dataStream, 0, dataStream.Length); 
21.          newStream.Close(); 
22.          WebResponse webResponse = webRequest.GetResponse(); 
23.          String output = null; 
24.   
25.      using (Stream stream = webResponse.GetResponseStream()) 
26.      { 
27.      StreamReader reader = new StreamReader(stream, Encoding.UTF8); 
28.      output  = reader.ReadToEnd(); 
29.      } 
30.

Sample Request Code (PHP)

1.       $requestQueryArr = [ 
2.          "OriginalTransactionID" => 1440954863817, 
3.          "MerchantID" => "ANBRedirectM", 
4.          "MessageID" => "2", 
5.          "Version" => "1.0", 
6.          "SecureHash" => $secureHash, 
7.        ]; 
8.        //generate query string 
9.        $newRequestQuery = http_build_query($requestQueryArr); 
10.    
11.  //Send the request 
12.  $ch = curl_init("https://SR_URL"); 
13.  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); 
14.    
15.  //write parameters 
16.  curl_setopt($ch,CURLOPT_POST, true); 
17.  curl_setopt($ch,CURLOPT_POSTFIELDS, $newRequestQuery); 
18.

Other Sample Response Code (.Net /PHP)

Sample Response Code (.Net)

31.          //Output the response 
32.          Console.WriteLine(output); 
33.          // this string is formatted as a "Query String" - name=value&name2=value2....... 
34.          String outputString = output.ToString(); 
35.    
36.          // To read the output string you might want to split it 
37.          // on '&' to get pairs then on '=' to get name and value 
38.          // and for a better and ease on verifying secure hash you should put them in a SortedDictionary 
39.          SortedDictionary<string, string> result = new SortedDictionary<String, String>(StringComparer.Ordinal); 
40.          NameValueCollection qscoll = HttpUtility.ParseQueryString(output); 
41.          foreach (String kv in qscoll.AllKeys) 
42.          { 
43.              result.Add(kv, qscoll[kv]); 
44.          } 
45.    
46.          // Now that we have the sorted dictionary, order it to generate secure hash and compare it with the received one 
47.          StringBuilder responseOrderdString = new StringBuilder(); 
48.          responseOrderdString.Append(AUTHENTICATION_TOKEN); 
49.          foreach (KeyValuePair<string, string> kv in result) 
50.          { 
51.  if(!"Response.SecureHash".Equals(kv.Key)) 
52.     { 
53.       
54.      if("Response.StatusDescription".Equals(kv.Key) || "Response.GatewayStatusDescription".Equals(kv.Key))  
55.      { 
56.            responseOrderdString.Append(HttpUtility.UrlEncode(kv.Value, System.Text.Encoding.UTF8));     
57.          } 
58.        else 
59.        { 
60.            responseOrderdString.Append(kv.Value); 
61.        } 
62.     } 
63.          } 
64.          Console.WriteLine("Response Orderd String is " + responseOrderdString.ToString()); 
65.    
66.          // Generate SecureHash with SHA256 
67.          SHA256 sha256Generated; 
68.          byte[] bytesGenerated, hashGenerated; 
69.    
70.          bytesGenerated = Encoding.UTF8.GetBytes(responseOrderdString.ToString().ToString()); 
71.    
72.          sha256Generated = SHA256Managed.Create(); 
73.          hashGenerated = sha256.ComputeHash(bytesGenerated); 
74.          String generatedsecureHash = String.Empty; 
75.          foreach (byte x in hashGenerated) 
76.          { 
77.              generatedsecureHash += String.Format("{0:x2}", x); 
78.          } 
79.    
80.          // get the received secure hash from result SortedDictionary 
81.          String receivedSecurehash = result["Response.SecureHash"]; 
82.          if (generatedsecureHash.ToString() != receivedSecurehash) 
83.          { 
84.              //IF they are not equal then the response shall not be accepted 
85.              Console.WriteLine("Received Secure Hash does not Equal generated Secure hash"); 
86.          } 
87.          else 
88.          { 
89.              // Complete the Action get other parameters from result dictionary and do your processes 
90.              // Please refer to The Integration Manual to See The List of The Received Parameters 
91.              String status = result["Response.Status"]; 
92.              Console.WriteLine("Status is :" + status); 
93.          }

Sample Response Code (PHP)

19.  // Get the response 
20.  $output = curl_exec($ch); 
21.    
22.  // To read the output string you might want to split it 
23.  // on '&' to get pairs then on '=' to get name and value 
24.  // and for a better and ease on verifying secure hash using parse_str 
25.  $result = parse_url($output); 
26.  //sort result alphabatically 
27.  ksort($result); 
28.    
29.  // Now that we have the map, order it to generate secure hash and compare it with the received one 
30.  $responseOrderdString = $AUTHENTICATION_TOKEN; 
31.  foreach($result as $result_v){ 
32.          $responseOrderdString .= $result_v; 
33.  } 
34.    
35.  echo "Response Orderd String is " . $responseOrderdString; 
36.    
37.  $generatedsecureHash = hash('sha256',$responseOrderdString); 
38.    
39.  $receivedSecurehash = $result['Response.SecureHash']; 
40.    
41.  if($receivedSecurehash != $generatedsecureHash){ 
42.          echo "Received Secure Hash does not Equal generated Secure hash"; 
43.  }else{ 
44.          $status = $result["Response.Status"]; 
45.          echo "Status is :". $status; 
46.  }

What's Next

Refund

Table of contents

Request Parameters
Sample Request Code (Java)
Response Parameters
Sample Response Code (Java)
Other Sample Request Code (.Net /PHP)
Other Sample Response Code (.Net /PHP)