authenticatePayer()
Authentication method for authenticating payer using 3DS that was initiated using
initiateAuthentication
call.
This method will call AUTHENTICATE_PAYER
REST API and returns the raw response in
data.restApiResponse
field.
Usage
ThreeDS.authenticatePayer(orderId, transactionId, callback, optionalParams)
Example
var optionalParams = { fullScreenRedirect: true, billing: { address: { city: "London", country: "GBR" } } }; ThreeDS.authenticatePayer("5678", "ABC", function (data) { if (!data.error) { //data.response will contain all the response payload from the AUTHENTICATE_PAYER call. console.log("REST API response ", data.restApiResponse); console.log("HTML redirect code ", data.htmlRedirectCode); } }, optionalParams);
Arguments
orderId
String
COMPULSORY
Order Id of the transaction
transactionId
String
COMPULSORY
Transaction Id of the transaction
callback
Function
COMPULSORY
The callback function
optionalParams
Object
OPTIONAL
Any additional REST API `request` params
fullScreenRedirect Boolean OPTIONAL
Indicates whether or not the user wants to automatically get redirected using htmlRedirectCode property provided by callback.
If fullScreenRedirect is set to 'false', content of htmlRedirectCode received from callback needs to be manually inserted into an empty <DIV> element, this being the last element in the <BODY> of your payment page.
If fullScreenRedirect is set to 'true' it will be handled automatically.
If user, in addition, provides device.browserDetails.3DSecureChallengeWindowSize property then in order to have automatic redirect value must be equal to 'FULL_SCREEN'. Otherwise user will need to handle this manually despite fullScreenRedirect property being equal to 'true'.
If user, in addition, provides device.browserDetails.3DSecureChallengeWindowSize property then in order to have automatic redirect value must be equal to 'FULL_SCREEN'. Otherwise user will need to handle this manually despite fullScreenRedirect property being equal to 'true'.
Existence
OPTIONAL
Validation Rules
JSON boolean values 'true' or 'false'.
JSON type
Boolean
authentication OPTIONAL
Information about how the payer's identity is verified.
For example, using 3-D Secure authentication.
This parameter group include payer authentication options available to you, parameters you need to perform payer authentication for an available method, and the results of payer authentication.
This parameter group include payer authentication options available to you, parameters you need to perform payer authentication for an available method, and the results of payer authentication.
Fixed value
authentication.3ds2 OPTIONAL
Information about payer authentication using 3-D Secure authentication version 2.
Fixed value
authentication.3ds2.sdk OPTIONAL
Information provided by the 3-D Secure Software Development Kit (SDK)
that is used by an app on the payer's device to enable 3-D Secure
authentication of the payer to be performed in-app.
You must populate the fields in this parameter group when you
authenticate the payer in-app using 3-D Secure authentication version 2.
Fixed value
authentication.3ds2.sdk.appId String COMPULSORY
A unique identifier for the app on the payer's device.
The 3-D Secure SDK generates this identifier each time the app is installed or updated.
This field corresponds to EMVCo field sdkAppID
This field corresponds to EMVCo field sdkAppID
Existence
COMPULSORY
Fixed value
Validation Rules
Data can consist of any characters
JSON type
String
minimum length
36
maximum length
36
authentication.3ds2.sdk.encryptedData String COMPULSORY
Information about the payer's device collected and encrypted by the 3-D Secure SDK.
The data is a JSON Web Encryption (JWE) object in JSON format.
When using the REST/JSON gateway API, express this as a JSON string
(i.e. the embedded quotes will be escaped).
This field corresponds to EMVCo field sdkEncData
This field corresponds to EMVCo field sdkEncData
Existence
COMPULSORY
Fixed value
Validation Rules
Data can consist of any characters
JSON type
String
minimum length
0
maximum length
64000
authentication.3ds2.sdk.ephemeralPublicKey JSON Text COMPULSORY
A public key generated by the 3-D Secure SDK.
This key is used to establish a secure session between the 3DS SDK and
the issuer's Access Control Server (ACS) when the payer is required to
be presented with an authentication challenge.
