Usage
ThreeDS.authenticatePayer(orderId, transactionId, callback, optionalParams)
Example
var optionalParams = {
fullScreenRedirect: true,
billing: {
address: {
city: "London",
country: "GBR"
}
}
};
ThreeDS.authenticatePayer("5678", "ABC", function (data) {
if (!data.error) {
//data.response will contain all the response payload from the AUTHENTICATE_PAYER call.
console.log("REST API response ", data.restApiResponse);
console.log("HTML redirect code ", data.htmlRedirectCode);
}
}, optionalParams);
Arguments
orderId
String
COMPULSORY
Order Id of the transaction
transactionId
String
COMPULSORY
Transaction Id of the transaction
callback
Function
COMPULSORY
The callback function
optionalParams
Object
OPTIONAL
Any additional REST API `request` params
fullScreenRedirect
Boolean
OPTIONAL
Indicates whether or not the user wants to automatically get redirected using htmlRedirectCode property provided by callback.
If fullScreenRedirect is set to 'false', content of htmlRedirectCode received from callback needs to be manually inserted into an empty <DIV> element, this being the last element in the <BODY> of your payment page.
If fullScreenRedirect is set to 'true' it will be handled automatically.
If user, in addition, provides device.browserDetails.3DSecureChallengeWindowSize property then in order to have automatic redirect value must be equal to 'FULL_SCREEN'.
Otherwise user will need to handle this manually despite fullScreenRedirect property being equal to 'true'.
JSON boolean values 'true' or 'false'.
authentication
OPTIONAL
Information about how the payer's identity is verified.
For example, using 3-D Secure authentication.
This parameter group include payer authentication options available to you,
parameters you need to perform payer authentication for an available method,
and the results of payer authentication.
authentication.3ds2
OPTIONAL
Information about payer authentication using 3-D Secure authentication version 2.
authentication.3ds2.sdk
OPTIONAL
Information provided by the 3-D Secure Software Development Kit (SDK)
that is used by an app on the payer's device to enable 3-D Secure
authentication of the payer to be performed in-app.
You must populate the fields in this parameter group when you
authenticate the payer in-app using 3-D Secure authentication version 2.
authentication.3ds2.sdk.appId
String
COMPULSORY
A unique identifier for the app on the payer's device.
The 3-D Secure SDK generates this identifier each time the app is installed or updated.
This field corresponds to EMVCo field sdkAppID
Data can consist of any characters
authentication.3ds2.sdk.encryptedData
String
COMPULSORY
Information about the payer's device collected and encrypted by the 3-D Secure SDK.
The data is a JSON Web Encryption (JWE) object in JSON format.
When using the REST/JSON gateway API, express this as a JSON string
(i.e. the embedded quotes will be escaped).
This field corresponds to EMVCo field sdkEncData
Data can consist of any characters
authentication.3ds2.sdk.ephemeralPublicKey
JSON Text
COMPULSORY
A public key generated by the 3-D Secure SDK.
This key is used to establish a secure session between the 3DS SDK and
the issuer's Access Control Server (ACS) when the payer is required to
be presented with an authentication challenge.
The key is a JSON Web Key (JWK) object in JSON format. When using the REST/JSON
gateway API, express this as a JSON string (i.e the embedded quotes will be escaped).
This field corresponds to EMVCo field sdkEphemPubKey
Data is valid Json Format
authentication.3ds2.sdk.interface
Enumeration
OPTIONAL
The User Interface (UI) formats that the payer's device supports.
These are the formats that can be used to render the screens presented to
the payer during an authentication challenge.
You only need to provide this value if you only support one of these formats.
This field corresponds to EMVCo data element sdkInterface in the field deviceRenderOptions.
Value must be a member of the following list. The values are case sensitive.
HTML
The device supports HTML format.
NATIVE
The device supports the UI format native to the payer's device.
authentication.3ds2.sdk.referenceNumber
String
COMPULSORY
An identifier of the vendor and version of the 3-D Secure SDK assigned by EMVCo.
