Check 3DS Enrollment

Request to check a cardholder's enrollment in the 3DSecure scheme.

POST https://ap-gateway.mastercard.com/api/nvp/version/50

Authentication Copied to clipboard

This operation requires authentication via one of the following methods:


  • Certificate authentication.
  • To authenticate to the API two additional NVP parameters must be supplied in the request. Provide 'merchant.<your gateway merchant ID>' in the apiUsername field and your API password in the apiPassword field.

Request Copied to clipboard

Fields Copied to clipboard

3DSecure Copied to clipboard REQUIRED

Information on 3DSecure fields.

3DSecure.authenticationRedirect Copied to clipboard REQUIRED

A collection of parameters required to build the HTML form that is redirected to the ACS.

There are two options to generate the redirect page used to transfer the cardholder to the card Issuer's Access Control Server (ACS) for authentication:

1. Simple: submit the form generated by the gateway. In this case, only the htmlBodyContent parameter is required.
2. Customized: for those merchants who wish to customise the submission. In this case, the acsURL and paReq parameters will be required to formulate the submission.
Note: This field will only be returned in the event of a successful directory server lookup.

3DSecure.authenticationRedirect.pageGenerationMode Copied to clipboard Enumeration OPTIONAL

Indicates the option (Simple or Customized) used to generate the page that redirects the cardholder to the card Issuer's Access Control Server (ACS) for authentication.

The response to the Check 3DS Enrollment operation will include the information required for the selected option. By default, the Simple option is used.

An enumeration to allow a user to specify if they wish to adopt a customized solution or a simple solution.

Value must be a member of the following list. The values are case sensitive.

CUSTOMIZED

A strategy to indicate that the user wishes to customize the response

SIMPLE

A simple interaction model where the response is complete and no user intervention is required.

3DSecure.authenticationRedirect.responseUrl Copied to clipboard Url REQUIRED

The URL to which you want to redirect the payer after completing the payer authentication process.

Typically, this will be the merchant's website URL, which must be URL encoded for special characters such spaces, hyphens, etc.

Ensure that the URL begins with 'https' and is longer than 11 characters.

3DSecure.authenticationRedirect.simple Copied to clipboard OPTIONAL

The details required by the system to generate the HTML page as specified in the Simple option.

3DSecure.authenticationRedirect.simple.expectedHtmlEncoding Copied to clipboard Enumeration OPTIONAL

The encoding required for the HTML returned in the response, through htmlBodyContent parameter.

The available HTML Encoding options that a client may request.

Value must be a member of the following list. The values are case sensitive.

ASCII
ISO_8859_1

Latin1

UTF_8
3DSecure.authenticationRedirect.simple.redirectDisplayBackgroundColor Copied to clipboard Alphanumeric + additional characters OPTIONAL

Background color of the page, encoded in HEX, rendered in the cardholder's browser while the browser is waiting for the authentication to commence.

By default, the color is set to #FFFFFF.

Data may consist of the characters 0-9, a-z, A-Z, '#'

Min length: 4 Max length: 7
3DSecure.authenticationRedirect.simple.redirectDisplayContinueButtonText Copied to clipboard String OPTIONAL

Text on the button that the cardholder can use to redirect the browser to the card Issuer's Access Control Server (ACS) if JavaScript is disabled for their browser.

By default, the button text is set to "Click here to continue".

Data can consist of any characters

Min length: 1 Max length: 40
3DSecure.authenticationRedirect.simple.redirectDisplayTitle Copied to clipboard String OPTIONAL

Title of the page rendered in the cardholder's browser while the browser is waiting for the authentication to commence.

By default, the title is set to "Process secure Payment".

Data can consist of any characters

Min length: 1 Max length: 200
3DSecure.goodsDescription Copied to clipboard String OPTIONAL

An optional field that the merchant may supply in the Transaction Request as a description of the transaction.

If supported by the ACS, this description will be displayed on the authentication page where the cardholder types in their secret password.

Data can consist of any characters

Min length: 0 Max length: 30
3DSecureId Copied to clipboard ASCII Text REQUIRED

A unique identifier supplied by the merchant for the authentication.

