authenticatePayer()
Authentication method for authenticating payer using 3DS that was initiated using
initiateAuthentication call.
This method will call AUTHENTICATE_PAYER
REST API and returns the raw response in
data.restApiResponse field.
Usage Copied to clipboard
ThreeDS.authenticatePayer(orderId, transactionId, callback, optionalParams)
Example Copied to clipboard
var optionalParams = {
fullScreenRedirect: true,
billing: {
address: {
city: "London",
country: "GBR"
}
}
};
ThreeDS.authenticatePayer("5678", "ABC", function (data) {
if (!data.error) {
//data.response will contain all the response payload from the AUTHENTICATE_PAYER call.
console.log("REST API response ", data.restApiResponse);
console.log("HTML redirect code ", data.htmlRedirectCode);
}
}, optionalParams);
Arguments Copied to clipboard
Order Id of the transaction.
Transaction Id of the transaction.
The callback function.
Any additional REST API `request` params
Indicates whether or not the user wants to automatically get redirected using htmlRedirectCode property provided by callback.
fullScreenRedirect is set to 'false', content of htmlRedirectCode received from
callback needs to be manually inserted into an empty <DIV> element, this being the last element in the
<BODY> of your payment page.
If fullScreenRedirect is set to 'true' it will be handled automatically.
device.browserDetails.3DSecureChallengeWindowSize property then
in order to have automatic redirect value must be equal to 'FULL_SCREEN'.
Otherwise, user will need to handle this manually despite fullScreenRedirect property being
equal to 'true'.
Information about how the payer's identity is verified.
For example, using 3-D Secure authentication.
This parameter group include payer authentication options available to you, parameters you need to perform payer authentication for an available method, and the results of payer authentication.
Information about payer authentication using 3-D Secure authentication version 2.
Information provided by the 3-D Secure Software Development Kit (SDK) that is used by an app on the payer's device to enable 3-D Secure authentication of the payer to be performed in-app.
You must populate the fields in this parameter group when you authenticate the payer in-app using 3-D Secure authentication version 2.
A unique identifier for the app on the payer's device.
The 3-D Secure SDK generates this identifier each time the app is installed or updated.
This field corresponds to EMVCo field sdkAppID.
Information about the payer's device collected and encrypted by the 3-D Secure SDK.
The data is a JSON Web Encryption (JWE) object in JSON format. When using the REST/JSON gateway API, express this as a JSON string (i.e. the embedded quotes will be escaped).
This field corresponds to EMVCo field sdkEncData
A public key generated by the 3-D Secure SDK.
This key is used to establish a secure session between the 3DS SDK and the issuer's Access Control Server (ACS) when the payer is required to be presented with an authentication challenge.
The key is a JSON Web Key (JWK) object in JSON format. When using the REST/JSON gateway API, express this as a JSON string (i.e the embedded quotes will be escaped).
This field corresponds to EMVCo field sdkEphemPubKey
The User Interface (UI) formats that the payer's device supports.
These are the formats that can be used to render the screens presented to the payer during an authentication challenge.
You only need to provide this value if you only support one of these formats.
This field corresponds to EMVCo data element sdkInterface in the field deviceRenderOptions.
HTMLThe device supports HTML format.
NATIVEThe device supports the UI format native to the payer's
device.
An identifier of the vendor and version of the 3-D Secure SDK assigned by EMVCo.
This field corresponds to EMVCo field sdkReferenceNumber.
The duration (in seconds) available to the payer to authenticate.
Will default to 900 if not provided. Note: The value will be rounded up to the nearest minute.
This field corresponds to EMVCo field sdkMaxTimeout.
A unique identifier assigned by the 3-D Secure SDK for the transaction.
This field corresponds to EMVCo field sdkTransID.
Indicates the UI types which the SDK supports for displaying authentication challenges within the app.
This field corresponds to EMVCo field sdkTransID.
A comma separated list of the payer authentication methods that you will accept for this payment.
You only need to provide this value if all of these values are not supported.
Note: OTHER_HTML is only
supported when authentication.3ds2.sdk.interface allows a HTML UI
format.
This field corresponds to EMVCo data element sdkUiType in the field deviceRenderOptions.