This field corresponds to EMVCo field sdkReferenceNumber
Data can consist of any characters
authentication.3ds2.sdk.timeout
Integer
OPTIONAL
The duration (in seconds) available to the payer to authenticate.
Will default to 900 if not provided. Note:
The value will be rounded up to the nearest minute.
This field corresponds to EMVCo field sdkMaxTimeout
JSON number data type, restricted to being positive or zero.
In addition, the represented number may have no fractional part.
authentication.3ds2.sdk.transactionId
String
COMPULSORY
A unique identifier assigned by the 3-D Secure SDK for the transaction.
This field corresponds to EMVCo field sdkTransID
Data can consist of any characters
authentication.3ds2.sdk.uiType
Comma separated enumeration
OPTIONAL
Indicates the UI types which the SDK supports for displaying
authentication challenges within the app.
A comma separated list of the payer authentication methods that you will
accept for this payment.
You only need to provide this value if all of these values are not supported.
Note: OTHER_HTML is only supported when authentication.3ds2.sdk.interface
allows a HTML UI format.
This field corresponds to EMVCo data element sdkUiType in the field deviceRenderOptions.
Indicates the UI types which the SDK supports for displaying
authentication challenges within the app.
Value must be one or more comma separated members of the following list.
The values are case sensitive.
TEXT
The payer is asked to enter text into a field displayed
on the UI. For example, ask the payer to enter a
One Time Password sent to their registered mobile phone number.
SINGLE_SELECT
The payer is asked to select a single option from a number of
presented options. For example, ask the payer if they want a
One Time Password to be sent to either their email address or
mobile phone number registered with their issuer.
MULTI_SELECT
The payer is asked to select multiple options from a number of
presented options. For example, ask the payer to select valid responses to a question.
OUT_OF_BAND
The payer is presented with screens rendered by an out-of-band
service during an authentication challenge, For example,
the payer is asked to confirm the payment from their banking app.
OTHER_HTML
The payer is presented with an authentication challenge using other mechanisms
supported in HTML but not in the native UI format. For example, the payer is
asked to confirm an image presented on the screen.
billing
OPTIONAL
Details of the payer's billing address.
billing.address
OPTIONAL
The payer's billing address.
This data may be used to qualify for better interchange rates on corporate purchase card transactions.
billing.address.city
String
OPTIONAL
The city portion of the address.
Data can consist of any characters
billing.address.company
String
OPTIONAL
The name of the company associated with this address.
Data can consist of any characters
billing.address.country
Upper case alphabetic text
OPTIONAL
The 3 letter ISO standard alpha country code of the address.
Data must consist of the characters A-Z
billing.address.postcodeZip
Alphanumeric + additional characters
OPTIONAL
The post code or zip code of the address.
Data may consist of the characters 0-9, a-z, A-Z, ' ', '-'
billing.address.stateProvince
String
OPTIONAL
The state or province of the address.
Data can consist of any characters
billing.address.street
String
OPTIONAL
The first line of the address.
For example, this may be the street name and number, or the Post Office Box details.
Data can consist of any characters
billing.address.street2
String
OPTIONAL
The second line of the address (if provided).
Data can consist of any characters
correlationId
String
OPTIONAL
A transient identifier for the request, that can be used to match the response to the request.
The value provided is not validated, does not persist in the gateway, and is returned as provided in the response to the request.
Data can consist of any characters
device
OPTIONAL
Information about the device used by the payer for this transaction.
device.browser
String
OPTIONAL
The User-Agent header of the browser the customer used to place the order.
For example, MOZILLA/4.0 (COMPATIBLE; MSIE 5.0; WINDOWS 95)
You must provide a value in this field if you are performing 3-D
Secure authentication of the payer and set authentication.channel = PAYER_BROWSER.
Data can consist of any characters
device.browserDetails
OPTIONAL
Detailed information about the payer's browser.
If you are using 3-D Secure authentication to authenticate the payer,
then this information is used by the issuer's Access Control Server (ACS)
to identify the capabilities of the payers browser so that it can render
content appropriately when authenticating the payer.