It is first defined in the check3DSEnrollment operation, and then included in subsequent operations.It is not used when the authentication is performed externally.

Data consists of ASCII characters

Min length: 1 Max length: 64
apiOperation Copied to clipboard String = CHECK_3DS_ENROLLMENT FIXED

Any sequence of zero or more unicode characters.

correlationId Copied to clipboard String OPTIONAL

A transient identifier for the request, that can be used to match the response to the request.

The value provided is not validated, does not persist in the gateway, and is returned as provided in the response to the request.

Data can consist of any characters

Min length: 1 Max length: 100
currencyConversion Copied to clipboard OPTIONAL

Information specific to the use of dynamic currency conversion (DCC).

If you requested a rate quote via the gateway, provide the requestId as returned in the PAYMENT_OPTIONS_INQUIRY response. For rate quote requests performed outside the gateway, you must at least provide payer amount, payer currency, provider and payer exchange rate.

You can only provide DCC information on the initial transaction for an order. If provided on subsequent transactions or an order, DCC information will be ignored.

currencyConversion.exchangeRateTime Copied to clipboard DateTime OPTIONAL

The timestamp of when the conversion rate is effective.

The timestamp may need to be displayed to the payer on the merchant site to satisfy regulatory requirements.

An instant in time expressed in ISO8601 date + time format - "YYYY-MM-DDThh:mm:ss.SSSZ"

currencyConversion.marginPercentage Copied to clipboard Decimal OPTIONAL

The foreign exchange markup applied as a percentage to the transaction amount for providing the conversion service.

The margin percentage may need to be displayed to the payer on the merchant site to satisfy regulatory requirements.

Data is a string that consists of the characters 0-9 and '.' and represents a valid decimal number.

Min length: 1 Max length: 8
currencyConversion.payerAmount Copied to clipboard Decimal OPTIONAL

The total amount of the transaction in the payer's currency.

You must include this field if the payer accepted the DCC offer you presented to them.

Data is a string that consists of the characters 0-9 and '.' and represents a valid decimal number.

Min length: 1 Max length: 14
currencyConversion.payerCurrency Copied to clipboard Upper case alphabetic text OPTIONAL

The currency of the DCC rate quote provided by your DCC Service Provider.

The currency must be expressed as an ISO 4217 alpha code, e.g. USD and must be different to that provided for transaction currency. You must include this field if the payer accepted the DCC offer you presented to them.

Data must consist of the characters A-Z

Min length: 3 Max length: 3
currencyConversion.payerExchangeRate Copied to clipboard Decimal OPTIONAL

The exchange rate used to convert the transaction amount into the payer's currency.

The payer exchange rate includes the foreign exchange markup (marginPercentage). The payer exchange rate is displayed to the payer on the merchant site.

Data is a string that consists of the characters 0-9 and '.' and represents a valid decimal number.

Min length: 1 Max length: 19
currencyConversion.provider Copied to clipboard Enumeration OPTIONAL

This identifies the name of the provider of the DCC quote.

This data is for information purposes, and may be useful if you use multiple DCC providers.

Value must be a member of the following list. The values are case sensitive.

FEXCO
FTT
GLOBAL_PAYMENTS
IBM
TRAVELEX_CURRENCY_SELECT
UNICREDIT
currencyConversion.providerReceipt Copied to clipboard String OPTIONAL

The quote provider's unique reference to the rate quote.

Data can consist of any characters

Min length: 1 Max length: 100
currencyConversion.requestId Copied to clipboard String OPTIONAL

The unique identifier for your DCC quote request as returned in the PAYMENT_OPTIONS_INQUIRY response.

Data can consist of any characters

Min length: 1 Max length: 100
currencyConversion.uptake Copied to clipboard Enumeration OPTIONAL

Indicates how DCC applies to the order.

If not provided, this value defaults to NOT_REQUIRED.

Value must be a member of the following list. The values are case sensitive.

ACCEPTED

The payer accepted the DCC offer and pays in their own currency. The conditions of the rate quote are applied in the processing of this transaction.

DECLINED

The payer declined the DCC offer and pays in your transaction currency.

NOT_AVAILABLE

A rate quote was requested, but no DCC offer was provided. For rate quotes via the gateway the PAYMENT_OPTION_INQUIRY response contains a currencyConversion.gatewayCode other than QUOTE_PROVIDED.