TEXTThe payer is asked to enter text into a field displayed on
the UI. For example, ask the payer to enter a One Time Password sent to
their registered mobile phone number.
SINGLE_SELECTThe payer is asked to select a single option from
a number of presented options. For example, ask the payer if they want a One
Time Password to be sent to either their email address or mobile phone
number registered with their issuer.
MULTI_SELECTThe payer is asked to select multiple options from
a number of presented options. For example, ask the payer to select valid
responses to a question.
OUT_OF_BANDThe payer is presented with screens rendered by an
out-of-band service during an authentication challenge, For example, the
payer is asked to confirm the payment from their banking app.
OTHER_HTMLThe payer is presented with an authentication
challenge using other mechanisms supported in HTML but not in the native UI
format. For example, the payer is asked to confirm an image presented on the
screen.
Details of the payer's billing address.
The payer's billing address.
This data may be used to qualify for better interchange rates on corporate purchase card transactions.
The city portion of the address.
The name of the company associated with this address.
The 3 letter ISO standard alpha country code of the address.
The post code or zip code of the address.
The state or province of the address.
The first line of the address.
For example, this may be the street name and number, or the Post Office Box details.
The second line of the address (if provided).
A transient identifier for the request, that can be used to match the response to the request.
The value provided is not validated, does not persist in the gateway, and is returned as provided in the response to the request.
Information about the device used by the payer for this transaction.
The User-Agent header of the browser the customer used to place the order. For example, MOZILLA/4.0 (COMPATIBLE; MSIE 5.0; WINDOWS 95)
You must provide a value in this field if you are performing 3-D Secure authentication of the payer and set authentication.channel = PAYER_BROWSER.
Detailed information about the payer's browser.
If you are using 3-D Secure authentication to authenticate the payer, then this information is used by the issuer's Access Control Server (ACS) to identify the capabilities of the payers browser so that it can render content appropriately when authenticating the payer.
You must provide values for fields in this parameter group if you are performing 3-D Secure authentication of the payer and set authentication.channel = PAYER_BROWSER.
Dimensions of the challenge window (in width x height in pixels) displayed to the payer during 3D-Secure authentication.
250_X_400
390_X_400
500_X_600
600_X_400
FULL_SCREEN
The content of the Accept request-header field as sent from the payer's browser.
This is used to determine which content types are supported by the browser.
The bit depth (in bits per pixel) of the color palette for displaying images.
You obtain this value from the screen.colorDepth property of the payer's browser.
Indicates whether or not the payer's browser supports Java.
You obtain this value from the navigator.javaEnabled property of the payer's browser.
The language supported for the payer's browser as defined in IETF BCP47.
You obtain this value from the navigator.language property of the payer's browser.
The total height of the payer's browser screen in pixels.
You obtain this value from the screen.height property of the payer's browser.
The total width of the payer's browser screen in pixels.
You obtain this value from the screen.width property of the payer's browser.
Time difference between UTC time and the Cardholder browser local time, in minutes.
The time zone offset is the difference, in minutes, between UTC and local time. Note that this means that the offset is positive if the local time zone is behind UTC and negative if it is ahead. For example, for time zone UTC+10:00 (Australian Eastern Standard Time, Vladivostok Time, Chamorro Standard Time), -600 would be presented.
The IP address of the device used by the payer, in nnn.nnn.nnn.nnn format.
Information about the order associated with this transaction.
The wallet provider used to collect the customer's payment details used for this transaction.
AMEX_EXPRESS_CHECKOUTAmex Express Checkout wallet provider.
ANDROID_PAYAndroid Pay mobile wallet provider.
APPLE_PAYApple Pay mobile wallet provider.
CHASE_PAYChase Pay wallet provider.
GOOGLE_PAYGoogle Pay mobile wallet provider.
MASTERPASS_ONLINEMasterPass Online wallet provider.
SAMSUNG_PAYSamsung Pay mobile wallet provider.
VISA_CHECKOUTVisa Checkout wallet provider.
Use this field to implement optimistic locking of the session content.
Do this if you make business decisions based on data from the session and wish to ensure that the same data is being used for the request operation.