The key is a JSON Web Key (JWK) object in JSON format. When using the REST/JSON gateway API, express this as a JSON string (i.e the embedded quotes will be escaped).
This field corresponds to EMVCo field sdkEphemPubKey
The key is a JSON Web Key (JWK) object in JSON format. When using the REST/JSON gateway API, express this as a JSON string (i.e the embedded quotes will be escaped).
This field corresponds to EMVCo field sdkEphemPubKey
Existence
COMPULSORY
Fixed value
Validation Rules
Data is valid Json Format
JSON type
String
minimum length
0
maximum length
256
authentication.3ds2.sdk.interface Enumeration OPTIONAL
The User Interface (UI) formats that the payer's device supports.
These are the formats that can be used to render the screens presented to
the payer during an authentication challenge.
You only need to provide this value if you only support one of these formats.
This field corresponds to EMVCo data element sdkInterface in the field deviceRenderOptions.
You only need to provide this value if you only support one of these formats.
This field corresponds to EMVCo data element sdkInterface in the field deviceRenderOptions.
Existence
OPTIONAL
Fixed value
Validation Rules
JSON type
String
Value must be a member of the following list. The values are case sensitive.
HTML
The device supports HTML format.
NATIVE
The device supports the UI format native to the payer's device.
authentication.3ds2.sdk.referenceNumber String COMPULSORY
An identifier of the vendor and version of the 3-D Secure SDK assigned by EMVCo.
This field corresponds to EMVCo field sdkReferenceNumber
Existence
COMPULSORY
Fixed value
Validation Rules
Data can consist of any characters
JSON type
String
minimum length
32
maximum length
32
authentication.3ds2.sdk.timeout Integer OPTIONAL
The duration (in seconds) available to the payer to authenticate.
Will default to 900 if not provided. Note:
The value will be rounded up to the nearest minute.
This field corresponds to EMVCo field sdkMaxTimeout
This field corresponds to EMVCo field sdkMaxTimeout
Existence
OPTIONAL
Fixed value
Validation Rules
JSON number data type, restricted to being positive or zero.
In addition, the represented number may have no fractional part.
JSON type
Number
minimum value
300
maximum value
900
authentication.3ds2.sdk.transactionId String COMPULSORY
A unique identifier assigned by the 3-D Secure SDK for the transaction.
This field corresponds to EMVCo field sdkTransID
Existence
COMPULSORY
Fixed value
Validation Rules
Data can consist of any characters
JSON type
String
minimum length
36
maximum length
36
authentication.3ds2.sdk.uiType Comma separated enumeration OPTIONAL
Indicates the UI types which the SDK supports for displaying
authentication challenges within the app.
A comma separated list of the payer authentication methods that you will
accept for this payment.
You only need to provide this value if all of these values are not supported.
Note: OTHER_HTML is only supported when authentication.3ds2.sdk.interface allows a HTML UI format.
This field corresponds to EMVCo data element sdkUiType in the field deviceRenderOptions.
You only need to provide this value if all of these values are not supported.
Note: OTHER_HTML is only supported when authentication.3ds2.sdk.interface allows a HTML UI format.
This field corresponds to EMVCo data element sdkUiType in the field deviceRenderOptions.
Existence
OPTIONAL
Fixed value
Validation Rules
Indicates the UI types which the SDK supports for displaying
authentication challenges within the app.
JSON type
String
Value must be one or more comma separated members of the following list.
The values are case sensitive.
TEXT
The payer is asked to enter text into a field displayed
on the UI. For example, ask the payer to enter a
One Time Password sent to their registered mobile phone number.
SINGLE_SELECT
The payer is asked to select a single option from a number of
presented options. For example, ask the payer if they want a
One Time Password to be sent to either their email address or
mobile phone number registered with their issuer.
MULTI_SELECT
The payer is asked to select multiple options from a number of
presented options. For example, ask the payer to select valid responses to a question.
