QuickStream REST API Reference

The QuickStream REST API is RESTful. The API authorisation framework is HTTP Basic Auth. You send JSON formatted requests and the API returns JSON formatted responses. Because the REST API is based on open standards, you can use any web development language to access the API.

Access depends on the enabled capabilities of your QuickStream facility.

QuickStream supports other ways to interface with your software:

  • Batch Payments - Process payments by sending credit card/bank account details or tokens from your system in a batch file.
  • Credit Card API - Process payments by sending credit card or tokens from your system in a API request.
  • Hosted Payments - Process one-time, recurring or invoice payments by handing-off your customers to fully-branded Westpac hosted pages. Minimise your PCI-DSS compliance costs by not processing or storing credit card details on your server.

Getting Started

Read next:

Base URL

Use the QuickStream REST APIs in these environments:

Environment Description URL
Support This is the Test environment. Use your test API keys to make calls to the test URIs. https://api.quickstream.support.qvalent.com/rest/v1
Production This is the Live environment. Use your production API keys to make calls to the live URIs. https://api.quickstream.westpac.com.au/rest/v1

Versioning

The current version of the API is v1.

Our change log outlines changes between various API versions to help our merchants better integrate with our API service.

If we make any backwards incompatible changes we will release a new major version of the API.

Resources

The following changes will not result in a new API version:

  • Adding new resources.
  • Supporting new HTTP verbs.
  • Changing the length or format of IDs. You can assume IDs we generate will not exceed 255 characters. You should be able to handle IDs of up to 255 characters.
  • Adding new optional request parameters.
  • Adding new properties in responses.
  • Changing the order of properties in requests and responses.
  • Changing wording of error message designed to be displayed to users.
  • Improved error reporting when an invalid request is received.
  • Appending new fields to, or re-purposing filler fields in transaction reports.

Your software must be written to handle these types of changes.

JavaScript

The following changes to quickstream-api.js will not result in a new API version:

  • Changing resources used internally by quickstream-api.js.
  • Adding new properties to objects passed to callback functions.
  • Adding new optional properties to quickstream-api.js functions you call.
  • Modifying messages posted between quickstream-api.js and an iframe hosted by us.

Write your software based on the documented API.

Security

The following changes will not result in a new API version:

  • adding or removing TLS ciphers
  • changing supported TLS versions
  • changing the QuickStream server SSL certificate or which certificate authority signs this certificate
  • other changes made to improve security

If you believe we have made a backwards-incompatible change, please report a defect.

Credentials and Security

Authentication and Headers

Authentication to the API is via HTTP Basic Auth. All API requests must be made over HTTPS.

For example:

GET /services/quickstream/rest/v1 HTTP/1.1
Host: api.quickstream.westpac.com.au
Authorization: Basic cXZ0ZXN0YXBpa2V5Og==
Accept: application/json
Request header Description
Authorization When you access a resource you must use your Secret API key or your Publishable API key. You must send an API key as the Basic Authentication username. Leave the password blank.
Accept Set to application-json. Required.
Idempotency-Key Contains a unique ID that you generate for enforcing idempotency. Omitting this header increases the risk of duplicate transactions. See Idempotent Requests.

API Credentials

You must provide these values to access the API:

  • Secret API Key: allows you to process payments and provides full access to the API.
  • Publishable API Key: can be used in mobile applications and web pages and has limited access.

To get these values:

  1. Sign-in to QuickStream Portal in the test or production environment.
  2. To get an API key, navigate to Administration -> Facility Settings -> REST API Keys.

Secret API keys expire after 2 years and then you must use a new key. You can automate secret API key renewal.

Each resource in this API requires either your Secret API Key or Publishable API Key. No resources accept both keys.

Sending an invalid API key returns a 401 Unauthorized HTTP status code.

Sending a valid API key, but the wrong type of key for the resource returns a 403 Forbidden HTTP status code.

To test authentication, send a GET to the base URL.

Transport Layer Security

You must secure your connection using Transport Layer Security (TLS) 1.2 over HTTPS. All JavaScript is served over TLS, preventing man-in-the-middle attacks.

Cross-site Scripting

Trusted Frame is secure against cross site scripting. We follow OWASP secure coding practices and are a fully PCI compliant service provider. However, you are responsible for the security of your page that loads the Trusted Frame or Custom Form. This includes following OWASP secure coding practices and preventing cross-site scripting.

DDOS Protection

This API has Distributed Denial-of-Service (DDOS) protection. DDOS protection is used to prevent malicious users using all the available resources.

Browser Compatibility

With Trusted Frame and Custom Form we endeavour to support all recent versions of major internet browsers. To provide the best and most secure customer experience, we do not support browsers that are no longer receiving security updates and represent a small minority of traffic.

Trusted Frame and Custom Form support the following browsers:

Our Technical Support Team responds to bug reports but we do not proactively test other browsers. If you find an issue with Trusted Frame or Custom Form on a specific browser, please let us know.

PCI Compliance

QuickStream securely stores and processes card data for you. QuickStream is hosted and maintained by Qvalent Pty Ltd, a wholly owned subsidiary of Westpac Banking Corporation. Qvalent is a Level 1 PCI DSS Compliant Service Provider.

Read more about PCI Compliance.

HTTP Verbs

The standard HTTP verbs used are:

Verb Purpose
GET Read a resource
PUT Create or replace a resource when URL is known
POST Create a resource when URL is not known
PATCH Update details of a resource
DELETE Delete a resource

Idempotent Requests

You should set a unique value for the Idempotency-Key header on POST requests. Use a UUID for your idempotency key.

For example

POST /services/quickstream/rest/v1/transactions HTTP/1.1
Host: api.quickstream.westpac.com.au
Idempotency-Key:: a1b22c16-4870-428c-a199-6203cbec7290
Authorization: Basic cXZ0ZXN0YXBpa2V5Og==
Accept: application/json

This allows you to retry requests after a network failure without accidental duplication. If you get a network error or timeout, you should resend the request with the same Idempotency-Key.

If you resend a POST request with the same value for the Idempotency-Key, you will get the original response. If the server is still processing the original POST, you will receive 429 Too Many Requests.

When identifying whether a previous response should be returned we will ignore all aspects of the incoming request apart from the Idempotency-Key. For example, a request to a different endpoint will still result in the response from the original request being returned.

Idempotency keys expire after 22 hours. The maximum length is 60 ASCII characters.

HATEOAS and Pagination

If available, each response from the API includes an array of contextual HATEOAS links. You can follow links returned in responses to related resources.