To use optimistic locking, record session.version when you make your decisions, and then pass that value in session.version when you submit your request operation to the gateway.
If session.version provided by you does not match that stored against the session, the gateway will reject the operation with error.cause=INVALID_REQUEST.
See Making Business Decisions Based on Session Content.
The details describing the source of the funds to be used.
For card payments these may be represented by combining one or more of the following: explicitly provided card details, a session identifier which the gateway will use to look up the card details and/or a card token. Precedence rules will be applied in that explicitly provided card details will override session card details which will override card token details. Each of these may represent partial card details, however the combination must result in a full and complete set of card details. See Using Multiple Sources of Card Details for examples.
Information about the source of funds when it is directly provided (as opposed to via a token or session).
For browser payments, the source of funds details are usually collected from the payer on the payment provider's website and provided to you when you retrieve the transaction details (for a successful transaction). However, for some payment types (such as giropay), you must collect the information from the payer and supply it here.
Details about the card.
Use this parameter group when you have sourced payment details using:
- Cards: the card details entered directly or collected using a Point of Sale (POS) terminal.
- Device payment methods such as Apple Pay, Android Pay, Samsung Pay or Google Pay.
- Digital wallets such as Masterpass, Visa Checkout or Amex Express Checkout.
- Card scheme tokens where the card was tokenized using a card scheme tokenization service such as Mastercard Digital Enablement Service (MDES).
If the payer chose to pay using a device you must provide payment details in this parameter group. Use this parameter group when accepting payments using device payment methods such as Apple Pay, Android Pay or Samsung Pay.
Details used to process a digital payment where the payment data keys for the online payment cryptogram are provided using the 3-D Secure format.
Use this parameter group for:
-
Device payments: if you decrypt the payment token yourself.
In this case, you source these fields directly from the
decrypted
payment
token.
You do not need to use this parameter group if you provide the payment token in sourceOfFunds.provided.card.devicePayment.paymentToken. - Card scheme tokens: if you decrypt the transaction credentials yourself.
The Electronic Commerce Indicator generated for payments made using a device payment method.
You source this field directly from the decrypted payment token.
You must provide this field if you have it. This field is not applicable for payments using digital wallets.
A cryptogram used to authenticate the transaction.
- Device payments: source this field directly from the decrypted payment token.
- Card scheme tokens: source this field directly from the decrypted transaction credentials. For MDES (Mastercard Digital Enablement Service) tokens this is the UCAF cryptogram (de48se43Data). For VTS (Visa Token Service) tokens this is the TAVV cryptogram.
The format of the cryptogram provided for the digital payment.Use this field for:
- Device payments: provide the cryptogram format when you decrypt the payment token and provide the payment details (including the online payment cryptogram) in the transaction request.
This field does not apply to Card Scheme token payments.
3DSECUREThe payment data keys for the online
payment
cryptogram are provided using the 3-D Secure format.
EMVThe payment data keys for the online payment
cryptogram
are provided using the EMV format.
This is the payment token that you received from the device's payment SDK.
For example:
For Apple Pay - this is the PKPaymentToken.paymentData value.
For Google - this is PaymentMethodToken.getToken().
Note 1: The gateway API considers this value to be a string, NOT JSON itself. Therefore, when using the JSON gateway API, this field will typically look like:
"sourceOfFunds": {
"provided": {
"card": {
"devicePayment": {
"paymentToken": "{\"data\":\"869ss19ew ....
Note 2: The gateway will ignore the currency and amount information in the payment token, and will instead use the values passed on the amount and currency fields. For normal usage, you should populate those fields with the exact same values as you got from the SDK.
Expiry date, as shown on the card.
Month, as shown on the card.
If using a scheme
token this is the token expiry month.
Months are numbered January=1,
through to December=12.
Year, as shown on the card.
If using a scheme
token this is the token expiry year.
The Common Era year is 2000
plus this value.
Credit card number as printed on the card.
Card verification code, as printed on the back or front of the card or as provided for a card scheme token.
Callback data Copied to clipboard
The REST API response.
The last correlation id that was used for making the REST API call.
The gateway recommendation based on the cumulative risk score as determined by the ACS and the gateway.
Code to create the authentication UI.
Return Value Copied to clipboard
None