OUT_OF_BAND
The payer is presented with screens rendered by an out-of-band
service during an authentication challenge, For example,
the payer is asked to confirm the payment from their banking app.
OTHER_HTML
The payer is presented with an authentication challenge using other mechanisms
supported in HTML but not in the native UI format. For example, the payer is
asked to confirm an image presented on the screen.
billing OPTIONAL
Details of the payer's billing address.
Fixed value
billing.address OPTIONAL
The payer's billing address.
This data may be used to qualify for better interchange rates on corporate purchase card transactions.
Fixed value
billing.address.city String OPTIONAL
The city portion of the address.
Existence
OPTIONAL
Fixed value
Validation Rules
Data can consist of any characters
JSON type
String
minimum length
1
maximum length
100
billing.address.company String OPTIONAL
The name of the company associated with this address.
Existence
OPTIONAL
Fixed value
Validation Rules
Data can consist of any characters
JSON type
String
minimum length
1
maximum length
100
billing.address.country Upper case alphabetic text OPTIONAL
The 3 letter ISO standard alpha country code of the address.
Existence
OPTIONAL
Fixed value
Validation Rules
Data must consist of the characters A-Z
JSON type
String
minimum length
3
maximum length
3
billing.address.postcodeZip Alphanumeric + additional characters OPTIONAL
The post code or zip code of the address.
Existence
OPTIONAL
Fixed value
Validation Rules
Data may consist of the characters 0-9, a-z, A-Z, ' ', '-'
JSON type
String
minimum length
1
maximum length
10
billing.address.stateProvince String OPTIONAL
The state or province of the address.
Existence
OPTIONAL
Fixed value
Validation Rules
Data can consist of any characters
JSON type
String
minimum length
1
maximum length
20
billing.address.street String OPTIONAL
The first line of the address.
For example, this may be the street name and number, or the Post Office Box details.
Existence
OPTIONAL
Fixed value
Validation Rules
Data can consist of any characters
JSON type
String
minimum length
1
maximum length
100
billing.address.street2 String OPTIONAL
The second line of the address (if provided).
Existence
OPTIONAL
Fixed value
Validation Rules
Data can consist of any characters
JSON type
String
minimum length
1
maximum length
100
correlationId String OPTIONAL
A transient identifier for the request, that can be used to match the response to the request.
The value provided is not validated, does not persist in the gateway, and is returned as provided in the response to the request.
Existence
OPTIONAL
Fixed value
Validation Rules
Data can consist of any characters
XSD type
string
minimum length
1
maximum length
100
device OPTIONAL
Information about the device used by the payer for this transaction.
Fixed value
device.browser String OPTIONAL
The User-Agent header of the browser the customer used to place the order.
For example, MOZILLA/4.0 (COMPATIBLE; MSIE 5.0; WINDOWS 95)
You must provide a value in this field if you are performing 3-D Secure authentication of the payer and set authentication.channel = PAYER_BROWSER.
You must provide a value in this field if you are performing 3-D Secure authentication of the payer and set authentication.channel = PAYER_BROWSER.
Existence
OPTIONAL
Fixed value
Validation Rules
Data can consist of any characters
JSON type
String
minimum length
1
maximum length
255
device.browserDetails OPTIONAL
Detailed information about the payer's browser.
If you are using 3-D Secure authentication to authenticate the payer,
then this information is used by the issuer's Access Control Server (ACS)
to identify the capabilities of the payers browser so that it can render
content appropriately when authenticating the payer.
You must provide values for fields in this parameter group if you are performing 3-D Secure authentication of the payer and set authentication.channel = PAYER_BROWSER.
You must provide values for fields in this parameter group if you are performing 3-D Secure authentication of the payer and set authentication.channel = PAYER_BROWSER.
Fixed value
device.browserDetails.3DSecureChallengeWindowSize Enumeration OPTIONAL
Dimensions of the challenge window (in width x height in pixels)
displayed to the payer during 3D-Secure authentication.
Existence
OPTIONAL
Fixed value
Validation Rules
JSON type
String
Value must be a member of the following list. The values are case sensitive.