Open help URLs in your browser to access developer help (usually this reference).

Resources which return lists use a standard structure:

  • The data JSON property holds up to 20 items.
  • More results can be found by following next and prev links.

See Links for the response body.

The response body contains links in most responses generated by this API.

For example:

{
    "rel": "",
    "href": "",
    "requestMethod": ""
}
Field Format Data
rel string The relationship to the resource. Open help URLs in a browser to view this developer reference. next and prev are used for paginated resources.
href string URL of a related document or resource.
requestMethod string HTTP Verb

Filtering

You can use query parameters to filter the responses to some GET requests.

For example, the Recent Transaction Search returns transactions processed against any business. To view recent transactions for a single business provide the supplierBusinessCode query parameter.

For example

GET /services/quickstream/rest/v1/transactions?supplierBusinessCode=MYSUPPLIER HTTP/1.1
Host: api.quickstream.westpac.com.au
Authorization: Basic cXZ0ZXN0YXBpa2V5Og==
Accept: application/json

Dates

Dates are requested and returned as a string in the following formats:

Reference Format Description
date YYYY-MM-DD For dates with no time component, use the ISO-8601 short date format. An example is the settlement date, which groups together transactions which are part of the same logical banking day.
date-time YYYY-MM-DDTHH:mm:ssZ For dates with a time component, use the ISO-8601 extended format.
date-month YYYY-MM For dates with no day component, use the ISO-8601 year and month format. This format is used to filter large result sets by month and year.

Credit card expiry dates are an exception to the above formats. A credit card expiry month is treated as a two digit string. A credit card expiry year is treated as a two digit string. This matches what is printed on credit cards.

For example:

{
    "settlementDate": "2022-01-02",
    "month": "2022-01",
    "transactionDateTime": "2022-01-02T03:48:40+00:00",
    "expiryDateMonth": "01",
    "expiryDateYear": "22"
}

Money

Money Request

Provide monetary amounts in requests as numeric values to two decimal places.

For example:

{
    "transactionAmount": 1005.25
}

Money Response

This API returns monetary amounts in responses with the following response body.

Field Format Data
currency string ISO 4217 currency code.
amount decimal Monetary amount to two decimal places.
displayAmount string A customer friendly amount you can display to your customers.

For example:

{
    "transactionSuccessAmount": {
        "currency" : "AUD",
        "amount": 1005.25,
        "displayAmount": "$1,005.25"
    }
}

Money Response with Surcharge

Some monetary amounts returned in responses will have extra information about any surcharges included in the total amount.

Field Format Data
principalAmount As above The amount of the payment before any surcharge is added.
surchargeAmount As above Amount of surcharge. See List accepted cards.
totalAmount As above Total amount of transaction. Principal amount plus surcharge.

For example:

{
    "instalmentAmount": {
        "principalAmount": {
            "currency": "AUD",
            "amount": 992.10,
            "displayAmount": "$992.10"
        },
        "surchargeAmount": {
            "currency": "AUD",
            "amount": 24.80,
            "displayAmount": "$24.80"
        },
        "totalAmount": {
            "currency" : "AUD",
            "amount": 1016.90,
            "displayAmount": "$1,016.90"
        }
    }
}

Resource Summary

This API reference is organised by resource type. Each resource type has one or more data models and one or more methods.

Root

For Root Resource details, see Root API.

Action HTTP request Description
Get GET / Gets information about your facility. Use to test your network connectivity and API credentials are working correctly.

API Keys

For API Keys Resource details, see API Keys API.

Action HTTP request Description
Get latest GET /api-keys/latest Get your latest Secret API Key and automate your secret key renewal code.

Businesses

For Businesses Resource details, see Businesses API.

Action HTTP request Description
Get GET /businesses/{supplierBusinessCode} Get the details of a business.
List GET /businesses List the businesses in your facility.
List accepted cards GET /businesses/{supplierBusinessCode}/accepted-cards List the accepted card schemes.
List card surcharges GET /businesses/{supplierBusinessCode}/card-surcharges List the accepted credit card schemes, types and surcharge rates for a business.
Query card surcharge POST /businesses/{supplierBusinessCode}/query-card-surcharge Find the surcharge information for a card number.

Single-Use-Tokens

For Single-Use-Tokens Resource details, see Single-Use-Tokens API.

Action HTTP request Description
Generate token POST /single-use-tokens Generate a single-use-token for credit card or bank account details.

Transactions

For Transaction Resource details, see Transactions API.

Action HTTP request Description
Get details GET /transactions/{receiptNumber} Get the transaction details.
List GET /transactions List your 20 most recent transactions.
List by reference GET /transactions/for-reference-number List transactions by reference.
List by settlement date GET /transactions/for-settlement-date List transactions by settlement date.
List by account token GET /transactions/for-account-token/{accountToken} List transactions by account token.
List by credit card GET /transactions/for-credit-card List transactions by credit card.
List by bank account GET /transactions/for-bank-account List transactions by bank account.
List suspended GET /transactions/suspended List transactions suspended by Fraud Guard.
List refunds of a transaction GET /transactions/{receiptNumber}/refunds List refunds of a transaction.
List retries of a transaction GET /transactions/{receiptNumber}/retries List retries of a transaction.
Take payment POST /transactions Take a credit card or bank account payment.
Void transaction POST /transactions/{receiptNumber}/void Void a payment.
Refund payment POST /transactions Refund a payment.
Pre-authorisation POST /transactions Take a credit card or bank account payment.
Capture pre-authorisation POST /transactions Capture a pre-authorisation.
Account verification POST /transactions Verify a Visa or Mastercard account.

Customers

For Customers Resource details, see Customers API.

Action HTTP request Description
Get GET /customers/{customerId} Get the details of a customer.
Search GET /customers Search all customers.
Create POST /customers Create a new customer.
Update PUT /customers/{customerId} Update a customer.
Update customer status PATCH /customers/{customerId} Enable or disable a customer.
List accounts GET /customers/{customerId}/accounts List the accounts registered for a customer.
Register account POST /customers/{customerId}/accounts Register a new account for a customer.
List recurring payments GET /customers/{customerId}/recurring-payments Lists recurring payments for a customer.
Create recurring payment POST /customers/{customerId}/recurring-payments Create a recurring payment for a customer.
List payment history GET /customers/{customerId}/transactions List the payment history for a customer.

Accounts

For Accounts Resource details, see Accounts API.

