Anti-fraud system rejected transaction

Xsolla Developers

Anti-fraud system rejected transactionWebhook POST

When a transaction is declined during an Anti-fraud system check, Xsolla sends transaction details in the webhook with the afs_reject type to the webhook URL. To receive this webhook, contact your Customer Success Manager or email csm@xsolla.com.

When you save the webhook URL in Publisher Account, you can give permissions to receive detailed information in webhooks. To do that, set the following toggle to active in Publisher Account in the Project settings > Webhooks > Advanced settings section.

Note

If you registered in Publisher Account on or before January 22, 2025, you can find the toggles in the Project settings > Webhooks > Testing > Payments > Advanced settings section.

Toggle Description

Show info about transactions via saved payment methods

Toggle	Description
Show info about transactions via saved payment methods	Information is passed in the following custom parameters of the webhook: `saved_payment_method`: `0` — the saved payment method was not used `1` — the payment method was saved when making the current payment `2` — the previously saved payment method is used `payment_type`: `1` — one-time payment `2` — recurring payment

Information is passed in the following custom parameters of the webhook:

saved_payment_method:
- 0 — the saved payment method was not used
- 1 — the payment method was saved when making the current payment
- 2 — the previously saved payment method is used
payment_type:
- 1 — one-time payment
- 2 — recurring payment

Request

Request Body schema: application/json

notification_type

required

string

Notification type.

required

object

Transaction details (object).

id	integer Transaction ID.
external_id	string Transaction external ID.
dry_run	integer Test transaction. The parameter has the 1 value if it is a test transaction, or is not sent if the transaction is real.
agreement	integer Agreement ID.

object

Custom project settings (object).

project_id	integer Project ID. You can find this parameter in your Publisher Account next to the name of the project.
merchant_id	integer Merchant ID.

object

User details (object).

id required	string User ID.
ip	string User IP.
phone	string User phone.
email	string User email.
name	string Username.
country	string User’s country. Two-letter uppercase ISO 3166-1 alpha-2 country code.
zip	string User’s ZIP or postal code.

object

Refund details (object).

code	integer Code ID.
reason	string Refund reason.
author	string Refund initiator.

Responses

204

Return to indicate successful processing.

400

Return in case of an error in the provided information (e.g., a required parameter missing, failed authorization, etc.).

500

Return to indicate temporary errors with your servers.

Request samples

CURL
PHP
HTTP

curl -v 'https://your.hostname/your/uri' \
-X POST \
-d '{
  "notification_type": "afs_reject",
  "settings": {
    "project_id": 18404,
    "merchant_id": 2340
  },
  "user": {
    "ip": "127.0.0.1",
    "phone": "18777976552",
    "email": "email@example.com",
    "id": "1234567",
    "name": "John Smith",
    "country": "US"
  },
  "transaction": {
    "id": 1,
    "external_id": 1,
    "dry_run": 1,
    "agreement": 1
  },
  "refund_details": {
    "code": 4,
    "reason": "Potential fraud"
  }
}'

Response samples

application/json

{"error": {"code": "INVALID_USER",
"message": "Invalid user"
}
}