250_X_400
390_X_400
500_X_600
600_X_400
FULL_SCREEN
device.browserDetails.acceptHeaders String OPTIONAL
The content of the Accept request-header field as sent from the payer's browser.
This is used to determine which content types are supported by the browser.
Existence
OPTIONAL
Fixed value
Validation Rules
Data can consist of any characters
JSON type
String
minimum length
1
maximum length
2048
device.browserDetails.colorDepth Integer OPTIONAL
The bit depth (in bits per pixel) of the color palette for displaying images.
You obtain this value from the screen.colorDepth property of the payer's browser.
Existence
OPTIONAL
Fixed value
Validation Rules
JSON number data type, restricted to being positive or zero.
In addition, the represented number may have no fractional part.
JSON type
Number
minimum value
1
maximum value
48
device.browserDetails.javaEnabled Boolean OPTIONAL
Indicates whether or not the payer's browser supports Java.
You obtain this value from the navigator.javaEnabled property of the payer's browser
Existence
OPTIONAL
Fixed value
Validation Rules
JSON boolean values 'true' or 'false'.
JSON type
Boolean
device.browserDetails.language String OPTIONAL
The language supported for the payer's browser as defined in IETF BCP47.
You obtain this value from the navigator.language property of the payer's browser.
Existence
OPTIONAL
Fixed value
Validation Rules
Data can consist of any characters
JSON type
String
minimum length
1
maximum length
8
device.browserDetails.screenHeight Integer OPTIONAL
The total height of the payer's browser screen in pixels.
You obtain this value from the screen.height property of the payer's browser
Existence
OPTIONAL
Fixed value
Validation Rules
JSON number data type, restricted to being positive or zero.
In addition, the represented number may have no fractional part.
JSON type
Number
minimum value
1
maximum value
999999
device.browserDetails.screenWidth Integer OPTIONAL
The total width of the payer's browser screen in pixels.
You obtain this value from the screen.width property of the payer's browser
Existence
OPTIONAL
Fixed value
Validation Rules
JSON number data type, restricted to being positive or zero.
In addition, the represented number may have no fractional part.
JSON type
Number
minimum value
1
maximum value
999999
device.browserDetails.timeZone Browser Time Zone Offset OPTIONAL
Time difference between UTC time and the Cardholder browser local time, in minutes.
The time zone offset is the difference, in minutes, between UTC and local time.
Note that this means that the offset is positive if the local time zone is behind
UTC and negative if it is ahead. For example, for time zone UTC+10:00
(Australian Eastern Standard Time, Vladivostok Time, Chamorro Standard Time), -600 would be presented.
Existence
OPTIONAL
Fixed value
Validation Rules
Browser time zone offset between -840 to +840.
JSON type
String
device.ipAddress String OPTIONAL
The IP address of the device used by the payer, in nnn.nnn.nnn.nnn format.
Existence
OPTIONAL
Fixed value
Validation Rules
Data can consist of any characters
JSON type
String
minimum length
7
maximum length
15
order OPTIONAL
Information about the order associated with this transaction.
Fixed value
order.walletProvider Enumeration OPTIONAL
The wallet provider used to collect the customer's payment details used for this transaction.
Existence
OPTIONAL
Fixed value
Validation Rules
JSON type
String
Value must be a member of the following list. The values are case sensitive.
AMEX_EXPRESS_CHECKOUT
Amex Express Checkout wallet provider.
ANDROID_PAY
Android Pay mobile wallet provider.
APPLE_PAY
Apple Pay mobile wallet provider.
CHASE_PAY
Chase Pay wallet provider.
GOOGLE_PAY
Google Pay mobile wallet provider.
MASTERPASS_ONLINE
MasterPass Online wallet provider.
SAMSUNG_PAY
Samsung Pay mobile wallet provider.
VISA_CHECKOUT
Visa Checkout wallet provider.
session.version ASCII Text OPTIONAL
Use this field to implement optimistic locking of the session content.
Do this if you make business decisions based on data from the session and wish to
ensure that the same data is being used for the request operation.