NOT_REQUIRED

DCC is not required for this transaction.

merchant Copied to clipboard Alphanumeric + additional characters REQUIRED

The unique identifier issued to you by your payment provider.

This identifier can be up to 12 characters in length.

Data may consist of the characters 0-9, a-z, A-Z, '-', '_'

Min length: 1 Max length: 40
order Copied to clipboard REQUIRED

Information about the order associated with this transaction.

order.amount Copied to clipboard Decimal REQUIRED

The total amount for the order. This is the net amount plus any surcharge.

If you provide any sub-total amounts, then the sum of these amounts (order.itemAmount, order.taxAmount, order.shippingAndHandlingAmount, order.cashbackAmount, order.gratuityAmount), minus the order.discountAmount must equal the net amount.

The value of this field in the response may be zero if payer funds are not transferred.

Data is a string that consists of the characters 0-9 and '.' and represents a valid decimal number.

Min length: 1 Max length: 14
order.currency Copied to clipboard Upper case alphabetic text REQUIRED

The currency of the order expressed as an ISO 4217 alpha code, e.g. USD.

Data must consist of the characters A-Z

Min length: 3 Max length: 3
session.id Copied to clipboard ASCII Text OPTIONAL

Identifier of the payment session containing values for any of the request fields to be used in this operation.

Values provided in the request will override values contained in the session.

Data consists of ASCII characters

Min length: 31 Max length: 35
session.version Copied to clipboard ASCII Text OPTIONAL

Use this field to implement optimistic locking of the session content.

Do this if you make business decisions based on data from the session and wish to ensure that the same data is being used for the request operation.

To use optimistic locking, record session.version when you make your decisions, and then pass that value in session.version when you submit your request operation to the gateway.

If session.version provided by you does not match that stored against the session, the gateway will reject the operation with error.cause=INVALID_REQUEST.

See Making Business Decisions Based on Session Content.

Data consists of ASCII characters

Min length: 10 Max length: 10
sourceOfFunds Copied to clipboard OPTIONAL

The details describing the source of the funds to be used.

For card payments these may be represented by combining one or more of the following: explicitly provided card details, a session identifier which the gateway will use to look up the card details and/or a card token. Precedence rules will be applied in that explicitly provided card details will override session card details which will override card token details. Each of these may represent partial card details, however the combination must result in a full and complete set of card details. See Using Multiple Sources of Card Details for examples.

sourceOfFunds.provided Copied to clipboard OPTIONAL

Information about the source of funds when it is directly provided (as opposed to via a token or session).

For browser payments, the source of funds details are usually collected from the payer on the payment provider's website and provided to you when you retrieve the transaction details (for a successful transaction). However, for some payment types (such as giropay), you must collect the information from the payer and supply it here.

sourceOfFunds.provided.card Copied to clipboard OPTIONAL

Details as shown on the card.

sourceOfFunds.provided.card.expiry Copied to clipboard REQUIRED

Expiry date, as shown on the card.

sourceOfFunds.provided.card.expiry.month Copied to clipboard Digits REQUIRED

Month, as shown on the card.

Months are numbered January=1, through to December=12.

Data is a number between 1 and 12 represented as a string.

sourceOfFunds.provided.card.expiry.year Copied to clipboard Digits REQUIRED

Year, as shown on the card.

The Common Era year is 2000 plus this value.

Data is a string that consists of the characters 0-9.

Min length: 2 Max length: 2
sourceOfFunds.provided.card.number Copied to clipboard Digits OPTIONAL

Credit card number as printed on the card.

Data is a string that consists of the characters 0-9.

Min length: 9 Max length: 19
sourceOfFunds.token Copied to clipboard Alphanumeric OPTIONAL

Uniquely identifies a card and associated details.

Data may consist of the characters 0-9, a-z, A-Z

Min length: 1 Max length: 40

Response Copied to clipboard

Fields Copied to clipboard

3DSecure Copied to clipboard CONDITIONAL

Information about the results of payer authentication using 3-D Secure authentication.

You only need to provide these fields if you authenticated the payer using a different service provider.