You must provide values for fields in this parameter group if you are performing
3-D Secure authentication of the payer and set authentication.channel = PAYER_BROWSER.
device.browserDetails.3DSecureChallengeWindowSize
Enumeration
OPTIONAL
Dimensions of the challenge window (in width x height in pixels)
displayed to the payer during 3D-Secure authentication.
Value must be a member of the following list. The values are case sensitive.
device.browserDetails.colorDepth
Integer
OPTIONAL
The bit depth (in bits per pixel) of the color palette for displaying images.
You obtain this value from the screen.colorDepth property of the payer's browser.
JSON number data type, restricted to being positive or zero.
In addition, the represented number may have no fractional part.
device.browserDetails.javaEnabled
Boolean
OPTIONAL
Indicates whether or not the payer's browser supports Java.
You obtain this value from the navigator.javaEnabled property of the payer's browser
JSON boolean values 'true' or 'false'.
device.browserDetails.language
String
OPTIONAL
The language supported for the payer's browser as defined in IETF BCP47.
You obtain this value from the navigator.language property of the payer's browser.
Data can consist of any characters
device.browserDetails.screenHeight
Integer
OPTIONAL
The total height of the payer's browser screen in pixels.
You obtain this value from the screen.height property of the payer's browser
JSON number data type, restricted to being positive or zero.
In addition, the represented number may have no fractional part.
device.browserDetails.screenWidth
Integer
OPTIONAL
The total width of the payer's browser screen in pixels.
You obtain this value from the screen.width property of the payer's browser
JSON number data type, restricted to being positive or zero.
In addition, the represented number may have no fractional part.
device.browserDetails.timeZone
Browser Time Zone Offset
OPTIONAL
Time difference between UTC time and the Cardholder browser local time, in minutes.
The time zone offset is the difference, in minutes, between UTC and local time.
Note that this means that the offset is positive if the local time zone is behind
UTC and negative if it is ahead. For example, for time zone UTC+10:00
(Australian Eastern Standard Time, Vladivostok Time, Chamorro Standard Time), -600 would be presented.
Browser time zone offset between -840 to +840.
device.ipAddress
String
OPTIONAL
The IP address of the device used by the payer, in nnn.nnn.nnn.nnn format.
Data can consist of any characters
order
OPTIONAL
Information about the order associated with this transaction.
order.walletProvider
Enumeration
OPTIONAL
The wallet provider used to collect the customer's payment details used for this transaction.
Value must be a member of the following list. The values are case sensitive.
AMEX_EXPRESS_CHECKOUT
Amex Express Checkout wallet provider.
ANDROID_PAY
Android Pay mobile wallet provider.
APPLE_PAY
Apple Pay mobile wallet provider.
CHASE_PAY
Chase Pay wallet provider.
GOOGLE_PAY
Google Pay mobile wallet provider.
MASTERPASS_ONLINE
MasterPass Online wallet provider.
SAMSUNG_PAY
Samsung Pay mobile wallet provider.
VISA_CHECKOUT
Visa Checkout wallet provider.
session.version
ASCII Text
OPTIONAL
Use this field to implement optimistic locking of the session content.
Do this if you make business decisions based on data from the session and wish to
ensure that the same data is being used for the request operation.
To use optimistic locking, record session.version when you make your decisions,
and then pass that value in session.version when you submit your request
operation to the gateway.
If session.version provided by you does not match that stored against the session,
the gateway will reject the operation with error.cause=INVALID_REQUEST.
See
Making Business Decisions Based on Session Content
.
Data consists of ASCII characters
sourceOfFunds
OPTIONAL
The details describing the source of the funds to be used.
For card payments these may be represented by combining one or more of the following: explicitly provided card details,
a session identifier which the gateway will use to look up the card details and/or a card token. Precedence rules will be
applied in that explicitly provided card details will override session card details which will override card token details.
Each of these may represent partial card details, however the combination must result in a full and complete set of card
details. See
Using Multiple Sources of Card Details for examples.
sourceOfFunds.provided
OPTIONAL
Information about the source of funds when it is directly provided (as opposed to via a token or session).