To use optimistic locking, record session.version when you make your decisions, and then pass that value in session.version when you submit your request operation to the gateway.
If session.version provided by you does not match that stored against the session, the gateway will reject the operation with error.cause=INVALID_REQUEST.
See Making Business Decisions Based on Session Content .
To use optimistic locking, record session.version when you make your decisions, and then pass that value in session.version when you submit your request operation to the gateway.
If session.version provided by you does not match that stored against the session, the gateway will reject the operation with error.cause=INVALID_REQUEST.
See Making Business Decisions Based on Session Content .
Existence
OPTIONAL
Fixed value
Validation Rules
Data consists of ASCII characters
JSON type
String
minimum length
10
maximum length
10
sourceOfFunds OPTIONAL
The details describing the source of the funds to be used.
For card payments these may be represented by combining one or more of the following: explicitly provided card details,
a session identifier which the gateway will use to look up the card details and/or a card token. Precedence rules will be
applied in that explicitly provided card details will override session card details which will override card token details.
Each of these may represent partial card details, however the combination must result in a full and complete set of card
details. See
Using Multiple Sources of Card Details for examples.
Fixed value
sourceOfFunds.provided OPTIONAL
Information about the source of funds when it is directly provided (as opposed to via a token or session).
For browser payments, the source of funds details are usually collected from the payer on the payment provider's
website and provided to you when you retrieve the transaction details (for a successful transaction).
However, for some payment types (such as giropay), you must collect the information from the payer and supply it here.
Fixed value
sourceOfFunds.provided.card OPTIONAL
Details about the card.
Use this parameter group when you have sourced payment details using:
Cards: the card details entered directly or collected using a Point of Sale (POS) terminal.
Device payment methods such as Apple Pay, Android Pay, Samsung Pay or Google Pay.
Digital wallets such as Masterpass, Visa Checkout or Amex Express Checkout.
Card scheme tokens where the card was tokenized using a card scheme tokenization service such as Mastercard Digital Enablement Service (MDES).
Cards: the card details entered directly or collected using a Point of Sale (POS) terminal.
Device payment methods such as Apple Pay, Android Pay, Samsung Pay or Google Pay.
Digital wallets such as Masterpass, Visa Checkout or Amex Express Checkout.
Card scheme tokens where the card was tokenized using a card scheme tokenization service such as Mastercard Digital Enablement Service (MDES).
Fixed value
sourceOfFunds.provided.card.devicePayment OPTIONAL
If the payer chose to pay using a device you must provide payment details in this parameter group.
Use this parameter group when accepting payments using device payment methods such as Apple Pay, Android Pay or Samsung Pay.
Fixed value
sourceOfFunds.provided.card.devicePayment.3DSecure OPTIONAL
Details used to process a digital payment where the payment data keys for the online payment cryptogram are provided using the 3-D Secure format.
Use this parameter group for:
-
• Device payments: if you decrypt the payment token yourself.
In this case, you source these fields directly from the decrypted payment token.
You do not need to use this parameter group if you provide the payment token in sourceOfFunds.provided.card.devicePayment.paymentToken. - • Card scheme tokens: if you decrypt the transaction credentials yourself.
Fixed value
sourceOfFunds.provided.card.devicePayment.3DSecure.eciIndicator Digits OPTIONAL
The Electronic Commerce Indicator generated for payments made using a device payment method.
You source this field directly from the decrypted payment token.
This field is not applicable for payments using digital wallets or card scheme tokens.
This field is not applicable for payments using digital wallets or card scheme tokens.
Existence
OPTIONAL
Fixed value
Validation Rules
Data is a string that consists of the characters 0-9.
JSON type
String
minimum length
1
maximum length
2
sourceOfFunds.provided.card.devicePayment.3DSecure.onlinePaymentCryptogram Base64 OPTIONAL
A cryptogram used to authenticate the transaction.Use this field for:
- • Device payments: source this field directly from the decrypted payment token.
- • Card scheme tokens: source this field directly from the decrypted transaction credentials.