Action HTTP request Description
Get GET /accounts/{accountToken} Get the details of an account.
Update PATCH /accounts/{accountToken} Update the account holder name or expiry date of an account.
Disable DELETE /accounts/{accountToken} Disable an account.

Recurring Payments

For Recurring Payments Resource details, see Recurring Payments API.

Action HTTP request Description
Get GET /recurring-payments/{paymentScheduleId} Get the details of a recurring payment.
Update PUT /recurring-payments/{paymentScheduleId} Update a recurring payment.
Stop PATCH /recurring-payments/{paymentScheduleId} Stop a recurring payment.
List payment history GET /recurring-payments/{paymentScheduleId}/transactions List the payment history for a recurring payment.

Credit Cards

For Credit Cards Resource details, see Credit Cards API.

Action HTTP request Description
Get card scheme GET /credit-cards/card-schemes/{cardBIN} Get the card scheme from a credit card BIN.

Payment Files

For Payment Files Resource details, see Payment Files API.

Action HTTP request Description
Upload payment file POST /payment-files Payment files contain transactions that you want QuickStream to process.
Get payment file GET /payment-files/{paymentFileId} Get the details of a payment file.
List payment files GET /payment-files List the previous 365 days of payment files.
List payment file errors GET /payment-files/{paymentFileId}/errors Use this resource to list the errors in a payment file.
Get payment batch GET /payment-batches/{paymentBatchId} Get the details of a payment batch.
List payment batches GET /payment-files/{paymentFileId}/payment-batches A payment file contains one or more payment batches.
List payment batch transactions GET /payment-batches/{paymentBatchId}/transactions Use this resource to list the transactions in a payment batch.
Download Flat file report GET /payment-files/{paymentFileId}/csv Use this resource if your software is compatible with the CSV report format.
Download CSV report GET /payment-files/{paymentFileId}/flat-file Use this resource if your software is compatible with the Flat File report format.
Download Westpac MTS Rejects report GET /payment-files/{paymentFileId}/mts-rejects Use this resource if your software is compatible with the Westpac MTS Rejects report format.

QuickStream-API.js

QuickStream-API.js is a JavaScript library containing helper functions for collecting credit card and bank account details, validating these details and obtaining a single-use-token without any sensitive details ever touching your servers. All sensitive data is sent directly from the customer’s browser to our QuickStream servers.

Use QuickStream-API.js to build:

  • Custom credit card or bank account forms using Custom Form.
  • Customisable credit card or bank account forms inside an iframe using Trusted Frame.

View the full QuickStream-API.js JavaScript SDK reference.

Custom Form

Use Custom Form to seamlessly integrate credit card or bank account forms directly onto your website.

Custom Form does not use an iframe, and so it gives you full control over the look and feel of your payment flow. If you need faster and easier integration, try Trusted Frame.

View the full QuickStream-API.js JavaScript SDK reference and follow the tutorials.

Trusted Frame

Use Trusted Frame to quickly and easily “drop-in” credit card or bank account forms onto your website.

With Trusted Frame, we host the form inside an iframe, and there are lots of options to customise its look-and-feel. You get to fully customise Trusted Frame when your page loads, and on events as your customers fill out your own forms. If you’d like even more control, try Custom Form.

View the full QuickStream-API.js JavaScript SDK reference and follow the tutorials.

Errors

Error Handling

If you receive one of these responses, wait 20 seconds and then resend the request with the same Idempotency-Key:

  • 429 Too Many Requests
  • 503 Service Unavailable
  • A transient network error, such as a time-out or closed socket

If you receive a 422 Unprocessable Entity you may display the error message to your user and allow them to correct the data.

If you receive any other response code, you should log the response code and response body.

See HTTP Status Codes.

Error Responses

The response body for all HTTP errors includes additional error details.

For example:

{
    "links": [],
    "status": "",
    "requestMethod": "",
    "requestUrl": "",
    "customerMessage": "",
    "developerMessage": "",
    "errors": []
}
Field Format Data
links Array of Links One or more links related to the error.
status string HTTP status code.
requestMethod string HTTP method used in the request that resulted in this error.
requestUrl string URL used in the request that resulted in this error.
customerMessage string A user friendly message you can display to your customers.
developerMessage string A developer friendly message that may provide more information.
errors Array of Field Errors (optional) A list of validation errors that may be applicable to the response.

Field Errors

The response body includes field-level validation errors.

For example:

{
    "messages": [],
    "fieldName": "",
    "fieldValue": ""
}
Field Format Data
messages Array of string An error message you can display to your customers. Do not rely on error messages as we may change them without notice.
fieldName string The name of the field in the request that resulted in this error.
fieldValue string The value of the field provided in the request that resulted in this error.

HTTP Status Codes

QuickStream REST API returns standard HTTP status codes for successful and error responses.

Status Code Description More information
200 OK The request has succeeded.
201 CREATED The server has created the resource you requested. If you created a transaction, you must use the status field to determine if the transaction was approved. The Location header points to the new resource.
202 ACCEPTED The request has been accepted for processing, but the processing has not completed.

For transactions, this response code is returned if the banking network is slow to respond when processing a transaction. The status of the transaction will be pending. To find out if a transaction is approved or declined, send a request to get transaction details.
204 NO CONTENT Response to a successful request that won’t be returning a body. This response code is returned for DELETE requests.
400 BAD REQUEST The request could not be understood by the server due to malformed syntax.

This response code is returned if the Idempotency-Key header is too long. This response code is returned if you send query parameters on a PUT, POST or PATCH request.
401 UNAUTHORIZED View more.
403 FORBIDDEN View more.
404 NOT FOUND The server has not found anything matching the Request-URI. The response body may contain more information.
405 METHOD NOT ALLOWED A request was made of a resource using a request method not supported by that resource. For example, you sent a POST to a resource that only allows GET. Refer to the documentation of the resource for supported methods.
406 NOT ACCEPTABLE The server can not send the representation requested by the client. For example, the accept header provided was not application/json.
407 PROXY AUTHENTICATION REQUIRED This error is returned by your proxy server, not QuickStream. You need to configure a proxy username and password in order to access the internet.
409 CONFLICT The server can not process the request as it has conflicted with another request. For example, this occurs if you attempt to create two customers with the same customer number simultaneously. See Idempotent Requests.
415 UNSUPPORTED_MEDIA_TYPE The server can not process the content type which was provided. The content type header provided was not application/json.
422 UNPROCESSABLE ENTITY View more.
429 TOO MANY REQUESTS View more.
500 INTERNAL SERVER ERROR View more.
501 NOT IMPLEMENTED The server does not recognize the request method. Use one of the standard HTTP verbs.
503 SERVICE UNAVAILABLE View more.