3DSecure.acsEci Copied to clipboard Alphanumeric CONDITIONAL

Indicates the security level of the transaction.

This is the value returned in the Electronic Commerce Indicator (ECI) field of the Payer Authentication Response (PARes) message from the card Issuer's Access Control Server (ACS). For example, 0,1, or 2. Refer to the relevant documentation for Mastercard SecureCode™, Verified by Visa™, JCB J/Secure™, American Express SafeKey™, or Diners Club ProtectBuy™.

Data may consist of the characters 0-9, a-z, A-Z

Min length: 1 Max length: 100
3DSecure.authenticationRedirect Copied to clipboard CONDITIONAL

A collection of parameters required to build the HTML form that is redirected to the ACS.

There are two options to generate the redirect page used to transfer the cardholder to the card Issuer's Access Control Server (ACS) for authentication:

1. Simple: submit the form generated by the gateway. In this case, only the htmlBodyContent parameter is required.
2. Customized: for those merchants who wish to customise the submission. In this case, the acsURL and paReq parameters will be required to formulate the submission.
Note: This field will only be returned in the event of a successful directory server lookup.

3DSecure.authenticationRedirect.customized Copied to clipboard CONDITIONAL

The customized field is the response returned for those merchants who wish to customise the submission.

In this case, the acsURL and paReq parameters will be required to formulate the submission.

3DSecure.authenticationRedirect.customized.acsUrl Copied to clipboard Url ALWAYS PROVIDED

The URL of the card Issuer's Access Control Server (ACS) where the cardholder can be authenticated.

Ensure that the URL begins with 'https' and is longer than 11 characters.

3DSecure.authenticationRedirect.customized.paReq Copied to clipboard ASCII Text ALWAYS PROVIDED

The Payer Authentication Request (PAReq) message that is sent to the card Issuer's Access Control Server (ACS) to initiate authentication of the cardholder.

It contains all of the information required by the ACS to perform the authentication. PAReq should be sent to the ACS URL unaltered.

Data consists of ASCII characters

Min length: 0 Max length: 4000
3DSecure.authenticationRedirect.simple Copied to clipboard CONDITIONAL

The simple field is the response returned to those merchants who have chosen the simple option for form submission.

In this case, only the htmlBodyContent parameter is required to formulate the submission.

3DSecure.authenticationRedirect.simple.htmlBodyContent Copied to clipboard String ALWAYS PROVIDED

The generated form to post to the cardholder's browser.

The form will redirect the browser to card Issuer's Access Control Server (ACS) where the cardholder can be authenticated. The form contains all of the information required by the ACS for authentication.

Data can consist of any characters

Min length: 0 Max length: 40960
3DSecure.authenticationToken Copied to clipboard Base64 CONDITIONAL

Used to verify that the 3D-Secure authentication occurred and the 3-D Secure data provided is valid.

The authentication token is generated and returned by the card issuer's Access Control Server (ACS) or the scheme's Attempts Server. It is a Base64 encoded value and must be submitted unaltered on a transaction. This field is referred to as Accountholder Authentication Value (AAV) for Mastercard SecureCode™ and JCB J/Secure™, Cardholder Authentication Verification Value (CAVV) for Verified by Visa™, American Express Verification Value (AEVV) for American Express SafeKey™, or Cardmember Authentication Verification Value (CAVV) for Diners Club ProtectBuy™.

Data is Base64 encoded

Min length: 28 Max length: 32
3DSecure.paResStatus Copied to clipboard Alpha CONDITIONAL

Indicates the result of payer authentication with the issuer.

This is the value returned in the transaction status field of the Payer Authentication Response (PARes) message from the card Issuer's Access Control Server (ACS). For example, Y, N, A, or U. Refer to the relevant documentation for Mastercard SecureCode™, Verified by Visa™, JCB J/Secure™, American Express SafeKey™, or Diners Club ProtectBuy™.

Data may consist of the characters a-z, A-Z

Min length: 1 Max length: 1
3DSecure.veResEnrolled Copied to clipboard Alpha CONDITIONAL

Indicates whether or not payer authentication is available for the card number you provided.