For browser payments, the source of funds details are usually collected from the payer on the payment provider's
website and provided to you when you retrieve the transaction details (for a successful transaction).
However, for some payment types (such as giropay), you must collect the information from the payer and supply it here.
sourceOfFunds.provided.card
OPTIONAL
Details about the card.
Use this parameter group when you have sourced payment details using:
Cards: the card details entered directly or collected using a Point of Sale (POS) terminal.
Device payment methods such as Apple Pay, Android Pay, Samsung Pay or Google Pay.
Digital wallets such as Masterpass, Visa Checkout or Amex Express Checkout.
Card scheme tokens where the card was tokenized using a card scheme tokenization service such as Mastercard Digital Enablement Service (MDES).
sourceOfFunds.provided.card.devicePayment
OPTIONAL
If the payer chose to pay using a device you must provide payment details in this parameter group.
Use this parameter group when accepting payments using device payment methods such as Apple Pay, Android Pay or Samsung Pay.
sourceOfFunds.provided.card.devicePayment.3DSecure
OPTIONAL
Details used to process a digital payment where the payment data keys for the online payment cryptogram are provided using the 3-D Secure format.
Use this parameter group for:
-
• Device payments: if you decrypt the payment token yourself.
In this case, you source these fields directly from the decrypted payment token.
You do not need to use this parameter group if you provide the payment token in
sourceOfFunds.provided.card.devicePayment.paymentToken.
-
• Card scheme tokens: if you decrypt the transaction credentials yourself.
sourceOfFunds.provided.card.devicePayment.3DSecure.eciIndicator
Digits
OPTIONAL
The Electronic Commerce Indicator generated for payments made using a device payment method.
You source this field directly from the decrypted payment token.
This field is not applicable for payments using digital wallets or card scheme tokens.
Data is a string that consists of the characters 0-9.
sourceOfFunds.provided.card.devicePayment.3DSecure.onlinePaymentCryptogram
Base64
OPTIONAL
A cryptogram used to authenticate the transaction.Use this field for:
-
• Device payments: source this field directly from the decrypted payment token.
-
• Card scheme tokens: source this field directly from the decrypted transaction credentials.
sourceOfFunds.provided.card.devicePayment.paymentToken
String
OPTIONAL
This is the payment token that you received from the device's payment SDK.
For example:
For Apple Pay - this is the PKPaymentToken.paymentData value.
For Google - this is PaymentMethodToken.getToken().
Note 1: The gateway API considers this value to be a string, NOT JSON itself.
Therefore when using the JSON gateway API, this field will typically look like:
"sourceOfFunds": {
"provided": {
"card": {
"devicePayment": {
"paymentToken": "{\"data\":\"869ss19ew ....
Note 2: The gateway will ignore the currency and amount information in the payment token, and will instead use the values passed
on the amount and currency fields. For normal usage, you should populate those fields with the exact same values as you got from the SDK.
Data can consist of any characters
sourceOfFunds.provided.card.expiry
OPTIONAL
Expiry date, as shown on the card.
sourceOfFunds.provided.card.expiry.month
Digits
COMPULSORY
Month, as shown on the card.
If using a scheme token this is the token expiry month.
Months are numbered January=1, through to December=12.
Data is a number between 1 and 12 represented as a string.
sourceOfFunds.provided.card.expiry.year
Digits
COMPULSORY
Year, as shown on the card.
If using a scheme token this is the token expiry year.
The Common Era year is 2000 plus this value.
Data is a string that consists of the characters 0-9.
sourceOfFunds.provided.card.number
Digits
OPTIONAL
Credit card number as printed on the card.
Data is a string that consists of the characters 0-9.
sourceOfFunds.provided.card.securityCode
Digits
OPTIONAL
Card verification code, as printed on the back or front of the card or as provided for a card scheme token.
Data is a string that consists of the characters 0-9.
Callback data
restApiResponse
String
The REST API response
correlationId
String
The last correlation id that was used for making the REST API call
gatewayRecommendation
String
The gateway recommendation based on the cumulative risk score as determined by the ACS and the gateway.
htmlRedirectCode
String
Code to create the authentication UI.
Return Value
None