401 Unauthorized

The server can not authenticate the details in the Authorization header. The response body contains more specific information.

This indicates that you have not passed a valid API key, the key has expired, or the Authorization header is not formatted correctly. Correctly formatted requests include a header like this:

Authorization: Basic cXZ0ZXN0YXBpa2V5Og==

The letters after Basic are the base-64 encoded representation of your API key.

See Authentication and Headers.

403 Forbidden

A valid API key was provided, but it does not have access to the requested resource.

Incorrect API Key

Check if you have provided your publishable API key when you should have provided your secret API key. Refer to the documentation of the resource for supported API keys.

See API Credentials for information on API keys.

Facility setup incomplete

Your facility configuration is not completed. Contact your Westpac representative.

Facility is not live

Your facility is not live in the Production environment. This error is not returned in the Support (test) environment. Contact your Westpac representative.

422 Unprocessable Entity

The server can not process the content of the request. The response body indicates which parameters are in error. You may display the error messages to users.

You should resend the request with corrected parameters.

Payment method required

The requested payment method is not accepted by your facility. For example, you tried to make a bank account payment when your facility is not set up to accept bank account payments.

429 Too Many Requests

When a request is rejected due to rate limiting you have sent too many requests in a given amount of time. If you send more than 10 simultaneous requests, you may receive this response code.

If you resend a POST with an Idempotency-Key before the server has processed the original request, you will receive this response code. You should wait for 20 seconds and resend the request with the same Idempotency-Key. See Idempotent Requests.

Token Quota Exceeded

A quota of 1000 unused single-use-tokens applies per facility and per IP address. Immediately after obtaining a single-use-token, you should use it.

If you exceed the quota, it is likely that you are creating tokens and not using them. Tokens expire after 10 minutes. After they expire, you can create more.

500 Internal Server Error

The server encountered an unexpected condition which prevented it from fulfilling the request.

You should not resend the request. The server may have completed some of the request processing. Contact QuickStream Technical Support. Provide the following information:

  • the QuickStream community code for your facility,
  • the method you sent in the request (e.g. GET, POST),
  • the URL you sent in the request,
  • the date/time of the request,
  • the response body returned by the server (if any).

503 Service Unavailable

The server is currently unable to handle the request due to a temporary overloading or maintenance of the server.

If you continue to experience problems, contact QuickStream Technical Support. Provide the following information:

  • the QuickStream community code for your facility,
  • the method you sent in the request (e.g. GET, POST),
  • the URL you sent in the request,
  • the date/time of the request,
  • the response body returned by the server (if any).

Tutorials

Explore the API using Postman

Postman is a HTTP client for testing RESTful web services. Use Postman when you wish to explore the QuickStream REST API.

Step 1: Install Postman

  1. Install Postman for Windows/MacOS/Linux.

Step 2: Use API key for Basic Auth

  1. Start Postman.
  2. Click the Authorization tab.
  3. Select Basic Auth from the menu.
  4. Enter your Publishable API key into the Username field.
  5. Press Update request

Shows the Postman Authorization tab with the API key entered into the Username field

Step 3: Explore the API from the Root resource

  1. In Postman’s URL bar, select GET.
  2. Enter the URL https://api.quickstream.westpac.com.au/rest/v1.
  3. Press Send.
  4. Click links in the response to open them in a new tab in Postman. Use Postman to send requests to these resources.

Step 4: Sending content in the body

  1. Click on the Body tab, and choose the “raw” radio option, then change the dropdown from “Text” to “JSON (application/json)”.
  2. Enter the JSON data for the request.

QuickStream-API.js Tutorials

Displaying card scheme logos

Using QuickStream-API.js you can display card scheme logos based on the setup of your QuickStream facility.

To do this:

For example

QuickstreamAPI.init( {
    publishableApiKey: "PUBLISHABLE_API_KEY"
} );
QuickstreamAPI.creditCards.getAcceptedCards( "SUPPLIER_BUSINESS_CODE", function( errors, data ) {
    if( !errors ) {
        data.forEach( function( acceptedCard ) {
            switch ( acceptedCard.cardScheme ) {
                case "VISA" :
                    // Show the card scheme logo
                    break;
                case "MASTERCARD" : break;
                case "AMEX" : break;
                case "DINERS" : break;
                case "JCB" : break;
                case "UNIONPAY" : break;
            }
        } );
    }
} );

You can download and use the latest card scheme logos below. Do not link to a logo URL directly as they may change.

Card Scheme Logo Code
Visa Logo VISA
Mastercard Logo MASTERCARD
American Express Logo AMEX
Diners Club Logo DINERS
Union Pay Logo UNIONPAY

Validating credit card fields

Using QuickStream-API.js you can validate credit card fields.

To do this:

For example

QuickstreamAPI.init( {
    publishableApiKey: "PUBLISHABLE_API_KEY"
} );

// retrieve the card type from the credit card BIN.
QuickstreamAPI.creditCards.getCardScheme( form, function( errors, data ) {
    if( !errors ) {
        switch( data ) {
            case "VISA" : break;
            case "MASTERCARD" : break;
            case "AMEX" : break;
            case "DINERS" : break;
            case "UNIONPAY" : break;
        }
    } 
} );

// validate the card number entered
QuickstreamAPI.creditCards.validateCardNumber( form, function( errors, data ) {
    if( !errors && data.isValid ) {
       // card number is valid
    }
} );

// validate the expiry date
QuickstreamAPI.creditCards.validateExpiryDate( form, function( errors, data ) {
    if ( !errors ) {
        // expiry date is valid
    } else {
        errors.forEach( error ) {
            if( error.fieldName == "expiryDateMonth" ) {
                // handle month error
            } else if ( error.fieldName == "expiryDateYear" ) {
                // handle year error
            }
        }
    }
} );

// validate the CVN
QuickstreamAPI.creditCards.validateCvn( form, function( errors, data ) {
    if ( !errors ) {
        // CVN is valid
    }
} );

Handling service outage

If QuickStream-API.js cannot be retrieved (such as during a service outage), handle it by checking if window.QuickstreamAPI exists.

For example

if( window.QuickstreamAPI ) {
    QuickstreamAPI.init( {
        publishableApiKey: "PUBLISHABLE_API_KEY"
    } );
    ...
} else {
    // handle error
    document.forms[0].innerHTML = '<div class="alert">This service is unavailable. Please check back shortly.</div>';
}

Use curl to check network

For your software to work, your server must be able to connect to QuickStream. Follow these details to determine if there is a problem with your network or your software.