This is the value returned in the 'enrolled' field of the Verify Enrollment Response (VERes) message from the card scheme's Directory Server. For example, Y, N, or U. Refer to the relevant documentation for Mastercard SecureCode™, Verified by Visa™, JCB J/Secure™, American Express SafeKey™, or Diners Club ProtectBuy™.

Data may consist of the characters a-z, A-Z

Min length: 1 Max length: 1
3DSecure.xid Copied to clipboard Base64 CONDITIONAL

A unique transaction identifier generated by the Payment Gateway on behalf of the merchant to identify the 3DS transaction.

This field is mandatory for Verified By Visa transactions if authentication was available. The XID should be used in operation requests unaltered.

Data is Base64 encoded

Min length: 28 Max length: 28
3DSecureId Copied to clipboard ASCII Text ALWAYS PROVIDED

A unique identifier supplied by the merchant for the authentication.

It is first defined in the check3DSEnrollment operation, and then included in subsequent operations.
It is not used when the authentication is performed externally.

Data consists of ASCII characters

Min length: 1 Max length: 64
correlationId Copied to clipboard String CONDITIONAL

A transient identifier for the request, that can be used to match the response to the request.

The value provided is not validated, does not persist in the gateway, and is returned as provided in the response to the request.

Data can consist of any characters

Min length: 1 Max length: 100
currencyConversion Copied to clipboard CONDITIONAL

Information specific to the use of dynamic currency conversion (DCC).

If you requested a rate quote via the gateway, provide the requestId as returned in the PAYMENT_OPTIONS_INQUIRY response. For rate quote requests performed outside the gateway, you must at least provide payer amount, payer currency, provider and payer exchange rate.

You can only provide DCC information on the initial transaction for an order. If provided on subsequent transactions or an order, DCC information will be ignored.

currencyConversion.exchangeRateTime Copied to clipboard DateTime CONDITIONAL

The timestamp of when the conversion rate is effective.

The timestamp may need to be displayed to the payer on the merchant site to satisfy regulatory requirements.

An instant in time expressed in ISO8601 date + time format - "YYYY-MM-DDThh:mm:ss.SSSZ"

currencyConversion.marginPercentage Copied to clipboard Decimal CONDITIONAL

The foreign exchange markup applied as a percentage to the transaction amount for providing the conversion service.

The margin percentage may need to be displayed to the payer on the merchant site to satisfy regulatory requirements.

A sequence of digits 0-9 separated by a '.' as a decimal indicator. Leading and trailing zeroes are optional. If the fractional part is zero, the '.' and following zero(es) can be omitted. (For a complete description, see http://www.w3.org/TR/xmlschema-2/#decimal.)

Max value: 10000000 Min value: 0 Max post-decimal digits: 5
currencyConversion.payerAmount Copied to clipboard Decimal CONDITIONAL

The total amount of the transaction in the payer's currency.

You must include this field if the payer accepted the DCC offer you presented to them.

A sequence of digits 0-9 separated by a '.' as a decimal indicator. Leading and trailing zeroes are optional. If the fractional part is zero, the '.' and following zero(es) can be omitted. (For a complete description, see http://www.w3.org/TR/xmlschema-2/#decimal.)

Max value: 1000000000000 Min value: 0 Max post-decimal digits: 3
currencyConversion.payerCurrency Copied to clipboard Upper case alphabetic text CONDITIONAL

The currency of the DCC rate quote provided by your DCC Service Provider.

The currency must be expressed as an ISO 4217 alpha code, e.g. USD and must be different to that provided for transaction currency. You must include this field if the payer accepted the DCC offer you presented to them.

Data must consist of the characters A-Z

Min length: 3 Max length: 3
currencyConversion.payerExchangeRate Copied to clipboard Decimal CONDITIONAL

The exchange rate used to convert the transaction amount into the payer's currency.

The payer exchange rate includes the foreign exchange markup (marginPercentage). The payer exchange rate is displayed to the payer on the merchant site.

A sequence of digits 0-9 separated by a '.' as a decimal indicator. Leading and trailing zeroes are optional. If the fractional part is zero, the '.' and following zero(es) can be omitted. (For a complete description, see http://www.w3.org/TR/xmlschema-2/#decimal.)