Existence
OPTIONAL
Fixed value
Validation Rules
Data is Base64 encoded
JSON type
String
minimum length
1
maximum length
128
sourceOfFunds.provided.card.devicePayment.cryptogramFormat Enumeration OPTIONAL
The format of the cryptogram provided for the digital payment.Use this field for:
This field does not apply to Card Scheme token payments.
- • Device payments: provide the cryptogram format when you decrypt the payment token and provide the payment details (including the online payment cryptogram) in the transaction request.
This field does not apply to Card Scheme token payments.
Existence
OPTIONAL
Fixed value
Validation Rules
JSON type
String
Value must be a member of the following list. The values are case sensitive.
3DSECURE
The payment data keys for the online payment cryptogram are provided using the 3-D Secure format.
EMV
The payment data keys for the online payment cryptogram are provided using the EMV format.
sourceOfFunds.provided.card.devicePayment.paymentToken String OPTIONAL
This is the payment token that you received from the device's payment SDK.
For example:
For Apple Pay - this is the PKPaymentToken.paymentData value.
For Google - this is PaymentMethodToken.getToken().
Note 1: The gateway API considers this value to be a string, NOT JSON itself. Therefore when using the JSON gateway API, this field will typically look like:
"sourceOfFunds": {
"provided": {
"card": {
"devicePayment": {
"paymentToken": "{\"data\":\"869ss19ew ....
Note 2: The gateway will ignore the currency and amount information in the payment token, and will instead use the values passed on the amount and currency fields. For normal usage, you should populate those fields with the exact same values as you got from the SDK.
For Apple Pay - this is the PKPaymentToken.paymentData value.
For Google - this is PaymentMethodToken.getToken().
Note 1: The gateway API considers this value to be a string, NOT JSON itself. Therefore when using the JSON gateway API, this field will typically look like:
"sourceOfFunds": {
"provided": {
"card": {
"devicePayment": {
"paymentToken": "{\"data\":\"869ss19ew ....
Note 2: The gateway will ignore the currency and amount information in the payment token, and will instead use the values passed on the amount and currency fields. For normal usage, you should populate those fields with the exact same values as you got from the SDK.
Existence
OPTIONAL
Fixed value
Validation Rules
Data can consist of any characters
JSON type
String
minimum length
1
maximum length
16384
sourceOfFunds.provided.card.expiry OPTIONAL
Expiry date, as shown on the card.
Fixed value
sourceOfFunds.provided.card.expiry.month Digits COMPULSORY
Month, as shown on the card.
If using a scheme token this is the token expiry month.
Months are numbered January=1, through to December=12.
Months are numbered January=1, through to December=12.
Existence
COMPULSORY
Fixed value
Validation Rules
Data is a number between 1 and 12 represented as a string.
JSON type
String
sourceOfFunds.provided.card.expiry.year Digits COMPULSORY
Year, as shown on the card.
If using a scheme token this is the token expiry year.
The Common Era year is 2000 plus this value.
The Common Era year is 2000 plus this value.
Existence
COMPULSORY
Fixed value
Validation Rules
Data is a string that consists of the characters 0-9.
JSON type
String
minimum length
2
maximum length
2
sourceOfFunds.provided.card.number Digits OPTIONAL
Credit card number as printed on the card.
Existence
OPTIONAL
Fixed value
Validation Rules
Data is a string that consists of the characters 0-9.
JSON type
String
minimum length
9
maximum length
19
sourceOfFunds.provided.card.securityCode Digits OPTIONAL
Card verification code, as printed on the back or front of the card or as provided for a card scheme token.
Existence
OPTIONAL
Fixed value
Validation Rules
Data is a string that consists of the characters 0-9.
JSON type
String
minimum length
3
maximum length
4
Callback data
restApiResponse
String
The REST API response
correlationId
String
The last correlation id that was used for making the REST API call
gatewayRecommendation
String
The gateway recommendation based on the cumulative risk score as determined by the ACS and the gateway.
htmlRedirectCode
String
Code to create the authentication UI.
Return Value
None