Step 1: Download and Install curl

Download and install the curl client for your platform from http://curl.haxx.se/download.html. Be sure to download the correct distribution for your server’s operating system. You must download a version that includes SSL support.

If you are using Windows, we recommend that you download the binary distribution listed under the heading Win32 - Generic labelled Win32 2000/XP, binary and SSL and maintained by Gunter Knauf. This document does not provide a direct link because you should always download the latest version.

Step 2: Get the Root resource for the API

To test if your server can connect to QuickStream:

curl -i --basic --user "{publishableApiKey}:" {baseURL}

Replace {publishableApiKey} with your Publishable API Key. Replace {baseURL} with the Base URL for the environment you’re working in.

Troubleshooting

HTTP status codes other than 200

See: HTTP Status Codes.

curl: (60) SSL Certificate Problem: Unable to get local issuer certificate

Your server does not trust the server TLS certificate presented by QuickStream. Typically this is due to an out-dated root CA certificate bundle on your server. Download and install an updated VeriSign Class 3 Primary CA - G5 root certificate for your server.

curl: (56) Received HTTP code 407 from proxy after connects

Your network has a proxy server. To test if your server can connect to QuickStream through the proxy server:

curl --proxy {proxyServer} --proxy-user {proxyUsernamePassword} -i --basic --user "{publishableApiKey}:" {baseURL}

Your software must connect to QuickStream through the proxy server.

curl: (6) Couldn’t resolve host ‘api.quickstream.westpac.com.au’ or 'api.quickstream.support.qvalent.com’

DNS resolution failed. You may need to authenticate with your proxy server.

Using curl to upload a payment file

Use this tutorial to upload a payment file. Complete the curl network connectivity tutorial first to ensure curl can connect to QuickStream.

Step 1: Generate a payment file

Your software must generate a file in one of the payment file formats. Each file must have a unique name.

In this tutorial, we assume the file is called example.csv.

Step 2: Save API key to file

  1. Enter the following into a text file:

    curl
    basic
    user={secretApiKey}:
    silent
    show-error
    fail
    
  2. Replace {secretApiKey} with your Secret API Key.

  3. Save the file as quickstream-curl-config.txt.

Step 3: Upload a payment file

To upload a payment file:

curl --config quickstream-curl-config.txt -F "file=@example.csv" {baseURL}/payment-files

Replace {baseURL} with the Base URL for the environment you’re working in.

Step 4: Improve your solution

You may now improve your solution by:

  • Logging errors
  • Automating the process by creating a scheduled task. Refer to your operating system’s documentation.
  • Polling the status of your file.
  • Downloading errors in your file and reporting them to staff.

Test Account Numbers

To help with the testing process we provide a list of account numbers for you to use.

Test Credit Cards

During the testing phase QuickStream will generate a response code based on the credit card number entered. The last 2 digits of the credit card number will map to a particular response code.

  • Any credit card number that ends with a value between 00-89 will result in an approved transaction.
  • Any credit card number that ends with a value between 90-99 will result in a declined transaction.

The table below lists the credit card numbers you can test with and the corresponding response codes are returned.

Visa Logo Visa Test Cards
Last 2 digits of card number Example card number Response code Summary code
00-89 4242424242424242
4111111111111111
4444333322221111
Debit Card: 4041370000456459
08 (Honour with identification) 0 (Transaction Approved)
90 4111111117444490 01 (Refer to card issuer) 1 (Transaction Declined)
91 4111111116444491 04 (Pick-up card) 1 (Transaction Declined)
92 4111111115444492 05 (Do not honour) 1 (Transaction Declined)
93 4111111114444493 91 (Issuer or switch is inoperative) 1 (Transaction Declined)
94 4111111113444494 54 (Expired card) 1 (Transaction Declined)
95 4111111112444495 42 (No universal account) 1 (Transaction Declined)
96 4111111111444496 51 (Not sufficient funds) 1 (Transaction Declined)
97 4111111110444497
Debit Card: 4041370000011197
62 (Restricted card) 1 (Transaction Declined)
98 4111111119444498 43 (Stolen card, pick up) 1 (Transaction Declined)
99 4111111118444499 01 (Refer to card issuer) 1 (Transaction Declined)
Mastercard Logo Mastercard Test Cards
Last 2 digits of card number Example card number Response code Summary code
00-89 5163200000000008
5200000009915957
2224000000031118
Debit Cd. 5188680400000008
08 (Honour with identification) 0 (Transaction Approved)
90 5100000000404390 01 (Refer to card issuer) 1 (Transaction Declined)
91 2229000000002791 04 (Pick-up card) 1 (Transaction Declined)
92 5163200000000792 05 (Do not honour) 1 (Transaction Declined)
93 5500000000101893 91 (Issuer or switch is inoperative) 1 (Transaction Declined)
94 5400000000501994 54 (Expired card) 1 (Transaction Declined)
95 2300000000887995 42 (No universal account) 1 (Transaction Declined)
96 5100000000432896 51 (Not sufficient funds) 1 (Transaction Declined)
97 2710000000011897
Debit Card: 5188683000000097
62 (Restricted card) 1 (Transaction Declined)
98 5200000000022498 43 (Stolen card, pick up) 1 (Transaction Declined)
99 5200000000830999 01 (Refer to card issuer) 1 (Transaction Declined)
Amex Logo Amex Test Cards
Last 2 digits of card number Example card number Response code Summary code
00-89 340000000636513
370000000201048
08 (Honour with identification) 0 (Transaction Approved)
90 340000000075290 01 (Refer to card issuer) 1 (Transaction Declined)
91 370000000024291 04 (Pick-up card) 1 (Transaction Declined)
92 340000000067792 05 (Do not honour) 1 (Transaction Declined)
93 340000000070093 91 (Issuer or switch is inoperative) 1 (Transaction Declined)
94 370000000094294 54 (Expired card) 1 (Transaction Declined)
95 370000000093395 42 (No universal account) 1 (Transaction Declined)
96 340000000089796 51 (Not sufficient funds) 1 (Transaction Declined)
97 370000000092397 62 (Restricted card) 1 (Transaction Declined)
98 370000000064198 43 (Stolen card, pick up) 1 (Transaction Declined)
99 370000000079899 01 (Refer to card issuer) 1 (Transaction Declined)
Diners Logo Diners Test Cards
Last 2 digits of card number Example card number Response code Summary code
00-89 30000000056030
5200000009915957
39000000022686
08 (Honour with identification) 0 (Transaction Approved)
90 39000000000690 01 (Refer to card issuer) 1 (Transaction Declined)
91 38000000008991 04 (Pick-up card) 1 (Transaction Declined)
92 39000000003892 05 (Do not honour) 1 (Transaction Declined)
93 30000000008593 91 (Issuer or switch is inoperative) 1 (Transaction Declined)
94 36000000009694 54 (Expired card) 1 (Transaction Declined)
95 38000000004495 42 (No universal account) 1 (Transaction Declined)
96 39000000004296 51 (Not sufficient funds) 1 (Transaction Declined)
97 30000000006597 62 (Restricted card) 1 (Transaction Declined)
98 36000000003598 43 (Stolen card, pick up) 1 (Transaction Declined)
99 38000000003299 01 (Refer to card issuer) 1 (Transaction Declined)
JCB Logo JCB Test Cards
Example card number Expiry Date CVN Response code Summary code
3530000000000003 10/2025 573 00 (Approved or completed successfully) 0 (Transaction Approved)
3530000000000011 10/2025 573 05 (Do not honour) 1 (Transaction Declined)
UnionPay Logo UnionPay Test Cards
Example card number Expiry Date CVN Response code Summary code
6250947000000014 12/2033 123 08 (Honor with identification) 0 (Transaction Approved)