Max value: 1000000000000000000 Min value: 0 Max post-decimal digits: 12
currencyConversion.provider Copied to clipboard Enumeration CONDITIONAL

This identifies the name of the provider of the DCC quote.

This data is for information purposes, and may be useful if you use multiple DCC providers.

Value must be a member of the following list. The values are case sensitive.

FEXCO
FTT
GLOBAL_PAYMENTS
IBM
TRAVELEX_CURRENCY_SELECT
UNICREDIT
currencyConversion.providerReceipt Copied to clipboard String CONDITIONAL

The quote provider's unique reference to the rate quote.

Data can consist of any characters

Min length: 1 Max length: 100
currencyConversion.uptake Copied to clipboard Enumeration ALWAYS PROVIDED

Indicates how DCC applies to the order.

If not provided, this value defaults to NOT_REQUIRED.

Value must be a member of the following list. The values are case sensitive.

ACCEPTED

The payer accepted the DCC offer and pays in their own currency. The conditions of the rate quote are applied in the processing of this transaction.

DECLINED

The payer declined the DCC offer and pays in your transaction currency.

NOT_AVAILABLE

A rate quote was requested, but no DCC offer was provided. For rate quotes via the gateway the PAYMENT_OPTION_INQUIRY response contains a currencyConversion.gatewayCode other than QUOTE_PROVIDED.

NOT_REQUIRED

DCC is not required for this transaction.

merchant Copied to clipboard Alphanumeric + additional characters ALWAYS PROVIDED

The unique identifier issued to you by your payment provider.

This identifier can be up to 12 characters in length.

Data may consist of the characters 0-9, a-z, A-Z, '-', '_'

Min length: 1 Max length: 40
response Copied to clipboard ALWAYS PROVIDED

A collection of information that is specific to responses from the API.

response.gatewayRecommendation Copied to clipboard Enumeration ALWAYS PROVIDED

Indicates if this order will be blocked by the gateway based on rules configured by you or your payment service provider when you request that a payment is processed.

This assessment is based on what the gateway currently knows about this order. Use this value to determine whether or not you should proceed with performing further operations on the order. For example, requesting an Authorize, Capture, or Pay operation.

Value must be a member of the following list. The values are case sensitive.

DO_NOT_PROCEED

Do not proceed using this card.

PROCEED

Proceed using this card.

Errors Copied to clipboard

error Copied to clipboard

Information on possible error conditions that may occur while processing an operation using the API.

error.cause Copied to clipboard Enumeration

Broadly categorizes the cause of the error.

For example, errors may occur due to invalid requests or internal system failures.

Value must be a member of the following list. The values are case sensitive.

INVALID_REQUEST

The request was rejected because it did not conform to the API protocol.

REQUEST_REJECTED

The request was rejected due to security reasons such as firewall rules, expired certificate, etc.

SERVER_BUSY

The server did not have enough resources to process the request at the moment.

SERVER_FAILED

There was an internal system failure.

error.explanation Copied to clipboard String

Textual description of the error based on the cause.

This field is returned only if the cause is INVALID_REQUEST or SERVER_BUSY.

Data can consist of any characters

Min length: 1 Max length: 1000
error.field Copied to clipboard String

Indicates the name of the field that failed validation.

This field is returned only if the cause is INVALID_REQUEST and a field level validation error was encountered.

Data can consist of any characters

Min length: 1 Max length: 100
error.supportCode Copied to clipboard String

Indicates the code that helps the support team to quickly identify the exact cause of the error.

This field is returned only if the cause is SERVER_FAILED or REQUEST_REJECTED.

Data can consist of any characters

Min length: 1 Max length: 100
error.validationType Copied to clipboard Enumeration

Indicates the type of field validation error.

This field is returned only if the cause is INVALID_REQUEST and a field level validation error was encountered.

Value must be a member of the following list. The values are case sensitive.

INVALID

The request contained a field with a value that did not pass validation.

MISSING

The request was missing a mandatory field.

UNSUPPORTED

The request contained a field that is unsupported.

result Copied to clipboard Enumeration

A system-generated high level overall result of the operation.

Value must be a member of the following list. The values are case sensitive.

ERROR

The operation resulted in an error and hence cannot be processed.