Test Bank Accounts

To help test your bank account solution QuickStream will generate response codes based on the BSB values. This will give you the ability to test a broad range of scenarios.

To test bank account payments use the BSBs provided in the table below. Each BSB will return a specific response code and summary code.

  • Rejected transactions (summary code ‘3’) represent errors that are identified early on by QuickStream and Westpac. For example, invalid BSB. These transactions will be stopped on day 1. They will not be passed to the customer’s bank for processing. They will not appear in the night time Payment Report (or morning Payment Report).
  • Declined transactions (summary code '1’) represent errors that are identified by the customer’s bank. These transactions are initially reported as approved in a Payment Report (because they pass Westpac’s high level error checks), but will later be declined in the morning Payment Report.

To test approved transactions use a BSB that is not included in the table below. We recommend using a non Westpac BSB such as 650-000.

BSB Example Account Number Response code Summary Code
032-050 111111 R (WBC Exception Processing Error) 3 (Transaction Rejected)
032-051 111110 1 (Invalid BSB Number) 1 (Transaction Declined)
032-052 111112 2 (Payment stopped) 1 (Transaction Declined)
032-053 111114 3 (Account Closed) 1 (Transaction Declined)
032-054 111116 4 (Customer Deceased) 1 (Transaction Declined)
032-055 111118 5 (No Account/Incorrect Account#) 1 (Transaction Declined)
032-056 222223 6 (Refer to Customer) 1 (Transaction Declined)
032-057 111111 7 (No form PDC held) 1 (Transaction Declined)
032-058 111113 8 (Invalid User ID Number) 1 (Transaction Declined)
032-059 111115 9 (Other) 1 (Transaction Declined)
032-999 999994 G (WBC Exception Processing released successfully) 0 (Transaction Successful)
032-002 123465 G (WBC Exception Processing released successfully) 0 (Transaction Successful)

Transaction Settlement

Credit card transaction settlement

Westpac credits your account the same day, except on weekends and national public holidays when the settlement is delayed until the next banking day. The amount credited is the total of approved transactions. Any direct debit or merchant service fees will be deducted as separate transactions per your service agreement.

American Express and Diners Club may credit your account a number of days later and may be a net amount (i.e. approved transactions less the merchant service fees), depending on your contract with them. Although Westpac facilitates the processing of the transaction, we do not control settlement for these schemes and therefore any queries should be made to American Express and Diners Club directly.

For reconciliation purposes, all successful transactions through a given acquirer that return the same settlement date will be credited together on the same day.

What are the credit card cut-off times?

The standard cut-off time for credit card payments is 18:00 (Australia/Sydney Time).

When are payments sent to the bank?

Generally, credit card transactions will be processed immediately. The settlement date will depend on the time of processing (whether they were processed before the current day’s cutoff time).

Bank account transaction settlement

Direct debit transactions work differently from credit card transactions in that there is no immediate response from your customer’s bank to indicate whether the transaction worked. Instead, the transaction is assumed to have worked unless it is later declined by the customer’s bank. The customer’s bank can decline the transaction for up to 3 banking days after the transaction was processed.

Your Direct Debit facility configuration will affect how successful and failed transactions are represented on your statement. For example, your account may be credited with the total amount of all direct debit transactions processed in one settlement day. Your account may also be debited with the amount of declined (or “returned”) direct debit transactions. If no transactions are returned, you will not receive a debit that day.

What are the Direct Debit cut-off times?

The standard cut-off time for Direct Debit payments is 16:00 (Australia/Sydney Time).

When are payments sent to the bank?

Generally, Direct Debit transactions performed before 16:00 (Australia/Sydney) will be submitted to the bank for processing at 16:00.

Response codes

These response codes have been presented for your reference and are derived from the message format defined in Australian Standard 2805.2 (1997).

It is highly unlikely that you will receive many of these response codes; as a general rule you should use the provided summary response code to determine whether a transaction is approved or declined. Valid response codes are of a two digit alphanumeric format.

If an unknown response code is returned please contact Westpac with the appropriate transaction details.

Please note that there are no response codes specific to card verification number mismatches. This is because no financial institutions within Australia currently return any such information if declining a transaction for security reasons. Response Codes are generally returned from the customer’s issuing bank.

Credit card transaction response codes

Successful credit card transactions will generally have a response code of 00 - Approved or completed successfully or 08 - Honour with Identification. Other statuses indicate a problem processing the transaction. If you receive a status code starting with ‘Q’ that you do not understand, you should contact your Client Enquiry Manager with the transaction details.

For non approved transaction statuses that do not start with 'Q’ the card holder will likely need to contact their issuing financial institution for more information about the rejected transaction.

When doing so you can recommend they:

  • provide the date and amount of the transaction.
  • request specific information regarding the transaction rejection.
Summary Code Description
0 Approved
1 Declined
2 Error
3 Rejected


Response Code Description Summary Code Soft Decline
00 Approved or completed successfully. More information 0
01 Refer to card issuer. More information 1 Yes
02 Refer to card issuers special conditions 1
03 Invalid merchant. More information 1
04 Pick-up card. More information 1
05 Do not honor. More information 1 Yes
06 Error 1
07 Pick-up card, special condition 1
08 Honor with identification. More information 0
09 Request in progress 1
10 Approved for partial amount 0
11 Approved VIP 0
12 Invalid transaction. More information 1
13 Invalid amount 1
14 Invalid card number (no such number). More information 1
15 No such issuer 1
16 Approved, update Track 3 0
17 Customer cancellation 1
18 Customer dispute 1
19 Re-enter transaction 1 Yes
20 Invalid response 1
21 No action taken 1
22 Suspected malfunction. More information 1 Yes
23 Unacceptable transaction fee 1
24 File update not supported by receiver 1
25 Unable to locate record on file 1
26 Duplicate file update record, old record replaced 1
27 File update field edit error 1
28 File update file locked out 1
29 File update not successful, contact acquirer 1
30 Format error 1
31 Bank not supported by switch 1
32 Completed partially 1
33 Expired card 1
34 Suspected fraud 1
35 Card acceptor contact acquirer 1
36 Restricted card 1
37 Card acceptor call acquirer security 1
38 Allowable PIN tries exceeded 1
39 No credit account 1
40 Request function not supported 1
41 Lost card 1
42 No universal account. More information 1
43 Stolen card, pick up 1
44 No investment account 1
45-50 Reserved for ISO use 1
51 Not sufficient funds 1 Yes
52 No cheque account 1
53 No savings account 1
54 Expired card. More information 1
55 Incorrect PIN 1
56 No card record 1
57 Transaction not permitted to cardholder 1
58 Transaction not permitted to terminal 1
59 Suspected fraud 1
60 Card acceptor contact acquirer 1
61 Exceeds withdrawal amount limits. More information 1 Yes
62 Restricted card 1
63 Security violation 1
64 Original amount incorrect 1
65 Exceeds withdrawal frequency limit 1 Yes
66 Card acceptor call acquirers security department 1
67 Hard capture (requires that card be picked up at ATM) 1
68 Response received too late 1 Yes
69-74 Reserved for ISO use 1
75 Allowable number of PIN tries exceeded 1 Yes
76-89 Reserved for private use 1
90 Cutoff is in process (Switch ending a day’s business and starting the next. The transaction can be sent again in a few minutes). 1 Yes
91 Issuer or switch is inoperative. More information 1 Yes
92 Financial institution or intermediate network facility cannot be found for routing 1 Yes
93 Transaction cannot be completed. Violation of law 1
94 Duplicate transmission 1 Yes
95 Reconcile error 1
96 System malfunction 1 Yes
97 Advises that reconciliation totals have been reset 1
98 MAC error 1
99 Reserved for national use 1
EA response text varies depending on reason for error 2
EG response text varies depending on reason for error 2
EM Error at the Merchant Server level 2
N1 Unknown Error (NZ Only) 1
N2 Bank Declined Transaction (NZ Only) 1
N No Reply from Bank (NZ Only) 1
N4 Expired Card (NZ Only) 1
N5 Insufficient Funds (NZ Only) 1
N6 Error Communicating with Bank (NZ Only) 1
N7 Payment Server System Error (NZ Only) 1
N8 Transaction Type Not Supported (NZ Only) 1
N9 Bank declined transaction (NZ Only) 1
NA Transaction aborted (NZ Only) 1
NC Transaction cancelled (NZ Only) 1
ND Deferred Transaction (NZ Only) 1
NF 3D Secure Authentication Failed (NZ Only) 1
NI Card Security Code Failed (NZ Only) 1
NL Transaction Locked (NZ Only) 1
NN Cardholder is not enrolled in 3D Secure (NZ Only) 1
NP Transaction is Pending (NZ Only) 2
NR Retry Limits Exceeded, Transaction Not Processed (NZ Only) 1
NT Address Verification Failed (NZ Only) 1
NU Card Security Code Failed (NZ Only) 1
NV Address Verification and Card Security Code Failed (NZ Only) 1
Q1 Unknown Buyer 1
Q2 Transaction Pending 2
Q3 Payment Gateway Connection Error. More information 3 Yes
Q4 Payment Gateway Unavailable 3 Yes
Q8 Error verifying 3D Secure enrolment 3
Q9 3D Secure authentication failed 3
QA Invalid parameters 3
QB Order type not currently supported 3
QC Invalid Order Type 3
QD Invalid Payment Amount - Payment amount less than minimum/exceeds maximum allowed limit 1
QE Internal Error 3
QF Transaction Failed 3 Yes
QG Unknown Customer Order Number 3
QH Unknown Customer Username 3
QI Transaction incomplete - contact Westpac to confirm reconciliation 2 Yes
QJ Incorrect Customer Password 3
QK Unknown Customer Merchant 3
QL Business Group not configured for customer 3
QM Payment Instrument not configured for customer 3
QN Configuration Error 1
QO Missing Payment Instrument 3
QP Missing Supplier Account 3
QQ Invalid Credit Card \ Invalid Credit Card Verification Number 1
QR Transaction Retry 2
QS Transaction Successful 0
QT Invalid currency 3
QU Unknown Customer IP Address 3
QV Invalid Capture Order Number specified for Refund, Refund amount exceeds capture amount, or Previous capture was not approved 1
QW Invalid Reference Number 1
QX Network Error has occurred 3 Yes
QY Card Type Not Accepted 1
QZ Zero value transaction 0
RA response text varies depending on reason for rejection 3
RG response text varies depending on reason for rejection 3
RM Rejected at the Merchant Server level 3
No Short for 'No Account’, this response code indicates the QuickVault account used for the transaction was not found. More information. 3

00 - Approved

This indicates that the transaction has been authorised.

What authorisation DOES mean:-

  • The card number is valid
  • The card has not been reported lost or stolen (although it may in fact be lost, stolen or compromised [card details improperly obtained or copied] and the card owner is unaware)
  • There are sufficient funds available to cover the transaction.

What authorisation DOES NOT mean:-

  • An authorisation does NOT confirm that the person providing the card number is the legitimate card holder. The risk remains that the person providing the credit card number has either stolen or improperly obtained the card.

01 - Refer to card issuer

This indicates an error or problem from the card issuer. The problem may be related to the card holder’s account. This response code is often a result of one of the following:-

  • Suspected Fraud
  • Insufficient Funds
  • Stolen Card
  • Expired Card
  • Invalid CVN
  • Any other rule imposed by the card issuer that causes a decline (e.g. daily limit exceeded, minimum monthly payment not made, duplicate transaction suspected, etc).

03 - Invalid merchant

This can indicate a problem with Westpac’s merchant configuration. This can also be returned for AMEX transactions when there is a problem with the setup at American Express. This code can be returned from an issuing bank if they don’t like the acquiring bank. An example of this would be someone trying to pay their speeding fine with an overseas credit card. The overseas issuing bank would return a 03, indicating that they wouldn’t allow the transaction over the internet for an Australian bank.

04 - Pickup Card.

This can mean the card has been reported as lost or stolen. The card holder should contact their issuing bank.

05 - Do not honour

This indicates an error or problem from the card issuer. The problem may be related to the card holder’s account. In general the reason for this response code may be any of the following:-

  • Suspected Fraud
  • Insufficient Funds
  • Stolen Card
  • Expired Card
  • Invalid CVN
  • Any other rule imposed by the card issuer that causes a decline (e.g. daily limit exceeded, minimum monthly payment not made, duplicate transaction suspected, etc).

08 - Honor with identification

This indicates that the transaction has been authorised.

What authorisation DOES mean:-

  • The card number is valid
  • The card has not been reported lost or stolen (although it may in fact be lost, stolen or compromised [card details improperly obtained or copied] and the card owner is unaware)
  • There are sufficient funds available to cover the transaction.

What authorisation DOES NOT mean:-

  • An authorisation does NOT confirm that the person providing the card number is the legitimate card holder. The risk remains that the person providing the credit card number has either stolen or improperly obtained the card.

12 - Invalid transaction

This code is often returned from the issuer when they do not accept the transaction. This can possibly be when a transaction for the same amount and merchant is attempted multiple times quickly for the same card. The card holder should contact their issuing bank.

14 - Invalid card number (no such number)

This code indicates that the card number does not exist. Also returned code if an AMEX card is used, but the merchant is not setup for AMEX cards.

22 - Suspected Malfunction

This code normally indicates that the card number was invalid.

42 - No Universal Account

This error is returned from some issuers when the credit account does not exist at the issuing bank. This situation is similar to the 14 response code.

54 - Expired Card

This error is returned when the credit card has expired. Check that the expiry date is correct, and attempt the transaction again. If the transaction still does not work, check with the card holder to see if they have a new card with a new expiry date.

61 - Exceeds withdrawal amount limits

This error is returned when the card holder does not have enough credit to pay the specified amount. Ask the card holder if they have another card to use for the payment.

91 - Issuer or switch is inoperative

This code is used to indicate that the next party in a credit card transaction timed out and the transaction has been reversed. This may happen between QuickStream and Westpac, or further down the chain. This response may also be returned for pre-authorisation transactions that are manually reversed.

92 - Financial institution or intermediate network facility cannot be found for routing

The card number is incorrect. The first 6 digits of the credit card number indicate which bank issued the card. These are used for routing credit card requests through the credit card network to the issuing bank. This error indicates that there is no bank that corresponds to the first 6 digits of the card number.

QI - Transaction incomplete

This status code indicates that a request message was sent to the QuickStream server but no response was received within the timeout period.

QQ - Invalid Card

The QQ error code indicates that the credit card details (card number, expiry date or CVN) are invalid. This could be because the card number does not meet check digit validation, an invalid expiry date was entered, or an invalid CVN was entered.

QY - Card Type not accepted

The QY error code indicates that the merchant is not enabled for the particular card scheme. This error code is normally returned for American Express and Diners Club cards, or when a UnionPay debit card is used. Only UnionPay credit cards are supported.

Q3 - Payment Gateway Unavailable

The downstream credit card gateway was unavailable. The credit card transaction was not attempted and the transaction record will not exist. When you receive this response code, the transaction will not exist in QuickStream.

No - No Account

The QuickVault account used for the transaction was not found or is not enabled. Please check that the QuickVault account exists and is enabled. You can do this in via QuickGateway or in QuickStream Portal.

Bank account transaction response codes

(aka Direct Entry Transaction Response Codes)

In all cases where the response code requires the account holder to contact their bank, it will help if they can provide a date and amount of the failed attempted transaction and specifically ask the bank why they returned that status for the attempted transaction. Otherwise the issuing bank staff may just check the available funds in the account.

Successful Direct Entry transactions will generally have a response code of G - WBC Exception Processing released successfully.

Summary Code Description
0 Approved
1 Declined
2 Processing
3 Rejected


Code Description Summary Code Soft Decline
Zero Zero 0
No Account No Account Registered 1
Duplicate Duplicate Transaction 1
New New 2
1 Invalid BSB Number 1
2 Payment stopped. More information 1
3 Account Closed. More information 1
4 Customer Deceased 1
5 No Account/Incorrect Account#. More information 1
6 Refer to Customer. More information 1 Yes
7 No form PDC held 1
8 Invalid User ID Number 1
9 Other. More information 1 Yes
Success Approved or completed successfully 0
R WBC Exception Processing Error - see description 3
G WBC Exception Processing released successfully. More information 0
C WBC Exception Processing - Cancelled 3
D WBC Exception Processing - Recalled 3
No Short for ‘No Account’, this response code indicates the QuickVault account used for the transaction was not found. More information. 3

2 - Payment Stopped

The account holder has requested that their bank stop any direct debit transactions. Contact the customer to determine an alternate payment mechanism, or if they wish to stop their service.

3 - Account Closed

The account holder has closed their account. Contact your customer to ask for new account details.

5 - No Account/Incorrect Account

Contact your customer to determine if the BSB and account number you have is correct. It may be useful for them to fax you the first page of their bank account statement so that you can check you have the correct BSB and account number.

6 - Refer to Customer

Contact your customer to determine if they have sufficient funds in their account, if the BSB and account number you have is correct, and if their account allows direct debit transactions.

9 - Other

The banks use this response code as they see fit. If you receive this response code for a customer and you have never had a successful debit for that customer, first check the BSB and account number. This could indicate one of the following:

  • Account does not allow Direct Debit
  • Incorrect Account Number
  • Insufficient Funds
  • Suspected Fraud
  • Any other rule imposed by the account holder’s bank that causes a decline (e.g. daily limit exceeded, duplicate transaction suspected, etc)

G - WBC Exception Processing released successfully

The transaction is being processed by Westpac. If the debit is from another bank, Westpac has sent the transaction to that bank. When a direct entry transaction is successful, it remains in this response code. When a transaction is declined and returned, the response will be set to a different response code.